From 563f4f96f568bcdc0a04a82f89cafe3bebbe43f1 Mon Sep 17 00:00:00 2001 From: Apple Date: Fri, 15 Apr 2005 20:06:01 +0000 Subject: [PATCH] Security-222.tar.gz --- APPLE_LICENSE | 513 +- AppleCSP/AES/aesCommon.h | 42 - AppleCSP/AES/aescsp.cpp | 233 - AppleCSP/AES/aescspi.h | 101 - AppleCSP/AES/boxes-ref.c | 228 - AppleCSP/AES/boxes-ref.h | 51 - AppleCSP/AES/gladmanContext.cpp | 176 - AppleCSP/AES/gladmanContext.h | 75 - AppleCSP/AES/rijndael-alg-ref.c | 615 - AppleCSP/AES/rijndael-alg-ref.h | 82 - AppleCSP/AES/rijndaelApi.c | 276 - AppleCSP/AES/rijndaelApi.h | 119 - AppleCSP/AES/rijndaelGladman.c | 436 - AppleCSP/AES/rijndaelGladman.h | 211 - AppleCSP/AES/vRijndael-alg-ref.c | 684 - AppleCSP/AppleCSP/AppleCSP.cpp | 692 - AppleCSP/AppleCSP/AppleCSP.h | 87 - AppleCSP/AppleCSP/AppleCSPContext.cpp | 270 - AppleCSP/AppleCSP/AppleCSPContext.h | 179 - AppleCSP/AppleCSP/AppleCSPKeys.cpp | 89 - AppleCSP/AppleCSP/AppleCSPKeys.h | 118 - AppleCSP/AppleCSP/AppleCSPSession.h | 202 - AppleCSP/AppleCSP/AppleCSPUtils.cpp | 680 - AppleCSP/AppleCSP/AppleCSPUtils.h | 185 - AppleCSP/AppleCSP/BinaryKey.h | 117 - AppleCSP/AppleCSP/BlockCryptor.cpp | 609 - AppleCSP/AppleCSP/BlockCryptor.h | 181 - AppleCSP/AppleCSP/RawSigner.h | 95 - AppleCSP/AppleCSP/SignatureContext.cpp | 128 - AppleCSP/AppleCSP/SignatureContext.h | 83 - AppleCSP/AppleCSP/YarrowConnection.cpp | 48 - AppleCSP/AppleCSP/YarrowConnection.h | 46 - AppleCSP/AppleCSP/cspdebugging.c | 83 - AppleCSP/AppleCSP/cspdebugging.h | 161 - AppleCSP/AppleCSP/cssmplugin.exp | 4 - AppleCSP/AppleCSP/deriveKey.cpp | 235 - AppleCSP/AppleCSP/pkcs8.cpp | 112 - AppleCSP/AppleCSP/pkcs8.h | 42 - AppleCSP/AppleCSP/rotty.mcp | Bin 85911 -> 0 bytes AppleCSP/AppleCSP/wrapKey.cpp | 638 - AppleCSP/AppleCSP/wrapKeyCms.cpp | 468 - AppleCSP/AppleCSPPlugin.cpp | 31 - AppleCSP/BSafeCSP/algmaker.cpp | 333 - AppleCSP/BSafeCSP/bsafeAsymmetric.cpp | 87 - AppleCSP/BSafeCSP/bsafeContext.cpp | 448 - AppleCSP/BSafeCSP/bsafeKeyGen.cpp | 461 - AppleCSP/BSafeCSP/bsafePKCS1.cpp | 137 - AppleCSP/BSafeCSP/bsafePKCS1.h | 73 - AppleCSP/BSafeCSP/bsafeSymmetric.cpp | 289 - AppleCSP/BSafeCSP/bsafecsp.h | 58 - AppleCSP/BSafeCSP/bsafecspi.h | 463 - AppleCSP/BSafeCSP/bsobjects.h | 64 - AppleCSP/BSafeCSP/memory.cpp | 53 - AppleCSP/BSafeCSP/miscalgorithms.cpp | 152 - AppleCSP/BSafeCSP/test/t-dsa.cpp | 143 - AppleCSP/BSafeCSP/test/t-rsa.cpp | 129 - AppleCSP/BSafeCSP/test/t.cpp | 113 - AppleCSP/CVSVersionInfo.txt | 5 - AppleCSP/ComCryption/ascContext.cpp | 373 - AppleCSP/ComCryption/ascContext.h | 61 - AppleCSP/ComCryption/ascFactory.h | 34 - AppleCSP/CryptKitCSP/CryptKitAsn1.cpp | 81 - AppleCSP/CryptKitCSP/CryptKitAsn1.h | 133 - AppleCSP/CryptKitCSP/CryptKitDER.cpp | 745 - AppleCSP/CryptKitCSP/CryptKitSpace.h | 37 - AppleCSP/CryptKitCSP/FEEAsymmetricContext.cpp | 439 - AppleCSP/CryptKitCSP/FEEAsymmetricContext.h | 126 - AppleCSP/CryptKitCSP/FEECSPUtils.cpp | 249 - AppleCSP/CryptKitCSP/FEECSPUtils.h | 92 - AppleCSP/CryptKitCSP/FEEKeys.cpp | 366 - AppleCSP/CryptKitCSP/FEEKeys.h | 117 - AppleCSP/CryptKitCSP/FEESignatureObject.cpp | 242 - AppleCSP/CryptKitCSP/FEESignatureObject.h | 147 - AppleCSP/CryptKitCSP/cryptkitcsp.cpp | 175 - AppleCSP/CryptKitCSP/cryptkitcsp.h | 59 - AppleCSP/DiffieHellman/DH_csp.cpp | 71 - AppleCSP/DiffieHellman/DH_csp.h | 53 - AppleCSP/DiffieHellman/DH_exchange.cpp | 119 - AppleCSP/DiffieHellman/DH_exchange.h | 34 - AppleCSP/DiffieHellman/DH_keys.cpp | 533 - AppleCSP/DiffieHellman/DH_keys.h | 149 - AppleCSP/DiffieHellman/DH_utils.cpp | 176 - AppleCSP/DiffieHellman/DH_utils.h | 75 - AppleCSP/MiscCSPAlgs/DES.c | 548 - AppleCSP/MiscCSPAlgs/DES.h | 65 - AppleCSP/MiscCSPAlgs/DigestContext.cpp | 58 - AppleCSP/MiscCSPAlgs/DigestContext.h | 52 - AppleCSP/MiscCSPAlgs/MD2Object.cpp | 61 - AppleCSP/MiscCSPAlgs/MD2Object.h | 47 - AppleCSP/MiscCSPAlgs/MD5.c | 362 - AppleCSP/MiscCSPAlgs/MD5.h | 68 - AppleCSP/MiscCSPAlgs/MacContext.cpp | 188 - AppleCSP/MiscCSPAlgs/MacContext.h | 100 - AppleCSP/MiscCSPAlgs/NullCryptor.h | 88 - AppleCSP/MiscCSPAlgs/SHA1.c | 176 - AppleCSP/MiscCSPAlgs/SHA1.h | 76 - AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp | 146 - AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h | 70 - AppleCSP/MiscCSPAlgs/SHA1_priv.c | 313 - AppleCSP/MiscCSPAlgs/SHA1_priv.h | 54 - AppleCSP/MiscCSPAlgs/bfContext.cpp | 119 - AppleCSP/MiscCSPAlgs/bfContext.h | 80 - AppleCSP/MiscCSPAlgs/castContext.cpp | 120 - AppleCSP/MiscCSPAlgs/castContext.h | 93 - AppleCSP/MiscCSPAlgs/desContext.cpp | 214 - AppleCSP/MiscCSPAlgs/desContext.h | 93 - AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp | 346 - AppleCSP/MiscCSPAlgs/miscAlgFactory.h | 47 - AppleCSP/MiscCSPAlgs/pkcs12Derive.cpp | 430 - AppleCSP/MiscCSPAlgs/pkcs12Derive.h | 47 - AppleCSP/MiscCSPAlgs/platform.h | 61 - AppleCSP/MiscCSPAlgs/rc2Context.cpp | 122 - AppleCSP/MiscCSPAlgs/rc2Context.h | 57 - AppleCSP/MiscCSPAlgs/rc4Context.cpp | 95 - AppleCSP/MiscCSPAlgs/rc4Context.h | 62 - AppleCSP/MiscCSPAlgs/rc5Context.cpp | 120 - AppleCSP/MiscCSPAlgs/rc5Context.h | 56 - AppleCSP/PBKDF2/HMACSHA1.c | 143 - AppleCSP/PBKDF2/HMACSHA1.h | 75 - AppleCSP/PBKDF2/pbkdDigest.cpp | 82 - AppleCSP/PBKDF2/pbkdDigest.h | 67 - AppleCSP/PBKDF2/pbkdf2.c | 100 - AppleCSP/PBKDF2/pbkdf2.h | 79 - AppleCSP/RSA_DSA/RSA_DSA_csp.cpp | 195 - AppleCSP/RSA_DSA/RSA_DSA_csp.h | 53 - AppleCSP/RSA_DSA/RSA_DSA_keys.cpp | 761 - AppleCSP/RSA_DSA/RSA_DSA_keys.h | 220 - AppleCSP/RSA_DSA/RSA_DSA_signature.cpp | 378 - AppleCSP/RSA_DSA/RSA_DSA_signature.h | 135 - AppleCSP/RSA_DSA/RSA_DSA_utils.cpp | 454 - AppleCSP/RSA_DSA/RSA_DSA_utils.h | 118 - AppleCSP/RSA_DSA/RSA_asymmetric.cpp | 194 - AppleCSP/RSA_DSA/RSA_asymmetric.h | 74 - AppleCSP/TODO | 1 - AppleCSP/csp_capabilities.mdsinfo | 18 - AppleCSP/csp_capabilities_common.mds | 741 - AppleCSP/csp_common.mdsinfo | 28 - AppleCSP/csp_primary.mdsinfo | 36 - AppleCSP/open_ssl/LICENSE | 60 - AppleCSP/open_ssl/bf/COPYRIGHT | 46 - AppleCSP/open_ssl/bf/README | 8 - AppleCSP/open_ssl/bf/bf_ecb.c | 96 - AppleCSP/open_ssl/bf/bf_enc.c | 306 - AppleCSP/open_ssl/bf/bf_locl.h | 232 - AppleCSP/open_ssl/bf/bf_pi.h | 325 - AppleCSP/open_ssl/bf/bf_skey.c | 116 - AppleCSP/open_ssl/bio/bio_lib.c | 552 - AppleCSP/open_ssl/bio/bss_file.c | 328 - AppleCSP/open_ssl/bn/bn_add.c | 325 - AppleCSP/open_ssl/bn/bn_asm.c | 855 - AppleCSP/open_ssl/bn/bn_blind.c | 162 - AppleCSP/open_ssl/bn/bn_ctx.c | 162 - AppleCSP/open_ssl/bn/bn_div.c | 398 - AppleCSP/open_ssl/bn/bn_err.c | 140 - AppleCSP/open_ssl/bn/bn_exp.c | 901 - AppleCSP/open_ssl/bn/bn_exp2.c | 217 - AppleCSP/open_ssl/bn/bn_gcd.c | 228 - AppleCSP/open_ssl/bn/bn_lcl.h | 419 - AppleCSP/open_ssl/bn/bn_lib.c | 778 - AppleCSP/open_ssl/bn/bn_mont.c | 357 - AppleCSP/open_ssl/bn/bn_mpi.c | 147 - AppleCSP/open_ssl/bn/bn_mul.c | 812 - AppleCSP/open_ssl/bn/bn_prime.c | 483 - AppleCSP/open_ssl/bn/bn_prime.h | 343 - AppleCSP/open_ssl/bn/bn_print.c | 350 - AppleCSP/open_ssl/bn/bn_rand.c | 223 - AppleCSP/open_ssl/bn/bn_recp.c | 238 - AppleCSP/open_ssl/bn/bn_shift.c | 218 - AppleCSP/open_ssl/bn/bn_sqr.c | 306 - AppleCSP/open_ssl/bn/bn_word.c | 212 - AppleCSP/open_ssl/bn/bnspeed.c | 251 - AppleCSP/open_ssl/bn/bntest.c | 1096 - AppleCSP/open_ssl/bn/divtest.c | 59 - AppleCSP/open_ssl/bn/exp.c | 80 - AppleCSP/open_ssl/bn/expspeed.c | 233 - AppleCSP/open_ssl/bn/exptest.c | 205 - AppleCSP/open_ssl/bn/vms-helper.c | 84 - AppleCSP/open_ssl/buffer/buf_err.c | 113 - AppleCSP/open_ssl/buffer/buffer.c | 162 - AppleCSP/open_ssl/cast/c_ecb.c | 80 - AppleCSP/open_ssl/cast/c_enc.c | 210 - AppleCSP/open_ssl/cast/c_skey.c | 166 - AppleCSP/open_ssl/cast/cast_lcl.h | 239 - AppleCSP/open_ssl/cast/cast_s.h | 585 - AppleCSP/open_ssl/cryptlib.c | 350 - AppleCSP/open_ssl/cryptlib.h | 114 - AppleCSP/open_ssl/dh/dh_check.c | 137 - AppleCSP/open_ssl/dh/dh_err.c | 116 - AppleCSP/open_ssl/dh/dh_gen.c | 170 - AppleCSP/open_ssl/dh/dh_key.c | 230 - AppleCSP/open_ssl/dh/dh_lib.c | 203 - AppleCSP/open_ssl/dsa/dsa_asn1.c | 120 - AppleCSP/open_ssl/dsa/dsa_err.c | 124 - AppleCSP/open_ssl/dsa/dsa_gen.c | 312 - AppleCSP/open_ssl/dsa/dsa_key.c | 129 - AppleCSP/open_ssl/dsa/dsa_lib.c | 266 - AppleCSP/open_ssl/dsa/dsa_ossl.c | 339 - AppleCSP/open_ssl/dsa/dsa_sign.c | 112 - AppleCSP/open_ssl/dsa/dsa_vrf.c | 114 - AppleCSP/open_ssl/err/err.c | 781 - AppleCSP/open_ssl/err/err_prn.c | 123 - AppleCSP/open_ssl/ex_data.c | 241 - AppleCSP/open_ssl/lhash/lhash.c | 479 - AppleCSP/open_ssl/mem.c | 279 - AppleCSP/open_ssl/misc/md2_dgst.c | 223 - AppleCSP/open_ssl/misc/rc2_cbc.c | 256 - AppleCSP/open_ssl/misc/rc2_locl.h | 174 - AppleCSP/open_ssl/misc/rc2_skey.c | 156 - AppleCSP/open_ssl/misc/rc4_enc.c | 332 - AppleCSP/open_ssl/misc/rc4_skey.c | 140 - AppleCSP/open_ssl/misc/rc5_enc.c | 243 - AppleCSP/open_ssl/misc/rc5_locl.h | 205 - AppleCSP/open_ssl/misc/rc5_skey.c | 131 - AppleCSP/open_ssl/openssl/asn1.h | 1085 - AppleCSP/open_ssl/openssl/bio.h | 685 - AppleCSP/open_ssl/openssl/blowfish.h | 129 - AppleCSP/open_ssl/openssl/bn.h | 536 - AppleCSP/open_ssl/openssl/buffer.h | 116 - AppleCSP/open_ssl/openssl/cast.h | 103 - AppleCSP/open_ssl/openssl/crypto.h | 391 - AppleCSP/open_ssl/openssl/dh.h | 221 - AppleCSP/open_ssl/openssl/dsa.h | 259 - AppleCSP/open_ssl/openssl/e_os.h | 464 - AppleCSP/open_ssl/openssl/e_os2.h | 56 - AppleCSP/open_ssl/openssl/err.h | 285 - AppleCSP/open_ssl/openssl/evp.h | 761 - AppleCSP/open_ssl/openssl/lhash.h | 163 - AppleCSP/open_ssl/openssl/md2.h | 91 - AppleCSP/open_ssl/openssl/objects.h | 1050 - AppleCSP/open_ssl/openssl/openssl_pkcs7.h | 516 - AppleCSP/open_ssl/openssl/opensslconf.h | 111 - AppleCSP/open_ssl/openssl/opensslv.h | 50 - AppleCSP/open_ssl/openssl/rand.h | 135 - AppleCSP/open_ssl/openssl/rc2.h | 123 - AppleCSP/open_ssl/openssl/rc4.h | 109 - AppleCSP/open_ssl/openssl/rc5.h | 150 - AppleCSP/open_ssl/openssl/rsa.h | 356 - AppleCSP/open_ssl/openssl/safestack.h | 147 - AppleCSP/open_ssl/openssl/sha.h | 137 - AppleCSP/open_ssl/openssl/stack.h | 125 - AppleCSP/open_ssl/openssl/x509.h | 1222 -- AppleCSP/open_ssl/openssl/x509_vfy.h | 380 - .../open_ssl/opensslUtils/opensslAsn1.cpp | 1686 -- AppleCSP/open_ssl/opensslUtils/opensslAsn1.h | 156 - .../open_ssl/opensslUtils/opensslUtils.cpp | 218 - AppleCSP/open_ssl/opensslUtils/opensslUtils.h | 63 - .../open_ssl/opensslUtils/osKeyTemplates.cpp | 140 - .../open_ssl/opensslUtils/osKeyTemplates.h | 187 - AppleCSP/open_ssl/rsa/rsa_chk.c | 202 - AppleCSP/open_ssl/rsa/rsa_eay.c | 513 - AppleCSP/open_ssl/rsa/rsa_err.c | 166 - AppleCSP/open_ssl/rsa/rsa_gen.c | 216 - AppleCSP/open_ssl/rsa/rsa_lib.c | 351 - AppleCSP/open_ssl/rsa/rsa_none.c | 116 - AppleCSP/open_ssl/rsa/rsa_null.c | 167 - AppleCSP/open_ssl/rsa/rsa_pk1.c | 242 - AppleCSP/open_ssl/rsa/rsa_saos.c | 162 - AppleCSP/open_ssl/rsa/rsa_sign.c | 239 - AppleCSP/open_ssl/rsa/rsa_ssl.c | 172 - AppleCSP/open_ssl/stack/stack.c | 329 - AppleCSPDL/AppleCSPDLPlugin.cpp | 31 - AppleCSPDL/CSPDLDatabase.cpp | 36 - AppleCSPDL/CSPDLDatabase.h | 40 - AppleCSPDL/CSPDLPlugin.cpp | 78 - AppleCSPDL/CSPDLPlugin.h | 56 - AppleCSPDL/CVSVersionInfo.txt | 5 - AppleCSPDL/KeySchema.h | 64 - AppleCSPDL/KeySchema.m4 | 137 - AppleCSPDL/SSCSPDLSession.cpp | 219 - AppleCSPDL/SSCSPDLSession.h | 55 - AppleCSPDL/SSCSPSession.cpp | 610 - AppleCSPDL/SSCSPSession.h | 173 - AppleCSPDL/SSContext.cpp | 582 - AppleCSPDL/SSContext.h | 168 - AppleCSPDL/SSDLSession.cpp | 662 - AppleCSPDL/SSDLSession.h | 160 - AppleCSPDL/SSDatabase.cpp | 238 - AppleCSPDL/SSDatabase.h | 136 - AppleCSPDL/SSFactory.cpp | 82 - AppleCSPDL/SSFactory.h | 39 - AppleCSPDL/SSKey.cpp | 347 - AppleCSPDL/SSKey.h | 87 - AppleCSPDL/cspdl_common.mdsinfo | 28 - AppleCSPDL/cspdl_csp_capabilities.mdsinfo | 18 - AppleCSPDL/cspdl_csp_primary.mdsinfo | 61 - AppleCSPDL/cspdl_dl_primary.mdsinfo | 73 - AppleCSPDL/cssmplugin.exp | 4 - AppleDL/AppleCSPDL.mcp | Bin 28375 -> 0 bytes AppleDL/AppleDLPlugin.cpp | 31 - AppleDL/AppleFileDL.cpp | 81 - AppleDL/AppleFileDL.h | 46 - AppleDL/CVSVersionInfo.txt | 5 - AppleDL/FORMAT | 153 - AppleDL/ISSUES | 61 - AppleDL/TODO | 49 - AppleDL/cssmplugin.exp | 4 - AppleDL/dl_common.mdsinfo | 28 - AppleDL/dl_primary.mdsinfo | 48 - AppleX509CL/AppleX509CL.cpp | 63 - AppleX509CL/AppleX509CL.h | 48 - AppleX509CL/AppleX509CLPlugin.cpp | 31 - AppleX509CL/AppleX509CLSession.cpp | 87 - AppleX509CL/AppleX509CLSession.h | 321 - AppleX509CL/CLCachedEntry.cpp | 67 - AppleX509CL/CLCachedEntry.h | 130 - AppleX509CL/CLCertExtensions.cpp | 853 - AppleX509CL/CLCertExtensions.h | 60 - AppleX509CL/CLCrlExtensions.cpp | 143 - AppleX509CL/CLCrlExtensions.h | 49 - AppleX509CL/CLFieldsCommon.cpp | 479 - AppleX509CL/CLFieldsCommon.h | 147 - AppleX509CL/CSPAttacher.cpp | 179 - AppleX509CL/CSPAttacher.h | 47 - AppleX509CL/CVSVersionInfo.txt | 5 - AppleX509CL/CertFields.cpp | 845 - AppleX509CL/CrlFields.cpp | 725 - AppleX509CL/DecodedCert.cpp | 221 - AppleX509CL/DecodedCert.h | 119 - AppleX509CL/DecodedCrl.cpp | 115 - AppleX509CL/DecodedCrl.h | 107 - AppleX509CL/DecodedExtensions.cpp | 462 - AppleX509CL/DecodedExtensions.h | 156 - AppleX509CL/DecodedItem.cpp | 99 - AppleX509CL/DecodedItem.h | 231 - AppleX509CL/LockedMap.h | 93 - AppleX509CL/Session_CRL.cpp | 436 - AppleX509CL/Session_CSR.cpp | 217 - AppleX509CL/Session_Cert.cpp | 409 - AppleX509CL/Session_Crypto.cpp | 342 - AppleX509CL/TODO | 1 - AppleX509CL/clNameUtils.cpp | 741 - AppleX509CL/clNameUtils.h | 121 - AppleX509CL/clNssUtils.cpp | 997 - AppleX509CL/clNssUtils.h | 203 - AppleX509CL/cl_common.mdsinfo | 28 - AppleX509CL/cl_primary.mdsinfo | 38 - AppleX509CL/cldebugging.h | 38 - AppleX509CL/cssmplugin.exp | 4 - AppleX509TP/AppleTP.cpp | 62 - AppleX509TP/AppleTP.h | 48 - AppleX509TP/AppleTPSession.cpp | 305 - AppleX509TP/AppleTPSession.h | 257 - AppleX509TP/AppleX509TPPlugin.cpp | 31 - AppleX509TP/CVSVersionInfo.txt | 5 - AppleX509TP/TPCertInfo.cpp | 1422 -- AppleX509TP/TPCertInfo.h | 484 - AppleX509TP/TPCrlInfo.cpp | 723 - AppleX509TP/TPCrlInfo.h | 229 - AppleX509TP/TPDatabase.cpp | 706 - AppleX509TP/TPDatabase.h | 70 - AppleX509TP/TPNetwork.cpp | 534 - AppleX509TP/TPNetwork.h | 64 - AppleX509TP/certGroupUtils.cpp | 566 - AppleX509TP/certGroupUtils.h | 115 - AppleX509TP/cssmplugin.exp | 4 - AppleX509TP/iSignRootCerts.c | 222 - AppleX509TP/rootCerts.cpp | 302 - AppleX509TP/rootCerts.h | 94 - AppleX509TP/sslRootCerts.c | 1429 -- AppleX509TP/tpCertGroup.cpp | 677 - AppleX509TP/tpCredRequest.cpp | 787 - AppleX509TP/tpCrlVerify.cpp | 350 - AppleX509TP/tpCrlVerify.h | 140 - AppleX509TP/tpPolicies.cpp | 1344 -- AppleX509TP/tpPolicies.h | 73 - AppleX509TP/tpTime.c | 352 - AppleX509TP/tpTime.h | 97 - AppleX509TP/tp_common.mdsinfo | 28 - AppleX509TP/tp_policyOids.mdsinfo | 46 - AppleX509TP/tp_primary.mdsinfo | 34 - AppleX509TP/tpdebugging.h | 53 - CdsaUtils/cuCdsaUtils.cpp | 683 - CdsaUtils/cuCdsaUtils.h | 151 - CdsaUtils/cuDbUtils.cpp | 559 - CdsaUtils/cuDbUtils.h | 71 - CdsaUtils/cuEnc64.c | 392 - CdsaUtils/cuEnc64.h | 67 - CdsaUtils/cuFileIo.c | 113 - CdsaUtils/cuFileIo.h | 41 - CdsaUtils/cuOidParser.cpp | 314 - CdsaUtils/cuOidParser.h | 62 - CdsaUtils/cuPem.cpp | 198 - CdsaUtils/cuPem.h | 50 - CdsaUtils/cuPrintCert.cpp | 1372 -- CdsaUtils/cuPrintCert.h | 64 - CdsaUtils/cuTimeStr.cpp | 283 - CdsaUtils/cuTimeStr.h | 74 - CertTool/CertTool.cpp | 1581 -- CertTool/CertTool.html | 1 - CertTool/CertUI.cpp | 447 - CertTool/CertUI.h | 112 - CertTool/certtool.1 | 436 - CertTool/dumpasn1.cfg | 2925 --- CrlRefresh/crlRefresh.cpp | 1202 -- CrlRefresh/ldapFetch.cpp | 272 - CrlRefresh/ldapFetch.h | 50 - Documentation/AppleCL_Spec.doc | Bin 108032 -> 0 bytes Documentation/AppleTP_Spec.doc | Bin 51200 -> 0 bytes Documentation/Supported_CSP_Algorithms.doc | Bin 190464 -> 0 bytes Keychain/ACL.cpp | 413 - Keychain/ACL.h | 148 - Keychain/Access.cpp | 347 - Keychain/Access.h | 128 - Keychain/CCallbackMgr.cp | 224 - Keychain/CCallbackMgr.h | 95 - Keychain/Certificate.cpp | 884 - Keychain/Certificate.h | 121 - Keychain/CertificateRequest.cpp | 31 - Keychain/CertificateRequest.h | 49 - Keychain/Certificates.cpp | 114 - Keychain/DLDBListCFPref.cpp | 842 - Keychain/DLDBListCFPref.h | 199 - Keychain/ExecCLITool.cpp | 313 - Keychain/ExecCLITool.h | 93 - Keychain/FileVaultSPI.cpp | 148 - Keychain/FileVaultSPI.h | 152 - Keychain/Globals.cpp | 51 - Keychain/Globals.h | 62 - Keychain/Identity.cpp | 64 - Keychain/Identity.h | 57 - Keychain/IdentityCursor.cpp | 110 - Keychain/IdentityCursor.h | 62 - Keychain/Item.cpp | 1111 - Keychain/Item.h | 148 - Keychain/KCCursor.cpp | 207 - Keychain/KCCursor.h | 76 - Keychain/KCEventNotifier.cpp | 86 - Keychain/KCEventNotifier.h | 53 - Keychain/KCEventObserver.cpp | 58 - Keychain/KCEventObserver.h | 46 - Keychain/KCExceptions.h | 90 - Keychain/KCUtilities.cpp | 99 - Keychain/KCUtilities.h | 66 - Keychain/KeyItem.cpp | 759 - Keychain/KeyItem.h | 107 - Keychain/Keychains.cpp | 702 - Keychain/Keychains.h | 206 - Keychain/Policies.cpp | 47 - Keychain/Policies.h | 72 - Keychain/PolicyCursor.cpp | 88 - Keychain/PolicyCursor.h | 81 - Keychain/PrimaryKey.cpp | 127 - Keychain/PrimaryKey.h | 68 - Keychain/RootCertBlobs.h | 1413 -- Keychain/SFFileVault.cpp | 408 - Keychain/SFFileVault.h | 60 - Keychain/Schema.h | 94 - Keychain/Schema.m4 | 418 - Keychain/SecACL.cpp | 175 - Keychain/SecACL.h | 119 - Keychain/SecAccess.cpp | 108 - Keychain/SecAccess.h | 105 - Keychain/SecAccessPriv.h | 56 - Keychain/SecBase.h | 249 - Keychain/SecBridge.h | 49 - Keychain/SecCFTypes.cpp | 176 - Keychain/SecCFTypes.h | 122 - Keychain/SecCertificate.cpp | 269 - Keychain/SecCertificate.h | 151 - Keychain/SecCertificateBundle.cpp | 51 - Keychain/SecCertificateBundle.h | 71 - Keychain/SecCertificatePriv.h | 91 - Keychain/SecCertificateRequest.cpp | 128 - Keychain/SecCertificateRequest.h | 138 - Keychain/SecFileVaultCert.cpp | 564 - Keychain/SecFileVaultCert.h | 147 - Keychain/SecIdentity.cpp | 77 - Keychain/SecIdentity.h | 66 - Keychain/SecIdentityPriv.h | 34 - Keychain/SecIdentitySearch.cpp | 70 - Keychain/SecIdentitySearch.h | 72 - Keychain/SecKey.cpp | 224 - Keychain/SecKey.h | 87 - Keychain/SecKeyPriv.h | 148 - Keychain/SecKeychain.cpp | 872 - Keychain/SecKeychain.h | 623 - Keychain/SecKeychainAPI.cpp | 85 - Keychain/SecKeychainAPI.h | 53 - Keychain/SecKeychainAPIPriv.h | 114 - Keychain/SecKeychainAddIToolsPassword.c | 195 - Keychain/SecKeychainItem.cpp | 271 - Keychain/SecKeychainItem.h | 304 - Keychain/SecKeychainSearch.cpp | 68 - Keychain/SecKeychainSearch.h | 64 - Keychain/SecPolicy.cpp | 71 - Keychain/SecPolicy.h | 72 - Keychain/SecPolicyPriv.h | 48 - Keychain/SecPolicySearch.cpp | 65 - Keychain/SecPolicySearch.h | 71 - Keychain/SecRuntime.cpp | 112 - Keychain/SecRuntime.h | 189 - Keychain/SecTrust.cpp | 214 - Keychain/SecTrust.h | 206 - Keychain/SecTrustPriv.h | 58 - Keychain/SecTrustedApplication.cpp | 142 - Keychain/SecTrustedApplication.h | 76 - Keychain/SecTrustedApplicationPriv.h | 77 - Keychain/Security.h | 64 - Keychain/StorageManager.cpp | 1149 - Keychain/StorageManager.h | 156 - Keychain/Trust.cpp | 367 - Keychain/Trust.h | 118 - Keychain/TrustItem.cpp | 176 - Keychain/TrustItem.h | 82 - Keychain/TrustStore.cpp | 239 - Keychain/TrustStore.h | 74 - Keychain/TrustedApplication.cpp | 168 - Keychain/TrustedApplication.h | 94 - Keychain/cssmdatetime.cpp | 276 - Keychain/cssmdatetime.h | 49 - Keychain/generateErrStrings.pl | 83 - Keychain/iToolsTrustedApps.plist | 18 - Keychain/srCdsaUtils.cpp | 553 - Keychain/srCdsaUtils.h | 159 - Network/connectionpool.cpp | 94 - Network/connectionpool.h | 59 - Network/file-protocol.cpp | 139 - Network/file-protocol.h | 76 - Network/ftp-protocol.cpp | 582 - Network/ftp-protocol.h | 204 - Network/ftp-proxy-protocol.cpp | 57 - Network/ftp-proxy-protocol.h | 59 - Network/http-protocol.cpp | 523 - Network/http-protocol.h | 165 - Network/http-proxy-protocol.cpp | 57 - Network/http-proxy-protocol.h | 56 - Network/https-protocol.cpp | 209 - Network/https-protocol.h | 109 - Network/https-proxy-protocol.cpp | 210 - Network/https-proxy-protocol.h | 95 - Network/multiobserver.cpp | 70 - Network/multiobserver.h | 63 - Network/netconnection.cpp | 215 - Network/netconnection.h | 155 - Network/neterror.cpp | 41 - Network/neterror.h | 50 - Network/netmanager.cpp | 294 - Network/netmanager.h | 144 - Network/netparameters.h | 77 - Network/networkchooser.cpp | 91 - Network/networkchooser.h | 75 - Network/observer.cpp | 37 - Network/observer.h | 84 - Network/parameters.cpp | 44 - Network/parameters.h | 120 - Network/protocol.cpp | 72 - Network/protocol.h | 76 - Network/simplemanager.cpp | 55 - Network/simplemanager.h | 58 - Network/target.cpp | 116 - Network/target.h | 101 - Network/transfer.cpp | 149 - Network/transfer.h | 148 - Network/xfercore.cpp | 430 - Network/xfercore.h | 142 - README | 29 + README.txt | 19 - SecureTransport/CVSVersionInfo.txt | 5 - SecureTransport/ModuleAttacher.cpp | 259 - SecureTransport/ModuleAttacher.h | 49 - SecureTransport/README | 45 - .../SecureTransport.pbproj/project.pbxproj | 1348 -- SecureTransport/SecureTransport/CipherSuite.h | 81 - .../SecureTransport/SecureTransport.h | 770 - SecureTransport/appleCdsa.cpp | 1617 -- SecureTransport/appleSession.cpp | 500 - SecureTransport/cipherSpecs.cpp | 621 - .../privateInc/SecureTransportPriv.h | 109 - SecureTransport/privateInc/appleCdsa.h | 223 - SecureTransport/privateInc/appleSession.h | 56 - SecureTransport/privateInc/cipherSpecs.h | 57 - SecureTransport/privateInc/cryptType.h | 188 - SecureTransport/privateInc/ssl.h | 39 - SecureTransport/privateInc/ssl2.h | 94 - SecureTransport/privateInc/sslAlertMessage.h | 85 - SecureTransport/privateInc/sslBER.h | 86 - SecureTransport/privateInc/sslBuildFlags.h | 74 - SecureTransport/privateInc/sslContext.h | 254 - SecureTransport/privateInc/sslDebug.h | 85 - SecureTransport/privateInc/sslDigests.h | 70 - SecureTransport/privateInc/sslHandshake.h | 140 - SecureTransport/privateInc/sslKeychain.h | 62 - SecureTransport/privateInc/sslMemory.h | 73 - SecureTransport/privateInc/sslPriv.h | 90 - SecureTransport/privateInc/sslRecord.h | 70 - SecureTransport/privateInc/sslSession.h | 55 - SecureTransport/privateInc/sslUtils.h | 97 - SecureTransport/privateInc/symCipher.h | 67 - SecureTransport/privateInc/tls_hmac.h | 107 - SecureTransport/privateInc/tls_ssl.h | 135 - SecureTransport/secureTransport.exp | 21 - SecureTransport/securetransport++.cpp | 307 - SecureTransport/securetransport++.h | 112 - SecureTransport/ssl2CipherMap.cpp | 36 - SecureTransport/ssl2Message.cpp | 768 - SecureTransport/ssl2Protocol.cpp | 463 - SecureTransport/ssl2Record.cpp | 415 - SecureTransport/ssl3Callouts.cpp | 716 - SecureTransport/sslAlertMessage.cpp | 403 - SecureTransport/sslBER.cpp | 201 - SecureTransport/sslBER_Dummy.cpp | 51 - SecureTransport/sslCert.cpp | 442 - SecureTransport/sslChangeCipher.cpp | 105 - SecureTransport/sslContext.cpp | 1226 -- SecureTransport/sslDigests.cpp | 328 - SecureTransport/sslHandshake.cpp | 847 - SecureTransport/sslHandshakeFinish.cpp | 164 - SecureTransport/sslHandshakeHello.cpp | 374 - SecureTransport/sslKeyExchange.cpp | 1376 -- SecureTransport/sslKeychain.cpp | 221 - SecureTransport/sslMemory.cpp | 160 - SecureTransport/sslNullCipher.cpp | 80 - SecureTransport/sslRecord.cpp | 267 - SecureTransport/sslSession.cpp | 264 - SecureTransport/sslTransport.cpp | 544 - SecureTransport/sslUtils.cpp | 301 - SecureTransport/symCipher.cpp | 352 - SecureTransport/tls1Callouts.cpp | 688 - SecureTransport/tls_hmac.cpp | 319 - Security.exp | 79 - Security.order | 6655 ------ Security.pbproj/project.pbxproj | 17797 ---------------- Security.xcode/project.pbxproj | 2997 +++ Security.xcode/stuartha.mode1 | 1255 ++ Security.xcode/stuartha.pbxuser | 121 + SecurityServer/AZNTest.cpp | 77 - SecurityServer/Authorization/AuthSession.h | 188 - .../Authorization/Authorization.cpp | 371 - SecurityServer/Authorization/Authorization.h | 420 - .../Authorization/AuthorizationDB.h | 154 - .../Authorization/AuthorizationDBPlist.cpp | 378 - .../Authorization/AuthorizationDBPlist.h | 62 - .../Authorization/AuthorizationData.cpp | 422 - .../Authorization/AuthorizationData.h | 251 - .../Authorization/AuthorizationEngine.cpp | 320 - .../Authorization/AuthorizationEngine.h | 104 - .../Authorization/AuthorizationPlugin.h | 225 - .../Authorization/AuthorizationPriv.h | 171 - .../Authorization/AuthorizationRule.cpp | 1218 -- .../Authorization/AuthorizationRule.h | 145 - .../Authorization/AuthorizationTags.h | 75 - .../Authorization/AuthorizationTrampoline.cpp | 130 - .../Authorization/AuthorizationWalkers.h | 79 - .../Authorization/authorization.plist | 516 - SecurityServer/Authorization/privPort.h | 53 - .../Authorization/privPortClient.cpp | 170 - .../Authorization/privPortServer.cpp | 191 - .../Authorization/trampolineClient.cpp | 218 - .../Authorization/trampolineServer.cpp | 62 - SecurityServer/BLOBFORMAT | 64 - SecurityServer/CVSVersionInfo.txt | 5 - SecurityServer/Makefile | 39 - SecurityServer/Makefile.startup | 60 - SecurityServer/SecurityAgentClient.cpp | 770 - SecurityServer/SecurityAgentClient.h | 238 - SecurityServer/SecurityServer.order | 265 - SecurityServer/SecurityServerClient.h | 24 - .../English.lproj/InfoPlist.strings | 6 - .../English.lproj/MainMenu.nib/classes.nib | Bin 316 -> 0 bytes .../English.lproj/MainMenu.nib/objects.nib | Bin 2226 -> 0 bytes .../SettingsDialog/SecuritySettings.icns | Bin 38637 -> 0 bytes .../SecuritySettings.pbproj/project.pbxproj | 336 - .../SettingsDialog/SettingsWindow.h | 29 - .../SettingsDialog/SettingsWindow.m | 53 - SecurityServer/SettingsDialog/main.m | 5 - .../StartupItems/CodeEquivalenceCandidates | 33 - .../StartupItems/Localizable.strings | 11 - SecurityServer/StartupItems/SecurityServer | 32 - .../StartupItems/StartupParameters.plist | 10 - SecurityServer/TODO | 1 - SecurityServer/acl_keychain.cpp | 247 - SecurityServer/acl_keychain.h | 70 - SecurityServer/acls.cpp | 104 - SecurityServer/acls.h | 85 - SecurityServer/agentquery.cpp | 330 - SecurityServer/agentquery.h | 159 - SecurityServer/authority.cpp | 269 - SecurityServer/authority.h | 125 - SecurityServer/cfnotifier.cpp | 63 - SecurityServer/cfnotifier.h | 41 - SecurityServer/codesigdb.cpp | 381 - SecurityServer/codesigdb.h | 101 - SecurityServer/connection.cpp | 393 - SecurityServer/connection.h | 129 - SecurityServer/dbcrypto.cpp | 469 - SecurityServer/dbcrypto.h | 81 - SecurityServer/dictionary.cpp | 273 - SecurityServer/dictionary.h | 90 - SecurityServer/entropy.cpp | 135 - SecurityServer/entropy.h | 59 - SecurityServer/eventlistener.cpp | 118 - SecurityServer/eventlistener.h | 41 - SecurityServer/flippers.cpp | 79 - SecurityServer/flippers.h | 84 - SecurityServer/generate.cf | 42 - SecurityServer/generate.pl | 71 - SecurityServer/key.cpp | 289 - SecurityServer/key.h | 119 - SecurityServer/main.cpp | 283 - SecurityServer/notifications.cpp | 108 - SecurityServer/notifications.h | 82 - SecurityServer/process.cpp | 261 - SecurityServer/process.h | 109 - SecurityServer/secagent.defs | 137 - SecurityServer/secagent_types.h | 62 - SecurityServer/securityserver.h | 52 - SecurityServer/server.cpp | 347 - SecurityServer/server.h | 142 - SecurityServer/session.cpp | 485 - SecurityServer/session.h | 184 - SecurityServer/ssblob.cpp | 57 - SecurityServer/ssblob.h | 204 - SecurityServer/ssclient.cpp | 188 - SecurityServer/ssclient.h | 369 - SecurityServer/sstransit.cpp | 826 - SecurityServer/sstransit.h | 126 - SecurityServer/systemkeychain.cpp | 373 - SecurityServer/tests/AZNTest.cpp | 77 - SecurityServer/tests/auth.plist | 19 - SecurityServer/tests/exectest.cpp | 114 - SecurityServer/tests/testacls.cpp | 403 - SecurityServer/tests/testauth.cpp | 126 - SecurityServer/tests/testblobs.cpp | 282 - SecurityServer/tests/testclient.cpp | 281 - SecurityServer/tests/testclient.h | 69 - SecurityServer/tests/testcrypto.cpp | 184 - SecurityServer/tests/testutils.cpp | 240 - SecurityServer/tests/testutils.h | 90 - SecurityServer/transition.cpp | 853 - SecurityServer/transwalkers.cpp | 82 - SecurityServer/transwalkers.h | 240 - SecurityServer/ucsp.defs | 293 - SecurityServer/ucspNotify.defs | 25 - SecurityServer/ucsp_types.h | 82 - SecurityServer/xdatabase.cpp | 908 - SecurityServer/xdatabase.h | 239 - SecurityServer/yarrowMigTypes.h | 40 - cdsa/CVSVersionInfo.txt | 5 - cdsa/TODO | 1 - cdsa/cdsa.cpp | 69 - cdsa/cdsa/certextensions.h | 483 - cdsa/cdsa/cssm.h | 37 - cdsa/cdsa/cssmaci.h | 61 - cdsa/cdsa/cssmapi.h | 1181 - cdsa/cdsa/cssmapple.h | 859 - cdsa/cdsa/cssmcli.h | 243 - cdsa/cdsa/cssmconfig.h | 65 - cdsa/cdsa/cssmcspi.h | 368 - cdsa/cdsa/cssmdli.h | 152 - cdsa/cdsa/cssmerr.h | 817 - cdsa/cdsa/cssmkrapi.h | 229 - cdsa/cdsa/cssmkrspi.h | 112 - cdsa/cdsa/cssmspi.h | 129 - cdsa/cdsa/cssmtpi.h | 203 - cdsa/cdsa/cssmtype.h | 2074 -- cdsa/cdsa/eisl.h | 327 - cdsa/cdsa/emmspi.h | 94 - cdsa/cdsa/emmtype.h | 54 - cdsa/cdsa/mds.h | 149 - cdsa/cdsa/mds_schema.h | 192 - cdsa/cdsa/oidsalg.h | 98 - cdsa/cdsa/oidsattr.h | 148 - cdsa/cdsa/oidsbase.h | 189 - cdsa/cdsa/oidscert.h | 166 - cdsa/cdsa/oidscrl.h | 91 - cdsa/cdsa/x509defs.h | 231 - cdsa/cdsa_client.cpp | 52 - cdsa/cdsa_client/DLDBList.cpp | 53 - cdsa/cdsa_client/DLDBList.h | 76 - cdsa/cdsa_client/aclclient.cpp | 220 - cdsa/cdsa_client/aclclient.h | 148 - cdsa/cdsa_client/clclient.cpp | 54 - cdsa/cdsa_client/clclient.h | 76 - cdsa/cdsa_client/cryptoclient.cpp | 156 - cdsa/cdsa_client/cryptoclient.h | 127 - cdsa/cdsa_client/cspclient.cpp | 220 - cdsa/cdsa_client/cspclient.h | 220 - cdsa/cdsa_client/cssmclient.cpp | 450 - cdsa/cdsa_client/cssmclient.h | 344 - cdsa/cdsa_client/dlclient.cpp | 557 - cdsa/cdsa_client/dlclient.h | 484 - cdsa/cdsa_client/genkey.cpp | 93 - cdsa/cdsa_client/genkey.h | 83 - cdsa/cdsa_client/keychainacl.cpp | 133 - cdsa/cdsa_client/keychainacl.h | 89 - cdsa/cdsa_client/keyclient.cpp | 117 - cdsa/cdsa_client/keyclient.h | 114 - cdsa/cdsa_client/macclient.cpp | 95 - cdsa/cdsa_client/macclient.h | 90 - cdsa/cdsa_client/multidldb.cpp | 234 - cdsa/cdsa_client/multidldb.h | 101 - cdsa/cdsa_client/osxsigner.cpp | 95 - cdsa/cdsa_client/osxsigner.h | 102 - cdsa/cdsa_client/securestorage.cpp | 602 - cdsa/cdsa_client/securestorage.h | 343 - cdsa/cdsa_client/signclient.cpp | 95 - cdsa/cdsa_client/signclient.h | 95 - cdsa/cdsa_client/tpclient.cpp | 136 - cdsa/cdsa_client/tpclient.h | 108 - cdsa/cdsa_client/wrapkey.cpp | 223 - cdsa/cdsa_client/wrapkey.h | 122 - cdsa/cdsa_pluginlib.cpp | 44 - cdsa/cdsa_pluginlib/ACsession.h | 60 - cdsa/cdsa_pluginlib/CLsession.h | 60 - cdsa/cdsa_pluginlib/CSPsession.cpp | 1030 - cdsa/cdsa_pluginlib/CSPsession.h | 553 - cdsa/cdsa_pluginlib/DLsession.cpp | 57 - cdsa/cdsa_pluginlib/DLsession.h | 66 - cdsa/cdsa_pluginlib/TPsession.h | 60 - cdsa/cdsa_pluginlib/c++plugin.h | 42 - cdsa/cdsa_pluginlib/csputilities.cpp | 152 - cdsa/cdsa_pluginlib/cssmplugin.cpp | 161 - cdsa/cdsa_pluginlib/cssmplugin.h | 135 - cdsa/cdsa_pluginlib/generator.cfg | 58 - cdsa/cdsa_pluginlib/generator.mk | 28 - cdsa/cdsa_pluginlib/generator.pl | 247 - cdsa/cdsa_pluginlib/pluginsession.cpp | 88 - cdsa/cdsa_pluginlib/pluginsession.h | 96 - cdsa/cdsa_pluginlib/pluginspi.h | 93 - cdsa/cdsa_utilities.cpp | 126 - cdsa/cdsa_utilities/AppleDatabase.cpp | 2255 -- cdsa/cdsa_utilities/AppleDatabase.h | 648 - cdsa/cdsa_utilities/AtomicFile.cpp | 884 - cdsa/cdsa_utilities/AtomicFile.h | 203 - cdsa/cdsa_utilities/Database.cpp | 233 - cdsa/cdsa_utilities/Database.h | 251 - cdsa/cdsa_utilities/DatabaseSession.cpp | 361 - cdsa/cdsa_utilities/DatabaseSession.h | 149 - cdsa/cdsa_utilities/DbContext.cpp | 45 - cdsa/cdsa_utilities/DbContext.h | 76 - cdsa/cdsa_utilities/DbIndex.cpp | 471 - cdsa/cdsa_utilities/DbIndex.h | 196 - cdsa/cdsa_utilities/DbName.cpp | 96 - cdsa/cdsa_utilities/DbName.h | 116 - cdsa/cdsa_utilities/DbQuery.cpp | 30 - cdsa/cdsa_utilities/DbQuery.h | 45 - cdsa/cdsa_utilities/DbValue.cpp | 555 - cdsa/cdsa_utilities/DbValue.h | 213 - cdsa/cdsa_utilities/MetaAttribute.cpp | 154 - cdsa/cdsa_utilities/MetaAttribute.h | 162 - cdsa/cdsa_utilities/MetaRecord.cpp | 497 - cdsa/cdsa_utilities/MetaRecord.h | 176 - cdsa/cdsa_utilities/NOTES | 0 cdsa/cdsa_utilities/ReadWriteSection.h | 228 - cdsa/cdsa_utilities/SampleGroup.cpp | 294 - cdsa/cdsa_utilities/SampleGroup.h | 141 - cdsa/cdsa_utilities/SelectionPredicate.cpp | 51 - cdsa/cdsa_utilities/SelectionPredicate.h | 52 - cdsa/cdsa_utilities/acl_any.cpp | 61 - cdsa/cdsa_utilities/acl_any.h | 62 - cdsa/cdsa_utilities/acl_codesigning.cpp | 152 - cdsa/cdsa_utilities/acl_codesigning.h | 91 - cdsa/cdsa_utilities/acl_comment.cpp | 96 - cdsa/cdsa_utilities/acl_comment.h | 73 - cdsa/cdsa_utilities/acl_keychain.cpp | 90 - cdsa/cdsa_utilities/acl_keychain.h | 90 - cdsa/cdsa_utilities/acl_password.cpp | 109 - cdsa/cdsa_utilities/acl_password.h | 71 - cdsa/cdsa_utilities/acl_process.cpp | 151 - cdsa/cdsa_utilities/acl_process.h | 87 - cdsa/cdsa_utilities/acl_protectedpw.cpp | 119 - cdsa/cdsa_utilities/acl_protectedpw.h | 64 - cdsa/cdsa_utilities/acl_threshold.cpp | 167 - cdsa/cdsa_utilities/acl_threshold.h | 83 - cdsa/cdsa_utilities/bufferfifo.cpp | 88 - cdsa/cdsa_utilities/bufferfifo.h | 70 - cdsa/cdsa_utilities/buffers.cpp | 100 - cdsa/cdsa_utilities/buffers.h | 156 - cdsa/cdsa_utilities/callback.cpp | 113 - cdsa/cdsa_utilities/callback.h | 113 - cdsa/cdsa_utilities/ccaudit.cpp | 105 - cdsa/cdsa_utilities/ccaudit.h | 148 - cdsa/cdsa_utilities/cfutilities.cpp | 53 - cdsa/cdsa_utilities/cfutilities.h | 225 - cdsa/cdsa_utilities/codesigning.cpp | 36 - cdsa/cdsa_utilities/codesigning.h | 143 - cdsa/cdsa_utilities/constdata.cpp | 38 - cdsa/cdsa_utilities/constdata.h | 83 - cdsa/cdsa_utilities/context.cpp | 183 - cdsa/cdsa_utilities/context.h | 362 - cdsa/cdsa_utilities/cssmacl.cpp | 588 - cdsa/cdsa_utilities/cssmacl.h | 377 - cdsa/cdsa_utilities/cssmaclpod.cpp | 109 - cdsa/cdsa_utilities/cssmaclpod.h | 289 - cdsa/cdsa_utilities/cssmalloc.cpp | 203 - cdsa/cdsa_utilities/cssmalloc.h | 362 - cdsa/cdsa_utilities/cssmcert.cpp | 82 - cdsa/cdsa_utilities/cssmcert.h | 119 - cdsa/cdsa_utilities/cssmcred.cpp | 92 - cdsa/cdsa_utilities/cssmcred.h | 172 - cdsa/cdsa_utilities/cssmdata.cpp | 146 - cdsa/cdsa_utilities/cssmdata.h | 473 - cdsa/cdsa_utilities/cssmdates.cpp | 187 - cdsa/cdsa_utilities/cssmdates.h | 121 - cdsa/cdsa_utilities/cssmdb.cpp | 360 - cdsa/cdsa_utilities/cssmdb.h | 655 - cdsa/cdsa_utilities/cssmerrno.cpp | 102 - cdsa/cdsa_utilities/cssmerrno.h | 45 - cdsa/cdsa_utilities/cssmlist.cpp | 288 - cdsa/cdsa_utilities/cssmlist.h | 270 - cdsa/cdsa_utilities/cssmtrust.cpp | 42 - cdsa/cdsa_utilities/cssmtrust.h | 219 - cdsa/cdsa_utilities/cssmwalkers.cpp | 25 - cdsa/cdsa_utilities/cssmwalkers.h | 127 - cdsa/cdsa_utilities/daemon.cpp | 105 - cdsa/cdsa_utilities/daemon.h | 37 - cdsa/cdsa_utilities/db++.cpp | 138 - cdsa/cdsa_utilities/db++.h | 85 - cdsa/cdsa_utilities/debugging.cpp | 527 - cdsa/cdsa_utilities/debugging.h | 136 - cdsa/cdsa_utilities/debugsupport.h | 183 - cdsa/cdsa_utilities/devrandom.cpp | 76 - cdsa/cdsa_utilities/devrandom.h | 61 - cdsa/cdsa_utilities/digestobject.h | 128 - cdsa/cdsa_utilities/endian.cpp | 51 - cdsa/cdsa_utilities/endian.h | 129 - cdsa/cdsa_utilities/fdmover.cpp | 100 - cdsa/cdsa_utilities/fdmover.h | 87 - cdsa/cdsa_utilities/fdsel.cpp | 90 - cdsa/cdsa_utilities/fdsel.h | 74 - cdsa/cdsa_utilities/generator.mk | 26 - cdsa/cdsa_utilities/generator.pl | 89 - cdsa/cdsa_utilities/globalizer.cpp | 142 - cdsa/cdsa_utilities/globalizer.h | 215 - cdsa/cdsa_utilities/guids.cpp | 43 - cdsa/cdsa_utilities/handleobject.cpp | 128 - cdsa/cdsa_utilities/handleobject.h | 196 - cdsa/cdsa_utilities/headermap.cpp | 144 - cdsa/cdsa_utilities/headermap.h | 87 - cdsa/cdsa_utilities/hosts.cpp | 145 - cdsa/cdsa_utilities/hosts.h | 76 - cdsa/cdsa_utilities/inetreply.cpp | 85 - cdsa/cdsa_utilities/inetreply.h | 94 - cdsa/cdsa_utilities/ip++.cpp | 375 - cdsa/cdsa_utilities/ip++.h | 272 - cdsa/cdsa_utilities/ktracecodes.h | 120 - cdsa/cdsa_utilities/logging.cpp | 106 - cdsa/cdsa_utilities/logging.h | 67 - cdsa/cdsa_utilities/mach++.cpp | 426 - cdsa/cdsa_utilities/mach++.h | 295 - cdsa/cdsa_utilities/mach_notify.c | 520 - cdsa/cdsa_utilities/mach_notify.h | 130 - cdsa/cdsa_utilities/machrunloopserver.cpp | 176 - cdsa/cdsa_utilities/machrunloopserver.h | 79 - cdsa/cdsa_utilities/machserver.cpp | 510 - cdsa/cdsa_utilities/machserver.h | 216 - cdsa/cdsa_utilities/memstreams.h | 156 - cdsa/cdsa_utilities/memutils.h | 110 - cdsa/cdsa_utilities/os9utils.cpp | 34 - cdsa/cdsa_utilities/os9utils.h | 74 - cdsa/cdsa_utilities/osxsigning.cpp | 250 - cdsa/cdsa_utilities/osxsigning.h | 134 - cdsa/cdsa_utilities/powerwatch.cpp | 146 - cdsa/cdsa_utilities/powerwatch.h | 81 - cdsa/cdsa_utilities/refcount.h | 116 - cdsa/cdsa_utilities/selector.cpp | 197 - cdsa/cdsa_utilities/selector.h | 119 - cdsa/cdsa_utilities/socks++.cpp | 149 - cdsa/cdsa_utilities/socks++.h | 214 - cdsa/cdsa_utilities/socks++4.cpp | 128 - cdsa/cdsa_utilities/socks++4.h | 80 - cdsa/cdsa_utilities/socks++5.cpp | 202 - cdsa/cdsa_utilities/socks++5.h | 119 - cdsa/cdsa_utilities/streams.cpp | 138 - cdsa/cdsa_utilities/streams.h | 186 - cdsa/cdsa_utilities/threading.cpp | 338 - cdsa/cdsa_utilities/threading.h | 420 - cdsa/cdsa_utilities/threading_internal.h | 98 - cdsa/cdsa_utilities/timeflow.cpp | 111 - cdsa/cdsa_utilities/timeflow.h | 155 - cdsa/cdsa_utilities/tqueue.cpp | 25 - cdsa/cdsa_utilities/tqueue.h | 139 - cdsa/cdsa_utilities/trackingallocator.h | 76 - cdsa/cdsa_utilities/typedvalue.cpp | 32 - cdsa/cdsa_utilities/typedvalue.h | 80 - cdsa/cdsa_utilities/uniformrandom.cpp | 31 - cdsa/cdsa_utilities/uniformrandom.h | 54 - cdsa/cdsa_utilities/unix++.cpp | 190 - cdsa/cdsa_utilities/unix++.h | 233 - cdsa/cdsa_utilities/url.cpp | 144 - cdsa/cdsa_utilities/url.h | 76 - cdsa/cdsa_utilities/utilities.cpp | 340 - cdsa/cdsa_utilities/utilities.h | 763 - cdsa/cdsa_utilities/utility_config.h | 120 - cdsa/cdsa_utilities/walkers.cpp | 47 - cdsa/cdsa_utilities/walkers.h | 370 - cdsa/cssm/MDS | 5 - cdsa/cssm/attachfactory.cpp | 105 - cdsa/cssm/attachfactory.h | 79 - cdsa/cssm/attachment.cpp | 195 - cdsa/cssm/attachment.h | 201 - cdsa/cssm/builtin_modules.cpp | 43 - cdsa/cssm/cspattachment.cpp | 25 - cdsa/cssm/cspattachment.h | 39 - cdsa/cssm/cssm.cpp | 217 - cdsa/cssm/cssm.mdsinfo | 24 - cdsa/cssm/cssmcontext.cpp | 198 - cdsa/cssm/cssmcontext.h | 117 - cdsa/cssm/cssmint.h | 74 - cdsa/cssm/cssmmds.cpp | 112 - cdsa/cssm/cssmmds.h | 73 - cdsa/cssm/generator.cfg | 13 - cdsa/cssm/generator.mk | 26 - cdsa/cssm/generator.pl | 213 - cdsa/cssm/manager.cpp | 206 - cdsa/cssm/manager.h | 109 - cdsa/cssm/modload_plugin.cpp | 61 - cdsa/cssm/modload_plugin.h | 90 - cdsa/cssm/modload_static.cpp | 29 - cdsa/cssm/modload_static.h | 54 - cdsa/cssm/modloader.cpp | 75 - cdsa/cssm/modloader.h | 100 - cdsa/cssm/module.cpp | 157 - cdsa/cssm/module.h | 97 - cdsa/cssm/oidsalg.c | 375 - cdsa/cssm/oidsattr.c | 300 - cdsa/cssm/oidscert.cpp | 243 - cdsa/cssm/oidscrl.cpp | 152 - cdsa/cssm/transition.cpp | 507 - cdsa/generator.mk | 94 - cdsa/mds/MDSAttrParser.cpp | 579 - cdsa/mds/MDSAttrParser.h | 154 - cdsa/mds/MDSAttrStrings.cpp | 747 - cdsa/mds/MDSAttrStrings.h | 111 - cdsa/mds/MDSAttrUtils.cpp | 290 - cdsa/mds/MDSAttrUtils.h | 119 - cdsa/mds/MDSDatabase.cpp | 221 - cdsa/mds/MDSDatabase.h | 158 - cdsa/mds/MDSDictionary.cpp | 526 - cdsa/mds/MDSDictionary.h | 122 - cdsa/mds/MDSModule.cpp | 126 - cdsa/mds/MDSModule.h | 62 - cdsa/mds/MDSPrefs.cpp | 143 - cdsa/mds/MDSPrefs.h | 47 - cdsa/mds/MDSSchema.cpp | 823 - cdsa/mds/MDSSchema.h | 107 - cdsa/mds/MDSSession.cpp | 1409 -- cdsa/mds/MDSSession.h | 165 - cdsa/mds/NOTES | 85 - cdsa/mds/mds.mcp | Bin 28375 -> 0 bytes cdsa/mds/mdsapi.cpp | 287 - checkpw/checkpw.c | 283 - checkpw/checkpw.h | 66 - {Documentation => doc}/ACLsInCDSA.cwk | Bin {Documentation => doc}/APIStrategy.cwk | Bin .../AccessControlArchitecture.cwk | Bin doc/AppleCL_Spec.doc | Bin 0 -> 53248 bytes {Documentation => doc}/AppleCSP.doc | Bin doc/AppleTP_Spec.doc | Bin 0 -> 86528 bytes .../ArchitectureOverview.cwk | Bin {Documentation => doc}/C++Utilities.cwk | Bin {Documentation => doc}/DebuggingAids.cwk | Bin 62061 -> 62061 bytes {Documentation => doc}/HowToWriteA_CSP.cwk | Bin {Documentation => doc}/HowToWriteA_Plugin.cwk | Bin {Documentation => doc}/SecuritySupport.doc | Bin doc/Supported_CSP_Algorithms.doc | Bin 0 -> 75264 bytes {Documentation => doc}/cwk_styles | Bin intl/English.lproj/InfoPlist.strings | Bin 0 -> 290 bytes keychains/Makefile | 59 - keychains/certs/AppleDOTMAC.der | Bin 1470 -> 0 bytes keychains/certs/AppleSWUPDATE.der | Bin 1509 -> 0 bytes keychains/certs/C3_ID_CA.cer | Bin 1061 -> 0 bytes keychains/certs/C3_Mail_CA.cer | Bin 1063 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-10.cer | Bin 1050 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-3.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-4.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-5.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-6.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-7.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CA-9.cer | Bin 1049 -> 0 bytes keychains/certs/DOD_CLASS_3_CAC_CA.cer | Bin 1051 -> 0 bytes keychains/certs/DOD_CLASS_3_CAC_EMAIL_CA.cer | Bin 1057 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-10.cer | Bin 1056 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-3.cer | Bin 1055 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-4.cer | Bin 1055 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-5.cer | Bin 1055 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-6.cer | Bin 1055 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-7.cer | Bin 1055 -> 0 bytes keychains/certs/DOD_CLASS_3_EMAIL_CA-9.cer | Bin 1055 -> 0 bytes .../certs/GeoTrust_True_Credentials_CA_2.cer | Bin 699 -> 0 bytes keychains/certs/JITC_Class3ID_CA.crt | Bin 1053 -> 0 bytes keychains/certs/JITC_Class3Mail_CA.crt | Bin 1055 -> 0 bytes keychains/certs/Thawte_Code_Signing_CA.cer | Bin 850 -> 0 bytes keychains/certs/Thawte_SGC_CA.der.cer | Bin 807 -> 0 bytes keychains/certs/Thawte_SSL_Domain_CA_der.cer | Bin 823 -> 0 bytes keychains/certs/VeriSign_TSA_CA.crt | Bin 977 -> 0 bytes keychains/certs/VisaNet.crt | Bin 1096 -> 0 bytes keychains/certs/acClasse0_0.cer | Bin 711 -> 0 bytes keychains/certs/acClasse0_1.cer | Bin 783 -> 0 bytes keychains/certs/acClasse1_0.cer | Bin 782 -> 0 bytes keychains/certs/acClasse1_1.cer | Bin 711 -> 0 bytes keychains/certs/acClasse2_0.cer | Bin 782 -> 0 bytes keychains/certs/acClasse2_1.cer | Bin 712 -> 0 bytes keychains/certs/acClasse3_0.cer | Bin 783 -> 0 bytes keychains/certs/acClasse3_1.cer | Bin 711 -> 0 bytes keychains/certs/acClasse4.cer | Bin 794 -> 0 bytes keychains/certs/acClasse5.cer | Bin 774 -> 0 bytes keychains/certs/acCps2_2.cer | Bin 685 -> 0 bytes keychains/certs/e-Visa.crt | Bin 1097 -> 0 bytes keychains/certs/gipCps0.cer | Bin 690 -> 0 bytes keychains/postinstall.sh | 21 - keychains/roots/00_BCA.cer | Bin 1134 -> 0 bytes keychains/roots/2006root.cer | Bin 510 -> 0 bytes keychains/roots/2048CA.cer | Bin 1120 -> 0 bytes keychains/roots/AOLTimeWarner1.der | Bin 1002 -> 0 bytes keychains/roots/AddTrust Class 1 CA Root.crt | Bin 1052 -> 0 bytes keychains/roots/AddTrust External CA Root.crt | Bin 1082 -> 0 bytes keychains/roots/AddTrust Public CA Root.crt | Bin 1049 -> 0 bytes .../roots/AddTrust Qualified CA Root.crt | Bin 1058 -> 0 bytes keychains/roots/AdminNacCA.crt | Bin 1023 -> 0 bytes keychains/roots/AmericaOnline1.der | Bin 936 -> 0 bytes keychains/roots/AppleROOTCA.der | Bin 1470 -> 0 bytes keychains/roots/BTCTRT.cer | Bin 891 -> 0 bytes .../roots/Belgacom_selfsigned_primary.crt | Bin 842 -> 0 bytes keychains/roots/C1_PCA_G3v2.509 | Bin 1054 -> 0 bytes keychains/roots/C2_PCA_G3v2.509 | Bin 1053 -> 0 bytes keychains/roots/C3_PCA_G3v2.509 | Bin 1054 -> 0 bytes keychains/roots/C4_PCA_G3v2.509 | Bin 1054 -> 0 bytes keychains/roots/Class1_PCA_G2_v2.509 | Bin 774 -> 0 bytes keychains/roots/Class2_PCA_G2_v2.509 | Bin 775 -> 0 bytes keychains/roots/Class3_PCA_G2_v2.509 | Bin 774 -> 0 bytes keychains/roots/Class4_PCA_G2_v2.509 | Bin 774 -> 0 bytes .../roots/Comodo_AAA_Certificate_Services.cer | Bin 1078 -> 0 bytes .../Comodo_Secure_Certificate_Services.cer | Bin 1091 -> 0 bytes .../Comodo_Trusted_Certificate_Services.cer | Bin 1095 -> 0 bytes keychains/roots/DST Root CA X4.cer | Bin 831 -> 0 bytes keychains/roots/DST RootCA X1.cer | Bin 988 -> 0 bytes keychains/roots/DST RootCA X2.cer | Bin 988 -> 0 bytes keychains/roots/DoDCLASS3RootCA.cer | Bin 619 -> 0 bytes keychains/roots/DoDPKIMedRootCA.cer | Bin 619 -> 0 bytes .../roots/Equifax_Secure_Certificate_Auth | Bin 804 -> 0 bytes .../roots/Equifax_Secure_Global_eBusiness | Bin 660 -> 0 bytes .../roots/Equifax_Secure_eBusiness_CA-1.c | Bin 646 -> 0 bytes .../roots/Equifax_Secure_eBusiness_CA-2.c | Bin 804 -> 0 bytes keychains/roots/GClient_cert.cer | Bin 1159 -> 0 bytes keychains/roots/GTEGB18.cer | Bin 606 -> 0 bytes keychains/roots/GeoTrust_Global_CA.cer | Bin 856 -> 0 bytes keychains/roots/IPSServidores.CRT | Bin 699 -> 0 bytes keychains/roots/JITC_Class3_root.cer | Bin 637 -> 0 bytes keychains/roots/KMD-CA-KPerson.crt | Bin 890 -> 0 bytes keychains/roots/KMD-CA-Server.crt | Bin 862 -> 0 bytes keychains/roots/PCA1ss_v4.509 | Bin 577 -> 0 bytes keychains/roots/PCA2ss_v4.509 | Bin 576 -> 0 bytes keychains/roots/PCA3ss_v4.509 | Bin 576 -> 0 bytes keychains/roots/RSA_Root_CA.crt.cer | Bin 869 -> 0 bytes keychains/roots/RSA_Root_CA_1024.crt.cer | Bin 608 -> 0 bytes keychains/roots/Root_CA_der.crt | Bin 934 -> 0 bytes keychains/roots/SecureServer.509 | Bin 568 -> 0 bytes keychains/roots/SoneraClass1.crt | Bin 804 -> 0 bytes keychains/roots/SoneraClass2.crt | Bin 804 -> 0 bytes keychains/roots/TCTrustCenterClass1CA.der | Bin 864 -> 0 bytes keychains/roots/TCTrustCenterClass2CA.der | Bin 864 -> 0 bytes keychains/roots/TCTrustCenterClass3CA.der | Bin 864 -> 0 bytes keychains/roots/TCTrustCenterClass4CA.der | Bin 864 -> 0 bytes .../roots/TCTrustCenterTimeStampingCA.der | Bin 839 -> 0 bytes .../roots/TC_RootLRA-Admin_DER_Class2.der | Bin 1111 -> 0 bytes .../roots/TC_RootLRA-Admin_DER_Class3.der | Bin 1111 -> 0 bytes keychains/roots/TC_RootServer_DER_Class0.der | Bin 1081 -> 0 bytes keychains/roots/TC_RootServer_DER_Class1.der | Bin 1081 -> 0 bytes keychains/roots/TC_RootServer_DER_Class2.der | Bin 1081 -> 0 bytes keychains/roots/TC_RootServer_DER_Class3.der | Bin 1081 -> 0 bytes keychains/roots/TC_RootServer_DER_Class4.der | Bin 1081 -> 0 bytes keychains/roots/TDC_ocesca.cer | Bin 1309 -> 0 bytes keychains/roots/TDC_rootca.cer | Bin 1071 -> 0 bytes .../roots/UTN-USERFirst-ClientAuthenticat | Bin 1190 -> 0 bytes keychains/roots/UTN-USERFirst-Hardware.crt | Bin 1144 -> 0 bytes .../roots/UTN-USERFirst-NetworkApplicatio | Bin 1128 -> 0 bytes keychains/roots/UTN-USERFirst-Object.crt | Bin 1130 -> 0 bytes keychains/roots/UTN_DATACorp_SGC.cer | Bin 1122 -> 0 bytes .../ValiCertAddTrustPublicChainingCA.cer | Bin 927 -> 0 bytes keychains/roots/ValiCertAddTrustSystemCA.cer | Bin 918 -> 0 bytes keychains/roots/ValiCertClass1PVA.cer | Bin 747 -> 0 bytes keychains/roots/ValiCertClass2PVA.cer | Bin 747 -> 0 bytes keychains/roots/ValiCertClass3PVA.cer | Bin 747 -> 0 bytes keychains/roots/XGCA.crt | Bin 1076 -> 0 bytes keychains/roots/ac-racine.der | Bin 887 -> 0 bytes keychains/roots/beTRUSTedRootCertificate.der | Bin 1328 -> 0 bytes keychains/roots/clientCA.cer | Bin 1265 -> 0 bytes keychains/roots/expressz.cer | Bin 1363 -> 0 bytes keychains/roots/gipCps1.cer | Bin 807 -> 0 bytes keychains/roots/globalSignRoot.cer | Bin 889 -> 0 bytes keychains/roots/gssl_64.cer | Bin 1177 -> 0 bytes keychains/roots/ipscaCAC.der | Bin 2051 -> 0 bytes keychains/roots/ipscaCLASE1.der | Bin 2038 -> 0 bytes keychains/roots/ipscaCLASE3.der | Bin 2038 -> 0 bytes keychains/roots/ipscaCLASEA1.der | Bin 2051 -> 0 bytes keychains/roots/ipscaCLASEA3.der | Bin 2051 -> 0 bytes keychains/roots/ipscaTimestamping.der | Bin 2117 -> 0 bytes keychains/roots/kozjegyzoi.cer | Bin 1665 -> 0 bytes keychains/roots/persbasi.crt | Bin 805 -> 0 bytes keychains/roots/persfree.crt | Bin 817 -> 0 bytes keychains/roots/persprem.crt | Bin 813 -> 0 bytes keychains/roots/qvrca.crt | Bin 1492 -> 0 bytes keychains/roots/serverbasic.crt | Bin 791 -> 0 bytes keychains/roots/serverpremium.crt | Bin 811 -> 0 bytes keychains/roots/uzleti.cer | Bin 1359 -> 0 bytes keychains/roots/webroot.cer | Bin 1244 -> 0 bytes lib/Security.order | 1363 ++ lib/copy_pieces.mk | 51 + lib/generateErrStrings.pl | 128 + symbol_strip.sh | 48 - 1201 files changed, 6198 insertions(+), 252481 deletions(-) delete mode 100644 AppleCSP/AES/aesCommon.h delete mode 100644 AppleCSP/AES/aescsp.cpp delete mode 100644 AppleCSP/AES/aescspi.h delete mode 100644 AppleCSP/AES/boxes-ref.c delete mode 100644 AppleCSP/AES/boxes-ref.h delete mode 100644 AppleCSP/AES/gladmanContext.cpp delete mode 100644 AppleCSP/AES/gladmanContext.h delete mode 100644 AppleCSP/AES/rijndael-alg-ref.c delete mode 100644 AppleCSP/AES/rijndael-alg-ref.h delete mode 100644 AppleCSP/AES/rijndaelApi.c delete mode 100644 AppleCSP/AES/rijndaelApi.h delete mode 100644 AppleCSP/AES/rijndaelGladman.c delete mode 100644 AppleCSP/AES/rijndaelGladman.h delete mode 100644 AppleCSP/AES/vRijndael-alg-ref.c delete mode 100644 AppleCSP/AppleCSP/AppleCSP.cpp delete mode 100644 AppleCSP/AppleCSP/AppleCSP.h delete mode 100644 AppleCSP/AppleCSP/AppleCSPContext.cpp delete mode 100644 AppleCSP/AppleCSP/AppleCSPContext.h delete mode 100644 AppleCSP/AppleCSP/AppleCSPKeys.cpp delete mode 100644 AppleCSP/AppleCSP/AppleCSPKeys.h delete mode 100644 AppleCSP/AppleCSP/AppleCSPSession.h delete mode 100644 AppleCSP/AppleCSP/AppleCSPUtils.cpp delete mode 100644 AppleCSP/AppleCSP/AppleCSPUtils.h delete mode 100644 AppleCSP/AppleCSP/BinaryKey.h delete mode 100644 AppleCSP/AppleCSP/BlockCryptor.cpp delete mode 100644 AppleCSP/AppleCSP/BlockCryptor.h delete mode 100644 AppleCSP/AppleCSP/RawSigner.h delete mode 100644 AppleCSP/AppleCSP/SignatureContext.cpp delete mode 100644 AppleCSP/AppleCSP/SignatureContext.h delete mode 100644 AppleCSP/AppleCSP/YarrowConnection.cpp delete mode 100644 AppleCSP/AppleCSP/YarrowConnection.h delete mode 100644 AppleCSP/AppleCSP/cspdebugging.c delete mode 100644 AppleCSP/AppleCSP/cspdebugging.h delete mode 100644 AppleCSP/AppleCSP/cssmplugin.exp delete mode 100644 AppleCSP/AppleCSP/deriveKey.cpp delete mode 100644 AppleCSP/AppleCSP/pkcs8.cpp delete mode 100644 AppleCSP/AppleCSP/pkcs8.h delete mode 100644 AppleCSP/AppleCSP/rotty.mcp delete mode 100644 AppleCSP/AppleCSP/wrapKey.cpp delete mode 100644 AppleCSP/AppleCSP/wrapKeyCms.cpp delete mode 100644 AppleCSP/AppleCSPPlugin.cpp delete mode 100644 AppleCSP/BSafeCSP/algmaker.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafeAsymmetric.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafeContext.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafeKeyGen.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafePKCS1.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafePKCS1.h delete mode 100644 AppleCSP/BSafeCSP/bsafeSymmetric.cpp delete mode 100644 AppleCSP/BSafeCSP/bsafecsp.h delete mode 100644 AppleCSP/BSafeCSP/bsafecspi.h delete mode 100644 AppleCSP/BSafeCSP/bsobjects.h delete mode 100644 AppleCSP/BSafeCSP/memory.cpp delete mode 100644 AppleCSP/BSafeCSP/miscalgorithms.cpp delete mode 100644 AppleCSP/BSafeCSP/test/t-dsa.cpp delete mode 100644 AppleCSP/BSafeCSP/test/t-rsa.cpp delete mode 100644 AppleCSP/BSafeCSP/test/t.cpp delete mode 100644 AppleCSP/CVSVersionInfo.txt delete mode 100644 AppleCSP/ComCryption/ascContext.cpp delete mode 100644 AppleCSP/ComCryption/ascContext.h delete mode 100644 AppleCSP/ComCryption/ascFactory.h delete mode 100644 AppleCSP/CryptKitCSP/CryptKitAsn1.cpp delete mode 100644 AppleCSP/CryptKitCSP/CryptKitAsn1.h delete mode 100644 AppleCSP/CryptKitCSP/CryptKitDER.cpp delete mode 100755 AppleCSP/CryptKitCSP/CryptKitSpace.h delete mode 100644 AppleCSP/CryptKitCSP/FEEAsymmetricContext.cpp delete mode 100644 AppleCSP/CryptKitCSP/FEEAsymmetricContext.h delete mode 100644 AppleCSP/CryptKitCSP/FEECSPUtils.cpp delete mode 100644 AppleCSP/CryptKitCSP/FEECSPUtils.h delete mode 100644 AppleCSP/CryptKitCSP/FEEKeys.cpp delete mode 100644 AppleCSP/CryptKitCSP/FEEKeys.h delete mode 100644 AppleCSP/CryptKitCSP/FEESignatureObject.cpp delete mode 100644 AppleCSP/CryptKitCSP/FEESignatureObject.h delete mode 100644 AppleCSP/CryptKitCSP/cryptkitcsp.cpp delete mode 100644 AppleCSP/CryptKitCSP/cryptkitcsp.h delete mode 100644 AppleCSP/DiffieHellman/DH_csp.cpp delete mode 100644 AppleCSP/DiffieHellman/DH_csp.h delete mode 100644 AppleCSP/DiffieHellman/DH_exchange.cpp delete mode 100644 AppleCSP/DiffieHellman/DH_exchange.h delete mode 100644 AppleCSP/DiffieHellman/DH_keys.cpp delete mode 100644 AppleCSP/DiffieHellman/DH_keys.h delete mode 100644 AppleCSP/DiffieHellman/DH_utils.cpp delete mode 100644 AppleCSP/DiffieHellman/DH_utils.h delete mode 100644 AppleCSP/MiscCSPAlgs/DES.c delete mode 100644 AppleCSP/MiscCSPAlgs/DES.h delete mode 100644 AppleCSP/MiscCSPAlgs/DigestContext.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/DigestContext.h delete mode 100644 AppleCSP/MiscCSPAlgs/MD2Object.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/MD2Object.h delete mode 100644 AppleCSP/MiscCSPAlgs/MD5.c delete mode 100644 AppleCSP/MiscCSPAlgs/MD5.h delete mode 100644 AppleCSP/MiscCSPAlgs/MacContext.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/MacContext.h delete mode 100644 AppleCSP/MiscCSPAlgs/NullCryptor.h delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1.c delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1.h delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1_priv.c delete mode 100644 AppleCSP/MiscCSPAlgs/SHA1_priv.h delete mode 100644 AppleCSP/MiscCSPAlgs/bfContext.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/bfContext.h delete mode 100644 AppleCSP/MiscCSPAlgs/castContext.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/castContext.h delete mode 100644 AppleCSP/MiscCSPAlgs/desContext.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/desContext.h delete mode 100644 AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/miscAlgFactory.h delete mode 100644 AppleCSP/MiscCSPAlgs/pkcs12Derive.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/pkcs12Derive.h delete mode 100644 AppleCSP/MiscCSPAlgs/platform.h delete mode 100644 AppleCSP/MiscCSPAlgs/rc2Context.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/rc2Context.h delete mode 100644 AppleCSP/MiscCSPAlgs/rc4Context.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/rc4Context.h delete mode 100644 AppleCSP/MiscCSPAlgs/rc5Context.cpp delete mode 100644 AppleCSP/MiscCSPAlgs/rc5Context.h delete mode 100644 AppleCSP/PBKDF2/HMACSHA1.c delete mode 100644 AppleCSP/PBKDF2/HMACSHA1.h delete mode 100644 AppleCSP/PBKDF2/pbkdDigest.cpp delete mode 100644 AppleCSP/PBKDF2/pbkdDigest.h delete mode 100644 AppleCSP/PBKDF2/pbkdf2.c delete mode 100644 AppleCSP/PBKDF2/pbkdf2.h delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_csp.cpp delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_csp.h delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_keys.cpp delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_keys.h delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_signature.cpp delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_signature.h delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_utils.cpp delete mode 100644 AppleCSP/RSA_DSA/RSA_DSA_utils.h delete mode 100644 AppleCSP/RSA_DSA/RSA_asymmetric.cpp delete mode 100644 AppleCSP/RSA_DSA/RSA_asymmetric.h delete mode 100644 AppleCSP/TODO delete mode 100644 AppleCSP/csp_capabilities.mdsinfo delete mode 100644 AppleCSP/csp_capabilities_common.mds delete mode 100644 AppleCSP/csp_common.mdsinfo delete mode 100644 AppleCSP/csp_primary.mdsinfo delete mode 100644 AppleCSP/open_ssl/LICENSE delete mode 100644 AppleCSP/open_ssl/bf/COPYRIGHT delete mode 100644 AppleCSP/open_ssl/bf/README delete mode 100644 AppleCSP/open_ssl/bf/bf_ecb.c delete mode 100644 AppleCSP/open_ssl/bf/bf_enc.c delete mode 100644 AppleCSP/open_ssl/bf/bf_locl.h delete mode 100644 AppleCSP/open_ssl/bf/bf_pi.h delete mode 100644 AppleCSP/open_ssl/bf/bf_skey.c delete mode 100644 AppleCSP/open_ssl/bio/bio_lib.c delete mode 100644 AppleCSP/open_ssl/bio/bss_file.c delete mode 100644 AppleCSP/open_ssl/bn/bn_add.c delete mode 100644 AppleCSP/open_ssl/bn/bn_asm.c delete mode 100644 AppleCSP/open_ssl/bn/bn_blind.c delete mode 100644 AppleCSP/open_ssl/bn/bn_ctx.c delete mode 100644 AppleCSP/open_ssl/bn/bn_div.c delete mode 100644 AppleCSP/open_ssl/bn/bn_err.c delete mode 100644 AppleCSP/open_ssl/bn/bn_exp.c delete mode 100644 AppleCSP/open_ssl/bn/bn_exp2.c delete mode 100644 AppleCSP/open_ssl/bn/bn_gcd.c delete mode 100644 AppleCSP/open_ssl/bn/bn_lcl.h delete mode 100644 AppleCSP/open_ssl/bn/bn_lib.c delete mode 100644 AppleCSP/open_ssl/bn/bn_mont.c delete mode 100644 AppleCSP/open_ssl/bn/bn_mpi.c delete mode 100644 AppleCSP/open_ssl/bn/bn_mul.c delete mode 100644 AppleCSP/open_ssl/bn/bn_prime.c delete mode 100644 AppleCSP/open_ssl/bn/bn_prime.h delete mode 100644 AppleCSP/open_ssl/bn/bn_print.c delete mode 100644 AppleCSP/open_ssl/bn/bn_rand.c delete mode 100644 AppleCSP/open_ssl/bn/bn_recp.c delete mode 100644 AppleCSP/open_ssl/bn/bn_shift.c delete mode 100644 AppleCSP/open_ssl/bn/bn_sqr.c delete mode 100644 AppleCSP/open_ssl/bn/bn_word.c delete mode 100644 AppleCSP/open_ssl/bn/bnspeed.c delete mode 100644 AppleCSP/open_ssl/bn/bntest.c delete mode 100644 AppleCSP/open_ssl/bn/divtest.c delete mode 100644 AppleCSP/open_ssl/bn/exp.c delete mode 100644 AppleCSP/open_ssl/bn/expspeed.c delete mode 100644 AppleCSP/open_ssl/bn/exptest.c delete mode 100644 AppleCSP/open_ssl/bn/vms-helper.c delete mode 100644 AppleCSP/open_ssl/buffer/buf_err.c delete mode 100644 AppleCSP/open_ssl/buffer/buffer.c delete mode 100644 AppleCSP/open_ssl/cast/c_ecb.c delete mode 100644 AppleCSP/open_ssl/cast/c_enc.c delete mode 100644 AppleCSP/open_ssl/cast/c_skey.c delete mode 100644 AppleCSP/open_ssl/cast/cast_lcl.h delete mode 100644 AppleCSP/open_ssl/cast/cast_s.h delete mode 100644 AppleCSP/open_ssl/cryptlib.c delete mode 100644 AppleCSP/open_ssl/cryptlib.h delete mode 100644 AppleCSP/open_ssl/dh/dh_check.c delete mode 100644 AppleCSP/open_ssl/dh/dh_err.c delete mode 100644 AppleCSP/open_ssl/dh/dh_gen.c delete mode 100644 AppleCSP/open_ssl/dh/dh_key.c delete mode 100644 AppleCSP/open_ssl/dh/dh_lib.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_asn1.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_err.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_gen.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_key.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_lib.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_ossl.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_sign.c delete mode 100644 AppleCSP/open_ssl/dsa/dsa_vrf.c delete mode 100644 AppleCSP/open_ssl/err/err.c delete mode 100644 AppleCSP/open_ssl/err/err_prn.c delete mode 100644 AppleCSP/open_ssl/ex_data.c delete mode 100644 AppleCSP/open_ssl/lhash/lhash.c delete mode 100644 AppleCSP/open_ssl/mem.c delete mode 100644 AppleCSP/open_ssl/misc/md2_dgst.c delete mode 100644 AppleCSP/open_ssl/misc/rc2_cbc.c delete mode 100644 AppleCSP/open_ssl/misc/rc2_locl.h delete mode 100644 AppleCSP/open_ssl/misc/rc2_skey.c delete mode 100644 AppleCSP/open_ssl/misc/rc4_enc.c delete mode 100644 AppleCSP/open_ssl/misc/rc4_skey.c delete mode 100644 AppleCSP/open_ssl/misc/rc5_enc.c delete mode 100644 AppleCSP/open_ssl/misc/rc5_locl.h delete mode 100644 AppleCSP/open_ssl/misc/rc5_skey.c delete mode 100644 AppleCSP/open_ssl/openssl/asn1.h delete mode 100644 AppleCSP/open_ssl/openssl/bio.h delete mode 100644 AppleCSP/open_ssl/openssl/blowfish.h delete mode 100644 AppleCSP/open_ssl/openssl/bn.h delete mode 100644 AppleCSP/open_ssl/openssl/buffer.h delete mode 100644 AppleCSP/open_ssl/openssl/cast.h delete mode 100644 AppleCSP/open_ssl/openssl/crypto.h delete mode 100644 AppleCSP/open_ssl/openssl/dh.h delete mode 100644 AppleCSP/open_ssl/openssl/dsa.h delete mode 100644 AppleCSP/open_ssl/openssl/e_os.h delete mode 100644 AppleCSP/open_ssl/openssl/e_os2.h delete mode 100644 AppleCSP/open_ssl/openssl/err.h delete mode 100644 AppleCSP/open_ssl/openssl/evp.h delete mode 100644 AppleCSP/open_ssl/openssl/lhash.h delete mode 100644 AppleCSP/open_ssl/openssl/md2.h delete mode 100644 AppleCSP/open_ssl/openssl/objects.h delete mode 100644 AppleCSP/open_ssl/openssl/openssl_pkcs7.h delete mode 100644 AppleCSP/open_ssl/openssl/opensslconf.h delete mode 100644 AppleCSP/open_ssl/openssl/opensslv.h delete mode 100644 AppleCSP/open_ssl/openssl/rand.h delete mode 100644 AppleCSP/open_ssl/openssl/rc2.h delete mode 100644 AppleCSP/open_ssl/openssl/rc4.h delete mode 100644 AppleCSP/open_ssl/openssl/rc5.h delete mode 100644 AppleCSP/open_ssl/openssl/rsa.h delete mode 100644 AppleCSP/open_ssl/openssl/safestack.h delete mode 100644 AppleCSP/open_ssl/openssl/sha.h delete mode 100644 AppleCSP/open_ssl/openssl/stack.h delete mode 100644 AppleCSP/open_ssl/openssl/x509.h delete mode 100644 AppleCSP/open_ssl/openssl/x509_vfy.h delete mode 100644 AppleCSP/open_ssl/opensslUtils/opensslAsn1.cpp delete mode 100644 AppleCSP/open_ssl/opensslUtils/opensslAsn1.h delete mode 100644 AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp delete mode 100644 AppleCSP/open_ssl/opensslUtils/opensslUtils.h delete mode 100644 AppleCSP/open_ssl/opensslUtils/osKeyTemplates.cpp delete mode 100644 AppleCSP/open_ssl/opensslUtils/osKeyTemplates.h delete mode 100644 AppleCSP/open_ssl/rsa/rsa_chk.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_eay.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_err.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_gen.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_lib.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_none.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_null.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_pk1.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_saos.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_sign.c delete mode 100644 AppleCSP/open_ssl/rsa/rsa_ssl.c delete mode 100644 AppleCSP/open_ssl/stack/stack.c delete mode 100644 AppleCSPDL/AppleCSPDLPlugin.cpp delete mode 100644 AppleCSPDL/CSPDLDatabase.cpp delete mode 100644 AppleCSPDL/CSPDLDatabase.h delete mode 100644 AppleCSPDL/CSPDLPlugin.cpp delete mode 100644 AppleCSPDL/CSPDLPlugin.h delete mode 100644 AppleCSPDL/CVSVersionInfo.txt delete mode 100644 AppleCSPDL/KeySchema.h delete mode 100644 AppleCSPDL/KeySchema.m4 delete mode 100644 AppleCSPDL/SSCSPDLSession.cpp delete mode 100644 AppleCSPDL/SSCSPDLSession.h delete mode 100644 AppleCSPDL/SSCSPSession.cpp delete mode 100644 AppleCSPDL/SSCSPSession.h delete mode 100644 AppleCSPDL/SSContext.cpp delete mode 100644 AppleCSPDL/SSContext.h delete mode 100644 AppleCSPDL/SSDLSession.cpp delete mode 100644 AppleCSPDL/SSDLSession.h delete mode 100644 AppleCSPDL/SSDatabase.cpp delete mode 100644 AppleCSPDL/SSDatabase.h delete mode 100644 AppleCSPDL/SSFactory.cpp delete mode 100644 AppleCSPDL/SSFactory.h delete mode 100644 AppleCSPDL/SSKey.cpp delete mode 100644 AppleCSPDL/SSKey.h delete mode 100644 AppleCSPDL/cspdl_common.mdsinfo delete mode 100644 AppleCSPDL/cspdl_csp_capabilities.mdsinfo delete mode 100644 AppleCSPDL/cspdl_csp_primary.mdsinfo delete mode 100644 AppleCSPDL/cspdl_dl_primary.mdsinfo delete mode 100644 AppleCSPDL/cssmplugin.exp delete mode 100644 AppleDL/AppleCSPDL.mcp delete mode 100644 AppleDL/AppleDLPlugin.cpp delete mode 100644 AppleDL/AppleFileDL.cpp delete mode 100644 AppleDL/AppleFileDL.h delete mode 100644 AppleDL/CVSVersionInfo.txt delete mode 100644 AppleDL/FORMAT delete mode 100644 AppleDL/ISSUES delete mode 100644 AppleDL/TODO delete mode 100644 AppleDL/cssmplugin.exp delete mode 100644 AppleDL/dl_common.mdsinfo delete mode 100644 AppleDL/dl_primary.mdsinfo delete mode 100644 AppleX509CL/AppleX509CL.cpp delete mode 100644 AppleX509CL/AppleX509CL.h delete mode 100644 AppleX509CL/AppleX509CLPlugin.cpp delete mode 100644 AppleX509CL/AppleX509CLSession.cpp delete mode 100644 AppleX509CL/AppleX509CLSession.h delete mode 100644 AppleX509CL/CLCachedEntry.cpp delete mode 100644 AppleX509CL/CLCachedEntry.h delete mode 100644 AppleX509CL/CLCertExtensions.cpp delete mode 100644 AppleX509CL/CLCertExtensions.h delete mode 100644 AppleX509CL/CLCrlExtensions.cpp delete mode 100644 AppleX509CL/CLCrlExtensions.h delete mode 100644 AppleX509CL/CLFieldsCommon.cpp delete mode 100644 AppleX509CL/CLFieldsCommon.h delete mode 100644 AppleX509CL/CSPAttacher.cpp delete mode 100644 AppleX509CL/CSPAttacher.h delete mode 100644 AppleX509CL/CVSVersionInfo.txt delete mode 100644 AppleX509CL/CertFields.cpp delete mode 100644 AppleX509CL/CrlFields.cpp delete mode 100644 AppleX509CL/DecodedCert.cpp delete mode 100644 AppleX509CL/DecodedCert.h delete mode 100644 AppleX509CL/DecodedCrl.cpp delete mode 100644 AppleX509CL/DecodedCrl.h delete mode 100644 AppleX509CL/DecodedExtensions.cpp delete mode 100644 AppleX509CL/DecodedExtensions.h delete mode 100644 AppleX509CL/DecodedItem.cpp delete mode 100644 AppleX509CL/DecodedItem.h delete mode 100644 AppleX509CL/LockedMap.h delete mode 100644 AppleX509CL/Session_CRL.cpp delete mode 100644 AppleX509CL/Session_CSR.cpp delete mode 100644 AppleX509CL/Session_Cert.cpp delete mode 100644 AppleX509CL/Session_Crypto.cpp delete mode 100644 AppleX509CL/TODO delete mode 100644 AppleX509CL/clNameUtils.cpp delete mode 100644 AppleX509CL/clNameUtils.h delete mode 100644 AppleX509CL/clNssUtils.cpp delete mode 100644 AppleX509CL/clNssUtils.h delete mode 100644 AppleX509CL/cl_common.mdsinfo delete mode 100644 AppleX509CL/cl_primary.mdsinfo delete mode 100644 AppleX509CL/cldebugging.h delete mode 100644 AppleX509CL/cssmplugin.exp delete mode 100644 AppleX509TP/AppleTP.cpp delete mode 100644 AppleX509TP/AppleTP.h delete mode 100644 AppleX509TP/AppleTPSession.cpp delete mode 100644 AppleX509TP/AppleTPSession.h delete mode 100644 AppleX509TP/AppleX509TPPlugin.cpp delete mode 100644 AppleX509TP/CVSVersionInfo.txt delete mode 100644 AppleX509TP/TPCertInfo.cpp delete mode 100644 AppleX509TP/TPCertInfo.h delete mode 100644 AppleX509TP/TPCrlInfo.cpp delete mode 100644 AppleX509TP/TPCrlInfo.h delete mode 100644 AppleX509TP/TPDatabase.cpp delete mode 100644 AppleX509TP/TPDatabase.h delete mode 100644 AppleX509TP/TPNetwork.cpp delete mode 100644 AppleX509TP/TPNetwork.h delete mode 100644 AppleX509TP/certGroupUtils.cpp delete mode 100644 AppleX509TP/certGroupUtils.h delete mode 100644 AppleX509TP/cssmplugin.exp delete mode 100644 AppleX509TP/iSignRootCerts.c delete mode 100644 AppleX509TP/rootCerts.cpp delete mode 100644 AppleX509TP/rootCerts.h delete mode 100644 AppleX509TP/sslRootCerts.c delete mode 100644 AppleX509TP/tpCertGroup.cpp delete mode 100644 AppleX509TP/tpCredRequest.cpp delete mode 100644 AppleX509TP/tpCrlVerify.cpp delete mode 100644 AppleX509TP/tpCrlVerify.h delete mode 100644 AppleX509TP/tpPolicies.cpp delete mode 100644 AppleX509TP/tpPolicies.h delete mode 100644 AppleX509TP/tpTime.c delete mode 100644 AppleX509TP/tpTime.h delete mode 100644 AppleX509TP/tp_common.mdsinfo delete mode 100644 AppleX509TP/tp_policyOids.mdsinfo delete mode 100644 AppleX509TP/tp_primary.mdsinfo delete mode 100644 AppleX509TP/tpdebugging.h delete mode 100644 CdsaUtils/cuCdsaUtils.cpp delete mode 100644 CdsaUtils/cuCdsaUtils.h delete mode 100644 CdsaUtils/cuDbUtils.cpp delete mode 100644 CdsaUtils/cuDbUtils.h delete mode 100644 CdsaUtils/cuEnc64.c delete mode 100644 CdsaUtils/cuEnc64.h delete mode 100644 CdsaUtils/cuFileIo.c delete mode 100644 CdsaUtils/cuFileIo.h delete mode 100644 CdsaUtils/cuOidParser.cpp delete mode 100644 CdsaUtils/cuOidParser.h delete mode 100644 CdsaUtils/cuPem.cpp delete mode 100644 CdsaUtils/cuPem.h delete mode 100644 CdsaUtils/cuPrintCert.cpp delete mode 100644 CdsaUtils/cuPrintCert.h delete mode 100644 CdsaUtils/cuTimeStr.cpp delete mode 100644 CdsaUtils/cuTimeStr.h delete mode 100644 CertTool/CertTool.cpp delete mode 100644 CertTool/CertTool.html delete mode 100644 CertTool/CertUI.cpp delete mode 100644 CertTool/CertUI.h delete mode 100644 CertTool/certtool.1 delete mode 100644 CertTool/dumpasn1.cfg delete mode 100644 CrlRefresh/crlRefresh.cpp delete mode 100644 CrlRefresh/ldapFetch.cpp delete mode 100644 CrlRefresh/ldapFetch.h delete mode 100644 Documentation/AppleCL_Spec.doc delete mode 100644 Documentation/AppleTP_Spec.doc delete mode 100644 Documentation/Supported_CSP_Algorithms.doc delete mode 100644 Keychain/ACL.cpp delete mode 100644 Keychain/ACL.h delete mode 100644 Keychain/Access.cpp delete mode 100644 Keychain/Access.h delete mode 100644 Keychain/CCallbackMgr.cp delete mode 100644 Keychain/CCallbackMgr.h delete mode 100644 Keychain/Certificate.cpp delete mode 100644 Keychain/Certificate.h delete mode 100644 Keychain/CertificateRequest.cpp delete mode 100644 Keychain/CertificateRequest.h delete mode 100644 Keychain/Certificates.cpp delete mode 100644 Keychain/DLDBListCFPref.cpp delete mode 100644 Keychain/DLDBListCFPref.h delete mode 100644 Keychain/ExecCLITool.cpp delete mode 100644 Keychain/ExecCLITool.h delete mode 100644 Keychain/FileVaultSPI.cpp delete mode 100644 Keychain/FileVaultSPI.h delete mode 100644 Keychain/Globals.cpp delete mode 100644 Keychain/Globals.h delete mode 100644 Keychain/Identity.cpp delete mode 100644 Keychain/Identity.h delete mode 100644 Keychain/IdentityCursor.cpp delete mode 100644 Keychain/IdentityCursor.h delete mode 100644 Keychain/Item.cpp delete mode 100644 Keychain/Item.h delete mode 100644 Keychain/KCCursor.cpp delete mode 100644 Keychain/KCCursor.h delete mode 100644 Keychain/KCEventNotifier.cpp delete mode 100644 Keychain/KCEventNotifier.h delete mode 100644 Keychain/KCEventObserver.cpp delete mode 100644 Keychain/KCEventObserver.h delete mode 100644 Keychain/KCExceptions.h delete mode 100644 Keychain/KCUtilities.cpp delete mode 100644 Keychain/KCUtilities.h delete mode 100644 Keychain/KeyItem.cpp delete mode 100644 Keychain/KeyItem.h delete mode 100644 Keychain/Keychains.cpp delete mode 100644 Keychain/Keychains.h delete mode 100644 Keychain/Policies.cpp delete mode 100644 Keychain/Policies.h delete mode 100644 Keychain/PolicyCursor.cpp delete mode 100644 Keychain/PolicyCursor.h delete mode 100644 Keychain/PrimaryKey.cpp delete mode 100644 Keychain/PrimaryKey.h delete mode 100644 Keychain/RootCertBlobs.h delete mode 100644 Keychain/SFFileVault.cpp delete mode 100644 Keychain/SFFileVault.h delete mode 100644 Keychain/Schema.h delete mode 100644 Keychain/Schema.m4 delete mode 100644 Keychain/SecACL.cpp delete mode 100644 Keychain/SecACL.h delete mode 100644 Keychain/SecAccess.cpp delete mode 100644 Keychain/SecAccess.h delete mode 100644 Keychain/SecAccessPriv.h delete mode 100644 Keychain/SecBase.h delete mode 100644 Keychain/SecBridge.h delete mode 100644 Keychain/SecCFTypes.cpp delete mode 100644 Keychain/SecCFTypes.h delete mode 100644 Keychain/SecCertificate.cpp delete mode 100644 Keychain/SecCertificate.h delete mode 100644 Keychain/SecCertificateBundle.cpp delete mode 100644 Keychain/SecCertificateBundle.h delete mode 100644 Keychain/SecCertificatePriv.h delete mode 100644 Keychain/SecCertificateRequest.cpp delete mode 100644 Keychain/SecCertificateRequest.h delete mode 100644 Keychain/SecFileVaultCert.cpp delete mode 100644 Keychain/SecFileVaultCert.h delete mode 100644 Keychain/SecIdentity.cpp delete mode 100644 Keychain/SecIdentity.h delete mode 100644 Keychain/SecIdentityPriv.h delete mode 100644 Keychain/SecIdentitySearch.cpp delete mode 100644 Keychain/SecIdentitySearch.h delete mode 100644 Keychain/SecKey.cpp delete mode 100644 Keychain/SecKey.h delete mode 100644 Keychain/SecKeyPriv.h delete mode 100644 Keychain/SecKeychain.cpp delete mode 100644 Keychain/SecKeychain.h delete mode 100644 Keychain/SecKeychainAPI.cpp delete mode 100644 Keychain/SecKeychainAPI.h delete mode 100644 Keychain/SecKeychainAPIPriv.h delete mode 100644 Keychain/SecKeychainAddIToolsPassword.c delete mode 100644 Keychain/SecKeychainItem.cpp delete mode 100644 Keychain/SecKeychainItem.h delete mode 100644 Keychain/SecKeychainSearch.cpp delete mode 100644 Keychain/SecKeychainSearch.h delete mode 100644 Keychain/SecPolicy.cpp delete mode 100644 Keychain/SecPolicy.h delete mode 100644 Keychain/SecPolicyPriv.h delete mode 100644 Keychain/SecPolicySearch.cpp delete mode 100644 Keychain/SecPolicySearch.h delete mode 100644 Keychain/SecRuntime.cpp delete mode 100644 Keychain/SecRuntime.h delete mode 100644 Keychain/SecTrust.cpp delete mode 100644 Keychain/SecTrust.h delete mode 100644 Keychain/SecTrustPriv.h delete mode 100644 Keychain/SecTrustedApplication.cpp delete mode 100644 Keychain/SecTrustedApplication.h delete mode 100644 Keychain/SecTrustedApplicationPriv.h delete mode 100644 Keychain/Security.h delete mode 100644 Keychain/StorageManager.cpp delete mode 100644 Keychain/StorageManager.h delete mode 100644 Keychain/Trust.cpp delete mode 100644 Keychain/Trust.h delete mode 100644 Keychain/TrustItem.cpp delete mode 100644 Keychain/TrustItem.h delete mode 100644 Keychain/TrustStore.cpp delete mode 100644 Keychain/TrustStore.h delete mode 100644 Keychain/TrustedApplication.cpp delete mode 100644 Keychain/TrustedApplication.h delete mode 100644 Keychain/cssmdatetime.cpp delete mode 100644 Keychain/cssmdatetime.h delete mode 100644 Keychain/generateErrStrings.pl delete mode 100644 Keychain/iToolsTrustedApps.plist delete mode 100644 Keychain/srCdsaUtils.cpp delete mode 100644 Keychain/srCdsaUtils.h delete mode 100644 Network/connectionpool.cpp delete mode 100644 Network/connectionpool.h delete mode 100644 Network/file-protocol.cpp delete mode 100644 Network/file-protocol.h delete mode 100644 Network/ftp-protocol.cpp delete mode 100644 Network/ftp-protocol.h delete mode 100644 Network/ftp-proxy-protocol.cpp delete mode 100644 Network/ftp-proxy-protocol.h delete mode 100644 Network/http-protocol.cpp delete mode 100644 Network/http-protocol.h delete mode 100644 Network/http-proxy-protocol.cpp delete mode 100644 Network/http-proxy-protocol.h delete mode 100644 Network/https-protocol.cpp delete mode 100644 Network/https-protocol.h delete mode 100644 Network/https-proxy-protocol.cpp delete mode 100644 Network/https-proxy-protocol.h delete mode 100644 Network/multiobserver.cpp delete mode 100644 Network/multiobserver.h delete mode 100644 Network/netconnection.cpp delete mode 100644 Network/netconnection.h delete mode 100644 Network/neterror.cpp delete mode 100644 Network/neterror.h delete mode 100644 Network/netmanager.cpp delete mode 100644 Network/netmanager.h delete mode 100644 Network/netparameters.h delete mode 100644 Network/networkchooser.cpp delete mode 100644 Network/networkchooser.h delete mode 100644 Network/observer.cpp delete mode 100644 Network/observer.h delete mode 100644 Network/parameters.cpp delete mode 100644 Network/parameters.h delete mode 100644 Network/protocol.cpp delete mode 100644 Network/protocol.h delete mode 100644 Network/simplemanager.cpp delete mode 100644 Network/simplemanager.h delete mode 100644 Network/target.cpp delete mode 100644 Network/target.h delete mode 100644 Network/transfer.cpp delete mode 100644 Network/transfer.h delete mode 100644 Network/xfercore.cpp delete mode 100644 Network/xfercore.h create mode 100644 README delete mode 100644 README.txt delete mode 100644 SecureTransport/CVSVersionInfo.txt delete mode 100644 SecureTransport/ModuleAttacher.cpp delete mode 100644 SecureTransport/ModuleAttacher.h delete mode 100644 SecureTransport/README delete mode 100644 SecureTransport/SecureTransport.pbproj/project.pbxproj delete mode 100644 SecureTransport/SecureTransport/CipherSuite.h delete mode 100644 SecureTransport/SecureTransport/SecureTransport.h delete mode 100644 SecureTransport/appleCdsa.cpp delete mode 100644 SecureTransport/appleSession.cpp delete mode 100644 SecureTransport/cipherSpecs.cpp delete mode 100644 SecureTransport/privateInc/SecureTransportPriv.h delete mode 100644 SecureTransport/privateInc/appleCdsa.h delete mode 100644 SecureTransport/privateInc/appleSession.h delete mode 100644 SecureTransport/privateInc/cipherSpecs.h delete mode 100644 SecureTransport/privateInc/cryptType.h delete mode 100644 SecureTransport/privateInc/ssl.h delete mode 100644 SecureTransport/privateInc/ssl2.h delete mode 100644 SecureTransport/privateInc/sslAlertMessage.h delete mode 100644 SecureTransport/privateInc/sslBER.h delete mode 100644 SecureTransport/privateInc/sslBuildFlags.h delete mode 100644 SecureTransport/privateInc/sslContext.h delete mode 100644 SecureTransport/privateInc/sslDebug.h delete mode 100644 SecureTransport/privateInc/sslDigests.h delete mode 100644 SecureTransport/privateInc/sslHandshake.h delete mode 100644 SecureTransport/privateInc/sslKeychain.h delete mode 100644 SecureTransport/privateInc/sslMemory.h delete mode 100644 SecureTransport/privateInc/sslPriv.h delete mode 100644 SecureTransport/privateInc/sslRecord.h delete mode 100644 SecureTransport/privateInc/sslSession.h delete mode 100644 SecureTransport/privateInc/sslUtils.h delete mode 100644 SecureTransport/privateInc/symCipher.h delete mode 100644 SecureTransport/privateInc/tls_hmac.h delete mode 100644 SecureTransport/privateInc/tls_ssl.h delete mode 100644 SecureTransport/secureTransport.exp delete mode 100644 SecureTransport/securetransport++.cpp delete mode 100644 SecureTransport/securetransport++.h delete mode 100644 SecureTransport/ssl2CipherMap.cpp delete mode 100644 SecureTransport/ssl2Message.cpp delete mode 100644 SecureTransport/ssl2Protocol.cpp delete mode 100644 SecureTransport/ssl2Record.cpp delete mode 100644 SecureTransport/ssl3Callouts.cpp delete mode 100644 SecureTransport/sslAlertMessage.cpp delete mode 100644 SecureTransport/sslBER.cpp delete mode 100644 SecureTransport/sslBER_Dummy.cpp delete mode 100644 SecureTransport/sslCert.cpp delete mode 100644 SecureTransport/sslChangeCipher.cpp delete mode 100644 SecureTransport/sslContext.cpp delete mode 100644 SecureTransport/sslDigests.cpp delete mode 100644 SecureTransport/sslHandshake.cpp delete mode 100644 SecureTransport/sslHandshakeFinish.cpp delete mode 100644 SecureTransport/sslHandshakeHello.cpp delete mode 100644 SecureTransport/sslKeyExchange.cpp delete mode 100644 SecureTransport/sslKeychain.cpp delete mode 100644 SecureTransport/sslMemory.cpp delete mode 100644 SecureTransport/sslNullCipher.cpp delete mode 100644 SecureTransport/sslRecord.cpp delete mode 100644 SecureTransport/sslSession.cpp delete mode 100644 SecureTransport/sslTransport.cpp delete mode 100644 SecureTransport/sslUtils.cpp delete mode 100644 SecureTransport/symCipher.cpp delete mode 100644 SecureTransport/tls1Callouts.cpp delete mode 100644 SecureTransport/tls_hmac.cpp delete mode 100644 Security.exp delete mode 100644 Security.order delete mode 100644 Security.pbproj/project.pbxproj create mode 100644 Security.xcode/project.pbxproj create mode 100644 Security.xcode/stuartha.mode1 create mode 100644 Security.xcode/stuartha.pbxuser delete mode 100644 SecurityServer/AZNTest.cpp delete mode 100644 SecurityServer/Authorization/AuthSession.h delete mode 100644 SecurityServer/Authorization/Authorization.cpp delete mode 100644 SecurityServer/Authorization/Authorization.h delete mode 100644 SecurityServer/Authorization/AuthorizationDB.h delete mode 100644 SecurityServer/Authorization/AuthorizationDBPlist.cpp delete mode 100644 SecurityServer/Authorization/AuthorizationDBPlist.h delete mode 100644 SecurityServer/Authorization/AuthorizationData.cpp delete mode 100644 SecurityServer/Authorization/AuthorizationData.h delete mode 100644 SecurityServer/Authorization/AuthorizationEngine.cpp delete mode 100644 SecurityServer/Authorization/AuthorizationEngine.h delete mode 100644 SecurityServer/Authorization/AuthorizationPlugin.h delete mode 100644 SecurityServer/Authorization/AuthorizationPriv.h delete mode 100644 SecurityServer/Authorization/AuthorizationRule.cpp delete mode 100644 SecurityServer/Authorization/AuthorizationRule.h delete mode 100644 SecurityServer/Authorization/AuthorizationTags.h delete mode 100644 SecurityServer/Authorization/AuthorizationTrampoline.cpp delete mode 100644 SecurityServer/Authorization/AuthorizationWalkers.h delete mode 100644 SecurityServer/Authorization/authorization.plist delete mode 100644 SecurityServer/Authorization/privPort.h delete mode 100644 SecurityServer/Authorization/privPortClient.cpp delete mode 100644 SecurityServer/Authorization/privPortServer.cpp delete mode 100644 SecurityServer/Authorization/trampolineClient.cpp delete mode 100644 SecurityServer/Authorization/trampolineServer.cpp delete mode 100644 SecurityServer/BLOBFORMAT delete mode 100644 SecurityServer/CVSVersionInfo.txt delete mode 100644 SecurityServer/Makefile delete mode 100644 SecurityServer/Makefile.startup delete mode 100644 SecurityServer/SecurityAgentClient.cpp delete mode 100644 SecurityServer/SecurityAgentClient.h delete mode 100644 SecurityServer/SecurityServer.order delete mode 100644 SecurityServer/SecurityServerClient.h delete mode 100755 SecurityServer/SettingsDialog/English.lproj/InfoPlist.strings delete mode 100755 SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/classes.nib delete mode 100755 SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/objects.nib delete mode 100755 SecurityServer/SettingsDialog/SecuritySettings.icns delete mode 100755 SecurityServer/SettingsDialog/SecuritySettings.pbproj/project.pbxproj delete mode 100755 SecurityServer/SettingsDialog/SettingsWindow.h delete mode 100644 SecurityServer/SettingsDialog/SettingsWindow.m delete mode 100755 SecurityServer/SettingsDialog/main.m delete mode 100644 SecurityServer/StartupItems/CodeEquivalenceCandidates delete mode 100644 SecurityServer/StartupItems/Localizable.strings delete mode 100755 SecurityServer/StartupItems/SecurityServer delete mode 100644 SecurityServer/StartupItems/StartupParameters.plist delete mode 100644 SecurityServer/TODO delete mode 100644 SecurityServer/acl_keychain.cpp delete mode 100644 SecurityServer/acl_keychain.h delete mode 100644 SecurityServer/acls.cpp delete mode 100644 SecurityServer/acls.h delete mode 100644 SecurityServer/agentquery.cpp delete mode 100644 SecurityServer/agentquery.h delete mode 100644 SecurityServer/authority.cpp delete mode 100644 SecurityServer/authority.h delete mode 100644 SecurityServer/cfnotifier.cpp delete mode 100644 SecurityServer/cfnotifier.h delete mode 100644 SecurityServer/codesigdb.cpp delete mode 100644 SecurityServer/codesigdb.h delete mode 100644 SecurityServer/connection.cpp delete mode 100644 SecurityServer/connection.h delete mode 100644 SecurityServer/dbcrypto.cpp delete mode 100644 SecurityServer/dbcrypto.h delete mode 100644 SecurityServer/dictionary.cpp delete mode 100644 SecurityServer/dictionary.h delete mode 100644 SecurityServer/entropy.cpp delete mode 100644 SecurityServer/entropy.h delete mode 100644 SecurityServer/eventlistener.cpp delete mode 100644 SecurityServer/eventlistener.h delete mode 100644 SecurityServer/flippers.cpp delete mode 100644 SecurityServer/flippers.h delete mode 100644 SecurityServer/generate.cf delete mode 100755 SecurityServer/generate.pl delete mode 100644 SecurityServer/key.cpp delete mode 100644 SecurityServer/key.h delete mode 100644 SecurityServer/main.cpp delete mode 100644 SecurityServer/notifications.cpp delete mode 100644 SecurityServer/notifications.h delete mode 100644 SecurityServer/process.cpp delete mode 100644 SecurityServer/process.h delete mode 100644 SecurityServer/secagent.defs delete mode 100644 SecurityServer/secagent_types.h delete mode 100644 SecurityServer/securityserver.h delete mode 100644 SecurityServer/server.cpp delete mode 100644 SecurityServer/server.h delete mode 100644 SecurityServer/session.cpp delete mode 100644 SecurityServer/session.h delete mode 100644 SecurityServer/ssblob.cpp delete mode 100644 SecurityServer/ssblob.h delete mode 100644 SecurityServer/ssclient.cpp delete mode 100644 SecurityServer/ssclient.h delete mode 100644 SecurityServer/sstransit.cpp delete mode 100644 SecurityServer/sstransit.h delete mode 100644 SecurityServer/systemkeychain.cpp delete mode 100644 SecurityServer/tests/AZNTest.cpp delete mode 100644 SecurityServer/tests/auth.plist delete mode 100644 SecurityServer/tests/exectest.cpp delete mode 100644 SecurityServer/tests/testacls.cpp delete mode 100644 SecurityServer/tests/testauth.cpp delete mode 100644 SecurityServer/tests/testblobs.cpp delete mode 100644 SecurityServer/tests/testclient.cpp delete mode 100644 SecurityServer/tests/testclient.h delete mode 100644 SecurityServer/tests/testcrypto.cpp delete mode 100644 SecurityServer/tests/testutils.cpp delete mode 100644 SecurityServer/tests/testutils.h delete mode 100644 SecurityServer/transition.cpp delete mode 100644 SecurityServer/transwalkers.cpp delete mode 100644 SecurityServer/transwalkers.h delete mode 100644 SecurityServer/ucsp.defs delete mode 100644 SecurityServer/ucspNotify.defs delete mode 100644 SecurityServer/ucsp_types.h delete mode 100644 SecurityServer/xdatabase.cpp delete mode 100644 SecurityServer/xdatabase.h delete mode 100644 SecurityServer/yarrowMigTypes.h delete mode 100644 cdsa/CVSVersionInfo.txt delete mode 100644 cdsa/TODO delete mode 100644 cdsa/cdsa.cpp delete mode 100644 cdsa/cdsa/certextensions.h delete mode 100644 cdsa/cdsa/cssm.h delete mode 100644 cdsa/cdsa/cssmaci.h delete mode 100644 cdsa/cdsa/cssmapi.h delete mode 100644 cdsa/cdsa/cssmapple.h delete mode 100644 cdsa/cdsa/cssmcli.h delete mode 100644 cdsa/cdsa/cssmconfig.h delete mode 100644 cdsa/cdsa/cssmcspi.h delete mode 100644 cdsa/cdsa/cssmdli.h delete mode 100644 cdsa/cdsa/cssmerr.h delete mode 100644 cdsa/cdsa/cssmkrapi.h delete mode 100644 cdsa/cdsa/cssmkrspi.h delete mode 100644 cdsa/cdsa/cssmspi.h delete mode 100644 cdsa/cdsa/cssmtpi.h delete mode 100644 cdsa/cdsa/cssmtype.h delete mode 100644 cdsa/cdsa/eisl.h delete mode 100644 cdsa/cdsa/emmspi.h delete mode 100644 cdsa/cdsa/emmtype.h delete mode 100644 cdsa/cdsa/mds.h delete mode 100644 cdsa/cdsa/mds_schema.h delete mode 100644 cdsa/cdsa/oidsalg.h delete mode 100644 cdsa/cdsa/oidsattr.h delete mode 100644 cdsa/cdsa/oidsbase.h delete mode 100644 cdsa/cdsa/oidscert.h delete mode 100644 cdsa/cdsa/oidscrl.h delete mode 100644 cdsa/cdsa/x509defs.h delete mode 100644 cdsa/cdsa_client.cpp delete mode 100644 cdsa/cdsa_client/DLDBList.cpp delete mode 100644 cdsa/cdsa_client/DLDBList.h delete mode 100644 cdsa/cdsa_client/aclclient.cpp delete mode 100644 cdsa/cdsa_client/aclclient.h delete mode 100644 cdsa/cdsa_client/clclient.cpp delete mode 100644 cdsa/cdsa_client/clclient.h delete mode 100644 cdsa/cdsa_client/cryptoclient.cpp delete mode 100644 cdsa/cdsa_client/cryptoclient.h delete mode 100644 cdsa/cdsa_client/cspclient.cpp delete mode 100644 cdsa/cdsa_client/cspclient.h delete mode 100644 cdsa/cdsa_client/cssmclient.cpp delete mode 100644 cdsa/cdsa_client/cssmclient.h delete mode 100644 cdsa/cdsa_client/dlclient.cpp delete mode 100644 cdsa/cdsa_client/dlclient.h delete mode 100644 cdsa/cdsa_client/genkey.cpp delete mode 100644 cdsa/cdsa_client/genkey.h delete mode 100644 cdsa/cdsa_client/keychainacl.cpp delete mode 100644 cdsa/cdsa_client/keychainacl.h delete mode 100644 cdsa/cdsa_client/keyclient.cpp delete mode 100644 cdsa/cdsa_client/keyclient.h delete mode 100644 cdsa/cdsa_client/macclient.cpp delete mode 100644 cdsa/cdsa_client/macclient.h delete mode 100644 cdsa/cdsa_client/multidldb.cpp delete mode 100644 cdsa/cdsa_client/multidldb.h delete mode 100644 cdsa/cdsa_client/osxsigner.cpp delete mode 100644 cdsa/cdsa_client/osxsigner.h delete mode 100644 cdsa/cdsa_client/securestorage.cpp delete mode 100644 cdsa/cdsa_client/securestorage.h delete mode 100644 cdsa/cdsa_client/signclient.cpp delete mode 100644 cdsa/cdsa_client/signclient.h delete mode 100644 cdsa/cdsa_client/tpclient.cpp delete mode 100644 cdsa/cdsa_client/tpclient.h delete mode 100644 cdsa/cdsa_client/wrapkey.cpp delete mode 100644 cdsa/cdsa_client/wrapkey.h delete mode 100644 cdsa/cdsa_pluginlib.cpp delete mode 100644 cdsa/cdsa_pluginlib/ACsession.h delete mode 100644 cdsa/cdsa_pluginlib/CLsession.h delete mode 100644 cdsa/cdsa_pluginlib/CSPsession.cpp delete mode 100644 cdsa/cdsa_pluginlib/CSPsession.h delete mode 100644 cdsa/cdsa_pluginlib/DLsession.cpp delete mode 100644 cdsa/cdsa_pluginlib/DLsession.h delete mode 100644 cdsa/cdsa_pluginlib/TPsession.h delete mode 100644 cdsa/cdsa_pluginlib/c++plugin.h delete mode 100644 cdsa/cdsa_pluginlib/csputilities.cpp delete mode 100644 cdsa/cdsa_pluginlib/cssmplugin.cpp delete mode 100644 cdsa/cdsa_pluginlib/cssmplugin.h delete mode 100644 cdsa/cdsa_pluginlib/generator.cfg delete mode 100644 cdsa/cdsa_pluginlib/generator.mk delete mode 100644 cdsa/cdsa_pluginlib/generator.pl delete mode 100644 cdsa/cdsa_pluginlib/pluginsession.cpp delete mode 100644 cdsa/cdsa_pluginlib/pluginsession.h delete mode 100644 cdsa/cdsa_pluginlib/pluginspi.h delete mode 100644 cdsa/cdsa_utilities.cpp delete mode 100644 cdsa/cdsa_utilities/AppleDatabase.cpp delete mode 100644 cdsa/cdsa_utilities/AppleDatabase.h delete mode 100644 cdsa/cdsa_utilities/AtomicFile.cpp delete mode 100644 cdsa/cdsa_utilities/AtomicFile.h delete mode 100644 cdsa/cdsa_utilities/Database.cpp delete mode 100644 cdsa/cdsa_utilities/Database.h delete mode 100644 cdsa/cdsa_utilities/DatabaseSession.cpp delete mode 100644 cdsa/cdsa_utilities/DatabaseSession.h delete mode 100644 cdsa/cdsa_utilities/DbContext.cpp delete mode 100644 cdsa/cdsa_utilities/DbContext.h delete mode 100644 cdsa/cdsa_utilities/DbIndex.cpp delete mode 100644 cdsa/cdsa_utilities/DbIndex.h delete mode 100644 cdsa/cdsa_utilities/DbName.cpp delete mode 100644 cdsa/cdsa_utilities/DbName.h delete mode 100644 cdsa/cdsa_utilities/DbQuery.cpp delete mode 100644 cdsa/cdsa_utilities/DbQuery.h delete mode 100644 cdsa/cdsa_utilities/DbValue.cpp delete mode 100644 cdsa/cdsa_utilities/DbValue.h delete mode 100644 cdsa/cdsa_utilities/MetaAttribute.cpp delete mode 100644 cdsa/cdsa_utilities/MetaAttribute.h delete mode 100644 cdsa/cdsa_utilities/MetaRecord.cpp delete mode 100644 cdsa/cdsa_utilities/MetaRecord.h delete mode 100644 cdsa/cdsa_utilities/NOTES delete mode 100644 cdsa/cdsa_utilities/ReadWriteSection.h delete mode 100644 cdsa/cdsa_utilities/SampleGroup.cpp delete mode 100644 cdsa/cdsa_utilities/SampleGroup.h delete mode 100644 cdsa/cdsa_utilities/SelectionPredicate.cpp delete mode 100644 cdsa/cdsa_utilities/SelectionPredicate.h delete mode 100644 cdsa/cdsa_utilities/acl_any.cpp delete mode 100644 cdsa/cdsa_utilities/acl_any.h delete mode 100644 cdsa/cdsa_utilities/acl_codesigning.cpp delete mode 100644 cdsa/cdsa_utilities/acl_codesigning.h delete mode 100644 cdsa/cdsa_utilities/acl_comment.cpp delete mode 100644 cdsa/cdsa_utilities/acl_comment.h delete mode 100644 cdsa/cdsa_utilities/acl_keychain.cpp delete mode 100644 cdsa/cdsa_utilities/acl_keychain.h delete mode 100644 cdsa/cdsa_utilities/acl_password.cpp delete mode 100644 cdsa/cdsa_utilities/acl_password.h delete mode 100644 cdsa/cdsa_utilities/acl_process.cpp delete mode 100644 cdsa/cdsa_utilities/acl_process.h delete mode 100644 cdsa/cdsa_utilities/acl_protectedpw.cpp delete mode 100644 cdsa/cdsa_utilities/acl_protectedpw.h delete mode 100644 cdsa/cdsa_utilities/acl_threshold.cpp delete mode 100644 cdsa/cdsa_utilities/acl_threshold.h delete mode 100644 cdsa/cdsa_utilities/bufferfifo.cpp delete mode 100644 cdsa/cdsa_utilities/bufferfifo.h delete mode 100644 cdsa/cdsa_utilities/buffers.cpp delete mode 100644 cdsa/cdsa_utilities/buffers.h delete mode 100644 cdsa/cdsa_utilities/callback.cpp delete mode 100644 cdsa/cdsa_utilities/callback.h delete mode 100644 cdsa/cdsa_utilities/ccaudit.cpp delete mode 100644 cdsa/cdsa_utilities/ccaudit.h delete mode 100644 cdsa/cdsa_utilities/cfutilities.cpp delete mode 100644 cdsa/cdsa_utilities/cfutilities.h delete mode 100644 cdsa/cdsa_utilities/codesigning.cpp delete mode 100644 cdsa/cdsa_utilities/codesigning.h delete mode 100644 cdsa/cdsa_utilities/constdata.cpp delete mode 100644 cdsa/cdsa_utilities/constdata.h delete mode 100644 cdsa/cdsa_utilities/context.cpp delete mode 100644 cdsa/cdsa_utilities/context.h delete mode 100644 cdsa/cdsa_utilities/cssmacl.cpp delete mode 100644 cdsa/cdsa_utilities/cssmacl.h delete mode 100644 cdsa/cdsa_utilities/cssmaclpod.cpp delete mode 100644 cdsa/cdsa_utilities/cssmaclpod.h delete mode 100644 cdsa/cdsa_utilities/cssmalloc.cpp delete mode 100644 cdsa/cdsa_utilities/cssmalloc.h delete mode 100644 cdsa/cdsa_utilities/cssmcert.cpp delete mode 100644 cdsa/cdsa_utilities/cssmcert.h delete mode 100644 cdsa/cdsa_utilities/cssmcred.cpp delete mode 100644 cdsa/cdsa_utilities/cssmcred.h delete mode 100644 cdsa/cdsa_utilities/cssmdata.cpp delete mode 100644 cdsa/cdsa_utilities/cssmdata.h delete mode 100644 cdsa/cdsa_utilities/cssmdates.cpp delete mode 100644 cdsa/cdsa_utilities/cssmdates.h delete mode 100644 cdsa/cdsa_utilities/cssmdb.cpp delete mode 100644 cdsa/cdsa_utilities/cssmdb.h delete mode 100644 cdsa/cdsa_utilities/cssmerrno.cpp delete mode 100644 cdsa/cdsa_utilities/cssmerrno.h delete mode 100644 cdsa/cdsa_utilities/cssmlist.cpp delete mode 100644 cdsa/cdsa_utilities/cssmlist.h delete mode 100644 cdsa/cdsa_utilities/cssmtrust.cpp delete mode 100644 cdsa/cdsa_utilities/cssmtrust.h delete mode 100644 cdsa/cdsa_utilities/cssmwalkers.cpp delete mode 100644 cdsa/cdsa_utilities/cssmwalkers.h delete mode 100644 cdsa/cdsa_utilities/daemon.cpp delete mode 100644 cdsa/cdsa_utilities/daemon.h delete mode 100644 cdsa/cdsa_utilities/db++.cpp delete mode 100644 cdsa/cdsa_utilities/db++.h delete mode 100644 cdsa/cdsa_utilities/debugging.cpp delete mode 100644 cdsa/cdsa_utilities/debugging.h delete mode 100644 cdsa/cdsa_utilities/debugsupport.h delete mode 100644 cdsa/cdsa_utilities/devrandom.cpp delete mode 100644 cdsa/cdsa_utilities/devrandom.h delete mode 100644 cdsa/cdsa_utilities/digestobject.h delete mode 100644 cdsa/cdsa_utilities/endian.cpp delete mode 100644 cdsa/cdsa_utilities/endian.h delete mode 100644 cdsa/cdsa_utilities/fdmover.cpp delete mode 100644 cdsa/cdsa_utilities/fdmover.h delete mode 100644 cdsa/cdsa_utilities/fdsel.cpp delete mode 100644 cdsa/cdsa_utilities/fdsel.h delete mode 100644 cdsa/cdsa_utilities/generator.mk delete mode 100644 cdsa/cdsa_utilities/generator.pl delete mode 100644 cdsa/cdsa_utilities/globalizer.cpp delete mode 100644 cdsa/cdsa_utilities/globalizer.h delete mode 100644 cdsa/cdsa_utilities/guids.cpp delete mode 100644 cdsa/cdsa_utilities/handleobject.cpp delete mode 100644 cdsa/cdsa_utilities/handleobject.h delete mode 100644 cdsa/cdsa_utilities/headermap.cpp delete mode 100644 cdsa/cdsa_utilities/headermap.h delete mode 100644 cdsa/cdsa_utilities/hosts.cpp delete mode 100644 cdsa/cdsa_utilities/hosts.h delete mode 100644 cdsa/cdsa_utilities/inetreply.cpp delete mode 100644 cdsa/cdsa_utilities/inetreply.h delete mode 100644 cdsa/cdsa_utilities/ip++.cpp delete mode 100644 cdsa/cdsa_utilities/ip++.h delete mode 100644 cdsa/cdsa_utilities/ktracecodes.h delete mode 100644 cdsa/cdsa_utilities/logging.cpp delete mode 100644 cdsa/cdsa_utilities/logging.h delete mode 100644 cdsa/cdsa_utilities/mach++.cpp delete mode 100644 cdsa/cdsa_utilities/mach++.h delete mode 100644 cdsa/cdsa_utilities/mach_notify.c delete mode 100644 cdsa/cdsa_utilities/mach_notify.h delete mode 100644 cdsa/cdsa_utilities/machrunloopserver.cpp delete mode 100644 cdsa/cdsa_utilities/machrunloopserver.h delete mode 100644 cdsa/cdsa_utilities/machserver.cpp delete mode 100644 cdsa/cdsa_utilities/machserver.h delete mode 100644 cdsa/cdsa_utilities/memstreams.h delete mode 100644 cdsa/cdsa_utilities/memutils.h delete mode 100644 cdsa/cdsa_utilities/os9utils.cpp delete mode 100644 cdsa/cdsa_utilities/os9utils.h delete mode 100644 cdsa/cdsa_utilities/osxsigning.cpp delete mode 100644 cdsa/cdsa_utilities/osxsigning.h delete mode 100644 cdsa/cdsa_utilities/powerwatch.cpp delete mode 100644 cdsa/cdsa_utilities/powerwatch.h delete mode 100644 cdsa/cdsa_utilities/refcount.h delete mode 100644 cdsa/cdsa_utilities/selector.cpp delete mode 100644 cdsa/cdsa_utilities/selector.h delete mode 100644 cdsa/cdsa_utilities/socks++.cpp delete mode 100644 cdsa/cdsa_utilities/socks++.h delete mode 100644 cdsa/cdsa_utilities/socks++4.cpp delete mode 100644 cdsa/cdsa_utilities/socks++4.h delete mode 100644 cdsa/cdsa_utilities/socks++5.cpp delete mode 100644 cdsa/cdsa_utilities/socks++5.h delete mode 100644 cdsa/cdsa_utilities/streams.cpp delete mode 100644 cdsa/cdsa_utilities/streams.h delete mode 100644 cdsa/cdsa_utilities/threading.cpp delete mode 100644 cdsa/cdsa_utilities/threading.h delete mode 100644 cdsa/cdsa_utilities/threading_internal.h delete mode 100644 cdsa/cdsa_utilities/timeflow.cpp delete mode 100644 cdsa/cdsa_utilities/timeflow.h delete mode 100644 cdsa/cdsa_utilities/tqueue.cpp delete mode 100644 cdsa/cdsa_utilities/tqueue.h delete mode 100644 cdsa/cdsa_utilities/trackingallocator.h delete mode 100644 cdsa/cdsa_utilities/typedvalue.cpp delete mode 100644 cdsa/cdsa_utilities/typedvalue.h delete mode 100644 cdsa/cdsa_utilities/uniformrandom.cpp delete mode 100644 cdsa/cdsa_utilities/uniformrandom.h delete mode 100644 cdsa/cdsa_utilities/unix++.cpp delete mode 100644 cdsa/cdsa_utilities/unix++.h delete mode 100644 cdsa/cdsa_utilities/url.cpp delete mode 100644 cdsa/cdsa_utilities/url.h delete mode 100644 cdsa/cdsa_utilities/utilities.cpp delete mode 100644 cdsa/cdsa_utilities/utilities.h delete mode 100644 cdsa/cdsa_utilities/utility_config.h delete mode 100644 cdsa/cdsa_utilities/walkers.cpp delete mode 100644 cdsa/cdsa_utilities/walkers.h delete mode 100644 cdsa/cssm/MDS delete mode 100644 cdsa/cssm/attachfactory.cpp delete mode 100644 cdsa/cssm/attachfactory.h delete mode 100644 cdsa/cssm/attachment.cpp delete mode 100644 cdsa/cssm/attachment.h delete mode 100644 cdsa/cssm/builtin_modules.cpp delete mode 100644 cdsa/cssm/cspattachment.cpp delete mode 100644 cdsa/cssm/cspattachment.h delete mode 100644 cdsa/cssm/cssm.cpp delete mode 100644 cdsa/cssm/cssm.mdsinfo delete mode 100644 cdsa/cssm/cssmcontext.cpp delete mode 100644 cdsa/cssm/cssmcontext.h delete mode 100644 cdsa/cssm/cssmint.h delete mode 100644 cdsa/cssm/cssmmds.cpp delete mode 100644 cdsa/cssm/cssmmds.h delete mode 100644 cdsa/cssm/generator.cfg delete mode 100644 cdsa/cssm/generator.mk delete mode 100644 cdsa/cssm/generator.pl delete mode 100644 cdsa/cssm/manager.cpp delete mode 100644 cdsa/cssm/manager.h delete mode 100644 cdsa/cssm/modload_plugin.cpp delete mode 100644 cdsa/cssm/modload_plugin.h delete mode 100644 cdsa/cssm/modload_static.cpp delete mode 100644 cdsa/cssm/modload_static.h delete mode 100644 cdsa/cssm/modloader.cpp delete mode 100644 cdsa/cssm/modloader.h delete mode 100644 cdsa/cssm/module.cpp delete mode 100644 cdsa/cssm/module.h delete mode 100644 cdsa/cssm/oidsalg.c delete mode 100644 cdsa/cssm/oidsattr.c delete mode 100644 cdsa/cssm/oidscert.cpp delete mode 100644 cdsa/cssm/oidscrl.cpp delete mode 100644 cdsa/cssm/transition.cpp delete mode 100644 cdsa/generator.mk delete mode 100644 cdsa/mds/MDSAttrParser.cpp delete mode 100644 cdsa/mds/MDSAttrParser.h delete mode 100644 cdsa/mds/MDSAttrStrings.cpp delete mode 100644 cdsa/mds/MDSAttrStrings.h delete mode 100644 cdsa/mds/MDSAttrUtils.cpp delete mode 100644 cdsa/mds/MDSAttrUtils.h delete mode 100644 cdsa/mds/MDSDatabase.cpp delete mode 100644 cdsa/mds/MDSDatabase.h delete mode 100644 cdsa/mds/MDSDictionary.cpp delete mode 100644 cdsa/mds/MDSDictionary.h delete mode 100644 cdsa/mds/MDSModule.cpp delete mode 100644 cdsa/mds/MDSModule.h delete mode 100644 cdsa/mds/MDSPrefs.cpp delete mode 100644 cdsa/mds/MDSPrefs.h delete mode 100644 cdsa/mds/MDSSchema.cpp delete mode 100644 cdsa/mds/MDSSchema.h delete mode 100644 cdsa/mds/MDSSession.cpp delete mode 100644 cdsa/mds/MDSSession.h delete mode 100644 cdsa/mds/NOTES delete mode 100644 cdsa/mds/mds.mcp delete mode 100644 cdsa/mds/mdsapi.cpp delete mode 100644 checkpw/checkpw.c delete mode 100644 checkpw/checkpw.h rename {Documentation => doc}/ACLsInCDSA.cwk (100%) rename {Documentation => doc}/APIStrategy.cwk (100%) rename {Documentation => doc}/AccessControlArchitecture.cwk (100%) create mode 100644 doc/AppleCL_Spec.doc rename {Documentation => doc}/AppleCSP.doc (100%) create mode 100644 doc/AppleTP_Spec.doc rename {Documentation => doc}/ArchitectureOverview.cwk (100%) rename {Documentation => doc}/C++Utilities.cwk (100%) rename {Documentation => doc}/DebuggingAids.cwk (99%) rename {Documentation => doc}/HowToWriteA_CSP.cwk (100%) rename {Documentation => doc}/HowToWriteA_Plugin.cwk (100%) rename {Documentation => doc}/SecuritySupport.doc (100%) create mode 100644 doc/Supported_CSP_Algorithms.doc rename {Documentation => doc}/cwk_styles (100%) create mode 100644 intl/English.lproj/InfoPlist.strings delete mode 100644 keychains/Makefile delete mode 100644 keychains/certs/AppleDOTMAC.der delete mode 100644 keychains/certs/AppleSWUPDATE.der delete mode 100644 keychains/certs/C3_ID_CA.cer delete mode 100644 keychains/certs/C3_Mail_CA.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-10.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-3.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-4.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-5.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-6.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-7.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CA-9.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CAC_CA.cer delete mode 100644 keychains/certs/DOD_CLASS_3_CAC_EMAIL_CA.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-10.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-3.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-4.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-5.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-6.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-7.cer delete mode 100644 keychains/certs/DOD_CLASS_3_EMAIL_CA-9.cer delete mode 100644 keychains/certs/GeoTrust_True_Credentials_CA_2.cer delete mode 100644 keychains/certs/JITC_Class3ID_CA.crt delete mode 100644 keychains/certs/JITC_Class3Mail_CA.crt delete mode 100755 keychains/certs/Thawte_Code_Signing_CA.cer delete mode 100644 keychains/certs/Thawte_SGC_CA.der.cer delete mode 100644 keychains/certs/Thawte_SSL_Domain_CA_der.cer delete mode 100755 keychains/certs/VeriSign_TSA_CA.crt delete mode 100644 keychains/certs/VisaNet.crt delete mode 100644 keychains/certs/acClasse0_0.cer delete mode 100644 keychains/certs/acClasse0_1.cer delete mode 100644 keychains/certs/acClasse1_0.cer delete mode 100644 keychains/certs/acClasse1_1.cer delete mode 100644 keychains/certs/acClasse2_0.cer delete mode 100644 keychains/certs/acClasse2_1.cer delete mode 100644 keychains/certs/acClasse3_0.cer delete mode 100644 keychains/certs/acClasse3_1.cer delete mode 100644 keychains/certs/acClasse4.cer delete mode 100644 keychains/certs/acClasse5.cer delete mode 100644 keychains/certs/acCps2_2.cer delete mode 100644 keychains/certs/e-Visa.crt delete mode 100644 keychains/certs/gipCps0.cer delete mode 100755 keychains/postinstall.sh delete mode 100755 keychains/roots/00_BCA.cer delete mode 100644 keychains/roots/2006root.cer delete mode 100644 keychains/roots/2048CA.cer delete mode 100644 keychains/roots/AOLTimeWarner1.der delete mode 100644 keychains/roots/AddTrust Class 1 CA Root.crt delete mode 100644 keychains/roots/AddTrust External CA Root.crt delete mode 100644 keychains/roots/AddTrust Public CA Root.crt delete mode 100644 keychains/roots/AddTrust Qualified CA Root.crt delete mode 100644 keychains/roots/AdminNacCA.crt delete mode 100644 keychains/roots/AmericaOnline1.der delete mode 100644 keychains/roots/AppleROOTCA.der delete mode 100644 keychains/roots/BTCTRT.cer delete mode 100644 keychains/roots/Belgacom_selfsigned_primary.crt delete mode 100644 keychains/roots/C1_PCA_G3v2.509 delete mode 100644 keychains/roots/C2_PCA_G3v2.509 delete mode 100644 keychains/roots/C3_PCA_G3v2.509 delete mode 100644 keychains/roots/C4_PCA_G3v2.509 delete mode 100644 keychains/roots/Class1_PCA_G2_v2.509 delete mode 100644 keychains/roots/Class2_PCA_G2_v2.509 delete mode 100644 keychains/roots/Class3_PCA_G2_v2.509 delete mode 100644 keychains/roots/Class4_PCA_G2_v2.509 delete mode 100644 keychains/roots/Comodo_AAA_Certificate_Services.cer delete mode 100644 keychains/roots/Comodo_Secure_Certificate_Services.cer delete mode 100644 keychains/roots/Comodo_Trusted_Certificate_Services.cer delete mode 100644 keychains/roots/DST Root CA X4.cer delete mode 100644 keychains/roots/DST RootCA X1.cer delete mode 100644 keychains/roots/DST RootCA X2.cer delete mode 100644 keychains/roots/DoDCLASS3RootCA.cer delete mode 100644 keychains/roots/DoDPKIMedRootCA.cer delete mode 100644 keychains/roots/Equifax_Secure_Certificate_Auth delete mode 100644 keychains/roots/Equifax_Secure_Global_eBusiness delete mode 100644 keychains/roots/Equifax_Secure_eBusiness_CA-1.c delete mode 100644 keychains/roots/Equifax_Secure_eBusiness_CA-2.c delete mode 100644 keychains/roots/GClient_cert.cer delete mode 100644 keychains/roots/GTEGB18.cer delete mode 100644 keychains/roots/GeoTrust_Global_CA.cer delete mode 100644 keychains/roots/IPSServidores.CRT delete mode 100644 keychains/roots/JITC_Class3_root.cer delete mode 100644 keychains/roots/KMD-CA-KPerson.crt delete mode 100644 keychains/roots/KMD-CA-Server.crt delete mode 100644 keychains/roots/PCA1ss_v4.509 delete mode 100644 keychains/roots/PCA2ss_v4.509 delete mode 100644 keychains/roots/PCA3ss_v4.509 delete mode 100644 keychains/roots/RSA_Root_CA.crt.cer delete mode 100644 keychains/roots/RSA_Root_CA_1024.crt.cer delete mode 100644 keychains/roots/Root_CA_der.crt delete mode 100644 keychains/roots/SecureServer.509 delete mode 100644 keychains/roots/SoneraClass1.crt delete mode 100644 keychains/roots/SoneraClass2.crt delete mode 100644 keychains/roots/TCTrustCenterClass1CA.der delete mode 100644 keychains/roots/TCTrustCenterClass2CA.der delete mode 100644 keychains/roots/TCTrustCenterClass3CA.der delete mode 100644 keychains/roots/TCTrustCenterClass4CA.der delete mode 100644 keychains/roots/TCTrustCenterTimeStampingCA.der delete mode 100644 keychains/roots/TC_RootLRA-Admin_DER_Class2.der delete mode 100644 keychains/roots/TC_RootLRA-Admin_DER_Class3.der delete mode 100644 keychains/roots/TC_RootServer_DER_Class0.der delete mode 100644 keychains/roots/TC_RootServer_DER_Class1.der delete mode 100644 keychains/roots/TC_RootServer_DER_Class2.der delete mode 100644 keychains/roots/TC_RootServer_DER_Class3.der delete mode 100644 keychains/roots/TC_RootServer_DER_Class4.der delete mode 100644 keychains/roots/TDC_ocesca.cer delete mode 100644 keychains/roots/TDC_rootca.cer delete mode 100644 keychains/roots/UTN-USERFirst-ClientAuthenticat delete mode 100644 keychains/roots/UTN-USERFirst-Hardware.crt delete mode 100644 keychains/roots/UTN-USERFirst-NetworkApplicatio delete mode 100644 keychains/roots/UTN-USERFirst-Object.crt delete mode 100644 keychains/roots/UTN_DATACorp_SGC.cer delete mode 100644 keychains/roots/ValiCertAddTrustPublicChainingCA.cer delete mode 100644 keychains/roots/ValiCertAddTrustSystemCA.cer delete mode 100644 keychains/roots/ValiCertClass1PVA.cer delete mode 100644 keychains/roots/ValiCertClass2PVA.cer delete mode 100644 keychains/roots/ValiCertClass3PVA.cer delete mode 100644 keychains/roots/XGCA.crt delete mode 100644 keychains/roots/ac-racine.der delete mode 100644 keychains/roots/beTRUSTedRootCertificate.der delete mode 100644 keychains/roots/clientCA.cer delete mode 100644 keychains/roots/expressz.cer delete mode 100644 keychains/roots/gipCps1.cer delete mode 100644 keychains/roots/globalSignRoot.cer delete mode 100644 keychains/roots/gssl_64.cer delete mode 100644 keychains/roots/ipscaCAC.der delete mode 100644 keychains/roots/ipscaCLASE1.der delete mode 100644 keychains/roots/ipscaCLASE3.der delete mode 100644 keychains/roots/ipscaCLASEA1.der delete mode 100644 keychains/roots/ipscaCLASEA3.der delete mode 100644 keychains/roots/ipscaTimestamping.der delete mode 100644 keychains/roots/kozjegyzoi.cer delete mode 100644 keychains/roots/persbasi.crt delete mode 100644 keychains/roots/persfree.crt delete mode 100644 keychains/roots/persprem.crt delete mode 100644 keychains/roots/qvrca.crt delete mode 100644 keychains/roots/serverbasic.crt delete mode 100644 keychains/roots/serverpremium.crt delete mode 100644 keychains/roots/uzleti.cer delete mode 100644 keychains/roots/webroot.cer create mode 100644 lib/Security.order create mode 100644 lib/copy_pieces.mk create mode 100644 lib/generateErrStrings.pl delete mode 100755 symbol_strip.sh diff --git a/APPLE_LICENSE b/APPLE_LICENSE index a0a84169..fe81a60c 100644 --- a/APPLE_LICENSE +++ b/APPLE_LICENSE @@ -1,26 +1,19 @@ APPLE PUBLIC SOURCE LICENSE -Version 1.1 - April 19,1999 +Version 2.0 - August 6, 2003 Please read this License carefully before downloading this software. -By downloading and using this software, you are agreeing to be bound -by the terms of this License. If you do not or cannot agree to the -terms of this License, please do not download or use the software. - -1. General; Definitions. This License applies to any program or other -work which Apple Computer, Inc. ("Apple") publicly announces as -subject to this Apple Public Source License and which contains a -notice placed by Apple identifying such program or work as "Original -Code" and stating that it is subject to the terms of this Apple Public -Source License version 1.1 (or subsequent version thereof), as it may -be revised from time to time by Apple ("License"). As used in this -License: - -1.1 "Affected Original Code" means only those specific portions of -Original Code that allegedly infringe upon any party's intellectual -property rights or are otherwise the subject of a claim of -infringement. - -1.2 "Applicable Patent Rights" mean: (a) in the case where Apple is +By downloading or using this software, you are agreeing to be bound by +the terms of this License. If you do not or cannot agree to the terms +of this License, please do not download or use the software. + +1. General; Definitions. This License applies to any program or other +work which Apple Computer, Inc. ("Apple") makes publicly available and +which contains a notice placed by Apple identifying such program or +work as "Original Code" and stating that it is subject to the terms of +this Apple Public Source License version 2.0 ("License"). As used in +this License: + +1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the grantor of rights, (i) claims of patents that are now or hereafter acquired, owned by or assigned to Apple and (ii) that cover subject matter contained in the Original Code, but only to the extent @@ -30,22 +23,27 @@ rights, (i) claims of patents that are now or hereafter acquired, owned by or assigned to You and (ii) that cover subject matter in Your Modifications, taken alone or in combination with Original Code. +1.2 "Contributor" means any person or entity that creates or +contributes to the creation of Modifications. + 1.3 "Covered Code" means the Original Code, Modifications, the combination of Original Code and any Modifications, and/or any respective portions thereof. -1.4 "Deploy" means to use, sublicense or distribute Covered Code other -than for Your internal research and development (R&D), and includes -without limitation, any and all internal use or distribution of -Covered Code within Your business or organization except for R&D use, -as well as direct or indirect sublicensing or distribution of Covered -Code by You to any third party in any form or manner. +1.4 "Externally Deploy" means: (a) to sublicense, distribute or +otherwise make Covered Code available, directly or indirectly, to +anyone other than You; and/or (b) to use Covered Code, alone or as +part of a Larger Work, in any way to provide a service, including but +not limited to delivery of content, through electronic communication +with a client other than You. 1.5 "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.6 "Modifications" mean any addition to, deletion from, and/or change -to, the substance and/or structure of Covered Code. When code is +to, the substance and/or structure of the Original Code, any previous +Modifications, the combination of Original Code and any previous +Modifications, and/or any respective portions thereof. When code is released as a series of files, a Modification is: (a) any addition to or deletion from the contents of a file containing Covered Code; and/or (b) any new file or other representation of computer program @@ -66,7 +64,7 @@ scripts used to control compilation and installation of an executable (object code). 1.9 "You" or "Your" means an individual or a legal entity exercising -rights under this License. For legal entities, "You" or "Your" +rights under this License. For legal entities, "You" or "Your" includes any entity which controls, is controlled by, or is under common control with, You, where "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, @@ -74,258 +72,253 @@ whether by contract or otherwise, or (b) ownership of fifty percent (50%) or more of the outstanding shares or beneficial ownership of such entity. -2. Permitted Uses; Conditions & Restrictions. Subject to the terms +2. Permitted Uses; Conditions & Restrictions. Subject to the terms and conditions of this License, Apple hereby grants You, effective on the date You accept this License and download the Original Code, a -world-wide, royalty-free, non- exclusive license, to the extent of +world-wide, royalty-free, non-exclusive license, to the extent of Apple's Applicable Patent Rights and copyrights covering the Original Code, to do the following: -2.1 You may use, copy, modify and distribute Original Code, with or -without Modifications, solely for Your internal research and -development, provided that You must in each instance: - -(a) retain and reproduce in all copies of Original Code the copyright -and other proprietary notices and disclaimers of Apple as they appear -in the Original Code, and keep intact all notices in the Original Code -that refer to this License; - -(b) include a copy of this License with every copy of Source Code of -Covered Code and documentation You distribute, and You may not offer -or impose any terms on such Source Code that alter or restrict this -License or the recipients' rights hereunder, except as permitted under -Section 6; and - -(c) completely and accurately document all Modifications that you have -made and the date of each such Modification, designate the version of -the Original Code you used, prominently include a file carrying such -information with the Modifications, and duplicate the notice in -Exhibit A in each file of the Source Code of all such Modifications. - -2.2 You may Deploy Covered Code, provided that You must in each - instance: - -(a) satisfy all the conditions of Section 2.1 with respect to the -Source Code of the Covered Code; - -(b) make all Your Deployed Modifications publicly available in Source -Code form via electronic distribution (e.g. download from a web site) -under the terms of this License and subject to the license grants set -forth in Section 3 below, and any additional terms You may choose to -offer under Section 6. You must continue to make the Source Code of -Your Deployed Modifications available for as long as you Deploy the -Covered Code or twelve (12) months from the date of initial -Deployment, whichever is longer; - -(c) if You Deploy Covered Code containing Modifications made by You, -inform others of how to obtain those Modifications by filling out and -submitting the information found at -http://www.apple.com/publicsource/modifications.html, if available; -and - -(d) if You Deploy Covered Code in object code, executable form only, -include a prominent notice, in the code itself as well as in related -documentation, stating that Source Code of the Covered Code is -available under the terms of this License with information on how and -where to obtain such Source Code. - -3. Your Grants. In consideration of, and as a condition to, the -licenses granted to You under this License: - -(a) You hereby grant to Apple and all third parties a non-exclusive, -royalty-free license, under Your Applicable Patent Rights and other -intellectual property rights owned or controlled by You, to use, -reproduce, modify, distribute and Deploy Your Modifications of the -same scope and extent as Apple's licenses under Sections 2.1 and 2.2; -and - -(b) You hereby grant to Apple and its subsidiaries a non-exclusive, -worldwide, royalty-free, perpetual and irrevocable license, under Your -Applicable Patent Rights and other intellectual property rights owned -or controlled by You, to use, reproduce, execute, compile, display, -perform, modify or have modified (for Apple and/or its subsidiaries), -sublicense and distribute Your Modifications, in any form, through -multiple tiers of distribution. - -4. Larger Works. You may create a Larger Work by combining Covered +2.1 Unmodified Code. You may use, reproduce, display, perform, +internally distribute within Your organization, and Externally Deploy +verbatim, unmodified copies of the Original Code, for commercial or +non-commercial purposes, provided that in each instance: + +(a) You must retain and reproduce in all copies of Original Code the +copyright and other proprietary notices and disclaimers of Apple as +they appear in the Original Code, and keep intact all notices in the +Original Code that refer to this License; and + +(b) You must include a copy of this License with every copy of Source +Code of Covered Code and documentation You distribute or Externally +Deploy, and You may not offer or impose any terms on such Source Code +that alter or restrict this License or the recipients' rights +hereunder, except as permitted under Section 6. + +2.2 Modified Code. You may modify Covered Code and use, reproduce, +display, perform, internally distribute within Your organization, and +Externally Deploy Your Modifications and Covered Code, for commercial +or non-commercial purposes, provided that in each instance You also +meet all of these conditions: + +(a) You must satisfy all the conditions of Section 2.1 with respect to +the Source Code of the Covered Code; + +(b) You must duplicate, to the extent it does not already exist, the +notice in Exhibit A in each file of the Source Code of all Your +Modifications, and cause the modified files to carry prominent notices +stating that You changed the files and the date of any change; and + +(c) If You Externally Deploy Your Modifications, You must make +Source Code of all Your Externally Deployed Modifications either +available to those to whom You have Externally Deployed Your +Modifications, or publicly available. Source Code of Your Externally +Deployed Modifications must be released under the terms set forth in +this License, including the license grants set forth in Section 3 +below, for as long as you Externally Deploy the Covered Code or twelve +(12) months from the date of initial External Deployment, whichever is +longer. You should preferably distribute the Source Code of Your +Externally Deployed Modifications electronically (e.g. download from a +web site). + +2.3 Distribution of Executable Versions. In addition, if You +Externally Deploy Covered Code (Original Code and/or Modifications) in +object code, executable form only, You must include a prominent +notice, in the code itself as well as in related documentation, +stating that Source Code of the Covered Code is available under the +terms of this License with information on how and where to obtain such +Source Code. + +2.4 Third Party Rights. You expressly acknowledge and agree that +although Apple and each Contributor grants the licenses to their +respective portions of the Covered Code set forth herein, no +assurances are provided by Apple or any Contributor that the Covered +Code does not infringe the patent or other intellectual property +rights of any other entity. Apple and each Contributor disclaim any +liability to You for claims brought by any other entity based on +infringement of intellectual property rights or otherwise. As a +condition to exercising the rights and licenses granted hereunder, You +hereby assume sole responsibility to secure any other intellectual +property rights needed, if any. For example, if a third party patent +license is required to allow You to distribute the Covered Code, it is +Your responsibility to acquire that license before distributing the +Covered Code. + +3. Your Grants. In consideration of, and as a condition to, the +licenses granted to You under this License, You hereby grant to any +person or entity receiving or distributing Covered Code under this +License a non-exclusive, royalty-free, perpetual, irrevocable license, +under Your Applicable Patent Rights and other intellectual property +rights (other than patent) owned or controlled by You, to use, +reproduce, display, perform, modify, sublicense, distribute and +Externally Deploy Your Modifications of the same scope and extent as +Apple's licenses under Sections 2.1 and 2.2 above. + +4. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and -distribute the Larger Work as a single product. In each such -instance, You must make sure the requirements of this License are -fulfilled for the Covered Code or any portion thereof. +distribute the Larger Work as a single product. In each such instance, +You must make sure the requirements of this License are fulfilled for +the Covered Code or any portion thereof. -5. Limitations on Patent License. Except as expressly stated in +5. Limitations on Patent License. Except as expressly stated in Section 2, no other patent rights, express or implied, are granted by -Apple herein. Modifications and/or Larger Works may require -additional patent licenses from Apple which Apple may grant in its -sole discretion. - -6. Additional Terms. You may choose to offer, and to charge a fee -for, warranty, support, indemnity or liability obligations and/or -other rights consistent with the scope of the license granted herein -("Additional Terms") to one or more recipients of Covered -Code. However, You may do so only on Your own behalf and as Your sole -responsibility, and not on behalf of Apple. You must obtain the -recipient's agreement that any such Additional Terms are offered by -You alone, and You hereby agree to indemnify, defend and hold Apple -harmless for any liability incurred by or claims asserted against -Apple by reason of any such Additional Terms. - -7. Versions of the License. Apple may publish revised and/or new -versions of this License from time to time. Each version will be -given a distinguishing version number. Once Original Code has been -published under a particular version of this License, You may continue -to use it under the terms of that version. You may also choose to use -such Original Code under the terms of any subsequent version of this -License published by Apple. No one other than Apple has the right to +Apple herein. Modifications and/or Larger Works may require additional +patent licenses from Apple which Apple may grant in its sole +discretion. + +6. Additional Terms. You may choose to offer, and to charge a fee for, +warranty, support, indemnity or liability obligations and/or other +rights consistent with the scope of the license granted herein +("Additional Terms") to one or more recipients of Covered Code. +However, You may do so only on Your own behalf and as Your sole +responsibility, and not on behalf of Apple or any Contributor. You +must obtain the recipient's agreement that any such Additional Terms +are offered by You alone, and You hereby agree to indemnify, defend +and hold Apple and every Contributor harmless for any liability +incurred by or claims asserted against Apple or such Contributor by +reason of any such Additional Terms. + +7. Versions of the License. Apple may publish revised and/or new +versions of this License from time to time. Each version will be given +a distinguishing version number. Once Original Code has been published +under a particular version of this License, You may continue to use it +under the terms of that version. You may also choose to use such +Original Code under the terms of any subsequent version of this +License published by Apple. No one other than Apple has the right to modify the terms applicable to Covered Code created under this License. -8. NO WARRANTY OR SUPPORT. The Original Code may contain in whole or -in part pre-release, untested, or not fully tested works. The -Original Code may contain errors that could cause failures or loss of -data, and may be incomplete or contain inaccuracies. You expressly -acknowledge and agree that use of the Original Code, or any portion -thereof, is at Your sole and entire risk. THE ORIGINAL CODE IS -PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND -AND APPLE AND APPLE'S LICENSOR(S) (FOR THE PURPOSES OF SECTIONS 8 AND -9, APPLE AND APPLE'S LICENSOR(S) ARE COLLECTIVELY REFERRED TO AS -"APPLE") EXPRESSLY DISCLAIM ALL WARRANTIES AND/OR CONDITIONS, EXPRESS -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -AND/OR CONDITIONS OF MERCHANTABILITY OR SATISFACTORY QUALITY AND -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY -RIGHTS. APPLE DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE -ORIGINAL CODE WILL MEET YOUR REQUIREMENTS, OR THAT THE OPERATION OF -THE ORIGINAL CODE WILL BE UNINTERRUPTED OR ERROR- FREE, OR THAT -DEFECTS IN THE ORIGINAL CODE WILL BE CORRECTED. NO ORAL OR WRITTEN -INFORMATION OR ADVICE GIVEN BY APPLE OR AN APPLE AUTHORIZED -REPRESENTATIVE SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE -SCOPE OF THIS WARRANTY. You acknowledge that the Original Code is not -intended for use in the operation of nuclear facilities, aircraft -navigation, communication systems, or air traffic control machines in -which case the failure of the Original Code could lead to death, -personal injury, or severe physical or environmental damage. - -9. Liability. - -9.1 Infringement. If any portion of, or functionality implemented by, -the Original Code becomes the subject of a claim of infringement, -Apple may, at its option: (a) attempt to procure the rights necessary -for Apple and You to continue using the Affected Original Code; (b) -modify the Affected Original Code so that it is no longer infringing; -or (c) suspend Your rights to use, reproduce, modify, sublicense and -distribute the Affected Original Code until a final determination of -the claim is made by a court or governmental administrative agency of -competent jurisdiction and Apple lifts the suspension as set forth -below. Such suspension of rights will be effective immediately upon -Apple's posting of a notice to such effect on the Apple web site that -is used for implementation of this License. Upon such final -determination being made, if Apple is legally able, without the -payment of a fee or royalty, to resume use, reproduction, -modification, sublicensing and distribution of the Affected Original -Code, Apple will lift the suspension of rights to the Affected -Original Code by posting a notice to such effect on the Apple web site -that is used for implementation of this License. If Apple suspends -Your rights to Affected Original Code, nothing in this License shall -be construed to restrict You, at Your option and subject to applicable -law, from replacing the Affected Original Code with non-infringing -code or independently negotiating for necessary rights from such third -party. - -9.2 LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES SHALL APPLE BE -LIABLE FOR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES -ARISING OUT OF OR RELATING TO THIS LICENSE OR YOUR USE OR INABILITY TO -USE THE ORIGINAL CODE, OR ANY PORTION THEREOF, WHETHER UNDER A THEORY -OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY -OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF -ANY REMEDY. In no event shall Apple's total liability to You for all -damages under this License exceed the amount of fifty dollars -($50.00). - -10. Trademarks. This License does not grant any rights to use the -trademarks or trade names "Apple", "Apple Computer", "Mac OS X", "Mac -OS X Server" or any other trademarks or trade names belonging to Apple -(collectively "Apple Marks") and no Apple Marks may be used to endorse -or promote products derived from the Original Code other than as -permitted by and in strict compliance at all times with Apple's third -party trademark usage guidelines which are posted at -http://www.apple.com/legal/guidelinesfor3rdparties.html. - -11. Ownership. Apple retains all rights, title and interest in and to -the Original Code and any Modifications made by or on behalf of Apple -("Apple Modifications"), and such Apple Modifications will not be -automatically subject to this License. Apple may, at its sole -discretion, choose to license such Apple Modifications under this -License, or on different terms from those contained in this License or -may choose not to license them at all. Apple's development, use, -reproduction, modification, sublicensing and distribution of Covered -Code will not be subject to this License. +8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in +part pre-release, untested, or not fully tested works. The Covered +Code may contain errors that could cause failures or loss of data, and +may be incomplete or contain inaccuracies. You expressly acknowledge +and agree that use of the Covered Code, or any portion thereof, is at +Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND +WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND +APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE +PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM +ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT +NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF +MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR +PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD +PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST +INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE +FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS, +THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR +ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO +ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE +AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. +You acknowledge that the Covered Code is not intended for use in the +operation of nuclear facilities, aircraft navigation, communication +systems, or air traffic control machines in which case the failure of +the Covered Code could lead to death, personal injury, or severe +physical or environmental damage. + +9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO +EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, +SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING +TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR +ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY, +TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF +APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY +REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF +INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY +TO YOU. In no event shall Apple's total liability to You for all +damages (other than as may be required by applicable law) under this +License exceed the amount of fifty dollars ($50.00). + +10. Trademarks. This License does not grant any rights to use the +trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS", +"QuickTime", "QuickTime Streaming Server" or any other trademarks, +service marks, logos or trade names belonging to Apple (collectively +"Apple Marks") or to any trademark, service mark, logo or trade name +belonging to any Contributor. You agree not to use any Apple Marks in +or as part of the name of products derived from the Original Code or +to endorse or promote products derived from the Original Code other +than as expressly permitted by and in strict compliance at all times +with Apple's third party trademark usage guidelines which are posted +at http://www.apple.com/legal/guidelinesfor3rdparties.html. + +11. Ownership. Subject to the licenses granted under this License, +each Contributor retains all rights, title and interest in and to any +Modifications made by such Contributor. Apple retains all rights, +title and interest in and to the Original Code and any Modifications +made by or on behalf of Apple ("Apple Modifications"), and such Apple +Modifications will not be automatically subject to this License. Apple +may, at its sole discretion, choose to license such Apple +Modifications under this License, or on different terms from those +contained in this License or may choose not to license them at all. 12. Termination. -12.1 Termination. This License and the rights granted hereunder will - terminate: +12.1 Termination. This License and the rights granted hereunder will +terminate: (a) automatically without notice from Apple if You fail to comply with any term(s) of this License and fail to cure such breach within 30 -days of becoming aware of such breach; (b) immediately in the event of -the circumstances described in Section 13.5(b); or (c) automatically -without notice from Apple if You, at any time during the term of this -License, commence an action for patent infringement against Apple. - -12.2 Effect of Termination. Upon termination, You agree to -immediately stop any further use, reproduction, modification, -sublicensing and distribution of the Covered Code and to destroy all -copies of the Covered Code that are in your possession or control. -All sublicenses to the Covered Code which have been properly granted -prior to termination shall survive any termination of this License. -Provisions which, by their nature, should remain in effect beyond the -termination of this License shall survive, including but not limited -to Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. Neither party will be -liable to the other for compensation, indemnity or damages of any sort -solely as a result of terminating this License in accordance with its -terms, and termination of this License will be without prejudice to -any other right or remedy of either party. - -13. Miscellaneous. - -13.1 Government End Users. The Covered Code is a "commercial item" as -defined in FAR 2.101. Government software and technical data rights -in the Covered Code include only those rights customarily provided to -the public as defined in this License. This customary commercial -license in technical data and software is provided in accordance with -FAR 12.211 (Technical Data) and 12.212 (Computer Software) and, for +days of becoming aware of such breach; + +(b) immediately in the event of the circumstances described in Section +13.5(b); or + +(c) automatically without notice from Apple if You, at any time during +the term of this License, commence an action for patent infringement +against Apple; provided that Apple did not first commence +an action for patent infringement against You in that instance. + +12.2 Effect of Termination. Upon termination, You agree to immediately +stop any further use, reproduction, modification, sublicensing and +distribution of the Covered Code. All sublicenses to the Covered Code +which have been properly granted prior to termination shall survive +any termination of this License. Provisions which, by their nature, +should remain in effect beyond the termination of this License shall +survive, including but not limited to Sections 3, 5, 8, 9, 10, 11, +12.2 and 13. No party will be liable to any other for compensation, +indemnity or damages of any sort solely as a result of terminating +this License in accordance with its terms, and termination of this +License will be without prejudice to any other right or remedy of +any party. + +13. Miscellaneous. + +13.1 Government End Users. The Covered Code is a "commercial item" as +defined in FAR 2.101. Government software and technical data rights in +the Covered Code include only those rights customarily provided to the +public as defined in this License. This customary commercial license +in technical data and software is provided in accordance with FAR +12.211 (Technical Data) and 12.212 (Computer Software) and, for Department of Defense purchases, DFAR 252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in Commercial Computer -Software or Computer Software Documentation). Accordingly, all U.S. +Software or Computer Software Documentation). Accordingly, all U.S. Government End Users acquire Covered Code with only those rights set forth herein. -13.2 Relationship of Parties. This License will not be construed as +13.2 Relationship of Parties. This License will not be construed as creating an agency, partnership, joint venture or any other form of -legal association between You and Apple, and You will not represent to -the contrary, whether expressly, by implication, appearance or -otherwise. +legal association between or among You, Apple or any Contributor, and +You will not represent to the contrary, whether expressly, by +implication, appearance or otherwise. -13.3 Independent Development. Nothing in this License will impair +13.3 Independent Development. Nothing in this License will impair Apple's right to acquire, license, develop, have others develop for it, market and/or distribute technology or products that perform the same or similar functions as, or otherwise compete with, Modifications, Larger Works, technology or products that You may develop, produce, market or distribute. -13.4 Waiver; Construction. Failure by Apple to enforce any provision -of this License will not be deemed a waiver of future enforcement of -that or any other provision. Any law or regulation which provides -that the language of a contract shall be construed against the drafter -will not apply to this License. +13.4 Waiver; Construction. Failure by Apple or any Contributor to +enforce any provision of this License will not be deemed a waiver of +future enforcement of that or any other provision. Any law or +regulation which provides that the language of a contract shall be +construed against the drafter will not apply to this License. -13.5 Severability. (a) If for any reason a court of competent +13.5 Severability. (a) If for any reason a court of competent jurisdiction finds any provision of this License, or portion thereof, to be unenforceable, that provision of the License will be enforced to the maximum extent permissible so as to effect the economic benefits and intent of the parties, and the remainder of this License will -continue in full force and effect. (b) Notwithstanding the foregoing, +continue in full force and effect. (b) Notwithstanding the foregoing, if applicable law prohibits or restricts You from fully and/or specifically complying with Sections 2 and/or 3 or prevents the enforceability of either of those Sections, this License will @@ -333,7 +326,7 @@ immediately terminate and You must immediately discontinue any use of the Covered Code and destroy all copies of it that are in your possession or control. -13.6 Dispute Resolution. Any litigation or other dispute resolution +13.6 Dispute Resolution. Any litigation or other dispute resolution between You and Apple relating to this License shall take place in the Northern District of California, and You and Apple hereby consent to the personal jurisdiction of, and venue in, the state and federal @@ -341,9 +334,9 @@ courts within that District with respect to this License. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. -13.7 Entire Agreement; Governing Law. This License constitutes the +13.7 Entire Agreement; Governing Law. This License constitutes the entire agreement between the parties with respect to the subject -matter hereof. This License shall be governed by the laws of the +matter hereof. This License shall be governed by the laws of the United States and the State of California, except that body of California law concerning conflicts of law. @@ -355,18 +348,20 @@ connexes soient rediges en anglais. EXHIBIT A. -"Portions Copyright (c) 1999-2000 Apple Computer, Inc. All Rights -Reserved. This file contains Original Code and/or Modifications of -Original Code as defined in and that are subject to the Apple Public -Source License Version 1.1 (the "License"). You may not use this file -except in compliance with the License. Please obtain a copy of the -License at http://www.apple.com/publicsource and read it before using -this file. +"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights +Reserved. + +This file contains Original Code and/or Modifications of Original Code +as defined in and that are subject to the Apple Public Source License +Version 2.0 (the 'License'). You may not use this file except in +compliance with the License. Please obtain a copy of the License at +http://www.opensource.apple.com/apsl/ and read it before using this +file. The Original Code and all software distributed under the License are -distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER +distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT. Please see the -License for the specific language governing rights and limitations -under the License." +FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. +Please see the License for the specific language governing rights and +limitations under the License." diff --git a/AppleCSP/AES/aesCommon.h b/AppleCSP/AES/aesCommon.h deleted file mode 100644 index 6e3480f6..00000000 --- a/AppleCSP/AES/aesCommon.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// aesCommon.h - common AES/Rijndael constants -// -#ifndef _H_AES_COMMON_ -#define _H_AES_COMMON_ - -#define MIN_AES_KEY_BITS 128 -#define MID_AES_KEY_BITS 192 -#define MAX_AES_KEY_BITS 256 - -#define MIN_AES_BLOCK_BITS 128 -#define MID_AES_BLOCK_BITS 192 -#define MAX_AES_BLOCK_BITS 256 - -#define MIN_AES_BLOCK_BYTES (MIN_AES_BLOCK_BITS / 8) -#define DEFAULT_AES_BLOCK_BYTES MIN_AES_BLOCK_BYTES - -/* - * When true, the Gladman AES implementation is present and is used - * for all 128-bit block configurations. - */ -#define GLADMAN_AES_128_ENABLE 1 - -#endif /* _H_AES_COMMON_ */ diff --git a/AppleCSP/AES/aescsp.cpp b/AppleCSP/AES/aescsp.cpp deleted file mode 100644 index 5fa79cad..00000000 --- a/AppleCSP/AES/aescsp.cpp +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * aescsp.cpp - glue between BlockCryptor and AES implementation - * Written by Doug Mitchell 10/3/2000 - */ - -#include "aescspi.h" -#include "rijndaelApi.h" -#include "rijndael-alg-ref.h" -#include "cspdebugging.h" - -#define DEFAULT_BLOCK_SIZE (MIN_AES_BLOCK_BITS / 8) - -/* - * AES symmetric key generation. - * This algorithm has key size restrictions which don't fit with the - * standard AppleSymmKeyGenContext model so we have to do some addditional - * checking. - */ -void AESKeyGenContext::generate( - const Context &context, - CssmKey &symKey, - CssmKey &dummyKey) -{ - uint32 reqKeySize = context.getInt( - CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - switch(reqKeySize) { - case MIN_AES_KEY_BITS: - case MID_AES_KEY_BITS: - case MAX_AES_KEY_BITS: - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - } - AppleSymmKeyGenContext::generateSymKey( - context, - session(), - symKey); -} - -/* - * AES encrypt/decrypt. - */ -AESContext::~AESContext() -{ - deleteKey(); - memset(mRawKey, 0, MAX_AES_KEY_BITS / 8); - mInitFlag = false; -} - -void AESContext::aesError( - int artn, - const char *errStr) -{ - CSSM_RETURN crtn; - errorLog2("AESContext: %s : %d\n", errStr, artn); - switch(artn) { - case BAD_KEY_INSTANCE: - default: - crtn = CSSMERR_CSP_INTERNAL_ERROR; - break; - case BAD_KEY_MAT: - crtn = CSSMERR_CSP_INVALID_KEY; - break; - } - CssmError::throwMe(crtn); -} - -void AESContext::deleteKey() -{ - if(mAesKey) { - memset(mAesKey, 0, sizeof(keyInstance)); - session().free(mAesKey); - mAesKey = NULL; - } -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. Even reusable after context - * changed (i.e., new IV in Encrypted File System). - */ -void AESContext::init( - const Context &context, - bool encrypting) -{ - if(mInitFlag && !opStarted()) { - return; - } - - UInt32 keyLen; - UInt8 *keyData = NULL; - unsigned lastBlockSize = mBlockSize; // may be 0 (first time thru) - bool sameKeyAndBlockSizes = false; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_AES, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - - /* - * Validate context - * block size is optional - */ - mBlockSize = context.getInt(CSSM_ATTRIBUTE_BLOCK_SIZE); - if(mBlockSize == 0) { - mBlockSize = DEFAULT_BLOCK_SIZE; - } - - - /* - * Delete existing key if key size or block size changed - */ - if((lastBlockSize == mBlockSize) && (mRawKeySize == keyLen)) { - sameKeyAndBlockSizes = true; - } - if((mAesKey != NULL) && !sameKeyAndBlockSizes) { - deleteKey(); - } - - int opt128 = 0; -#if !GLADMAN_AES_128_ENABLE - if((mBlockSize == (MIN_AES_BLOCK_BITS/8)) && - (keyLen == (MIN_AES_KEY_BITS/8)) && - doAES128) { - opt128 = 1; - } -#endif /* !GLADMAN_AES_128_ENABLE */ - - /* create new key if needed */ - if(mAesKey == NULL) { - mAesKey = (keyInstance *)session().malloc(sizeof(keyInstance)); - } - - /* init key only if key size, block size, or key bits have changed */ - if(!sameKeyAndBlockSizes || memcmp(mRawKey, keyData, mRawKeySize)) { - int artn = makeKey((keyInstance *)mAesKey, - keyLen * 8, - mBlockSize * 8, - (word8 *)keyData, - opt128); - if(artn < 0) { - aesError(artn, "makeKey"); - } - - /* save this raw key data */ - memmove(mRawKey, keyData, mRawKeySize); - mRawKeySize = keyLen; - } - -#if !GLADMAN_AES_128_ENABLE - if(opt128) { - /* optimized path */ - mEncryptFcn = rijndaelBlockEncrypt128; - mDecryptFcn = rijndaelBlockDecrypt128; - } - else { - /* common standard path */ - mEncryptFcn = rijndaelBlockEncrypt; - mDecryptFcn = rijndaelBlockDecrypt; - } -#else - /* common standard path */ - mEncryptFcn = rijndaelBlockEncrypt; - mDecryptFcn = rijndaelBlockDecrypt; -#endif /* !GLADMAN_AES_128_ENABLE */ - - /* Finally, have BlockCryptor do its setup */ - setup(mBlockSize, context); - mInitFlag = true; -} - -/* - * Functions called by BlockCryptor - */ -void AESContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != mBlockSize) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < mBlockSize) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - int artn = mEncryptFcn(mAesKey, - (word8 *)plainText, - (word8 *)cipherText); - if(artn < 0) { - aesError(artn, "rijndaelBlockEncrypt"); - } - cipherTextLen = mBlockSize; -} - -void AESContext::decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < mBlockSize) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - int artn = mDecryptFcn(mAesKey, - (word8 *)cipherText, - (word8 *)plainText); - if(artn < 0) { - aesError(artn, "rijndaelBlockDecrypt"); - } - plainTextLen = mBlockSize; -} - diff --git a/AppleCSP/AES/aescspi.h b/AppleCSP/AES/aescspi.h deleted file mode 100644 index c6694b2b..00000000 --- a/AppleCSP/AES/aescspi.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// aescspi.h - AES context class -// -#ifndef _H_AESCSPI -#define _H_AESCSPI - -#include -#include "AppleCSP.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "BlockCryptor.h" -#include "rijndaelApi.h" - -/* Symmetric encryption context */ -class AESContext : public BlockCryptor { -public: - AESContext(AppleCSPSession &session) : - BlockCryptor(session), - mAesKey(NULL), - mBlockSize(0), - mInitFlag(false), - mRawKeySize(0) { } - ~AESContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // As an optimization, we allow reuse of a modified context. The main thing - // we avoid is a redundant key scheduling. We save the current raw keys bits - // in mRawKey and compare on re-init. - bool changed(const Context &context) { return true; } - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - void aesError( - int artn, - const char *errStr); - void deleteKey(); - - keyInstance *mAesKey; // keyInstance or keyInstance128 - unsigned mBlockSize; // in BYTES - bool mInitFlag; // for easy reuse - aesCryptFcn mEncryptFcn; - aesCryptFcn mDecryptFcn; - - /* raw key bits saved here and checked on re-init to avoid extra key schedule */ - uint8 mRawKey[MAX_AES_KEY_BITS / 8]; - uint32 mRawKeySize; -}; /* AESContext */ - -// symmetric key generation context -class AESKeyGenContext : public AppleCSPContext, private AppleSymmKeyGenContext { -public: - AESKeyGenContext( - AppleCSPSession &session) : - AppleCSPContext(session), - AppleSymmKeyGenContext( - MIN_AES_KEY_BITS, - MAX_AES_KEY_BITS, - true) { } - - void init(const Context &context, bool encoding = true) { } - - void generate( - const Context &context, - CssmKey &symKey, - CssmKey &dummyKey); - -}; - -#endif //_H_AESCSPI diff --git a/AppleCSP/AES/boxes-ref.c b/AppleCSP/AES/boxes-ref.c deleted file mode 100644 index ddc63573..00000000 --- a/AppleCSP/AES/boxes-ref.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include "boxes-ref.h" - -#if !AES_MUL_BY_LOOKUP -const unsigned char Logtable[256] = { - 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3, -100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193, -125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120, -101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142, -150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56, -102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16, -126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186, - 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87, -175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232, - 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160, -127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183, -204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, -151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, - 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, - 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, -103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7, -}; - -const unsigned char Alogtable[256] = { - 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, - 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, -229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, - 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, - 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, -131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, -181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, -254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, -251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, -195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, -159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, -155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, -252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, - 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, - 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, - 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1, -}; -#endif /* AES_MUL_BY_LOOKUP */ - -const unsigned char S[256] = { - 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, -202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, -183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, - 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, - 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, - 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, -208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, - 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, -205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, - 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, -224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, -231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, -186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, -112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, -225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, -140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, -}; - -const unsigned char Si[256] = { - 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, -124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, - 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, - 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, -114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, -108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, -144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, -208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, - 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, -150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, - 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, -252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, - 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, - 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, -160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, - 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, -}; - -const unsigned char iG[4][4] = { -{ 0x0e, 0x09, 0x0d, 0x0b }, -{ 0x0b, 0x0e, 0x09, 0x0d }, -{ 0x0d, 0x0b, 0x0e, 0x09 }, -{ 0x09, 0x0d, 0x0b, 0x0e } -}; - -const unsigned long rcon[30] = { - 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, }; - -#if AES_MUL_BY_LOOKUP - -/* - * Lookup tables for mul(). Only 6 multiplicands are used when calling this - * function so we just have a table for each one. - */ -const word8 mulBy0x02[256] = { - 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, - 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, - 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, - 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, - 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, - 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, - 192, 194, 196, 198, 200, 202, 204, 206, 208, 210, 212, 214, 216, 218, 220, 222, - 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, 254, - 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, - 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, 33, 39, 37, - 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, - 123, 121, 127, 125, 115, 113, 119, 117, 107, 105, 111, 109, 99, 97, 103, 101, - 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133, - 187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, - 219, 217, 223, 221, 211, 209, 215, 213, 203, 201, 207, 205, 195, 193, 199, 197, - 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225, 231, 229, - }; - -const word8 mulBy0x03[256] = { - 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, - 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, 33, - 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, - 80, 83, 86, 85, 92, 95, 90, 89, 72, 75, 78, 77, 68, 71, 66, 65, - 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, - 240, 243, 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, - 160, 163, 166, 165, 172, 175, 170, 169, 184, 187, 190, 189, 180, 183, 178, 177, - 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129, - 155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, - 171, 168, 173, 174, 167, 164, 161, 162, 179, 176, 181, 182, 191, 188, 185, 186, - 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236, 233, 234, - 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, - 91, 88, 93, 94, 87, 84, 81, 82, 67, 64, 69, 70, 79, 76, 73, 74, - 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, - 59, 56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, - 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26, - }; - -const word8 mulBy0x0e[256] = { - 0, 14, 28, 18, 56, 54, 36, 42, 112, 126, 108, 98, 72, 70, 84, 90, - 224, 238, 252, 242, 216, 214, 196, 202, 144, 158, 140, 130, 168, 166, 180, 186, - 219, 213, 199, 201, 227, 237, 255, 241, 171, 165, 183, 185, 147, 157, 143, 129, - 59, 53, 39, 41, 3, 13, 31, 17, 75, 69, 87, 89, 115, 125, 111, 97, - 173, 163, 177, 191, 149, 155, 137, 135, 221, 211, 193, 207, 229, 235, 249, 247, - 77, 67, 81, 95, 117, 123, 105, 103, 61, 51, 33, 47, 5, 11, 25, 23, - 118, 120, 106, 100, 78, 64, 82, 92, 6, 8, 26, 20, 62, 48, 34, 44, - 150, 152, 138, 132, 174, 160, 178, 188, 230, 232, 250, 244, 222, 208, 194, 204, - 65, 79, 93, 83, 121, 119, 101, 107, 49, 63, 45, 35, 9, 7, 21, 27, - 161, 175, 189, 179, 153, 151, 133, 139, 209, 223, 205, 195, 233, 231, 245, 251, - 154, 148, 134, 136, 162, 172, 190, 176, 234, 228, 246, 248, 210, 220, 206, 192, - 122, 116, 102, 104, 66, 76, 94, 80, 10, 4, 22, 24, 50, 60, 46, 32, - 236, 226, 240, 254, 212, 218, 200, 198, 156, 146, 128, 142, 164, 170, 184, 182, - 12, 2, 16, 30, 52, 58, 40, 38, 124, 114, 96, 110, 68, 74, 88, 86, - 55, 57, 43, 37, 15, 1, 19, 29, 71, 73, 91, 85, 127, 113, 99, 109, - 215, 217, 203, 197, 239, 225, 243, 253, 167, 169, 187, 181, 159, 145, 131, 141, - }; - -const word8 mulBy0x0b[256] = { - 0, 11, 22, 29, 44, 39, 58, 49, 88, 83, 78, 69, 116, 127, 98, 105, - 176, 187, 166, 173, 156, 151, 138, 129, 232, 227, 254, 245, 196, 207, 210, 217, - 123, 112, 109, 102, 87, 92, 65, 74, 35, 40, 53, 62, 15, 4, 25, 18, - 203, 192, 221, 214, 231, 236, 241, 250, 147, 152, 133, 142, 191, 180, 169, 162, - 246, 253, 224, 235, 218, 209, 204, 199, 174, 165, 184, 179, 130, 137, 148, 159, - 70, 77, 80, 91, 106, 97, 124, 119, 30, 21, 8, 3, 50, 57, 36, 47, - 141, 134, 155, 144, 161, 170, 183, 188, 213, 222, 195, 200, 249, 242, 239, 228, - 61, 54, 43, 32, 17, 26, 7, 12, 101, 110, 115, 120, 73, 66, 95, 84, - 247, 252, 225, 234, 219, 208, 205, 198, 175, 164, 185, 178, 131, 136, 149, 158, - 71, 76, 81, 90, 107, 96, 125, 118, 31, 20, 9, 2, 51, 56, 37, 46, - 140, 135, 154, 145, 160, 171, 182, 189, 212, 223, 194, 201, 248, 243, 238, 229, - 60, 55, 42, 33, 16, 27, 6, 13, 100, 111, 114, 121, 72, 67, 94, 85, - 1, 10, 23, 28, 45, 38, 59, 48, 89, 82, 79, 68, 117, 126, 99, 104, - 177, 186, 167, 172, 157, 150, 139, 128, 233, 226, 255, 244, 197, 206, 211, 216, - 122, 113, 108, 103, 86, 93, 64, 75, 34, 41, 52, 63, 14, 5, 24, 19, - 202, 193, 220, 215, 230, 237, 240, 251, 146, 153, 132, 143, 190, 181, 168, 163, - }; - -const word8 mulBy0x0d[256] = { - 0, 13, 26, 23, 52, 57, 46, 35, 104, 101, 114, 127, 92, 81, 70, 75, - 208, 221, 202, 199, 228, 233, 254, 243, 184, 181, 162, 175, 140, 129, 150, 155, - 187, 182, 161, 172, 143, 130, 149, 152, 211, 222, 201, 196, 231, 234, 253, 240, - 107, 102, 113, 124, 95, 82, 69, 72, 3, 14, 25, 20, 55, 58, 45, 32, - 109, 96, 119, 122, 89, 84, 67, 78, 5, 8, 31, 18, 49, 60, 43, 38, - 189, 176, 167, 170, 137, 132, 147, 158, 213, 216, 207, 194, 225, 236, 251, 246, - 214, 219, 204, 193, 226, 239, 248, 245, 190, 179, 164, 169, 138, 135, 144, 157, - 6, 11, 28, 17, 50, 63, 40, 37, 110, 99, 116, 121, 90, 87, 64, 77, - 218, 215, 192, 205, 238, 227, 244, 249, 178, 191, 168, 165, 134, 139, 156, 145, - 10, 7, 16, 29, 62, 51, 36, 41, 98, 111, 120, 117, 86, 91, 76, 65, - 97, 108, 123, 118, 85, 88, 79, 66, 9, 4, 19, 30, 61, 48, 39, 42, - 177, 188, 171, 166, 133, 136, 159, 146, 217, 212, 195, 206, 237, 224, 247, 250, - 183, 186, 173, 160, 131, 142, 153, 148, 223, 210, 197, 200, 235, 230, 241, 252, - 103, 106, 125, 112, 83, 94, 73, 68, 15, 2, 21, 24, 59, 54, 33, 44, - 12, 1, 22, 27, 56, 53, 34, 47, 100, 105, 126, 115, 80, 93, 74, 71, - 220, 209, 198, 203, 232, 229, 242, 255, 180, 185, 174, 163, 128, 141, 154, 151, - }; - -const word8 mulBy0x09[256] = { - 0, 9, 18, 27, 36, 45, 54, 63, 72, 65, 90, 83, 108, 101, 126, 119, - 144, 153, 130, 139, 180, 189, 166, 175, 216, 209, 202, 195, 252, 245, 238, 231, - 59, 50, 41, 32, 31, 22, 13, 4, 115, 122, 97, 104, 87, 94, 69, 76, - 171, 162, 185, 176, 143, 134, 157, 148, 227, 234, 241, 248, 199, 206, 213, 220, - 118, 127, 100, 109, 82, 91, 64, 73, 62, 55, 44, 37, 26, 19, 8, 1, - 230, 239, 244, 253, 194, 203, 208, 217, 174, 167, 188, 181, 138, 131, 152, 145, - 77, 68, 95, 86, 105, 96, 123, 114, 5, 12, 23, 30, 33, 40, 51, 58, - 221, 212, 207, 198, 249, 240, 235, 226, 149, 156, 135, 142, 177, 184, 163, 170, - 236, 229, 254, 247, 200, 193, 218, 211, 164, 173, 182, 191, 128, 137, 146, 155, - 124, 117, 110, 103, 88, 81, 74, 67, 52, 61, 38, 47, 16, 25, 2, 11, - 215, 222, 197, 204, 243, 250, 225, 232, 159, 150, 141, 132, 187, 178, 169, 160, - 71, 78, 85, 92, 99, 106, 113, 120, 15, 6, 29, 20, 43, 34, 57, 48, - 154, 147, 136, 129, 190, 183, 172, 165, 210, 219, 192, 201, 246, 255, 228, 237, - 10, 3, 24, 17, 46, 39, 60, 53, 66, 75, 80, 89, 102, 111, 116, 125, - 161, 168, 179, 186, 133, 140, 151, 158, 233, 224, 251, 242, 205, 196, 223, 214, - 49, 56, 35, 42, 21, 28, 7, 14, 121, 112, 107, 98, 93, 84, 79, 70, - }; - -#endif /* AES_MUL_BY_LOOKUP */ diff --git a/AppleCSP/AES/boxes-ref.h b/AppleCSP/AES/boxes-ref.h deleted file mode 100644 index ca261820..00000000 --- a/AppleCSP/AES/boxes-ref.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _AES_BOXES_H_ -#define _AES_BOXES_H_ - -#include "rijndael-alg-ref.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define AES_MUL_BY_LOOKUP 1 - -#if AES_MUL_BY_LOOKUP -extern const word8 mulBy0x02[256]; -extern const word8 mulBy0x03[256]; -extern const word8 mulBy0x0e[256]; -extern const word8 mulBy0x0b[256]; -extern const word8 mulBy0x0d[256]; -extern const word8 mulBy0x09[256]; -#else -extern const unsigned char Logtable[256]; -extern const unsigned char Alogtable[256]; -#endif /* AES_MUL_BY_LOOKUP */ - -extern const unsigned char S[256]; -extern const unsigned char Si[256]; -extern const unsigned char iG[4][4]; -extern const unsigned long rcon[30]; - -#ifdef __cplusplus -} -#endif - -#endif /* _AES_BOXES_H_ */ diff --git a/AppleCSP/AES/gladmanContext.cpp b/AppleCSP/AES/gladmanContext.cpp deleted file mode 100644 index ac3922ed..00000000 --- a/AppleCSP/AES/gladmanContext.cpp +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * gladmanContext.cpp - glue between BlockCryptor and Gladman AES implementation - * Written by Doug Mitchell 12/12/2001 - */ - -#include "gladmanContext.h" -#include "cspdebugging.h" - -/* - * Global singleton to perform one-time-only init of AES tables. - */ -class GladmanInit -{ -public: - GladmanInit() : mTablesGenerated(false) { } - void genTables(); -private: - bool mTablesGenerated; - Mutex mLock; -}; - -void GladmanInit::genTables() -{ - StLock _(mLock); - if(mTablesGenerated) { - return; - } - - /* allocate the tables */ - CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive); - pow_tab = (u1byte *)alloc.malloc(POW_TAB_SIZE * sizeof(u1byte)); - log_tab = (u1byte *)alloc.malloc(LOG_TAB_SIZE * sizeof(u1byte)); - sbx_tab = (u1byte *)alloc.malloc(SBX_TAB_SIZE * sizeof(u1byte)); - isb_tab = (u1byte *)alloc.malloc(ISB_TAB_SIZE * sizeof(u1byte)); - rco_tab = (u4byte *)alloc.malloc(RCO_TAB_SIZE * sizeof(u4byte)); - ft_tab = (u4byte (*)[FT_TAB_SIZE_LS])alloc.malloc( - FT_TAB_SIZE_LS * FT_TAB_SIZE_MS * sizeof(u4byte)); - it_tab = (u4byte (*)[IT_TAB_SIZE_LS])alloc.malloc( - IT_TAB_SIZE_LS * IT_TAB_SIZE_MS * sizeof(u4byte)); - #ifdef LARGE_TABLES - fl_tab = (u4byte (*)[FL_TAB_SIZE_LS])alloc.malloc( - FL_TAB_SIZE_LS * FL_TAB_SIZE_MS * sizeof(u4byte)); - il_tab = (u4byte (*)[IL_TAB_SIZE_LS])alloc.malloc( - IL_TAB_SIZE_LS * IL_TAB_SIZE_MS * sizeof(u4byte)); - #endif - - /* now fill them */ - gen_tabs(); - mTablesGenerated = true; -} - -static ModuleNexus gladmanInit; - -/* - * AES encrypt/decrypt. - */ -GAESContext::GAESContext(AppleCSPSession &session) : - BlockCryptor(session), - mKeyValid(false), - mInitFlag(false), - mRawKeySize(0) -{ - /* one-time only init */ - gladmanInit().genTables(); -} - -GAESContext::~GAESContext() -{ - deleteKey(); - memset(mRawKey, 0, MAX_AES_KEY_BITS / 8); - mInitFlag = false; -} - -void GAESContext::deleteKey() -{ - memset(&mAesKey, 0, sizeof(GAesKey)); - mKeyValid = false; -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. Even reusable after context - * changed (i.e., new IV in Encrypted File System). - */ -void GAESContext::init( - const Context &context, - bool encrypting) -{ - if(mInitFlag && !opStarted()) { - return; - } - - UInt32 keyLen; - UInt8 *keyData = NULL; - bool sameKeySize = false; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_AES, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - - /* - * Delete existing key if key size changed - */ - if(mRawKeySize == keyLen) { - sameKeySize = true; - } - else { - deleteKey(); - } - - /* init key only if key size or key bits have changed */ - if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { - set_key((u4byte *)keyData, keyLen * 8, &mAesKey); - - /* save this raw key data */ - memmove(mRawKey, keyData, keyLen); - mRawKeySize = keyLen; - } - - /* Finally, have BlockCryptor do its setup */ - setup(GLADMAN_BLOCK_SIZE_BYTES, context); - mInitFlag = true; -} - -/* - * Functions called by BlockCryptor - */ -void GAESContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != GLADMAN_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < GLADMAN_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - rEncrypt((u4byte *)plainText, (u4byte *)cipherText, &mAesKey); - cipherTextLen = GLADMAN_BLOCK_SIZE_BYTES; -} - -void GAESContext::decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < GLADMAN_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - rDecrypt((u4byte *)cipherText, (u4byte *)plainText, &mAesKey); - plainTextLen = GLADMAN_BLOCK_SIZE_BYTES; -} - diff --git a/AppleCSP/AES/gladmanContext.h b/AppleCSP/AES/gladmanContext.h deleted file mode 100644 index daf71dde..00000000 --- a/AppleCSP/AES/gladmanContext.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// gladmanContext.h - Gladman AES context class -// -#ifndef _H_GLADMAN_CONTEXT -#define _H_GLADMAN_CONTEXT - -#include -#include "AppleCSP.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "BlockCryptor.h" -#include "rijndaelGladman.h" -#include "aesCommon.h" - -#define GLADMAN_BLOCK_SIZE_BYTES DEFAULT_AES_BLOCK_BYTES - -/* Symmetric encryption context */ -class GAESContext : public BlockCryptor { -public: - GAESContext(AppleCSPSession &session); - ~GAESContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // As an optimization, we allow reuse of a modified context. The main thing - // we avoid is a redundant key scheduling. We save the current raw keys bits - // in mRawKey and compare on re-init. - bool changed(const Context &context) { return true; } - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - void deleteKey(); - - /* scheduled key */ - GAesKey mAesKey; - bool mKeyValid; - bool mInitFlag; // for easy reuse - - /* raw key bits saved here and checked on re-init to avoid extra key schedule */ - uint8 mRawKey[MAX_AES_KEY_BITS / 8]; - uint32 mRawKeySize; -}; /* AESContext */ - -#endif //_H_GLADMAN_CONTEXT diff --git a/AppleCSP/AES/rijndael-alg-ref.c b/AppleCSP/AES/rijndael-alg-ref.c deleted file mode 100644 index e9bc4870..00000000 --- a/AppleCSP/AES/rijndael-alg-ref.c +++ /dev/null @@ -1,615 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* rijndael-alg-ref.c v2.0 August '99 - * Reference ANSI C code - * authors: Paulo Barreto - * Vincent Rijmen - * - * PPC and 128-bit block optimization by Doug Mitchell May 2001. - */ - -#include -#include -#include - -#include "rijndael-alg-ref.h" -#include - -#define SC ((BC - 4) >> 1) - -#include "boxes-ref.h" - -static const word8 shifts[3][4][2] = { - { { 0, 0 }, - { 1, 3 }, - { 2, 2 }, - { 3, 1 } - }, - { { 0, 0 }, - { 1, 5 }, - { 2, 4 }, - { 3, 3 } - }, - { { 0, 0 }, - { 1, 7 }, - { 3, 5 }, - { 4, 4 } - } -}; - -#if !GLADMAN_AES_128_ENABLE - -/* 128 bit key/word shift table in bits */ -static const word8 shifts128[4][2] = { - { 0, 0 }, - { 8, 24 }, - { 16, 16 }, - { 24, 8 } -}; - -#endif /* GLADMAN_AES_128_ENABLE */ - -#if !AES_MUL_BY_LOOKUP -/* - * Profiling measurements showed that the mul routine is where a large propertion of - * the time is spent. Since the first argument to mul is always one of six - * constants (2, 3, 0xe, etc.), we implement six 256x256 byte lookup tables to - * do the multiplies. This eliminates the need for the log/antilog tables, so - * it's only adding one kilobyte of const data. Throughput improvement for this - * mod is a factor of 3.3 for encrypt and 4.1 for decrypt in the 128-bit optimized - * case. Improvement for the general case (with a 256 bit key) is 1.46 for encrypt - * and 1.88 for decrypt. (Decrypt wins more for this enhancement because the - * InvMixColumn does four muls, vs. 2 muls for MixColumn). Measurements taken - * on a 500 MHz G4 with 1 MB of L2 cache. - */ - -/* - * The mod 255 op in mul is really expensive... - * - * We know that b <= (254 * 2), so there are only two cases. Either return b, - * or return b-255. - * - * On a G4 this single optimization results in a 24% speedup for encrypt and - * a 25% speedup for decrypt. - */ -static inline word8 mod255(word32 b) -{ - if(b >= 255) { - b -= 255; - } - return b; -} - -word8 mul(word8 a, word8 b) { - /* multiply two elements of GF(2^m) - * needed for MixColumn and InvMixColumn - */ - if (a && b) return Alogtable[mod255(Logtable[a] + Logtable[b])]; - else return 0; -} -#endif /* !AES_MUL_BY_LOOKUP */ - -void KeyAddition(word8 a[4][MAXBC], word8 rk[4][MAXBC], word8 BC) { - /* Exor corresponding text input and round key input bytes - */ - int i, j; - - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] ^= rk[i][j]; -} - -void ShiftRow(word8 a[4][MAXBC], word8 d, word8 BC) { - /* Row 0 remains unchanged - * The other three rows are shifted a variable amount - */ - word8 tmp[MAXBC]; - int i, j; - - for(i = 1; i < 4; i++) { - for(j = 0; j < BC; j++) tmp[j] = a[i][(j + shifts[SC][i][d]) % BC]; - for(j = 0; j < BC; j++) a[i][j] = tmp[j]; - } -} - -void Substitution(word8 a[4][MAXBC], const word8 box[256], word8 BC) { - /* Replace every byte of the input by the byte at that place - * in the nonlinear S-box - */ - int i, j; - - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] = box[a[i][j]] ; -} - -void MixColumn(word8 a[4][MAXBC], word8 BC) { - /* Mix the four bytes of every column in a linear way - */ - word8 b[4][MAXBC]; - int i, j; - - for(j = 0; j < BC; j++) { - for(i = 0; i < 4; i++) { - #if AES_MUL_BY_LOOKUP - b[i][j] = mulBy0x02[a[i][j]] - ^ mulBy0x03[a[(i + 1) % 4][j]] - ^ a[(i + 2) % 4][j] - ^ a[(i + 3) % 4][j]; - #else - b[i][j] = mul(2,a[i][j]) - ^ mul(3,a[(i + 1) % 4][j]) - ^ a[(i + 2) % 4][j] - ^ a[(i + 3) % 4][j]; - #endif - } - } - for(i = 0; i < 4; i++) { - for(j = 0; j < BC; j++) a[i][j] = b[i][j]; - } -} - -void InvMixColumn(word8 a[4][MAXBC], word8 BC) { - /* Mix the four bytes of every column in a linear way - * This is the opposite operation of Mixcolumn - */ - word8 b[4][MAXBC]; - int i, j; - - for(j = 0; j < BC; j++) { - for(i = 0; i < 4; i++) { - #if AES_MUL_BY_LOOKUP - b[i][j] = mulBy0x0e[a[i][j]] - ^ mulBy0x0b[a[(i + 1) % 4][j]] - ^ mulBy0x0d[a[(i + 2) % 4][j]] - ^ mulBy0x09[a[(i + 3) % 4][j]]; - #else - b[i][j] = mul(0xe,a[i][j]) - ^ mul(0xb,a[(i + 1) % 4][j]) - ^ mul(0xd,a[(i + 2) % 4][j]) - ^ mul(0x9,a[(i + 3) % 4][j]); - #endif - } - } - for(i = 0; i < 4; i++) { - for(j = 0; j < BC; j++) a[i][j] = b[i][j]; - } -} - -int rijndaelKeySched ( - word8 k[4][MAXKC], - int keyBits, - int blockBits, - word8 W[MAXROUNDS+1][4][MAXBC]) { - - /* Calculate the necessary round keys - * The number of calculations depends on keyBits and blockBits - */ - int KC, BC, ROUNDS; - int i, j, t, rconpointer = 0; - word8 tk[4][MAXKC]; - - switch (keyBits) { - case 128: KC = 4; break; - case 192: KC = 6; break; - case 256: KC = 8; break; - default : return (-1); - } - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - - for(j = 0; j < KC; j++) - for(i = 0; i < 4; i++) - tk[i][j] = k[i][j]; - t = 0; - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; - - while (t < (ROUNDS+1)*BC) { /* while not enough round key material calculated */ - /* calculate new values */ - for(i = 0; i < 4; i++) - tk[i][0] ^= S[tk[(i+1)%4][KC-1]]; - tk[0][0] ^= rcon[rconpointer++]; - - if (KC != 8) - for(j = 1; j < KC; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - else { - for(j = 1; j < KC/2; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - for(i = 0; i < 4; i++) tk[i][KC/2] ^= S[tk[i][KC/2 - 1]]; - for(j = KC/2 + 1; j < KC; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - } - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; - } - - return 0; -} - -int rijndaelEncrypt ( - word8 a[4][MAXBC], - int keyBits, - int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - /* Encryption of one block, general case. - */ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - /* begin with a key addition - */ - KeyAddition(a,rk[0],BC); - - /* ROUNDS-1 ordinary rounds - */ - for(r = 1; r < ROUNDS; r++) { - Substitution(a,S,BC); - ShiftRow(a,0,BC); - MixColumn(a,BC); - KeyAddition(a,rk[r],BC); - } - - /* Last round is special: there is no MixColumn - */ - Substitution(a,S,BC); - ShiftRow(a,0,BC); - KeyAddition(a,rk[ROUNDS],BC); - - return 0; -} - -int rijndaelDecrypt ( - word8 a[4][MAXBC], - int keyBits, - int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - /* To decrypt: apply the inverse operations of the encrypt routine, - * in opposite order - * - * (KeyAddition is an involution: it 's equal to its inverse) - * (the inverse of Substitution with table S is Substitution with the - * inverse table of S) - * (the inverse of Shiftrow is Shiftrow over a suitable distance) - */ - - /* First the special round: - * without InvMixColumn - * with extra KeyAddition - */ - KeyAddition(a,rk[ROUNDS],BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - - /* ROUNDS-1 ordinary rounds - */ - for(r = ROUNDS-1; r > 0; r--) { - KeyAddition(a,rk[r],BC); - InvMixColumn(a,BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - } - - /* End with the extra key addition - */ - - KeyAddition(a,rk[0],BC); - - return 0; -} - -#if !GLADMAN_AES_128_ENABLE - -/* - * All of these 128-bit-key-and-block routines require 32-bit word-aligned - * char array pointers.ÊThe key schedule arrays are easy; they come from - * keyInstance which has a 4-byte-aligned element preceeding the key schedule. - * Others require manual alignment of a local variable by the caller. - */ - -static inline void KeyAddition128( - word8 a[4][BC_128_OPT], - word8 rk[4][MAXBC]) { - - /* these casts are endian-independent */ - ((word32 *)a)[0] ^= *((word32 *)(&rk[0])); - ((word32 *)a)[1] ^= *((word32 *)(&rk[1])); - ((word32 *)a)[2] ^= *((word32 *)(&rk[2])); - ((word32 *)a)[3] ^= *((word32 *)(&rk[3])); -} - -static void Substitution128( - word8 a[4][BC_128_OPT], - const word8 box[256]) { - /* Replace every byte of the input by the byte at that place - * in the nonlinear S-box - */ - int i, j; - - /* still to be optimized - larger S boxes? */ - for(i = 0; i < 4; i++) { - for(j = 0; j < BC_128_OPT; j++) { - a[i][j] = box[a[i][j]]; - } - } -} - -#if defined(__ppc__) && defined(__GNUC__) - -static inline void rotateWordLeft( - word8 *word, // known to be word aligned - unsigned rotCount) // in bits -{ - word32 lword = *((word32 *)word); - asm("rlwnm %0,%1,%2,0,31" : "=r"(lword) : "0"(lword), "r"(rotCount)); - *((word32 *)word) = lword; -} - -#else - -/* - * Insert your machine/compiler dependent code here, - * or just use this, which works on any platform and compiler - * which supports the __attribute__((aligned(4))) directive. - */ -static void rotateWordLeft( - word8 *word, // known to be word aligned - unsigned rotCount) // in bits -{ - word8 tmp[BC_128_OPT] __attribute__((aligned(4))); - unsigned bytes = rotCount / 8; - - tmp[0] = word[bytes & (BC_128_OPT-1)]; - tmp[1] = word[(1+bytes) & (BC_128_OPT-1)]; - tmp[2] = word[(2+bytes) & (BC_128_OPT-1)]; - tmp[3] = word[(3+bytes) & (BC_128_OPT-1)]; - *((word32 *)word) = *((word32 *)tmp); -} -#endif - -static inline void ShiftRow128( - word8 a[4][BC_128_OPT], - word8 d) { - /* Row 0 remains unchanged - * The other three rows are shifted (actually rotated) a variable amount - */ - int i; - - for(i = 1; i < 4; i++) { - rotateWordLeft(a[i], shifts128[i][d]); - } -} - -/* - * The following two routines are where most of the time is spent in this - * module. Further optimization would have to focus here. - */ -static void MixColumn128(word8 a[4][BC_128_OPT]) { - /* Mix the four bytes of every column in a linear way - */ - word8 b[4][BC_128_OPT]; - int i, j; - - for(j = 0; j < BC_128_OPT; j++) { - for(i = 0; i < 4; i++) { - #if AES_MUL_BY_LOOKUP - b[i][j] = mulBy0x02[a[i][j]] - ^ mulBy0x03[a[(i + 1) % 4][j]] - ^ a[(i + 2) % 4][j] - ^ a[(i + 3) % 4][j]; - #else - b[i][j] = mul(2,a[i][j]) - ^ mul(3,a[(i + 1) % 4][j]) - ^ a[(i + 2) % 4][j] - ^ a[(i + 3) % 4][j]; - #endif - } - } - memmove(a, b, 4 * BC_128_OPT); -} - -static void InvMixColumn128(word8 a[4][BC_128_OPT]) { - /* Mix the four bytes of every column in a linear way - * This is the opposite operation of Mixcolumn - */ - word8 b[4][BC_128_OPT]; - int i, j; - - for(j = 0; j < BC_128_OPT; j++) { - for(i = 0; i < 4; i++) { - #if AES_MUL_BY_LOOKUP - b[i][j] = mulBy0x0e[a[i][j]] - ^ mulBy0x0b[a[(i + 1) % 4][j]] - ^ mulBy0x0d[a[(i + 2) % 4][j]] - ^ mulBy0x09[a[(i + 3) % 4][j]]; - #else - b[i][j] = mul(0xe,a[i][j]) - ^ mul(0xb,a[(i + 1) % 4][j]) - ^ mul(0xd,a[(i + 2) % 4][j]) - ^ mul(0x9,a[(i + 3) % 4][j]); - #endif - } - } - memmove(a, b, 4 * BC_128_OPT); -} - -int rijndaelKeySched128 ( - word8 k[4][KC_128_OPT], - word8 W[MAXROUNDS+1][4][MAXBC]) { - - /* Calculate the necessary round keys - * The number of calculations depends on keyBits and blockBits - */ - int i, j, t, rconpointer = 0; - word8 tk[4][KC_128_OPT]; - unsigned numSchedRows = (ROUNDS_128_OPT + 1) * BC_128_OPT; - - for(j = 0; j < KC_128_OPT; j++) - for(i = 0; i < 4; i++) - tk[i][j] = k[i][j]; - t = 0; - /* copy values into round key array */ - for(j = 0; (j < KC_128_OPT) && (t < numSchedRows); j++, t++) { - for(i = 0; i < 4; i++) { - W[t / BC_128_OPT][i][t % BC_128_OPT] = tk[i][j]; - } - } - - while (t < numSchedRows) { - /* while not enough round key material calculated */ - /* calculate new values */ - for(i = 0; i < 4; i++) { - tk[i][0] ^= S[tk[(i+1)%4][KC_128_OPT-1]]; - } - tk[0][0] ^= rcon[rconpointer++]; - - for(j = 1; j < KC_128_OPT; j++) { - for(i = 0; i < 4; i++) { - tk[i][j] ^= tk[i][j-1]; - } - } - - /* copy values into round key array */ - for(j = 0; (j < KC_128_OPT) && (t < numSchedRows); j++, t++) { - for(i = 0; i < 4; i++) { - W[t / BC_128_OPT][i][t % BC_128_OPT] = tk[i][j]; - } - } - } - - return 0; -} - -int rijndaelEncrypt128 ( - word8 a[4][BC_128_OPT], - word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - /* Encryption of one block. - */ - int r; - - /* begin with a key addition - */ - KeyAddition128(a,rk[0]); - - /* ROUNDS-1 ordinary rounds - */ - for(r = 1; r < ROUNDS_128_OPT; r++) { - Substitution128(a,S); - ShiftRow128(a,0); - MixColumn128(a); - KeyAddition128(a,rk[r]); - } - - /* Last round is special: there is no MixColumn - */ - Substitution128(a,S); - ShiftRow128(a,0); - KeyAddition128(a,rk[ROUNDS_128_OPT]); - - return 0; -} - -int rijndaelDecrypt128 ( - word8 a[4][BC_128_OPT], - word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - int r; - - /* To decrypt: apply the inverse operations of the encrypt routine, - * in opposite order - * - * (KeyAddition is an involution: it 's equal to its inverse) - * (the inverse of Substitution with table S is Substitution with the - * inverse table of S) - * (the inverse of Shiftrow is Shiftrow over a suitable distance) - */ - - /* First the special round: - * without InvMixColumn - * with extra KeyAddition - */ - KeyAddition128(a,rk[ROUNDS_128_OPT]); - Substitution128(a,Si); - ShiftRow128(a,1); - - /* ROUNDS-1 ordinary rounds - */ - for(r = ROUNDS_128_OPT-1; r > 0; r--) { - KeyAddition128(a,rk[r]); - InvMixColumn128(a); - Substitution128(a,Si); - ShiftRow128(a,1); - } - - /* End with the extra key addition - */ - - KeyAddition128(a,rk[0]); - - return 0; -} - -#endif /* !GLADMAN_AES_128_ENABLE */ - diff --git a/AppleCSP/AES/rijndael-alg-ref.h b/AppleCSP/AES/rijndael-alg-ref.h deleted file mode 100644 index 41a889cb..00000000 --- a/AppleCSP/AES/rijndael-alg-ref.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* rijndael-alg-ref.h v2.0 August '99 - * Reference ANSI C code - * authors: Paulo Barreto - * Vincent Rijmen - */ -#ifndef __RIJNDAEL_ALG_H -#define __RIJNDAEL_ALG_H - -#include "aesCommon.h" - -#define MAXBC (MAX_AES_BLOCK_BITS/32) -#define MAXKC (MAX_AES_KEY_BITS/32) -#define MAXROUNDS 14 - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char word8; -typedef unsigned short word16; -typedef unsigned long word32; - - -int rijndaelKeySched (word8 k[4][MAXKC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -int rijndaelEncrypt (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -#ifndef __APPLE__ -int rijndaelEncryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds); -#endif -int rijndaelDecrypt (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -#ifndef __APPLE__ -int rijndaelDecryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds); -#endif - -#if !GLADMAN_AES_128_ENABLE - -/* - * Optimized routines for 128-bit block and key. - */ -#define ROUNDS_128_OPT 10 -#define BC_128_OPT 4 -#define KC_128_OPT 4 - -/* - * These require 32-bit word-aligned a, k, and rk arrays - */ -int rijndaelKeySched128 (word8 k[4][KC_128_OPT], - word8 rk[MAXROUNDS+1][4][MAXBC]); -int rijndaelEncrypt128 (word8 a[4][BC_128_OPT], - word8 rk[MAXROUNDS+1][4][MAXBC]); -int rijndaelDecrypt128 (word8 a[4][BC_128_OPT], - word8 rk[MAXROUNDS+1][4][MAXBC]); - -#endif /* !GLADMAN_AES_128_ENABLE */ - -#ifdef __cplusplus -} -#endif - -#endif /* __RIJNDAEL_ALG_H */ diff --git a/AppleCSP/AES/rijndaelApi.c b/AppleCSP/AES/rijndaelApi.c deleted file mode 100644 index 67e84235..00000000 --- a/AppleCSP/AES/rijndaelApi.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rijndaelApi.c - AES API layer - * - * Based on rijndael-api-ref.h v2.0 written by Paulo Barreto - * and Vincent Rijmen - */ -#include -#include - -#include "rijndael-alg-ref.h" -#include "rijndaelApi.h" - -#ifdef ALTIVEC_ENABLE -/* this goes somewhere else and gets init'd by the plugin object.... */ -/* as of 4/11/2001, the vectorized routines do NOT work */ -int gHasAltivec = 0; -#endif - -int doAES128 = 1; - -#define CBC_DEBUG 0 -#if CBC_DEBUG -static void dumpChainBuf(cipherInstance *cipher, char *op) -{ - int t,j; - int columns = cipher->blockLen / 32; - - printf("chainBuf %s: ", op); - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) { - printf("%02x ", cipher->chainBlock[t][j]); - } - } - printf("\n"); -} -#else -#define dumpChainBuf(c, o) -#endif - -int makeKey( - keyInstance *key, - int keyLen, // in BITS - int blockLen, // in BITS - word8 *keyMaterial, - int enable128Opt) -{ - unsigned keyBytes; - unsigned i; - - if (key == NULL) { - return BAD_KEY_INSTANCE; - } - if(keyMaterial == NULL) { - return BAD_KEY_MAT; - } - if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { - key->keyLen = keyLen; - } else { - return BAD_KEY_MAT; - } - key->blockLen = blockLen; - key->columns = blockLen / 32; - - /* initialize key schedule */ -#if !GLADMAN_AES_128_ENABLE - if(enable128Opt && - (keyLen == MIN_AES_KEY_BITS) && - (blockLen == MIN_AES_BLOCK_BITS)) { - /* optimized, 128 bit key and block size */ - word8 k[4][KC_128_OPT] __attribute__((aligned(4))); - - for(i = 0; i < (MIN_AES_KEY_BITS/8); i++) { - /* speed this up */ - k[i % 4][i / 4] = keyMaterial[i]; - } - rijndaelKeySched128 (k, key->keySched); - memset(k, 0, 4 * KC_128_OPT); - } - else -#endif /* !GLADMAN_AES_128_ENABLE */ - { - - /* general case */ - word8 k[4][MAXKC]; - - keyBytes = keyLen / 8; - for(i = 0; i < keyBytes; i++) { - k[i % 4][i / 4] = keyMaterial[i]; - } - rijndaelKeySched (k, key->keyLen, key->blockLen, key->keySched); - memset(k, 0, 4 * MAXKC); - } - return TRUE; -} - -/* - * Simplified single-block encrypt/decrypt. - */ -#define AES_CONSISTENCY_CHECK 1 - -int rijndaelBlockEncrypt( - keyInstance *key, - word8 *input, - word8 *outBuffer) -{ - int t; - unsigned j; - word8 localBlock[4][MAXBC]; // working memory: encrypt/decrypt in place here - - #if AES_CONSISTENCY_CHECK - if (key == NULL || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256) || - (key->blockLen != 128 && key->blockLen != 192 && key->blockLen != 256)) { - return BAD_KEY_INSTANCE; - } - #endif /* AES_CONSISTENCY_CHECK */ - - #if defined(__ppc__) && defined(ALTIVEC_ENABLE) - if(gHasAltivec && (key->blockLen == 128)) { - vBlockEncrypt128(key, input, outBuffer); - return 128; - } - #endif - - for (j = 0; j < key->columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - localBlock[t][j] = input[4*j+t]; - } - rijndaelEncrypt (localBlock, key->keyLen, key->blockLen, key->keySched); - for (j = 0; j < key->columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (word8) localBlock[t][j]; - } - memset(localBlock, 0, 4 * MAXBC); - return key->blockLen; -} - -int rijndaelBlockDecrypt( - keyInstance *key, - word8 *input, - word8 *outBuffer) -{ - int t; - unsigned j; - word8 localBlock[4][MAXBC]; // working memory: encrypt/decrypt in place here - - #if AES_CONSISTENCY_CHECK - if (key == NULL || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256) || - (key->blockLen != 128 && key->blockLen != 192 && key->blockLen != 256)) { - return BAD_KEY_INSTANCE; - } - #endif /* AES_CONSISTENCY_CHECK */ - - #if defined(__ppc__) && defined(ALTIVEC_ENABLE) - if(gHasAltivec && (cipher->blockLen == 128)) { - vBlockDecrypt128(key, input, outBuffer); - return 128; - } - #endif - - for (j = 0; j < key->columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - localBlock[t][j] = input[4*j+t]; - } - rijndaelDecrypt (localBlock, key->keyLen, key->blockLen, key->keySched); - for (j = 0; j < key->columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (word8) localBlock[t][j]; - } - memset(localBlock, 0, 4 * MAXBC); - return key->blockLen; -} - -#if !GLADMAN_AES_128_ENABLE -/* - * Optimized routines for 128 bit block and 128 bit key. - */ -int rijndaelBlockEncrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer) -{ - int j; - word8 localBlock[4][BC_128_OPT] __attribute__((aligned(4))); - word8 *row0 = localBlock[0]; - word8 *row1 = localBlock[1]; - word8 *row2 = localBlock[2]; - word8 *row3 = localBlock[3]; - - /* parse input stream into rectangular array */ - for (j = 0; j < BC_128_OPT; j++) { - *row0++ = *input++; - *row1++ = *input++; - *row2++ = *input++; - *row3++ = *input++; - } - rijndaelEncrypt128 (localBlock, key->keySched); - - /* parse rectangular array into output ciphertext bytes */ - row0 = localBlock[0]; - row1 = localBlock[1]; - row2 = localBlock[2]; - row3 = localBlock[3]; - - for (j = 0; j < BC_128_OPT; j++) { - *outBuffer++ = *row0++; - *outBuffer++ = *row1++; - *outBuffer++ = *row2++; - *outBuffer++ = *row3++; - } - memset(localBlock, 0, 4*BC_128_OPT); - return MIN_AES_BLOCK_BITS; -} - -int rijndaelBlockDecrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer) -{ - int j; - word8 localBlock[4][BC_128_OPT] __attribute__((aligned(4))); - word8 *row0 = localBlock[0]; - word8 *row1 = localBlock[1]; - word8 *row2 = localBlock[2]; - word8 *row3 = localBlock[3]; - - /* parse input stream into rectangular array */ - for (j = 0; j < BC_128_OPT; j++) { - *row0++ = *input++; - *row1++ = *input++; - *row2++ = *input++; - *row3++ = *input++; - } - - rijndaelDecrypt128 (localBlock, key->keySched); - - /* parse rectangular array into output ciphertext bytes */ - row0 = localBlock[0]; - row1 = localBlock[1]; - row2 = localBlock[2]; - row3 = localBlock[3]; - - for (j = 0; j < BC_128_OPT; j++) { - *outBuffer++ = *row0++; - *outBuffer++ = *row1++; - *outBuffer++ = *row2++; - *outBuffer++ = *row3++; - } - memset(localBlock, 0, 4*BC_128_OPT); - return MIN_AES_BLOCK_BITS; -} -#endif /* !GLADMAN_AES_128_ENABLE */ - diff --git a/AppleCSP/AES/rijndaelApi.h b/AppleCSP/AES/rijndaelApi.h deleted file mode 100644 index 38e79001..00000000 --- a/AppleCSP/AES/rijndaelApi.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rijndaelApi.h - AES API layer - * - * Based on rijndael-api-ref.h v2.0 written by Paulo Barreto - * and Vincent Rijmen - */ - -#ifndef _RIJNDAEL_API_REF_H_ -#define _RIJNDAEL_API_REF_H_ - -#include -#include "rijndael-alg-ref.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* Error Codes */ -#define BAD_KEY_MAT -1 /* Key material not of correct - length */ -#define BAD_KEY_INSTANCE -2 /* Key passed is not valid */ - -#define MAX_AES_KEY_SIZE (MAX_AES_KEY_BITS / 8) -#define MAX_AES_BLOCK_SIZE (MAX_AES_BLOCK_BITS / 8) -#define MAX_AES_IV_SIZE MAX_AES_BLOCK_SIZE - -#define TRUE 1 -#define FALSE 0 - -/* The structure for key information */ -typedef struct { - word32 keyLen; /* Length of the key in bits */ - word32 blockLen; /* Length of block in bits */ - word32 columns; /* optimization, blockLen / 32 */ - word8 keySched[MAXROUNDS+1][4][MAXBC]; -} keyInstance; - -int makeKey( - keyInstance *key, - int keyLen, // in BITS - int blockLen, // in BITS - word8 *keyMaterial, - int enable128Opt); - -/* - * Simplified single-block encrypt/decrypt. - */ -int rijndaelBlockEncrypt( - keyInstance *key, - word8 *input, - word8 *outBuffer); -int rijndaelBlockDecrypt( - keyInstance *key, - word8 *input, - word8 *outBuffer); - -#if !GLADMAN_AES_128_ENABLE -/* - * Optimized routines for 128 bit block and 128 bit key. - */ -int rijndaelBlockEncrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer); -int rijndaelBlockDecrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer); -#endif /* !GLADMAN_AES_128_ENABLE */ - -#if defined(__ppc__) && defined(ALTIVEC_ENABLE) -/* - * dmitch addenda 4/11/2001: 128-bit only vectorized encrypt/decrypt with no CBC - */ -void vBlockEncrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer); -void vBlockDecrypt128( - keyInstance *key, - word8 *input, - word8 *outBuffer); - -/* temp switch for runtime enable/disable */ -extern int doAES128; - -#endif /* __ppc__ && ALTIVEC_ENABLE */ - -/* ptr to one of several (possibly optimized) encrypt/decrypt functions */ -typedef int (*aesCryptFcn)( - keyInstance *key, - word8 *input, - word8 *outBuffer); - -#ifdef __cplusplus -} -#endif // cplusplus - -#endif // RIJNDAEL_API_REF - - diff --git a/AppleCSP/AES/rijndaelGladman.c b/AppleCSP/AES/rijndaelGladman.c deleted file mode 100644 index fbef2c31..00000000 --- a/AppleCSP/AES/rijndaelGladman.c +++ /dev/null @@ -1,436 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rijndaelGladman.c - Gladman AES/Rijndael implementation. - * Based on rijndael.c written by Dr. Brian Gladman. - */ - - - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* RIJNDAEL by Joan Daemen and Vincent Rijmen */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -#include "rijndaelGladman.h" - -/* enable of block/word/byte swapping macros */ -#define USE_SWAP_MACROS 1 - -#if old_way -/* original static declarations */ -u1byte pow_tab[256]; -u1byte log_tab[256]; -u1byte sbx_tab[256]; -u1byte isb_tab[256]; -u4byte rco_tab[ 10]; -u4byte ft_tab[4][256]; -u4byte it_tab[4][256]; - -#ifdef LARGE_TABLES - u4byte fl_tab[4][256]; - u4byte il_tab[4][256]; -#endif -#else /* new_way */ -u1byte *pow_tab; /* [POW_TAB_SIZE] */ -u1byte *log_tab; /* [LOG_TAB_SIZE] */; -u1byte *sbx_tab; /* [SBX_TAB_SIZE] */ -u1byte *isb_tab; /* [ISB_TAB_SIZE] */ -u4byte *rco_tab; /* [RCO_TAB_SIZE] */ -u4byte (*ft_tab)[FT_TAB_SIZE_LS]; -u4byte (*it_tab)[IT_TAB_SIZE_LS]; -#ifdef LARGE_TABLES -u4byte (*fl_tab)[FL_TAB_SIZE_LS]; -u4byte (*il_tab)[IL_TAB_SIZE_LS]; -#endif /* LARGE_TABLES */ -#endif /* new_way */ - -#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) - -#define f_rn(bo, bi, n, k) \ - bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ - ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) - -#define i_rn(bo, bi, n, k) \ - bo[n] = it_tab[0][byte(bi[n],0)] ^ \ - it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) - -#ifdef LARGE_TABLES - -#define ls_box(x) \ - ( fl_tab[0][byte(x, 0)] ^ \ - fl_tab[1][byte(x, 1)] ^ \ - fl_tab[2][byte(x, 2)] ^ \ - fl_tab[3][byte(x, 3)] ) - -#define f_rl(bo, bi, n, k) \ - bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ - fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) - -#define i_rl(bo, bi, n, k) \ - bo[n] = il_tab[0][byte(bi[n],0)] ^ \ - il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) - -#else - -#define ls_box(x) \ - ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ - ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ - ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ - ((u4byte)sbx_tab[byte(x, 3)] << 24) - -#define f_rl(bo, bi, n, k) \ - bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n) - -#define i_rl(bo, bi, n, k) \ - bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n) - -#endif - -void gen_tabs(void) -{ u4byte i, t; - u1byte p, q; - - /* log and power tables for GF(2**8) finite field with */ - /* 0x11b as modular polynomial - the simplest prmitive */ - /* root is 0x11, used here to generate the tables */ - - for(i = 0,p = 1; i < 256; ++i) - { - pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i; - - p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); - } - - log_tab[1] = 0; p = 1; - - for(i = 0; i < 10; ++i) - { - rco_tab[i] = p; - - p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); - } - - /* note that the affine byte transformation matrix in */ - /* rijndael specification is in big endian format with */ - /* bit 0 as the most significant bit. In the remainder */ - /* of the specification the bits are numbered from the */ - /* least significant end of a byte. */ - - for(i = 0; i < 256; ++i) - { - p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q ^ 0x63; - sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; - } - - for(i = 0; i < 256; ++i) - { - p = sbx_tab[i]; - -#ifdef LARGE_TABLES - - t = p; fl_tab[0][i] = t; - fl_tab[1][i] = rotl(t, 8); - fl_tab[2][i] = rotl(t, 16); - fl_tab[3][i] = rotl(t, 24); -#endif - t = ((u4byte)ff_mult(2, p)) | - ((u4byte)p << 8) | - ((u4byte)p << 16) | - ((u4byte)ff_mult(3, p) << 24); - - ft_tab[0][i] = t; - ft_tab[1][i] = rotl(t, 8); - ft_tab[2][i] = rotl(t, 16); - ft_tab[3][i] = rotl(t, 24); - - p = isb_tab[i]; - -#ifdef LARGE_TABLES - - t = p; il_tab[0][i] = t; - il_tab[1][i] = rotl(t, 8); - il_tab[2][i] = rotl(t, 16); - il_tab[3][i] = rotl(t, 24); -#endif - t = ((u4byte)ff_mult(14, p)) | - ((u4byte)ff_mult( 9, p) << 8) | - ((u4byte)ff_mult(13, p) << 16) | - ((u4byte)ff_mult(11, p) << 24); - - it_tab[0][i] = t; - it_tab[1][i] = rotl(t, 8); - it_tab[2][i] = rotl(t, 16); - it_tab[3][i] = rotl(t, 24); - } -}; - -#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) - -#define imix_col(y,x) \ - u = star_x(x); \ - v = star_x(u); \ - w = star_x(v); \ - t = w ^ (x); \ - (y) = u ^ v ^ w; \ - (y) ^= rotr(u ^ t, 8) ^ \ - rotr(v ^ t, 16) ^ \ - rotr(t,24) - -/* initialise the key schedule from the user supplied key */ - -#define loop4(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ - t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ - t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ - t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \ -} - -#define loop6(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[6 * i]; e_key[6 * i + 6] = t; \ - t ^= e_key[6 * i + 1]; e_key[6 * i + 7] = t; \ - t ^= e_key[6 * i + 2]; e_key[6 * i + 8] = t; \ - t ^= e_key[6 * i + 3]; e_key[6 * i + 9] = t; \ - t ^= e_key[6 * i + 4]; e_key[6 * i + 10] = t; \ - t ^= e_key[6 * i + 5]; e_key[6 * i + 11] = t; \ -} - -#define loop8(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[8 * i]; e_key[8 * i + 8] = t; \ - t ^= e_key[8 * i + 1]; e_key[8 * i + 9] = t; \ - t ^= e_key[8 * i + 2]; e_key[8 * i + 10] = t; \ - t ^= e_key[8 * i + 3]; e_key[8 * i + 11] = t; \ - t = e_key[8 * i + 4] ^ ls_box(t); \ - e_key[8 * i + 12] = t; \ - t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ - t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ - t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ -} - -u4byte *set_key( - const u4byte in_key[], - const u4byte key_len, - GAesKey *aesKey) -{ u4byte i, t, u, v, w; - u4byte *e_key = aesKey->e_key; - u4byte *d_key = aesKey->d_key; - - aesKey->k_len = (key_len + 31) / 32; - - #if USE_SWAP_MACROS - get_key(e_key, key_len); - #else - e_key[0] = in_key[0]; e_key[1] = in_key[1]; - e_key[2] = in_key[2]; e_key[3] = in_key[3]; - #endif - - switch(aesKey->k_len) - { - case 4: t = e_key[3]; - for(i = 0; i < 10; ++i) - loop4(i); - break; - - case 6: - #if USE_SWAP_MACROS - t = e_key[5]; - #else - /* done in get_key macros in USE_SWAP_MACROS case */ - e_key[4] = in_key[4]; t = e_key[5] = in_key[5]; - #endif - for(i = 0; i < 8; ++i) - loop6(i); - break; - - case 8: - #if USE_SWAP_MACROS - t = e_key[7]; - #else - e_key[4] = in_key[4]; e_key[5] = in_key[5]; - e_key[6] = in_key[6]; t = e_key[7] = in_key[7]; - #endif - for(i = 0; i < 7; ++i) - loop8(i); - break; - } - - d_key[0] = e_key[0]; d_key[1] = e_key[1]; - d_key[2] = e_key[2]; d_key[3] = e_key[3]; - - for(i = 4; i < 4 * aesKey->k_len + 24; ++i) - { - imix_col(d_key[i], e_key[i]); - } - - return e_key; -}; - -/* encrypt a block of text */ - -#define f_nround(bo, bi, k) \ - f_rn(bo, bi, 0, k); \ - f_rn(bo, bi, 1, k); \ - f_rn(bo, bi, 2, k); \ - f_rn(bo, bi, 3, k); \ - k += 4 - -#define f_lround(bo, bi, k) \ - f_rl(bo, bi, 0, k); \ - f_rl(bo, bi, 1, k); \ - f_rl(bo, bi, 2, k); \ - f_rl(bo, bi, 3, k) - -void rEncrypt( - const u4byte in_blk[4], - u4byte out_blk[4], - const GAesKey *aesKey) -{ - u4byte b0[4], b1[4], *kp; - u4byte *e_key = aesKey->e_key; - - #if USE_SWAP_MACROS - u4byte swap_block[4]; - get_block(swap_block); - b0[0] = swap_block[0] ^ e_key[0]; b0[1] = swap_block[1] ^ e_key[1]; - b0[2] = swap_block[2] ^ e_key[2]; b0[3] = swap_block[3] ^ e_key[3]; - #else - b0[0] = in_blk[0] ^ e_key[0]; b0[1] = in_blk[1] ^ e_key[1]; - b0[2] = in_blk[2] ^ e_key[2]; b0[3] = in_blk[3] ^ e_key[3]; - #endif - - kp = e_key + 4; - - if(aesKey->k_len > 6) - { - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - } - - if(aesKey->k_len > 4) - { - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - } - - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_lround(b0, b1, kp); - - #if USE_SWAP_MACROS - put_block(b0); - #else - out_blk[0] = b0[0]; out_blk[1] = b0[1]; - out_blk[2] = b0[2]; out_blk[3] = b0[3]; - #endif -}; - -/* decrypt a block of text */ - -#define i_nround(bo, bi, k) \ - i_rn(bo, bi, 0, k); \ - i_rn(bo, bi, 1, k); \ - i_rn(bo, bi, 2, k); \ - i_rn(bo, bi, 3, k); \ - k -= 4 - -#define i_lround(bo, bi, k) \ - i_rl(bo, bi, 0, k); \ - i_rl(bo, bi, 1, k); \ - i_rl(bo, bi, 2, k); \ - i_rl(bo, bi, 3, k) - -void rDecrypt( - const u4byte in_blk[4], - u4byte out_blk[4], - const GAesKey *aesKey) -{ - u4byte b0[4], b1[4], *kp; - u4byte *e_key = aesKey->e_key; - u4byte *d_key = aesKey->d_key; - u4byte k_len = aesKey->k_len; - - #if USE_SWAP_MACROS - u4byte swap_block[4]; - get_block(swap_block); - b0[0] = swap_block[0] ^ e_key[4 * k_len + 24]; - b0[1] = swap_block[1] ^ e_key[4 * k_len + 25]; - b0[2] = swap_block[2] ^ e_key[4 * k_len + 26]; - b0[3] = swap_block[3] ^ e_key[4 * k_len + 27]; - #else - b0[0] = in_blk[0] ^ e_key[4 * k_len + 24]; - b0[1] = in_blk[1] ^ e_key[4 * k_len + 25]; - b0[2] = in_blk[2] ^ e_key[4 * k_len + 26]; - b0[3] = in_blk[3] ^ e_key[4 * k_len + 27]; - #endif - - kp = d_key + 4 * (k_len + 5); - - if(k_len > 6) - { - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - } - - if(k_len > 4) - { - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - } - - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_lround(b0, b1, kp); - - #if USE_SWAP_MACROS - put_block(b0); - #else - out_blk[0] = b0[0]; out_blk[1] = b0[1]; - out_blk[2] = b0[2]; out_blk[3] = b0[3]; - #endif -}; diff --git a/AppleCSP/AES/rijndaelGladman.h b/AppleCSP/AES/rijndaelGladman.h deleted file mode 100644 index a58f608d..00000000 --- a/AppleCSP/AES/rijndaelGladman.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rijndaelGladman.h - constants and macros for Gladman AES/Rijndael implementation. - * Based on std_defs.h written by Dr. Brian Gladman. - */ - - - -/* 1. Standard types for AES cryptography source code */ - -typedef unsigned char u1byte; /* an 8 bit unsigned character type */ -typedef unsigned short u2byte; /* a 16 bit unsigned integer type */ -typedef unsigned long u4byte; /* a 32 bit unsigned integer type */ - -typedef signed char s1byte; /* an 8 bit signed character type */ -typedef signed short s2byte; /* a 16 bit signed integer type */ -typedef signed long s4byte; /* a 32 bit signed integer type */ - -/* 2. Standard interface for AES cryptographic routines */ - -/* These are all based on 32 bit unsigned values and will therefore */ -/* require endian conversions for big-endian architectures */ - -#ifdef __cplusplus - extern "C" - { -#endif - - /* - * Lookup tables, dynamically allocated (by client) and generated (by - * gen_tabs()) - */ - #define LARGE_TABLES - - #define POW_TAB_SIZE 256 - #define LOG_TAB_SIZE 256 - #define SBX_TAB_SIZE 256 - #define ISB_TAB_SIZE 256 - #define RCO_TAB_SIZE 10 - #define FT_TAB_SIZE_MS 4 - #define FT_TAB_SIZE_LS 256 - #define IT_TAB_SIZE_MS 4 - #define IT_TAB_SIZE_LS 256 - extern u1byte *pow_tab; /* [POW_TAB_SIZE] */ - extern u1byte *log_tab; /* [LOG_TAB_SIZE] */; - extern u1byte *sbx_tab; /* [SBX_TAB_SIZE] */ - extern u1byte *isb_tab; /* [ISB_TAB_SIZE] */ - extern u4byte *rco_tab; /* [RCO_TAB_SIZE] */ - extern u4byte (*ft_tab)[FT_TAB_SIZE_LS]; - extern u4byte (*it_tab)[IT_TAB_SIZE_LS]; - - #ifdef LARGE_TABLES - #define FL_TAB_SIZE_MS 4 - #define FL_TAB_SIZE_LS 256 - #define IL_TAB_SIZE_MS 4 - #define IL_TAB_SIZE_LS 256 - extern u4byte (*fl_tab)[FL_TAB_SIZE_LS]; - extern u4byte (*il_tab)[IL_TAB_SIZE_LS]; - #endif - - typedef struct { - u4byte k_len; - u4byte e_key[64]; - u4byte d_key[64]; - } GAesKey; - - void gen_tabs(void); // one-time-only table generate - u4byte *set_key(const u4byte in_key[], const u4byte key_len, GAesKey *aesKey); - void rEncrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey); - void rDecrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey); - -#ifdef __cplusplus - }; -#endif - -/* 3. Basic macros for speeding up generic operations */ - -/* Circular rotate of 32 bit values */ - -#ifdef _MSC_VER - -# include -# pragma intrinsic(_lrotr,_lrotl) -# define rotr(x,n) _lrotr(x,n) -# define rotl(x,n) _lrotl(x,n) - -#else - -#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) -#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) - -#endif - -/* Invert byte order in a 32 bit variable */ - -#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00)) - -/* Extract byte from a 32 bit quantity (little endian notation) */ - -#define byte(x,n) ((u1byte)((x) >> (8 * n))) - -/* For inverting byte order in input/output 32 bit words if needed */ -#ifdef __ppc__ -#define BYTE_SWAP -#endif - -#ifdef BLOCK_SWAP -#define BYTE_SWAP -#define WORD_SWAP -#endif - -#ifdef BYTE_SWAP -#define io_swap(x) bswap(x) -#else -#define io_swap(x) (x) -#endif - -/* For inverting the byte order of input/output blocks if needed */ - -#ifdef WORD_SWAP - -#define get_block(x) \ - ((u4byte*)(x))[0] = io_swap(in_blk[3]); \ - ((u4byte*)(x))[1] = io_swap(in_blk[2]); \ - ((u4byte*)(x))[2] = io_swap(in_blk[1]); \ - ((u4byte*)(x))[3] = io_swap(in_blk[0]) - -#define put_block(x) \ - out_blk[3] = io_swap(((u4byte*)(x))[0]); \ - out_blk[2] = io_swap(((u4byte*)(x))[1]); \ - out_blk[1] = io_swap(((u4byte*)(x))[2]); \ - out_blk[0] = io_swap(((u4byte*)(x))[3]) - -#define get_key(x,len) \ - ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ - ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ - switch((((len) + 63) / 64)) { \ - case 2: \ - ((u4byte*)(x))[0] = io_swap(in_key[3]); \ - ((u4byte*)(x))[1] = io_swap(in_key[2]); \ - ((u4byte*)(x))[2] = io_swap(in_key[1]); \ - ((u4byte*)(x))[3] = io_swap(in_key[0]); \ - break; \ - case 3: \ - ((u4byte*)(x))[0] = io_swap(in_key[5]); \ - ((u4byte*)(x))[1] = io_swap(in_key[4]); \ - ((u4byte*)(x))[2] = io_swap(in_key[3]); \ - ((u4byte*)(x))[3] = io_swap(in_key[2]); \ - ((u4byte*)(x))[4] = io_swap(in_key[1]); \ - ((u4byte*)(x))[5] = io_swap(in_key[0]); \ - break; \ - case 4: \ - ((u4byte*)(x))[0] = io_swap(in_key[7]); \ - ((u4byte*)(x))[1] = io_swap(in_key[6]); \ - ((u4byte*)(x))[2] = io_swap(in_key[5]); \ - ((u4byte*)(x))[3] = io_swap(in_key[4]); \ - ((u4byte*)(x))[4] = io_swap(in_key[3]); \ - ((u4byte*)(x))[5] = io_swap(in_key[2]); \ - ((u4byte*)(x))[6] = io_swap(in_key[1]); \ - ((u4byte*)(x))[7] = io_swap(in_key[0]); \ - } - -#else - -#define get_block(x) \ - ((u4byte*)(x))[0] = io_swap(in_blk[0]); \ - ((u4byte*)(x))[1] = io_swap(in_blk[1]); \ - ((u4byte*)(x))[2] = io_swap(in_blk[2]); \ - ((u4byte*)(x))[3] = io_swap(in_blk[3]) - -#define put_block(x) \ - out_blk[0] = io_swap(((u4byte*)(x))[0]); \ - out_blk[1] = io_swap(((u4byte*)(x))[1]); \ - out_blk[2] = io_swap(((u4byte*)(x))[2]); \ - out_blk[3] = io_swap(((u4byte*)(x))[3]) - -#define get_key(x,len) \ - ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ - ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ - switch((((len) + 63) / 64)) { \ - case 4: \ - ((u4byte*)(x))[6] = io_swap(in_key[6]); \ - ((u4byte*)(x))[7] = io_swap(in_key[7]); \ - case 3: \ - ((u4byte*)(x))[4] = io_swap(in_key[4]); \ - ((u4byte*)(x))[5] = io_swap(in_key[5]); \ - case 2: \ - ((u4byte*)(x))[0] = io_swap(in_key[0]); \ - ((u4byte*)(x))[1] = io_swap(in_key[1]); \ - ((u4byte*)(x))[2] = io_swap(in_key[2]); \ - ((u4byte*)(x))[3] = io_swap(in_key[3]); \ - } - -#endif diff --git a/AppleCSP/AES/vRijndael-alg-ref.c b/AppleCSP/AES/vRijndael-alg-ref.c deleted file mode 100644 index f5afda69..00000000 --- a/AppleCSP/AES/vRijndael-alg-ref.c +++ /dev/null @@ -1,684 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * vRijndael-alg-ref.c - * - * Created by Robert A. Murley on Mon Jan 22 2001. - * Copyright (c) 2001 Apple Computer, Inc. All rights reserved. - * - */ - -#include "rijndaelApi.h" -#include "rijndael-alg-ref.h" -#include "boxes-ref.h" -#include - -/* debugger seems to have trouble with this code... */ -#define VAES_DEBUG 1 -#if VAES_DEBUG -#include -#define vdprintf(s) printf s -#else -#define vdprintf(s) -#endif - -#define SC ((BC - 4) >> 1) - -#if defined(__ppc__) && defined(ALTIVEC_ENABLE) - -typedef union { - unsigned char s[4][8]; - unsigned long l[8]; - vector unsigned char v[2]; -} doubleVec; - -typedef union { - unsigned long s[4]; - vector unsigned long v; -} vecLong; - -static word8 shifts[3][4][2] = { - { { 0, 0 }, - { 1, 3 }, - { 2, 2 }, - { 3, 1 } - }, - { { 0, 0 }, - { 1, 5 }, - { 2, 4 }, - { 3, 3 } - }, - { { 0, 0 }, - { 1, 7 }, - { 3, 5 }, - { 4, 4 } - } -}; - -int vRijndaelKeySched ( vector unsigned char vk[2], int keyBits, int blockBits, - unsigned char W[MAXROUNDS+1][4][MAXBC]) -{ - /* Calculate the necessary round keys - * The number of calculations depends on keyBits and blockBits - */ - int KC, BC, ROUNDS; - int i, j, t, rconpointer = 0; - doubleVec tk; - register vector unsigned char v1, v2, mask; - - switch (keyBits) { - case 128: KC = 4; break; - case 192: KC = 6; break; - case 256: KC = 8; break; - default : return (-1); - } - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - tk.v[0] = vk[0]; - tk.v[1] = vk[1]; - - t = 0; - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk.s[i][j]; - - while (t < (ROUNDS+1)*BC) { /* while not enough round key material calculated */ - /* calculate new values */ - for(i = 0; i < 4; i++) - tk.s[i][0] ^= *((word8 *)S + tk.s[(i+1)%4][KC-1]); - tk.s[0][0] ^= rcon[rconpointer++]; - - if (KC != 8) { - /* xor bytes 1-7 of each row with previous byte */ - mask = (vector unsigned char) ( 0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ); - for ( i = 0; i < 2; i++ ) { - v1 = vec_sld( tk.v[i], tk.v[i], 15 ); - v2 = vec_and( v1, mask ); - tk.v[i] = vec_xor( tk.v[i], v2 ); - } - } - else { - /* xor bytes 1-3 of each row with previous byte */ - mask = (vector unsigned char) ( 0, 0xff, 0xff, 0xff, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0, 0, 0, 0 ); - for ( i = 0; i < 2; i++ ) { - v1 = vec_sld( tk.v[i], tk.v[i], 15 ); - v2 = vec_and( v1, mask ); - tk.v[i] = vec_xor( tk.v[i], v2 ); - for(j = 0; j < 4; j++) tk.s[i][KC/2] ^= *((word8 *)S + tk.s[i][KC/2 - 1]); - /* xor bytes 5-7 of each row with previous byte */ - mask = vec_sld( mask, mask, 4 ); - v2 = vec_and( v1, mask ); - tk.v[i] = vec_xor( tk.v[i], v2 ); - mask = vec_sld( mask, mask, 4 ); - } - } - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk.s[i][j]; - } - return 0; -} - - -void vMakeKey(BYTE *keyMaterial, keyInstance *key) -{ - register vector unsigned char v1, v2, v3, mask; - vector unsigned char vk[2]; - - /* load and align input */ - v1 = vec_ld( 0, (vector unsigned char *) keyMaterial ); - v2 = vec_ld( 16, (vector unsigned char *) keyMaterial ); - if ( (long) keyMaterial & 0x0fL ) - { // this is required if keyMaterial is not on a 16-byte boundary - v3 = vec_ld( 32, (vector unsigned char *) keyMaterial ); - mask = vec_lvsl( 0, keyMaterial ); - v1 = vec_perm( v1, v2, mask ); - v2 = vec_perm( v2, v3, mask ); - } - - /* parse input stream into rectangular array */ - vk[0] = vec_perm( v1, v2, (vector unsigned char) ( 0, 4, 8, 12, 16, 20, 24, 28, 1, 5, 9, 13, 17, 21, 25, 29 ) ); - vk[1] = vec_perm( v1, v2, (vector unsigned char) ( 2, 6, 10, 14, 18, 22, 26, 30, 3, 7, 11, 15, 19, 23, 27, 31 ) ); - vRijndaelKeySched (vk, key->keyLen, key->blockLen, key->keySched); - memset( (char *) vk, 0, 4 * MAXKC); -} - - -/* This routine does 16 simultaneous lookups in a 256-byte table. */ -vector unsigned char rimskyKorsakov ( vector unsigned char v, vector unsigned char * table ) -{ - register vector unsigned char upperBits000, upperBits001, upperBits010, upperBits011, - upperBits100, upperBits101, upperBits110, upperBits111, - lookupBit00, lookupBit01, lookupBit10, lookupBit11, - lookupBit0, lookupBit1, lookup, - maskForBit6, maskForBit7, maskForBit8, seven; - register vector unsigned char *tabeven, *tabodd; - - seven = vec_splat_u8 ( 7 ); - tabeven = table++; - tabodd = table; - -// Each variable contains the correct values for the corresponding bits 6, 7 and 8. - upperBits000 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits001 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits010 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits011 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits100 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits101 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits110 = vec_perm ( *tabeven, *tabodd, v ); - tabeven += 2; tabodd += 2; - upperBits111 = vec_perm ( *tabeven, *tabodd, v ); - -// Here we extract all the correct values for bit 6. - maskForBit6 = vec_sl ( v, vec_splat_u8 ( 2 ) ); - maskForBit6 = vec_sra ( maskForBit6, seven ); - lookupBit00 = vec_sel ( upperBits000, upperBits001, maskForBit6 ); - lookupBit01 = vec_sel ( upperBits010, upperBits011, maskForBit6 ); - lookupBit10 = vec_sel ( upperBits100, upperBits101, maskForBit6 ); - lookupBit11 = vec_sel ( upperBits110, upperBits111, maskForBit6 ); - -// Then we get the correct values for bit 7. - maskForBit7 = vec_sl ( v, vec_splat_u8 ( 1 ) ); - maskForBit7 = vec_sra ( maskForBit7, seven ); - lookupBit0 = vec_sel ( lookupBit00, lookupBit01, maskForBit7 ); - lookupBit1 = vec_sel ( lookupBit10, lookupBit11, maskForBit7 ); - -// Finally, the entire correct result vector. - maskForBit8 = vec_sra ( v, seven ); - - lookup = vec_sel ( lookupBit0, lookupBit1, maskForBit8 ); - - return lookup; -} - -vector unsigned char vmul(vector unsigned char a, vector unsigned char b) -{ - register vector unsigned char x, y, zero; - register vector unsigned short xh, yh, zhi, zlo, two54, two55; - - zero = vec_splat_u8( 0 ); - two55 = vec_splat_u16( -1 ); - two55 = (vector unsigned short) vec_mergeh( zero, (vector unsigned char) two55 ); - two54 = vec_sub( two55, vec_splat_u16( 1 ) ); - - x = rimskyKorsakov( a, (vector unsigned char *)Logtable ); // Logtable[a] - y = rimskyKorsakov( b, (vector unsigned char *)Logtable ); // Logtable[b] - - // Convert upper 8 bytes to shorts for addition ond modulo - xh = (vector unsigned short) vec_mergeh( zero, x ); - yh = (vector unsigned short) vec_mergeh( zero, y ); - xh = vec_add( xh, yh ); // xh = Logtable[a] + Logtable[b] - yh = vec_sub( xh, two55 ); - zhi = vec_sel( xh, yh, vec_cmpgt( xh, two54 ) ); // xh%255 - - // Convert lower 8 bytes to shorts for addition ond modulo - xh = (vector unsigned short) vec_mergel( zero, x ); - yh = (vector unsigned short) vec_mergel( zero, y ); - xh = vec_add( xh, yh ); - yh = vec_sub( xh, two55 ); - zlo = vec_sel( xh, yh, vec_cmpgt( xh, two54 ) ); - - x = vec_pack( zhi, zlo ); // recombine into single byte vector - x = rimskyKorsakov( x, (vector unsigned char *)Alogtable ); // Alogtable[x] - x = vec_sel( x, zero, vec_cmpeq( a, zero ) ); // check a = 0 - x = vec_sel( x, zero, vec_cmpeq( b, zero ) ); // check b = 0 - return x; -} - -void vKeyAddition(vector unsigned char v[2], vector unsigned char rk[2]) -{ - v[0] = vec_xor( v[0], rk[0] ); // first vector contains rows 0 and 1 - v[1] = vec_xor( v[1], rk[1] ); // second vector contains rows 2 and 3 -} - - -void vShiftRow(vector unsigned char v[2], word8 d, word8 BC) -{ - vecLong sh; - register vector unsigned char mask, mask1, t; - register vector bool char c; - register int i, j; - - sh.s[0] = 0; - for (i = 1; i < 4; i++) - sh.s[i] = shifts[SC][i][d] % BC; // contains the number of elements to shift each row - - // each vector contains two BC-byte long rows - j = 0; - for ( i = 0; i < 2; i++ ) { - mask = vec_lvsl( 0, (int *) sh.s[j++]); // mask for even row - mask1 = vec_lvsl( 0, (int *) sh.s[j++]); // mask for odd row - if (BC == 4) { - mask = vec_sld( mask, mask1, 8 ); // combined rotation mask for both rows - mask = vec_and( mask, vec_splat_u8( 3 ) ); - } else if (BC == 6) { - mask = vec_sld( mask, mask, 8 ); - mask = vec_sld( mask, mask1, 8 ); // combined rotation mask for both rows - t = vec_sub( mask, vec_splat_u8( 6 ) ); - c = vec_cmpgt( mask, vec_splat_u8( 5 ) ); - mask = vec_sel( mask, t, c ); - } else { - mask = vec_sld( mask, mask1, 8 ); // combined rotation mask for both rows - mask = vec_and( mask, vec_splat_u8( 7 ) ); - } - mask1 = vec_sld( vec_splat_u8( 0 ), vec_splat_u8( 8 ), 8 ); - mask = vec_add( mask, mask1 ); - v[i] = vec_perm( v[i], v[i], mask ); // rotate each row as required - } -} - -void vSubstitution( vector unsigned char v[2], vector unsigned char box[16] ) -{ - v[0] = rimskyKorsakov( v[0], box ); // first vector contains rows 0 and 1 - v[1] = rimskyKorsakov( v[1], box ); // second vector contains rows 2 and 3 -} - -void vMixColumn(vector unsigned char v[2]) -{ - // vector 0 contains row 0 in bytes 0-7 and row 1 in bytes 8-f - // vector 1 contains row 2 in bytes 0-7 and row 3 in bytes 8-f - - register vector unsigned char a0, a1, a2, a3, b0, b1, b2, b3; - register vector unsigned char two, three; - - two = vec_splat_u8( 2 ); - three = vec_splat_u8( 3 ); - - a1 = vec_sld( v[0], v[1], 8 ); // equivalent to a[i+1] % 4 - b1 = vec_sld( v[1], v[0], 8 ); - a2 = vec_sld( a1, b1, 8 ); // equivalent to a[i+2] % 4 - b2 = vec_sld( b1, a1, 8 ); - a3 = vec_sld( a2, b2, 8 ); // equivalent to a[i+3] % 4 - b3 = vec_sld( b2, a2, 8 ); - - // Calculations for rows 0 and 1 - a0 = vmul( two, v[0] ); // mul(2,a[i][j]) - a0 = vec_xor( a0, vmul( three, a1 ) ); // ^ mul(3,a[(i + 1) % 4][j]) - a0 = vec_xor( a0, a2 ); // ^ a[(i + 2) % 4][j] - v[0] = vec_xor( a0, a3 ); // ^ a[(i + 3) % 4][j] - - // Calculations for rows 2 and 3 - b0 = vmul( two, v[1] ); - b0 = vec_xor( b0, vmul( three, b1 ) ); - b0 = vec_xor( b0, b2 ); - v[1] = vec_xor( b0, b3 ); -} - -void vInvMixColumn(vector unsigned char v[2]) -{ - // vector 0 contains row 0 in bytes 0-7 and row 1 in bytes 8-f - // vector 1 contains row 2 in bytes 0-7 and row 3 in bytes 8-f - - register vector unsigned char a0, a1, a2, a3, b0, b1, b2, b3; - register vector unsigned char nine, eleven, thirteen, fourteen;; - - nine = vec_splat_u8( 0x9 ); - eleven = vec_splat_u8( 0xb ); - thirteen = vec_splat_u8( 0xd ); - fourteen = vec_splat_u8( 0xe ); - - a1 = vec_sld( v[0], v[1], 8 ); // equivalent to a[i+1] % 4 - b1 = vec_sld( v[1], v[0], 8 ); - a2 = vec_sld( a1, b1, 8 ); // equivalent to a[i+2] % 4 - b2 = vec_sld( b1, a1, 8 ); - a3 = vec_sld( a2, b2, 8 ); // equivalent to a[i+3] % 4 - b3 = vec_sld( b2, a2, 8 ); - - // Calculations for rows 0 and 1 - a0 = vmul( fourteen, v[0] ); // mul(0xe,a[i][j]) - a0 = vec_xor( a0, vmul( eleven, a1 ) ); // ^ mul(0xb,a[(i + 1) % 4][j]) - a0 = vec_xor( a0, vmul( thirteen, a2 ) ); // ^ mul(0xd,a[(i + 2) % 4][j]) - v[0] = vec_xor( a0, vmul( nine, a3 ) ); // ^ mul(0x9,a[(i + 3) % 4][j]) - - // Calculations for rows 2 and 3 - b0 = vmul( fourteen, v[1] ); - b0 = vec_xor( b0, vmul( eleven, b1 ) ); - b0 = vec_xor( b0, vmul( thirteen, b2 ) ); - v[1] = vec_xor( b0, vmul( nine, b3 ) ); -} - -int vRijndaelEncrypt (vector unsigned char a[2], int keyBits, int blockBits, vector unsigned char rk[MAXROUNDS+1][2]) -{ - /* Encryption of one block. - */ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - vKeyAddition( a, rk[0] ); - for(r = 1; r < ROUNDS; r++) { - vSubstitution( a, (vector unsigned char *)S); - vShiftRow( a, 0, BC); - vMixColumn( a ); - vKeyAddition( a, rk[r] ); - } - vSubstitution( a, (vector unsigned char *)S); - vShiftRow( a, 0, BC); - vKeyAddition( a, rk[ROUNDS] ); - - return 0; -} - -int vRijndaelDecrypt (vector unsigned char a[2], int keyBits, int blockBits, vector unsigned char rk[MAXROUNDS+1][2]) -{ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - vKeyAddition( a, rk[ROUNDS] ); - vSubstitution( a, (vector unsigned char *)Si); - vShiftRow( a, 1, BC); - for(r = ROUNDS-1; r > 0; r--) { - vKeyAddition( a, rk[r] ); - vInvMixColumn( a ); - vSubstitution( a, (vector unsigned char *)Si); - vShiftRow( a, 1, BC); - } - vKeyAddition( a, rk[0] ); - - return 0; -} - -#if 0 -/* Murley's code, to be deleted */ -void vBlockEncrypt(cipherInstance *cipher, keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) -{ - register vector unsigned char v1, v2, v3, v4, mask; - register vector bool char cmp; - - /* load and align input */ - v1 = vec_ld( 0, (vector unsigned char *) input ); - v2 = vec_ld( 16, (vector unsigned char *) input ); - if ( (long) input & 0x0fL ) - { // this is required if input is not on a 16-byte boundary - v3 = vec_ld( 32, (vector unsigned char *) input ); - mask = vec_lvsl( 0, input ); - v1 = vec_perm( v1, v2, mask ); - v2 = vec_perm( v2, v3, mask ); - } - - /* parse input stream into rectangular array */ - v3 = vec_perm( v1, v2, (vector unsigned char) ( 0, 4, 8, 12, 16, 20, 24, 28, 1, 5, 9, 13, 17, 21, 25, 29 ) ); - v4 = vec_perm( v1, v2, (vector unsigned char) ( 2, 6, 10, 14, 18, 22, 26, 30, 3, 7, 11, 15, 19, 23, 27, 31 ) ); - - /* store into cipher structure */ - if (cipher->mode == MODE_CBC) { - v3 = vec_xor( v3, *((vector unsigned char *) cipher->chainBlock ) ); - v4 = vec_xor( v4, *((vector unsigned char *) cipher->chainBlock + 1 ) ); - } - vec_st( v3, 0, (vector unsigned char *) cipher->chainBlock ); - vec_st( v4, 16, (vector unsigned char *) cipher->chainBlock ); - - vRijndaelEncrypt((vector unsigned char *) cipher->chainBlock, key->keyLen, cipher->blockLen, (vector unsigned char *) key->keySched); - - v1 = vec_ld( 0, (vector unsigned char *) cipher->chainBlock ); - v2 = vec_ld( 16, (vector unsigned char *) cipher->chainBlock ); - - /* parse rectangular array into output ciphertext bytes */ - v3 = vec_perm( v1, v2, (vector unsigned char) ( 0, 8, 16, 24, 1, 9, 17, 25, 2, 10, 18, 26, 3, 11, 19, 27 ) ); - v4 = vec_perm( v1, v2, (vector unsigned char) ( 4, 12, 20, 28, 5, 13, 21, 29, 6, 14, 22, 30, 7, 15, 23, 31 ) ); - - if ( (long) outBuffer & 0x0fL ) - { - /* store output data into a non-aligned buffer */ - mask = vec_lvsr( 0, outBuffer ); - cmp = vec_cmpgt( mask, vec_splat_u8( 0x0f ) ); - v1 = vec_perm( v3, v3, mask ); - v2 = vec_perm( v4, v4, mask ); - v3 = vec_ld( 0, (vector unsigned char *) outBuffer ); - v4 = vec_sel( v3, v1, cmp ); - vec_st( v4, 0, (vector unsigned char *) outBuffer ); - v1 = vec_sel( v1, v2, cmp ); - vec_st( v1, 16, (vector unsigned char *) outBuffer ); - v3 = vec_ld( 32, (vector unsigned char *) outBuffer ); - v2 = vec_sel( v2, v3, cmp ); - vec_st( v2, 32, (vector unsigned char *) outBuffer ); - } else { - // store output data into an aligned buffer - vec_st( v3, 0, (vector unsigned char *) outBuffer ); - vec_st( v4, 16, (vector unsigned char *) outBuffer ); - } - return; -} - -void vBlockDecrypt(cipherInstance *cipher, keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) -{ - // for vector machines - register vector unsigned char v1, v2, v3, v4, mask; - register vector bool char cmp; - vector unsigned char block[2], cblock[2]; - - /* load and align input */ - v1 = vec_ld( 0, (vector unsigned char *) input ); - v2 = vec_ld( 16, (vector unsigned char *) input ); - if ( (long) input & 0x0fL ) - { // this is required if input is not on a 16-byte boundary - v3 = vec_ld( 32, (vector unsigned char *) input ); - mask = vec_lvsl( 0, input ); - v1 = vec_perm( v1, v2, mask ); - v2 = vec_perm( v2, v3, mask ); - } - - /* parse input stream into rectangular array */ - v3 = vec_perm( v1, v2, (vector unsigned char) ( 0, 4, 8, 12, 16, 20, 24, 28, 1, 5, 9, 13, 17, 21, 25, 29 ) ); - v4 = vec_perm( v1, v2, (vector unsigned char) ( 2, 6, 10, 14, 18, 22, 26, 30, 3, 7, 11, 15, 19, 23, 27, 31 ) ); - block[0] = v3; - block[1] = v4; - - /* save a copy of incoming ciphertext for later chain */ - if (cipher->mode == MODE_CBC) { - cblock[0] = v3; - cblock[1] = v4; - } - - vRijndaelDecrypt ((vector unsigned char *) block, key->keyLen, cipher->blockLen, (vector unsigned char *) key->keySched); - - v1 = block[0]; - v2 = block[1]; - - /* exor with last ciphertext */ - if (cipher->mode == MODE_CBC) { - v1 = vec_xor( v1, *((vector unsigned char *) cipher->chainBlock) ); - v2 = vec_xor( v2, *((vector unsigned char *) cipher->chainBlock + 1) ); - vec_st( cblock[0], 0, (vector unsigned char *) cipher->chainBlock ); - vec_st( cblock[1], 16, (vector unsigned char *) cipher->chainBlock ); - } - - /* parse rectangular array into output ciphertext bytes */ - v3 = vec_perm( v1, v2, (vector unsigned char) ( 0, 8, 16, 24, 1, 9, 17, 25, 2, 10, 18, 26, 3, 11, 19, 27 ) ); - v4 = vec_perm( v1, v2, (vector unsigned char) ( 4, 12, 20, 28, 5, 13, 21, 29, 6, 14, 22, 30, 7, 15, 23, 31 ) ); - - if ( (long) outBuffer & 0x0fL ) - { /* store output data into a non-aligned buffer */ - mask = vec_lvsr( 0, outBuffer ); - cmp = vec_cmpgt( mask, vec_splat_u8( 0x0f ) ); - v1 = vec_perm( v3, v3, mask ); - v2 = vec_perm( v4, v4, mask ); - v3 = vec_ld( 0, (vector unsigned char *) outBuffer ); - v4 = vec_sel( v3, v1, cmp ); - vec_st( v4, 0, (vector unsigned char *) outBuffer ); - v1 = vec_sel( v1, v2, cmp ); - vec_st( v1, 16, (vector unsigned char *) outBuffer ); - v3 = vec_ld( 32, (vector unsigned char *) outBuffer ); - v2 = vec_sel( v2, v3, cmp ); - vec_st( v2, 32, (vector unsigned char *) outBuffer ); - } else { - // store output data into an aligned buffer - vec_st( v3, 0, (vector unsigned char *) outBuffer ); - vec_st( v4, 16, (vector unsigned char *) outBuffer ); - } -} -#endif /* Murley's code, to be deleted */ - -/* - * dmitch addenda 4/11/2001: 128-bit only encrypt/decrypt with no CBC - */ -void vBlockEncrypt128( - keyInstance *key, - BYTE *input, - BYTE *outBuffer) -{ - vector unsigned char block[2]; - register vector unsigned char v1, v2; - - if ( (long) input & 0x0fL ) { - BYTE localBuf[16]; - vdprintf(("vBlockEncrypt128: unaligned input\n")); - /* manually re-align - the compiler is supposed to 16-byte align this for us */ - if((unsigned)localBuf & 0xf) { - vdprintf(("vBlockEncrypt128: unaligned localBuf!\n")); - } - memmove(localBuf, input, 16); - v1 = vec_ld(0, (vector unsigned char *)localBuf); - } - else { - vdprintf(("vBlockEncrypt128: aligned input\n")); - v1 = vec_ld( 0, (vector unsigned char *) input ); - } - - /* parse input stream into rectangular array */ - /* FIXME - do we need to zero v2 (or something)? */ - block[0] = vec_perm(v1, v2, - (vector unsigned char) ( 0, 4, 8, 12, 16, 20, 24, 28, 1, - 5, 9, 13, 17, 21, 25, 29 ) ); - block[1] = vec_perm( v1, v2, - (vector unsigned char) ( 2, 6, 10, 14, 18, 22, 26, 30, 3, - 7, 11, 15, 19, 23, 27, 31 ) ); - - vRijndaelEncrypt(block, key->keyLen, 128, (vector unsigned char *) key->keySched); - - /* parse rectangular array into output ciphertext bytes */ - v1 = vec_perm(block[0], block[1], - (vector unsigned char) ( 0, 8, 16, 24, 1, 9, 17, 25, 2, - 10, 18, 26, 3, 11, 19, 27 ) ); - v2 = vec_perm(block[0], block[1], - (vector unsigned char) ( 4, 12, 20, 28, 5, 13, 21, 29, 6, - 14, 22, 30, 7, 15, 23, 31 ) ); - - if ( (long) outBuffer & 0x0fL ) - { - /* store output data into a non-aligned buffer */ - BYTE localBuf[16]; - vec_st(v1, 0, (vector unsigned char *) localBuf ); - memmove(outBuffer, localBuf, 16); - } else { - /* store output data into an aligned buffer */ - vec_st( v1, 0, (vector unsigned char *) outBuffer ); - } - return; -} - -void vBlockDecrypt128( - keyInstance *key, - BYTE *input, - BYTE *outBuffer) -{ - vector unsigned char block[2]; - register vector unsigned char v1, v2; - - if ( (long) input & 0x0fL ) { - /* manually re-align - the compiler is supposed to 16-byte align this for us */ - BYTE localBuf[16]; - vdprintf(("vBlockDecrypt128: unaligned input\n")); - if((unsigned)localBuf & 0xf) { - vdprintf(("vBlockDecrypt128: unaligned localBuf!\n")); - } - memmove(localBuf, input, 16); - v1 = vec_ld(0, (vector unsigned char *)localBuf); - } - else { - vdprintf(("vBlockDecrypt128: aligned input\n")); - v1 = vec_ld( 0, (vector unsigned char *) input ); - } - - /* parse input stream into rectangular array */ - /* FIXME - do we need to zero v2 (or something)? */ - block[0] = vec_perm(v1, v2, - (vector unsigned char) ( 0, 4, 8, 12, 16, 20, 24, 28, 1, - 5, 9, 13, 17, 21, 25, 29 ) ); - block[1] = vec_perm( v1, v2, - (vector unsigned char) ( 2, 6, 10, 14, 18, 22, 26, 30, 3, - 7, 11, 15, 19, 23, 27, 31 ) ); - - vRijndaelDecrypt(block, key->keyLen, 128, (vector unsigned char *) key->keySched); - - /* parse rectangular array into output ciphertext bytes */ - v1 = vec_perm(block[0], block[1], - (vector unsigned char) ( 0, 8, 16, 24, 1, 9, 17, 25, 2, - 10, 18, 26, 3, 11, 19, 27 ) ); - v2 = vec_perm(block[0], block[1], - (vector unsigned char) ( 4, 12, 20, 28, 5, 13, 21, 29, 6, - 14, 22, 30, 7, 15, 23, 31 ) ); - - if ( (long) outBuffer & 0x0fL ) { - /* store output data into a non-aligned buffer */ - BYTE localBuf[16]; - vec_st(v1, 0, (vector unsigned char *) localBuf ); - memmove(outBuffer, localBuf, 16); - } else { - /* store output data into an aligned buffer */ - vec_st( v1, 0, (vector unsigned char *) outBuffer ); - } - return; -} - -#endif /* defined(__ppc__) && defined(ALTIVEC_ENABLE) */ diff --git a/AppleCSP/AppleCSP/AppleCSP.cpp b/AppleCSP/AppleCSP/AppleCSP.cpp deleted file mode 100644 index e03be7b9..00000000 --- a/AppleCSP/AppleCSP/AppleCSP.cpp +++ /dev/null @@ -1,692 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSP.cpp - top-level plugin and session implementation -// -#include "AppleCSP.h" -#include "AppleCSPSession.h" -#include "AppleCSPUtils.h" -#include -#include "cspdebugging.h" -#include -#include -#ifdef BSAFE_CSP_ENABLE -#include -#include -#endif -#ifdef CRYPTKIT_CSP_ENABLE -#include -#include -#endif -#include -#ifdef ASC_CSP_ENABLE -#include -#endif -#include -#include -#include -#include - -#include "YarrowConnection.h" - -/* - * For debugging, we allow use of FEE PRNG when Yarrow is not available - * (i.e., no SecurityServer is running). - */ -#ifdef NDEBUG -#define CSP_ALLOW_FEE_RNG 0 -#else -#ifdef CRYPTKIT_CSP_ENABLE -#define CSP_ALLOW_FEE_RNG 1 -#else -#define CSP_ALLOW_FEE_RNG 0 -#endif -#endif - - -// -// Make and break the plugin object -// -AppleCSPPlugin::AppleCSPPlugin() : - normAllocator(CssmAllocator::standard(CssmAllocator::normal)), - privAllocator(CssmAllocator::standard(CssmAllocator::sensitive)), - #ifdef BSAFE_CSP_ENABLE - bSafe4Factory(new BSafeFactory(&normAllocator, &privAllocator)), - #endif - #ifdef CRYPTKIT_CSP_ENABLE - cryptKitFactory(new CryptKitFactory(&normAllocator, &privAllocator)), - #endif - miscAlgFactory(new MiscAlgFactory(&normAllocator, &privAllocator)), - #ifdef ASC_CSP_ENABLE - ascAlgFactory(new AscAlgFactory(&normAllocator, &privAllocator)), - #endif - rsaDsaAlgFactory(new RSA_DSA_Factory(&normAllocator, &privAllocator)), - dhAlgFactory(new DH_Factory(&normAllocator, &privAllocator)) -{ - // misc. once-per-address-space cruft... -} - -AppleCSPPlugin::~AppleCSPPlugin() -{ - #ifdef BSAFE_CSP_ENABLE - delete bSafe4Factory; - #endif - #ifdef CRYPTKIT_CSP_ENABLE - delete cryptKitFactory; - #endif - delete miscAlgFactory; - #ifdef ASC_CSP_ENABLE - delete ascAlgFactory; - #endif - delete rsaDsaAlgFactory; - delete dhAlgFactory; -} - - -// -// Create a new plugin session, our way -// -PluginSession *AppleCSPPlugin::makeSession( - CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) -{ - switch (subserviceType) { - case CSSM_SERVICE_CSP: - return new AppleCSPSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls); - default: - CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo - } -} - - -// -// Session constructor -// -AppleCSPSession::AppleCSPSession( - CSSM_MODULE_HANDLE handle, - AppleCSPPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : CSPFullPluginSession(handle, - plug, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls), - #ifdef BSAFE_CSP_ENABLE - bSafe4Factory(*(dynamic_cast(plug.bSafe4Factory))), - #endif - #ifdef CRYPTKIT_CSP_ENABLE - cryptKitFactory(*(dynamic_cast(plug.cryptKitFactory))), - #endif - miscAlgFactory(*(dynamic_cast(plug.miscAlgFactory))), - #ifdef ASC_CSP_ENABLE - ascAlgFactory(*(dynamic_cast(plug.ascAlgFactory))), - #endif - rsaDsaAlgFactory(*(dynamic_cast(plug.rsaDsaAlgFactory))), - dhAlgFactory(*(dynamic_cast(plug.dhAlgFactory))), - normAllocator(*this), - privAllocator(plug.privAlloc()) -{ - // anything? -} - -AppleCSPSession::~AppleCSPSession() -{ - // anything? -} - -// -// Called at (CSSM) context create time. This is ignored; we do a full -// context setup later, at setupContext time. -// -CSPFullPluginSession::CSPContext * -AppleCSPSession::contextCreate( - CSSM_CC_HANDLE handle, - const Context &context) -{ - return NULL; -} - -// -// Called by CSPFullPluginSession when an op is actually commencing. -// Context can safely assumed to be fully formed and stable for the -// duration of the op; thus we wait until now to set up our -// CSPContext as appropriate to the op. -// -void AppleCSPSession::setupContext( - CSPContext * &cspCtx, - const Context &context, - bool encoding) -{ - /* - * Note we leave the decision as to whether it's OK to - * reuse a context to the individual factories. - */ - #ifdef BSAFE_CSP_ENABLE - /* Give BSAFE the firsrt shot if it's present */ - if (bSafe4Factory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - #endif - if (rsaDsaAlgFactory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - if (miscAlgFactory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - if (dhAlgFactory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - #ifdef CRYPTKIT_CSP_ENABLE - if (cryptKitFactory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - #endif - #ifdef ASC_CSP_ENABLE - if (ascAlgFactory.setup(*this, cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - #endif - if(setup(cspCtx, context)) { - CASSERT(cspCtx != NULL); - return; - } - dprintf0("AppleCSPSession::setupContext: invalid algorithm\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); -} - -/* - * Used for generating crypto contexts at this level. - * Analogous to AlgorithmFactory.setup(). - */ -bool AppleCSPSession::setup( - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - if (cspCtx) { - return false; // not ours or already set - } - - switch(context.type()) { - case CSSM_ALGCLASS_RANDOMGEN: - switch (context.algorithm()) { - case CSSM_ALGID_APPLE_YARROW: - cspCtx = new YarrowContext(*this); - return true; - /* other random algs here */ - default: - return false; - } - /* other contexts here */ - default: - return false; - } - /* NOT REACHED */ - return false; - -} - -// -// Context for CSSM_ALGID_APPLE_YARROW. -// -YarrowContext::YarrowContext(AppleCSPSession &session) - : AppleCSPContext(session) -{ - // nothing for now -} - -YarrowContext::~YarrowContext() -{ - // nothing for now -} - -// -// Only job here is to snag the length and process the optional seed argument -// -void YarrowContext::init( - const Context &context, - bool encoding) -{ - /* stash requested length for use later in outputSize() */ - outSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, - CSSMERR_CSP_INVALID_ATTR_OUTPUT_SIZE); - - /* optional seed */ - CssmCryptoData *cseed = context.get(CSSM_ATTRIBUTE_SEED); - if(cseed == NULL) { - /* we're done */ - return; - } - CssmData seed = (*cseed)(); - if((seed.Length == 0) || - (seed.Data == NULL)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SEED); - } - session().addEntropy((size_t)seed.Length, seed.Data); -} - -void YarrowContext::final( - CssmData &out) -{ - session().getRandomBytes((size_t)out.Length, out.Data); -} - -/*** - *** Binary Key support. - ***/ - -// Given a CSSM_DATA, extract its KeyRef. -static KeyRef CssmDataToKeyRef( - const CSSM_DATA &data) -{ - if(data.Length != sizeof(KeyRef)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - - uint8 *cp = data.Data; - KeyRef keyRef = cp[0]; - keyRef |= ((KeyRef)cp[1]) << 8; - keyRef |= ((KeyRef)cp[2]) << 16; - keyRef |= ((KeyRef)cp[3]) << 24; - return keyRef; -} - -// Place a KeyRef into a CSSM_DATA, mallocing if necessary. -static void keyRefToCssmData( - KeyRef keyRef, - CSSM_DATA &data, - CssmAllocator &allocator) -{ - setUpData(data, sizeof(keyRef), allocator); - - uint8 *cp = data.Data; - cp[0] = keyRef & 0xff; - cp[1] = (keyRef >> 8) & 0xff; - cp[2] = (keyRef >> 16) & 0xff; - cp[3] = (keyRef >> 24) & 0xff; -} - -// Look up a BinaryKey by its KeyRef. Returns NULL if not -// found. refKeyMapLock held on entry and exit. -BinaryKey *AppleCSPSession::lookupKeyRef( - KeyRef keyRef) -{ - const BinaryKey *binKey; - - // use safe version, don't create new entry if this key - // isn't there - keyMap::iterator it = refKeyMap.find(keyRef); - if(it == refKeyMap.end()) { - return NULL; - } - binKey = it->second; - assert(binKey == reinterpret_cast(keyRef)); - assert(binKey->mKeyRef == keyRef); - return const_cast(binKey); -} - -// add a BinaryKey to our refKeyMap. Sets up cssmKey -// as appropriate. -void AppleCSPSession::addRefKey( - BinaryKey &binKey, - CssmKey &cssmKey) -{ - // for now, KeyRef is just the address of the BinaryKey - KeyRef keyRef = reinterpret_cast(&binKey); - - binKey.mKeyRef = keyRef; - binKey.mKeyHeader = CssmKey::Header::overlay(cssmKey.KeyHeader); - { - StLock _(refKeyMapLock); - assert(lookupKeyRef(keyRef) == NULL); - refKeyMap[keyRef] = &binKey; - } - cssmKey.KeyHeader.BlobType = CSSM_KEYBLOB_REFERENCE; - cssmKey.KeyHeader.Format = CSSM_KEYBLOB_REF_FORMAT_INTEGER; - keyRefToCssmData(keyRef, cssmKey.KeyData, normAllocator); - secdebug("freeKey", "CSP addRefKey key %p keyData %p keyRef %p", - &cssmKey, cssmKey.KeyData.Data, &binKey); -} - -// Given a CssmKey in reference form, obtain the associated -// BinaryKey. Throws CSSMERR_CSP_INVALID_KEY_REFERENCE if -// key not found in session key map. -BinaryKey & AppleCSPSession::lookupRefKey( - const CssmKey &cssmKey) -{ - KeyRef keyRef; - BinaryKey *binKey; - - keyRef = CssmDataToKeyRef(cssmKey.KeyData); - { - StLock _(refKeyMapLock); - binKey = lookupKeyRef(keyRef); - } - if(binKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - assert(Guid::overlay(binKey->mKeyHeader.CspId) == plugin.myGuid()); - - /* - * Verify sensitive fields have not changed between when the BinaryKey was - * created/stored and when the caller passed in the ref key. - * Some fields were changed by addRefKey, so make a local copy.... - */ - CSSM_KEYHEADER localHdr = cssmKey.KeyHeader; - localHdr.BlobType = binKey->mKeyHeader.BlobType; - localHdr.Format = binKey->mKeyHeader.Format; - if(memcmp(&localHdr, &binKey->mKeyHeader, sizeof(CSSM_KEYHEADER))) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - return (*binKey); -} - -// CSPFullPluginSession declares & implements this. -// Note that we ignore the delete argument; since we don't -// store anything, freeing is the same as deleting. -void AppleCSPSession::FreeKey( - const AccessCredentials *AccessCred, - CssmKey &KeyPtr, - CSSM_BOOL Delete) -{ - - if((KeyPtr.blobType() == CSSM_KEYBLOB_REFERENCE) && - (KeyPtr.cspGuid() == plugin.myGuid())) { - // it's a ref key we generated - delete associated BinaryKey - KeyRef keyRef = CssmDataToKeyRef(KeyPtr.KeyData); - { - StLock _(refKeyMapLock); - BinaryKey *binKey = lookupKeyRef(keyRef); - if(binKey != NULL) { - secdebug("freeKey", "CSP FreeKey key %p keyData %p binKey %p", - &KeyPtr, KeyPtr.KeyData.Data, binKey); - try { - refKeyMap.erase(keyRef); - delete binKey; - } - catch (...) { - errorLog0("Error deleting/erasing known " - "ref key\n"); - } - } - else { - secdebug("freeKey", "CSP freeKey unknown key"); - } - } - } - CSPFullPluginSession::FreeKey(AccessCred, KeyPtr, Delete); -} - -/* Passthrough, used for key digest */ -void AppleCSPSession::PassThrough( - CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PassThroughId, - const void *InData, - void **OutData) -{ - *OutData = NULL; - - /* validate context */ - if(Context.type() != CSSM_ALGCLASS_NONE) { - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); - } - - switch(PassThroughId) { - case CSSM_APPLECSP_KEYDIGEST: - { - CssmKey &key = Context.get( - CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - - /* validate key as best we can */ - switch(key.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - case CSSM_KEYCLASS_SESSION_KEY: - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* - * Ref key: obtain binary, ask it for blob - * Raw key: get info provider, ask it for the blob. This - * allows for an optimized path which avoids - * converting to a BinaryKey. - */ - CssmData blobToHash; - switch(key.blobType()) { - case CSSM_KEYBLOB_RAW: - { - CSPKeyInfoProvider *provider = infoProvider(key); - bool converted = - provider->getHashableBlob(privAllocator, blobToHash); - if(converted) { - /* took optimized case; proceed */ - delete provider; - break; - } - - /* convert to BinaryKey and ask it to do the work */ - BinaryKey *binKey; - CSSM_KEYATTR_FLAGS flags = 0; // not used - provider->CssmKeyToBinary(NULL, // no paramKey - flags, - &binKey); - binKey->mKeyHeader = - CssmKey::Header::overlay(key.KeyHeader); - CSSM_KEYBLOB_FORMAT rawFormat; - rawFormat = CSSM_KEYBLOB_RAW_FORMAT_DIGEST; - CSSM_KEYATTR_FLAGS attrFlags = 0; - binKey->generateKeyBlob(privAllocator, - blobToHash, - rawFormat, - *this, - NULL, - attrFlags); - delete binKey; - delete provider; - break; - } - case CSSM_KEYBLOB_REFERENCE: - { - BinaryKey &binKey = lookupRefKey(key); - CSSM_KEYBLOB_FORMAT rawFormat; - rawFormat = CSSM_KEYBLOB_RAW_FORMAT_DIGEST; - CSSM_KEYATTR_FLAGS attrFlags = 0; - binKey.generateKeyBlob(privAllocator, - blobToHash, - rawFormat, - *this, - NULL, - attrFlags); - } - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - /* obtain sha1 hash of blobToHash */ - - CSSM_DATA_PTR outHash = NULL; - try { - outHash = - (CSSM_DATA_PTR)normAllocator.malloc(sizeof(CSSM_DATA)); - outHash->Data = - (uint8 *)normAllocator.malloc(SHA1_DIGEST_SIZE); - outHash->Length = SHA1_DIGEST_SIZE; - } - catch(...) { - freeCssmData(blobToHash, privAllocator); - throw; - } - cspGenSha1Hash(blobToHash.data(), blobToHash.length(), - outHash->Data); - freeCssmData(blobToHash, privAllocator); - *OutData = outHash; - return; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_PASSTHROUGH_ID); - } - /* NOT REACHED */ -} - -/* - * CSPSession version of QueryKeySizeInBits. - */ -void AppleCSPSession::getKeySize(const CssmKey &key, - CSSM_KEY_SIZE &size) -{ - CSPKeyInfoProvider *provider = infoProvider(key); - try { - provider->QueryKeySizeInBits(size); - } - catch(...) { - /* don't leak this on error */ - delete provider; - throw; - } - delete provider; -} - -/* - * Per-session RNG, which currently just redirects to YarrowConnection. - * CSP_ALLOW_FEE_RNG enables a fallback to the internal FEE-based PRNG if - * SecurityServer is not running. - */ - -#if CSP_ALLOW_FEE_RNG -#include - -static Mutex feeRngMutex; -static feeRand feeRng = NULL; - -static void cspRandViaFee(size_t length, uint8 *cp) -{ - StLock _(feeRngMutex); - if(feeRng == NULL) { - feeRng = feeRandAlloc(); - } - feeRandBytes(feeRng, cp, length); -} -#endif /* CSP_ALLOW_FEE_RNG */ - -void AppleCSPSession::getRandomBytes(size_t length, uint8 *cp) -{ - try { - cspGetRandomBytes(cp, (unsigned)length); - } - catch(...) { - #if CSP_ALLOW_FEE_RNG - errorLog0("CSP: YarrowClient failure; using FEE RNG\n"); - cspRandViaFee(length, cp); - #else - errorLog0("CSP: YarrowClient failure\n"); - #endif - } -} - -void AppleCSPSession::addEntropy(size_t length, const uint8 *cp) -{ - try { - cspAddEntropy(cp, (unsigned)length); - } - catch(...) { - #if CSP_ALLOW_FEE_RNG - return; - #else - throw; - #endif - } -} - -/*** - *** CSPKeyInfoProvider support. - ***/ - -/* - * Find a CSPKeyInfoProvider subclass for the specified key. - */ -CSPKeyInfoProvider *AppleCSPSession::infoProvider( - const CssmKey &key) -{ - CSPKeyInfoProvider *provider = NULL; - - #ifdef BSAFE_CSP_ENABLE - /* Give BSAFE first shot, if it's here */ - provider = BSafe::BSafeKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - #endif - - provider = RSAKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - - provider = SymmetricKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - - #ifdef CRYPTKIT_CSP_ENABLE - provider = CryptKit::FEEKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - #endif - - provider = DSAKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - - provider = DHKeyInfoProvider::provider(key, *this); - if(provider != NULL) { - return provider; - } - - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); -} - diff --git a/AppleCSP/AppleCSP/AppleCSP.h b/AppleCSP/AppleCSP/AppleCSP.h deleted file mode 100644 index 13a6b757..00000000 --- a/AppleCSP/AppleCSP/AppleCSP.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSP.h - top-level plugin and session classes -// -#ifndef _APPLE_CSP_H_ -#define _APPLE_CSP_H_ - -#include -#include -#include - -class AppleCSPSession; -class AppleCSPContext; - -/* - * AppleCSP-specific algorithm factory. - */ -class AppleCSPAlgorithmFactory { -public: - AppleCSPAlgorithmFactory() {}; - virtual ~AppleCSPAlgorithmFactory() { }; - - // set ctx and return true if you can handle this - virtual bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) = 0; - - /* probably other setup methods, e.g. by CSSM_ALGORITHMS instead of - * context */ -}; - -class AppleCSPPlugin : public CssmPlugin { - friend class AppleCSPSession; - friend class AppleCSPContext; - -public: - AppleCSPPlugin(); - ~AppleCSPPlugin(); - - PluginSession *makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); - - CssmAllocator &normAlloc() {return normAllocator; } - CssmAllocator &privAlloc() {return privAllocator; } - -private: - CssmAllocator &normAllocator; - CssmAllocator &privAllocator; - #ifdef BSAFE_CSP_ENABLE - AppleCSPAlgorithmFactory *bSafe4Factory; // actually subclasses not visible - // in this header - #endif - #ifdef CRYPTKIT_CSP_ENABLE - AppleCSPAlgorithmFactory *cryptKitFactory; - #endif - AppleCSPAlgorithmFactory *miscAlgFactory; - #ifdef ASC_CSP_ENABLE - AppleCSPAlgorithmFactory *ascAlgFactory; - #endif - AppleCSPAlgorithmFactory *rsaDsaAlgFactory; - AppleCSPAlgorithmFactory *dhAlgFactory; -}; - - -#endif //_APPLE_CSP_H_ diff --git a/AppleCSP/AppleCSP/AppleCSPContext.cpp b/AppleCSP/AppleCSP/AppleCSPContext.cpp deleted file mode 100644 index babd9af3..00000000 --- a/AppleCSP/AppleCSP/AppleCSPContext.cpp +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSPContext.cpp - CSP-wide contexts -// - -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "AppleCSPUtils.h" - -/* - * Empty destructor (just to avoid out-of-line copies) - */ -AppleCSPContext::~AppleCSPContext() -{ } - -/* - * get symmetric key bits - context.key can be either ref or raw. - * A convenience routine typically used by subclass's init(). - */ -void AppleCSPContext::symmetricKeyBits( - const Context &context, - CSSM_ALGORITHMS requiredAlg, // throws if this doesn't match key alg - CSSM_KEYUSE intendedUse, // throws if key usage doesn't match this - UInt8 *&keyBits, // RETURNED (not mallocd or copied) - UInt32 &keyLen) // RETURNED -{ - /* key must be present and it must be a session key matching caller's spec */ - CssmKey &key = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - if(key.keyClass() != CSSM_KEYCLASS_SESSION_KEY) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - if(key.algorithm() != requiredAlg) { - CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); - } - cspValidateIntendedKeyUsage(&key.KeyHeader, intendedUse); - cspVerifyKeyTimes(key.KeyHeader); - - /* extract raw bits one way or the other */ - switch(key.blobType()) { - case CSSM_KEYBLOB_RAW: - /* easy case, the bits are right there in the CssmKey */ - if(key.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - keyLen = key.length(); - keyBits = key.KeyData.Data; - break; - - case CSSM_KEYBLOB_REFERENCE: - { - /* do a lookup to get a binary key */ - BinaryKey &binKey = mSession.lookupRefKey(key); - /* fails if this is not a SymmetricBinaryKey */ - SymmetricBinaryKey *symBinKey = - dynamic_cast(&binKey); - if(symBinKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - keyLen = symBinKey->mKeyData.Length; - keyBits = symBinKey->mKeyData.Data; - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - return; -} - -// Called from subclass after it allocates its BinaryKeys. -// Caller frees BinaryKeys if we throw any exception. -void AppleKeyPairGenContext::generate( - const Context &context, - AppleCSPSession &session, - CssmKey &pubKey, - BinaryKey *pubBinKey, - CssmKey &privKey, - BinaryKey *privBinKey) -{ - uint32 keySize; - cspKeyStorage privStorage; - cspKeyStorage pubStorage; - CssmKey::Header &pubHdr = pubKey.header(); - CssmKey::Header &privHdr = privKey.header(); - - // validate context and key header args - pubStorage = cspParseKeyAttr(CKT_Public, pubHdr.KeyAttr); - privStorage = cspParseKeyAttr(CKT_Private, privHdr.KeyAttr); - cspValidateKeyUsageBits(CKT_Public, pubHdr.KeyUsage); - cspValidateKeyUsageBits(CKT_Private, privHdr.KeyUsage); - - // have subclass generate the key pairs in the form of - // its native BinaryKeys - generate(context, *pubBinKey, *privBinKey, keySize); - - // FIXME - Any other header setup? - pubHdr.LogicalKeySizeInBits = - privHdr.LogicalKeySizeInBits = keySize; - pubHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK; - privHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK; - - // Handle key formatting. Delete the BinaryKeys if - // we're not creating ref keys, after safe completion of - // generateKeyBlob (which may throw, in which case the binary keys - // get deleted by our caller). - CSSM_KEYATTR_FLAGS attrFlags = 0; - switch(pubStorage) { - case CKS_Ref: - session.addRefKey(*pubBinKey, pubKey); - break; - case CKS_Data: - pubHdr.Format = requestedKeyFormat(context, pubKey); - pubBinKey->mKeyHeader = pubHdr; - pubBinKey->generateKeyBlob( - session.normAlloc(), // alloc in user space - CssmData::overlay(pubKey.KeyData), - pubHdr.Format, - session, - NULL, // no paramKey here! - attrFlags); - break; - case CKS_None: - break; - } - switch(privStorage) { - case CKS_Ref: - session.addRefKey(*privBinKey, privKey); - break; - case CKS_Data: - privHdr.Format = requestedKeyFormat(context, privKey); - privBinKey->mKeyHeader = privHdr; - privBinKey->generateKeyBlob( - session.normAlloc(), // alloc in user space - CssmData::overlay(privKey.KeyData), - privHdr.Format, - session, - NULL, - attrFlags); - break; - case CKS_None: - break; - } - if(pubStorage != CKS_Ref) { - delete pubBinKey; - } - if(privStorage != CKS_Ref) { - delete privBinKey; - } -} - -/* - * Called from subclass's generate method. Subclass is also a - * AppleCSPContext. - */ -void AppleSymmKeyGenContext::generateSymKey( - const Context &context, - AppleCSPSession &session, // for ref keys - CssmKey &cssmKey) // RETURNED -{ - /* there really is no legal way this should throw... */ - uint32 reqKeySize = context.getInt( - CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - if((reqKeySize < minSizeInBits) || - (reqKeySize > maxSizeInBits)) { - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - } - if(mustBeByteSized) { - if((reqKeySize & 0x7) != 0) { - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - } - } - - // validate KeyAtrr and KeyUsage already present in header - cspKeyStorage keyStorage; - CssmKey::Header &hdr = cssmKey.header(); - - keyStorage = cspParseKeyAttr(CKT_Session, hdr.KeyAttr); - cspValidateKeyUsageBits(CKT_Session, hdr.KeyUsage); - hdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK; - - hdr.LogicalKeySizeInBits = reqKeySize; - uint32 keySizeInBytes = (reqKeySize + 7) / 8; - SymmetricBinaryKey *binKey = NULL; - CssmData *keyData = NULL; - - switch(keyStorage) { - case CKS_None: - /* no way */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - case CKS_Ref: - /* cook up a symmetric binary key */ - binKey = new SymmetricBinaryKey(reqKeySize); - keyData = &binKey->mKeyData; - break; - case CKS_Data: - /* key bytes --> caller's cssmKey */ - keyData = &(CssmData::overlay(cssmKey.KeyData)); - setUpCssmData(*keyData, keySizeInBytes, - session.normAlloc()); - break; - } - - // in any case, fill key bytes with random data - session.getRandomBytes(keySizeInBytes, keyData->Data); - - if(keyStorage == CKS_Ref) { - session.addRefKey(*binKey, cssmKey); - } - else { - /* Raw data */ - hdr.BlobType = CSSM_KEYBLOB_RAW; - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - } - - // FIXME - any other header fields? -} - -// -// Symmetric Binary Key support -// -SymmetricBinaryKey::SymmetricBinaryKey( - unsigned keySizeInBits) : - mAllocator(CssmAllocator::standard(CssmAllocator::sensitive)) -{ - setUpCssmData(mKeyData, (keySizeInBits + 7) / 8, mAllocator); -} - -SymmetricBinaryKey::~SymmetricBinaryKey() -{ - freeCssmData(mKeyData, mAllocator); -} - -void SymmetricBinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, // CSSM_KEYBLOB_RAW_FORMAT_PKCS1, etc. - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ -{ - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: // default - case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: // the one we can do - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: // same thing - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT); - } - copyCssmData(mKeyData, blob, allocator); - format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; -} - diff --git a/AppleCSP/AppleCSP/AppleCSPContext.h b/AppleCSP/AppleCSP/AppleCSPContext.h deleted file mode 100644 index b48fa4bf..00000000 --- a/AppleCSP/AppleCSP/AppleCSPContext.h +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSPContext.h - CSP-wide contexts -// -#ifndef _H_APPLE_CSP_CONTEXT -#define _H_APPLE_CSP_CONTEXT - -#include -#include -#include "BinaryKey.h" - -// -// Parent class for all CSPContexts implemented in this CSP. -// Currently the only thing we add is a reference to our -// creator's session. -// -class AppleCSPSession; - -class AppleCSPContext : public CSPFullPluginSession::CSPContext -{ -public: - AppleCSPContext(AppleCSPSession &session) - : mSession(session) {} - - ~AppleCSPContext(); - -protected: - AppleCSPSession &session() { return mSession; } - - /* - * get symmetric key bits - context.key can be either ref or raw. - * A convenience routine typically used by symmetric contexts' - * init() routines. - */ - void symmetricKeyBits( - const Context &context, - CSSM_ALGORITHMS requiredAlg, // throws if this doesn't match key alg - CSSM_KEYUSE intendedUse, // throws if key usage doesn't match this - UInt8 *&keyBits, // RETURNED (not mallocd or copied) - UInt32 &keyLen); // RETURNED - -private: - AppleCSPSession &mSession; -}; - -// -// Context for CSSM_ALGID_APPLE_YARROW. -// -class YarrowContext : public AppleCSPContext -{ -public: - YarrowContext(AppleCSPSession &session); - virtual ~YarrowContext(); - virtual void init(const Context &context, bool encoding = true); - void final(CssmData &out); - size_t outputSize(bool final, size_t inSize) { return outSize; } - -private: - uint32 outSize; -}; - -// -// Classes which inherit from AppleCSPContext and which also perform -// key pair generation inherit from this class as well. -// -class AppleKeyPairGenContext { -public: - // - // Subclass implements generate(const Context &, CssmKey &, - // CssmKey &). That method (called from CSPFullPluginSession) - // allocates two subclass-specific BinaryKeys and calls this - // method. This will eventually call down to generate(const Context &, - // BinaryKey &, BinaryKey &) and optionally to - // BinaryKey::generateKeyBlob. - // - void generate( - const Context &context, - AppleCSPSession &session, // for ref keys - CssmKey &pubKey, - BinaryKey *pubBinKey, - CssmKey &privKey, - BinaryKey *privBinKey); - -protected: - // Subclasses must implement this. It cooks up a key pair. - virtual void generate( - const Context &context, - BinaryKey &pubBinKey, // valid on successful return - BinaryKey &privBinKey, // ditto - uint32 &keySize) = 0; // ditto -}; - -// -// Classes which inherit from AppleCSPContext and which also perform -// symmetric key generation inherit from this class as well. -// -class AppleSymmKeyGenContext { -public: - // - // Subclass implements generate(const Context &, CssmKey &, - // CssmKey &). Note that the second CssmKey is a dummy - // argument. That method merely calls generateSymKey, allowing us - // to get to the associated AppleCSPSession if we need to - // store reference keys. We take care of all attribute and - // usage validation and of header formatting. Parameters for - // validation typlically specified in constructor via an - // algorithm factory. - // - AppleSymmKeyGenContext( - uint32 minSize, // in bits - uint32 maxSize, // ditto - bool byteSized) // true --> key size must - // be multiple of 8 bits - : minSizeInBits(minSize), - maxSizeInBits(maxSize), - mustBeByteSized(byteSized) {} - - void generateSymKey( - const Context &context, - AppleCSPSession &session, // for ref keys - CssmKey &cssmKey); // RETURNED - -private: - uint32 minSizeInBits; - uint32 maxSizeInBits; - bool mustBeByteSized; - -}; - -/* - * Generic symmetric key generation context, for algorithms whose - * requirements can be expressed in min/max key size and - * mustBeByteSized. Such algorithms just need create one of these - * from an algorithm factory. - */ -class AppleSymmKeyGenerator : public AppleCSPContext, private AppleSymmKeyGenContext { -public: - AppleSymmKeyGenerator( - AppleCSPSession &session, - uint32 minSize, // in bits - uint32 maxSize, // ditto - bool byteSized) : // true --> key size must - // be multiple of 8 bits - AppleCSPContext(session), - AppleSymmKeyGenContext(minSize, maxSize, byteSized) { } - - void init(const Context &context, bool encoding = true) { } - - /* this just passes the request up to AppleSymmKeyGenContext */ - void generate( - const Context &context, - CssmKey &symKey, - CssmKey &dummyKey) { - AppleSymmKeyGenContext::generateSymKey( - context, - session(), - symKey); - } - -}; - -#endif /* _H_APPLE_CSP_CONTEXT */ diff --git a/AppleCSP/AppleCSP/AppleCSPKeys.cpp b/AppleCSP/AppleCSP/AppleCSPKeys.cpp deleted file mode 100644 index b9ed3ec1..00000000 --- a/AppleCSP/AppleCSP/AppleCSPKeys.cpp +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * AppleCSPKeys.cpp - Key support - */ - -#include "AppleCSPKeys.h" -#include "AppleCSPUtils.h" -/* - * CSPKeyInfoProvider for symmetric keys. - */ -CSPKeyInfoProvider *SymmetricKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - if(cssmKey.blobType() != CSSM_KEYBLOB_RAW) { - errorLog0("KeyInfoProvider deals only with RAW keys!\n"); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(cssmKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) { - /* that's all we need to know */ - return NULL; - } - return new SymmetricKeyInfoProvider(cssmKey, session); -} - -SymmetricKeyInfoProvider::SymmetricKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ -} - -/* cook up a Binary key */ -void SymmetricKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // ignored - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) -{ - CASSERT(mKey.keyClass() == CSSM_KEYCLASS_SESSION_KEY); - SymmetricBinaryKey *symBinKey = new SymmetricBinaryKey( - mKey.KeyHeader.LogicalKeySizeInBits); - copyCssmData(mKey, - symBinKey->mKeyData, - symBinKey->mAllocator); - *binKey = symBinKey; -} - -/* obtain key size in bits */ -void SymmetricKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - /* FIXME - do we ever need to calculate RC2 effective size here? */ - keySize.LogicalKeySizeInBits = keySize.EffectiveKeySizeInBits = - mKey.length() * 8; -} - -/* - * Obtain blob suitable for hashing in CSSM_APPLECSP_KEYDIGEST - * passthrough. - */ -bool SymmetricKeyInfoProvider::getHashableBlob( - CssmAllocator &allocator, - CssmData &blob) // blob to hash goes here -{ - /* - * This is trivial: the raw key is already in the "proper" format. - */ - assert(mKey.blobType() == CSSM_KEYBLOB_RAW); - const CssmData &keyBlob = CssmData::overlay(mKey.KeyData); - copyCssmData(keyBlob, blob, allocator); - return true; -} - diff --git a/AppleCSP/AppleCSP/AppleCSPKeys.h b/AppleCSP/AppleCSP/AppleCSPKeys.h deleted file mode 100644 index ba961b48..00000000 --- a/AppleCSP/AppleCSP/AppleCSPKeys.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * AppleCSPKeys.h - Key support - */ - -#ifndef _APPLE_CSP_KEYS_H_ -#define _APPLE_CSP_KEYS_H_ - -#include "AppleCSPSession.h" - -/* - * Class to provide key-specific info. Each module dealing with keys - * implements one of these. It's sort of like a CSP-specific CSPContext - * without the Context object. AppleCSPSession finds one of these by - * querying module-specific subclasses, looking for one in which - * the constructor succeeds (which occurs when the specified key - * meets a subclass's specification). - */ -class CSPKeyInfoProvider -{ -protected: - CSPKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - mKey(cssmKey), - mSession(session) { } -public: - /* - * This is the public way to construct - returns NULL if key is - * not handled. Static declaration per subclass. - * - * static CSPKeyInfoProvider *provider( - * const CssmKey &cssmKey, - *  AppleCSPSession &session); - */ - virtual ~CSPKeyInfoProvider() { } - - /* - * Cook up a Binary key. - * - * Incoming paramKey optionally contains a key from which - * additional algorithm parameters may be obtained to create - * a fully specified key in case the key provided to our - * constructor was a partial key. - * - * The attrFlags argument is a means for the info provider to - * inform the caller that the incoming key has additional - * attributes, currently CSSM_KEYATTR_PARTIAL. The provider - * ORs in bits as appropriate. - */ - virtual void CssmKeyToBinary( - CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) = 0; // RETURNED - - /* obtain key size in bits */ - virtual void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) = 0; // RETURNED - - /* - * Get blob appropriate for calculating key digest, if possible - * to do without generating a BinaryKey. Returns true if - * successful, falseif BinaryKey generation is required. - */ - virtual bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob) = 0; // blob to hash goes here - -protected: - const CssmKey &mKey; - AppleCSPSession &mSession; -}; - -/* - * CSPKeyInfoProvider for symmetric keys (handled directly by - * the session). - */ -class SymmetricKeyInfoProvider : public CSPKeyInfoProvider -{ -private: - SymmetricKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); -public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - - ~SymmetricKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // ignored - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob); -}; - -#endif /* _APPLE_CSP_KEYS_H_ */ - diff --git a/AppleCSP/AppleCSP/AppleCSPSession.h b/AppleCSP/AppleCSP/AppleCSPSession.h deleted file mode 100644 index c5f447cd..00000000 --- a/AppleCSP/AppleCSP/AppleCSPSession.h +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSPSession.h - top-level session class -// -#ifndef _APPLE_CSP_SESSION_H_ -#define _APPLE_CSP_SESSION_H_ - -#include -#include -#include -#include -#include "BinaryKey.h" -#include "AppleCSPUtils.h" - -class CSPKeyInfoProvider; - -/* avoid unnecessary includes.... */ -class AppleCSPPlugin; -#ifdef BSAFE_CSP_ENABLE -class BSafeFactory; -#endif -#ifdef CRYPTKIT_CSP_ENABLE -class CryptKitFactory; -#endif -class MiscAlgFactory; -#ifdef ASC_CSP_ENABLE -class AscAlgFactory; -#endif -class RSA_DSA_Factory; -class DH_Factory; - -/* one per attach/detach */ -class AppleCSPSession : public CSPFullPluginSession { -public: - - AppleCSPSession( - CSSM_MODULE_HANDLE handle, - AppleCSPPlugin &plug, - const CSSM_VERSION &Version, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - const CSSM_UPCALLS &upcalls); - - ~AppleCSPSession(); - - CSPContext *contextCreate( - CSSM_CC_HANDLE handle, - const Context &context); - void setupContext( - CSPContext * &cspCtx, - const Context &context, - bool encoding); - - // Functions declared in CSPFullPluginSession which we override. - - // Free a key. If this is a reference key - // we generated, remove it from refKeyMap. - void FreeKey(const AccessCredentials *AccessCred, - CssmKey &KeyPtr, - CSSM_BOOL Delete); - - void UnwrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey *PublicKey, - const CssmKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege); - void WrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const AccessCredentials &AccessCred, - const CssmKey &Key, - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege); - void DeriveKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CssmData &Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &DerivedKey); - void PassThrough(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PassThroughId, - const void *InData, - void **OutData); - void getKeySize(const CssmKey &key, - CSSM_KEY_SIZE &size); - - // add a BinaryKey to our refKeyMap. Sets up cssmKey - // as appropriate. - void addRefKey( - BinaryKey &binKey, - CssmKey &cssmKey); - - // Given a CssmKey in reference form, obtain the associated - // BinaryKey. - BinaryKey &lookupRefKey( - const CssmKey &cssmKey); - - // CSP's RNG. This redirects to Yarrow. - void getRandomBytes(size_t length, uint8 *cp); - void addEntropy(size_t length, const uint8 *cp); - - CssmAllocator &normAlloc() { return normAllocator; } - CssmAllocator &privAlloc() { return privAllocator; } - - #ifdef BSAFE_CSP_ENABLE - BSafeFactory &bSafe4Factory; - #endif - #ifdef CRYPTKIT_CSP_ENABLE - CryptKitFactory &cryptKitFactory; - #endif - MiscAlgFactory &miscAlgFactory; - #ifdef ASC_CSP_ENABLE - AscAlgFactory &ascAlgFactory; - #endif - RSA_DSA_Factory &rsaDsaAlgFactory; - DH_Factory &dhAlgFactory; - -private: - // storage of binary keys (which apps know as reference keys) - typedef std::map keyMap; - keyMap refKeyMap; - Mutex refKeyMapLock; - CssmAllocator &normAllocator; - CssmAllocator &privAllocator; - - BinaryKey *lookupKeyRef(KeyRef keyRef); - void DeriveKey_PBKDF2( - const Context &Context, - const CssmData &Param, - CSSM_DATA *keyData); - - /* CMS wrap/unwrap, called out from standard wrap/unwrap */ - void WrapKeyCms( - CSSM_CC_HANDLE CCHandle, - const Context &Context, - const AccessCredentials &AccessCred, - const CssmKey &UnwrappedKey, - CssmData &rawBlob, - bool allocdRawBlob, // callee has to free rawBlob - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege); - - void UnwrapKeyCms( - CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey &WrappedKey, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege, - cspKeyStorage keyStorage); - - - /* - * Used for generating crypto contexts at this level. - * Analogous to AlgorithmFactory.setup(). - */ - bool setup( - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - - /* - * Find a CSPKeyInfoProvider subclass for the specified key. - */ - CSPKeyInfoProvider *infoProvider( - const CssmKey &key); - - void pkcs8InferKeyHeader( - CssmKey &key); - -}; /* AppleCSPSession */ - - -#endif //_APPLE_CSP_SESSION_H_ diff --git a/AppleCSP/AppleCSP/AppleCSPUtils.cpp b/AppleCSP/AppleCSP/AppleCSPUtils.cpp deleted file mode 100644 index 2ba83229..00000000 --- a/AppleCSP/AppleCSP/AppleCSPUtils.cpp +++ /dev/null @@ -1,680 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSPUtils.cpp - CSP-wide utility functions -// - -#include "AppleCSPUtils.h" -#include -#include -#include -#include -#include -#include -#include - -/* - * Validate key attribute bits per specified key type. - * - * Used to check requested key attributes for new keys and for validating - * incoming existing keys. For checking key attributes for new keys, - * assumes that KEYATTR_RETURN_xxx bits have been checked elsewhere - * and stripped off before coming here. - */ -void cspValidateKeyAttr( - cspKeyType keyType, - uint32 keyAttr) -{ - uint32 sensitiveBit = (keyAttr & CSSM_KEYATTR_SENSITIVE) ? 1 : 0; - uint32 extractBit = (keyAttr & CSSM_KEYATTR_EXTRACTABLE) ? 1 : 0; - - /* first general CSP-wide checks */ - if(keyAttr & KEY_ATTR_RETURN_MASK) { - //errorLog0(" KEY_ATTR_RETURN bits set\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - if(keyAttr & CSSM_KEYATTR_PERMANENT) { - //errorLog0(" PERMANENT bit not supported\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK); - } - if(keyAttr & CSSM_KEYATTR_PRIVATE) { - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK); - } - /* Anything else? */ - - /* now check per keyType */ - switch(keyType) { - case CKT_Session: - break; - - case CKT_Public: - if(sensitiveBit || !extractBit) { - //errorLog0("Public keys must be extractable in the clear\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - break; - - case CKT_Private: - //if(!sensitiveBit) { - // errorLog0("Private keys must have KEYATTR_SENSITIVE\n"); - // CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - //} - - /* - * One more restriction - EXTRACTABLE - caller must check since - * that involves KEYUSE bits. - */ - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - return; -} - -/* - * Perform sanity check of incoming key attribute bits for a given - * key type, and return a cspKeyStorage value. - * - * Called from any routine which generates a new key. This specifically - * excludes WrapKey(). - */ -cspKeyStorage cspParseKeyAttr( - cspKeyType keyType, - uint32 keyAttr) -{ - uint32 sensitiveBit = (keyAttr & CSSM_KEYATTR_SENSITIVE) ? 1 : 0; - uint32 rtnDataBit = (keyAttr & CSSM_KEYATTR_RETURN_DATA) ? 1 : 0; - uint32 rtnRefBit = (keyAttr & CSSM_KEYATTR_RETURN_REF) ? 1 : 0; - uint32 extractBit = (keyAttr & CSSM_KEYATTR_EXTRACTABLE) ? 1 : 0; - - cspKeyStorage rtn; - - /* first general CDSA-wide checks */ - if(keyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE | - CSSM_KEYATTR_NEVER_EXTRACTABLE)) { - //errorLog0("ALWAYS_SENSITIVE, NEVER_EXTRACTABLE illegal at SPI\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - switch(keyAttr & KEY_ATTR_RETURN_MASK) { - /* ensure only one bit is set */ - case CSSM_KEYATTR_RETURN_DATA: - rtn = CKS_Data; - break; - case CSSM_KEYATTR_RETURN_REF: - rtn = CKS_Ref; - break; - case CSSM_KEYATTR_RETURN_NONE: - rtn = CKS_None; - break; - case CSSM_KEYATTR_RETURN_DEFAULT: - /* CSP default */ - rtnRefBit = 1; - rtn = CKS_Ref; - break; - default: - //errorLog0("Multiple KEYATTR_RETURN bits set\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - - /* now CSP-wide checks for all key types */ - if(keyType != CKT_Session) { - /* session keys modifiable, no others are */ - if(keyAttr & CSSM_KEYATTR_MODIFIABLE) { - //errorLog0("CSSM_KEYATTR_MODIFIABLE not supported\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - } - if(rtnDataBit) { - if(!extractBit) { - //errorLog0("RETURN_DATA and !EXTRACTABLE not supported\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - if(sensitiveBit) { - //errorLog0("RETURN_DATA and SENSITIVE not supported\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - } - - /* now check per keyType. We're ust checking for things specific - * to KEYATTR_RETURN_xxx; cspValidateKeyAttr will check other fields. */ - #if 0 - // nothing for now - switch(keyType) { - case CKT_Session: - break; - - case MKT_Public: - break; - - case MKT_Private: - if(rtnDataBit) { - errorLog0("Private keys must be generated by ref\n"); - goto errorOut; - } - /* - * One more restriction - EXTRACTABLE - caller must check since - * that involves KEYUSE bits. - */ - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - #endif // 0 - - /* validate other common static attributes */ - cspValidateKeyAttr(keyType, (keyAttr & ~KEY_ATTR_RETURN_MASK)); - return rtn; -} - - -/* used in cspValidateKeyUsageBits() */ -/* - * This is a vestige from OS9/ASA. In the real world there are in fact certs with - * keyUsage extensions which specify, e.g., verify and wrap. I think we'll just - * have to ignore the old exclusivity rules. - */ -#define IGNORE_KEYUSE_EXCLUSIVITY 1 -#if IGNORE_KEYUSE_EXCLUSIVITY -#define checkExclusiveUsage(ku, cb, ob, em) -#else -static void checkExclusiveUsage( - uint32 keyUsage, // requested usage word - uint32 checkBits, // if any of these are set - uint32 otherBits, // these are the only other bits which can be set - const char *errMsg) -{ - if(keyUsage & checkBits) { - if(keyUsage & ~otherBits) { - errorLog0((char *)errMsg); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - } -} -#endif /* IGNORE_KEYUSE_EXCLUSIVITY */ - -/* - * Validate key usage bits for specified key type. - */ -void cspValidateKeyUsageBits ( - cspKeyType keyType, - uint32 keyUsage) -{ - /* general restrictions */ - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_ANY, - CSSM_KEYUSE_ANY, - "CSSM_KEYUSE_ANY overload"); - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_DERIVE, - CSSM_KEYUSE_DERIVE, - "CSSM_KEYUSE_DERIVE overload\n"); - - /* brute force per key type. */ - switch(keyType) { - case CKT_Session: - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - "session key usage: encrypt/decrypt overload\n"); - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY | - CSSM_KEYUSE_SIGN_RECOVER | CSSM_KEYUSE_VERIFY_RECOVER, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY | - CSSM_KEYUSE_SIGN_RECOVER | CSSM_KEYUSE_VERIFY_RECOVER, - "session key usage: sign/verify overload\n"); - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, - CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, - "session key usage: wrap/unwrap overload\n"); - break; - - case CKT_Public: - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_ENCRYPT, - CSSM_KEYUSE_ENCRYPT, - "public key usage: encrypt overload\n"); - if(keyUsage & CSSM_KEYUSE_DECRYPT) { - errorLog0("public key usage: DECRYPT illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - if(keyUsage & (CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER)) { - errorLog0("public key usage: SIGN illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER, - CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER, - "public key usage: verify overload\n"); - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_WRAP, - CSSM_KEYUSE_WRAP, - "public key usage: wrap overload\n"); - if(keyUsage & CSSM_KEYUSE_UNWRAP) { - errorLog0("public key usage: UNWRAP illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - break; - - case CKT_Private: - if(keyUsage & CSSM_KEYUSE_ENCRYPT) { - errorLog0("private key usage: ENCRYPT illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_DECRYPT, - CSSM_KEYUSE_DECRYPT, - "private key usage: decrypt overload\n"); - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER, - "private key usage: sign overload\n"); - if(keyUsage & (CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER)) { - errorLog0("private key usage: VERIFY illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - if(keyUsage & CSSM_KEYUSE_WRAP) { - errorLog0("private key usage: WRAP illegal\n"); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK); - } - checkExclusiveUsage(keyUsage, - CSSM_KEYUSE_UNWRAP, - CSSM_KEYUSE_UNWRAP, - "private key usage: unwrap overload\n"); - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } -} - -/* - * Validate existing key's usage bits against intended use. - */ - -/* - * For now, a key marked for KEYUSE_{WRAP|UNWRAP} can also be used for - * KEYUSE_{ENCRYPT|DECRYPT}. This is a temporary workaround for - * Radar 2716153. - */ -#define RELAXED_WRAP_USAGE 1 - -void cspValidateIntendedKeyUsage( - const CSSM_KEYHEADER *hdr, - CSSM_KEYUSE intendedUsage) -{ - uint32 keyUsage = hdr->KeyUsage; - cspKeyType keyType; - - /* first, the obvious */ - if(keyUsage & CSSM_KEYUSE_ANY) { - /* OK for now */ - return; - } - if(!(keyUsage & intendedUsage)) { - #if RELAXED_WRAP_USAGE - if(! ( ( (keyUsage & CSSM_KEYUSE_WRAP) && - (intendedUsage == CSSM_KEYUSE_ENCRYPT) - ) || - ( (keyUsage & CSSM_KEYUSE_UNWRAP) && - (intendedUsage == CSSM_KEYUSE_DECRYPT) - ) - ) ) - #endif - CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT); - } - - /* now validate all of the key's usage bits - this is mainly to - * prevent and detect tampering */ - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_SESSION_KEY: - keyType = CKT_Session; - break; - case CSSM_KEYCLASS_PUBLIC_KEY: - keyType = CKT_Public; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - keyType = CKT_Private; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - try { - cspValidateKeyUsageBits(keyType, keyUsage); - } - catch (...) { - /* override error.... */ - CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT); - } -} - -/* - * Set up a key header. - */ -void setKeyHeader( - CSSM_KEYHEADER &hdr, - const Guid &myGuid, - CSSM_ALGORITHMS alg, - CSSM_KEYCLASS keyClass, - CSSM_KEYATTR_FLAGS attrs, - CSSM_KEYUSE use) -{ - memset(&hdr, 0, sizeof(CSSM_KEYHEADER)); - hdr.HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr.CspId = myGuid; - hdr.AlgorithmId = alg; - hdr.KeyClass = keyClass; - hdr.KeyUsage = use; - hdr.KeyAttr = attrs; - - // defaults (change as needed) - hdr.WrapAlgorithmId = CSSM_ALGID_NONE; -} - -/* - * Ensure that indicated CssmData can handle 'length' bytes - * of data. Malloc the Data ptr if necessary. - */ -void setUpCssmData( - CssmData &data, - size_t length, - CssmAllocator &allocator) -{ - /* FIXME - I'm sure Perry has more elegant ways of doing this, - * but I can't figure them out. */ - if(data.Length == 0) { - data.Data = (uint8 *)allocator.malloc(length); - } - else if(data.Length < length) { - CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); - } - data.Length = length; -} - -void setUpData( - CSSM_DATA &data, - size_t length, - CssmAllocator &allocator) -{ - setUpCssmData(CssmData::overlay(data), length, allocator); -} - -void freeCssmData( - CssmData &data, - CssmAllocator &allocator) -{ - if(data.Data) { - allocator.free(data.Data); - data.Data = NULL; - } - data.Length = 0; -} - -void freeData( - CSSM_DATA *data, - CssmAllocator &allocator, - bool freeStruct) // free the CSSM_DATA itself -{ - if(data == NULL) { - return; - } - if(data->Data) { - allocator.free(data->Data); - data->Data = NULL; - } - data->Length = 0; - if(freeStruct) { - allocator.free(data); - } -} - -/* - * Copy source to destination, mallocing destination if necessary. - */ -void copyCssmData( - const CssmData &src, - CssmData &dst, - CssmAllocator &allocator) -{ - setUpCssmData(dst, src.Length, allocator); - memmove(dst.Data, src.Data, src.Length); -} - -void copyData( - const CSSM_DATA &src, - CSSM_DATA &dst, - CssmAllocator &allocator) -{ - copyCssmData(CssmData::overlay(src), - CssmData::overlay(dst), - allocator); -} - -/* - * Compare two CSSM_DATAs, return CSSM_TRUE if identical. - */ -CSSM_BOOL cspCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2) -{ - if((data1 == NULL) || (data1->Data == NULL) || - (data2 == NULL) || (data2->Data == NULL) || - (data1->Length != data2->Length)) { - return CSSM_FALSE; - } - if(data1->Length != data2->Length) { - return CSSM_FALSE; - } - if(memcmp(data1->Data, data2->Data, data1->Length) == 0) { - return CSSM_TRUE; - } - else { - return CSSM_FALSE; - } -} - -/* - * This takes care of mallocing the KeyLabel field. - */ -void copyCssmHeader( - const CssmKey::Header &src, - CssmKey::Header &dst, - CssmAllocator &allocator) -{ - dst = src; -} - -/* - * Given a wrapped key, infer its raw format. - * This is a real kludge; it only works as long as each {algorithm, keyClass} - * maps to exactly one format. - */ -CSSM_KEYBLOB_FORMAT inferFormat( - const CssmKey &wrappedKey) -{ - switch(wrappedKey.keyClass()) { - case CSSM_KEYCLASS_SESSION_KEY: - return CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - case CSSM_KEYCLASS_PUBLIC_KEY: - switch(wrappedKey.algorithm()) { - case CSSM_ALGID_RSA: - return CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - case CSSM_ALGID_DSA: - return CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - #ifdef CRYPTKIT_CSP_ENABLE - case CSSM_ALGID_FEE: - return FEE_KEYBLOB_DEFAULT_FORMAT; - #endif - default: - /* punt */ - return CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - case CSSM_KEYCLASS_PRIVATE_KEY: - switch(wrappedKey.algorithm()) { - case CSSM_ALGID_RSA: - return CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - case CSSM_ALGID_DSA: - return CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - #ifdef CRYPTKIT_CSP_ENABLE - case CSSM_ALGID_FEE: - return FEE_KEYBLOB_DEFAULT_FORMAT; - #endif - default: - /* punt */ - return CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - default: - /* punt */ - return CSSM_KEYBLOB_RAW_FORMAT_NONE; - } -} - -/* - * Given a key and a Context, obtain the optional associated - * CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute as a - * CSSM_KEYBLOB_FORMAT. - */ -CSSM_KEYBLOB_FORMAT requestedKeyFormat( - const Context &context, - const CssmKey &key) -{ - CSSM_ATTRIBUTE_TYPE attrType; - - switch(key.keyClass()) { - case CSSM_KEYCLASS_SESSION_KEY: - attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT; - break; - case CSSM_KEYCLASS_PUBLIC_KEY: - attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT; - break; - default: - return CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - /* not present ==> 0 ==> CSSM_KEYBLOB_RAW_FORMAT_NONE */ - return context.getInt(attrType); -} - -/* one-shot SHA1 digest */ -void cspGenSha1Hash( - const void *inData, - size_t inDataLen, - void *out) // caller mallocs, digest goes here -{ - SHA1Object sha1; - - sha1.digestInit(); - sha1.digestUpdate(inData, inDataLen); - sha1.digestFinal(out); -} - -/* - * Convert a CSSM_DATE to a CssmUniformDate, or NULL if the CSSM_DATE - * is empty. - */ -static CssmUniformDate *cspGetUniformDate( - const CSSM_DATE &cdate) -{ - bool isZero = true; - unsigned char *cp = (unsigned char *)&cdate; - for(unsigned i=0; i *end) { - keyDateDebug("Invalid end date"); - err = CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE; - } - else { - keyDateDebug("Valid end date"); - } - } - else { - keyDateDebug("Empty end date"); - } - } - if(now) { - delete now; - } - if(end) { - delete end; - } - if(start) { - delete start; - } - if(err) { - CssmError::throwMe(err); - } -} - diff --git a/AppleCSP/AppleCSP/AppleCSPUtils.h b/AppleCSP/AppleCSP/AppleCSPUtils.h deleted file mode 100644 index 3e596522..00000000 --- a/AppleCSP/AppleCSP/AppleCSPUtils.h +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleCSPUtils.h - CSP-wide utility functions -// - -#ifndef _H_APPLE_CSP_UTILS -#define _H_APPLE_CSP_UTILS - -#include "cspdebugging.h" -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Key type */ -typedef enum { - CKT_Session, - CKT_Private, - CKT_Public -} cspKeyType; - -/* Key storage type returned from cspParseKeyAttr() */ -typedef enum { - CKS_Ref, - CKS_Data, - CKS_None -} cspKeyStorage; - -#define KEY_ATTR_RETURN_MASK (CSSM_KEYATTR_RETURN_DATA | \ - CSSM_KEYATTR_RETURN_REF | \ - CSSM_KEYATTR_RETURN_NONE) - -/* - * Validate key attribute bits per specified key type. - * - * Used to check requested key attributes for new keys and for validating - * incoming existing keys. For checking key attributes for new keys, - * assumes that KEYATTR_RETURN_xxx bits have been checked elsewhere - * and stripped off before coming here. - */ -void cspValidateKeyAttr( - cspKeyType keyType, - uint32 keyAttr); - -/* - * Perform sanity check of incoming key attribute bits for a given - * key type, and return a malKeyStorage value. - * - * Called from any routine which generates a new key. This specifically - * excludes WrapKey(). - */ -cspKeyStorage cspParseKeyAttr( - cspKeyType keyType, - uint32 keyAttr); - -/* - * Validate key usage bits for specified key type. - */ -void cspValidateKeyUsageBits ( - cspKeyType keyType, - uint32 keyUsage); - -/* - * Validate existing key's usage bits against intended use. - */ -void cspValidateIntendedKeyUsage( - const CSSM_KEYHEADER *hdr, - CSSM_KEYUSE intendedUsage); - -/* - * Set up a key header. - */ -void setKeyHeader( - CSSM_KEYHEADER &hdr, - const Guid &myGuid, - CSSM_ALGORITHMS alg, - CSSM_KEYCLASS keyClass, - CSSM_KEYATTR_FLAGS attrs, - CSSM_KEYUSE use); - -/* - * Ensure that indicated CssmData can handle 'length' bytes - * of data. Malloc the Data ptr if necessary. - */ -void setUpCssmData( - CssmData &data, - size_t length, - CssmAllocator &allocator); - -void setUpData( - CSSM_DATA &data, - size_t length, - CssmAllocator &allocator); - -void freeCssmData( - CssmData &data, - CssmAllocator &allocator); - -void freeData( - CSSM_DATA *data, - CssmAllocator &allocator, - bool freeStruct); // free the CSSM_DATA itself - -/* - * Copy source to destination, mallocing destination if necessary. - */ -void copyCssmData( - const CssmData &src, - CssmData &dst, - CssmAllocator &allocator); - -void copyData( - const CSSM_DATA &src, - CSSM_DATA &dst, - CssmAllocator &allocator); - -/* - * Compare two CSSM_DATAs, return CSSM_TRUE if identical. - */ -CSSM_BOOL cspCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2); - -/* - * This takes care of mallocing the and KeyLabel field. - */ -void copyCssmHeader( - const CssmKey::Header &src, - CssmKey::Header &dst, - CssmAllocator &allocator); - -/* - * Given a wrapped key, infer its raw format. - * This is a real kludge; it only works as long as each {algorithm, keyClass} - * maps to exactly one format. - */ -CSSM_KEYBLOB_FORMAT inferFormat( - const CssmKey &wrappedKey); - -/* - * Given a key and a Context, obtain the optional associated - * CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute as a - * CSSM_KEYBLOB_FORMAT. - */ -CSSM_KEYBLOB_FORMAT requestedKeyFormat( - const Context &context, - const CssmKey &key); - -/* stateless function to calculate SHA-1 hash of a blob */ - -#define SHA1_DIGEST_SIZE 20 -void cspGenSha1Hash( - const void *inData, - size_t inDataLen, - void *out); // caller mallocs, digest goes here - -void cspVerifyKeyTimes( - const CSSM_KEYHEADER &hdr); - -#ifdef __cplusplus -} -#endif - -#endif // _H_APPLE_CSP_UTILS diff --git a/AppleCSP/AppleCSP/BinaryKey.h b/AppleCSP/AppleCSP/BinaryKey.h deleted file mode 100644 index 0ff22fcc..00000000 --- a/AppleCSP/AppleCSP/BinaryKey.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// BinaryKey.h - CSP-wide BinaryKey base class -// - -#ifndef _H_BINARY_KEY_ -#define _H_BINARY_KEY_ - -#include -#include - -// opaque key reference type -typedef uint32 KeyRef; - -class AppleCSPSession; - -/* - * unique blob type passed to generateKeyBlob() for key digest calculation - */ -#define CSSM_KEYBLOB_RAW_FORMAT_DIGEST \ - (CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED + 0x12345) - - -// frame for Binary key; all modules (BSAFE, CryptKit) must subclass -// this and add a member whose type is the native raw key object. -// Subclasses must implement constructor, destructor, and generateKeyBlob(). -class BinaryKey -{ -public: - BinaryKey() : mKeyRef(0) { } - virtual ~BinaryKey() { mKeyRef = 0; } - - /* - * Generate raw key blob. - * The format argument is an in/out parameter and is optionally used - * to request a specific keyblob format for providers which can generate - * multipleÊformats. This value comes from an optional - * CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute in the current - * context. If so such attribute is present, the default value - * CSSM_KEYBLOB_RAW_FORMAT_NONE is specified as the default input param. - * - * All BinaryKeys must handle the special case format - * CSSM_KEYBLOB_RAW_FORMAT_DIGEST, which creates a blob suitable for use - * in calcuating the digest of the key blob. - * - * The session and paramKey arguments facilitate the conversion of a partial - * BinaryKey to a fully formed raw key, i.e., a null wrap to get a fully formed - * raw key. The attrFlags aregument is used to indicate that this operation - * did in fact convert a partial binary key to a fully formed raw key - * (in which case the subclass clears the CSSM_KEYATTR_PARTIAL bit - * in attrFlags before returning). - */ - virtual void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, // in/out, CSSM_KEYBLOB_RAW_FORMAT_PKCS1, - // etc. - AppleCSPSession &session, - const CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags) // IN/OUT - - { - CssmError::throwMe(CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED); - } - - CssmKey::Header mKeyHeader; - KeyRef mKeyRef; -}; - -// Binary key representing a symmetric key. -class SymmetricBinaryKey : public BinaryKey -{ -public: - SymmetricBinaryKey( - unsigned keySizeInBits); - ~SymmetricBinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, /* CSSM_KEYBLOB_RAW_FORMAT_PKCS1, etc. */ - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - CssmData mKeyData; - CssmAllocator &mAllocator; -}; - -/* - * Stateless function to cook up a BinaryKey given a - * symmetric CssmKey in RAW format. Returns true on - * success, false if we can't deal with this type of key, - * throws exception on other runtime errors. - */ -bool symmetricCssmKeyToBinary( - const CssmKey &cssmKey, - BinaryKey **binKey); // RETURNED - -#endif // _H_BINARY_KEY_ - diff --git a/AppleCSP/AppleCSP/BlockCryptor.cpp b/AppleCSP/AppleCSP/BlockCryptor.cpp deleted file mode 100644 index a343e5bd..00000000 --- a/AppleCSP/AppleCSP/BlockCryptor.cpp +++ /dev/null @@ -1,609 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * BlockCryptor.cpp - common context for block-oriented encryption algorithms - * - * Created March 5 2001 by dmitch - */ - -#include "BlockCryptor.h" -#include "BinaryKey.h" -#include "AppleCSPSession.h" -#include -#include -#include -#include -#include -#include - -#define BlockCryptDebug(args...) secdebug("blockCrypt", ## args) -#define bprintf(args...) secdebug("blockCryptBuf", ## args) -#define ioprintf(args...) secdebug("blockCryptIo", ## args) - -BlockCryptor::~BlockCryptor() -{ - if(mInBuf) { - memset(mInBuf, 0, mInBlockSize); - session().free(mInBuf); - mInBuf = NULL; - } - if(mChainBuf) { - memset(mChainBuf, 0, mInBlockSize); - session().free(mChainBuf); - mChainBuf = NULL; - } - mInBufSize = 0; -} - -/* - * Reusable setup functions called from subclass's init. - * This is the general purpose one.... - */ -void BlockCryptor::setup( - size_t blockSizeIn, // block size of input - size_t blockSizeOut, // block size of output - bool pkcsPad, // this class performs PKCS{5,7} padding - bool needsFinal, // needs final update with valid data - BC_Mode mode, // ECB, CBC - const CssmData *iv) // init vector, required for CBC - //Ê must be at least blockSizeIn bytes -{ - if(pkcsPad && needsFinal) { - BlockCryptDebug("BlockCryptor::setup pkcsPad && needsFinal"); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - mPkcsPadding = pkcsPad; - mMode = mode; - mNeedFinalData = needsFinal; - - /* set up inBuf, all configurations */ - if(mInBuf != NULL) { - /* only reuse if same size */ - if(mInBlockSize != blockSizeIn) { - session().free(mInBuf); - mInBuf = NULL; - } - } - if(mInBuf == NULL) { - mInBuf = (uint8 *)session().malloc(blockSizeIn); - } - - /* set up chain buf, decrypt/CBC only */ - if((mMode == BCM_CBC) && !encoding()) { - if(mChainBuf != NULL) { - /* only reuse if same size */ - if(mInBlockSize != blockSizeIn) { - session().free(mChainBuf); - mChainBuf = NULL; - } - } - if(mChainBuf == NULL) { - mChainBuf = (uint8 *)session().malloc(blockSizeIn); - } - } - - /* IV iff CBC mode, and ensure IV is big enough */ - switch(mMode) { - case BCM_ECB: - if(iv != NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR); - } - break; - case BCM_CBC: - if(iv == NULL) { - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - } - if(blockSizeIn != blockSizeOut) { - /* no can do, must be same block sizes */ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - if(iv->Length < blockSizeIn) { - /* not enough IV */ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR); - } - /* save IV as appropriate */ - if(encoding()) { - memmove(mInBuf, iv->Data, blockSizeIn); - } - else { - assert(mChainBuf != NULL); - memmove(mChainBuf, iv->Data, blockSizeIn); - } - break; - } - - mInBlockSize = blockSizeIn; - mInBufSize = 0; - mOutBlockSize = blockSizeOut; - mOpStarted = false; -} - -/* - * This one is used by simple, well-behaved algorithms which don't do their own - * padding and which rely on us to do everything but one-block-at-a-time - * encrypt and decrypt. - */ -void BlockCryptor::setup( - size_t blockSize, // block size of input and output - const Context &context) -{ - bool padEnable = false; - bool chainEnable = false; - bool ivEnable = false; - CssmData *iv = NULL; - - /* - * Validate context - * IV optional per mode - * pad optional per mode - * Currently we ignore extraneous attributes (e.g., it's OK to pass in - * an IV if the mode doesn't specify it), mainly for simplifying test routines. - */ - CSSM_ENCRYPT_MODE cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE); - - switch (cssmMode) { - /* no mode attr --> 0 == CSSM_ALGMODE_NONE, not currently supported */ - case CSSM_ALGMODE_CBCPadIV8: - padEnable = true; - ivEnable = true; - chainEnable = true; - break; - - case CSSM_ALGMODE_CBC_IV8: - ivEnable = true; - chainEnable = true; - break; - - case CSSM_ALGMODE_ECB: - break; - - case CSSM_ALGMODE_ECBPad: - padEnable = true; - break; - - default: - errorLog1("DESContext::init: illegal mode (%d)\n", (int)cssmMode); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - - if(padEnable) { - /* validate padding type */ - uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING); // 0 ==> PADDING_NONE - if(blockSize == 8) { - switch(padding) { - /* backwards compatibility - used to be PKCS1, should be PKCS5 or 7 */ - case CSSM_PADDING_PKCS7: - case CSSM_PADDING_PKCS5: - case CSSM_PADDING_PKCS1: //Êthis goes away soon - /* OK */ - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - } - else { - switch(padding) { - case CSSM_PADDING_PKCS5: // this goes away soon - case CSSM_PADDING_PKCS7: - /* OK */ - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - } - } - if(ivEnable) { - /* make sure there's an IV in the context of sufficient length */ - iv = context.get(CSSM_ATTRIBUTE_INIT_VECTOR); - if(iv == NULL) { - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - } - if(iv->Length < blockSize) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR); - } - } - setup(blockSize, - blockSize, - padEnable, - false, // needsFinal - chainEnable ? BCM_CBC : BCM_ECB, - iv); -} - -/* - * Update always leaves some data in mInBuf if: - * mNeedsFinalData is true, or - * decrypting and mPkcsPadding true. - * Also, we always process all of the input (except on error). - */ -void BlockCryptor::update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize) // in/out -{ - UInt8 *uInp = (UInt8 *)inp; - UInt8 *uOutp = (UInt8 *)outp; - size_t uInSize = inSize; // input bytes to go - size_t uOutSize = 0; // ouput bytes generated - size_t uOutLeft = outSize; // bytes remaining in outp - size_t toMove; - size_t actMoved; - unsigned i; - bool needLeftOver = mNeedFinalData || (!encoding() && mPkcsPadding); - - assert(mInBuf != NULL); - mOpStarted = true; - - if(mInBufSize) { - /* attempt to fill mInBuf from inp */ - toMove = mInBlockSize - mInBufSize; - if(toMove > uInSize) { - toMove = uInSize; - } - if(encoding() && (mMode == BCM_CBC)) { - /* xor into last cipherblock or IV */ - for(i=0; i mInBuf */ - if(leftOver) { - if(encoding() && (mMode == BCM_CBC)) { - /* xor into last cipherblock or IV */ - for(i=0; i mOutBlockSize) { - BlockCryptDebug("BlockCryptor::final malformed ciphertext (1)"); - CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA); - } - UInt8 *padPtr = ptext + mOutBlockSize - padSize; - for(unsigned i=0; i= 1); - inSize = (wholeBlocks * mInBlockSize) - mInBufSize; - if(inSize == 0) { - /* i.e., we're holding a whole buffer */ - inSize++; - } - } - bprintf("--- BlockCryptor::inputSize inSize 0x%lx outSize 0x%lx mInBufSize 0x%lx", - inSize, outSize, mInBufSize); - return inSize; -} - -size_t BlockCryptor::outputSize( - bool final, - size_t inSize /*= 0*/) // output for given input size -{ - size_t rawBytes = inSize + mInBufSize; - // huh?Êdon't round this up! - //size_t rawBlocks = (rawBytes + mInBlockSize - 1) / mInBlockSize; - size_t rawBlocks = rawBytes / mInBlockSize; - - /* - * encrypting: always get one additional block on final() if we're padding - * or (we presume) the subclass is padding. Note that we - * truncated when calculating rawBlocks; to finish out on the - * final block, we (or our subclass) will either have to pad - * out the current partial block, or cook up a full pad block if - * mInBufSize is currently zero. Subclasses which pad some other - * way need to override this method. - * - * decrypting: outsize always <= insize - */ - if(encoding() && final && (mPkcsPadding || mNeedFinalData)) { - rawBlocks++; - } - - /* FIXME - optimize for needFinalData? (can squeak by with smaller outSize) */ - size_t rtn = rawBlocks * mOutBlockSize; - bprintf("--- BlockCryptor::outputSize inSize 0x%lx outSize 0x%lx final %d " - "inBufSize 0x%lx", inSize, rtn, final, mInBufSize); - return rtn; -} - - - diff --git a/AppleCSP/AppleCSP/BlockCryptor.h b/AppleCSP/AppleCSP/BlockCryptor.h deleted file mode 100644 index a5e403a1..00000000 --- a/AppleCSP/AppleCSP/BlockCryptor.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * BlockCryptor.h - common context for block-oriented encryption algorithms - * - * Created March 5 2001 by dmitch - */ - -#ifndef _BLOCK_CRYPTOR_H_ -#define _BLOCK_CRYPTOR_H_ - -#include "AppleCSPContext.h" -#include - -/* - * Base class for AppleCSPContexts associated with BlockCryptObjects. - * The main purpose of this class is to abstract out the very common work - * of buffering incoming data (per CSSM-style update, ..., final) and - * doing single-block ops on the underlying encrypt/decrypt algorithm - * objects. Standard PKSC5 padding is handled here. All other chaining, - * padding, IV, et al, logic is handled by subclasses. - */ -class BlockCryptor : public AppleCSPContext -{ -public: - BlockCryptor( - AppleCSPSession &session) : - AppleCSPContext(session), - mOpStarted(false), - mInBuf(NULL), - mChainBuf(NULL) { } - virtual ~BlockCryptor(); - - /* - * Note standard init(const Context &context, bool encoding) is totally - * subclass-specific. - * - * These are implemented here using the subclass's {en,de}cryptBlock functions. - * Note PKCS5 padding is implemented here if mPkcs5Padding is true. PKCS5 - * padding can only be accomplished if the result of decrypting - * cipherBlockSize() bytes of ciphertext yields exactly plainBlockSize() - * bytes of plaintext. (Sound odd? FEED does not meet that restriction...) - */ - void update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize); // in/out - - void final( - CssmData &out); - - /* - * Our implementation of these three query functions are only valid - * for algorithms for which encrypting one block of plaintext always - * yields exactly one block of ciphertext, and vice versa for decrypt. - * The block sizes for plaintext and ciphertext do NOT have to be the same. - * Subclasses (e.g. FEED) which do not meet this criterion will have to override. - */ - virtual size_t inputSize( - size_t outSize); // input for given output size - virtual size_t outputSize( - bool final = false, - size_t inSize = 0); // output for given input size - virtual void minimumProgress( - size_t &in, - size_t &out); // minimum progress chunks - -protected: - typedef enum { - BCM_ECB, // no chaining - BCM_CBC // requires inBlockSize == outBlockSize - } BC_Mode; - - /* accessors (see comments below re: the member variables) */ - bool pkcs5Padding() { return mPkcsPadding; } - bool needFinalData() { return mNeedFinalData; } - void *inBuf() { return mInBuf; } - size_t inBufSize() { return mInBufSize; } - void *chainBuf() { return mChainBuf; } - size_t inBlockSize() { return mInBlockSize; } - size_t outBlockSize() { return mOutBlockSize; } - BC_Mode mode() { return mMode; } - bool opStarted() { return mOpStarted; } - - /* - * Reusable setup functions called from subclass's init. - * This is the general purpose one.... - */ - void setup( - size_t blockSizeIn, // block size of input in bytes - size_t blockSizeOut, // block size of output in bytes - bool pkcsPad, // this class performs PKCS{5,7} padding - bool needsFinal, // needs final update with valid data - BC_Mode mode, // ECB, CBC - const CssmData *iv); // init vector, required for CBC - //Ê must be at least blockSizeIn bytes - - /* - * This one is used by simple, well-behaved algorithms which don't do their own - * padding and which rely on us to do everything but one-block-at-a-time - * encrypt and decrypt. - */ - void BlockCryptor::setup( - size_t blockSize, // block size of input and output - const Context &context); - - /*** - *** Routines to be implemented by subclass. - ***/ - - /* - virtual void init(const Context &context, bool encoding = true); - */ - - /* - * encrypt/decrypt exactly one block. Output buffers mallocd by caller. - * On encrypt, it may be acceptable for plainTextLen to be less than - * one plainBlockSize() if: - * -- final is true, and - * -- the subclass permits this. That is generally only true - * when the subclass implements some padding other than our - * standard PKCS5. - * - * The subclass throws CSSMERR_CSP_INPUT_LENGTH_ERROR if the above - * conditions are not met. - */ - virtual void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, subclass throws on overflow - bool final) = 0; - - /* - * Decrypt one block. Incoming cipherText length is ALWAYS cipherBlockSize(). - */ - virtual void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, subclass throws on overflow - bool final) = 0; - -private: - bool mOpStarted; // for optional use by subclasses when - // resuing context after encrypt/decrypt - // ops occur - - /* these are all init'd via setup(), called from subclass-specific init */ - bool mPkcsPadding; // PKCS{5,7} padding enabled - bool mNeedFinalData; // subclass needs an update(final) with - // valid data; if true we always keep - // some data in mInBuf after an update. - // Mutually exclusive with mPkcsPadding. - uint8 *mInBuf; // for buffering input - size_t mInBufSize; // valid bytes in mInBuf - uint8 *mChainBuf; // for CBC, decrypting only - size_t mInBlockSize; // block size of input in bytes; also - // mallocd size of mInBuf - size_t mOutBlockSize; // block size of output in bytes - BC_Mode mMode; // ECB, CBC - -}; - -#endif /* _BLOCK_CRYPTOR_H_ */ diff --git a/AppleCSP/AppleCSP/RawSigner.h b/AppleCSP/AppleCSP/RawSigner.h deleted file mode 100644 index 30aed4d6..00000000 --- a/AppleCSP/AppleCSP/RawSigner.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RawSigner.h - low-level virtual sign/verify object (no digest) - */ - -#ifndef _RAW_SIGNER_H_ -#define _RAW_SIGNER_H_ - -#include -#include -#include - -class RawSigner { -public: - RawSigner( - CssmAllocator &alloc, - CSSM_ALGORITHMS digestAlg) : - mInitFlag(false), - mIsSigning(false), - mDigestAlg(digestAlg), - mAlloc(alloc) { } - virtual ~RawSigner() { } - - /* - * The use of our mDigestAlg variable is pretty crufty. For some algs, it's - * known and specified at construction time (e.g., CSSM_ALGID_MD5WithRSA). - * For some algs, it's set by CSPFullPluginSession via - * CSPContext::setDigestAlgorithm during raw sign/verify. - */ - void setDigestAlg(CSSM_ALGORITHMS alg) - { mDigestAlg = alg; } - - /* - * The remaining functions must be implemented by subclass. - */ - - /* reusable init */ - virtual void signerInit( - const Context &context, - bool isSigning) = 0; - - /* sign */ - virtual void sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen) = 0; /* IN/OUT */ - - /* verify */ - virtual void verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen) = 0; - - /* works for both, but only used for signing */ - virtual size_t maxSigSize() = 0; - -protected: - bool mInitFlag; // true after init - bool mOpStarted; // true after update - bool mIsSigning; - CSSM_ALGORITHMS mDigestAlg; // for raw sign/verify - CssmAllocator &mAlloc; - - bool initFlag() { return mInitFlag; } - void setInitFlag(bool flag) { mInitFlag = flag; } - bool opStarted() { return mOpStarted; } - void setOpStarted(bool flag) { mOpStarted = flag; } - bool isSigning() { return mIsSigning; } - void setIsSigning(bool signing) - { mIsSigning = signing; } - CSSM_ALGORITHMS digestAlg() { return mDigestAlg; } - CssmAllocator &alloc() { return mAlloc; } -}; - - -#endif /* _RAW_SIGNER_H_ */ diff --git a/AppleCSP/AppleCSP/SignatureContext.cpp b/AppleCSP/AppleCSP/SignatureContext.cpp deleted file mode 100644 index 85c78511..00000000 --- a/AppleCSP/AppleCSP/SignatureContext.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * SignatureContext.h - AppleCSPContext sublass for generic sign/verify - */ - -#include "SignatureContext.h" -#include "AppleCSPUtils.h" -#include "AppleCSPSession.h" -#include -#include - -#include - -#define cspSigDebug(args...) secdebug("cspSig", ## args) - -SignatureContext::~SignatureContext() -{ - delete &mDigest; - delete &mSigner; - mInitFlag = false; -} - -/* both sign & verify */ -void SignatureContext::init( - const Context &context, - bool isSigning) -{ - mDigest.digestInit(); - mSigner.signerInit(context, isSigning); - mInitFlag = true; -} - -/* both sign & verify */ -void SignatureContext::update( - const CssmData &data) -{ - mDigest.digestUpdate(data.Data, data.Length); -} - -/* sign only */ -void SignatureContext::final( - CssmData &out) -{ - void *digest; - size_t digestLen; - void *sig = out.data(); - size_t sigLen = out.length(); - - /* first obtain the digest */ - digestLen = mDigest.digestSizeInBytes(); - digest = session().malloc(digestLen); - mDigest.digestFinal(digest); - - /* now sign */ - try { - mSigner.sign(digest, - digestLen, - sig, - &sigLen); - } - catch(...) { - session().free(digest); - throw; - } - session().free(digest); - if(out.length() < sigLen) { - cspSigDebug("SignatureContext: mallocd sig too small!"); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - out.length(sigLen); -} - -/* verify only */ -void SignatureContext::final( - const CssmData &in) -{ - void *digest; - size_t digestLen; - - /* first obtain the digest */ - digestLen = mDigest.digestSizeInBytes(); - digest = session().malloc(digestLen); - mDigest.digestFinal(digest); - - /* now verify */ - try { - mSigner.verify(digest, - digestLen, - in.Data, - in.Length); - } - catch(...) { - session().free(digest); - throw; - } - session().free(digest); -} - -size_t SignatureContext::outputSize( - bool final, - size_t inSize) -{ - return mSigner.maxSigSize(); -} - -/* for raw sign/verify - optionally called after init */ -void SignatureContext::setDigestAlgorithm( - CSSM_ALGORITHMS digestAlg) -{ - mSigner.setDigestAlg(digestAlg); -} diff --git a/AppleCSP/AppleCSP/SignatureContext.h b/AppleCSP/AppleCSP/SignatureContext.h deleted file mode 100644 index 4218701a..00000000 --- a/AppleCSP/AppleCSP/SignatureContext.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * SignatureContext.h - AppleCSPContext subclass for generic sign/verify - * - * This class performs all of the sign/verify operations in the CSP. The general - * scheme is that an instance of this class has references to one DigestObject - * and one RawSigner. Sign and Verify "updates" go to the DigestObject. The "final" - * operation consists of obtaining the final digest from the DigestObject and - * performing a sign or verify on that data via the RawSigner. - * - * This class knows nothing about any of the algorithms involved; all sign and - * verify operations follow this same scheme. Various modules' AlgorithmFactories - * construct one of these objects by providing the appropriate DigestObject and - * RawSigner. - * - * The seemingly special case of "raw RSA sign", in which the app calculates the - * digest separately from the sign operation, is handled via the NullDigest object. - */ - -#ifndef _SIGNATURE_CONTEXT_H_ -#define _SIGNATURE_CONTEXT_H_ - -#include -#include -#include - -class SignatureContext : public AppleCSPContext { -public: - SignatureContext( - AppleCSPSession &session, - DigestObject &digest, - RawSigner &signer) : - AppleCSPContext(session), - mDigest(digest), - mSigner(signer), - mInitFlag(false), - mOpStarted(false) { } - - ~SignatureContext(); - - /* called out from CSPFullPluginSession.... - * both sign & verify: */ - void init(const Context &context, bool isSigning); - void update(const CssmData &data); - - /* sign only */ - void final(CssmData &out); - - /* verify only */ - void final(const CssmData &in); - - size_t outputSize(bool final, size_t inSize); - - /* for raw sign/verify - optionally called after init */ - virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg); - - -private: - DigestObject &mDigest; - RawSigner &mSigner; - bool mInitFlag; // true after init - bool mOpStarted; // true after update -}; - - -#endif /* _SIGNATURE_CONTEXT_H_ */ \ No newline at end of file diff --git a/AppleCSP/AppleCSP/YarrowConnection.cpp b/AppleCSP/AppleCSP/YarrowConnection.cpp deleted file mode 100644 index 86bd776b..00000000 --- a/AppleCSP/AppleCSP/YarrowConnection.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * YarrowConnection.cpp - single, process-wide, thread-safe Yarrow client - */ -#include "YarrowConnection.h" -#include -#include -#include - -/* instantiated by C++ runtime at library load/init time */ -class YarrowConnection : public DevRandomGenerator { -public: - YarrowConnection() : DevRandomGenerator(getuid() == 0), writable(getuid() == 0) { } - const bool writable; -}; - -/* the single global thing */ -static ModuleNexus yarrowConnection; - - -/* and the exported functions */ -void cspGetRandomBytes(void *buf, unsigned len) -{ - yarrowConnection().random(buf, len); -} - -void cspAddEntropy(const void *buf, unsigned len) -{ - if (yarrowConnection().writable) - yarrowConnection().addEntropy(buf, len); -} diff --git a/AppleCSP/AppleCSP/YarrowConnection.h b/AppleCSP/AppleCSP/YarrowConnection.h deleted file mode 100644 index a5521df9..00000000 --- a/AppleCSP/AppleCSP/YarrowConnection.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * YarrowConnection.h - single, process-wide, thread-safe Yarrow client - */ - -#ifndef _YARROW_CONNECTION_H_ -#define _YARROW_CONNECTION_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Both functions a CssmError::throwMe(CSSMERR_CSP_FUNCTION_FAILED) on failure. - * - * "Give me some random data". Caller mallocs the data. - */ -extern void cspGetRandomBytes(void *buf, unsigned len); - -/* - * Add some entropy to the pool. - */ -extern void cspAddEntropy(const void *buf, unsigned len); - -#ifdef __cplusplus -} -#endif - -#endif /* _YARROW_CONNECTION_H_ */ diff --git a/AppleCSP/AppleCSP/cspdebugging.c b/AppleCSP/AppleCSP/cspdebugging.c deleted file mode 100644 index bac414c5..00000000 --- a/AppleCSP/AppleCSP/cspdebugging.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cspdebugging.c - - Contains: Debugging support. - - Written by: Doug Mitchell - - Copyright: (c) 1998 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - 03/10/98 dpm Created. - -*/ - -#include "cspdebugging.h" - -#if !LOG_VIA_PRINTF - -#include -#include -#include - -/* common log macros */ - -/* this one needs a writable string */ -static void logCom(unsigned char *str) { - c2pstr((char *)str); - DebugStr(str); -} - -/* remaining ones can take constant strings */ -void dblog0(char *str) { - Str255 outStr; - strcpy((char *)outStr, str); - logCom(outStr); -} - -void dblog1(char *str, void *arg1) { - Str255 outStr; - sprintf((char *)outStr, str, arg1); - logCom(outStr); -} - -void dblog2(char *str, void * arg1, void * arg2) { - Str255 outStr; - sprintf((char *)outStr, str, arg1, arg2); - logCom(outStr); -} - -void dblog3(char *str, void * arg1, void * arg2, void * arg3) { - Str255 outStr; - sprintf((char *)outStr, str, arg1, arg2, arg3); - logCom(outStr); -} - -void dblog4(char *str, void * arg1, void * arg2, void * arg3, void * arg4) { - Str255 outStr; - sprintf((char *)outStr, str, arg1, arg2, arg3, arg4); - logCom(outStr); -} - -#endif /* !LOG_VIA_PRINTF */ - -//int foobarSymbol; diff --git a/AppleCSP/AppleCSP/cspdebugging.h b/AppleCSP/AppleCSP/cspdebugging.h deleted file mode 100644 index fa28fe69..00000000 --- a/AppleCSP/AppleCSP/cspdebugging.h +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cspdebugging.h - - Contains: Debugging macros. - - Written by: Doug Mitchell - - Copyright: (c) 1998 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - 06/02/98 dpm Added DEBUG_THREAD_YIELD. - 03/10/98 dpm Created. - -*/ - -#ifndef _CSPDEBUGGING_H_ -#define _CSPDEBUGGING_H_ - -#ifdef NDEBUG -#define DEBUG_ENABLE 0 -#define ERROR_LOG_ENABLE 0 -#else -#define DEBUG_ENABLE 1 -#define ERROR_LOG_ENABLE 1 -#endif - -/* any other way? */ -#define LOG_VIA_PRINTF 1 - -#if DEBUG_ENABLE || ERROR_LOG_ENABLE - -#include -#include - -#if !LOG_VIA_PRINTF - -#error Hey, figure out a debug mechanism - -#include -#include -#include - -/* common log macros */ - -/* remaining ones can take constant strings */ - -#ifdef __cplusplus -extern "C" { -#endif - -extern void dblog0(char *str); -extern void dblog1(char *str, void * arg1); -extern void dblog2(char *str, void * arg1, void * arg2); -extern void dblog3(char *str, void * arg1, void * arg2, void * arg3); -extern void dblog4(char *str, void * arg1, void * arg2, void * arg3, void * arg4); - -#ifdef __cplusplus -} -#endif - - -#else /* LOG_VIA_PRINTF */ - -#define dblog0(str) printf(str) -#define dblog1(str, arg1) printf(str, arg1) -#define dblog2(str, arg1, arg2) printf(str, arg1, arg2) -#define dblog3(str, arg1, arg2, arg3) printf(str, arg1, arg2, arg3) -#define dblog4(str, arg1, arg2, arg3, arg4) printf(str, arg1, arg2, arg3, arg4) - -#endif /* LOG_VIA_PRINTF */ - -#else /* log macros disabled */ - -#define dblog0(str) -#define dblog1(str, arg1) -#define dblog2(str, arg1, arg2) -#define dblog3(str, arg1, arg2, arg3) -#define dblog4(str, arg1, arg2, arg3, arg4) - -#endif /* DEBUG_ENABLE || ERROR_LOG_ENABLE */ - -#if DEBUG_ENABLE - -#define dprintf0(str) dblog0(str) -#define dprintf1(str, arg1) dblog1(str, arg1) -#define dprintf2(str, arg1, arg2) dblog2(str, arg1, arg2) -#define dprintf3(str, arg1, arg2, arg3) dblog3(str, arg1, arg2, arg3) -#define dprintf4(str, arg1, arg2, arg3, arg4) dblog4(str, arg1, arg2, arg3, arg4) - -#ifdef __cplusplus -extern "C" { -#endif - -static inline volatile void _panic(const char *str) -{ - printf(str); - exit(1); -} - -#ifdef __cplusplus -} -#endif - -#define CASSERT(expression) \ - ((expression) ? (void)0 : \ - (dprintf1 ("Assertion failed: " #expression \ - ", file " __FILE__ ", line %d.\n", __LINE__), \ - _panic("Assertion Failure"))) - -#else /* DEBUG_ENABLE */ - -#define dprintf0(str) -#define dprintf1(str, arg1) -#define dprintf2(str, arg1, arg2) -#define dprintf3(str, arg1, arg2, arg3) -#define dprintf4(str, arg1, arg2, arg3, arg4) - -#define CASSERT(expression) - -#endif /* DEBUG_ENABLE */ - -/* - * Error logging. This may well be platform dependent. - */ -#if ERROR_LOG_ENABLE -#define errorLog0(str) dblog0(str); -#define errorLog1(str, arg1) dblog1(str, arg1) -#define errorLog2(str, arg1, arg2) dblog2(str, arg1, arg2) -#define errorLog3(str, arg1, arg2, arg3) dblog3(str, arg1, arg2, arg3) -#define errorLog4(str, arg1, arg2, arg3, arg4) dblog4(str, arg1, arg2, arg3, arg4) - -#else /* ERROR_LOG_ENABLE */ - -#define errorLog0(str) -#define errorLog1(str, arg1) -#define errorLog2(str, arg1, arg2) -#define errorLog3(str, arg1, arg2, arg3) -#define errorLog4(str, arg1, arg2, arg3, arg4) - -#endif /* ERROR_LOG_ENABLE */ - -#endif /* _CSPDEBUGGING_H_ */ diff --git a/AppleCSP/AppleCSP/cssmplugin.exp b/AppleCSP/AppleCSP/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/AppleCSP/AppleCSP/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/AppleCSP/AppleCSP/deriveKey.cpp b/AppleCSP/AppleCSP/deriveKey.cpp deleted file mode 100644 index 92476964..00000000 --- a/AppleCSP/AppleCSP/deriveKey.cpp +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: deriveKey.cpp - - Contains: CSSM_DeriveKey functions - - Copyright: (C) 2000 by Apple Computer, Inc., all rights reserved - - Written by: Doug Mitchell -*/ - -#include -#include -#include -#include -#include "AppleCSPSession.h" -#include "AppleCSPUtils.h" -#include "cspdebugging.h" -#include -#include -#include - -/* minimum legal values */ -#define PBKDF2_MIN_SALT 8 /* bytes */ -#define PBKDF2_MIN_ITER_CNT 1000 /* iteration count */ - -#define ALLOW_ZERO_PASSWORD 1 - -void AppleCSPSession::DeriveKey_PBKDF2( - const Context &context, - const CssmData &Param, - CSSM_DATA *keyData) -{ - /* validate algorithm-specific arguments */ - - /* Param must point to a CSSM_PKCS5_PBKDF2_PARAMS */ - if(Param.Length != sizeof(CSSM_PKCS5_PBKDF2_PARAMS)) { - errorLog0("DeriveKey_PBKDF2: Param wrong size\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_INPUT_POINTER); - } - const CSSM_PKCS5_PBKDF2_PARAMS *pbkdf2Params = - reinterpret_cast(Param.Data); - if(pbkdf2Params == NULL) { - errorLog0("DeriveKey_PBKDF2: null Param.Data\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); - } - - uint32 passphraseLen = pbkdf2Params->Passphrase.Length; - uint8 *passphrase = pbkdf2Params->Passphrase.Data; - - #if !ALLOW_ZERO_PASSWORD - /* passphrase required */ - if(passphrase == NULL) { - errorLog0("DeriveKey_PBKDF2: null Passphrase\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); - } - if(passphraseLen == 0) { - /* FIXME - enforce minimum length? */ - errorLog0("DeriveKey_PBKDF2: zero length passphrase\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_INPUT_POINTER); - } - #endif /* ALLOW_ZERO_PASSWORD */ - - if(pbkdf2Params->PseudoRandomFunction != - CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1) { - errorLog0("DeriveKey_PBKDF2: invalid PRF\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - - /* salt, from context, required */ - CssmData salt = context.get(CSSM_ATTRIBUTE_SALT, - CSSMERR_CSP_MISSING_ATTR_SALT); - if((salt.Data == NULL) || (salt.Length < PBKDF2_MIN_SALT)){ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SALT); - } - - /* iteration count, from context, required */ - uint32 iterCount = context.getInt(CSSM_ATTRIBUTE_ITERATION_COUNT, - CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT); - if(iterCount < PBKDF2_MIN_ITER_CNT) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT); - } - - /* - * allocate a temp buffer, length - * = MAX (hLen, saltLen + 4) + 2 * hLen - * = MAX (kSHA1DigestSize, saltLen + 4) + 2 * kSHA1DigestSize - */ - uint32 tempLen = salt.Length + 4; - if(tempLen < kSHA1DigestSize) { - tempLen = kSHA1DigestSize; - } - tempLen += (2 * kSHA1DigestSize); - CSSM_DATA tempData = {0, NULL}; - setUpData(tempData, tempLen, privAllocator); - - /* go */ - pbkdf2 (hmacsha1, - kSHA1DigestSize, - passphrase, passphraseLen, - salt.Data, salt.Length, - iterCount, - keyData->Data, keyData->Length, - tempData.Data); - freeData(&tempData, privAllocator, false); -} - -/* - * Member function initially declared for CSPAbstractPluginSession; - * we're overriding the null version in CSPFullPluginSession. - * - * We'll generate any type of key (for now). - */ -void AppleCSPSession::DeriveKey( - CSSM_CC_HANDLE CCHandle, - const Context &context, - CssmData &Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &DerivedKey) -{ - /* validate input args, common to all algorithms */ - switch(context.algorithm()) { - case CSSM_ALGID_PKCS5_PBKDF2: - case CSSM_ALGID_DH: - case CSSM_ALGID_PKCS12_PBE_ENCR: - case CSSM_ALGID_PKCS12_PBE_MAC: - break; - /* maybe more here, later */ - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - DerivedKey.KeyData.Data = NULL; - DerivedKey.KeyData.Length = 0; - cspKeyStorage keyStorage = cspParseKeyAttr(CKT_Session, KeyAttr); - cspValidateKeyUsageBits(CKT_Session, KeyUsage); - - /* outgoing key type, required (though any algorithm is OK) */ - uint32 keyType = context.getInt(CSSM_ATTRIBUTE_KEY_TYPE, - CSSMERR_CSP_MISSING_ATTR_KEY_TYPE); - - /* outgoing key size, required - any nonzero value is OK */ - uint32 reqKeySize = context.getInt( - CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - - /* cook up a place to put the key data */ - uint32 keySizeInBytes = (reqKeySize + 7) / 8; - SymmetricBinaryKey *binKey = NULL; - CSSM_DATA_PTR keyData = NULL; - - switch(keyStorage) { - case CKS_None: - /* no way */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - case CKS_Ref: - /* cook up a symmetric binary key */ - binKey = new SymmetricBinaryKey(reqKeySize); - keyData = &binKey->mKeyData; - break; - case CKS_Data: - /* key bytes --> caller's cssmKey */ - keyData = &DerivedKey.KeyData; - setUpData(*keyData, keySizeInBytes, - normAllocator); - break; - } - - /* break off to algorithm-specific code, whose job it is - * to fill in keyData->Data with keyData->Length bytes */ - switch(context.algorithm()) { - case CSSM_ALGID_PKCS5_PBKDF2: - DeriveKey_PBKDF2(context, - Param, - keyData); - break; - case CSSM_ALGID_DH: - DeriveKey_DH(context, - Param, - keyData, - *this); - break; - case CSSM_ALGID_PKCS12_PBE_ENCR: - case CSSM_ALGID_PKCS12_PBE_MAC: - DeriveKey_PKCS12(context, - Param, - keyData); - break; - /* maybe more here, later */ - default: - assert(0); - } - - /* set up outgoing header */ - KeyAttr &= ~KEY_ATTR_RETURN_MASK; - CSSM_KEYHEADER &hdr = DerivedKey.KeyHeader; - setKeyHeader(hdr, - plugin.myGuid(), - keyType, - CSSM_KEYCLASS_SESSION_KEY, - KeyAttr, - KeyUsage); - /* handle derived size < requested size, legal for Diffie-Hellman */ - hdr.LogicalKeySizeInBits = keyData->Length * 8; - - if(keyStorage == CKS_Ref) { - /* store and convert to ref key */ - addRefKey(*binKey, DerivedKey); - } - else { - /* Raw data */ - hdr.BlobType = CSSM_KEYBLOB_RAW; - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - } -} - diff --git a/AppleCSP/AppleCSP/pkcs8.cpp b/AppleCSP/AppleCSP/pkcs8.cpp deleted file mode 100644 index 70fc647b..00000000 --- a/AppleCSP/AppleCSP/pkcs8.cpp +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// pkcs8.cpp - PKCS8 key wrap/unwrap support. -// - - -#include "pkcs8.h" -#include "AppleCSPUtils.h" -#include "AppleCSPKeys.h" -#include -#include -#include -#include "AppleCSPSession.h" -#include - -/* - * Given a key in PKCS8 format, fill in the following - * header fields: - * - * CSSM_KEYBLOB_FORMAT Format - * CSSM_ALGORITHMS AlgorithmId - * uint32 LogicalKeySizeInBits - */ -void AppleCSPSession::pkcs8InferKeyHeader( - CssmKey &key) -{ - /* - * Incoming key blob is a PrivateKeyInfo. Take it apart - * to get its algorithm info, from which we infer other - * fields. - */ - NSS_PrivateKeyInfo privKeyInfo; - SecNssCoder coder; - CSSM_DATA &keyData = key.KeyData; - - memset(&privKeyInfo, 0, sizeof(privKeyInfo)); - if(coder.decodeItem(keyData, NSS_PrivateKeyInfoTemplate, - &privKeyInfo)) { - errorLog0("pkcs8InferKeyHeader decode error\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - CSSM_KEYHEADER &hdr = key.KeyHeader; - if(!cssmOidToAlg(&privKeyInfo.algorithm.algorithm, - &hdr.AlgorithmId)) { - errorLog0("pkcs8InferKeyHeader unknown algorithm\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - - switch(hdr.AlgorithmId) { - case CSSM_ALGID_RSA: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - break; - case CSSM_ALGID_DSA: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - break; - default: - /* punt */ - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - break; - } - - /* - * Find someone whoe knows about this key and ask them the - * key size - */ - CSPKeyInfoProvider *provider = infoProvider(key); - if(provider == NULL) { - errorLog0("pkcs8InferKeyHeader no info provider\n"); - /* but we got this far, so don't abort */ - return; - } - CSSM_KEY_SIZE keySize; - provider->QueryKeySizeInBits(keySize); - hdr.LogicalKeySizeInBits = keySize.LogicalKeySizeInBits; - delete provider; -} - -/* - * When doing a PKCS8 wrap operation on a reference key, this - * is used to infer the blob type to obtain before the encryption. - */ -CSSM_KEYBLOB_FORMAT pkcs8RawKeyFormat( - CSSM_ALGORITHMS keyAlg) -{ - switch(keyAlg) { - case CSSM_ALGID_RSA: - return CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - case CSSM_ALGID_DSA: - return CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - default: - /* punt */ - return CSSM_KEYBLOB_RAW_FORMAT_NONE; - } -} diff --git a/AppleCSP/AppleCSP/pkcs8.h b/AppleCSP/AppleCSP/pkcs8.h deleted file mode 100644 index 0d7de07a..00000000 --- a/AppleCSP/AppleCSP/pkcs8.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// pkcs8.cpp - PKCS8 key wrap/unwrap support. -// - -#ifndef _PKCS_8_H_ -#define _PKCS_8_H_ - -#include -#include -#include -#include "AppleCSPSession.h" - -#ifdef __cplusplus -extern "C" { -#endif - - -CSSM_KEYBLOB_FORMAT pkcs8RawKeyFormat( - CSSM_ALGORITHMS keyAlg); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKCS_7_8_H_ */ diff --git a/AppleCSP/AppleCSP/rotty.mcp b/AppleCSP/AppleCSP/rotty.mcp deleted file mode 100644 index 96f2ec0f4918333a8e71882d2daadcb7f29f33eb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 85911 zcmeI531A#m{l{lEX^vj>qAi8eZGn~^BrUY14Oi3jN=ayFT3QO&Zj)`BHpzx$Q_5W~ z1w;h|1r@E}4IY0~P!#_aK~d2^iijd=K@b7u5){w=Kfm|h?9S}Ykw}Cd``Yik@4ok& z-@NyGzu%iTvzwWwRI1gotRl;@kF@Ls$6EHnwU*U?4rOh2%qG*RCe@r=mFVnjNp;2> zI#ZjIO=+iUKgnYQEh`qctVN3~YYBap&(=Cin`nc{6O_#Z^FbFl4{QgQf*6+pdOq8W`P;t7%&&i1{1(CPz#oV$zTAO3JwEPzzEO?q+ts|KOpVv4~_zrU_6jC z2pkVi1FOO5U<q0&y1}8~9Iy=>1kMGM zz>%N?8~{qe5YPh71ZRPAFdS?G?*P>R-?wT&608FWupSHrO`r@kgUi5Ha3B~7Hh>kN z6C4hX03Bc$c&pRp9B>Cs{k3)hOFq-mFFXz&8aR5`j@xxb5vAfID*wvuRWI(|{oI2h z>P}*~LfX$QAQ9ew`Lbo=;hEHL@$!{2eMu@VZA^7{HYH`svlrFYEo82n=Bh6$U!LsB zNLa3#{=*uRP2HU>>2u?CE$cfIoh?d9u~9PB&j=yHcH3P1h`0(VV8|Qle&A7(>S!UCVcS}F>wl<~#Z0WI>i6q%_KHDUx5F%lw z=A$^GB0f!Jwwm{(EwJg0mcE>u1zO9+gjQa>E0ebZ#~tswN&rs zl-@}f7COCjp?y!hzOi=U(AsvKx;>eWFWlDAn(9o-ioO@AHmP^3NN($OQ1s$31<^g$ z0>LNCY?HIgo#H+?p~YA-$im>wCuuwAm#9dEF1+T+p=6CB8sxL($7|a^Ub}^$n}sALl1pTT`j_ z_>yF6hgH8SUQ<~!b*dIz6>ms%H6>crr{&4>tcHb)yt}$vFni7xtI9M7u9nucv8g4~ z#s=<4dRr|euI9;QNyDFM2 z*N4uo&L&G;2X9C;C20mXl+&A3-dGo3-rb&VX-kR{r>LgF^J(hT?B_(&vc`(mtO^Vr zUz9jn%e;+UuyFp$#dy+|92dxzSNZKAT7$~D|G%s; z<6X2CYj}zr-8g+fx$h2gOurpe54{yW2hHC*zeJCmr%h6{IMJ4rUm(P5Qtexlo!p_Z z7PTg~@k@kcM`w!fow`z;*8G+(!qrn$kH2b1I`Zh2th+frlr7Z$En}W3lMf4$>$^9` zJw20P^DP(oMcfQ+^^x~0r(Zde)g2wJElr7ZOR8Oh-+URy(OutO<$Tpuwy0RL zuBCkoqgm74l}@$APfnhDPO7uH%c^dYL1mgvZ|bsEB={;wX76;mrF~-;lX+_r({*&H zPxHH5TAR6Bm+nk-S!%#GCOhMLA4^Z#^s9q?IEkE%Y4r4ChZn)T%2sz-q6w|-*L6AmqWNZC6qIRDsp}^Lm5-GIVz_P6q&Y( z^y1dkdK@U*6#cbod_`xHuSGMRGe))=lAWza6=w(eWK}gacO}+#r(0V2W`KP-OSP^~ zG;OJ9>gceVy1LZqPJP&@jwKydA2%i1n_H8q_43OeRnV4dZcQcl5>b81XjGq?Qrsoo zrsdL`I{B^pyJr~ceg?ng^%uh=!d;990J=`foO!Q@{^S?!*%HE!- z?;BF){C>x+uFN?%nWclfZa?9B+^u8hi!;7s^Zc4>b0Y71Y56r({i-$kCwcsU%d-2a zWdrLJJ)m)Qp~*7S8BAHSbZu%~?|gpCa@*tbfrn)R9|(qn!QcQe1dISf!2~b~IKN$z z-!G}JLABA?7Uf(at9wCJxz`%rt7t9bx&H7I$h{`fkVUYD0X&5%IN{Q|Z_%|Jb47ExYI3H1W~k7uvFCNMK8K za9C$*gPZLi(z0VzK#NRxIJ+bQf>}urO8%kj)J6H05=Ld17#y5mbZBPJ9bx8P1 zb!hO4Kyc_fwSjKv4qKea`~8Pskmg9_25C;UPmtzF@u_rqdrobBkopR^y){=L6Qns6xj~v! zofD*fwZYAH1!>NXzCoHJ;}fL*5+U8r3DVsCeS*|SByi9~d;XbJ+*#FRgEU{MCrERu zbAvReIzLEr1agAZr#7%h!9mKGiV;C75+Ok<)!{)Z5@A6q^&vqj)xkmP)P@A9BjRfv zr_$fsr8YE3vjPF$ss#LkR4PJ(RH}o6G*cVgZ2usY9ixI&WWs~gB@xo?;2>4|hX<)6 z5;$o7LF()lY!~(m3R2lQBuJ$?G)P4tI7pq^z#at$sdL9U>dG`L7ZR{pq42QH%7q1Q zRw^WfvqHgv?3D=#XRn~IHN7JKzL1p(4e(sC0DpIh`2~BnIwa(?LQxT#l?;#5Jh{l$ z2gj^SS9s)l1tZ4CKZ?C7qQ);IqO*!Z;#v!#CE`Swm5YonQPz{_61nK;5~;}O5}~N* za%3W-%MlD2Jx3&LbVQ~H(Ulbo^-m=h99>c!8C@dOv*;4ZoD@~d-WDPO`HMfvrf z_{pz!M~;83XH5J>%xL&mI(E*l&54j8fsA+g2mzZB{WUE6WBrBwyBREd7lHt*kCl}fJ;K*_5 z3XdPJV8rls7Mf*@ECAOgtQN-0KZrJhkLvu5@=n~p6}(( zZozg(BFM94=MbNkTWh&L((;CeNQC&bREPVtNQC*c)Q9-AR0sRCQyb#bj)Zeb?MijZ7U;78IEX3yMgT1v4^X7R(6o>%yS+_P~OoCdz`2Oo#;?5&sr5V};mG zY6Gn%mBIGP)CM2d-^*mjQ0s_5uw9&5UyC@E{%sOV1^bcI2HHX@gKd$i4L+{FEo8?~ zTZllgEu30kTR4?Yo3M@kQ#S8kpyr)*gXBEt-XNjeGjNcc_dFaVw28!wPc2KqF>>VWJcHU5#sIEDV9Hc}~i0&IL zL6W&kh6uSxGvV-&jvz8Uas&~Ka0C&N1w~-HrQZC~Bt#~=U=9-UEHQ$Fa;A|WG52H= zCKJ(jQRDPY*);!;=JO_&AUV&(5+sy6u>{F^Czc>7&%_cWB<67@mM|HQKZOYzn}&%* z+SEI-1gXlISOUfL#1d5PnOK5^+!ITvOjOsLi6ux${=^a_nLDvW$Ymy$Ksf?A$`RDQ z?mx;2Qx@R}va3uiVJf1m$-dc%B}kEHVhIw;nOK6v+!ITfOhn(^6N?0(&r>w=CYB&M z&%_cWlsmBm$$2N1ASutp5+o$$jz5LTcqW!GLDyvMXD`{+@s}VqId>Pr#WE2SD3)EZ z_%+Bgu>|RGPb{G_QC)K;mLMhh6HAa}?!*!y7ilJmlPE_}vE-gu0uPF^2uBcI&Wgov zTvWYl#S$Qsomhg};+a^2gmNa9ATjsE5+)PTclX31{q*Zw?hVKwInTrrB$PX`1j%_P zmLMt5#1bSV=5hQfOvW>@gbBJPYd?F*@to)jQj;^Wgo|Y&CQvN9V)1K`XJQG`;htDR zWum&~Oe{f4@+X!c$=r!0LN3xwvVW8#h)j9^# zbpqUHe`+HJO%wzUnp8?S`)dxi3;Sh5IDcnP@a9+Ngl)cnJ7E251AF8SQt6$~L;m#r z-MU2k#_q(%q`LU>o2Jy*d!+nyWggq6!#D6!Zc*lGbYZPpkZSUrXZ?;SJzTi0DajM< zQtk2-J$b~PDD~@vU-SIryv_5I5Od@<&rdF}d47G7DJk!X6Asku z*JkAx-0^MWnR*gg+Jgcm^+b_*ykSu1#B4q8oPQJidZr|On&2lJ*aW}6d7fPu)G4*2 zJh0Ju%wLe8>sf~);@7&o1NsU19?(zFb-=(U)D$ZA4hz^;XL2J=Jsj|qAe9!fE#e8t z3&`cQpvAFSUyGB!8}ut(oRs%s-2qC{^(lGH=tH11y`UvQ{t75-R@@!}FNe1BoUZBc z{!m_9YRl_b2b`m2kqP5E{3LEF-UYLU4UK6tAfQ0zYV$W(hZZHqk#AJweO z{{FV)iYPSD_x9OfR6FMVG=4S-}%O;kUxarU%s1 z$D(h;58XI;fyj&gaq<#KxU@gs%~M-3tGpt0Jbl^@p9!DP-kfZPp9Vin9@qjG`y3vd z_3D@4H^Pqqq~b5LnW(5${B!b2hKv3qHSZ^{W}OV;4BOGl=g>ypM}focuD=_)u)x(ANoB7pRWC(gx82!GqgXH$T5%B{!p?M zevI~ql1=cL+8;_p|13R5C7*%M*5h6xV{xqZhmu|JIi_4*EIC*EL#e#Vwo3a$sXP2ot5bQsQd^zBC z!u>_Rj4{XTFZx!15pap~m4Md|_rHQ%{456l1ozYcJJ_t1N6Eu?!q>^OW_b!d{0w+9HvWr$fXnNbH^5(p-vZxgxQxXn!ykpW z#KwP#Y@o!&X813dVur!Dz#oK9gSQ&a@vJt(JK^ny-vCb;ekZ)caM6FZ;jh9wH6J_> z-evd{cpA=e2jd@Bx8a-MTjAJY@Kx}0VzV#mfPWgk%_>Pg0ly!9t~{m~{uKPY`MYX% zF%=fW&tI~uR`_A?3r^X!OgMgNUASV`O5sWPMQe7QA^dXq#p`w@gx?C^zG2r!;Sazs z(e^(;^k1sypCM4|GCltc84tf)mgh{n^Wj%CrQ-|WG8XTYg&ADp?p^W_YWPj?E0c|h z4e-0+(ziJLC*)V_`De)M@OSI^XDGgCU8Copp>yHy(euwx@yGW9(ooU=K0W^o{UH2W zJ^u{-ANX~8{u%mz@ay&bGxSCH`}O=YOyc4OJ^u`=fZwR+gkg2?59oPjm^ktW_53qT z;_fC>{zdrBdj1*qGx&$}{4?yI@DJ$Y@Vq2M0NC%$7<_<-z13ygudBb;-f5Gr)$i)_My_Ea zu|XQSoz0hp!KJ-lQPdjwee$mw{wle|DrwY#Y{V|4QQ`w%Q`8!@j{NI}%edTQxb*uQ zhX0WKn}&;D-K+WNvE<(}d?C5mh%{QpdZ#e>^=!Vas5M&Jb)Vsnl7GkWzmeas`9X3H zdcg1+^6wg+B>$e_5^E0{F71>)lMWKuA1G=a^bEPQn>40~%|nV>VRw^hD$%5GyGrV&uf0@B=Q#w zUq=2%!_OiAli?pGmwAMA=>2S7Qq($Bj`OnS<4Vb2F?=fdtA;m_%lU>huA9wkidy4t zA%ER)@wLAgF75iO=J6rqVpCFl78~(DQv7r_e^=Csiw}s6Nbygyk@<)e7hjWplH$_F ze=BN@mvIq4AdR1`mJynt0k;*k#$N%C8O|JF7a5Mf*u{p^7Q3J36DGh*3||NrTaYFs z;bn$j1ur+8xy0^oIKF8QFdTc>12sQv1YG79(qYoh!G@m(Kfv&AxY&qv*!$r_4ZjOM z%y7{^+;GOnMz5s9skaX_{22I1!|UK;Bhumcl|9<<_rVV`{D0tM3>WI5w4Z1mkEQW;niVOAL@EVn6!`!>7Pyz93Dk zg-443vF zulZzr%0`!@$@I@Y(eUMP`XFiYR`@(ct;sjTs|~*wKHqTWB)dlQDfqsDBlaD2gDX*g}SPcyt3zRK{+;2c}hv|He(8~!c$8pEG} zpJDjl;Eb81qlh8`M%1Kl@U{cfj!jNk`ugzufQ_;8$pV z%rN*n4QCFp-(@&HWnXDH?X|Bm{9|zDBT2{nFZ|txKL^JrB+VQOe~;mF;qNv4EI4zq zq?sJkzSi*1!ml&@`*8d~(oFIH_iH{&+KJsI%{mr-qv80b{Q<-2xBWrGKMBXCl4gm{ zn+<;j{vpk0kA#2N@Dt%5F&sa&Z!!ET_(u)@Je>YZn*DS54n?ime}jKq^JB-tZ#8@Y z{5He!Q~MK!V?UerNjmn6@J|{32>jEAzXAV@=5t2Fv5}-X^WmQ}oH(#=HyoSUcNl&b zoVH4u^IP~AG@l!Tb393NC&0gC_#*iK7%uI+({RSe{<7hB!@pwqui#%b{NHenC#gzw zBB%IL_}2_4=IpN<&iL5(7=ADO8-_mx|EA{0mB6W!bX+C;TZS)(<8zXZ+X~;QsC67; zWq;f7`{DN){yX@0G(Wx!PMxIVr@+-&?w zarU!!8U7mlNzLaChclLv=FNaJ28uVppEg|l_8G&O8|>d3{w4UchGPT!4~D-C$3~K> zMgQ}LPlq!elB&hu{%H6nICF=j>UY6kH2hQWmkei|ZS+d2rY-g>nyXi;ylQxy@;@8C z2u?pG&2NRjZukxGzZgy&*nc%#?Ei-5H3Q(x5t3?-f&bm`mGFNUej)syhJOzJFT)v6 zoAHyhpcuZ}aBLgX)LOvU#cWf4CEQdj_zJwplrugt_LsDf_Qd)bek{Di@Md_a;a9=S z48IdzZa97y>u)&yh@nf;qQl?=HQ(R1vi6ZRkF0fMjU#I(dmTuE4PYZU6RZW|n=N27 z*aF0t+CV!-slk6QpV)Y~7YJ5=abu8hi$P7KpFi4(mIm2y6i^MK6%YTlpE2-koGU?DgW zR0CqfS`3ze6Tm!B3zmYDK^>?Er+{Uk0h|h!gGR6d5EJTt_DSTcz-n+hSOX3RM}Uc7 z5{Lu*PJK@@nS2Tu2PS~2U>Z0IRDen_9S}Fx(SSI#W`bE@HXshHIbb}P3#!0z;CO&d zEo^OJYYSUj*wn(N)((KJ)&0H?l4C1%zYklh`+L}0-Ot0;>i!+JR`=_$wYopYc&Ynq z*j3$6WByS0=dicBkM=e4uLH(J-JiRM{2Sn#;9l@8@V{Uu_%^r?d*-M zAOY5cCU7QL3z|U^Yyf9~cYuvx6KDaO!4}X8+CV!U> z1doGXfhWMD;1}T6;5Xp6;Ah}5unRm1o&vuEPlIQ`@4>U+58yfQJa_^85&Q}K9J~l# z0xyGCIQ9>~55Ys=N8r1ZFD3sz_%ZlD@Gy7)JV@QiC zJw)2C?itcAb&v3S$S(s8;8d`ja{8g}_0bP?Z%_I=2fho?Cv{(sKB@bPVuQJG>0cE% z4jj*C`l{~d(N}f;>}fWLvigMWb6D6b~}EBGh) z7x*{$Gx!U2^T~IU*MJ3JA)rX^oyk2jxmPCl$mHIb+!K>~VR8>l-TQi-d=Xd-mVjC? z5ljL{g2`Y4I08%oQ^7Pa9vlvi0u`VVOb0W-(cl;`6U+j$!Li^lZ~zzrhJs;W0B8h* z!Ei7F90>Y@L0|00?rq6EExDIv$H73b8k`Q+fHT0w zU^~E$a&0Nslya>q*P?PwDc6#64Jp^MvSyIAkzBLNx=5}kF{foSZn7?sYf8D6lxs*? zE6MevTsO+~qO39GT2ZbMWz8ekhjLvg*Mo8$DA#|oK9Or`UY)=6^RAlD0W9U|8ma=l>h1m6aCv7gurzme+^S(C}Nf~=8bohR!fxn7X#1i3zt zb(&lo$Tfjn3&>hWt^;KKFY7Q_`^%bN*7~x>m$kjDljOQb*7mZdm-U^jwPa1N*7Df> zzmjaegWQE?{6ZOD4l)50#m0Y}wy56^6vL;(=K$I?B~88`fXkRkJbsaU93d$&iQic9 z2_*RA@bTo^!E5jd)}b<|sC6~5EGfo5YW;E~99h;e_Bk!^>F|m4mobQ)1fK**vDIvl z{S@`F&G5+}4wrULnKOM3eT`iSpK9Ipnv{$Er|sVTSNa&+0Y3`F_>Z5f^$$Ic;g42j z@mF6x6aGA$-+%mIr??1w1}1+QJ_3F;AQg#@V-&TD7Lw02{2k=84BtvFb|)2G#pYPr zGY|d|_#E0Z8vX_NTyO+@CwUdXZbgrf9|!1L(eKHR2UFm0ke>iJelanp)|c3!SjItY zM4O7GUGo6PE*2lI2BhM(Z00L!6`w<1V>t7QTCb87f0~W-hg2-~5nmw{Kfp$Gk&20B zwT>13Yc{ojRQyLaOBJ<>nIF`;maLz&vrd=ylXlh{F6}(UaLJb$-b~(LxcJ+thTlfM z-0-iEHyX~Iq}In|{bU?hn(`;fPc!@_@>PcalU#g=R5Fmw>55t<;_qt=$JS~+L{=hW zi(g185nG<6s8u5ElJO>$B-n_3NhNJ;)(L}O#762!CE^3?6}3vPBX2VN7INt`spNBP zl8Ra-cav{0{2}sr^qig{Hx@b8U6_Q z<(e0^eQJS$EF$}<>zk5!a-Og=UvTy5VG7FjP7CZN;TJ3o@C)y&;~Uew8@`F(*>xs5 zd6RwB-r2!ItN$Ylh+nWHFR{(|Mf1Y;tu39Yc7BDKo?F$J?p}{iZIw#q=r7O-wYI}2{Q~t_Zu2avgs&A}|*A#r^EgG7) z^)N2Ku;p7H{WtXT$LZ$L6K`wl3I{J(;H|Ylz>^!^+D5#cN6X%;DqMTMo#U{l9J@HT zA#%njq&H`QwQIZ533+hE+m~!sfemuysQ$fu?bsuZJYrJKvIPq##V0MOUQtcfP+PM? zzE<8}Qp~dA^z|J1Ef)!&C{iSMgWPz^w)Q}dUwl{>_dsq6a@%_#Hx;={dmuLrxy!S1 z{<9VR=&3$&gA23zJa)+_N8g?<7pEUR8Q(F;bqDm9DsPhCK*`;PY-#eO*o*IrTX#3{ zYaW&0$#ph@8M(U?4_gA2><;Vh4g5;Xe9F_O%X7E+$IX@4SM+In+II7FW50RIUT!y3 z_Drt3onP%?m$;G>gUhd8#Y12G?JlwR3;LJX==sY9Qmf<+@!D-W^FYyyKbgju?bu>l z#kL)5P;xjp=L^|d*|Aff)Fz`(eUjrP&G=ez+S@@>q$ScKecVhvzjVHP(>&EqwJ#g$ zGICCtCl~!2lz*Z2OQye>?y6(UF;(K1rs#L{b;~I?Q|D5OJ^P=s?3C*Ig%t}|n;(w3 zsui6lTeTcw8eWD|UP82NgpISh#j{noW3;Pu; zP_V#0WP#FSYIY4#{jsgmW9nWuSI?@X^qAwe??YWJbfsW{f&~f|@K~TQ|9Q+&_^{7e zKyGQv-RF67OSkabseNvI3mxj61p;1a(>o=5vov4q6n-_kHxFPRx4j={2=%>ZAM4%A z)RpNkJo&O#e+w+l7Y5jt$tP_lK9%#F82uaM6{%F~`qVbwCvtM{`g;?r5GwCb}eoix<=_Ufr~%rCDB~xvH_D#_A_`!8wqLZ+%?zf%{;YIM37DtAe-R z{QP)ha8q+vVr_T2rL`r^vmGkhn#^xbOjk0NVjhyYh~jxXv1cdwe>d5#8B2!4`Qc9V zQKP@YKtjzQX2#Yk^=(egiz|0eFP^^eW%J1@Ui0$wocf01>5GQQ&x@=n2kn%4cf(|V z_vZrd8w+eor#q@DD>pM=RCIN>S2U&CDm%XqOUA1lUV_#DKXD9dx;}Kt&K5peQ<$q=4j<dH)sy|mIEc-qbdR_)G8OX?=xm8pwSH^@_$)l@{?U{Bpenf;2XJHS)7K2z6^ zx*?vrMVY!1>V|vjrex~MsT=008$5m7l2w(J_6TY9vjYAHEOc+M#?tK^gvuM!SRMfLR!c?+4a z9sKI%QMh8^>J=4Dezn;$-q^dMv9YPMr6c&SF_fN;*6dC`tbSEo-nHvfql>nash1Ro z{aNLJIH@9G9y}MIYiafJcx{{fHMjpyt>&?x(zCI}Jax}sQBU+NZ(LsEzjx0|*CE=c zBe5yn7HsF}cFAHywMR~cA>xdv3|NSS(bE=c=Ft6}%D(cj&aTb~e|L@;oUb!g6-{zk z5iHje`^erE=e2YMYvC`BBkU~WrSAyHyUqi`XRN;94?9kD-8w|7J0b!-T8$-o>g(&~ zM~U+1_9l{pZ*tT()Gg{0J*#RKMCpmDUx&c5`Ag$ba`g?XBKy@)ms%gCC#rrO0)09| zt@ppj;Ni$ zSdA^`1<+AR>FG*tjFOA0=L$7^c@(99`gNeM&Xir7S|jJNhJ}kF=ff@@1sT=!p6C%B z6&NW>S6F?6sjM(hQVx>s$viLnR`Beh$j${Fgz|N!uHsD&n&{Ch33U(DXwAvW_q3J7 z-gt(4E3c~hYKD4~&ZXRF9owGF2su9I`%!yp$dh>X_BAhE^X<6R%QbJXo<3Uh_Gttr zIwQ`e{x)%!Dvy7w*Q$Y5?&VrFQcw7)E3@{A)Dylm?1i3CMLpK@Rz@yn!OWR+p@l z&Sc291iY>aCCM%`bp#l)rLJ~h#z?sr8!!OstA~q^EDb!VYUjp>7YiK;aoAd-wqDCCw{5gJdrm zs6sRUdlo1>(=}t;{r#D)^25Wo=$VGQeZDhs4w z0p%bCGZZXPut03Tur0ZpeGy;r)J%5q2IKh8;JWKXz@@s}XC3HBec1rTJ6c(@gy; zQ@_c4UTr>~ZVgiMYs}}hCSPZk`WsB1;LnOBtv7#m-DKpNjlQJH-H&K+x7>E!p7L;| zv#=>xpkRT51@>PH#Ijv4Uphb4-QLU}1!v3LEc3fb`O#UKej2E}4Q*BJDGS=WTf={- zBFV*{@3KrNqEg-ixom4#I zomTOT&zO(JJly-$4xjqCdbszvuXa%1;Or~8>|aQIZ-M>&n_17py=Q#-T4mvJUF($p zxgYK={#SUow>-|gHxKu=Dt>EOORTo8bk4Jjwo-o3cFJ?U>9}?+W|s1Hudmxj^7%;0 zTfF6mJYw-xxz=Cwhiu(V=r1+;-Q_m3O3dhYmlr*p)$b{P1Nmuf9bFvPU4A6TjUCdK z-bnl1Dt#EI+cfYF@`{d5p1e@>;Tz#c>GDA=?}}@6`K*^kMwgd~ zCl>4S1IEJ5gY}1=3O`(zmkfuS*G3JMXB+m{a(I$(U@DQkpoAjkZtG2Sn$&fK;}cjcMl- za!Pual%oHtY&*aEF$%6!#a5ZT-QKkGUSuo*slV7wx3hTUMEDI-ihj{)+WCV=;o>W# zkw0Z)+WE&H!apFTw7;2+Zf9}Jlkg8pDdQ;ZEYstA%ANS+Tvcq9t|K3)%I!z-G3T{o z{iU5oetsS0^R;~cGqduqFvfO`Dc_Wpzk3noC!6w)jC^duI?B-{slWJ@(f`>Il*{o* z6_2nn?RouX%2%pltMqX4F{+()zxq7o=EX@n)?({F=<=7&qFnTnzPy+#rV*;V{>tYl zzfhOI@L9_`bcik=at!4c>GJ+}z)N-c6nwyzI3blHZ)rVs-)y9OyOdIXA{#v}_3!^A z<(H^ptMp#-!CKF4O_X1%%cr~qFVW?54}y#Dl1gRlPE_S}ul|d2@dHv>IUA$r1nJim zs@VEEerrFj^%VUHF8)D!Ce23Mt-h+3a^r_beTwp42W7k`_e+iyQj`HiaBDns71 zzkVe)uua?@HHdN@kM&2O+ct4`Up3{Mb$hx&%A{;rlkp^V&&%L{*^{6SMbkKBw)Df6EF zeN}EfvxMCA_Z#1%{3p8n`45qs@p`U`a+!BX&*Mu@e?Rd&<&UUhd-#FmroTVL_V&+A zIq_ucxU;s4fBspQk6@gg@)yp8zoyEq`)+4k4pDZqK1yHh*R}kpZ*YE{smtsCPPy2N zYz*;Lq}yp7+>e64s&cCwUo!KCb-f(x4OMQ($2oc~-u>FIDMuH{KCCgT=ln-0_=hf^ zxRG4XKUSJ!+W%DL#1MH|8_)CBpUu{uDD%M$ZHe4xz?ZM1T#tLrbw{Cxn3q&8`c?<=Bp7&%T$fZqLn^tf!pVkW?yuqT4h3k*$=Ms$%P*E6}6IclJhn vJ0|`|dS*NB8B^_?eGf4aD_6yKHFKINKlVW8!`MJoZk6sJFK(CSSM_ATTRIBUTE_KEY); - if(wrappingKey == NULL) { - if((Context.algorithm() == CSSM_ALGID_NONE) && - (Context.type() == CSSM_ALGCLASS_SYMMETRIC)) { - // NULL wrap, OK - isNullWrap = true; - } - else { - errorLog0("WrapKey: missing wrapping key\n"); - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); - } - } - - /* - * Validate misc. params as best we can - */ - if(isNullWrap) { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - } - else { - /* - * Can only wrap session and private keys. - */ - #if !ALLOW_PUB_KEY_WRAP - if(UnwrappedKey.keyClass() == CSSM_KEYCLASS_PUBLIC_KEY) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - #endif /* ALLOW_PUB_KEY_WRAP */ - cspValidateIntendedKeyUsage(&wrappingKey->KeyHeader, CSSM_KEYUSE_WRAP); - cspVerifyKeyTimes(wrappingKey->KeyHeader); - - /* - * make sure wrapping key type matches context - */ - CSSM_CONTEXT_TYPE wrapType; - switch(wrappingKey->KeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - wrapType = CSSM_ALGCLASS_ASYMMETRIC; - break; - case CSSM_KEYCLASS_SESSION_KEY: - wrapType = CSSM_ALGCLASS_SYMMETRIC; - break; - default: - errorLog0("WrapKey: bad class of wrappingKey\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - if(wrapType != Context.type()) { - errorLog0("WrapKey: mismatch wrappingKey/contextType\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); - } - if(Context.algorithm() == CSSM_ALGID_NONE) { - errorLog0("WrapKey: null wrap alg, non-null key\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - - /* - * Get optional wrap format, set default per incoming keys - * Note: no such atrribute ==> 0 ==> FORMAT_NONE, which we - * take to mean "use the default". - */ - wrapFormat = Context.getInt(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT); - if(wrapFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) { - /* figure out a default based on unwrapped key */ - switch(UnwrappedKey.keyClass()) { - case CSSM_KEYCLASS_SESSION_KEY: - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7; - break; - case CSSM_KEYCLASS_PUBLIC_KEY: - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - switch(UnwrappedKey.algorithm()) { - case CSSM_ALGID_FEE: - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - break; - default: - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8; - break; - } - break; - default: - /* NOT REACHED - checked above */ - break; - } - } /* no format present or FORMAT_NONE */ - } - - /* make sure we have a valid format here */ - switch(wrapFormat) { - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7: - if(UnwrappedKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) { - /* this wrapping style only for symmetric keys */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8: - if(UnwrappedKey.keyClass() != CSSM_KEYCLASS_PRIVATE_KEY) { - /* this wrapping style only for private keys */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM: - /* no restrictions (well AES can't be the wrap alg but that will - * be caught later */ - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_NONE: - if(isNullWrap) { - /* only time this is OK */ - break; - } - /* else fall thru */ - default: - dprintf1("KeyWrap: invalid wrapFormat (%d)\n", (int)wrapFormat); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT); - } - /* get the blob to be wrappped */ - CssmData rawBlob; - bool allocdRawBlob = false; - CSSM_KEYBLOB_FORMAT rawFormat; - - /* - * Outgoing same as incoming unless a partial key is completed during - * generateKeyBlob() - */ - const CssmKey::Header &unwrappedHdr = UnwrappedKey.header(); - CSSM_KEYATTR_FLAGS unwrappedKeyAttrFlags = unwrappedHdr.KeyAttr; - - switch(UnwrappedKey.blobType()) { - case CSSM_KEYBLOB_RAW: - /* trivial case */ - rawBlob = CssmData::overlay(UnwrappedKey.KeyData); - rawFormat = UnwrappedKey.blobFormat(); - break; - case CSSM_KEYBLOB_REFERENCE: - /* get binary key, then get blob from it */ - { - BinaryKey &binKey = lookupRefKey(UnwrappedKey); - - /* - * Subsequent tests for extractability: don't trust the - * caller's header; use the one in the BinaryKey. - */ - CSSM_KEYATTR_FLAGS keyAttr = binKey.mKeyHeader.KeyAttr; - if(!(keyAttr & CSSM_KEYATTR_EXTRACTABLE)) { - /* this key not extractable in any form */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - - /* - * Null wrap - prevent caller from obtaining - * clear bits if CSSM_KEYATTR_SENSITIVE - */ - if(isNullWrap && (keyAttr & CSSM_KEYATTR_SENSITIVE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - - /* - * Special case for PKCS8: need to get blob of a specific - * algorithm-dependent format. - */ - if(wrapFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8) { - rawFormat = pkcs8RawKeyFormat(binKey.mKeyHeader.Format); - } - else { - rawFormat = requestedKeyFormat(Context, UnwrappedKey); - } - /* optional parameter-bearing key */ - CssmKey *paramKey = Context.get(CSSM_ATTRIBUTE_PARAM_KEY); - binKey.generateKeyBlob(privAllocator, - rawBlob, - rawFormat, - *this, - paramKey, - unwrappedKeyAttrFlags); - } - allocdRawBlob = true; // remember - we need to free - break; - - default: - errorLog0("WrapKey: bad unwrappedKey BlobType\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - /* - * Prepare outgoing header. - */ - setKeyHeader(wrappedHdr, - plugin.myGuid(), - unwrappedHdr.algorithm(), // same as incoming - unwrappedHdr.keyClass(), // same as incoming - unwrappedKeyAttrFlags, - unwrappedHdr.KeyUsage); - wrappedHdr.LogicalKeySizeInBits = unwrappedHdr.LogicalKeySizeInBits; - wrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null - // and non-Null - wrappedHdr.StartDate = unwrappedHdr.StartDate; - wrappedHdr.EndDate = unwrappedHdr.EndDate; - wrappedHdr.Format = wrapFormat; - if(isNullWrap) { - wrappedHdr.BlobType = CSSM_KEYBLOB_RAW; - } - else { - wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED; - } - - /* - * special case - break out here for custom Apple CMS - */ - if(!isNullWrap && (wrapFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM)) { - try { - WrapKeyCms(CCHandle, - Context, - AccessCred, - UnwrappedKey, - rawBlob, - allocdRawBlob, - DescriptiveData, - WrappedKey, - Privilege); - } - catch(...) { - if(allocdRawBlob) { - freeCssmData(rawBlob, privAllocator); - } - throw; - } - if(allocdRawBlob) { - freeCssmData(rawBlob, privAllocator); - } - return; - } - - - /* - * Generate wrapped blob. Careful, we need to conditionally free - * rawBlob on error. - */ - CssmData encryptedBlob; - CssmData remData; - WrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData - WrappedKey.KeyData.Length = 0; - - try { - if(isNullWrap) { - /* copy raw blob to caller's wrappedKey */ - copyCssmData(rawBlob, - CssmData::overlay(WrappedKey.KeyData), - normAllocator); - wrappedHdr.Format = rawFormat; - } - else { - /* encrypt rawBlob using caller's context, then encode to - * WrappedKey.KeyData */ - uint32 bytesEncrypted; - EncryptData(CCHandle, - Context, - &rawBlob, // ClearBufs[] - 1, // ClearBufCount - &encryptedBlob, // CipherBufs[], - 1, // CipherBufCount, - bytesEncrypted, - remData, - Privilege); - - // I'm not 100% sure about this.... - assert(remData.Length == 0); - encryptedBlob.Length = bytesEncrypted; - WrappedKey.KeyData = encryptedBlob; - wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED; - // OK to be zero or not present - wrappedHdr.WrapMode = Context.getInt( - CSSM_ATTRIBUTE_MODE); - } - } - catch (...) { - errorLog0("WrapKey: EncryptData() threw exception\n"); - if(allocdRawBlob) { - freeCssmData(rawBlob, privAllocator); - } - freeCssmData(remData,normAllocator); - throw; - } - if(allocdRawBlob) { - freeCssmData(rawBlob, privAllocator); - } - freeCssmData(remData, normAllocator); -} - -/* - * Unwrap key function. Used for: - * - * -- Given key of BlobType CSSM_KEYBLOB_WRAPPED, decode and decrypt - * it, yielding a key in either raw or reference format. Unwrapping - * key may be either raw or reference. The context must match - * the unwrapping key (ALGCLASS_SYMMETRIC or ALGCLASS_ASYMMETRIC). - * - * Private keys are assumed to be PKCS8 encoded; session keys - * are assumed to be PKCS7 encoded. - * - * -- Convert a Raw key to a reference key (with no decrypting). - * This is called a NULL unwrap; no unwrapping key need be present in - * the context, but the context must be of class - * ALGCLASS_SYMMETRIC and algorithm ALGID_NONE. - */ -void AppleCSPSession::UnwrapKey( - CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey *PublicKey, - const CssmKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege) -{ - bool isNullUnwrap = false; - CssmKey *unwrappingKey = NULL; - cspKeyType keyType; // CKT_Public, etc. - CSSM_KEYBLOB_FORMAT wrapFormat = WrappedKey.blobFormat(); - - /* obtain unwrapping key if present */ - unwrappingKey = Context.get(CSSM_ATTRIBUTE_KEY); - if(unwrappingKey == NULL) { - if((Context.algorithm() == CSSM_ALGID_NONE) && - (Context.type() == CSSM_ALGCLASS_SYMMETRIC)) { - // NULL unwrap, OK - isNullUnwrap = true; - } - else { - errorLog0("UnwrapKey: missing wrapping key\n"); - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); - } - } - - /* - * validate unwrappingKey - */ - if(!isNullUnwrap) { - /* make sure unwrapping key type matches context */ - CSSM_CONTEXT_TYPE unwrapType; - switch(unwrappingKey->KeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - unwrapType = CSSM_ALGCLASS_ASYMMETRIC; - break; - case CSSM_KEYCLASS_SESSION_KEY: - unwrapType = CSSM_ALGCLASS_SYMMETRIC; - break; - default: - errorLog0("UnwrapKey: bad class of wrappingKey\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - if(unwrapType != Context.type()) { - errorLog0("UnwrapKey: mismatch unwrappingKey/contextType\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); - } - if(Context.algorithm() == CSSM_ALGID_NONE) { - errorLog0("UnwrapKey: null wrap alg, non-null key\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - cspValidateIntendedKeyUsage(&unwrappingKey->KeyHeader, CSSM_KEYUSE_UNWRAP); - cspVerifyKeyTimes(unwrappingKey->KeyHeader); - } - - /* validate WrappedKey */ - switch(WrappedKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - #if !ALLOW_PUB_KEY_WRAP - if(!isNullUnwrap) { - errorLog0("UnwrapKey: unwrap of public key illegal\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - #endif /* ALLOW_PUB_KEY_WRAP */ - keyType = CKT_Public; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - keyType = CKT_Private; - break; - case CSSM_KEYCLASS_SESSION_KEY: - keyType = CKT_Session; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - if(isNullUnwrap) { - if(WrappedKey.blobType() != CSSM_KEYBLOB_RAW) { - errorLog0("UnwrapKey: expected raw blobType\n"); - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - } - else { - if(WrappedKey.blobType() != CSSM_KEYBLOB_WRAPPED) { - errorLog0("UnwrapKey: expected wrapped blobType\n"); - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - } - - /* validate requested storage and usage */ - cspKeyStorage keyStorage = cspParseKeyAttr(keyType, KeyAttr); - switch(keyStorage) { - case CKS_Ref: - case CKS_Data: - break; // OK - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - cspValidateKeyUsageBits(keyType, KeyUsage); - - /* prepare outgoing header */ - CssmKey::Header &unwrappedHdr = UnwrappedKey.header(); - const CssmKey::Header &wrappedHdr = WrappedKey.header(); - setKeyHeader(unwrappedHdr, - plugin.myGuid(), - wrappedHdr.algorithm(), // same as incoming - wrappedHdr.keyClass(), // same as incoming - KeyAttr & ~KEY_ATTR_RETURN_MASK, - KeyUsage); - unwrappedHdr.LogicalKeySizeInBits = wrappedHdr.LogicalKeySizeInBits; - unwrappedHdr.StartDate = wrappedHdr.StartDate; - unwrappedHdr.EndDate = wrappedHdr.EndDate; - UnwrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData - UnwrappedKey.KeyData.Length = 0; - - /* validate wrappedKey format */ - if(!isNullUnwrap) { - switch(wrapFormat) { - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7: - if(WrappedKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) { - /* this unwrapping style only for symmetric keys */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8: - if(WrappedKey.keyClass() != CSSM_KEYCLASS_PRIVATE_KEY) { - /* this unwrapping style only for private keys */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM: - UnwrapKeyCms(CCHandle, - Context, - WrappedKey, - CredAndAclEntry, - UnwrappedKey, - DescriptiveData, - Privilege, - keyStorage); - return; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT); - } - } - - /* Get key blob, decoding and decrypting if necessary */ - CssmData decodedBlob; - CssmData remData; - try { - if(isNullUnwrap) { - /* simple copy of raw blob */ - copyData(WrappedKey.KeyData, - UnwrappedKey.KeyData, - normAllocator); - unwrappedHdr.BlobType = CSSM_KEYBLOB_RAW; - unwrappedHdr.Format = wrapFormat; - } - else { - decodedBlob = CssmData::overlay(WrappedKey.KeyData); - uint32 bytesDecrypted; - CssmData *unwrapData = - CssmData::overlay(&UnwrappedKey.KeyData); - - DecryptData(CCHandle, - Context, - &decodedBlob, // CipherBufs[], - 1, // CipherBufCount, - unwrapData, // ClearBufs[] - 1, // ClearBufCount - bytesDecrypted, - remData, - Privilege); - - // I'm not 100% sure about this.... - assert(remData.Length == 0); - UnwrappedKey.KeyData.Length = bytesDecrypted; - unwrappedHdr.BlobType = CSSM_KEYBLOB_RAW; - - /* - * Figure out various header fields from resulting blob - */ - switch(wrapFormat) { - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7: - unwrappedHdr.Format = - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - if(unwrappedHdr.LogicalKeySizeInBits == 0) { - unwrappedHdr.LogicalKeySizeInBits = - bytesDecrypted * 8; - } - /* app has to infer/know algorithm */ - break; - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8: - pkcs8InferKeyHeader(UnwrappedKey); - break; - } - } - } - catch (...) { - errorLog0("UnwrapKey: DecryptData() threw exception\n"); - freeCssmData(remData, normAllocator); - throw; - } - freeCssmData(remData, normAllocator); - - /* - * One more thing: cook up a BinaryKey if caller wants a - * reference key. - */ - if(keyStorage == CKS_Ref) { - /* - * We have a key in raw format; convert to BinaryKey. - */ - BinaryKey *binKey = NULL; - CSPKeyInfoProvider *provider = infoProvider(UnwrappedKey); - /* optional parameter-bearing key */ - CssmKey *paramKey = Context.get(CSSM_ATTRIBUTE_PARAM_KEY); - provider->CssmKeyToBinary(paramKey, UnwrappedKey.KeyHeader.KeyAttr, &binKey); - addRefKey(*binKey, UnwrappedKey); - delete provider; - } -} - diff --git a/AppleCSP/AppleCSP/wrapKeyCms.cpp b/AppleCSP/AppleCSP/wrapKeyCms.cpp deleted file mode 100644 index 61e36418..00000000 --- a/AppleCSP/AppleCSP/wrapKeyCms.cpp +++ /dev/null @@ -1,468 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// wrapKeyCms.cpp - wrap/unwrap key, CMS format -// - -#include "AppleCSPSession.h" -#include "AppleCSPUtils.h" -#include "AppleCSPKeys.h" -#include "cspdebugging.h" - -/* - * - * Here is the algorithm implemented in this module: - * - * Note that DEK is the wrapping key, - * - * 1. PRIVATE_KEY_BYTES is the private data to be wrapped. It consists of the - * following concatenation: - * - * 4-byte length of Descriptive Data, big-endian | - * Descriptive Data | - * rawBlob.Data bytes - * - * 2. Encrypt PRIVATE_KEY_BYTES using DEK (3DES) and IV in CBC mode with - * PKCS1 padding. Call the ciphertext TEMP1 - * - * 3. Let TEMP2 = IV || TEMP1. - * - * 4. Reverse the order of the octets in TEMP2 call the result TEMP3. - * - * 5. Encrypt TEMP3 using DEK with an IV of 0x4adda22c79e82105 in CBC mode - * with PKCS1 padding call the result TEMP4. - * - * TEMP4 is wrappedKey.KeyData. - */ - -/* true: cook up second CCHandle via a new HandleObject - * false - OK to reuse a CCHandle */ -#define USE_SECOND_CCHAND 0 - -/* false : make copy of incoming context before changing IV - * true : resuse OK */ -#define REUSE_CONTEXT 1 - -/* lots'o'printfs in lieu of a debugger which works */ -#define VERBOSE_DEBUG 0 - -static const uint8 magicCmsIv[] = - { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; - -#if VERBOSE_DEBUG -static void dumpBuf( - char *title, - const CSSM_DATA *d, - uint32 maxLen) -{ - unsigned i; - uint32 len; - - if(title) { - printf("%s: ", title); - } - if(d == NULL) { - printf("NO DATA\n"); - return; - } - printf("Total Length: %d\n ", d->Length); - len = maxLen; - if(d->Length < len) { - len = d->Length; - } - for(i=0; iData[i]); - if((i % 16) == 15) { - printf("\n "); - } - } - printf("\n"); -} -#else -#define dumpBuf(t, d, m) -#endif /* VERBOSE_DEBUG */ - - -/* serialize/deserialize uint32, big-endian. */ -static void serializeUint32(uint32 i, uint8 *buf) -{ - *buf++ = (uint8)(i >> 24); - *buf++ = (uint8)(i >> 16); - *buf++ = (uint8)(i >> 8); - *buf = (uint8)i; -} - -static uint32 deserializeUint32(const uint8 *buf) { - uint32 result; - - result = ((uint32)buf[0] << 24) | - ((uint32)buf[1] << 16) | - ((uint32)buf[2] << 8) | - (uint32)buf[3]; - return result; -} - -void AppleCSPSession::WrapKeyCms( - CSSM_CC_HANDLE CCHandle, - const Context &context, - const AccessCredentials &AccessCred, - const CssmKey &UnwrappedKey, - CssmData &rawBlob, - bool allocdRawBlob, // callee has to free rawBlob - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege) -{ - uint32 ddLen; - CssmData PRIVATE_KEY_BYTES; - #if !REUSE_CONTEXT - Context secondCtx(context.ContextType, context.AlgorithmType); - secondCtx.copyFrom(context, privAllocator); - #endif /* REUSE_CONTEXT */ - - /* - * 1. PRIVATE_KEY_BYTES is the private data to be wrapped. It consists of the - * following concatenation: - * - * 4-byte length of Descriptive Data, big-endian | - * Descriptive Data | - * rawBlob.Data bytes - */ - dumpBuf("wrap rawBlob", &rawBlob, 24); - dumpBuf("wrap DescriptiveData", DescriptiveData, 24); - - if(DescriptiveData == NULL) { - ddLen = 0; - } - else { - ddLen = DescriptiveData->Length; - } - uint32 pkbLen = 4 + ddLen + rawBlob.Length; - setUpCssmData(PRIVATE_KEY_BYTES, pkbLen, privAllocator); - uint8 *cp = PRIVATE_KEY_BYTES.Data; - serializeUint32(ddLen, cp); - cp += 4; - if(ddLen != 0) { - memcpy(cp, DescriptiveData->Data, ddLen); - cp += ddLen; - } - memcpy(cp, rawBlob.Data, rawBlob.Length); - dumpBuf("wrap PRIVATE_KEY_BYTES", &PRIVATE_KEY_BYTES, 48); - - /* 2. Encrypt PRIVATE_KEY_BYTES using DEK (3DES) and IV in CBC mode with - * PKCS1 padding. Call the ciphertext TEMP1 - * - * We'll just use the caller's context for this. Maybe we should - * validate mode, padding, IV? - */ - CssmData TEMP1; - uint32 bytesEncrypted; - CssmData remData; - EncryptData(CCHandle, - context, - &PRIVATE_KEY_BYTES, // ClearBufs[] - 1, // ClearBufCount - &TEMP1, // CipherBufs[], - 1, // CipherBufCount, - bytesEncrypted, - remData, - Privilege); - - // I'm not 100% sure about this.... - assert(remData.Length == 0); - TEMP1.Length = bytesEncrypted; - dumpBuf("wrap TEMP1", &TEMP1, 48); - - /* - * 3. Let TEMP2 = IV || TEMP1. - */ - CssmData TEMP2; - CssmData &IV = context.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - setUpCssmData(TEMP2, IV.Length + TEMP1.Length, privAllocator); - memcpy(TEMP2.Data, IV.Data, IV.Length); - memcpy(TEMP2.Data + IV.Length, TEMP1.Data, TEMP1.Length); - dumpBuf("wrap TEMP2", &TEMP2, 56); - - - /* - * 4. Reverse the order of the octets in TEMP2 call the result - * TEMP3. - */ - CssmData TEMP3; - setUpCssmData(TEMP3, TEMP2.Length, privAllocator); - uint8 *cp2 = TEMP2.Data + TEMP2.Length - 1; - cp = TEMP3.Data; - for(uint32 i=0; i - * actually is in the context and not a copy! - */ - #if REUSE_CONTEXT - CssmData &IV2 = context.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - #else - CssmData &IV2 = secondCtx.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - #endif /* REUSE_CONTEXT */ - - uint8 *savedIV = IV2.Data; - uint32 savedIVLen = IV2.Length; - IV2.Data = (uint8 *)magicCmsIv; - IV2.Length = 8; - CssmData &outBlob = CssmData::overlay(WrappedKey.KeyData); - outBlob.Length = 0; - outBlob.Data = NULL; - try { - EncryptData(CCHandle, - #if REUSE_CONTEXT - context, - #else - secondCtx, - #endif /* REUSE_CONTEXT */ - - &TEMP3, // ClearBufs[] - 1, // ClearBufCount - &outBlob, // CipherBufs[], - 1, // CipherBufCount, - bytesEncrypted, - remData, - Privilege); - } - catch (...) { - IV2.Data = savedIV; - IV2.Length = savedIVLen; - throw; // and leak - } - IV2.Data = savedIV; - IV2.Length = savedIVLen; - - // I'm not 100% sure about this.... - assert(remData.Length == 0); - outBlob.Length = bytesEncrypted; - dumpBuf("wrap outBlob", &outBlob, 64); - - /* outgoing header */ - WrappedKey.KeyHeader.BlobType = CSSM_KEYBLOB_WRAPPED; - // OK to be zero or not present - WrappedKey.KeyHeader.WrapMode = context.getInt(CSSM_ATTRIBUTE_MODE); - WrappedKey.KeyHeader.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - - /* free resources */ - freeCssmData(PRIVATE_KEY_BYTES, privAllocator); - freeCssmData(TEMP1, normAllocator); // alloc via encrypt - freeCssmData(TEMP2, privAllocator); - freeCssmData(TEMP3, privAllocator); - if(allocdRawBlob) { - /* our caller mallocd this when dereferencing a ref key */ - freeCssmData(rawBlob, privAllocator); - } -} - -/* note we expect an IV present in the context though we don't use it - * FIXME - we should figure out how to add this attribute at this level - */ - -/* safety trap - don't try to malloc anything bigger than this - we get - * sizes from the processed bit stream.... */ -#define MAX_MALLOC_SIZE 0x10000 - -void AppleCSPSession::UnwrapKeyCms( - CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey &WrappedKey, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege, - cspKeyStorage keyStorage) -{ - /* - * In reverse order, the steps from wrap... - * - * 5. Encrypt TEMP3 using DEK with an IV of 0x4adda22c79e82105 in CBC mode - * with PKCS1 padding call the result TEMP4. - * - * TEMP4 is wrappedKey.KeyData. - */ - const CssmData &wrappedBlob = CssmData::overlay(WrappedKey.KeyData); - dumpBuf("unwrap inBlob", &wrappedBlob, 64); - CssmData &IV1 = Context.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - uint8 *savedIV = IV1.Data; - uint32 savedIvLen = IV1.Length; - IV1.Data = (uint8 *)magicCmsIv; - IV1.Length = 8; - CssmData TEMP3; - uint32 bytesDecrypted; - CssmData remData; - - try { - DecryptData(CCHandle, - Context, - &wrappedBlob, // CipherBufs[], - 1, // CipherBufCount, - &TEMP3, // ClearBufs[] - 1, // ClearBufCount - bytesDecrypted, - remData, - Privilege); - } - catch(...) { - IV1.Data = savedIV; - IV1.Length = savedIvLen; - throw; - } - IV1.Data = savedIV; - IV1.Length = savedIvLen; - // I'm not 100% sure about this.... - assert(remData.Length == 0); - TEMP3.Length = bytesDecrypted; - dumpBuf("unwrap TEMP3", &TEMP3, 64); - - /* - * 4. Reverse the order of the octets in TEMP2 call the result - * TEMP3. - * - * i.e., TEMP2 := reverse(TEMP3) - */ - CssmData TEMP2; - setUpCssmData(TEMP2, TEMP3.Length, privAllocator); - uint8 *src = TEMP3.Data + TEMP3.Length - 1; - uint8 *dst = TEMP2.Data; - for(uint32 i=0; i MAX_MALLOC_SIZE) { - dprintf0("UnwrapKeyCms: preposterous ddLen in PRIVATE_KEY_BYTES\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - setUpCssmData(DescriptiveData, ddLen, normAllocator); - memcpy(DescriptiveData.Data, cp1, ddLen); - cp1 += ddLen; - uint32 outBlobLen = PRIVATE_KEY_BYTES.Length - ddLen - 4; - if(ddLen > MAX_MALLOC_SIZE) { - dprintf0("UnwrapKeyCms: preposterous outBlobLen in PRIVATE_KEY_BYTES\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - CssmData &outBlob = CssmData::overlay(UnwrappedKey.KeyData); - setUpCssmData(outBlob, outBlobLen, normAllocator); - memcpy(outBlob.Data, cp1, outBlobLen); - - /* set up outgoing header */ - UnwrappedKey.KeyHeader.BlobType = CSSM_KEYBLOB_RAW; - UnwrappedKey.KeyHeader.Format = inferFormat(UnwrappedKey); - - /* - * Cook up a BinaryKey if caller wants a reference key. - */ - if(keyStorage == CKS_Ref) { - BinaryKey *binKey = NULL; - CSPKeyInfoProvider *provider = infoProvider(UnwrappedKey); - /* optional parameter-bearing key */ - CssmKey *paramKey = Context.get(CSSM_ATTRIBUTE_PARAM_KEY); - provider->CssmKeyToBinary(paramKey, UnwrappedKey.KeyHeader.KeyAttr, &binKey); - addRefKey(*binKey, UnwrappedKey); - delete provider; - } - /* free resources */ - freeCssmData(PRIVATE_KEY_BYTES, normAllocator); // alloc via decrypt - freeCssmData(TEMP1, privAllocator); - freeCssmData(IV2, privAllocator); - freeCssmData(TEMP2, privAllocator); - freeCssmData(TEMP3, normAllocator); // via decrypt - -} - diff --git a/AppleCSP/AppleCSPPlugin.cpp b/AppleCSP/AppleCSPPlugin.cpp deleted file mode 100644 index d6c22cbd..00000000 --- a/AppleCSP/AppleCSPPlugin.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtai -n - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Produce the "genuine plugin version" of the AppleCSP -// -#include - - -// -// Create the plugin object and generate the C layer hookup -// -ModuleNexus plugin; - -#include diff --git a/AppleCSP/BSafeCSP/algmaker.cpp b/AppleCSP/BSafeCSP/algmaker.cpp deleted file mode 100644 index 474e63b9..00000000 --- a/AppleCSP/BSafeCSP/algmaker.cpp +++ /dev/null @@ -1,333 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// algmaker - algorithm factory for BSafe 4 -// -#include "bsafecspi.h" -#include "bsafecsp.h" -#include "AppleCSPSession.h" - -// -// BSafe's Chooser table. -// These are references to all *BSafe algorithms* we use (and thus must link in) -// -const B_ALGORITHM_METHOD * const BSafe::bsChooser[] = { - // digests - &AM_SHA, - &AM_MD5, - &AM_MD2, - - // organizational - &AM_CBC_ENCRYPT, - &AM_CBC_DECRYPT, - &AM_ECB_ENCRYPT, - &AM_ECB_DECRYPT, - &AM_OFB_ENCRYPT, - &AM_OFB_DECRYPT, - - // DES & variants - &AM_DES_ENCRYPT, - &AM_DES_DECRYPT, - &AM_DESX_ENCRYPT, - &AM_DESX_DECRYPT, - &AM_DES_EDE_ENCRYPT, - &AM_DES_EDE_DECRYPT, - - // RCn stuff - &AM_RC2_CBC_ENCRYPT, - &AM_RC2_CBC_DECRYPT, - &AM_RC2_ENCRYPT, - &AM_RC2_DECRYPT, - &AM_RC4_ENCRYPT, - &AM_RC4_DECRYPT, - &AM_RC5_ENCRYPT, - &AM_RC5_DECRYPT, - &AM_RC5_CBC_ENCRYPT, - &AM_RC5_CBC_DECRYPT, - - // RSA - &AM_RSA_STRONG_KEY_GEN, - &AM_RSA_KEY_GEN, - &AM_RSA_CRT_ENCRYPT_BLIND, - &AM_RSA_CRT_DECRYPT_BLIND, - &AM_RSA_ENCRYPT, - &AM_RSA_DECRYPT, - - // DSA - &AM_DSA_PARAM_GEN, - &AM_DSA_KEY_GEN, - - // signatures - &AM_DSA_SIGN, - &AM_DSA_VERIFY, - - // random number generation - &AM_MD5_RANDOM, - &AM_SHA_RANDOM, - - // sentinel - (B_ALGORITHM_METHOD *)NULL_PTR -}; - - -// -// Makers -// -template -class Maker0 : public BSafe::MakerBase { -public: - Ctx *make(AppleCSPSession &session, const Context &context) const - { return new Ctx(session, context); } -}; - -template -class Maker1 : public BSafe::MakerBase { - Arg arg; -public: - Maker1(Arg a) : arg(a) { } - Ctx *make(AppleCSPSession &session, const Context &context) const - { return new Ctx(session, context, arg); } -}; - -template -class Maker2 : public BSafe::MakerBase { - Arg1 arg1; Arg2 arg2; -public: - Maker2(Arg1 a1, Arg2 a2) : arg1(a1), arg2(a2) { } - Ctx *make(AppleCSPSession &session, const Context &context) const - { return new Ctx(session, context, arg1, arg2); } -}; - -template -class Maker3 : public BSafe::MakerBase { - Arg1 arg1; Arg2 arg2; Arg3 arg3; -public: - Maker3(Arg1 a1, Arg2 a2, Arg3 a3) : - arg1(a1), arg2(a2), arg3(a3) { } - Ctx *make(AppleCSPSession &session, const Context &context) const - { return new Ctx(session, context, arg1, arg2, arg3); } -}; - - -bug_const BSafe::MakerTable BSafe::algorithms[] = { - // signing algorithms - // constructor args: BSafe algorithm, signature size - { - CSSM_ALGID_SHA1WithDSA, - CSSM_ALGCLASS_SIGNATURE, - new Maker2 - (AI_DSAWithSHA1, 48) // max size of 48 bytes - }, - { - CSSM_ALGID_SHA1WithRSA, - CSSM_ALGCLASS_SIGNATURE, - new Maker2 - (AI_SHA1WithRSAEncryption, 0) // size = RSA key size - }, - - { - CSSM_ALGID_MD5WithRSA, - CSSM_ALGCLASS_SIGNATURE, - new Maker2 - (AI_MD5WithRSAEncryption, 0) // size = RSA key size - }, - - { - CSSM_ALGID_MD2WithRSA, - CSSM_ALGCLASS_SIGNATURE, - new Maker2 - (AI_MD2WithRSAEncryption, 0) // size = RSA key size - }, - - // MAC algorithms - // constructor args: BSafe algorithm, signature size - { - CSSM_ALGID_SHA1HMAC, - CSSM_ALGCLASS_MAC, - new Maker2 - (AI_SHA1, 20) - }, - - // symmetric key generation - // constructor args: min/max key size in bits, mustBeByteSized - { - CSSM_ALGID_RC2, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (1*8, 128*8, true) - }, - { - CSSM_ALGID_RC4, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (1*8, 256*8, true) - }, - { - CSSM_ALGID_RC5, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (1*8, 255*8, true) - }, - { - CSSM_ALGID_DES, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (64, 64, true) - }, - { - CSSM_ALGID_DESX, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (192, 192, true) - }, - { - CSSM_ALGID_3DES_3KEY, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (192, 192, true) - }, - { - CSSM_ALGID_SHA1HMAC, - CSSM_ALGCLASS_KEYGEN, - new Maker3 - (160, 2048, true) - }, - - // symmetric encryption algorithms - // constructor arg: block size (1 ==> stream cipher) - { - CSSM_ALGID_DES, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(8) - }, - { - CSSM_ALGID_DESX, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(8) - }, - { - CSSM_ALGID_3DES_3KEY_EDE, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(8) - }, - { - CSSM_ALGID_RC2, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(8) - }, - { - CSSM_ALGID_RC4, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(1) - }, - { - CSSM_ALGID_RC5, - CSSM_ALGCLASS_SYMMETRIC, - new Maker1(8) - }, - - // asymmetric encryption algorithms - { - CSSM_ALGID_RSA, - CSSM_ALGCLASS_ASYMMETRIC, - new Maker0() - }, - { - CSSM_ALGID_DSA, - CSSM_ALGCLASS_ASYMMETRIC, - new Maker0() - }, - - // key pair generate algorithms - { - CSSM_ALGID_RSA, - CSSM_ALGCLASS_KEYGEN, - new Maker0() - }, - { - CSSM_ALGID_DSA, - CSSM_ALGCLASS_KEYGEN, - new Maker0() - }, - - // pseudo-random number generators - { - CSSM_ALGID_MD5Random, - CSSM_ALGCLASS_RANDOMGEN, - new Maker1(AI_MD5Random) - }, - { - CSSM_ALGID_SHARandom, - CSSM_ALGCLASS_RANDOMGEN, - new Maker1(AI_SHA1Random) - }, -}; - -const unsigned int BSafe::algorithmCount = sizeof(algorithms) / sizeof(algorithms[0]); - - -// -// BSafeFactory hookup -// -void BSafeFactory::setNormAllocator(CssmAllocator *alloc) -{ - BSafe::setNormAllocator(alloc); -} -void BSafeFactory::setPrivAllocator(CssmAllocator *alloc) -{ - BSafe::setPrivAllocator(alloc); -} - -bool BSafeFactory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - return BSafe::setup(session, cspCtx, context); -} - - -// -// Algorithm setup -// -bool BSafe::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - for (const BSafe::MakerTable *alg = algorithms; - alg < algorithms + algorithmCount; - alg++) { - if ((alg->algorithmId == context.algorithm()) && - (alg->algClass == context.type())) { - if(cspCtx != NULL) { - /* we allow reuse */ - return true; - } - // make new context - cspCtx = alg->maker->make(session, context); - return true; - } - } - /* not ours */ - return false; -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsafeAsymmetric.cpp b/AppleCSP/BSafeCSP/bsafeAsymmetric.cpp deleted file mode 100644 index 7cffdd25..00000000 --- a/AppleCSP/BSafeCSP/bsafeAsymmetric.cpp +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafeAsymmetric.cpp - asymmetric encrypt/decrypt -// -#include "bsafecspi.h" - -#include // debug - -// -// Public key {en,de}cryption (currently RSA only) -// -// FIXME: -// We really should match the key algorithm to the en/decrypt -// algorithm. Also: verify key usage bits. -void BSafe::PublicKeyCipherContext::init(const Context &context, bool encrypting) -{ - assert(context.algorithm() == CSSM_ALGID_RSA); - - if (reusing(encrypting)) - return; // all set to go - - switch (context.getInt(CSSM_ATTRIBUTE_MODE)) { - case CSSM_ALGMODE_PUBLIC_KEY: - setAlgorithm(AI_PKCS_RSAPublic); - break; - case CSSM_ALGMODE_PRIVATE_KEY: - setAlgorithm(AI_PKCS_RSAPrivate); - break; - case CSSM_ALGMODE_NONE: - { - /* - * None specified (getInt returns zero in that case) - - * infer from key type - */ - CssmKey &key = context.get( - CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - B_INFO_TYPE bAlgType; - switch (key.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - bAlgType = AI_PKCS_RSAPublic; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - bAlgType = AI_PKCS_RSAPrivate; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - setAlgorithm(bAlgType); - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - - // put it all together - setKeyFromContext(context); // set BSafe key - setRandom(); // some PK cryption algs need random input - cipherInit(); // common cipher init - //@@@ calculate output buffer size -} - -// we assume asymmetric crypto algorithms are one-shot output non-repeating - -size_t BSafe::PublicKeyCipherContext::inputSize(size_t outSize) -{ - return 0xFFFFFFFF; // perhaps not the biggest size_t, but big enough... -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsafeContext.cpp b/AppleCSP/BSafeCSP/bsafeContext.cpp deleted file mode 100644 index a58f2afd..00000000 --- a/AppleCSP/BSafeCSP/bsafeContext.cpp +++ /dev/null @@ -1,448 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafeContext.cpp - implementation of class BSafe::BSafeContext -// and some of its subclasses -// - -#include "bsafecspi.h" -#include "bsafePKCS1.h" -#include -#include -#include -#include "cspdebugging.h" - -#define DATA(cData) POINTER(cData.data()), cData.length() - -A_SURRENDER_CTX * const BSafe::BSafeContext::bsSurrender = NULL; - - -// -// Construct an algorithm object -// -BSafe::BSafeContext::BSafeContext(AppleCSPSession &session) - : AppleCSPContext(session) -{ - bsAlgorithm = NULL; - bsKey = NULL; - bsBinKey = NULL; - bsRandom = NULL; - initialized = false; - opStarted = false; -#ifdef SAFER - inUpdate = NULL; - inOutUpdate = NULL; - inFinal = NULL; - outFinal = NULL; - outFinalR = NULL; -#endif //SAFER -} - -BSafe::BSafeContext::~BSafeContext() -{ - reset(); -} - -void BSafe::BSafeContext::reset() -{ - B_DestroyAlgorithmObject(&bsAlgorithm); - B_DestroyAlgorithmObject(&bsRandom); - destroyBsKey(); -} - -/* - * Clear key state. We only destroy bsKey if we don't have a - * BinaryKey. - */ -void BSafe::BSafeContext::destroyBsKey() -{ - if(bsBinKey == NULL) { - B_DestroyKeyObject(&bsKey); - } - else { - // bsKey gets destroyed when bsBinKey gets deleted - bsBinKey = NULL; - bsKey = NULL; - } -} - -void BSafe::check(int status, bool isKeyOp) -{ - if(status == 0) { - return; - } - dprintf1("BSAFE Error %d\n", status); - switch (status) { - case BE_ALLOC: - throw std::bad_alloc(); - case BE_SIGNATURE: - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - case BE_OUTPUT_LEN: - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - case BE_INPUT_LEN: - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - case BE_EXPONENT_EVEN: - case BE_EXPONENT_LEN: - case BE_EXPONENT_ONE: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - case BE_DATA: - case BE_INPUT_DATA: - if(isKeyOp) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - else { - CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); - } - case BE_MODULUS_LEN: - case BE_OVER_32K: - case BE_INPUT_COUNT: - case BE_CANCEL: - //@@@ later... - default: - //@@@ translate BSafe errors intelligently - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - } -} - - -void BSafe::BSafeContext::setAlgorithm( - B_INFO_TYPE bAlgType, - const void *info) -{ - B_DestroyAlgorithmObject(&bsAlgorithm); // clear any old BSafe algorithm - check(B_CreateAlgorithmObject(&bsAlgorithm)); - check(B_SetAlgorithmInfo(bsAlgorithm, bAlgType, POINTER(info))); -} - -/* safely create bsKey */ -void BSafe::BSafeContext::createBsKey() -{ - /* reset to initial key state - some keys can't be reused */ - destroyBsKey(); - check(B_CreateKeyObject(&bsKey)); -} - -/* form of *info varies per bKeyInfo */ -void BSafe::BSafeContext::setKeyAtom( - B_INFO_TYPE bKeyInfo, - const void *info) -{ - /* debug only */ - if((bKeyInfo == KI_RSAPublicBER) || (bKeyInfo == KI_RSAPublic)) { - printf("Aargh! Unhandled KI_RSAPublic!\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(bKeyInfo != KI_RSAPublicBER); // handled elsewhere for now - assert(bKeyInfo != KI_RSAPublic); // handled elsewhere for now - createBsKey(); - check(B_SetKeyInfo(bsKey, bKeyInfo, POINTER(info)), true); -} - -// -// Set outSize for RSA keys. -// -void BSafe::BSafeContext::setRsaOutSize( - bool isPubKey) -{ - assert(bsKey != NULL); - - A_RSA_KEY *keyInfo; - if(isPubKey) { - keyInfo = getKey(bsKey, KI_RSAPublic); - } - else { - keyInfo = getKey(bsKey, KI_RSAPrivate); - } - mOutSize = (B_IntegerBits(keyInfo->modulus.data, - keyInfo->modulus.len) + 7) / 8; -} - -// -// Handle various forms of reference key. Symmetric -// keys are stored as SymmetricBinaryKey, with raw key bytes -// in keyData. Our asymmetric keys are stored as BSafeBinaryKeys, -// with an embedded ready-to-use B_KEY_OBJ. -// -void BSafe::BSafeContext::setRefKey(CssmKey &key) -{ - bool isPubKey = false; - - switch(key.keyClass()) { - case CSSM_KEYCLASS_SESSION_KEY: - { - assert(key.blobFormat() == - CSSM_KEYBLOB_REF_FORMAT_INTEGER); - - BinaryKey &binKey = session().lookupRefKey(key); - // fails if this is not a SymmetricBinaryKey - SymmetricBinaryKey *symBinKey = - dynamic_cast(&binKey); - if(symBinKey == NULL) { - errorLog0("BSafe::setRefKey(1): wrong BinaryKey subclass\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - setKeyFromCssmData(KI_Item, symBinKey->mKeyData); - return; - } - case CSSM_KEYCLASS_PUBLIC_KEY: - isPubKey = true; // and fall thru - case CSSM_KEYCLASS_PRIVATE_KEY: - { - BinaryKey &binKey = session().lookupRefKey(key); - destroyBsKey(); - bsBinKey = dynamic_cast(&binKey); - /* this cast failing means that this is some other - * kind of binary key */ - if(bsBinKey == NULL) { - errorLog0("BSafe::setRefKey(2): wrong BinaryKey subclass\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(bsBinKey->bsKey() != NULL); - bsKey = bsBinKey->bsKey(); - if(key.algorithm() == CSSM_ALGID_RSA) { - setRsaOutSize(isPubKey); - } - return; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } -} - -void BSafe::BSafeContext::setKeyFromContext( - const Context &context, - bool required) -{ - CssmKey &key = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - - switch(key.blobType()) { - case CSSM_KEYBLOB_REFERENCE: - setRefKey(key); - return; - case CSSM_KEYBLOB_RAW: - break; // to main routine - default: - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - - bool isPubKey; - switch (key.keyClass()) { - case CSSM_KEYCLASS_SESSION_KEY: - /* symmetric, one format supported for all algs */ - switch (key.blobFormat()) { - case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: - setKeyFromCssmKey(KI_Item, key); - return; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - case CSSM_KEYCLASS_PUBLIC_KEY: - isPubKey = true; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - isPubKey = false; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* We know it's an asymmetric key; get some info */ - B_INFO_TYPE infoType; - CSSM_KEYBLOB_FORMAT expectedFormat; - - if(!bsafeAlgToInfoType(key.algorithm(), - isPubKey, - infoType, - expectedFormat)) { - /* unknown alg! */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - /* - * Correct format? - * NOTE: if we end up supporting multiple incoming key formats, they'll - * have to be handled here. - */ - if(expectedFormat != key.blobFormat()) { - errorLog1("setKeyFromContext: invalid blob format (%d)\n", - (int)key.blobFormat()); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - /* - * Most formats can be handled directly by BSAFE. Handle the special cases - * requiring additional processing here. - */ - switch(expectedFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - /* RSA public keys */ - createBsKey(); - BS_setKeyPkcs1(CssmData::overlay(key.KeyData), bsKey); - break; - default: - setKeyFromCssmKey(infoType, key); - break; - } - - /* - * One more thing - set mOutSize for RSA keys - */ - if(key.algorithm() == CSSM_ALGID_RSA) { - setRsaOutSize(isPubKey); - } -} - -#define BSAFE_RANDSIZE 32 - -void BSafe::BSafeContext::setRandom() -{ - if (bsRandom == NULL) { - check(B_CreateAlgorithmObject(&bsRandom)); - check(B_SetAlgorithmInfo(bsRandom, AI_X962Random_V0, NULL_PTR)); - check(B_RandomInit(bsRandom, chooser(), bsSurrender)); - uint8 seed[BSAFE_RANDSIZE]; - session().getRandomBytes(BSAFE_RANDSIZE, seed); - check(B_RandomUpdate(bsRandom, seed, sizeof(seed), bsSurrender)); - } -} - - -// -// Operational methods of BSafeContext -// -void BSafe::BSafeContext::init(const Context &, bool) -{ - // some algorithms don't need init(), because all is done in the context constructor -} - -// update for input-only block/stream algorithms -void BSafe::BSafeContext::update(const CssmData &data) -{ - opStarted = true; - check(inUpdate(bsAlgorithm, POINTER(data.data()), data.length(), bsSurrender)); -} - -// update for input/output block/stream algorithms -void BSafe::BSafeContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize) -{ - unsigned int length; - opStarted = true; - check(inOutUpdate(bsAlgorithm, POINTER(outp), &length, outSize, - POINTER(inp), inSize, bsRandom, bsSurrender)); - // always eat all input (inSize unchanged) - outSize = length; - - // let the algorithm manager track I/O sizes, if needed - trackUpdate(inSize, outSize); -} - -// output-generating final call -void BSafe::BSafeContext::final(CssmData &out) -{ - unsigned int length; - if (outFinal) { - check(outFinal(bsAlgorithm, - POINTER(out.data()), - &length, - out.length(), - bsSurrender)); - } - else { - check(outFinalR(bsAlgorithm, - POINTER(out.data()), - &length, - out.length(), - bsRandom, - bsSurrender)); - } - out.length(length); - initialized = false; -} - -// verifying final call (takes additional input) -void BSafe::BSafeContext::final(const CssmData &in) -{ - int status; - - /* note sig verify errors can show up as lots of BSAFE statuses; - * munge them all into the appropriate error */ - if (inFinal) { - status = inFinal(bsAlgorithm, - POINTER(in.data()), - in.length(), - bsSurrender); - } - else { - status = inFinalR(bsAlgorithm, - POINTER(in.data()), - in.length(), - bsRandom, - bsSurrender); - } - if(status != 0) { - if((mType == CSSM_ALGCLASS_SIGNATURE) && (mDirection == false)) { - /* yep, sig verify error */ - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } - /* other error, use standard trap */ - check(status); - } - initialized = false; -} - -size_t BSafe::BSafeContext::outputSize(bool final, size_t inSize) -{ - // this default implementation only makes sense for single-output end-loaded algorithms - return final ? mOutSize : 0; -} - -void BSafe::BSafeContext::trackUpdate(size_t, size_t) -{ /* do nothing */ } - -// -// Common features of CipherContexts. -// -void BSafe::CipherContext::cipherInit() -{ - // set handlers - if (encoding) { - inOutUpdate = B_EncryptUpdate; - outFinalR = B_EncryptFinal; - } else { - inOutUpdate = B_DecryptUpdate; - outFinalR = B_DecryptFinal; - } - outFinal = NULL; - - // init the algorithm - check((encoding ? B_EncryptInit : B_DecryptInit) - (bsAlgorithm, bsKey, chooser(), bsSurrender)); - - // buffers start empty - pending = 0; - - // state is now valid - initialized = true; - opStarted = false; -} -#endif /* BSAFE_CSP_ENABLE */ - diff --git a/AppleCSP/BSafeCSP/bsafeKeyGen.cpp b/AppleCSP/BSafeCSP/bsafeKeyGen.cpp deleted file mode 100644 index 580c37aa..00000000 --- a/AppleCSP/BSafeCSP/bsafeKeyGen.cpp +++ /dev/null @@ -1,461 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafeKeyGen.cpp - key generation routines -// -#include "bsafecspi.h" -#include "bsafePKCS1.h" -#include "cspdebugging.h" - -/* - * Stateless, private function to map a CSSM alg and pub/priv state - * to B_INFO_TYPE and format. Returns true on success, false on - * "I don't understand this algorithm". - */ -bool BSafe::bsafeAlgToInfoType( - CSSM_ALGORITHMS alg, - bool isPublic, - B_INFO_TYPE &infoType, // RETURNED - CSSM_KEYBLOB_FORMAT &format) // RETURNED -{ - switch(alg) { - case CSSM_ALGID_RSA: - if(isPublic) { - infoType = RSA_PUB_KEYINFO_TYPE; - format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - } - else { - infoType = RSA_PRIV_KEYINFO_TYPE; - format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - } - return true; - case CSSM_ALGID_DSA: - format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - if(isPublic) { - infoType = DSA_PUB_KEYINFO_TYPE; - } - else { - infoType = DSA_PRIV_KEYINFO_TYPE; - } - return true; - default: - return false; - } -} - - -BSafe::BSafeBinaryKey::BSafeBinaryKey( - bool isPub, - uint32 Alg) - : mIsPublic(isPub), - mAlg(Alg) -{ - BSafe::check(B_CreateKeyObject(&mBsKey), true); -} - -BSafe::BSafeBinaryKey::~BSafeBinaryKey() -{ - B_DestroyKeyObject(&mBsKey); -} - -void BSafe::BSafeBinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, // input val ignored for now - AppleCSPSession &session, - const CssmKey *paramKey, // optional, unused here - CSSM_KEYATTR_FLAGS &attrFlags) // IN/OUT -{ - assert(mBsKey != NULL); - - B_INFO_TYPE bsType; - if(!bsafeAlgToInfoType(mAlg, mIsPublic, bsType, format)) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(format == CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { - /* special case, encode the PKCS1 format blob */ - CssmRemoteData rData( - CssmAllocator::standard(CssmAllocator::sensitive), blob); - BS_GetKeyPkcs1(mBsKey, rData); - rData.release(); - } - else { - BSafeItem *info; - BSafe::check( - B_GetKeyInfo((POINTER *)&info, mBsKey, bsType), true); - blob = info->copy(allocator); - } -} - -// -// This is called from CSPFullPluginSession -// -void BSafe::BSafeKeyPairGenContext::generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey) -{ - BSafeBinaryKey *pubBinKey = new BSafeBinaryKey(true, - context.algorithm()); - BSafeBinaryKey *privBinKey = new BSafeBinaryKey(false, - context.algorithm()); - - try { - AppleKeyPairGenContext::generate(context, - session(), - pubKey, - pubBinKey, - privKey, - privBinKey); - } - catch (...) { - delete pubBinKey; - delete privBinKey; - throw; - } -} - -// -// Called from AppleKeyPairGenContext -// -void BSafe::BSafeKeyPairGenContext::generate( - const Context &context, - BinaryKey &pubBinKey, // valid on successful return - BinaryKey &privBinKey, // ditto - uint32 &keySize) // ditto -{ - /* these casts throw exceptions if the keys are of the - * wrong classes, which is a major bogon, since we created - * the keys in the above generate() function */ - BSafeBinaryKey &bsPubBinKey = - dynamic_cast(pubBinKey); - BSafeBinaryKey &bsPrivBinKey = - dynamic_cast(privBinKey); - - if (!initialized) { - setupAlgorithm(context, keySize); - check(B_GenerateInit(bsAlgorithm, chooser(), bsSurrender), true); - initialized = true; - } - - setRandom(); - check(B_GenerateKeypair(bsAlgorithm, - bsPubBinKey.bsKey(), - bsPrivBinKey.bsKey(), - bsRandom, - bsSurrender), true); -} - -void BSafe::BSafeKeyPairGenContext::setupAlgorithm( - const Context &context, - uint32 &keySize) -{ - switch(context.algorithm()) { - case CSSM_ALGID_RSA: - { - A_RSA_KEY_GEN_PARAMS genParams; - keySize = genParams.modulusBits = - context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); - if (CssmData *params = - context.get(CSSM_ATTRIBUTE_ALG_PARAMS)) { - genParams.publicExponent = BSafeItem(*params); - } else { - static unsigned char exponent[] = { 1, 0, 1 }; - genParams.publicExponent = BSafeItem(exponent, sizeof(exponent)); - } - /* - * For test purposes, we avoid the 'strong' key generate - * algorithm if a CSSM_ALGMODE_CUSTOM mode atrtribute - * is present in the context. This is not published and - * not supported in the real world. - */ - uint32 mode = context.getInt(CSSM_ATTRIBUTE_MODE); - if(mode == CSSM_ALGMODE_CUSTOM) { - setAlgorithm(AI_RSAKeyGen, &genParams); - } - else { - setAlgorithm(AI_RSAStrongKeyGen, &genParams); - } - } - break; - case CSSM_ALGID_DSA: - { - A_DSA_PARAMS genParams; - genParams.prime = - BSafeItem(context.get( - CSSM_ATTRIBUTE_PRIME, - CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS)); - genParams.subPrime = - BSafeItem(context.get( - CSSM_ATTRIBUTE_SUBPRIME, - CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS)); - genParams.base = - BSafeItem(context.get( - CSSM_ATTRIBUTE_BASE, - CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS)); - setAlgorithm(AI_DSAKeyGen, &genParams); - keySize = B_IntegerBits(genParams.prime.data, genParams.prime.len); - } - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } -} - -// -// DSA Parameter Generation -// -void BSafe::BSafeKeyPairGenContext::generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, - uint32 &attrCount, - Context::Attr * &attrs) -{ - assert(context.algorithm() == CSSM_ALGID_DSA); - - B_ALGORITHM_OBJ genAlg = NULL; - B_ALGORITHM_OBJ result = NULL; - - try { - check(B_CreateAlgorithmObject(&genAlg)); - - B_DSA_PARAM_GEN_PARAMS genParams; - genParams.primeBits = bitSize; - check(B_SetAlgorithmInfo(genAlg, AI_DSAParamGen, POINTER(&genParams))); - setRandom(); - check(B_GenerateInit(genAlg, chooser(), bsSurrender), true); - check(B_CreateAlgorithmObject(&result)); - check(B_GenerateParameters(genAlg, result, bsRandom, bsSurrender)); - - // get parameters out of algorithm object - A_DSA_PARAMS *kParams = NULL; - check(B_GetAlgorithmInfo((POINTER *)&kParams, result, AI_DSAKeyGen), true); - - // shred them into context attribute form - attrs = normAllocator->alloc(3); - attrs[0] = Context::Attr(CSSM_ATTRIBUTE_PRIME, - *BSafeItem(kParams->prime).copyp(*normAllocator)); - attrs[1] = Context::Attr(CSSM_ATTRIBUTE_SUBPRIME, - *BSafeItem(kParams->subPrime).copyp(*normAllocator)); - attrs[2] = Context::Attr(CSSM_ATTRIBUTE_BASE, - *BSafeItem(kParams->base).copyp(*normAllocator)); - attrCount = 3; - - // clean up - B_DestroyAlgorithmObject(&result); - B_DestroyAlgorithmObject(&genAlg); - } catch (...) { - // clean up - B_DestroyAlgorithmObject(&result); - B_DestroyAlgorithmObject(&genAlg); - throw; - } -} - -/* - * CSPKeyInfoProvider for asymmetric BSAFE keys. - */ -BSafe::BSafeKeyInfoProvider::BSafeKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ -} - -CSPKeyInfoProvider *BSafe::BSafeKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - switch(cssmKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - return NULL; - } - switch(mKey.algorithm()) { - case CSSM_ALGID_RSA: - case CSSM_ALGID_DSA: - break; - default: - return NULL; - } - /* OK, we'll handle this one */ - return new BSafeKeyInfoProvider(cssmKey, session); -} - -/* cook up a Binary key */ -void BSafe::BSafeKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // optional, ignored - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) -{ - *binKey = NULL; - - const CSSM_KEYHEADER *hdr = &mKey.KeyHeader; - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - - B_INFO_TYPE bsType; - CSSM_KEYBLOB_FORMAT format; - bool isPub; - - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - isPub = true; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - isPub = false; - break; - default: - // someone else's key - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - if(!bsafeAlgToInfoType(hdr->AlgorithmId, isPub, bsType, format)) { - // someone else's key - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - if(hdr->Format != format) { - dprintf0("BSafe::cssmKeyToBinary: format mismatch\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - BSafeBinaryKey *bsBinKey = new BSafeBinaryKey(isPub, - hdr->AlgorithmId); - - // set up key material as appropriate - if(format == CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { - /* special case, decode the PKCS1 format blob */ - BS_setKeyPkcs1(mKey, bsBinKey->bsKey()); - } - else { - /* normal case, use key blob as is */ - BSafeItem item(mKey.KeyData); - BSafe::check( - B_SetKeyInfo(bsBinKey->bsKey(), bsType, POINTER(&item)), true); - } - *binKey = bsBinKey; -} - -/* - * Obtain key size in bits. - */ -void BSafe::BSafeKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - /* cook up BSAFE key */ - B_KEY_OBJ bKey; - A_RSA_KEY *rsaKeyInfo = NULL; - A_DSA_PUBLIC_KEY *dsaPubKeyInfo = NULL; - A_DSA_PRIVATE_KEY *dsaPrivKeyInfo = NULL; - ITEM *sizeItem = NULL; - BSafe::check(B_CreateKeyObject(&bKey), true); - B_INFO_TYPE infoType; - - switch(mKey.algorithm()) { - case CSSM_ALGID_RSA: - switch(mKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - if(mKey.blobFormat() != - CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - /* convert from PKCS1 blob to raw key */ - BS_setKeyPkcs1(mKey, bKey); - infoType = KI_RSAPublic; - /* break to common RSA code */ - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - { - if(mKey.blobFormat() != - CSSM_KEYBLOB_RAW_FORMAT_PKCS8) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - /* convert from PKCS8 blob to raw key */ - BSafeItem item(mKey.KeyData); - BSafe::check( - B_SetKeyInfo(bKey, KI_PKCS_RSAPrivateBER, - POINTER(&item)), true); - infoType = KI_RSAPrivate; - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - rsaKeyInfo = getKey(bKey, infoType); - sizeItem = &rsaKeyInfo->modulus; - break; - - case CSSM_ALGID_DSA: - /* untested as of 9/11/00 */ - if(mKey.blobFormat() != - CSSM_KEYBLOB_RAW_FORMAT_FIPS186) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - switch(mKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - { - BSafeItem item(mKey.KeyData); - BSafe::check(B_SetKeyInfo(bKey, - DSA_PUB_KEYINFO_TYPE, - (POINTER)&item), true); - - /* get the key bits */ - dsaPubKeyInfo = getKey(bKey, - KI_DSAPublic); - sizeItem = &dsaPubKeyInfo->params.prime; - break; - } - case CSSM_KEYCLASS_PRIVATE_KEY: - { - BSafeItem item(mKey.KeyData); - BSafe::check(B_SetKeyInfo(bKey, - DSA_PRIV_KEYINFO_TYPE, - (POINTER)&item), true); - - /* get the key bits */ - dsaPrivKeyInfo = getKey(bKey, - KI_DSAPrivate); - sizeItem = &dsaPrivKeyInfo->params.prime; - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - break; - default: - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - uint32 iSize = B_IntegerBits(sizeItem->data, sizeItem->len); - keySize.LogicalKeySizeInBits = iSize; - keySize.EffectiveKeySizeInBits = iSize; - B_DestroyKeyObject(&bKey); -} - -#endif /* BSAFE_CSP_ENABLE */ - diff --git a/AppleCSP/BSafeCSP/bsafePKCS1.cpp b/AppleCSP/BSafeCSP/bsafePKCS1.cpp deleted file mode 100644 index 1c7e0196..00000000 --- a/AppleCSP/BSafeCSP/bsafePKCS1.cpp +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -/* - * bsafePKCS1.cpp - support for PKCS1 format RSA public key blobs, which for some - * reason, BSAFE doesn't know about. - */ - -#include "bsafePKCS1.h" -#include "bsafecspi.h" -#include "cspdebugging.h" -#include "bsobjects.h" -#include /* for RSAPublicKey */ -#include -#include - -/* - * Simple conversion between BSAFE ITEM and snacc BigIntegerStr - */ -static void BS_ItemToSnaccBigInt( - const ITEM &item, - BigIntegerStr &snaccInt) -{ - snaccInt.Set(reinterpret_cast(item.data), item.len); -} - -/* - * This one doesn't do a malloc - the ITEM is only valid as long as - * snaccInt is! - */ -static void BS_snaccBigIntToItem( - BigIntegerStr &snaccInt, // not const - we're passing a ptr - ITEM &item) -{ - char *cp = snaccInt; - item.data = reinterpret_cast(cp); - item.len = snaccInt.Len(); -} - -/* - * Given a PKCS1-formatted key blob, decode the blob into components and do - * a B_SetKeyInfo on the specified BSAFE key. - */ -void BS_setKeyPkcs1( - const CssmData &pkcs1Blob, - B_KEY_OBJ bsKey) -{ - /* DER-decode the blob */ - RSAPublicKey snaccPubKey; - - try { - SC_decodeAsnObj(pkcs1Blob, snaccPubKey); - } - catch(const CssmError &cerror) { - CSSM_RETURN crtn = cerror.cssmError(); - - errorLog1("BS_setKeyPkcs1: SC_decodeAsnObj returned %s\n", - cssmErrorString(crtn).c_str()); - switch(crtn) { - case CSSMERR_CSSM_MEMORY_ERROR: - crtn = CSSMERR_CSP_MEMORY_ERROR; - break; - case CSSMERR_CSSM_INVALID_INPUT_POINTER: - crtn = CSSMERR_CSP_INVALID_KEY; - default: - break; - } - CssmError::throwMe(crtn); - } - - /* - * Convert BigIntegerStr modulus, publicExponent into - * ITEMS in an A_RSA_KEY. - */ - A_RSA_KEY rsaKey; - BS_snaccBigIntToItem(snaccPubKey.modulus, rsaKey.modulus); - BS_snaccBigIntToItem(snaccPubKey.publicExponent, rsaKey.exponent); - - BSafe::check( - B_SetKeyInfo(bsKey, KI_RSAPublic, POINTER(&rsaKey)), true); -} - -/* - * Obtain public key blob info, PKCS1 format. - */ -void BS_GetKeyPkcs1( - const B_KEY_OBJ bsKey, - CssmOwnedData &pkcs1Blob) -{ - /* get modulus/exponent info from BSAFE */ - A_RSA_KEY *rsaKey; - BSafe::check( - B_GetKeyInfo((POINTER *)&rsaKey, bsKey, KI_RSAPublic), true); - - /* Cook up a snacc-style RSAPublic key */ - RSAPublicKey snaccPubKey; - BS_ItemToSnaccBigInt(rsaKey->modulus, snaccPubKey.modulus); - BS_ItemToSnaccBigInt(rsaKey->exponent, snaccPubKey.publicExponent); - - /* estimate max size, BER-encode */ - size_t maxSize = 2 * (rsaKey->modulus.len + rsaKey->exponent.len); - try { - SC_encodeAsnObj(snaccPubKey, pkcs1Blob, maxSize); - } - catch(const CssmError &cerror) { - CSSM_RETURN crtn = cerror.cssmError(); - - errorLog1("BS_GetKeyPkcs1: SC_encodeAsnObj returned %s\n", - cssmErrorString(crtn).c_str()); - switch(crtn) { - case CSSMERR_CSSM_MEMORY_ERROR: - crtn = CSSMERR_CSP_MEMORY_ERROR; - break; - default: - break; - } - CssmError::throwMe(crtn); - } -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsafePKCS1.h b/AppleCSP/BSafeCSP/bsafePKCS1.h deleted file mode 100644 index cecdb612..00000000 --- a/AppleCSP/BSafeCSP/bsafePKCS1.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -/* - * bsafePKCS1.h - support for PKCS1 format RSA public key blobs, which for some - * reason, BSAFE doesn't know about. - */ - -#ifndef _BSAFE_PKCS1_H_ -#define _BSAFE_PKCS1_H_ - -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* DER-decode any AsnType object */ -CSSM_RETURN CL_decodeAsnObj( - const CssmData &derEncoded, - AsnType &asnObj); - -/* DER-encode any AsnType object. */ -CSSM_RETURN CL_encodeAsnObj( - AsnType &asnObj, - CssmOwnedData &derEncoded, - size_t maxEncodedSize); - -/* - * Given a PKCS1-formatted key blob, decode the blob into components and do - * a B_SetKeyInfo on the specified BSAFE key. - */ -void BS_setKeyPkcs1( - const CssmData &pkcs1Blob, - B_KEY_OBJ bsKey); - -/* - * Obtain public key blob info, PKCS1 format. - */ -void BS_GetKeyPkcs1( - const B_KEY_OBJ bsKey, - CssmOwnedData &pkcs1Blob); - -#ifdef __cplusplus -} -#endif - -#endif /* _BSAFE_PKCS1_H_ */ - -#endif /* BSAFE_CSP_ENABLE */ - diff --git a/AppleCSP/BSafeCSP/bsafeSymmetric.cpp b/AppleCSP/BSafeCSP/bsafeSymmetric.cpp deleted file mode 100644 index d0f30bf1..00000000 --- a/AppleCSP/BSafeCSP/bsafeSymmetric.cpp +++ /dev/null @@ -1,289 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafeSymmetric.cpp - symmetric encryption contexts and algorithms -// -#include "bsafecspi.h" -#include - -#define bbprintf(args...) secdebug("BSafeBuf", ## args) - -#define VERBOSE_DEBUG 0 -#if VERBOSE_DEBUG -static void dumpBuf( - char *title, - const CSSM_DATA *d, - uint32 maxLen) -{ - unsigned i; - uint32 len; - - if(title) { - printf("%s: ", title); - } - if(d == NULL) { - printf("NO DATA\n"); - return; - } - printf("Total Length: %d\n ", d->Length); - len = maxLen; - if(d->Length < len) { - len = d->Length; - } - for(i=0; iData[i]); - if((i % 16) == 15) { - printf("\n "); - } - } - printf("\n"); -} -#else -#define dumpBuf(t, d, m) -#endif /* VERBOSE_DEBUG */ - -void BSafe::SymmetricKeyGenContext::generate( - const Context &context, - CssmKey &symKey, - CssmKey &dummyKey) -{ - AppleSymmKeyGenContext::generateSymKey( - context, - session(), - symKey); -} - -// FIXME: -// We really should match the key algorithm to the en/decrypt -// algorithm. Also: verify key usage bits. -void BSafe::BlockCipherContext::init( - const Context &context, - bool encrypting) -{ - bool hasIV = false; - bool requirePad = false; - - if (reusing(encrypting)) - return; // all set to go - - cssmAlg = context.algorithm(); - switch(cssmAlg) { - // most are handled below; break here to special cases - case CSSM_ALGID_RC4: - RC4init(context); - return; - case CSSM_ALGID_DES: - case CSSM_ALGID_DESX: - case CSSM_ALGID_3DES_3KEY_EDE: - case CSSM_ALGID_RC5: - case CSSM_ALGID_RC2: - break; - - /* others here... */ - default: - // Should never have gotten this far - assert(0); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - - - // these variables are used in the switch below and need to - // live until after setAlgorithm() - BSafeItem iv; - B_BLK_CIPHER_W_FEEDBACK_PARAMS spec; - A_RC5_PARAMS rc5Params; - A_RC2_PARAMS rc2Params; - - // crypto algorithm - spec.encryptionParams = NULL_PTR; // default, may change - switch (cssmAlg) { - case CSSM_ALGID_DES: - spec.encryptionMethodName = POINTER("des"); - break; - case CSSM_ALGID_DESX: - spec.encryptionMethodName = POINTER("desx"); - break; - case CSSM_ALGID_3DES_3KEY_EDE: - spec.encryptionMethodName = POINTER("des_ede"); - break; - case CSSM_ALGID_RC5: - spec.encryptionMethodName = POINTER("rc5"); - spec.encryptionParams = POINTER(&rc5Params); - rc5Params.version = 0x10; - // FIXME - get this from context attr - rc5Params.rounds = 1; - rc5Params.wordSizeInBits = 32; - break; - case CSSM_ALGID_RC2: - { - spec.encryptionMethodName = POINTER("rc2"); - spec.encryptionParams = POINTER(&rc2Params); - // effective key size in bits - either from Context, - // or the key - uint32 bits = context.getInt(CSSM_ATTRIBUTE_EFFECTIVE_BITS); - if(bits == 0) { - // OK, try the key - CssmKey &key = context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - bits = key.KeyHeader.LogicalKeySizeInBits; - } - rc2Params.effectiveKeyBits = bits; - break; - } - } - - // feedback mode - cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE); - switch (cssmMode) { - /* no mode attr --> 0 == CSSM_ALGMODE_NONE, not currently supported */ - case CSSM_ALGMODE_CBCPadIV8: - requirePad = true; - // and fall thru - case CSSM_ALGMODE_CBC_IV8: - { - iv = context.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - spec.feedbackMethodName = POINTER("cbc"); - spec.feedbackParams = POINTER(&iv); - hasIV = true; - break; - } - case CSSM_ALGMODE_OFB_IV8: { - iv = context.get(CSSM_ATTRIBUTE_INIT_VECTOR, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); - spec.feedbackMethodName = POINTER("ofb"); - spec.feedbackParams = POINTER(&iv); - hasIV = true; - break; - } - case CSSM_ALGMODE_ECB: { - spec.feedbackMethodName = POINTER("ecb"); - spec.feedbackParams = POINTER(&blockSize); - break; - } - default: - errorLog1("BSafe symmetric init: illegal mode (%d)\n", (int)cssmMode); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - - // padding - spec.paddingParams = NULL_PTR; - /* no padding attr --> 0 == PADDING_NONE */ - padEnable = false; - uint32 cssmPadding = context.getInt(CSSM_ATTRIBUTE_PADDING); - if(requirePad) { - switch(cssmPadding) { - case CSSM_PADDING_PKCS1: // for backwards compatibility - case CSSM_PADDING_PKCS5: - case CSSM_PADDING_PKCS7: - spec.paddingMethodName = POINTER("pad"); - padEnable = true; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - } - else { - if(cssmPadding != CSSM_PADDING_NONE) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - else { - spec.paddingMethodName = POINTER("nopad"); - } - } - - // put it all together - setAlgorithm(AI_FeedbackCipher, &spec); // set BSafe algorithm - setKeyFromContext(context); // set BSafe key - cipherInit(); // common cryption init -} - -void BSafe::BlockCipherContext::RC4init( - const Context &context) -{ - setAlgorithm(AI_RC4, NULL); // set BSafe algorithm - setKeyFromContext(context); // set BSafe key - padEnable = false; - cipherInit(); // common cryption init -} - -void BSafe::BlockCipherContext::trackUpdate(size_t inSize, size_t outSize) -{ - size_t newPending = pending + inSize; - pending = newPending % blockSize; - - /* - * Most of the time, the max size buffered by BSAFE is - * blockSize - 1 bytes. When decrypting and padding is enabled, - * BSAFE buffers up to a full block. - */ - if(!mDirection && //Êdecrypting - padEnable && // padding - (pending == 0) && // mod result was 0 - (newPending > 0)) { // but nonzero total - /* BSAFE is holding a whole block in its buffer */ - pending = blockSize; - } - bbprintf("===trackUpdte: %s; inSize=%d newPending=%d pending=%d", - (mDirection ? "encrypt" : "decrypt"), - inSize, newPending, pending); -} - -size_t BSafe::BlockCipherContext::inputSize(size_t outSize) -{ - // if we have an 'outSize' output buffer, how many input bytes may we feed in? - size_t wholeBlocks = outSize / blockSize; - return wholeBlocks * blockSize - pending + (blockSize - 1); -} - -size_t BSafe::BlockCipherContext::outputSize(bool final, size_t inSize) -{ - // how much output buffer will we need for 'size' input bytes? - - size_t totalToGo = inSize + pending; - // total to go, rounded up to next block - size_t numBlocks = (totalToGo + blockSize - 1) / blockSize; - size_t outSize; - - /* - * encrypting: may get one additional block on final() if padding - * decrypting: outsize always <= insize - */ - if(mDirection && // encrypting - final && // last time - padEnable && // padding enabled - ((totalToGo % blockSize) == 0)) { // even ptext len - numBlocks++; // extra pad block - } - outSize = numBlocks * blockSize; - bbprintf("===outputSize: %s; final=%d inSize=%d pending=%d outSize=%d", - (mDirection ? "encrypt" : "decrypt"), - final, inSize, pending, outSize); - return outSize; -} - -void BSafe::BlockCipherContext::minimumProgress(size_t &inSize, size_t &outSize) -{ - // eat up buffer, proceed one full block - inSize = blockSize - pending; - outSize = blockSize; -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsafecsp.h b/AppleCSP/BSafeCSP/bsafecsp.h deleted file mode 100644 index b542b791..00000000 --- a/AppleCSP/BSafeCSP/bsafecsp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafecsp - top C++ implementation layer for BSafe 4 -// -#ifndef _H_BSAFECSP -#define _H_BSAFECSP - -#include -#include "AppleCSP.h" - -/* Can't include AppleCSPSession.h due to circular dependency */ -class AppleCSPSession; - -// no longer a subclass of AlgorithmFactory due to -// differing setup() methods -class BSafeFactory : public AppleCSPAlgorithmFactory { -public: - - BSafeFactory( - CssmAllocator *normAlloc = NULL, - CssmAllocator *privAlloc = NULL) - { - setNormAllocator(normAlloc); - setPrivAllocator(privAlloc); - } - ~BSafeFactory() { } - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - - static void setNormAllocator(CssmAllocator *alloc); - static void setPrivAllocator(CssmAllocator *alloc); - -}; - -#endif //_H_BSAFECSP -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsafecspi.h b/AppleCSP/BSafeCSP/bsafecspi.h deleted file mode 100644 index f5b2c236..00000000 --- a/AppleCSP/BSafeCSP/bsafecspi.h +++ /dev/null @@ -1,463 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsafecspi - implementation layer for C++ BSafe 4 interface -// -#ifndef _H_BSAFECSPI -#define _H_BSAFECSPI - -#include -#include "bsobjects.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include -#include - -// -// The BSafe class is more of a namespace than anything else. -// Just think of it as the "static binder" for BSafe's objects. -// Note that we keep a global, static allocator. We have to; BSafe -// doesn't have any state management at that level. -// -class BSafe { - class BSafeContext; friend class BSafeContext; - class BSafeFactory; friend class BSafeFactory; - -public: - static void setNormAllocator(CssmAllocator *alloc) - { assert(!normAllocator); normAllocator = alloc; } - static void setPrivAllocator(CssmAllocator *alloc) - { assert(!privAllocator); privAllocator = alloc; } - - static bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - -private: - // BSafe's memory allocators - static CssmAllocator *normAllocator; - static CssmAllocator *privAllocator; - friend POINTER T_malloc(unsigned int); - friend void T_free(POINTER); - friend POINTER T_realloc(POINTER, unsigned int); - - static const B_ALGORITHM_METHOD * const bsChooser[]; - -private: - // BSafe-specific BinaryKey class. - class BSafeBinaryKey : public BinaryKey { - - public: - BSafeBinaryKey( - bool isPub, - uint32 alg); // CSSM_ALGID_{RSA,DSA} - ~BSafeBinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - bool isPublic() { return mIsPublic; } - uint32 alg() { return mAlg; } - B_KEY_OBJ bsKey() { return mBsKey; } - - private: - bool mIsPublic; - uint32 mAlg; // CSSM_ALGID_{RSA,DSA} - B_KEY_OBJ mBsKey; - }; - -private: - // - // The BSafeContext class is the parent of all BSafe-used CSPContext objects. - // It implements the CSPContext operation functions (init, update, ...) in terms - // of pointer-to-member fields set by its subclasses. This may not be pretty, but - // it avoids every subclass having to re-implement all CSPContext operations. - // Beyond that, we implement a raftload of utility methods for our children. - // - class BSafeContext : public AppleCSPContext { - friend class BSafe; - public: - BSafeContext(AppleCSPSession &session); - virtual ~BSafeContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - void update(const CssmData &data); - void update(void *inp, size_t &inSize, void *outp, size_t &outSize); - void final(CssmData &out); - void final(const CssmData &in); - size_t outputSize(bool final, size_t inSize); - - protected: - // install a BSafe algorithm into bsAlgorithm - void setAlgorithm(B_INFO_TYPE bAlgType, const void *info = NULL); - - // safely create bsKey - void createBsKey(); - - // set bsKey. The different versions are equivalent - void setKeyAtom(B_INFO_TYPE bKeyInfo, const void *info); - void setKeyFromItem(B_INFO_TYPE bKeyInfo, const BSafeItem &item) - { setKeyAtom(bKeyInfo, &item); } - void setKeyFromCssmKey(B_INFO_TYPE bKeyInfo, const CssmKey &key) - { BSafeItem item(key.KeyData); setKeyAtom(bKeyInfo, &item); } - void setKeyFromCssmData(B_INFO_TYPE bKeyInfo, const CssmData &keyData) - { BSafeItem item(keyData); setKeyAtom(bKeyInfo, &item); } - void setKeyFromContext(const Context &context, bool required = true); - - void setRefKey(CssmKey &key); - void setRsaOutSize(bool isPubKey); - - // create mRandom to be a suitable random-generator BSafe object (if it isn't yet) - void setRandom(); - - // trackUpdate is called during crypto-output. Hook it to keep track of data flow - virtual void trackUpdate(size_t in, size_t out); - - // destroy bsAlgorithm and bsKey so we can start over making them - void reset(); - - // clear key state - void destroyBsKey(); - - // determine if we can reuse the current bsAlgorithm - bool reusing(bool encode = true) - { - if (initialized && !opStarted && - (encode == encoding)) return true; - encoding = encode; - return false; - } - - public: - // - // These pointers-to-member are called by the BSafeContext operations - // (update, final). They must be set by a subclasses's init() method. - // Not all members are used by all types of operations - check the - // source when in doubt. - // - int (*inUpdate)(B_ALGORITHM_OBJ, POINTER, unsigned int, A_SURRENDER_CTX *); - int (*inOutUpdate)(B_ALGORITHM_OBJ, POINTER, unsigned int *, unsigned int, - POINTER, unsigned int, B_ALGORITHM_OBJ, A_SURRENDER_CTX *); - int (*inFinal)(B_ALGORITHM_OBJ, POINTER, unsigned int, A_SURRENDER_CTX *); - int (*inFinalR)(B_ALGORITHM_OBJ, POINTER, unsigned int, - B_ALGORITHM_OBJ, A_SURRENDER_CTX *); - int (*outFinalR)(B_ALGORITHM_OBJ, POINTER, unsigned int *, unsigned int, - B_ALGORITHM_OBJ, A_SURRENDER_CTX *); - int (*outFinal)(B_ALGORITHM_OBJ, POINTER, unsigned int *, unsigned int, - A_SURRENDER_CTX *); - - protected: - - // un-consted bsChooser for BSafe's consumption. BSafe's Bad - static B_ALGORITHM_METHOD **chooser() - { return const_cast(bsChooser); } - - // a placeholder for a surrender context. Not currently used - // @@@ should perhaps test for pthread cancel? --> thread abstraction - static A_SURRENDER_CTX * const bsSurrender; - - protected: - B_ALGORITHM_OBJ bsAlgorithm; // BSafe algorithm object or NULL - B_ALGORITHM_OBJ bsRandom; // PRNG algorithm - bool encoding; // encoding direction - bool initialized; // method init() has completed - bool opStarted; // method update() has been called - // generally means that we can't reuse - // the current bsAlgorithm - // - // We have a binKey only if the caller passed in a reference - // key. In that case we avoid deleting bsKey - which is a copy - // of binKey.bsKey - because a BinaryKey is persistent - // relative to this context. - // - BSafeBinaryKey *bsBinKey; - B_KEY_OBJ bsKey; // BSafe key object or NULL - - size_t mOutSize; // simple output size, if applicable - }; /* BSafeContext */ - - // contexts for BSafe digest operations - class DigestContext : public BSafeContext { - public: - // do all work in constructor. We have no directions; thus default init() works fine - DigestContext( - AppleCSPSession &session, - const Context &, - B_INFO_TYPE bAlgInfo, - size_t sz); - }; - - // common context features for BSafe cipher operations (both symmetric and asymmetric) - class CipherContext : public BSafeContext { - public: - CipherContext( - AppleCSPSession &session) : - BSafeContext(session), - pending(0) {} - - protected: - size_t pending; // bytes not eaten still pending (staged only) - public: - void cipherInit(); // common init code (must be called from init()) - }; - - // contexts for block cipher operations using symmetric algorithms - class BlockCipherContext : public CipherContext { - size_t blockSize; - uint32 cssmAlg; - uint32 cssmMode; - bool padEnable; - public: - BlockCipherContext( - AppleCSPSession &session, - const Context &, - size_t sz) : - CipherContext(session), - blockSize(sz) { } - void init(const Context &context, bool encrypting); - size_t inputSize(size_t outSize); - size_t outputSize(bool final, size_t inSize); - void minimumProgress(size_t &in, size_t &out); - void trackUpdate(size_t in, size_t out); - private: - // special case for RC4 - void RC4init(const Context &context); - }; - - // context for generating public/private key pairs - class BSafeKeyPairGenContext : public BSafeContext, - private AppleKeyPairGenContext { - public: - BSafeKeyPairGenContext( - AppleCSPSession &session, - const Context &) : - BSafeContext(session) {} - - // generate alg params, not handled by PublicKeyGenerateContext - // For DSA only. - void generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, - uint32 &attrCount, - Context::Attr * &attrs); - - // this one is specified in CSPFullPluginSession - void generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey); - - // this one in AppleKeyPairGenContext - void generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keySize); - - private: - void setupAlgorithm( - const Context &context, - uint32 &keySize); - - }; /* BSafeKeyPairGenContext */ - - // public key cipher operations - class PublicKeyCipherContext : public CipherContext { - public: - PublicKeyCipherContext( - AppleCSPSession &session, - const Context &) : - CipherContext(session) { } - void init(const Context &context, bool encrypting); - size_t inputSize(size_t outSize); // unlimited - }; - - // contexts for BSafe signing/verifying operations - class SigningContext : public BSafeContext { - B_INFO_TYPE algorithm; - public: - SigningContext( - AppleCSPSession &session, - const Context &, - B_INFO_TYPE bAlg, - size_t sz) : - BSafeContext(session), - algorithm(bAlg) { mOutSize = sz; } - void init(const Context &context, bool signing); - }; - - // contexts for BSafe MAC generation and verification - class MacContext : public BSafeContext { - B_INFO_TYPE algorithm; - public: - MacContext( - AppleCSPSession &session, - const Context &, - B_INFO_TYPE bAlg, - size_t sz) : - BSafeContext(session), - algorithm(bAlg) { mOutSize = sz; } - void init(const Context &context, bool signing); - void final(const CssmData &in); - }; - - // contexts for BSafe's random number generation - class RandomContext : public BSafeContext { - B_INFO_TYPE algorithm; - public: - RandomContext( - AppleCSPSession &session, - const Context &, - B_INFO_TYPE alg) : - BSafeContext(session), - algorithm(alg) { } - void init(const Context &context, bool); - void final(CssmData &data); - }; - - // symmetric key generation context - class SymmetricKeyGenContext : public BSafeContext, - private AppleSymmKeyGenContext { - public: - SymmetricKeyGenContext( - AppleCSPSession &session, - const Context &ctx, - uint32 minSizeInBits, - uint32 maxSizeInBits, - bool mustBeByteSized) : - BSafeContext(session), - AppleSymmKeyGenContext( - minSizeInBits, - maxSizeInBits, - mustBeByteSized) { } - - void generate( - const Context &context, - CssmKey &symKey, - CssmKey &dummyKey); - - }; - -public: - /* - * Stateless, private function to map a CSSM alg and pub/priv state - * to B_INFO_TYPE and format. Returns true on success, false on - * "I don't understand this algorithm". - */ - static bool bsafeAlgToInfoType( - CSSM_ALGORITHMS alg, - bool isPublic, - B_INFO_TYPE &infoType, // RETURNED - CSSM_KEYBLOB_FORMAT &format); // RETURNED - - /* check result of a BSafe call and throw on error */ - static void check(int status, bool isKeyOp = false); - - /* moved here from BSafeContext - now works on any key */ - template - static KI_Type *getKey(B_KEY_OBJ bKey, B_INFO_TYPE type) - { - POINTER p; - check(B_GetKeyInfo(&p, bKey, type), true); - return reinterpret_cast(p); - } - - - // - // The context generation table - see algmaker.cpp. - // -public: - // Base class for Maker classes - class MakerBase { - public: - virtual ~MakerBase() { } - virtual BSafeContext *make( - AppleCSPSession &session, - const Context &context) const = 0; - }; - - // One entry in Maker table - struct MakerTable { - CSSM_ALGORITHMS algorithmId; - CSSM_CONTEXT_TYPE algClass; - const MakerBase *maker; - ~MakerTable() { delete maker; } - }; - -private: - static bug_const MakerTable algorithms[]; - static const unsigned int algorithmCount; - - /* - * CSPKeyInfoProvider for BSafe keys - */ - class BSafeKeyInfoProvider : public CSPKeyInfoProvider - { -private: - BSafeKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); - public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - ~BSafeKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - }; - -}; /* BSAFE namespace */ - -/* - * BSAFE Key Info types. - */ -#define BLOB_IS_PUB_KEY_INFO 0 - -#if BLOB_IS_PUB_KEY_INFO - -/* X beta values */ -#define RSA_PUB_KEYINFO_TYPE KI_RSAPublicBER -#define RSA_PRIV_KEYINFO_TYPE KI_PKCS_RSAPrivateBER -#define DSA_PUB_KEYINFO_TYPE KI_DSAPublicBER -#define DSA_PRIV_KEYINFO_TYPE KI_DSAPrivateBER - -#else /* BLOB_IS_PUB_KEY_INFO */ - -#define RSA_PUB_KEYINFO_TYPE KI_RSAPublic -#define RSA_PRIV_KEYINFO_TYPE KI_PKCS_RSAPrivateBER -#define DSA_PUB_KEYINFO_TYPE KI_DSAPublicBER -#define DSA_PRIV_KEYINFO_TYPE KI_DSAPrivateBER - -#endif - -#endif //_H_BSAFECSP -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/bsobjects.h b/AppleCSP/BSafeCSP/bsobjects.h deleted file mode 100644 index 166a64c4..00000000 --- a/AppleCSP/BSafeCSP/bsobjects.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// bsobjects - C++ adaptations of popular BSafe 4 object types -// -#ifndef _H_BSOBJECTS -#define _H_BSOBJECTS - -#include -#include -#include -#include - -// -// A PodWrapper for BSafe's ITEM objects -// -class BSafeItem : public PodWrapper { -public: - BSafeItem() { ((ITEM *)this)->data = NULL; len = 0; } - BSafeItem(void *addr, size_t sz) - { ((ITEM *)this)->data = (unsigned char *)addr; len = sz; } - BSafeItem(const CSSM_DATA &cData) - { ((ITEM *)this)->data = cData.Data; len = cData.Length; } - BSafeItem(const ITEM &cData) - { *(ITEM *)this = cData; } - - void operator = (const CssmData &cData) - { ((ITEM *)this)->data = (unsigned char *)cData.data(); len = cData.length(); } - - void *data() const { return ((ITEM *)this)->data; } - size_t length() const { return len; } - - template - T copy(CssmAllocator &alloc) - { return T(memcpy(alloc.malloc(length()), data(), length()), length()); } - - template - T *copyp(CssmAllocator &alloc) - { return new(alloc) T(copy(alloc)); } - - void *operator new (size_t size, CssmAllocator &alloc) - { return alloc.malloc(size); } -}; - -#endif //_H_BSOBJECTS -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/memory.cpp b/AppleCSP/BSafeCSP/memory.cpp deleted file mode 100644 index 7d4f3202..00000000 --- a/AppleCSP/BSafeCSP/memory.cpp +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - - -// -// memory - memory functions for BSafe -// -#include -#include -#include "bsafecspi.h" - - -// declared in bsafecspi.h.... -CssmAllocator *BSafe::normAllocator; -CssmAllocator *BSafe::privAllocator; - -// We use the private allocator for all BSAFE-alalocated memory. -// Memory allocated my BSAFE should never be visible by apps. - -POINTER CALL_CONV T_malloc (unsigned int size) -{ - return reinterpret_cast(BSafe::privAllocator->malloc(size)); -} - -POINTER CALL_CONV T_realloc (POINTER p, unsigned int size) -{ - POINTER result; - if ((result = (POINTER)BSafe::privAllocator->realloc(p, size)) == NULL_PTR) - free (p); - return (result); -} - -void CALL_CONV T_free (POINTER p) -{ - BSafe::privAllocator->free(p); -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/miscalgorithms.cpp b/AppleCSP/BSafeCSP/miscalgorithms.cpp deleted file mode 100644 index 4934cf22..00000000 --- a/AppleCSP/BSafeCSP/miscalgorithms.cpp +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifdef BSAFE_CSP_ENABLE - -// -// miscalgorithms - miscellaneous BSafe context creators and managers -// -#include "bsafecspi.h" - -#include // debug - - -// -// Digest algorithms. -// NOTE: There is no init() method, since BSafe digest algorithms re-initialize -// automatically and there is no directional difference. -// -BSafe::DigestContext::DigestContext( - AppleCSPSession &session, - const Context &, - B_INFO_TYPE bAlgInfo, - size_t sz) - : BSafeContext(session) -{ - mOutSize = sz; - inUpdate = B_DigestUpdate; - outFinal = B_DigestFinal; - setAlgorithm(bAlgInfo); - check(B_DigestInit(bsAlgorithm, bsKey, chooser(), bsSurrender)); - initialized = true; -} - - -// -// Signing/Verifying algorithms -// -// FIXME: -// We really should match the key algorithm to the sign/vfy -// algorithm. Also: verify key usage bits. -void BSafe::SigningContext::init( - const Context &context, - bool signing) -{ - if (reusing(signing)) - return; // all set to go - - setAlgorithm(algorithm, NULL); - setKeyFromContext(context); // may set outSize for some keys - - if (signing) { - check(B_SignInit(bsAlgorithm, bsKey, chooser(), bsSurrender)); - setRandom(); // needed by some signing algorithms - inUpdate = B_SignUpdate; - outFinalR = B_SignFinal; - outFinal = NULL; - } else { - check(B_VerifyInit(bsAlgorithm, bsKey, chooser(), bsSurrender)); - inUpdate = B_VerifyUpdate; - inFinalR = B_VerifyFinal; - inFinal = NULL; - } -} - - -// -// MAC algorithms. -// Note that BSafe treats MACs as digest algorithms - it has no MAC algorithm -// class. Thus, verifying consists of "digesting" followed by comparing the result. -// -// FIXME : what kind of key do we expect here? For now, any old -// symmetric key will work... -// -void BSafe::MacContext::init( - const Context &context, - bool signing) -{ - if (reusing(signing)) - return; // all set to go - - B_DIGEST_SPECIFIER digestSpec; - digestSpec.digestInfoType = algorithm; - digestSpec.digestInfoParams = NULL; - - setAlgorithm(AI_HMAC, &digestSpec); - setKeyFromContext(context); - check(B_DigestInit(bsAlgorithm, bsKey, chooser(), bsSurrender)); - - if (signing) { - inUpdate = B_DigestUpdate; - outFinal = B_DigestFinal; - } else { - inUpdate = B_DigestUpdate; - // need not set xxFinal - we override final(). - } -} - -void BSafe::MacContext::final(const CssmData &in) -{ - // we need to perform a DigestFinal step into a temp buffer and compare to 'in' - void *digest = normAllocator->malloc(in.length()); - unsigned int length; - check(B_DigestFinal(bsAlgorithm, POINTER(digest), &length, in.length(), bsSurrender)); - bool verified = length == in.length() && !memcmp(digest, in.data(), in.length()); - normAllocator->free(digest); - initialized = false; - if (!verified) - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); -} - - -// -// Random-number generation algorithms. -// Note that we don't use bsRandom, since that's our internal fixed "best to use" method, -// not the one the user asked for. -// NOTE: We freeze the output size at init(). -// -void BSafe::RandomContext::init(const Context &context, bool) -{ - reset(); // throw away, we need to re-seed anyway - setAlgorithm(algorithm, NULL); // MD5 generator mode (RSA proprietary) - check(B_RandomInit(bsAlgorithm, chooser(), bsSurrender)); - - // set/freeze output size - mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE); - - // seed the PRNG (if specified) - if (const CssmCryptoData *seed = context.get(CSSM_ATTRIBUTE_SEED)) { - const CssmData &seedValue = (*seed)(); - check(B_RandomUpdate(bsAlgorithm, POINTER(seedValue.data()), seedValue.length(), bsSurrender)); - } -} - -void BSafe::RandomContext::final(CssmData &data) -{ - check(B_GenerateRandomBytes(bsAlgorithm, POINTER(data.data()), mOutSize, bsSurrender)); -} -#endif /* BSAFE_CSP_ENABLE */ diff --git a/AppleCSP/BSafeCSP/test/t-dsa.cpp b/AppleCSP/BSafeCSP/test/t-dsa.cpp deleted file mode 100644 index 47d20b31..00000000 --- a/AppleCSP/BSafeCSP/test/t-dsa.cpp +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include -#include - -#include -#include -#include - - -B_ALGORITHM_METHOD *chooser[] = { - &AM_DSA_KEY_GEN, - &AM_DSA_PARAM_GEN, - &AM_SHA_RANDOM, - NULL -}; - -void dumpItem(ITEM &item, const char *name); - -unsigned char seed[] = { 17, 205, 99, 13, 6, 199 }; - - -#define check(expr) \ - if (status = (expr)) { printf("error %d at %d\n", status, __LINE__); abort(); } else /* ok */ - -int main(int argc, char *argv[]) -{ - int status; - - int keySize = argv[1] ? atoi(argv[1]) : 512; - printf("Key size = %d bits\n", keySize); - - B_ALGORITHM_OBJ pGen = NULL; - check(B_CreateAlgorithmObject(&pGen)); - B_DSA_PARAM_GEN_PARAMS gParams; - gParams.primeBits = keySize; - check(B_SetAlgorithmInfo(pGen, AI_DSAParamGen, POINTER(&gParams))); - - B_ALGORITHM_OBJ random = NULL; check(B_CreateAlgorithmObject(&random)); - check(B_SetAlgorithmInfo(random, AI_X962Random_V0, NULL)); - check(B_RandomInit(random, chooser, NULL)); - check(B_RandomUpdate(random, seed, sizeof(seed), NULL)); - - check(B_GenerateInit(pGen, chooser, NULL)); - B_ALGORITHM_OBJ result = NULL; - check(B_CreateAlgorithmObject(&result)); - printf("Generating DSA parameters\n"); - check(B_GenerateParameters(pGen, result, random, NULL)); - printf("DSA generate complete, writing...\n"); - - A_DSA_PARAMS *dParams; - memset(&dParams, 0, sizeof(dParams)); - check(B_GetAlgorithmInfo((POINTER *)&dParams, result, AI_DSAKeyGen)); - dumpItem(dParams->prime, "prime"); - dumpItem(dParams->subPrime, "subprime"); - dumpItem(dParams->base, "base"); - -#if 0 - B_KEY_OBJ pubKey = NULL; check(B_CreateKeyObject(&pubKey)); - B_KEY_OBJ privKey = NULL; check(B_CreateKeyObject(&privKey)); - - B_ALGORITHM_OBJ gen = NULL; check(B_CreateAlgorithmObject(&gen)); - A_RSA_KEY_GEN_PARAMS args; - args.modulusBits = keySize; - args.publicExponent.data = exponent; - args.publicExponent.len = sizeof(exponent); - check(B_SetAlgorithmInfo(gen, AI_RSAStrongKeyGen, POINTER(&args))); - check(B_GenerateInit(gen, chooser, NULL)); - check(B_GenerateKeypair(gen, pubKey, privKey, random, NULL)); - - B_ALGORITHM_OBJ enc = NULL; check(B_CreateAlgorithmObject(&enc)); - check(B_SetAlgorithmInfo(enc, AI_PKCS_RSAPublic, NULL)); - check(B_EncryptInit(enc, pubKey, chooser, NULL)); - unsigned int inLen; - check(B_EncryptUpdate(enc, crypt, &inLen, sizeof(crypt), - POINTER(in), sizeof(in), random, NULL)); - printf("EncryptUpdate output = %u\n", inLen); - check(B_EncryptFinal(enc, crypt, &inLen, sizeof(crypt), random, NULL)); - printf("EncryptFinal output=%u\n", inLen); - - B_ALGORITHM_OBJ dec = NULL; check(B_CreateAlgorithmObject(&dec)); - check(B_SetAlgorithmInfo(dec, AI_PKCS_RSAPrivate, NULL)); - check(B_DecryptInit(dec, privKey, chooser, NULL)); - unsigned int outLen, outLen2; - check(B_DecryptUpdate(dec, out, &outLen, sizeof(out), - crypt, inLen, random, NULL)); - printf("DecryptUpdate output = %u\n", outLen); - check(B_DecryptFinal(dec, out2, &outLen2, sizeof(out2), random, NULL)); - printf("DecryptFinal output=%u %s\n", outLen2, (char*)out2); - B_DestroyKeyObject(&pubKey); - B_DestroyKeyObject(&privKey); -#endif - - exit(0); -} - -void dumpItem(ITEM &item, const char *name) -{ - printf("%s [%d] ", name, item.len); - for (unsigned char *p = item.data; p < item.data + item.len; p++) - printf("%2.2x", *p); - printf("\n"); -} - - - - - -void T_free(POINTER p) -{ free(p); } - -POINTER T_malloc(unsigned int size) -{ return (POINTER)malloc(size); } - -POINTER T_realloc(POINTER p, unsigned int size) -{ return (POINTER)realloc(p, size); } - -int T_memcmp(POINTER p1, POINTER p2, unsigned int size) -{ return memcmp(p1, p2, size); } -void T_memcpy(POINTER p1, POINTER p2, unsigned int size) -{ memcpy(p1, p2, size); } -void T_memmove(POINTER p1, POINTER p2, unsigned int size) -{ memmove(p1, p2, size); } -void T_memset(POINTER p1, int size, unsigned int val) -{ memset(p1, size, val); } -extern "C" int T_GetDynamicList() -{ printf("GetDynamicList!\n"); abort(); } diff --git a/AppleCSP/BSafeCSP/test/t-rsa.cpp b/AppleCSP/BSafeCSP/test/t-rsa.cpp deleted file mode 100644 index 950c647e..00000000 --- a/AppleCSP/BSafeCSP/test/t-rsa.cpp +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include -#include - -#include -#include -#include - - -B_ALGORITHM_METHOD *chooser[] = { - &AM_SHA_RANDOM, - &AM_RSA_KEY_GEN, - &AM_RSA_STRONG_KEY_GEN, - &AM_RSA_ENCRYPT, - &AM_RSA_DECRYPT, - &AM_RSA_CRT_ENCRYPT, - &AM_RSA_CRT_DECRYPT, - NULL -}; - - -char in[] = "something wicked this way comes, " - "and it's a private key!"; -unsigned char crypt[1024]; -unsigned char out[1024], out2[1024]; - -unsigned char seed[] = { 17, 22, 99, 205, 3 }; - -unsigned char exponent[] = { 1, 0, 1 }; - -#define check(expr) \ - if (status = (expr)) { printf("error %d at %d\n", status, __LINE__); abort(); } else /* ok */ - -int main(int argc, char *argv[]) -{ - int status; - - int keySize = argv[1] ? atoi(argv[1]) : 512; - printf("Key size = %d bits\n", keySize); - - B_KEY_OBJ pubKey = NULL; check(B_CreateKeyObject(&pubKey)); - B_KEY_OBJ privKey = NULL; check(B_CreateKeyObject(&privKey)); - - B_ALGORITHM_OBJ random = NULL; check(B_CreateAlgorithmObject(&random)); - check(B_SetAlgorithmInfo(random, AI_X962Random_V0, NULL)); - check(B_RandomInit(random, chooser, NULL)); - check(B_RandomUpdate(random, seed, sizeof(seed), NULL)); - for (int n = 0; n < 5; n++) { - unsigned char buf[4]; - check(B_GenerateRandomBytes(random, - POINTER(buf), sizeof(buf), NULL)); - printf("Randoms = "); - for (int n = 0; n < sizeof(buf); n++) - printf("%2.2x", buf[n]); - printf("\n"); - } - - B_ALGORITHM_OBJ gen = NULL; check(B_CreateAlgorithmObject(&gen)); - A_RSA_KEY_GEN_PARAMS args; - args.modulusBits = keySize; - args.publicExponent.data = exponent; - args.publicExponent.len = sizeof(exponent); - check(B_SetAlgorithmInfo(gen, AI_RSAStrongKeyGen, POINTER(&args))); - check(B_GenerateInit(gen, chooser, NULL)); - check(B_GenerateKeypair(gen, pubKey, privKey, random, NULL)); - - B_ALGORITHM_OBJ enc = NULL; check(B_CreateAlgorithmObject(&enc)); - check(B_SetAlgorithmInfo(enc, AI_PKCS_RSAPublic, NULL)); - check(B_EncryptInit(enc, pubKey, chooser, NULL)); - unsigned int inLen; - check(B_EncryptUpdate(enc, crypt, &inLen, sizeof(crypt), - POINTER(in), sizeof(in), random, NULL)); - printf("EncryptUpdate output = %u\n", inLen); - check(B_EncryptFinal(enc, crypt, &inLen, sizeof(crypt), random, NULL)); - printf("EncryptFinal output=%u\n", inLen); - - B_ALGORITHM_OBJ dec = NULL; check(B_CreateAlgorithmObject(&dec)); - check(B_SetAlgorithmInfo(dec, AI_PKCS_RSAPrivate, NULL)); - check(B_DecryptInit(dec, privKey, chooser, NULL)); - unsigned int outLen, outLen2; - check(B_DecryptUpdate(dec, out, &outLen, sizeof(out), - crypt, inLen, random, NULL)); - printf("DecryptUpdate output = %u\n", outLen); - check(B_DecryptFinal(dec, out2, &outLen2, sizeof(out2), random, NULL)); - printf("DecryptFinal output=%u %s\n", outLen2, (char*)out2); - - - B_DestroyKeyObject(&pubKey); - B_DestroyKeyObject(&privKey); - B_DestroyAlgorithmObject(&random); - exit(0); -} - -void T_free(POINTER p) -{ free(p); } - -POINTER T_malloc(unsigned int size) -{ return (POINTER)malloc(size); } - -POINTER T_realloc(POINTER p, unsigned int size) -{ return (POINTER)realloc(p, size); } - -int T_memcmp(POINTER p1, POINTER p2, unsigned int size) -{ return memcmp(p1, p2, size); } -void T_memcpy(POINTER p1, POINTER p2, unsigned int size) -{ memcpy(p1, p2, size); } -void T_memmove(POINTER p1, POINTER p2, unsigned int size) -{ memmove(p1, p2, size); } -void T_memset(POINTER p1, int size, unsigned int val) -{ memset(p1, size, val); } -extern "C" int T_GetDynamicList() -{ printf("GetDynamicList!\n"); abort(); } diff --git a/AppleCSP/BSafeCSP/test/t.cpp b/AppleCSP/BSafeCSP/test/t.cpp deleted file mode 100644 index 3ed1c7f4..00000000 --- a/AppleCSP/BSafeCSP/test/t.cpp +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include -#include - -#include -#include -#include - - -B_ALGORITHM_METHOD *chooser[] = { - &AM_SHA, - &AM_SHA_RANDOM, - NULL -}; - -void dumpItem(ITEM &item, const char *name); - -unsigned char seed[] = { 17, 205, 99, 13, 6, 199 }; -char data[] = "These are the times that try men's souls."; - - -#define check(expr) \ - if (status = (expr)) { printf("error %d at %d\n", status, __LINE__); abort(); } else /* ok */ - -int main(int argc, char *argv[]) -{ - int status; - - ITEM key; - key.data = (unsigned char *)"Walla Walla Washington! Yeah, yeah, yeah!"; - key.len = strlen((const char *)key.data); - B_KEY_OBJ bsKey = NULL; - check(B_CreateKeyObject(&bsKey)); - check(B_SetKeyInfo(bsKey, KI_Item, POINTER(&key))); - - B_ALGORITHM_OBJ macAlg = NULL; - check(B_CreateAlgorithmObject(&macAlg)); - B_DIGEST_SPECIFIER macSpec; - macSpec.digestInfoType = AI_SHA1; - macSpec.digestInfoParams = NULL_PTR; - check(B_SetAlgorithmInfo(macAlg, AI_HMAC, POINTER(&macSpec))); - - check(B_DigestInit(macAlg, bsKey, chooser, NULL)); - check(B_DigestUpdate(macAlg, - POINTER(data), sizeof(data), NULL)); - char mac[128]; - unsigned int length; - check(B_DigestFinal(macAlg, POINTER(mac), &length, sizeof(mac), - NULL)); - ITEM macItem; macItem.data = POINTER(mac); macItem.len = length; - dumpItem(macItem, "MAC"); - - check(B_DigestUpdate(macAlg, POINTER(data), 10, NULL)); - check(B_DigestUpdate(macAlg, - POINTER(data+10), sizeof(data)-10, NULL)); - check(B_DigestFinal(macAlg, POINTER(mac), &length, sizeof(mac), - NULL)); - macItem.data = POINTER(mac); macItem.len = length; - dumpItem(macItem, "MAC"); - - printf("Done.\n"); - - exit(0); -} - -void dumpItem(ITEM &item, const char *name) -{ - printf("%s [%d] ", name, item.len); - for (unsigned char *p = item.data; p < item.data + item.len; p++) - printf("%2.2x", *p); - printf("\n"); -} - - - - - -void T_free(POINTER p) -{ free(p); } - -POINTER T_malloc(unsigned int size) -{ return (POINTER)malloc(size); } - -POINTER T_realloc(POINTER p, unsigned int size) -{ return (POINTER)realloc(p, size); } - -int T_memcmp(POINTER p1, POINTER p2, unsigned int size) -{ return memcmp(p1, p2, size); } -void T_memcpy(POINTER p1, POINTER p2, unsigned int size) -{ memcpy(p1, p2, size); } -void T_memmove(POINTER p1, POINTER p2, unsigned int size) -{ memmove(p1, p2, size); } -void T_memset(POINTER p1, int size, unsigned int val) -{ memset(p1, size, val); } -extern "C" int T_GetDynamicList() -{ printf("GetDynamicList!\n"); abort(); } diff --git a/AppleCSP/CVSVersionInfo.txt b/AppleCSP/CVSVersionInfo.txt deleted file mode 100644 index e4d9558e..00000000 --- a/AppleCSP/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:47 mb Exp $ -# $Name: $ -ProjectName: AppleCSP -ProjectVersion: 16 diff --git a/AppleCSP/ComCryption/ascContext.cpp b/AppleCSP/ComCryption/ascContext.cpp deleted file mode 100644 index 0ba7727c..00000000 --- a/AppleCSP/ComCryption/ascContext.cpp +++ /dev/null @@ -1,373 +0,0 @@ -/* - * ascContext.cpp - glue between BlockCrytpor and ComCryption (a.k.a. Apple - * Secure Compression). - * Written by Doug Mitchell 4/4/2001 - */ - -#ifdef ASC_CSP_ENABLE - -#include "ascContext.h" -#include "ascFactory.h" -#include -#include -#include - -#define abprintf(args...) secdebug("ascBuf", ## args) /* buffer sizes */ -#define aioprintf(args...) secdebug("ascIo", ## args) /* all I/O */ - -static CssmAllocator *ascAllocator; - -/* - * Comcryption-style memory allocator callbacks - */ -static void *ccMalloc(unsigned size) -{ - return ascAllocator->malloc(size); -} -static void ccFree(void *data) -{ - ascAllocator->free(data); -} - -/* Given a ComCryption error, throw appropriate CssmError */ -static void throwComcrypt( - comcryptReturn crtn, - const char *op) /* optional */ -{ - CSSM_RETURN cerr = CSSM_OK; - const char *errStr = "Bad Error String"; - - switch(crtn) { - case CCR_SUCCESS: - errStr = "CCR_SUCCESS"; - break; - case CCR_OUTBUFFER_TOO_SMALL: - errStr = "CCR_OUTBUFFER_TOO_SMALL"; - cerr = CSSMERR_CSP_OUTPUT_LENGTH_ERROR; - break; - case CCR_MEMORY_ERROR: - errStr = "CCR_MEMORY_ERROR"; - cerr = CSSMERR_CSP_MEMORY_ERROR; - break; - case CCR_WRONG_VERSION: - errStr = "CCR_WRONG_VERSION"; - cerr = CSSMERR_CSP_INVALID_DATA; - break; - case CCR_BAD_CIPHERTEXT: - errStr = "CCR_BAD_CIPHERTEXT"; - cerr = CSSMERR_CSP_INVALID_DATA; - break; - case CCR_INTERNAL: - default: - errStr = "CCR_INTERNAL"; - cerr = CSSMERR_CSP_INTERNAL_ERROR; - break; - } - if(op) { - Security::Syslog::error("Apple CSP %s: %s", op, errStr); - } - if(cerr) { - CssmError::throwMe(cerr); - } -} - -/* - * Algorithm factory. - */ - -AscAlgFactory::AscAlgFactory( - CssmAllocator *normAlloc, - CssmAllocator *privAlloc) -{ - /* once-per-address-space init */ - ascAllocator = privAlloc; - comMallocRegister(ccMalloc, ccFree); -} - -bool AscAlgFactory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - if(context.algorithm() != CSSM_ALGID_ASC) { - return false; - } - if(cspCtx != NULL) { - /* reusing one of ours; OK */ - return true; - } - switch(context.type()) { - case CSSM_ALGCLASS_KEYGEN: - cspCtx = new AppleSymmKeyGenerator(session, - 8, - COMCRYPT_MAX_KEYLENGTH * 8, - true); // must be byte size - return true; - case CSSM_ALGCLASS_SYMMETRIC: - cspCtx = new ASCContext(session); - return true; - default: - break; - } - /* not ours */ - return false; -} - -ASCContext::~ASCContext() -{ - if(mCcObj != NULL) { - comcryptObjFree(mCcObj); - } -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void ASCContext::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - comcryptReturn crtn; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_ASC, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < 1) || (keyLen > COMCRYPT_MAX_KEYLENGTH)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - mDecryptBufValid = false; - - /* optional optimization attribute */ - comcryptOptimize optimize = CCO_DEFAULT; - uint32 opt = context.getInt(CSSM_ATTRIBUTE_ASC_OPTIMIZATION); - switch(opt) { - case CSSM_ASC_OPTIMIZE_DEFAULT: - optimize = CCO_DEFAULT; - break; - case CSSM_ASC_OPTIMIZE_SIZE: - optimize = CCO_SIZE; - break; - case CSSM_ASC_OPTIMIZE_SECURITY: - optimize = CCO_SECURITY; - break; - case CSSM_ASC_OPTIMIZE_TIME: - optimize = CCO_TIME; - break; - case CSSM_ASC_OPTIMIZE_TIME_SIZE: - optimize = CCO_TIME_SIZE; - break; - case CSSM_ASC_OPTIMIZE_ASCII: - optimize = CCO_ASCII; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); - } - - /* All other context attributes ignored */ - /* init the low-level state */ - if(mCcObj == NULL) { - /* note we allow for context reuse */ - mCcObj = comcryptAlloc(); - if(mCcObj == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - } - - crtn = comcryptInit(mCcObj, keyData, keyLen, optimize); - if(crtn) { - throwComcrypt(crtn, "comcryptInit"); - } -} - -/* - * All of these functions are called by CSPFullPluginSession. - */ -void ASCContext::update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize) // in/out -{ - comcryptReturn crtn; - unsigned outLen; - unsigned char *inText = (unsigned char *)inp; - unsigned char *outText = (unsigned char *)outp; - - if(encoding()) { - outLen = outSize; - crtn = comcryptData(mCcObj, - inText, - inSize, - outText, - &outLen, - CCE_MORE_TO_COME); // not used on encrypt - if(crtn) { - throwComcrypt(crtn, "comcryptData"); - } - } - else { - /* - * Deal with 1-byte buffer hack. First decrypt the existing buffer... - */ - if(inSize == 0) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - unsigned thisOutLen; - unsigned partialOutLen = 0; - if(mDecryptBufValid) { - thisOutLen = outSize; - crtn = deComcryptData(mCcObj, - &mDecryptBuf, - 1, - outText, - &thisOutLen, - CCE_MORE_TO_COME); - mDecryptBufValid = false; - if(crtn) { - throwComcrypt(crtn, "deComcryptData (1)"); - } - partialOutLen = thisOutLen; - outText += thisOutLen; - } - - /* - * Now decrypt remaining, less one byte (which is stored in the - * buffer). - */ - thisOutLen = outSize - partialOutLen; - crtn = deComcryptData(mCcObj, - inText, - inSize - 1, - outText, - &thisOutLen, - CCE_MORE_TO_COME); - if(crtn) { - throwComcrypt(crtn, "deComcryptData (2)"); - } - outLen = partialOutLen + thisOutLen; - mDecryptBuf = inText[inSize - 1]; - mDecryptBufValid = true; - } - outSize = outLen; - aioprintf("=== ASC::update encrypt %d inSize %ld outSize %ld", - encoding() ? 1 : 0, inSize, outSize); -} - -void ASCContext::final( - CssmData &out) -{ - if(encoding()) { - out.length(0); - } - else { - /* decrypt buffer hack */ - if(!mDecryptBufValid) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - comcryptReturn crtn; - unsigned outLen = out.Length; - crtn = deComcryptData(mCcObj, - &mDecryptBuf, - 1, - (unsigned char *)out.Data, - &outLen, - CCE_END_OF_STREAM); - mDecryptBufValid = false; - if(crtn) { - throwComcrypt(crtn, "deComcryptData (3)"); - } - out.length(outLen); - } - aioprintf("=== ASC::final encrypt %d outSize %ld", - encoding() ? 1 : 0, out.Length); -} - -size_t ASCContext::inputSize( - size_t outSize) // input for given output size -{ - size_t rtn = comcryptMaxInBufSize(mCcObj, - outSize, - encoding() ? CCOP_COMCRYPT : CCOP_DECOMCRYPT); - abprintf("--- ASCContext::inputSize inSize %ld outSize %ld", - rtn, outSize); - return rtn; -} - -/* - * ComCryption's buffer size calculation really does not lend itself to the - * requirements here. For example, there is no guarantee that - * inputSize(outputSize(x)) == x. We're just going to fudge it and make - * apps (or CSPFullPluginSession) alloc plenty more than they need. - */ -#define ASC_OUTSIZE_FUDGE 1 -#define ASC_OUTSIZE_FUDGE_FACTOR 1.2 - -size_t ASCContext::outputSize( - bool final, - size_t inSize) // output for given input size -{ - unsigned effectiveInSize = inSize; - size_t rtn; - if(encoding()) { - rtn = comcryptMaxOutBufSize(mCcObj, - effectiveInSize, - CCOP_COMCRYPT, - final); - #if ASC_OUTSIZE_FUDGE - float newOutSize = rtn; - newOutSize *= ASC_OUTSIZE_FUDGE_FACTOR; - rtn = static_cast(newOutSize); - #endif /* ASC_OUTSIZE_FUDGE */ - } - else { - if(final) { - if(mDecryptBufValid) { - effectiveInSize++; - } - } - else if(inSize && !mDecryptBufValid) { - /* not final and nothing buffered yet - lop off one */ - effectiveInSize--; - } - rtn = comcryptMaxOutBufSize(mCcObj, - effectiveInSize, - CCOP_DECOMCRYPT, - final); - } - abprintf("--- ASCContext::outputSize inSize %ld outSize %ld final %d ", - inSize, rtn, final); - return rtn; -} - -void ASCContext::minimumProgress( - size_t &in, - size_t &out) // minimum progress chunks -{ - if(encoding()) { - in = 1; - out = comcryptMaxOutBufSize(mCcObj, - 1, - CCOP_COMCRYPT, - 0); - } - else { - if(mDecryptBufValid) { - /* use "everything" */ - in = 1; - } - else { - in = 0; - } - out = comcryptMaxOutBufSize(mCcObj, - in, - CCOP_DECOMCRYPT, - 0); - } - abprintf("--- ASCContext::minProgres in %ld out %ld", in, out); -} - -#endif /* ASC_CSP_ENABLE */ diff --git a/AppleCSP/ComCryption/ascContext.h b/AppleCSP/ComCryption/ascContext.h deleted file mode 100644 index c699a6c0..00000000 --- a/AppleCSP/ComCryption/ascContext.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * ascContext.h - glue between BlockCrytpor and ComCryption (a.k.a. Apple - * Secure Compression). - * Written by Doug Mitchell 4/4/2001 - */ - -#ifdef ASC_CSP_ENABLE - -#ifndef _ASC_CONTEXT_H_ -#define _ASC_CONTEXT_H_ - -#include "AppleCSPContext.h" -#include -#include - -/* symmetric encrypt/decrypt context */ -class ASCContext : public AppleCSPContext { -public: - ASCContext(AppleCSPSession &session) : - AppleCSPContext(session), - mCcObj(NULL) { } - ~ASCContext(); - - // called by CSPFullPluginSession - void init( - const Context &context, - bool encoding = true); - void update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize); // in/out - void final( - CssmData &out); - - size_t inputSize( - size_t outSize); // input for given output size - size_t outputSize( - bool final = false, - size_t inSize = 0); // output for given input size - void minimumProgress( - size_t &in, - size_t &out); // minimum progress chunks - -private: - comcryptObj mCcObj; - - /* - * For first implementation, we have to cope with the fact that the final - * decrypt call down to the comcryption engine requires *some* ciphertext. - * On decrypt, we'll just save one byte on each update in preparation for - * the final call. Hopefull we'll have time to fix deComcryptData() so this - * is unneccesary. - */ - unsigned char mDecryptBuf; - bool mDecryptBufValid; - -}; /* RC4Context */ - -#endif /*_ASC_CONTEXT_H_ */ -#endif /* ASC_CSP_ENABLE */ diff --git a/AppleCSP/ComCryption/ascFactory.h b/AppleCSP/ComCryption/ascFactory.h deleted file mode 100644 index bee8ea85..00000000 --- a/AppleCSP/ComCryption/ascFactory.h +++ /dev/null @@ -1,34 +0,0 @@ -// -// ascAlgFactory.h - algorithm factory for ASC -// Written by Doug Mitchell 4/4/2001 -// - -#ifdef ASC_CSP_ENABLE - -#ifndef _ASC_ALG_FACTORY_H_ -#define _ASC_ALG_FACTORY_H_ - -#include -#include "AppleCSP.h" - -class AppleCSPSession; - -/* Algorithm factory */ -class AscAlgFactory : public AppleCSPAlgorithmFactory { -public: - - AscAlgFactory( - CssmAllocator *normAlloc, - CssmAllocator *privAlloc); - ~AscAlgFactory() { } - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - -}; - - -#endif /*_ASC_ALG_FACTORY_H_ */ -#endif /* ASC_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/CryptKitAsn1.cpp b/AppleCSP/CryptKitCSP/CryptKitAsn1.cpp deleted file mode 100644 index ee68c645..00000000 --- a/AppleCSP/CryptKitCSP/CryptKitAsn1.cpp +++ /dev/null @@ -1,81 +0,0 @@ -/* - * CryptKitAsn1.cpp - ASN1 templates for FEE keys and signatures - */ - -#include "CryptKitAsn1.h" - -/* - * Unlike RSA, DSA, and Diffie-Hellman, the integers in these - * objects are indeed signed. - */ -#define SEC_ASN1_SIGNED (SEC_ASN1_SIGNED_INT | SEC_ASN1_INTEGER) - -/* FEECurveParametersASN1 */ -const SEC_ASN1Template FEECurveParametersASN1Template[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(FEECurveParametersASN1) }, - { SEC_ASN1_INTEGER, offsetof(FEECurveParametersASN1,primeType) }, - { SEC_ASN1_INTEGER, offsetof(FEECurveParametersASN1,curveType) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,q) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,k) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,m) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,a) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,b_) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,c) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,x1Plus) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,x1Minus) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,cOrderPlus) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,cOrderMinus) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,x1OrderPlus) }, - { SEC_ASN1_SIGNED, offsetof(FEECurveParametersASN1,x1OrderMinus) }, - { SEC_ASN1_SIGNED | SEC_ASN1_OPTIONAL, - offsetof(FEECurveParametersASN1,basePrime) }, - { 0, } -}; - -/* FEEElGamalSignatureASN1 */ -const SEC_ASN1Template FEEElGamalSignatureASN1Template[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(FEEElGamalSignatureASN1) }, - { SEC_ASN1_SIGNED, offsetof(FEEElGamalSignatureASN1,u) }, - { SEC_ASN1_SIGNED, offsetof(FEEElGamalSignatureASN1,pmX) }, - { 0, } -}; - -/* FEEECDSASignatureASN1 */ -const SEC_ASN1Template FEEECDSASignatureASN1Template[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(FEEECDSASignatureASN1) }, - { SEC_ASN1_SIGNED, offsetof(FEEECDSASignatureASN1,c) }, - { SEC_ASN1_SIGNED, offsetof(FEEECDSASignatureASN1,d) }, - { 0, } -}; - -/* FEEPublicKeyASN1 */ -const SEC_ASN1Template FEEPublicKeyASN1Template[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(FEEPublicKeyASN1) }, - { SEC_ASN1_SIGNED, offsetof(FEEPublicKeyASN1,version) }, - { SEC_ASN1_INLINE, - offsetof(FEEPublicKeyASN1,curveParams), - FEECurveParametersASN1Template }, - { SEC_ASN1_SIGNED, offsetof(FEEPublicKeyASN1,plusX) }, - { SEC_ASN1_SIGNED, offsetof(FEEPublicKeyASN1,minusX) }, - { SEC_ASN1_SIGNED | SEC_ASN1_OPTIONAL, - offsetof(FEEPublicKeyASN1,plusY) }, - { 0, } -}; - -/* FEEPrivateKeyASN1 */ -const SEC_ASN1Template FEEPrivateKeyASN1Template[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(FEEPrivateKeyASN1) }, - { SEC_ASN1_SIGNED, offsetof(FEEPrivateKeyASN1,version) }, - { SEC_ASN1_INLINE, - offsetof(FEEPrivateKeyASN1,curveParams), - FEECurveParametersASN1Template }, - { SEC_ASN1_SIGNED, offsetof(FEEPrivateKeyASN1,privData) }, - { 0, } -}; - - diff --git a/AppleCSP/CryptKitCSP/CryptKitAsn1.h b/AppleCSP/CryptKitCSP/CryptKitAsn1.h deleted file mode 100644 index 9283a730..00000000 --- a/AppleCSP/CryptKitCSP/CryptKitAsn1.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * CryptKitAsn1.h - ASN1 templates for FEE objects - */ - -#ifndef _CRYPT_KIT_ASN1_H_ -#define _CRYPT_KIT_ASN1_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - -- FEE Curve parameters (defined in ) - FEEPrimeType ::= INTEGER { FPT_Mersenne(0), FPT_FEE(1), FPT_General(2) } - FEECurveType ::= INTEGER { FCT_Montgomery(0), FCT_Weierstrass(1), - FCT_General(2) } - */ - -/* - FEECurveParameters ::= SEQUENCE - { - primeType FEEPrimeType, - curveType FEECurveType, - q INTEGER, -- unsigned - k INTEGER, -- signed - m INTEGER, - a BigIntegerStr, - bb BigIntegerStr, -- can't use variable/field b - c BigIntegerStr, - x1Plus BigIntegerStr, - x1Minus BigIntegerStr, - cOrderPlus BigIntegerStr, - cOrderMinus BigIntegerStr, - x1OrderPlus BigIntegerStr, - x1OrderMinus BigIntegerStr, - basePrime BigIntegerStr OPTIONAL - -- iff FEEPrimeType == CT_GENERAL -} -*/ -typedef struct { - CSSM_DATA primeType; - CSSM_DATA curveType; - CSSM_DATA q; - CSSM_DATA k; - CSSM_DATA m; - CSSM_DATA a; - CSSM_DATA b_; // can't use variable/field b - CSSM_DATA c; - CSSM_DATA x1Plus; - CSSM_DATA x1Minus; - CSSM_DATA cOrderPlus; - CSSM_DATA cOrderMinus; - CSSM_DATA x1OrderPlus; - CSSM_DATA x1OrderMinus; - CSSM_DATA basePrime; // OPTIONAL -} FEECurveParametersASN1; - -extern const SEC_ASN1Template FEECurveParametersASN1Template[]; - -/* - -- FEE ElGamal-style signature - FEEElGamalSignature ::= SEQUENCE { - u BigIntegerStr, - pmX BigIntegerStr - } -*/ -typedef struct { - CSSM_DATA u; - CSSM_DATA pmX; -} FEEElGamalSignatureASN1; - -extern const SEC_ASN1Template FEEElGamalSignatureASN1Template[]; - -/* - -- FEE ECDSA-style signature - FEEECDSASignature ::= SEQUENCE { - c BigIntegerStr, - d BigIntegerStr - } -*/ -typedef struct { - CSSM_DATA c; - CSSM_DATA d; -} FEEECDSASignatureASN1; - -extern const SEC_ASN1Template FEEECDSASignatureASN1Template[]; - -/* - FEEPublicKey ::= SEQUENCE - { - version INTEGER, - curveParams FEECurveParameters, - plusX BigIntegerStr, - minusX BigIntegerStr, - plusY BigIntegerStr OPTIONAL - -- iff FEECurveType == ct-weierstrass -} -*/ -typedef struct { - CSSM_DATA version; - FEECurveParametersASN1 curveParams; - CSSM_DATA plusX; - CSSM_DATA minusX; - CSSM_DATA plusY; // OPTIONAL -} FEEPublicKeyASN1; - -extern const SEC_ASN1Template FEEPublicKeyASN1Template[]; - -/* - FEEPrivateKey ::= SEQUENCE - { - version INTEGER, - curveParams FEECurveParameters, - privData BigIntegerStr - } -*/ -typedef struct { - CSSM_DATA version; - FEECurveParametersASN1 curveParams; - CSSM_DATA privData; -} FEEPrivateKeyASN1; - -extern const SEC_ASN1Template FEEPrivateKeyASN1Template[]; - -#ifdef __cplusplus -} -#endif - - -#endif /* _CRYPT_KIT_ASN1_H_ */ diff --git a/AppleCSP/CryptKitCSP/CryptKitDER.cpp b/AppleCSP/CryptKitCSP/CryptKitDER.cpp deleted file mode 100644 index a86f0882..00000000 --- a/AppleCSP/CryptKitCSP/CryptKitDER.cpp +++ /dev/null @@ -1,745 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CryptKitDER.h - snacc-based routines to create and parse DER-encoded FEE - * keys and signatures - * - * Created 3/12/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#include -#include -#include -#include -#include "CryptKitAsn1.h" -#include - - -#define PRINT_SIG_GIANTS 0 -#define PRINT_CURVE_PARAMS 0 -#define PRINT_SIZES 0 -#if PRINT_SIZES -#define szprint(s) printf s -#else -#define szprint(s) -#endif - -/* - * Trivial exception class associated with a feeReturn. - */ -class feeException -{ -protected: - feeException(feeReturn frtn, const char *op); -public: - ~feeException() throw() {} - feeReturn frtn() const throw() { return mFrtn; } - static void throwMe(feeReturn frtn, const char *op = NULL) __attribute__((noreturn)); -private: - feeReturn mFrtn; -}; - -feeException::feeException( - feeReturn frtn, - const char *op) - : mFrtn(frtn) -{ - if(op) { - dbgLog(("%s: %s\n", op, feeReturnString(frtn))); - } -} - -void feeException::throwMe(feeReturn frtn, const char *op /*= NULL*/) { throw feeException(frtn, op); } - -/* - * ASN1 encoding rules specify that an integer's sign is indicated by the MSB - * of the first (MS) content byte. For a non-negative number, if the MSB of - * the MS byte (of the unencoded number) is one, then the encoding starts with - * a byte of zeroes to indicate positive sign. For a negative number, the first - * nine bits can not be all 1 - if they are (in the undecoded number), leading - * bytes of 0xff are trimmed off until the first nine bits are something other - * than one. Also, the first nine bits of the encoded number can not all be - * zero. - * - * CryptKit giants express their sign as part of the giantstruct.sign field. - * The giantDigit array (giantstruct.n[]) is stored l.s. digit first. - * - * These routines are independent of platform, endianness, and giatn digit size. - */ - -/* routines to guess maximum size of DER-encoded objects */ -static unsigned feeSizeOfSnaccGiant( - giant g) -{ - unsigned rtn = abs(g->sign) * GIANT_BYTES_PER_DIGIT; - szprint(("feeSizeOfSnaccGiant: sign %d size %d\n", g->sign, rtn + 4)); - return rtn + 4; -} - -/* PUBLIC... */ -unsigned feeSizeOfDERSig( - giant g1, - giant g2) -{ - unsigned rtn = feeSizeOfSnaccGiant(g1); - rtn += feeSizeOfSnaccGiant(g2); - szprint(("feeSizeOfDERSig: size %d\n", rtn + 4)); - return rtn + 4; -} - -/* perform 2's complement of byte array, expressed MS byte first */ -static void twosComplement( - unsigned char *bytePtr, // points to MS byte - unsigned numBytes) -{ - unsigned char *outp = bytePtr + numBytes - 1; - unsigned char carry = 1; // first time thru, carry = 1 to add one to 1's comp - for(unsigned byteDex=0; byteDex unsigned int - */ -static unsigned cssmDataToInt( - const CSSM_DATA &cdata) -{ - if((cdata.Length == 0) || (cdata.Data == NULL)) { - return 0; - } - unsigned len = (unsigned)cdata.Length; - if(len > sizeof(int)) { - feeException::throwMe(FR_BadKeyBlob, "cssmDataToInt"); - } - - unsigned rtn = 0; - uint8 *cp = cdata.Data; - for(unsigned i=0; i CSSM_DATA, mallocing from an SecNssCoder - */ -static void intToCssmData( - unsigned num, - CSSM_DATA &cdata, - SecNssCoder &coder) -{ - unsigned len = 0; - - if(num < 0x100) { - len = 1; - } - else if(num < 0x10000) { - len = 2; - } - else if(num < 0x1000000) { - len = 3; - } - else { - len = 4; - } - cdata.Data = (uint8 *)coder.malloc(len); - cdata.Length = len; - uint8 *cp = &cdata.Data[len - 1]; - for(unsigned i=0; i>= 8; - } -} - -/* - * Convert a decoded ASN integer, as a CSSM_DATA, to a (mallocd) giant. - * Only known exception is a feeException. - */ -static giant cssmDataToGiant( - const CSSM_DATA &cdata) -{ - char *rawOcts = (char *)cdata.Data; - unsigned numBytes = cdata.Length; - unsigned numGiantDigits; - int sign = 1; - giant grtn; - feeReturn frtn = FR_Success; - unsigned char *inp = NULL; - unsigned digitDex; // index into g->giantDigit[] - - /* handle degenerate case (value of zero) */ - if((numBytes == 0) || ((numBytes == 1) && rawOcts[0] == 0)) { - grtn = newGiant(1); - if(grtn == NULL) { - feeException::throwMe(FR_Memory, "newGiant(1)"); - } - int_to_giant(0, grtn); - return grtn; - } - - /* make a copy of raw octets if we have to do two's complement */ - unsigned char *byteArray = NULL; - bool didMalloc = false; - if(rawOcts[0] & 0x80) { - sign = -1; - numBytes++; - byteArray = (unsigned char *)fmalloc(numBytes); - didMalloc = true; - byteArray[0] = 0xff; - memmove(byteArray + 1, rawOcts, numBytes-1); - twosComplement(byteArray, numBytes); - } - else { - /* no copy */ - char *foo = rawOcts; - byteArray = (unsigned char *)foo; - } - - /* cook up a new giant */ - numGiantDigits = (numBytes + GIANT_BYTES_PER_DIGIT - 1) / - GIANT_BYTES_PER_DIGIT; - grtn = newGiant(numGiantDigits); - if(grtn == NULL) { - frtn = FR_Memory; - goto abort; - } - - /* - * Convert byteArray to array of giantDigits - * inp - raw input bytes, LSB last - * grtn->n[] - output array of giantDigits, LSD first - * Start at LS byte and LD digit - */ - digitDex = 0; // index into g->giantDigit[] - giantDigit thisDigit; - inp = byteArray + numBytes - 1; - unsigned dex; // total byte counter - unsigned byteDex; // index into one giantDigit - unsigned shiftCount; - for(dex=0; dexn[digitDex++] = thisDigit; - } - grtn->sign = (int)numGiantDigits * sign; - - /* trim leading (MS) zeroes */ - gtrimSign(grtn); -abort: - if(didMalloc) { - ffree(byteArray); - } - if(frtn) { - feeException::throwMe(frtn, "bigIntStrToGiant"); - } - return grtn; -} - -/* - * Convert a giant to an CSSM_DATA, mallocing using specified coder. - * Only known exception is a feeException. - */ - static void giantToCssmData( - giant g, - CSSM_DATA &cdata, - SecNssCoder &coder) -{ - unsigned char doPrepend = 0; - unsigned numGiantDigits = abs(g->sign); - unsigned numBytes = numGiantDigits * GIANT_BYTES_PER_DIGIT; - giantDigit msGiantBit = 0; - if(isZero(g)) { - /* special degenerate case */ - intToCssmData(0, cdata, coder); - return; - } - else { - msGiantBit = g->n[numGiantDigits - 1] >> (GIANT_BITS_PER_DIGIT - 1); - } - - /* prepend a byte of zero if necessary */ - if((g->sign < 0) || // negative - to handle 2's complement - ((g->sign > 0) && msGiantBit)) { // ensure MS byte is zero - doPrepend = 1; - numBytes++; - } - - unsigned char *rawBytes = (unsigned char *)fmalloc(numBytes); - if(rawBytes == NULL) { - feeException::throwMe(FR_Memory, "giantToBigIntStr fmalloc(rawBytes)"); - } - unsigned char *outp = rawBytes; - if(doPrepend) { - *outp++ = 0; - } - - /* - * Convert array of giantDigits to bytes. - * outp point to MS output byte. - */ - int digitDex; // index into g->giantDigit[] - unsigned byteDex; // byte index into a giantDigit - for(digitDex=numGiantDigits-1; digitDex>=0; digitDex--) { - /* one loop per giantDigit, starting at MS end */ - giantDigit thisDigit = g->n[digitDex]; - unsigned char *bp = outp + GIANT_BYTES_PER_DIGIT - 1; - for(byteDex=0; byteDex>= 8; - } - outp += GIANT_BYTES_PER_DIGIT; - } - - /* do two's complement for negative giants */ - if(g->sign < 0) { - twosComplement(rawBytes, numBytes); - } - - /* strip off redundant leading bits (nine zeroes or nine ones) */ - outp = rawBytes; - unsigned char *endp = outp + numBytes - 1; - while((*outp == 0) && // m.s. byte zero - (outp < endp) && // more bytes exist - (!(outp[1] & 0x80))) { // 9th bit is 0 - outp++; - numBytes--; - } - while((*outp == 0xff) && // m.s. byte all ones - (outp < endp) && // more bytes exist - (outp[1] & 0x80)) { // 9th bit is 1 - outp++; - numBytes--; - } - cdata.Data = (uint8 *)coder.malloc(numBytes); - memmove(cdata.Data, outp, numBytes); - cdata.Length = numBytes; - ffree(rawBytes); - return; -} - -/* curveParams : CryptKit <--> FEECurveParametersASN1 */ -/* Only known exception is a feeException */ -static void feeCurveParamsToASN1( - const curveParams *cp, - FEECurveParametersASN1 &asnCp, - SecNssCoder &coder) -{ - #if PRINT_CURVE_PARAMS - printf("===encoding curveParams; cp:\n"); printCurveParams(cp); - #endif - memset(&asnCp, 0, sizeof(asnCp)); - try { - intToCssmData(cp->primeType, asnCp.primeType, coder); - intToCssmData(cp->curveType, asnCp.curveType, coder); - intToCssmData(cp->q, asnCp.q, coder); - intToCssmData(cp->k, asnCp.k, coder); - intToCssmData(cp->m, asnCp.m, coder); - giantToCssmData(cp->a, asnCp.a, coder); - giantToCssmData(cp->b, asnCp.b_, coder); - giantToCssmData(cp->c, asnCp.c, coder); - giantToCssmData(cp->x1Plus, asnCp.x1Plus, coder); - giantToCssmData(cp->x1Minus, asnCp.x1Minus, coder); - giantToCssmData(cp->cOrderPlus, asnCp.cOrderPlus, coder); - giantToCssmData(cp->cOrderMinus, asnCp.cOrderMinus, coder); - giantToCssmData(cp->x1OrderPlus, asnCp.x1OrderPlus, coder); - giantToCssmData(cp->x1OrderMinus, asnCp.x1OrderMinus, coder); - if(cp->primeType == FPT_General) { - giantToCssmData(cp->basePrime, asnCp.basePrime, coder); - } - } - catch(const feeException &ferr) { - throw; - } - catch(...) { - feeException::throwMe(FR_Memory, "feeCurveParamsToSnacc catchall"); // ??? - } -} - -static curveParams *feeCurveParamsFromAsn1( - const FEECurveParametersASN1 &asnCp) -{ - curveParams *cp = newCurveParams(); - if(cp == NULL) { - feeException::throwMe(FR_Memory, "feeCurveParamsFromSnacc alloc cp"); - } - cp->primeType = (feePrimeType)cssmDataToInt(asnCp.primeType); - cp->curveType = (feeCurveType)cssmDataToInt(asnCp.curveType); - cp->q = cssmDataToInt(asnCp.q); - cp->k = cssmDataToInt(asnCp.k); - cp->m = cssmDataToInt(asnCp.m); - cp->a = cssmDataToGiant(asnCp.a); - cp->b = cssmDataToGiant(asnCp.b_); - cp->c = cssmDataToGiant(asnCp.c); - cp->x1Plus = cssmDataToGiant(asnCp.x1Plus); - cp->x1Minus = cssmDataToGiant(asnCp.x1Minus); - cp->cOrderPlus = cssmDataToGiant(asnCp.cOrderPlus); - cp->cOrderMinus = cssmDataToGiant(asnCp.cOrderMinus); - cp->x1OrderPlus = cssmDataToGiant(asnCp.x1OrderPlus); - cp->x1OrderMinus = cssmDataToGiant(asnCp.x1OrderMinus); - if(asnCp.basePrime.Data != NULL) { - cp->basePrime = cssmDataToGiant(asnCp.basePrime); - } - - /* remaining fields inferred */ - curveParamsInferFields(cp); - allocRecipGiants(cp); - #if PRINT_CURVE_PARAMS - printf("===decoding curveParams; cp:\n"); printCurveParams(cp); - #endif - return cp; -} - -/*** - *** Public routines. These are usable from C code; they never throw. - ***/ - -/* - * Encode/decode the two FEE signature types. We malloc returned data via - * fmalloc(); caller must free via ffree(). - */ -feeReturn feeDEREncodeElGamalSignature( - giant u, - giant PmX, - unsigned char **encodedSig, // fmallocd and RETURNED - unsigned *encodedSigLen) // RETURNED -{ - /* convert to FEEElGamalSignatureASN1 */ - FEEElGamalSignatureASN1 asnSig; - SecNssCoder coder; - - try { - giantToCssmData(u, asnSig.u, coder); - giantToCssmData(PmX, asnSig.pmX, coder); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - - /* DER encode */ - PRErrorCode perr; - CSSM_DATA encBlob; // mallocd by coder - perr = coder.encodeItem(&asnSig, FEEElGamalSignatureASN1Template, encBlob); - if(perr) { - return FR_Memory; - } - - /* copy out to caller */ - *encodedSig = (unsigned char *)fmalloc(encBlob.Length); - *encodedSigLen = encBlob.Length; - memmove(*encodedSig, encBlob.Data, encBlob.Length); - - #if PRINT_SIG_GIANTS - printf("feeEncodeElGamalSignature:\n"); - printf(" u : "); printGiantHex(u); - printf(" PmX : "); printGiantHex(PmX); - #endif - - return FR_Success; -} - -feeReturn feeDEREncodeECDSASignature( - giant c, - giant d, - unsigned char **encodedSig, // fmallocd and RETURNED - unsigned *encodedSigLen) // RETURNED -{ - /* convert to FEEECDSASignatureASN1 */ - FEEECDSASignatureASN1 asnSig; - SecNssCoder coder; - - try { - giantToCssmData(c, asnSig.c, coder); - giantToCssmData(d, asnSig.d, coder); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - - /* DER encode */ - PRErrorCode perr; - CSSM_DATA encBlob; // mallocd by coder - perr = coder.encodeItem(&asnSig, FEEECDSASignatureASN1Template, encBlob); - if(perr) { - return FR_Memory; - } - - /* copy out to caller */ - *encodedSig = (unsigned char *)fmalloc(encBlob.Length); - *encodedSigLen = encBlob.Length; - memmove(*encodedSig, encBlob.Data, encBlob.Length); - - #if PRINT_SIG_GIANTS - printf("feeEncodeECDSASignature:\n"); - printf(" c : "); printGiantHex(*c); - printf(" d : "); printGiantHex(*d); - #endif - return FR_Success; - -} - -feeReturn feeDERDecodeElGamalSignature( - const unsigned char *encodedSig, - unsigned encodedSigLen, - giant *u, // newGiant'd and RETURNED - giant *PmX) // newGiant'd and RETURNED -{ - FEEElGamalSignatureASN1 asnSig; - SecNssCoder coder; - - memset(&asnSig, 0, sizeof(asnSig)); - PRErrorCode perr = coder.decode(encodedSig, encodedSigLen, - FEEElGamalSignatureASN1Template, &asnSig); - if(perr) { - return FR_BadSignatureFormat; - } - - try { - *u = cssmDataToGiant(asnSig.u); - *PmX = cssmDataToGiant(asnSig.pmX); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return FR_Memory; - } - #if PRINT_SIG_GIANTS - printf("feeDecodeElGamalSignature:\n"); - printf(" u : "); printGiantHex(*u); - printf(" PmX : "); printGiantHex(*PmX); - #endif - return FR_Success; -} - -feeReturn feeDERDecodeECDSASignature( - const unsigned char *encodedSig, - unsigned encodedSigLen, - giant *c, // newGiant'd and RETURNED - giant *d) // newGiant'd and RETURNED -{ - FEEECDSASignatureASN1 asnSig; - SecNssCoder coder; - - memset(&asnSig, 0, sizeof(asnSig)); - PRErrorCode perr = coder.decode(encodedSig, encodedSigLen, - FEEECDSASignatureASN1Template, &asnSig); - if(perr) { - return FR_BadSignatureFormat; - } - - try { - *c = cssmDataToGiant(asnSig.c); - *d = cssmDataToGiant(asnSig.d); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return FR_Memory; - } - #if PRINT_SIG_GIANTS - printf("feeDERDecodeECDSASignature:\n"); - printf(" u : "); printGiantHex(*u); - printf(" PmX : "); printGiantHex(*PmX); - #endif - return FR_Success; -} - -/* - * Encode/decode the FEE private and public keys. We malloc returned data via - * falloc(); caller must free via ffree(). Public C functions which never throw. - */ -feeReturn feeDEREncodePublicKey( - int version, - const curveParams *cp, - giant plusX, - giant minusX, - giant plusY, // may be NULL - unsigned char **keyBlob, // fmallocd and RETURNED - unsigned *keyBlobLen) // RETURNED -{ - FEEPublicKeyASN1 asnKey; - SecNssCoder coder; - - memset(&asnKey, 0, sizeof(asnKey)); - intToCssmData(version, asnKey.version, coder); - - try { - feeCurveParamsToASN1(cp, asnKey.curveParams, coder); - giantToCssmData(plusX, asnKey.plusX, coder); - giantToCssmData(minusX, asnKey.minusX, coder); - if(plusY != NULL) { - giantToCssmData(plusY, asnKey.plusY, coder); - } - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - - /* DER encode */ - PRErrorCode perr; - CSSM_DATA encBlob; // mallocd by coder - perr = coder.encodeItem(&asnKey, FEEPublicKeyASN1Template, encBlob); - if(perr) { - return FR_Memory; - } - - /* copy out */ - *keyBlob = (unsigned char *)fmalloc(encBlob.Length); - *keyBlobLen = encBlob.Length; - memmove(*keyBlob, encBlob.Data, encBlob.Length); - return FR_Success; -} - -feeReturn feeDEREncodePrivateKey( - int version, - const curveParams *cp, - const giant privData, - unsigned char **keyBlob, // fmallocd and RETURNED - unsigned *keyBlobLen) // RETURNED -{ - FEEPrivateKeyASN1 asnKey; - SecNssCoder coder; - - memset(&asnKey, 0, sizeof(asnKey)); - intToCssmData(version, asnKey.version, coder); - - try { - feeCurveParamsToASN1(cp, asnKey.curveParams, coder); - giantToCssmData(privData, asnKey.privData, coder); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - - /* DER encode */ - PRErrorCode perr; - CSSM_DATA encBlob; // mallocd by coder - perr = coder.encodeItem(&asnKey, FEEPrivateKeyASN1Template, encBlob); - if(perr) { - return FR_Memory; - } - - /* copy out */ - *keyBlob = (unsigned char *)fmalloc(encBlob.Length); - *keyBlobLen = encBlob.Length; - memmove(*keyBlob, encBlob.Data, encBlob.Length); - return FR_Success; -} - -feeReturn feeDERDecodePublicKey( - const unsigned char *keyBlob, - unsigned keyBlobLen, - int *version, // this and remainder RETURNED - curveParams **cp, - giant *plusX, - giant *minusX, - giant *plusY) // may be NULL -{ - FEEPublicKeyASN1 asnKey; - SecNssCoder coder; - - memset(&asnKey, 0, sizeof(asnKey)); - PRErrorCode perr = coder.decode(keyBlob, keyBlobLen, - FEEPublicKeyASN1Template, &asnKey); - if(perr) { - return FR_BadKeyBlob; - } - - try { - *version = cssmDataToInt(asnKey.version); - *cp = feeCurveParamsFromAsn1(asnKey.curveParams); - *plusX = cssmDataToGiant(asnKey.plusX); - *minusX = cssmDataToGiant(asnKey.minusX); - if(asnKey.plusY.Data != NULL) { - /* optional */ - *plusY = cssmDataToGiant(asnKey.plusY); - } - else { - *plusY = newGiant(1); - int_to_giant(0, *plusY); - } - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return FR_Memory; - } - return FR_Success; -} - -feeReturn feeDERDecodePrivateKey( - const unsigned char *keyBlob, - unsigned keyBlobLen, - int *version, // this and remainder RETURNED - curveParams **cp, - giant *privData) // RETURNED -{ - FEEPrivateKeyASN1 asnKey; - SecNssCoder coder; - - memset(&asnKey, 0, sizeof(asnKey)); - PRErrorCode perr = coder.decode(keyBlob, keyBlobLen, - FEEPrivateKeyASN1Template, &asnKey); - if(perr) { - return FR_BadKeyBlob; - } - - try { - *version = cssmDataToInt(asnKey.version); - *cp = feeCurveParamsFromAsn1(asnKey.curveParams); - *privData = cssmDataToGiant(asnKey.privData); - } - catch(const feeException &ferr) { - return ferr.frtn(); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return FR_Memory; - } - return FR_Success; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/CryptKitSpace.h b/AppleCSP/CryptKitCSP/CryptKitSpace.h deleted file mode 100755 index ac546d7c..00000000 --- a/AppleCSP/CryptKitCSP/CryptKitSpace.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CryptKitSpace.h - bare-bones declaration of CryptKit namespace. - * - * Created by dmitch on Wed Feb 21 2001. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _CRYPT_KIT_SPACE_H_ -#define _CRYPT_KIT_SPACE_H_ - -/* first make sure it exists */ -namespace CryptKit { } - -/* then make4 it easy to use */ -using namespace CryptKit; - -#endif /* _CRYPT_KIT_SPACE_H_ */ -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEEAsymmetricContext.cpp b/AppleCSP/CryptKitCSP/FEEAsymmetricContext.cpp deleted file mode 100644 index 2876e8d4..00000000 --- a/AppleCSP/CryptKitCSP/FEEAsymmetricContext.cpp +++ /dev/null @@ -1,439 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEEAsymmetricContext.cpp - CSPContexts for FEE asymmetric encryption - * - * Created March 8 2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#include "FEEAsymmetricContext.h" -#include "FEECSPUtils.h" -#include - -/* validate context for FEED and FEEDExp - no unexpected attributes allowed */ -static void validateFeedContext( - const Context &context) -{ - /* Note we cannot distinguish between zero and "not there" */ - uint32 blockSize = context.getInt(CSSM_ATTRIBUTE_BLOCK_SIZE); - if(blockSize != 0) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_BLOCK_SIZE); - } - CSSM_ENCRYPT_MODE cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE); - if(cssmMode != 0) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - #if 0 - /* we allow this for CMS wrapping */ - CssmData *iv = context.get(CSSM_ATTRIBUTE_INIT_VECTOR); - if(iv != NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR); - } - #endif - CSSM_PADDING padding = context.getInt(CSSM_ATTRIBUTE_PADDING); - if(padding != 0) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } -} - -/*** - *** FEED - 1:1 FEED - encrypt n bytes of plaintext, get (roughly) n bytes - *** of ciphertext. Ciphertext is smaller than with FEED, but this is slower. - ***/ -CryptKit::FEEDContext::~FEEDContext() -{ - if(mFeeFeed) { - feeFEEDFree(mFeeFeed); - mFeeFeed = NULL; - } - if(mPrivKey && mAllocdPrivKey) { - feePubKeyFree(mPrivKey); - } - if(mPubKey && mAllocdPubKey) { - feePubKeyFree(mPubKey); - } - mPrivKey = NULL; - mPubKey = NULL; - mInitFlag = false; -} - -// called by CSPFullPluginSession; reusable -void CryptKit::FEEDContext::init( - const Context &context, - bool encoding) -{ - if(mInitFlag && !opStarted()) { - /* reusing - e.g. query followed by encrypt */ - return; - } - - /* - * Fetch FEE keys from context. This is an unusual algorithm - it requires - * two keys, one public and one private. The public key MUST be stored in - * the context with attribute type CSSM_ATTRIBUTE_PUBLIC_KEY, and the private - * key with CSSM_ATTRIBUTE_KEY. - * - * For now, we require CSSM_KEYUSE_ANY for FEE keys used for this algorithm. - * Otherwise we'd have to allow both KEYUSE_ENCRYPT and KEYUSE_DECRYPT for - * both keys, and that would require some algorithm-specific hack in - * cspValidateKeyUsageBits() which I really don't want to do. - */ - if(mPrivKey == NULL) { - assert(!opStarted()); - mPrivKey = contextToFeeKey(context, - session(), - CSSM_ATTRIBUTE_KEY, - CSSM_KEYCLASS_PRIVATE_KEY, - CSSM_KEYUSE_ANY, - mAllocdPrivKey); - } - else { - assert(opStarted()); - } - if(mPubKey == NULL) { - assert(!opStarted()); - mPubKey = contextToFeeKey(context, - session(), - CSSM_ATTRIBUTE_PUBLIC_KEY, - CSSM_KEYCLASS_PUBLIC_KEY, - CSSM_KEYUSE_ANY, - mAllocdPubKey); - } - else { - assert(opStarted()); - } - - /* validate context - no other attributes allowed */ - validateFeedContext(context); - - if(mFeeFeed != NULL) { - /* not reusable */ - assert(opStarted()); - feeFEEDFree(mFeeFeed); - mFeeFeed = NULL; - } - - /* OK, looks good. Cook up a feeFEED object. */ - mFeeFeed = feeFEEDNewWithPubKey(mPrivKey, - mPubKey, - encoding ? 1 : 0, - feeRandCallback, - &session()); - if(mFeeFeed == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* finally, have BlockCryptor set up its stuff. */ - unsigned plainBlockSize = feeFEEDPlainBlockSize(mFeeFeed); - unsigned cipherBlockSize = feeFEEDCipherBlockSize(mFeeFeed); - setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn - encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut - false, // pkcsPad - true, // needsFinal - BCM_ECB, - NULL); // IV - mInitFlag = true; -} - -// called by BlockCryptor -void CryptKit::FEEDContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) -{ - feeReturn frtn; - unsigned actMoved; - - assert(mFeeFeed != NULL); - frtn = feeFEEDEncryptBlock(mFeeFeed, - (unsigned char *)plainText, - plainTextLen, - (unsigned char *)cipherText, - &actMoved, - final ? 1 : 0); - if(frtn) { - throwCryptKit(frtn, "feeFEEDEncryptBlock"); - } - if(actMoved > cipherTextLen) { - /* Overflow already occurred! */ - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - cipherTextLen = actMoved; -} - -void CryptKit::FEEDContext::decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) -{ - feeReturn frtn; - unsigned actMoved; - - assert(mFeeFeed != NULL); - frtn = feeFEEDDecryptBlock(mFeeFeed, - (unsigned char *)cipherText, - inBlockSize(), - (unsigned char *)plainText, - &actMoved, - final ? 1 : 0); - if(frtn) { - throwCryptKit(frtn, "feeFEEDDecryptBlock"); - } - if(actMoved > plainTextLen) { - /* Overflow already occurred! */ - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - plainTextLen = actMoved; -} - -/* - * Additional query size support, necessary because we don't conform to - * BlockCryptor's standard one-to-one block scheme - */ - -#define BUFFER_DEBUG 0 -#if BUFFER_DEBUG -#define bprintf(s) printf s -#else -#define bprintf(s) -#endif - -size_t CryptKit::FEEDContext::inputSize( - size_t outSize) // input for given output size -{ - /* - * We've been assured that this is NOT called for the final() op... - */ - unsigned inSize; - if(encoding()) { - inSize = feeFEEDPlainTextSize(mFeeFeed, outSize, 0); - } - else { - inSize = feeFEEDCipherTextSize(mFeeFeed, outSize, 0); - } - - /* account for possible pending buffered input */ - if(inSize >= inBufSize()) { - inSize -= inBufSize(); - } - - /* round up to next block size, then lop off one...anything from - * blockSize*n to (blockSize*n)-1 has same effect */ - unsigned inBlocks = ((inSize + inBlockSize()) / inBlockSize()); - inSize = (inBlocks * inBlockSize()) - 1; - bprintf(("--- FEEDContext::inputSize inSize 0x%x outSize 0x%x\n", - inSize, outSize)); - return inSize; -} - -size_t CryptKit::FEEDContext::outputSize( - bool final, - size_t inSize) // output for given input size -{ - size_t rtn; - if(encoding()) { - rtn = feeFEEDCipherTextSize(mFeeFeed, inSize + inBufSize(), final ? 1 : 0); - } - else { - rtn = feeFEEDPlainTextSize(mFeeFeed, inSize + inBufSize(), final ? 1 : 0); - } - bprintf(("--- FEEDContext::outputSize inSize 0x%x outSize 0x%x final %d\n", - inSize, rtn, final)); - return rtn; -} - -void CryptKit::FEEDContext::minimumProgress( - size_t &in, - size_t &out) // minimum progress chunks -{ - if(encoding()) { - /* - * -- in := one block plaintext - * -- out := current cipher size for one block plaintext - */ - in = inBlockSize(); - out = feeFEEDCipherBufSize(mFeeFeed, 0); - } - else { - /* - * -- in := current cipher size for one block plaintext - * -- out := one block plaintext - */ - in = feeFEEDCipherBufSize(mFeeFeed, 0); - out = outBlockSize(); - } - - /* - * Either case - input adjusted for pending. Note inBufSize can be up to one - * input block size, leaving the temp result zero here.... - */ - assert(in >= inBufSize()); - in -= inBufSize(); - - /* if it is zero, bump it up so caller can make something happen */ - if(in == 0) { - in++; - } - bprintf(("--- FEEDContext::minProgres inSize 0x%x outSize 0x%x\n", - in, out)); -} - -/*** - *** FEEDExp - 2:1 FEED - encrypt n bytes of plaintext, get (roughly) 2n bytes - *** of ciphertext. Ciphertext is larger than with FEED, but this is faster. - ***/ -CryptKit::FEEDExpContext::~FEEDExpContext() -{ - if(mFeeFeedExp) { - feeFEEDExpFree(mFeeFeedExp); - mFeeFeedExp = NULL; - } - if(mFeeKey && mAllocdFeeKey) { - feePubKeyFree(mFeeKey); - } - mFeeKey = NULL; - mInitFlag = false; -} - -// called by CSPFullPluginSession; reusable -void CryptKit::FEEDExpContext::init( - const Context &context, - bool encoding) -{ - if(mInitFlag && !opStarted()) { - /* reusing - e.g. query followed by encrypt */ - return; - } - - /* fetch FEE key from context */ - CSSM_KEYCLASS keyClass; - CSSM_KEYUSE keyUse; - - if(encoding) { - /* encrypting to public key */ - keyClass = CSSM_KEYCLASS_PUBLIC_KEY; - keyUse = CSSM_KEYUSE_ENCRYPT; - } - else { - /* decrypting with private key */ - keyClass = CSSM_KEYCLASS_PRIVATE_KEY; - keyUse = CSSM_KEYUSE_DECRYPT; - } - if(mFeeKey == NULL) { - assert(!opStarted()); - mFeeKey = contextToFeeKey(context, - session(), - CSSM_ATTRIBUTE_KEY, - keyClass, - keyUse, - mAllocdFeeKey); - } - else { - assert(opStarted()); - } - - /* validate context - no other attributes allowed */ - validateFeedContext(context); - - /* OK, looks good. Cook up a feeFEEDExp object. */ - if(mFeeFeedExp != NULL) { - /* not reusable */ - assert(opStarted()); - feeFEEDExpFree(mFeeFeedExp); - mFeeFeedExp = NULL; - } - mFeeFeedExp = feeFEEDExpNewWithPubKey(mFeeKey, - feeRandCallback, - &session()); - if(mFeeFeedExp == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* finally, have BlockCryptor set up its stuff. */ - unsigned plainBlockSize = feeFEEDExpPlainBlockSize(mFeeFeedExp); - unsigned cipherBlockSize = feeFEEDExpCipherBlockSize(mFeeFeedExp); - setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn - encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut - false, // pkcs5Pad - true, // needsFinal - BCM_ECB, - NULL); // IV - mInitFlag = true; -} - -// called by BlockCryptor -void CryptKit::FEEDExpContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) -{ - feeReturn frtn; - unsigned actMoved; - - assert(mFeeFeedExp != NULL); - frtn = feeFEEDExpEncryptBlock(mFeeFeedExp, - (unsigned char *)plainText, - plainTextLen, - (unsigned char *)cipherText, - &actMoved, - final ? 1 : 0); - if(frtn) { - throwCryptKit(frtn, "feeFEEDExpEncryptBlock"); - } - if(actMoved > cipherTextLen) { - /* Overflow already occurred! */ - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - cipherTextLen = actMoved; -} - -void CryptKit::FEEDExpContext::decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) -{ - feeReturn frtn; - unsigned actMoved; - - assert(mFeeFeedExp != NULL); - frtn = feeFEEDExpDecryptBlock(mFeeFeedExp, - (unsigned char *)cipherText, - inBlockSize(), - (unsigned char *)plainText, - &actMoved, - final ? 1 : 0); - if(frtn) { - throwCryptKit(frtn, "feeFEEDExpDecryptBlock"); - } - if(actMoved > plainTextLen) { - /* Overflow already occurred! */ - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - plainTextLen = actMoved; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEEAsymmetricContext.h b/AppleCSP/CryptKitCSP/FEEAsymmetricContext.h deleted file mode 100644 index dfb0366b..00000000 --- a/AppleCSP/CryptKitCSP/FEEAsymmetricContext.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEEAsymmetricContext.h - CSPContexts for FEE asymmetric encryption - * - * Created March 8 2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _FEE_ASYMMETRIC_CONTEXT_H_ -#define _FEE_ASYMMETRIC_CONTEXT_H_ - -#include -#include "AppleCSP.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "BlockCryptor.h" -#include -#include - -namespace CryptKit { - -class FEEDContext : public BlockCryptor { -public: - FEEDContext(AppleCSPSession &session) : - BlockCryptor(session), - mFeeFeed(NULL), - mPrivKey(NULL), - mPubKey(NULL), - mInitFlag(false) { } - ~FEEDContext(); - - /* called by CSPFullPluginSession */ - void init(const Context &context, bool encoding = true); - - /* called by BlockCryptor */ - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - - /* - * Additional query size support, necessary because we don't conform to - * BlockCryptor's standard one-to-one block scheme - */ - size_t inputSize( - size_t outSize); // input for given output size - size_t outputSize( - bool final = false, - size_t inSize = 0); // output for given input size - void minimumProgress( - size_t &in, - size_t &out); // minimum progress chunks - - -private: - feeFEED mFeeFeed; - feePubKey mPrivKey; - bool mAllocdPrivKey; - feePubKey mPubKey; - bool mAllocdPubKey; - bool mInitFlag; // allows easy reuse -}; /* FEEDContext */ - - -class FEEDExpContext : public BlockCryptor { -public: - FEEDExpContext(AppleCSPSession &session) : - BlockCryptor(session), - mFeeFeedExp(NULL), - mFeeKey(NULL), - mInitFlag(false) { } - - ~FEEDExpContext(); - - /* called by CSPFullPluginSession */ - void init(const Context &context, bool encoding = true); - - /* called by BlockCryptor */ - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - feeFEEDExp mFeeFeedExp; - feePubKey mFeeKey; - bool mAllocdFeeKey; - bool mInitFlag; // allows easy reuse -}; /* FEEDExpContext */ - -} /* namespace CryptKit */ - -#endif /* _FEE_ASYMMETRIC_CONTEXT_H_ */ -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEECSPUtils.cpp b/AppleCSP/CryptKitCSP/FEECSPUtils.cpp deleted file mode 100644 index 1b557ed2..00000000 --- a/AppleCSP/CryptKitCSP/FEECSPUtils.cpp +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEECSPUtils.h - Misc. utility function for FEE/CryptKit CSP. - * - * Created 2/20/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#include -#include -#include -#include "FEECSPUtils.h" -#include "FEEKeys.h" -#include -#include - -#define feeMiscDebug(args...) secdebug("feeMisc", ## args) - -/* Given a FEE error, throw appropriate CssmError */ -void CryptKit::throwCryptKit( - feeReturn frtn, - const char *op) /* optional */ -{ - if(op) { - Security::Syslog::error("Apple CSP %s: %s", op, feeReturnString(frtn)); - } - switch(frtn) { - case FR_Success: - return; - case FR_BadPubKey: - case FR_BadPubKeyString: - case FR_IncompatibleKey: - case FR_BadKeyBlob: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - case FR_IllegalDepth: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - case FR_BadSignatureFormat: /* signature corrupted */ - CssmError::throwMe(CSSMERR_CSP_INVALID_SIGNATURE); - case FR_InvalidSignature: /* signature intact, but not valid */ - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - case FR_IllegalArg: /* illegal argument */ - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); - case FR_BadCipherText: /* malformed ciphertext */ - case FR_BadEnc64: /* bad enc64() format */ - CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); - case FR_Unimplemented: /* unimplemented function */ - CssmError::throwMe(CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED); - case FR_Memory: /* unimplemented function */ - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - case FR_ShortPrivData: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SEED); - case FR_IllegalCurve: /* e.g., ECDSA with Montgomery curve */ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - - /* I don't think we should ever see these no matter what the - * caller throws at us */ - case FR_WrongSignatureType: /* ElGamal vs. ECDSA */ - case FR_BadUsageName: /* bad usageName */ - case FR_BadCipherFile: - case FR_Internal: /* internal library error */ - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } -} - -/* - * Given a Context: - * -- obtain CSSM key of specified CSSM_ATTRIBUTE_TYPE - * -- validate keyClass - * -- validate keyUsage - * -- convert to feePubKey, allocating the feePubKey if necessary - */ -feePubKey CryptKit::contextToFeeKey( - const Context &context, - AppleCSPSession &session, - CSSM_ATTRIBUTE_TYPE attrType, // CSSM_ATTRIBUTE_KEY, CSSM_ATTRIBUTE_PUBLIC_KEY - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey) // RETURNED -{ - CssmKey &cssmKey = - context.get(attrType, CSSMERR_CSP_MISSING_ATTR_KEY); - const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader; - if(hdr.AlgorithmId != CSSM_ALGID_FEE) { - CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); - } - if(hdr.KeyClass != keyClass) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - cspValidateIntendedKeyUsage(&hdr, usage); - cspVerifyKeyTimes(hdr); - return cssmKeyToFee(cssmKey, session, mallocdKey); -} - -/* - * Convert a CssmKey to a feePubKey. May result in the creation of a new - * feePubKey (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -feePubKey CryptKit::cssmKeyToFee( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey) // RETURNED -{ - feePubKey feeKey = NULL; - allocdKey = false; - - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - if(hdr->AlgorithmId != CSSM_ALGID_FEE) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - switch(hdr->BlobType) { - case CSSM_KEYBLOB_RAW: - feeKey = rawCssmKeyToFee(cssmKey); - allocdKey = true; - break; - case CSSM_KEYBLOB_REFERENCE: - { - BinaryKey &binKey = session.lookupRefKey(cssmKey); - FEEBinaryKey *feeBinKey = dynamic_cast(&binKey); - /* this cast failing means that this is some other - * kind of binary key */ - if(feeBinKey == NULL) { - feeMiscDebug("CryptKit::cssmKeyToFee: wrong BinaryKey subclass\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(feeBinKey->feeKey() != NULL); - feeKey = feeBinKey->feeKey(); - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - return feeKey; -} - -/* - * Convert a raw CssmKey to a newly alloc'd feePubKey. - */ -feePubKey CryptKit::rawCssmKeyToFee( - const CssmKey &cssmKey) -{ - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - - if(hdr->AlgorithmId != CSSM_ALGID_FEE) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - bool derBlob; - switch(hdr->Format) { - case FEE_KEYBLOB_DEFAULT_FORMAT: - derBlob = true; - break; - case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: - derBlob = false; - break; - default: - feeMiscDebug("CryptKit::rawCssmKeyToFee: format mismatch\n"); - CssmError::throwMe(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY ? - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT : - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT); - } - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - // someone else's key - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - feePubKey feeKey = feePubKeyAlloc(); - if(feeKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - feeReturn frtn = FR_Internal; - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - if(derBlob) { - frtn = feePubKeyInitFromDERPubBlob(feeKey, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - else { - frtn = feePubKeyInitFromPubBlob(feeKey, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - if(derBlob) { - frtn = feePubKeyInitFromDERPrivBlob(feeKey, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - else { - frtn = feePubKeyInitFromPrivBlob(feeKey, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - } - if(frtn) { - feePubKeyFree(feeKey); - throwCryptKit(frtn, "feePubKeyInitFromKeyBlob"); - } - return feeKey; -} - -/* - * Glue function which allows C code to use AppleCSPSession - * as an RNG. A ptr to this function gets passed down to - * CryptKit C functions as a feeRandFcn. - */ -feeReturn CryptKit::feeRandCallback( - void *ref, // actually an AppleCSPSession * - unsigned char *bytes, // must be alloc'd by caller - unsigned numBytes) -{ - AppleCSPSession *session = - reinterpret_cast(ref); - try { - session->getRandomBytes(numBytes, bytes); - } - catch(...) { - return FR_Internal; - } - return FR_Success; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEECSPUtils.h b/AppleCSP/CryptKitCSP/FEECSPUtils.h deleted file mode 100644 index 07a83588..00000000 --- a/AppleCSP/CryptKitCSP/FEECSPUtils.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEECSPUtils.h - Misc. utility function for FEE/CryptKit CSP. - * - * Created 2/20/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _FEE_CSP_UTILS_H_ -#define _FEE_CSP_UTILS_H_ - -#include "AppleCSPSession.h" -#include -#include - -/* - * Default FEE keyblob format, indicating DER-encoding. - * FEE keys can optionally be generated by requesting - * CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, indicating native FEE key blobs. - */ -#define FEE_KEYBLOB_DEFAULT_FORMAT CSSM_KEYBLOB_RAW_FORMAT_NONE - -namespace CryptKit { - -/* Given a FEE error, throw appropriate CssmError */ -void throwCryptKit( - feeReturn frtn, - const char *op); /* optional */ - -/* - * Given a Context: - * -- obtain CSSM key of specified CSSM_ATTRIBUTE_TYPE - * -- validate keyClass - * -- validate keyUsage - * -- convert to feePubKey, allocating the feePubKey if necessary - */ -feePubKey contextToFeeKey( - const Context &context, - AppleCSPSession &session, - CSSM_ATTRIBUTE_TYPE attrType, // CSSM_ATTRIBUTE_KEY, CSSM_ATTRIBUTE_PUBLIC_KEY - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey); // RETURNED - -/* - * Convert a CssmKey to a feePubKey. May result in the creation of a new - * feePubKey (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -feePubKey cssmKeyToFee( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey); // RETURNED - -/* - * Convert a raw CssmKey to a newly alloc'd feePubKey. - */ -feePubKey rawCssmKeyToFee( - const CssmKey &cssmKey); - -/* - * Glue function which allows C code to use AppleCSPSession - * as an RNG. A ptr to this function gets passed down to - * CryptKit C functions as a feeRandFcn. - */ -feeReturn feeRandCallback( - void *ref, // actually an AppleCSPSession * - unsigned char *bytes, // must be alloc'd by caller - unsigned numBytes); - -} /* namespace CryptKit */ - -#endif /* _FEE_CSP_UTILS_H_ */ -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEEKeys.cpp b/AppleCSP/CryptKitCSP/FEEKeys.cpp deleted file mode 100644 index 2d48e0f1..00000000 --- a/AppleCSP/CryptKitCSP/FEEKeys.cpp +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEEKeys.cpp - FEE-related asymmetric key pair classes. - * - * Created 2/21/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#include "FEEKeys.h" -#include "FEECSPUtils.h" -#include "CryptKitSpace.h" -#include -#include -#include -#include "AppleCSPSession.h" -#include "AppleCSPUtils.h" -#include -#include - -#define feeKeyDebug(args...) secdebug("feeKey", ## args) - -/*** - *** FEE-style BinaryKey - ***/ - -/* constructor with optional existing feePubKey */ -CryptKit::FEEBinaryKey::FEEBinaryKey(feePubKey feeKey) - : mFeeKey(feeKey) -{ - if(mFeeKey == NULL) { - mFeeKey = feePubKeyAlloc(); - if(mFeeKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - } -} - -CryptKit::FEEBinaryKey::~FEEBinaryKey() -{ - if(mFeeKey) { - feePubKeyFree(mFeeKey); - mFeeKey = NULL; - } -} - -void CryptKit::FEEBinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ -{ - unsigned char *keyBlob; - unsigned len; - feeReturn frtn; - bool derBlob; - bool freeTheKey = false; - feePubKey keyToEncode = mFeeKey; - - assert(mFeeKey != NULL); - switch(format) { - /* also case FEE_KEYBLOB_DEFAULT_FORMAT: */ - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - derBlob = true; - break; - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - { - /* key digest calculation; special case for private keys: cook - * up the associated public key and encode that */ - if(mKeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY) { - keyToEncode = feePubKeyAlloc(); - if(keyToEncode == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - frtn = feePubKeyInitPubKeyFromPriv(mFeeKey, keyToEncode); - if(frtn) { - feePubKeyFree(keyToEncode); - throwCryptKit(frtn, "feePubKeyInitPubKeyFromPriv"); - } - freeTheKey = true; - } - /* in any case, DER-encode a public key */ - derBlob = true; - break; - } - case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: - /* native non-DER-encoded blob */ - derBlob = false; - break; - default: - feeKeyDebug("FEEBinaryKey::generateKeyBlob: bad format (%ld)\n", format); - CssmError::throwMe(feePubKeyIsPrivate(mFeeKey) ? - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT : - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT); - } - if(feePubKeyIsPrivate(keyToEncode)) { - if(derBlob) { - frtn = feePubKeyCreateDERPrivBlob(keyToEncode, &keyBlob, &len); - } - else { - frtn = feePubKeyCreatePrivBlob(keyToEncode, &keyBlob, &len); - } - } - else { - if(derBlob) { - frtn = feePubKeyCreateDERPubBlob(keyToEncode, &keyBlob, &len); - } - else { - frtn = feePubKeyCreatePubBlob(keyToEncode, &keyBlob, &len); - } - } - if(frtn) { - throwCryptKit(frtn, "feePubKeyCreate*Blob"); - } - setUpCssmData(blob, len, allocator); - memmove(blob.data(), keyBlob, len); - blob.length(len); - ffree(keyBlob); - format = derBlob ? FEE_KEYBLOB_DEFAULT_FORMAT : - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - if(freeTheKey) { - /* free the temp pub key we created here */ - feePubKeyFree(keyToEncode); - } -} - -/*** - *** FEE-style AppleKeyPairGenContext - ***/ - -/* - * This one is specified in, and called from, CSPFullPluginSession. Our - * only job is to prepare two subclass-specific BinaryKeys and call up to - * AppleKeyPairGenContext. - */ -void CryptKit::FEEKeyPairGenContext::generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey) -{ - FEEBinaryKey *pubBinKey = new FEEBinaryKey(); - FEEBinaryKey *privBinKey = new FEEBinaryKey(); - - try { - AppleKeyPairGenContext::generate(context, - session(), - pubKey, - pubBinKey, - privKey, - privBinKey); - } - catch (...) { - delete pubBinKey; - delete privBinKey; - throw; - } - -} - -// this one is specified in, and called from, AppleKeyPairGenContext -void CryptKit::FEEKeyPairGenContext::generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keyBits) -{ - /* - * These casts throw exceptions if the keys are of the - * wrong classes, which would be a major bogon, since we created - * the keys in the above generate() function. - */ - FEEBinaryKey &fPubBinKey = - dynamic_cast(pubBinKey); - FEEBinaryKey &fPrivBinKey = - dynamic_cast(privBinKey); - - /* - * Two parameters from context. Key size in bits is required; - * seed is optional. If not present, we cook up random private data. - */ - keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - CssmCryptoData *cseed = context.get(CSSM_ATTRIBUTE_SEED); - CssmData *seed; - bool haveSeed; - CssmAutoData aSeed(session()); // malloc on demand - if(cseed) { - /* caller specified seed */ - haveSeed = true; - seed = &cseed->param(); - } - else { - /* generate random seed */ - haveSeed = false; - unsigned keyBytes = ((keyBits + 7) / 8) + 1; - aSeed.malloc(keyBytes); - session().getRandomBytes(keyBytes, aSeed); - seed = &aSeed.get(); - } - - /* Curve and prime types - optional */ - feePrimeType primeType = FPT_Default; - uint32 uPrimeType = context.getInt(CSSM_ATTRIBUTE_FEE_PRIME_TYPE); - switch(uPrimeType) { - case CSSM_FEE_PRIME_TYPE_DEFAULT: - break; - case CSSM_FEE_PRIME_TYPE_MERSENNE: - primeType = FPT_Mersenne; - break; - case CSSM_FEE_PRIME_TYPE_FEE: - primeType = FPT_FEE; - break; - case CSSM_FEE_PRIME_TYPE_GENERAL: - primeType = FPT_General; - break; - default: - /* FIXME - maybe we should be more specific */ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); - } - feeCurveType curveType = FCT_Default; - uint32 uCurveType = context.getInt(CSSM_ATTRIBUTE_FEE_CURVE_TYPE); - switch(uCurveType) { - case CSSM_FEE_CURVE_TYPE_DEFAULT: - break; - case CSSM_FEE_CURVE_TYPE_MONTGOMERY: - curveType = FCT_Montgomery; - break; - case CSSM_FEE_CURVE_TYPE_WEIERSTRASS: - curveType = FCT_Weierstrass; - break; - default: - /* FIXME - maybe we should be more specific */ - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); - } - feeReturn frtn = feePubKeyInitFromPrivDataKeyBits( - fPrivBinKey.feeKey(), - (unsigned char *)seed->data(), - seed->length(), - keyBits, - primeType, - curveType, - /* - * our random seed: trust it - * caller's seed: hash it - */ - haveSeed ? 1 : 0); - if(frtn) { - throwCryptKit(frtn, "feePubKeyInitFromPrivDataKeyBits"); - } - frtn = feePubKeyInitPubKeyFromPriv(fPrivBinKey.feeKey(), - fPubBinKey.feeKey()); - if(frtn) { - throwCryptKit(frtn, "feePubKeyInitPubKeyFromPriv"); - } -} - - -/*** - *** FEE-style CSPKeyInfoProvider. - ***/ -CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ -} -CSPKeyInfoProvider *FEEKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - switch(cssmKey.algorithm()) { - case CSSM_ALGID_FEE: - break; - default: - return NULL; - } - switch(cssmKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - /* FIXME - verify proper CSSM_KEYBLOB_RAW_FORMAT_xx */ - break; - default: - return NULL; - } - /* OK, we'll handle this one */ - return new FEEKeyInfoProvider(cssmKey, session); -} - -/* Given a raw key, cook up a Binary key */ -void CryptKit::FEEKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // optional, ignored - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) -{ - *binKey = NULL; - feePubKey feeKey = NULL; - - /* first cook up a feePubKey, then drop that into a BinaryKey */ - feeKey = rawCssmKeyToFee(mKey); - FEEBinaryKey *feeBinKey = new FEEBinaryKey(feeKey); - *binKey = feeBinKey; -} - -/* - * Obtain key size in bits. - * Currently only raw public keys are dealt with (they're the ones - * which come from certs, the only current use for this function). - * Note that if we need to handle ref keys, we'll need a session ref... - */ -void CryptKit::FEEKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - feePubKey feeKey = NULL; - - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - feeKey = rawCssmKeyToFee(mKey); - keySize.LogicalKeySizeInBits = feePubKeyBitsize(feeKey); - keySize.EffectiveKeySizeInBits = keySize.LogicalKeySizeInBits; - feePubKeyFree(feeKey); -} - -/* - * Obtain blob suitable for hashing in CSSM_APPLECSP_KEYDIGEST - * passthrough. - */ -bool CryptKit::FEEKeyInfoProvider::getHashableBlob( - CssmAllocator &allocator, - CssmData &blob) // blob to hash goes here -{ - /* - * The optimized case, a raw key in the "proper" format already. - */ - assert(mKey.blobType() == CSSM_KEYBLOB_RAW); - if((mKey.blobFormat() == CSSM_KEYBLOB_RAW_FORMAT_NONE) && - (mKey.keyClass() == CSSM_KEYCLASS_PUBLIC_KEY)) { - const CssmData &keyBlob = CssmData::overlay(mKey.KeyData); - copyCssmData(keyBlob, blob, allocator); - return true; - } - - /* caller converts to binary and proceeds */ - return false; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEEKeys.h b/AppleCSP/CryptKitCSP/FEEKeys.h deleted file mode 100644 index a1109f84..00000000 --- a/AppleCSP/CryptKitCSP/FEEKeys.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEEKeys.h - FEE-related asymmetric key pair classes. - * - * Created 2/21/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _FEE_KEYS_H_ -#define _FEE_KEYS_H_ - -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "AppleCSPKeys.h" -#include -#include - -namespace CryptKit { - -/* - * FEE version of a BinaryKey. - */ -class FEEBinaryKey : public BinaryKey { -public: - FEEBinaryKey(feePubKey feeKey = NULL); - ~FEEBinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - feePubKey feeKey() { return mFeeKey; } -private: - feePubKey mFeeKey; -}; - -class FEEKeyPairGenContext : - public AppleCSPContext, private AppleKeyPairGenContext { -public: - FEEKeyPairGenContext( - AppleCSPSession &session, - const Context &) : - AppleCSPContext(session) {} - - ~FEEKeyPairGenContext() { } - - /* no init functionality, but we need to implement it */ - void init( - const Context &, - bool) { } - - // this one is specified in, and called from, CSPFullPluginSession - void generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey); - - // this one is specified in, and called from, AppleKeyPairGenContext - void generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keySize); - -}; /* KeyPairGenContext */ - -/* - * CSPKeyInfoProvider for FEE keys - */ -class FEEKeyInfoProvider : public CSPKeyInfoProvider -{ -private: - FEEKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); -public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - - ~FEEKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // optional, ignored here - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob); -}; - -} /* namespace CryptKit */ - -#endif /* _FEE_KEYS_H_ */ -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEESignatureObject.cpp b/AppleCSP/CryptKitCSP/FEESignatureObject.cpp deleted file mode 100644 index d80604e5..00000000 --- a/AppleCSP/CryptKitCSP/FEESignatureObject.cpp +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEESignatureObject.cpp - implementations of FEE-style raw sign/verify classes - * - * Created 2/20/2001 by dmitch. - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#include -#include -#include -#include -#include -#include -#include - -#define feeSigObjDebug(args...) secdebug("feeSig", ##args) - -CryptKit::FEESigner::~FEESigner() -{ - if(mWeMallocdFeeKey) { - assert(mFeeKey != NULL); - feePubKeyFree(mFeeKey); - } -} - -/* - * obtain key from context, validate, convert to native FEE key - */ -void CryptKit::FEESigner::keyFromContext( - const Context &context) -{ - if(initFlag() && (mFeeKey != NULL)) { - /* reusing context, OK */ - return; - } - - CSSM_KEYCLASS keyClass; - CSSM_KEYUSE keyUse; - if(isSigning()) { - /* signing with private key */ - keyClass = CSSM_KEYCLASS_PRIVATE_KEY; - keyUse = CSSM_KEYUSE_SIGN; - } - else { - /* verifying with public key */ - keyClass = CSSM_KEYCLASS_PUBLIC_KEY; - keyUse = CSSM_KEYUSE_VERIFY; - } - if(mFeeKey == NULL) { - mFeeKey = contextToFeeKey(context, - mSession, - CSSM_ATTRIBUTE_KEY, - keyClass, - keyUse, - mWeMallocdFeeKey); - } -} - -/* reusable init */ -void CryptKit::FEESigner::signerInit( - const Context &context, - bool isSigning) -{ - setIsSigning(isSigning); - keyFromContext(context); - setInitFlag(true); -} - -/* - * Note that, unlike the implementation in CryptKit/feePublicKey.c, we ignore - * the Pm which used to be used as salt for the digest. That made staged verification - * impossible and I do not believe it increased security. - */ -void CryptKit::FEERawSigner::sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen) /* IN/OUT */ -{ - feeSig fsig; - feeReturn frtn; - unsigned char *feeSig; - unsigned feeSigLen; - - if(mFeeKey == NULL) { - throwCryptKit(FR_BadPubKey, "FEERawSigner::sign (no key)"); - } - fsig = feeSigNewWithKey(mFeeKey, mRandFcn, mRandRef); - if(fsig == NULL) { - throwCryptKit(FR_BadPubKey, "FEERawSigner::sign"); - } - frtn = feeSigSign(fsig, - (unsigned char *)data, - dataLen, - mFeeKey); - if(frtn == FR_Success) { - frtn = feeSigData(fsig, &feeSig, &feeSigLen); - } - feeSigFree(fsig); - if(frtn) { - throwCryptKit(frtn, "FEERawSigner::sign"); - } - - /* copy out to caller and ffree */ - if(*sigLen < feeSigLen) { - feeSigObjDebug("FEERawSigner sign overflow\n"); - ffree(feeSig); - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - memmove(sig, feeSig, feeSigLen); - *sigLen = feeSigLen; - ffree(feeSig); -} - -void CryptKit::FEERawSigner::verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen) -{ - feeSig fsig; - feeReturn frtn; - - if(mFeeKey == NULL) { - throwCryptKit(FR_BadPubKey, "FEERawSigner::verify (no key)"); - } - frtn = feeSigParse((unsigned char *)sig, sigLen, &fsig); - if(frtn) { - throwCryptKit(frtn, "feeSigParse"); - } - frtn = feeSigVerify(fsig, - (unsigned char *)data, - dataLen, - mFeeKey); - feeSigFree(fsig); - if(frtn) { - throwCryptKit(frtn, NULL); - } -} - -size_t CryptKit::FEERawSigner::maxSigSize() -{ - unsigned rtn; - feeReturn frtn; - - frtn = feeSigSize(mFeeKey, &rtn); - if(frtn) { - throwCryptKit(frtn, "feeSigSize"); - } - return rtn; -} - -/* ECDSA - this is really easy. */ - -void CryptKit::FEEECDSASigner::sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen) /* IN/OUT */ -{ - unsigned char *feeSig; - unsigned feeSigLen; - feeReturn frtn; - - if(mFeeKey == NULL) { - throwCryptKit(FR_BadPubKey, "FEERawSigner::sign (no key)"); - } - frtn = feeECDSASign(mFeeKey, - (unsigned char *)data, // data to be signed - dataLen, // in bytes - mRandFcn, - mRandRef, - &feeSig, - &feeSigLen); - if(frtn) { - throwCryptKit(frtn, "feeECDSASign"); - } - /* copy out to caller and ffree */ - if(*sigLen < feeSigLen) { - feeSigObjDebug("feeECDSASign overflow\n"); - ffree(feeSig); - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - memmove(sig, feeSig, feeSigLen); - *sigLen = feeSigLen; - ffree(feeSig); - -} - -void CryptKit::FEEECDSASigner::verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen) -{ - feeReturn frtn; - - if(mFeeKey == NULL) { - throwCryptKit(FR_BadPubKey, "FEERawSigner::verify (no key)"); - } - frtn = feeECDSAVerify((unsigned char *)sig, - sigLen, - (unsigned char *)data, - dataLen, - mFeeKey); - if(frtn) { - throwCryptKit(frtn, NULL); - } -} - -size_t CryptKit::FEEECDSASigner::maxSigSize() -{ - unsigned rtn; - feeReturn frtn; - - frtn = feeECDSASigSize(mFeeKey, &rtn); - if(frtn) { - throwCryptKit(frtn, "feeECDSASigSize"); - } - return rtn; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/FEESignatureObject.h b/AppleCSP/CryptKitCSP/FEESignatureObject.h deleted file mode 100644 index 287974ec..00000000 --- a/AppleCSP/CryptKitCSP/FEESignatureObject.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * FEESignatureObject.h - FEE-based raw sign/verify classes - */ - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _FEE_SIGNATURE_OBJECT_H_ -#define _FEE_SIGNATURE_OBJECT_H_ - -#include -#include -#include -#include -#include -#include -#include - -namespace CryptKit { - -/* - * Common raw FEE sign/verify class. - */ -class FEESigner : public RawSigner { -public: - FEESigner( - feeRandFcn randFcn, - void *randRef, - AppleCSPSession &session, - CssmAllocator &alloc) : - RawSigner(alloc, CSSM_ALGID_NONE), - mFeeKey(NULL), - mWeMallocdFeeKey(false), - mRandFcn(randFcn), - mRandRef(randRef), - mSession(session) { } - - virtual ~FEESigner(); - - /* reusable init */ - void signerInit( - const Context &context, - bool isSigning); - - /* - * obtain key from context, validate, convert to native FEE key - */ - void keyFromContext( - const Context &context); - -protected: - feePubKey mFeeKey; - bool mWeMallocdFeeKey; - feeRandFcn mRandFcn; - void *mRandRef; - AppleCSPSession &mSession; -}; - -/* - * And two implementations. - * - * Native FEE signature, ElGamal style. - */ -class FEERawSigner : public FEESigner -{ -public: - FEERawSigner( - feeRandFcn randFcn, - void *randRef, - AppleCSPSession &session, - CssmAllocator &alloc) : - FEESigner(randFcn, randRef, session, alloc) { }; - - ~FEERawSigner() { } - - /* sign */ - void sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen); /* IN/OUT */ - - /* verify */ - void verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen); - - /* works for both, but only used for signing */ - size_t maxSigSize(); -}; - -/* - * FEE signature, ECDSA style. - */ -class FEEECDSASigner : public FEESigner -{ -public: - FEEECDSASigner( - feeRandFcn randFcn, - void *randRef, - AppleCSPSession &session, - CssmAllocator &alloc) : - FEESigner(randFcn, randRef, session, alloc) { }; - - ~FEEECDSASigner() { } - - /* sign */ - void sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen); /* IN/OUT */ - - /* verify */ - void verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen); - - /* works for both, but only used for signing */ - size_t maxSigSize(); -}; - -} /* namespace CryptKit */ - -#endif /* _FEE_SIGNATURE_OBJECT_H_ */ -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/CryptKitCSP/cryptkitcsp.cpp b/AppleCSP/CryptKitCSP/cryptkitcsp.cpp deleted file mode 100644 index ea97af75..00000000 --- a/AppleCSP/CryptKitCSP/cryptkitcsp.cpp +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cryptkitcsp - top C++ implementation layer for CryptKit -// - -#ifdef CRYPTKIT_CSP_ENABLE - -#include "cryptkitcsp.h" -#include "FEESignatureObject.h" /* raw signer */ -#include -#include "FEEKeys.h" -#include "FEEAsymmetricContext.h" -#include -#include -#include -#include -#include - -CssmAllocator *CryptKitFactory::normAllocator; -CssmAllocator *CryptKitFactory::privAllocator; - -/* - * CryptKit-style memory allocator callbacks - */ -static void *ckMalloc(unsigned size) -{ - return CryptKitFactory::privAllocator->malloc(size); -} -static void ckFree(void *data) -{ - CryptKitFactory::privAllocator->free(data); -} -static void *ckRealloc(void *oldPtr, unsigned newSize) -{ - return CryptKitFactory::privAllocator->realloc(oldPtr, newSize); -} - -// -// Manage the CryptKit algorithm factory -// - -CryptKitFactory::CryptKitFactory(CssmAllocator *normAlloc, CssmAllocator *privAlloc) -{ - setNormAllocator(normAlloc); - setPrivAllocator(privAlloc); - /* once-per-address space */ - initCryptKit(); - fallocRegister(ckMalloc, ckFree, ckRealloc); -} - -CryptKitFactory::~CryptKitFactory() -{ - terminateCryptKit(); -} - -bool CryptKitFactory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - switch(context.type()) { - case CSSM_ALGCLASS_SIGNATURE: - switch(context.algorithm()) { - case CSSM_ALGID_FEE_MD5: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new MD5Object()), - *(new FEERawSigner(feeRandCallback, - &session, - session, - *privAllocator))); - } - return true; - case CSSM_ALGID_FEE_SHA1: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new SHA1Object()), - *(new FEERawSigner(feeRandCallback, - &session, - session, - *privAllocator))); - } - return true; - case CSSM_ALGID_SHA1WithECDSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new SHA1Object()), - *(new FEEECDSASigner(feeRandCallback, - &session, - session, - *privAllocator))); - } - return true; - case CSSM_ALGID_FEE: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new NullDigest()), - *(new FEERawSigner(feeRandCallback, - &session, - session, - *privAllocator))); - } - return true; - case CSSM_ALGID_ECDSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new NullDigest()), - *(new FEEECDSASigner(feeRandCallback, - &session, - session, - *privAllocator))); - } - return true; - default: - break; - } - break; - - case CSSM_ALGCLASS_KEYGEN: - switch(context.algorithm()) { - case CSSM_ALGID_FEE: - if(cspCtx == NULL) { - cspCtx = new CryptKit::FEEKeyPairGenContext(session, context); - } - return true; - default: - break; - } - break; - - case CSSM_ALGCLASS_ASYMMETRIC: - switch(context.algorithm()) { - case CSSM_ALGID_FEEDEXP: - if(cspCtx == NULL) { - cspCtx = new CryptKit::FEEDExpContext(session); - } - return true; - case CSSM_ALGID_FEED: - if(cspCtx == NULL) { - cspCtx = new CryptKit::FEEDContext(session); - } - return true; - default: - break; - } - break; - - /* more here - symmetric, etc. */ - default: - break; - } - /* not implemented here */ - return false; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ - - diff --git a/AppleCSP/CryptKitCSP/cryptkitcsp.h b/AppleCSP/CryptKitCSP/cryptkitcsp.h deleted file mode 100644 index d13c2c0b..00000000 --- a/AppleCSP/CryptKitCSP/cryptkitcsp.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cryptkitcsp.h - AlgorithmFactory for CryptKit CSP -// - -#ifdef CRYPTKIT_CSP_ENABLE - -#ifndef _H_CRYPTKITCSPLIB -#define _H_CRYPTKITCSPLIB - -#include -#include "AppleCSP.h" - -/* Can't include AppleCSPSession.h due to circular dependency */ -class AppleCSPSession; - -class CryptKitFactory : public AppleCSPAlgorithmFactory { -public: - CryptKitFactory(CssmAllocator *normAlloc = NULL, CssmAllocator *privAlloc = NULL); - ~CryptKitFactory(); - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - - static void setNormAllocator(CssmAllocator *alloc) - { assert(!normAllocator); normAllocator = alloc; } - static void setPrivAllocator(CssmAllocator *alloc) - { assert(!privAllocator); privAllocator = alloc; } - - // memory allocators - static CssmAllocator *normAllocator; - static CssmAllocator *privAllocator; - -}; - -/* convenience for clients.... */ -#include - -#endif //_H_CRYPTKITCSPLIB -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/DiffieHellman/DH_csp.cpp b/AppleCSP/DiffieHellman/DH_csp.cpp deleted file mode 100644 index e3010317..00000000 --- a/AppleCSP/DiffieHellman/DH_csp.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_csp.cpp - Diffie-Hellman Algorithm factory - */ - -#include "DH_csp.h" -#include "DH_keys.h" -#include - -CssmAllocator *DH_Factory::normAllocator; -CssmAllocator *DH_Factory::privAllocator; - -DH_Factory::DH_Factory(CssmAllocator *normAlloc, CssmAllocator *privAlloc) -{ - setNormAllocator(normAlloc); - setPrivAllocator(privAlloc); - - /* NOTE WELL we assume that the RSA_DSA factory has already been instantitated, - * doing the basic init of openssl */ - - ERR_load_DH_strings(); -} - -DH_Factory::~DH_Factory() -{ -} - -bool DH_Factory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - switch(context.type()) { - case CSSM_ALGCLASS_KEYGEN: - switch(context.algorithm()) { - case CSSM_ALGID_DH: - if(cspCtx == NULL) { - cspCtx = new DHKeyPairGenContext(session, context); - } - return true; - default: - break; - } - break; - - default: - break; - } - /* not implemented here */ - return false; -} - - - diff --git a/AppleCSP/DiffieHellman/DH_csp.h b/AppleCSP/DiffieHellman/DH_csp.h deleted file mode 100644 index e0dfa6ea..00000000 --- a/AppleCSP/DiffieHellman/DH_csp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_csp.h - Diffie-Hellman Algorithm factory - */ - -#ifndef _DH_CSP_H_ -#define _DH_CSP_H_ - -#include -#include - -/* Can't include AppleCSPSession.h due to circular dependency */ -class AppleCSPSession; - -class DH_Factory : public AppleCSPAlgorithmFactory { -public: - DH_Factory(CssmAllocator *normAlloc = NULL, CssmAllocator *privAlloc = NULL); - ~DH_Factory(); - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - - static void setNormAllocator(CssmAllocator *alloc) - { assert(!normAllocator); normAllocator = alloc; } - static void setPrivAllocator(CssmAllocator *alloc) - { assert(!privAllocator); privAllocator = alloc; } - - // memory allocators - static CssmAllocator *normAllocator; - static CssmAllocator *privAllocator; - -}; - -#endif /* _DH_CSP_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_exchange.cpp b/AppleCSP/DiffieHellman/DH_exchange.cpp deleted file mode 100644 index 1d1a7c48..00000000 --- a/AppleCSP/DiffieHellman/DH_exchange.cpp +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_exchange.cp - Diffie-Hellman key exchange - */ - -#include "DH_exchange.h" -#include -#include -#include "DH_utils.h" -#include "DH_keys.h" -#include -#include - -void DeriveKey_DH ( - const Context &context, - const CssmData &Param, // other's public key. may be empty - CSSM_DATA *keyData, // mallocd by caller - // we fill in keyData->Length bytes - AppleCSPSession &session) -{ - bool mallocdPrivKey; - size_t privSize; - - /* private DH key from context - required */ - DH *privKey = contextToDhKey(context, session, CSSM_ATTRIBUTE_KEY, - CSSM_KEYCLASS_PRIVATE_KEY, CSSM_KEYUSE_DERIVE, mallocdPrivKey); - if(privKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); - } - cspDhDebug("DeriveKey_DH, privKey %p", privKey); - privSize = DH_size(privKey); - if(privSize < keyData->Length) { - /* we've been asked for more bits than this key can generate */ - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - } - - /* - * Public key ("their" key) can come from two places: - * -- in the context as a CSSM_ATTRIBUTE_PUBLIC_KEY. THis is how - * public keys in X509 for must be used in this function - * -- in the incoming Param, the raw unformatted (PKCS3) form - */ - bool mallocdPubKey = false; - BIGNUM *pubKeyBn = NULL; - bool allocdPubKeyBn = false; - DH *pubKey = contextToDhKey(context, session, CSSM_ATTRIBUTE_PUBLIC_KEY, - CSSM_KEYCLASS_PUBLIC_KEY, CSSM_KEYUSE_DERIVE, mallocdPubKey); - if(pubKey != NULL) { - if(pubKey->pub_key == NULL) { - errorLog0("DeriveKey_DH: public key in context with no pub_key\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - pubKeyBn = pubKey->pub_key; - cspDhDebug("DeriveKey_DH, pubKey from context %p", pubKey); - } - else { - if((Param.Data == NULL) || (Param.Length == 0)) { - errorLog0("DeriveKey_DH: no pub_key, no Param\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - pubKeyBn = BN_bin2bn(Param.Data, Param.Length, NULL); - if(pubKeyBn == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - allocdPubKeyBn = true; - cspDhDebug("DeriveKey_DH, no pubKey in context"); - } - unsigned char *buf = (unsigned char *)session.malloc(privSize); - int rtn = DH_compute_key(buf, pubKeyBn, privKey); - if(rtn > 0) { - /* - * FIXME : I have not found a specification describing *which* - * bytes of the value we just computed we are supposed to - * use as the actual key bytes. We use the M.S. bytes. - * - * Note that due to modulo arithmetic, we may have gotten fewer - * bytes than we asked for. If so, the caller will have - * to deal with that if they really need privSize bytes. - */ - assert((uint32)rtn <= privSize); - uint32 toMove = keyData->Length; - if((uint32)rtn < toMove) { - toMove = (uint32)rtn; - } - memmove(keyData->Data, buf, toMove); - keyData->Length = toMove; - } - if(mallocdPrivKey) { - DH_free(privKey); - } - if(mallocdPubKey) { - DH_free(pubKey); - } - if(allocdPubKeyBn) { - BN_free(pubKeyBn); - } - session.free(buf); - if(rtn <= 0) { - throwRsaDsa("DH_compute_key"); - } -} - diff --git a/AppleCSP/DiffieHellman/DH_exchange.h b/AppleCSP/DiffieHellman/DH_exchange.h deleted file mode 100644 index a4146012..00000000 --- a/AppleCSP/DiffieHellman/DH_exchange.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_exchange.h - Diffie-Hellman key exchange - */ - -#ifndef _DH_EXCHANGE_H_ -#define _DH_EXCHANGE_H_ - -#include - -void DeriveKey_DH ( - const Context &context, - const CssmData &Param, - CSSM_DATA *keyData, - AppleCSPSession &session); - -#endif /* _DH_EXCHANGE_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_keys.cpp b/AppleCSP/DiffieHellman/DH_keys.cpp deleted file mode 100644 index 3dcb6f4f..00000000 --- a/AppleCSP/DiffieHellman/DH_keys.cpp +++ /dev/null @@ -1,533 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_keys.cpp - Diffie-Hellman key pair support. - */ - -#include "DH_keys.h" -#include "DH_utils.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define dhKeyDebug(args...) secdebug("dhKey", ## args) - -/* - * FIXME - the CDSA Algorithm Guide claims that the incoming params argument - * for a GenerateAlgorithmParameters call is ignored for D-H. This means - * that there is no way for the caller to specify 'g' (typically 2, 3, or - * 5). This seems WAY bogus but we'll code to the spec for now, assuming - * a hard-coded default generator. - */ -#define DH_GENERATOR_DEFAULT DH_GENERATOR_2 - - -/*** - *** Diffie-Hellman-style BinaryKey - ***/ - -/* constructor with optional existing DSA key */ -DHBinaryKey::DHBinaryKey(DH *dhKey) - : mDhKey(dhKey) -{ -} - -DHBinaryKey::~DHBinaryKey() -{ - if(mDhKey) { - DH_free(mDhKey); - mDhKey = NULL; - } -} - -void DHBinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ -{ - - switch(mKeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - { - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - // take default - format = DH_PUB_KEY_FORMAT; - break; - case DH_PUB_KEY_FORMAT: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - // proceed - break; - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - /* use PKCS3 - caller won't care if we change this...right? */ - format = DH_PUB_KEY_FORMAT; - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - - assert(mDhKey != NULL); - CssmAutoData encodedKey(allocator); - CSSM_RETURN crtn = DHPublicKeyEncode(mDhKey, format, - encodedKey); - if(crtn) { - CssmError::throwMe(crtn); - } - blob = encodedKey.release(); - break; - } - case CSSM_KEYCLASS_PRIVATE_KEY: - { - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - // i.e., use default - format = DH_PRIV_KEY_FORMAT; - break; - case DH_PRIV_KEY_FORMAT: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - // proceed - break; - - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - { - /* - * Use public blob; calculate it if we - * don't already have it. - */ - assert(mDhKey != NULL); - if(mDhKey->pub_key == NULL) { - int irtn = DH_generate_key(mDhKey); - if(!irtn) { - throwRsaDsa("DH_generate_key"); - } - } - assert(mDhKey->pub_key != NULL); - setUpData(blob, - BN_num_bytes(mDhKey->pub_key), - *DH_Factory::privAllocator); - BN_bn2bin(mDhKey->pub_key, blob); - format = DH_PUB_KEY_FORMAT; - return; - } - - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - assert(mDhKey != NULL); - CssmAutoData encodedKey(allocator); - CSSM_RETURN crtn = DHPrivateKeyEncode(mDhKey, format, - encodedKey); - if(crtn) { - CssmError::throwMe(crtn); - } - blob = encodedKey.release(); - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } -} - -/*** - *** Diffie-Hellman style AppleKeyPairGenContext - ***/ - -/* - * This one is specified in, and called from, CSPFullPluginSession. Our - * only job is to prepare two subclass-specific BinaryKeys and call up to - * AppleKeyPairGenContext. - */ -void DHKeyPairGenContext::generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey) -{ - DHBinaryKey *pubBinKey = new DHBinaryKey(); - DHBinaryKey *privBinKey = new DHBinaryKey(); - - try { - AppleKeyPairGenContext::generate(context, - session(), - pubKey, - pubBinKey, - privKey, - privBinKey); - } - catch (...) { - delete pubBinKey; - delete privBinKey; - throw; - } -} - -/* - * This one is specified in, and called from, AppleKeyPairGenContext - */ -void DHKeyPairGenContext::generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keyBits) -{ - /* - * These casts throw exceptions if the keys are of the - * wrong classes, which would be a major bogon, since we created - * the keys in the above generate() function. - */ - DHBinaryKey &rPubBinKey = - dynamic_cast(pubBinKey); - DHBinaryKey &rPrivBinKey = - dynamic_cast(privBinKey); - - /* - * Parameters from context: - * Key size in bits, required; - * {p,g,privKeyLength} from generateParams, optional - * NOTE: currently the openssl D-H imnplementation ignores the - * privKeyLength field. - */ - keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - CssmData *paramData = context.get(CSSM_ATTRIBUTE_ALG_PARAMS); - - NSS_DHParameterBlock algParamBlock; - NSS_DHParameter &algParams = algParamBlock.params; - uint32 privValueLen = 0; // only nonzero from externally generated - // params - SecNssCoder coder; // for temp allocs of decoded parameters - - if(paramData != NULL) { - /* this contains the DER encoding of a DHParameterBlock */ - CSSM_RETURN crtn; - crtn = DHParamBlockDecode(*paramData, algParamBlock, coder); - if(crtn) { - CssmError::throwMe(crtn); - } - - /* snag the optional private key length field */ - if(algParams.privateValueLength.Data) { - privValueLen = cssmDataToInt(algParams.privateValueLength); - } - - /* ensure caller's key size matches the incoming params */ - uint32 paramKeyBytes; - if(privValueLen) { - paramKeyBytes = (privValueLen + 7) / 8; - } - else { - paramKeyBytes = algParams.prime.Length; - /* trim off possible m.s. byte of zero */ - const unsigned char *uo = - (const unsigned char *)algParams.prime.Data; - if(*uo == 0) { - paramKeyBytes--; - } - } - uint32 reqBytes = (keyBits + 7) / 8; - if(paramKeyBytes != reqBytes) { - dhKeyDebug("DH key size mismatch (req %d param %d)", - (int)reqBytes, (int)paramKeyBytes); - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); - } - } - else { - /* no alg params specified; generate them now */ - dhKeyDebug("DH implicit alg param calculation"); - memset(&algParamBlock, 0, sizeof(algParamBlock)); - dhGenParams(keyBits, DH_GENERATOR_DEFAULT, 0, algParams, coder); - } - - /* create key, stuff params into it */ - rPrivBinKey.mDhKey = DH_new(); - if(rPrivBinKey.mDhKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - DH *dhKey = rPrivBinKey.mDhKey; - dhKey->p = cssmDataToBn(algParams.prime); - dhKey->g = cssmDataToBn(algParams.base); - dhKey->length = privValueLen; - cspDhDebug("private DH binary key dhKey %p", dhKey); - - /* generate the key (both public and private capabilities) */ - int irtn = DH_generate_key(dhKey); - if(!irtn) { - throwRsaDsa("DH_generate_key"); - } - - /* public key is a subset */ - rPubBinKey.mDhKey = DH_new(); - if(rPubBinKey.mDhKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - DH *pubDhKey = rPubBinKey.mDhKey; - pubDhKey->pub_key = BN_dup(dhKey->pub_key); - /* these params used for X509 style key blobs */ - pubDhKey->p = BN_dup(dhKey->p); - pubDhKey->g = BN_dup(dhKey->g); - cspDhDebug("public DH binary key pubDhKey %p", pubDhKey); -} - - - -/*** - *** Diffie-Hellman CSPKeyInfoProvider. - ***/ -DHKeyInfoProvider::DHKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ -} - -CSPKeyInfoProvider *DHKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - switch(cssmKey.algorithm()) { - case CSSM_ALGID_DH: - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - switch(cssmKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - /* OK, we'll handle this one */ - return new DHKeyInfoProvider(cssmKey, session); -} - -/* Given a raw key, cook up a Binary key */ -void DHKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // optional, ignored here - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) -{ - *binKey = NULL; - - assert(mKey.blobType() == CSSM_KEYBLOB_RAW); - switch(mKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* first cook up an DH key, then drop that into a BinaryKey */ - DH *dhKey = rawCssmKeyToDh(mKey); - DHBinaryKey *dhBinKey = new DHBinaryKey(dhKey); - *binKey = dhBinKey; - cspDhDebug("CssmKeyToBinary dhKey %p", dhKey); -} - -/* - * Obtain key size in bits. - * FIXME - I doubt that this is, or can be, exactly accurate..... - */ -void DHKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - uint32 numBits = 0; - - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - DH *dhKey = rawCssmKeyToDh(mKey); - - /* DH_size requires the p parameter, which some public keys don't have */ - if(dhKey->p != NULL) { - numBits = DH_size(dhKey) * 8; - } - else { - assert(dhKey->pub_key != NULL); - numBits = BN_num_bytes(dhKey->pub_key) * 8; - } - DH_free(dhKey); - keySize.LogicalKeySizeInBits = numBits; - keySize.EffectiveKeySizeInBits = numBits; -} - -/* - * Obtain blob suitable for hashing in CSSM_APPLECSP_KEYDIGEST - * passthrough. - */ -bool DHKeyInfoProvider::getHashableBlob( - CssmAllocator &allocator, - CssmData &blob) // blob to hash goes here -{ - /* - * The optimized case, a raw key in the "proper" format already. - */ - assert(mKey.blobType() == CSSM_KEYBLOB_RAW); - bool useAsIs = false; - - switch(mKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - if(mKey.blobFormat() == CSSM_KEYBLOB_RAW_FORMAT_PKCS3) { - useAsIs = true; - } - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - /* shouldn't be here */ - assert(0); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(useAsIs) { - const CssmData &keyBlob = CssmData::overlay(mKey.KeyData); - copyCssmData(keyBlob, blob, allocator); - return true; - } - - /* caller converts to binary and proceeds */ - return false; -} - -/* - * Generate keygen parameters, stash them in a context attr array for later use - * when actually generating the keys. - */ - -void DHKeyPairGenContext::generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, // RETURNED here, - uint32 &attrCount, // here, - Context::Attr * &attrs) // and here -{ - /* generate the params */ - NSS_DHParameterBlock algParamBlock; - SecNssCoder coder; - NSS_DHParameter &algParams = algParamBlock.params; - dhGenParams(bitSize, DH_GENERATOR_DEFAULT, 0, algParams, coder); - - /* drop in the required OID */ - algParamBlock.oid = CSSMOID_PKCS3; - - /* - * Here comes the fun part. - * We "return" the DER encoding of these generated params in two ways: - * 1. Copy out to app via the params argument, mallocing if Data ptr is NULL. - * The app must free this. - * 2. Cook up a 1-element Context::attr array containing one ALG_PARAM attr, - * a CSSM_DATA_PTR containing the DER encoding. We have to save a ptr to - * this attr array and free it, the CSSM_DATA it points to, and the DER - * encoding *that* points to, in our destructor. - * - * First, DER encode. - */ - CssmAutoData aDerData(session()); - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&algParamBlock, NSS_DHParameterBlockTemplate, - aDerData); - if(perr) { - /* only known error... */ - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - - /* copy/release that into a mallocd CSSM_DATA. */ - CSSM_DATA_PTR derData = (CSSM_DATA_PTR)session().malloc(sizeof(CSSM_DATA)); - *derData = aDerData.release(); - - /* stuff that into a one-element Attr array which we keep after returning */ - freeGenAttrs(); - mGenAttrs = (Context::Attr *)session().malloc(sizeof(Context::Attr)); - mGenAttrs->AttributeType = CSSM_ATTRIBUTE_ALG_PARAMS; - mGenAttrs->AttributeLength = sizeof(CSSM_DATA); - mGenAttrs->Attribute.Data = derData; - - /* and "return" this stuff */ - copyCssmData(CssmData::overlay(*derData), params, session()); - attrCount = 1; - attrs = mGenAttrs; -} - -/* free mGenAttrs and its referents if present */ -void DHKeyPairGenContext::freeGenAttrs() -{ - if(mGenAttrs == NULL) { - return; - } - if(mGenAttrs->Attribute.Data) { - if(mGenAttrs->Attribute.Data->Data) { - session().free(mGenAttrs->Attribute.Data->Data); - } - session().free(mGenAttrs->Attribute.Data); - } - session().free(mGenAttrs); -} - -/* - * Generate DSA algorithm parameters returning result - * into DHParameter.{prime,base,privateValueLength]. - * This is called from both GenerateParameters and from - * KeyPairGenerate (if no GenerateParameters has yet been called). - * - * FIXME - privateValueLength not implemented in openssl, not here - * either for now. - */ - -void DHKeyPairGenContext::dhGenParams( - uint32 keySizeInBits, - unsigned g, // probably should be BIGNUM - int privValueLength, // optional - NSS_DHParameter &algParams, - SecNssCoder &coder) // temp contents of algParams - // mallocd here -{ - /* validate key size */ - if((keySizeInBits < DH_MIN_KEY_SIZE) || - (keySizeInBits > DH_MAX_KEY_SIZE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); - } - - /* create an openssl-style DH key with minimal setup */ - DH *dhKey = DH_generate_parameters(keySizeInBits, g, NULL, NULL); - if(dhKey == NULL) { - throwRsaDsa("DSA_generate_parameters"); - } - - /* stuff dhKey->{p,g,length}] into a caller's NSS_DHParameter */ - bnToCssmData(dhKey->p, algParams.prime, coder); - bnToCssmData(dhKey->g, algParams.base, coder); - CSSM_DATA &privValData = algParams.privateValueLength; - if(privValueLength) { - intToCssmData(privValueLength, privValData, coder); - } - else { - privValData.Data = NULL; - privValData.Length = 0; - } - DH_free(dhKey); -} - diff --git a/AppleCSP/DiffieHellman/DH_keys.h b/AppleCSP/DiffieHellman/DH_keys.h deleted file mode 100644 index 408a9fb1..00000000 --- a/AppleCSP/DiffieHellman/DH_keys.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_keys.h - Diffie-Hellman key pair support - */ - -#ifndef _DH_KEYS_H_ -#define _DH_KEYS_H_ - -#include -#include -#include "AppleCSPKeys.h" -#include -#include -#include -#include -#include -#include - -#define DH_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3 -#define DH_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3 - -#define DH_MIN_KEY_SIZE 512 /* FIXME */ -#define DH_MAX_KEY_SIZE 2048 - -#define cspDhDebug(args...) secdebug("dhDebug", ## args) - -/* - * Diffie-Hellman version of a BinaryKey. - */ -class DHBinaryKey : public BinaryKey { -public: - DHBinaryKey(DH *dhKey = NULL); - ~DHBinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - /* - * This may contain a fully-capable private key, or a public - * key with as little as the pub_key field set. - */ - DH *mDhKey; -}; - -class DHKeyPairGenContext : - public AppleCSPContext, private AppleKeyPairGenContext { -public: - DHKeyPairGenContext( - AppleCSPSession &session, - const Context &) : - AppleCSPContext(session), - mGenAttrs(NULL) {} - - ~DHKeyPairGenContext() { freeGenAttrs(); } - - // no init functionality, but we need to implement it - void init( - const Context &, - bool) { } - - // this one is specified in, and called from, CSPFullPluginSession - void generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey); - - // this one is specified in, and called from, AppleKeyPairGenContext - void generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keySize); - - // specified in, and called from, CSPFullPluginSessionÊ- generate parameters - void generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, - uint32 &attrCount, - Context::Attr * &attrs); - - /* - * Necessary to handle and deflect "context changed" notification which occurs - * after the strange return from "generate parameters", when the plugin adds - * the "returned" values to the Context. - */ - bool changed(const Context &context) { return true; } - - void dhGenParams( - uint32 keySizeInBits, - unsigned g, // probably should be BIGNUM - int privValueLength, // optional - NSS_DHParameter &algParams, - SecNssCoder &coder); // for temp contents of algParams - -private: - /* gross hack to store attributes "returned" from GenParams */ - Context::Attr *mGenAttrs; - void freeGenAttrs(); -}; /* DHKeyPairGenContext */ - -/* - * CSPKeyInfoProvider for Diffie-Hellman keys - */ -class DHKeyInfoProvider : public CSPKeyInfoProvider -{ -private: - DHKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); -public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - - ~DHKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // optional, ignored here - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob); -}; - -#endif /* _DH_KEYS_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_utils.cpp b/AppleCSP/DiffieHellman/DH_utils.cpp deleted file mode 100644 index 4dbf7b3e..00000000 --- a/AppleCSP/DiffieHellman/DH_utils.cpp +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_utils.cpp - */ - -#include "DH_utils.h" -#include "DH_keys.h" -#include -#include -#include -#include -#include -#include -#include - -#define dhMiscDebug(args...) secdebug("dhMisc", ## args) - -/* - * Given a Context: - * -- obtain CSSM key with specified attr (there must only be one) - * -- validate keyClass per caller's specification - * -- validate keyUsage - * -- convert to DH *, allocating the DH key if necessary - */ -DH *contextToDhKey( - const Context &context, - AppleCSPSession &session, - CSSM_ATTRIBUTE_TYPE attr, // CSSM_ATTRIBUTE_KEY for private key - // CSSM_ATTRIBUTE_PUBLIC_KEY for public key - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey) // RETURNED -{ - CssmKey *cssmKey = context.get(attr); - if(cssmKey == NULL) { - return NULL; - } - const CSSM_KEYHEADER &hdr = cssmKey->KeyHeader; - if(hdr.AlgorithmId != CSSM_ALGID_DH) { - CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); - } - if(hdr.KeyClass != keyClass) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - cspValidateIntendedKeyUsage(&hdr, usage); - cspVerifyKeyTimes(hdr); - return cssmKeyToDh(*cssmKey, session, mallocdKey); -} - -/* - * Convert a CssmKey to an DH * key. May result in the - * creation of a new DH (when cssmKey is a raw key); allocdKey is true - * in that case in which case the caller generally has to free the allocd key). - */ -DH *cssmKeyToDh( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey) // RETURNED -{ - DH *dhKey = NULL; - allocdKey = false; - - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - if(hdr->AlgorithmId != CSSM_ALGID_DH) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - switch(hdr->BlobType) { - case CSSM_KEYBLOB_RAW: - dhKey = rawCssmKeyToDh(cssmKey); - cspDhDebug("cssmKeyToDh, raw, dhKey %p", dhKey); - allocdKey = true; - break; - case CSSM_KEYBLOB_REFERENCE: - { - BinaryKey &binKey = session.lookupRefKey(cssmKey); - DHBinaryKey *dhBinKey = dynamic_cast(&binKey); - /* this cast failing means that this is some other - * kind of binary key */ - if(dhBinKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(dhBinKey->mDhKey != NULL); - dhKey = dhBinKey->mDhKey; - cspDhDebug("cssmKeyToDh, ref, dhKey %p", dhKey); - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - return dhKey; -} - -/* - * Convert a raw CssmKey to a newly alloc'd DH key. - */ -DH *rawCssmKeyToDh( - const CssmKey &cssmKey) -{ - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - bool isPub = false; - - if(hdr->AlgorithmId != CSSM_ALGID_DH) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - /* validate and figure out what we're dealing with */ - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT); - } - isPub = true; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: // default - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // SMIME style - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT); - } - isPub = false; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - DH *dhKey = DH_new(); - if(dhKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - CSSM_RETURN crtn; - if(isPub) { - crtn = DHPublicKeyDecode(dhKey, hdr->Format, - cssmKey.KeyData.Data, cssmKey.KeyData.Length); - } - else { - crtn = DHPrivateKeyDecode(dhKey, hdr->Format, - cssmKey.KeyData.Data, cssmKey.KeyData.Length); - } - if(crtn) { - CssmError::throwMe(crtn); - } - cspDhDebug("rawCssmKeyToDh, dhKey %p", dhKey); - return dhKey; -} - diff --git a/AppleCSP/DiffieHellman/DH_utils.h b/AppleCSP/DiffieHellman/DH_utils.h deleted file mode 100644 index e4483b33..00000000 --- a/AppleCSP/DiffieHellman/DH_utils.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DH_utils.h - */ -#ifndef _DH_UTILS_H_ -#define _DH_UTILS_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -void throwDh( - const char *op); - -/* - * Given a Context: - * -- obtain CSSM key (there must only be one) - * -- validate keyClass - MUST be private! (DH public keys are never found - * in contexts.) - * -- validate keyUsage - * -- convert to DH *, allocating the DH key if necessary - */ -DH *contextToDhKey( - const Context &context, - AppleCSPSession &session, - CSSM_ATTRIBUTE_TYPE attr, // CSSM_ATTRIBUTE_KEY for normal private key - // CSSM_ATTRIBUTE_PUBLIC_KEY for public key - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, - // CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey); // RETURNED - -/* - * Convert a CssmKey to an DH * key. May result in the creation of a new - * DH (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -DH *cssmKeyToDh( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey); // RETURNED - -/* - * Convert a raw CssmKey to a newly alloc'd DH *. - */ -DH *rawCssmKeyToDh( - const CssmKey &cssmKey); - - -#ifdef __cplusplus -} -#endif - -#endif /*_DH_UTILS_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/DES.c b/AppleCSP/MiscCSPAlgs/DES.c deleted file mode 100644 index f3d65225..00000000 --- a/AppleCSP/MiscCSPAlgs/DES.c +++ /dev/null @@ -1,548 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * DES.c - raw DES encryption engine - * - * Revision History - * ---------------- - * 11/03/98 Michael Brouwer at Apple - * Added braces to static array definition of si[][]. - * 10/06/98 ap - * Changed to compile with C++. - * 28 May 98 Doug Mitchel at Apple - * Changed to use platform-dependent fmalloc(), ffree() - * 31 Mar 97 Doug Mitchell at Apple - * Put per-instance data in struct _desInst - * Changed setkey() to dessetkey() to avoid collision with libc version - * 21 Aug 96 Doug Mitchell at NeXT - * Broke out from NSDESCryptor.m - * 22 Feb 96 Blaine Garst at NeXT - * Created. - */ - -#ifdef CRYPTKIT_CSP_ENABLE -/* CryptKit compiled in; secure malloc available */ -#define STATIC_PERMS 0 -#else -/* Statically allocated lookup tables */ -#define STATIC_PERMS 1 -#endif /* CRYPTKIT_CSP_ENABLE */ - -#include "DES.h" -#if !STATIC_PERMS -#include -#endif -#include - -#ifndef NULL -#define NULL ((void *)0) -#endif /* NULL */ - -#define DES_DEBUG 0 /* enables some printfs */ - -/* Sofware DES functions - * written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from - * the 1977 public-domain program by Jim Gillogly - */ - -#ifdef __LITTLE_ENDIAN__ -/* Byte swap a long */ -static unsigned int byteswap(unsigned int x) { - register char *cp,tmp; - - cp = (char *)&x; - tmp = cp[3]; - cp[3] = cp[0]; - cp[0] = tmp; - - tmp = cp[2]; - cp[2] = cp[1]; - cp[1] = tmp; - - return x; -} -#endif - -/* Tables defined in the Data Encryption Standard documents */ - -/* initial permutation IP */ -static const char ip[] = { - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -/* final permutation IP^-1 */ -static const char fp[] = { - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; - -/* expansion operation matrix - * This is for reference only; it is unused in the code - * as the f() function performs it implicitly for speed - */ -#ifdef notdef -static char ei[] = { - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; -#endif - -/* permuted choice table (key) */ -static const char pc1[] = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -/* number left rotations of pc1 */ -static const char totrot[] = { - 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 -}; - -/* permuted choice key (table) */ -static const char pc2[] = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -/* The (in)famous S-boxes */ -static const char si[8][64] = { - { - /* S1 */ - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 - }, - { - /* S2 */ - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 - }, - { - /* S3 */ - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 - }, - { - /* S4 */ - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 - }, - { - /* S5 */ - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 - }, - { - /* S6 */ - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 - }, - { - /* S7 */ - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 - }, - { - /* S8 */ - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 - } -}; - -/* 32-bit permutation function P used on the output of the S-boxes */ -static const char p32i[] = { - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; -/* End of DES-defined tables */ - -/* Lookup tables initialized once only at startup by desinit() */ -#if STATIC_PERMS -static long sp[8][64]; /* Combined S and P boxes */ -static char iperm[16][16][8]; /* Initial and final permutations */ -static char fperm[16][16][8]; -static char perms_init = 0; -#else -static long (*sp)[64]; /* Combined S and P boxes */ -static char (*iperm)[16][8]; /* Initial and final permutations */ -static char (*fperm)[16][8]; -#endif - -/* bit 0 is left-most in byte */ -static const int bytebit[] = { - 0200,0100,040,020,010,04,02,01 -}; - -static const int nibblebit[] = { - 010,04,02,01 -}; - -/* Allocate space and initialize DES lookup arrays - * mode == 0: standard Data Encryption Algorithm - * mode == 1: DEA without initial and final permutations for speed - * mode == 2: DEA without permutations and with 128-byte key (completely - * independent subkeys for each round) - */ -/* Initialize the lookup table for the combined S and P boxes */ -static void spinit() { - char pbox[32]; - int p,i,s,j,rowcol; - long val; - - /* Compute pbox, the inverse of p32i. - * This is easier to work with - */ - for(p=0;p<32;p++){ - for(i=0;i<32;i++){ - if(p32i[i]-1 == p){ - pbox[p] = i; - break; - } - } - } - for(s = 0; s < 8; s++){ /* For each S-box */ - for(i=0; i<64; i++){ /* For each possible input */ - val = 0; - /* The row number is formed from the first and last - * bits; the column number is from the middle 4 - */ - rowcol = (i & 32) | ((i & 1) ? 16 : 0) | ((i >> 1) & 0xf); - for(j=0;j<4;j++){ /* For each output bit */ - if(si[s][rowcol] & (8 >> j)){ - val |= 1L << (31 - pbox[4*s + j]); - } - } - sp[s][i] = val; - -#if DES_DEBUG - printf("sp[%d][%2d] = %08lx\n",s,i,sp[s][i]); -#endif - } - } -} - -/* initialize a perm array */ -static void perminit(char perm[16][16][8], const char p[64]) { - register int l, j, k; - int i,m; - - /* Clear the permutation array */ - for (i=0; i<16; i++) - for (j=0; j<16; j++) - for (k=0; k<8; k++) - perm[i][j][k]=0; - - for (i=0; i<16; i++) /* each input nibble position */ - for (j = 0; j < 16; j++)/* each possible input nibble */ - for (k = 0; k < 64; k++)/* each output bit position */ - { l = p[k] - 1; /* where does this bit come from*/ - if ((l >> 2) != i) /* does it come from input posn?*/ - continue; /* if not, bit k is 0 */ - if (!(j & nibblebit[l & 3])) - continue; /* any such bit in input? */ - m = k & 07; /* which bit is this in the byte*/ - perm[i][j][k>>3] |= bytebit[m]; - } -} - -/* - * This is NOT thread-safe. Caler must ensure single-threaded access. */ -int desinit(desInst dinst, int mode) { - dinst->desmode = mode; - - /* - * Remainder only has to be done once. - */ - #if STATIC_PERMS - /* statically allocated */ - if(perms_init) { - return 0; - } - #else - /* malloc the perm tables */ - if(sp != NULL){ - /* Already initialized */ - return 0; - } - if((sp = (long (*)[64])fmalloc(sizeof(long) * 8 * 64)) == NULL){ - return -1; - } - iperm = (char (*)[16][8])fmalloc(sizeof(char) * 16 * 16 * 8); - if(iperm == NULL){ - ffree((char *)sp); - return -1; - } - fperm = (char (*)[16][8])fmalloc(sizeof(char) * 16 * 16 * 8); - if(fperm == NULL){ - ffree((char *)sp); - ffree((char *)iperm); - return -1; - } - #endif /* STATIC_PERMS */ - - /* common code to init the perm tables */ - spinit(); - perminit(iperm,ip); - perminit(fperm,fp); - #if STATIC_PERMS - perms_init = 1; - #endif - return 0; -} -/* Free up storage used by DES */ -void desdone(desInst dinst) { - /* - * no per-instance mallocd data - */ -} -/* Set key (initialize key schedule array) */ -void dessetkey(desInst dinst, char *key) { - char pc1m[56]; /* place to modify pc1 into */ - char pcr[56]; /* place to rotate pc1 into */ - register int i,j,l; - int m; - - /* In mode 2, the 128 bytes of subkey are set directly from the - * user's key, allowing him to use completely independent - * subkeys for each round. Note that the user MUST specify a - * full 128 bytes. - * - * I would like to think that this technique gives the NSA a real - * headache, but I'm not THAT naive. - */ - if(dinst->desmode == 2){ - for(i=0;i<16;i++) - for(j=0;j<8;j++) - dinst->kn[i][j] = *key++; - return; - } - /* Clear key schedule */ - for (i=0; i<16; i++) - for (j=0; j<8; j++) - dinst->kn[i][j]=0; - - for (j=0; j<56; j++) { /* convert pc1 to bits of key */ - l=pc1[j]-1; /* integer bit location */ - m = l & 07; /* find bit */ - pc1m[j]=(key[l>>3] & /* find which key byte l is in */ - bytebit[m]) /* and which bit of that byte */ - ? 1 : 0; /* and store 1-bit result */ - } - for (i=0; i<16; i++) { /* key chunk for each iteration */ - for (j=0; j<56; j++) /* rotate pc1 the right amount */ - pcr[j] = pc1m[(l=j+totrot[i])<(j<28? 28 : 56) ? l: l-28]; - /* rotate left and right halves independently */ - for (j=0; j<48; j++){ /* select bits individually */ - /* check bit that goes to dinst->kn[j] */ - if (pcr[pc2[j]-1]){ - /* mask it in if it's there */ - l= j % 6; - dinst->kn[i][j/6] |= bytebit[l] >> 2; - } - } - } -#if DES_DEBUG - for(i=0;i<16;i++) { - printf("dinst->kn[%d] = ", i); - for(j=0;j<8;j++) { - printf("%x ", dinst->kn[i][j]); - } - printf("\n"); - } - -#endif /* 1 */ -} - -/* The nonlinear function f(r,k), the heart of DES */ -static long int f(unsigned long r, unsigned char subkey[8]) { - /* 32 bits */ - /* 48-bit key for this round */ - register unsigned long rval,rt; -#if DES_DEBUG - printf("f(%08lx, %02x %02x %02x %02x %02x %02x %02x %02x) = ", - r, - subkey[0], subkey[1], subkey[2], - subkey[3], subkey[4], subkey[5], - subkey[6], subkey[7]); -#endif - /* Run E(R) ^ K through the combined S & P boxes - * This code takes advantage of a convenient regularity in - * E, namely that each group of 6 bits in E(R) feeding - * a single S-box is a contiguous segment of R. - */ - rt = (r >> 1) | ((r & 1) ? 0x80000000 : 0); - rval = 0; - rval |= sp[0][((rt >> 26) ^ *subkey++) & 0x3f]; - rval |= sp[1][((rt >> 22) ^ *subkey++) & 0x3f]; - rval |= sp[2][((rt >> 18) ^ *subkey++) & 0x3f]; - rval |= sp[3][((rt >> 14) ^ *subkey++) & 0x3f]; - rval |= sp[4][((rt >> 10) ^ *subkey++) & 0x3f]; - rval |= sp[5][((rt >> 6) ^ *subkey++) & 0x3f]; - rval |= sp[6][((rt >> 2) ^ *subkey++) & 0x3f]; - rt = (r << 1) | ((r & 0x80000000) ? 1 : 0); - rval |= sp[7][(rt ^ *subkey) & 0x3f]; -#if DES_DEBUG - printf(" %08lx\n",rval); -#endif - return rval; -} - -/* Do one DES cipher round */ -static void round(desInst dinst, int num, unsigned long int *block) { - /* i.e. the num-th one */ - - /* The rounds are numbered from 0 to 15. On even rounds - * the right half is fed to f() and the result exclusive-ORs - * the left half; on odd rounds the reverse is done. - */ - if(num & 1){ - block[1] ^= f(block[0],dinst->kn[num]); - } else { - block[0] ^= f(block[1],dinst->kn[num]); - } -} - -/* Permute inblock with perm */ -static void permute(char *inblock, char perm[16][16][8], char *outblock) { - /* result into outblock,64 bits */ - /* 2K bytes defining perm. */ - register int i,j; - register char *ib, *ob; /* ptr to input or output block */ - register char *p, *q; - - if(perm == NULL){ - /* No permutation, just copy */ - for(i=8; i!=0; i--) - *outblock++ = *inblock++; - return; - } - /* Clear output block */ - for (i=8, ob = outblock; i != 0; i--) - *ob++ = 0; - - ib = inblock; - for (j = 0; j < 16; j += 2, ib++) { /* for each input nibble */ - ob = outblock; - p = perm[j][(*ib >> 4) & 017]; - q = perm[j + 1][*ib & 017]; - for (i = 8; i != 0; i--){ /* and each output byte */ - *ob++ |= *p++ | *q++; /* OR the masks together*/ - } - } -} -/* In-place encryption of 64-bit block */ -void endes(desInst dinst, char *block) { - register int i; - unsigned long work[2]; /* Working data storage */ - long tmp; - - permute(block,iperm,(char *)work); /* Initial Permutation */ -#ifdef __LITTLE_ENDIAN__ - work[0] = byteswap(work[0]); - work[1] = byteswap(work[1]); -#endif - - /* Do the 16 rounds */ - for (i=0; i<16; i++) - round(dinst,i,work); - - /* Left/right half swap */ - tmp = work[0]; - work[0] = work[1]; - work[1] = tmp; - -#ifdef __LITTLE_ENDIAN__ - work[0] = byteswap(work[0]); - work[1] = byteswap(work[1]); -#endif - permute((char *)work,fperm,block); /* Inverse initial permutation */ -} -/* In-place decryption of 64-bit block */ -void dedes(desInst dinst, char *block) { - register int i; - unsigned long work[2]; /* Working data storage */ - long tmp; - - permute(block,iperm,(char *)work); /* Initial permutation */ - -#ifdef __LITTLE_ENDIAN__ - work[0] = byteswap(work[0]); - work[1] = byteswap(work[1]); -#endif - - /* Left/right half swap */ - tmp = work[0]; - work[0] = work[1]; - work[1] = tmp; - - /* Do the 16 rounds in reverse order */ - for (i=15; i >= 0; i--) - round(dinst,i,work); - -#ifdef __LITTLE_ENDIAN__ - work[0] = byteswap(work[0]); - work[1] = byteswap(work[1]); -#endif - - permute((char *)work,fperm,block); /* Inverse initial permutation */ -} diff --git a/AppleCSP/MiscCSPAlgs/DES.h b/AppleCSP/MiscCSPAlgs/DES.h deleted file mode 100644 index 570a4e70..00000000 --- a/AppleCSP/MiscCSPAlgs/DES.h +++ /dev/null @@ -1,65 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * DES.h - raw DES encryption engine interface - * - * Revision History - * ---------------- - * 31 Mar 97 Doug Mitchell at Apple - * Put per-instance data in struct _desInst - * 21 Aug 96 Doug Mitchell at NeXT - * Broke out from NSDESCryptor.m - * 22 Feb 96 Blaine Garst at NeXT - * Created. - */ - -#ifndef _CK_DES_H_ -#define _CK_DES_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#define DES_BLOCK_SIZE_BYTES 8 /* in bytes */ -#define DES_KEY_SIZE_BITS 56 /* effective key size in bits */ -#define DES_KEY_SIZE_BITS_EXTERNAL 64 /* clients actually pass in this much */ -#define DES_KEY_SIZE_BYTES_EXTERNAL (DES_KEY_SIZE_BITS_EXTERNAL / 8) - -#define DES_MODE_STD 0 /* standard Data Encryption Algorithm */ -#define DES_MODE_FAST 1 /* DEA without initial and final */ - /* permutations for speed */ -#define DES_MODE_128 2 /* DEA without permutations and with */ - /* 128-byte key (completely independent */ - /* subkeys for each round) */ - -/* - * Per-instance data. - */ -struct _desInst { - /* 8 16-bit subkeys for each of 16 rounds, initialized by setkey() - */ - unsigned char kn[16][8]; - int desmode; -}; - -typedef struct _desInst *desInst; - -/* Warning: desinit() is NOT thread safe. Caller must single-thread. */ -int desinit(desInst dinst, int mode); -void dessetkey(desInst dinst, char *key); -void endes(desInst dinst, char *block); -void dedes(desInst dinst, char *block); -void desdone(desInst dinst); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_DES_H_*/ diff --git a/AppleCSP/MiscCSPAlgs/DigestContext.cpp b/AppleCSP/MiscCSPAlgs/DigestContext.cpp deleted file mode 100644 index 65ae21ae..00000000 --- a/AppleCSP/MiscCSPAlgs/DigestContext.cpp +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DigestContext.cpp -// -#include "DigestContext.h" -#include - -/* - * Just field the expected/required calls from CSPFullPluginSession, - * and dispatch them to mDigest. - */ -void DigestContext::init(const Context &context, bool) -{ - mDigest.digestInit(); -} - -void DigestContext::update(const CssmData &data) -{ - mDigest.digestUpdate((const UInt8 *)data.data(), data.length()); -} - -void DigestContext::final(CssmData &data) -{ - data.length(mDigest.digestSizeInBytes()); - mDigest.digestFinal((UInt8 *)data.data()); -} - -CSPFullPluginSession::CSPContext *DigestContext::clone(CssmAllocator &) -{ - /* first clone the low-level digest object */ - DigestObject *newDigest = mDigest.digestClone(); - - /* now construct a new context */ - return new DigestContext(session(), *newDigest); -} - -size_t DigestContext::outputSize(bool, size_t) -{ - return mDigest.digestSizeInBytes(); -} - diff --git a/AppleCSP/MiscCSPAlgs/DigestContext.h b/AppleCSP/MiscCSPAlgs/DigestContext.h deleted file mode 100644 index 2d43f8ca..00000000 --- a/AppleCSP/MiscCSPAlgs/DigestContext.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DigestContext.h -// - -#ifndef _DIGEST_CONTEXT_H_ -#define _DIGEST_CONTEXT_H_ - -#include -#include "AppleCSPContext.h" -#include - -/* - * This is just a shim to give AppleCSPContext functionality to a - * DigestObject subclass (a reference to which is passed to our constructor). - */ -class DigestContext : public AppleCSPContext { -public: - DigestContext( - AppleCSPSession &session, - DigestObject &digest) : - AppleCSPContext(session), mDigest(digest) { } - ~DigestContext() { delete &mDigest; } - - void init(const Context &context, bool); - void update(const CssmData &data); - void final(CssmData &data); - CSPFullPluginSession::CSPContext *clone(CssmAllocator &); // clone internal state - size_t outputSize(bool, size_t); - -private: - DigestObject &mDigest; -}; - -#endif /* _CRYPTKIT_DIGEST_CONTEXT_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/MD2Object.cpp b/AppleCSP/MiscCSPAlgs/MD2Object.cpp deleted file mode 100644 index b83b8aad..00000000 --- a/AppleCSP/MiscCSPAlgs/MD2Object.cpp +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * MD2Object.cpp - */ -#include "MD2Object.h" -#include -#include - -void MD2Object::digestInit() -{ - setIsDone(false); - MD2_Init(&mCtx); -} - -void MD2Object::digestUpdate( - const void *data, - size_t len) -{ - if(isDone()) { - throw std::runtime_error("MD2 digestUpdate after final"); - } - MD2_Update(&mCtx, (unsigned char *)data, len); -} - -void MD2Object::digestFinal( - void *digest) -{ - if(isDone()) { - throw std::runtime_error("MD2 digestFinal after final"); - } - MD2_Final((unsigned char *)digest, &mCtx); - setIsDone(true); -} - -/* use default memberwise init */ -DigestObject *MD2Object::digestClone() const -{ - return new MD2Object(*this); -} - -UInt32 MD2Object::digestSizeInBytes() const -{ - return MD2_DIGEST_LENGTH; -} - diff --git a/AppleCSP/MiscCSPAlgs/MD2Object.h b/AppleCSP/MiscCSPAlgs/MD2Object.h deleted file mode 100644 index edff7d4a..00000000 --- a/AppleCSP/MiscCSPAlgs/MD2Object.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * MD2Object.h - MD2 digest object - */ - -#ifndef _MD2_OBJECT_H_ -#define _MD2_OBJECT_H_ - -#include -#include -#include - -class MD2Object : public DigestObject -{ -public: - MD2Object() { } - virtual ~MD2Object() { }; - virtual void digestInit(); - virtual void digestUpdate( - const void *data, - size_t len); - virtual void digestFinal( - void *digest); - virtual DigestObject *digestClone() const; - virtual size_t digestSizeInBytes() const; -private: - MD2_CTX mCtx; -}; - -#endif /* _MD2_OBJECT_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/MD5.c b/AppleCSP/MiscCSPAlgs/MD5.c deleted file mode 100644 index 3dfc474f..00000000 --- a/AppleCSP/MiscCSPAlgs/MD5.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - File: MD5.c - - Written by: Colin Plumb - - Copyright: Copyright 1998 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - <7> 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.c - */ - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - */ - -/* - * Revision History - * ---------------- - * 06 Feb 1997 Doug Mitchell at Apple - * Fixed endian-dependent cast in MD5Final() - * Made byteReverse() tolerant of platform-dependent alignment - * restrictions - */ - -#include "MD5.h" -#include "platform.h" -#include - -static inline void intToByteRep(int i, unsigned char *buf) -{ - *buf++ = (unsigned char)((i >> 24) & 0xff); - *buf++ = (unsigned char)((i >> 16) & 0xff); - *buf++ = (unsigned char)((i >> 8) & 0xff); - *buf = (unsigned char)(i & 0xff); -} - -#define MD5_DEBUG 0 - -#if MD5_DEBUG -static inline void dumpCtx(struct MD5Context *ctx, char *label) -{ - int i; - - printf("%s\n", label); - printf("buf = "); - for(i=0; i<4; i++) { - printf("%x:", ctx->buf[i]); - } - printf("\nbits: %d:%d\n", ctx->bits[0], ctx->bits[1]); - printf("in[]:\n "); - for(i=0; i<64; i++) { - printf("%02x:", ctx->in[i]); - if((i % 16) == 15) { - printf("\n "); - } - } - printf("\n"); -} -#else // MD5_DEBUG -#define dumpCtx(ctx, label) -#endif // MD5_DEBUG - -static void MD5Transform(uint32 buf[4], uint32 const in[16]); - -#ifdef __LITTLE_ENDIAN__ -#define byteReverse(buf, len) /* Nothing */ -#else -static void byteReverse(unsigned char *buf, unsigned longs); - -#ifndef ASM_MD5 -/* - * Note: this code is harmless on little-endian machines. - */ -static void byteReverse(unsigned char *buf, unsigned longs) -{ -#if old_way - /* - * this code is NOT harmless on big-endian machine which require - * natural alignment. - */ - uint32 t; - do { - t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | - ((unsigned) buf[1] << 8 | buf[0]); - *(uint32 *) buf = t; - buf += 4; - } while (--longs); -#else // new_way - - unsigned char t; - do { - t = buf[0]; - buf[0] = buf[3]; - buf[3] = t; - t = buf[1]; - buf[1] = buf[2]; - buf[2] = t; - buf += 4; - } while (--longs); -#endif // old_way -} -#endif // ASM_MD5 -#endif // __LITTLE_ENDIAN__ - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bits[0] = 0; - ctx->bits[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) -{ - uint32 t; - - dumpCtx(ctx, "MD5.c update top"); - /* Update bitcount */ - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += len >> 29; - - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - - /* Handle any leading odd-sized chunks */ - - if (t) { - unsigned char *p = (unsigned char *) ctx->in + t; - - t = 64 - t; - if (len < t) { - memcpy(p, buf, len); - return; - } - memcpy(p, buf, t); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (1)"); - buf += t; - len -= t; - } - /* Process data in 64-byte chunks */ - - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (2)"); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void MD5Final(struct MD5Context *ctx, unsigned char *digest) -{ - unsigned count; - unsigned char *p; - - dumpCtx(ctx, "final top"); - - /* Compute number of bytes mod 64 */ - count = (ctx->bits[0] >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - p = ctx->in + count; - *p++ = 0x80; - #if MD5_DEBUG - printf("in[%d] = %x\n", count, ctx->in[count]); - #endif - /* Bytes of padding needed to make 64 bytes */ - count = 64 - 1 - count; - - /* Pad out to 56 mod 64 */ - dumpCtx(ctx, "final, before pad"); - if (count < 8) { - /* Two lots of padding: Pad the first block to 64 bytes */ - bzero(p, count); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - - /* Now fill the next block with 56 bytes */ - bzero(ctx->in, 56); - } else { - /* Pad block to 56 bytes */ - bzero(p, count - 8); - } - byteReverse(ctx->in, 14); - - /* Append length in bits and transform */ - #ifdef __LITTLE_ENDIAN__ - /* l.s. byte of bits[0] --> in[56] */ - ((uint32 *) ctx->in)[14] = ctx->bits[0]; - ((uint32 *) ctx->in)[15] = ctx->bits[1]; - #else - /* l.s. byte of bits[0] --> in[60] */ - intToByteRep(ctx->bits[0], &ctx->in[56]); - intToByteRep(ctx->bits[1], &ctx->in[60]); - #endif - - dumpCtx(ctx, "last transform"); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - byteReverse((unsigned char *) ctx->buf, 4); - memcpy(digest, ctx->buf, MD5_DIGEST_SIZE); - dumpCtx(ctx, "final end"); - - bzero(ctx, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -static void MD5Transform(uint32 buf[4], uint32 const in[16]) -{ - register uint32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif // ASM_MD5 diff --git a/AppleCSP/MiscCSPAlgs/MD5.h b/AppleCSP/MiscCSPAlgs/MD5.h deleted file mode 100644 index ca8ec368..00000000 --- a/AppleCSP/MiscCSPAlgs/MD5.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - File: MD5.h - - Written by: Colin Plumb - - Copyright: Copyright 1998 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - <8> 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.h - * derived and used without need for permission from public domain source - */ - -#ifndef _CK_MD5_H_ -#define _CK_MD5_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __alpha -typedef unsigned int uint32; -#elif defined (macintosh) -typedef unsigned int uint32; -#else -#include -//typedef unsigned long uint32; -#endif - -struct MD5Context { - uint32 buf[4]; - uint32 bits[2]; // bits[0] is low 32 bits of bit count - unsigned char in[64]; -}; - -#define MD5_DIGEST_SIZE 16 /* in bytes */ -#define MD5_BLOCK_SIZE 64 /* in bytes */ - -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, unsigned char const *buf, - unsigned len); -void MD5Final(struct MD5Context *context, unsigned char *digest); - -/* - * This is needed to make RSAREF happy on some MS-DOS compilers. - */ -typedef struct MD5Context MD5_CTX; - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_MD5_H_*/ diff --git a/AppleCSP/MiscCSPAlgs/MacContext.cpp b/AppleCSP/MiscCSPAlgs/MacContext.cpp deleted file mode 100644 index 1d2ee434..00000000 --- a/AppleCSP/MiscCSPAlgs/MacContext.cpp +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * MacContext.cpp - AppleCSPContext for HMACSHA1 - */ - -#include "MacContext.h" -#include -#include -#include -#ifdef CRYPTKIT_CSP_ENABLE -#include -#endif /* CRYPTKIT_CSP_ENABLE */ - -MacContext::~MacContext() -{ - if(mHmac) { - hmacFree(mHmac); - mHmac = NULL; - } -} - -/* called out from CSPFullPluginSession.... - * both generate and verify: */ -void MacContext::init(const Context &context, bool isSigning) -{ - if(mHmac == NULL) { - mHmac = hmacAlloc(); - if(mHmac == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - } - - /* obtain key from context */ - UInt32 keyLen; - UInt8 *keyData = NULL; - - symmetricKeyBits(context, mAlg, - isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY, - keyData, keyLen); - UInt32 minKey = 0; - switch(mAlg) { - case CSSM_ALGID_SHA1HMAC: - minKey = HMAC_SHA_MIN_KEY_SIZE; - mDigestSize = kHMACSHA1DigestSize; - break; - case CSSM_ALGID_MD5HMAC: - minKey = HMAC_MD5_MIN_KEY_SIZE; - mDigestSize = kHMACMD5DigestSize; - break; - default: - assert(0); // factory should not have called us - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - CSSM_RETURN crtn = hmacInit(mHmac, keyData, keyLen, - (mAlg == CSSM_ALGID_SHA1HMAC) ? CSSM_TRUE : CSSM_FALSE); - if(crtn) { - CssmError::throwMe(crtn); - } -} - -void MacContext::update(const CssmData &data) -{ - CSSM_RETURN crtn = hmacUpdate(mHmac, - data.data(), - data.length()); - if(crtn) { - CssmError::throwMe(crtn); - } -} - -/* generate only */ -void MacContext::final(CssmData &out) -{ - if(out.length() < mDigestSize) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - hmacFinal(mHmac, out.data()); -} - -/* verify only */ -void MacContext::final(const CssmData &in) -{ - unsigned char mac[kHMACSHA1DigestSize]; - hmacFinal(mHmac, mac); - if(memcmp(mac, in.data(), mDigestSize)) { - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } -} - -size_t MacContext::outputSize(bool final, size_t inSize) -{ - return mDigestSize; -} - -#ifdef CRYPTKIT_CSP_ENABLE - -MacLegacyContext::~MacLegacyContext() -{ - if(mHmac) { - hmacLegacyFree(mHmac); - mHmac = NULL; - } -} - -/* called out from CSPFullPluginSession.... - * both generate and verify: */ -void MacLegacyContext::init(const Context &context, bool isSigning) -{ - if(mHmac == NULL) { - mHmac = hmacLegacyAlloc(); - if(mHmac == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - } - - /* obtain key from context */ - UInt32 keyLen; - UInt8 *keyData = NULL; - - /* FIXME - this may require a different key alg */ - symmetricKeyBits(context, CSSM_ALGID_SHA1HMAC, - isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY, - keyData, keyLen); - if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - OSStatus ortn = hmacLegacyInit(mHmac, keyData, keyLen); - if(ortn) { - MacOSError::throwMe(ortn); - } -} - -void MacLegacyContext::update(const CssmData &data) -{ - OSStatus ortn = hmacLegacyUpdate(mHmac, - data.data(), - data.length()); - if(ortn) { - MacOSError::throwMe(ortn); - } -} - -/* generate only */ -void MacLegacyContext::final(CssmData &out) -{ - if(out.length() < kHMACSHA1DigestSize) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - hmacLegacyFinal(mHmac, out.data()); -} - -/* verify only */ -void MacLegacyContext::final(const CssmData &in) -{ - unsigned char mac[kHMACSHA1DigestSize]; - hmacLegacyFinal(mHmac, mac); - if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) { - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } -} - -size_t MacLegacyContext::outputSize(bool final, size_t inSize) -{ - return kHMACSHA1DigestSize; -} - -#endif /* CRYPTKIT_CSP_ENABLE */ diff --git a/AppleCSP/MiscCSPAlgs/MacContext.h b/AppleCSP/MiscCSPAlgs/MacContext.h deleted file mode 100644 index 126052d5..00000000 --- a/AppleCSP/MiscCSPAlgs/MacContext.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * MacContext.h - AppleCSPContext for HMAC{SHA1,MD5} - */ - -#ifndef _MAC_CONTEXT_H_ -#define _MAC_CONTEXT_H_ - -#include -#include - -/* - * TLS Export Ciphers require HMAC calculation with a secret key - * size of 0 bytes. We'd really like to enforce a minimum key size equal - * the digest size, per RFC 2104, but TLS precludes that. - */ -#define HMAC_MIN_KEY_SIZE 0 -#define HMAC_SHA_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE -#define HMAC_MD5_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE -#define HMAC_MAX_KEY_SIZE 2048 - -class MacContext : public AppleCSPContext { -public: - MacContext( - AppleCSPSession &session, - CSSM_ALGORITHMS alg) : - AppleCSPContext(session), - mHmac(NULL), - mAlg(alg), - mDigestSize(0) { } - ~MacContext(); - - /* called out from CSPFullPluginSession.... - * both generate and verify: */ - void init(const Context &context, bool isSigning); - void update(const CssmData &data); - - /* generate only */ - void final(CssmData &out); - - /* verify only */ - void final(const CssmData &in); - - size_t outputSize(bool final, size_t inSize); - -private: - hmacContextRef mHmac; - CSSM_ALGORITHMS mAlg; - UInt32 mDigestSize; -}; - -#ifdef CRYPTKIT_CSP_ENABLE -#include - -/* This version is bug-for-bug compatible with a legacy implementation */ - -class MacLegacyContext : public AppleCSPContext { -public: - MacLegacyContext( - AppleCSPSession &session, - CSSM_ALGORITHMS alg) : - AppleCSPContext(session), mHmac(NULL) { } - ~MacLegacyContext(); - - /* called out from CSPFullPluginSession.... - * both generate and verify: */ - void init(const Context &context, bool isSigning); - void update(const CssmData &data); - - /* generate only */ - void final(CssmData &out); - - /* verify only */ - void final(const CssmData &in); - - size_t outputSize(bool final, size_t inSize); - -private: - hmacLegacyContextRef mHmac; -}; - -#endif /* CRYPTKIT_CSP_ENABLE */ - -#endif /* _MAC_CONTEXT_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/NullCryptor.h b/AppleCSP/MiscCSPAlgs/NullCryptor.h deleted file mode 100644 index 92056fc7..00000000 --- a/AppleCSP/MiscCSPAlgs/NullCryptor.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * NullCryptor.h - null symmetric encryptor for measurement only - * Written by Doug Mitchell 12/17/2001 - */ -#ifndef _NULL_CRYPTOR_H_ -#define _NULL_CRYPTOR_H_ - -/* - * DO NOT DEFINE THIS SYMBOL TRUE FOR CODE CHECKED IN TO CVS - */ -#define NULL_CRYPT_ENABLE 0 - -#if NULL_CRYPT_ENABLE - -#include -#include "AppleCSP.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "BlockCryptor.h" - -#define NULL_CRYPT_BLOCK_SIZE 16 - -class NullCryptor : public BlockCryptor { -public: - NullCryptor(AppleCSPSession &session) : - BlockCryptor(session), - mInitFlag(false) { } - ~NullCryptor() { } - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true) - { - if(mInitFlag && !opStarted()) { - return; - } - /* Just have BlockCryptor do its setup */ - setup(NULL_CRYPT_BLOCK_SIZE, context); - mInitFlag = true; - } - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) - { - memmove(cipherText, plainText, NULL_CRYPT_BLOCK_SIZE); - cipherTextLen = NULL_CRYPT_BLOCK_SIZE; - } - - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) - { - memmove(plainText, cipherText, NULL_CRYPT_BLOCK_SIZE); - plainTextLen = NULL_CRYPT_BLOCK_SIZE; - } - -private: - bool mInitFlag; // for easy reuse - -}; /* NullCryptor */ - -#endif /* NULL_CRYPT_ENABLE */ - -#endif //_NULL_CRYPTOR_H_ diff --git a/AppleCSP/MiscCSPAlgs/SHA1.c b/AppleCSP/MiscCSPAlgs/SHA1.c deleted file mode 100644 index 196125af..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1.c +++ /dev/null @@ -1,176 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.c - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 10/06/98 ap - * Changed to compile with C++. - * 07 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#include "SHA1.h" -#include "SHA1_priv.h" -#include - -/* for now map falloc to malloc, FIXME */ -#include -#define fmalloc(s) malloc(s) -#define ffree(p) free(p) - -/* - * Private data for this object. A sha1Obj handle is cast to a pointer - * to one of these. - */ -typedef struct { - SHS_INFO context; - int isDone; - - /* - * For storing partial blocks - */ - BYTE dataBuf[SHS_BLOCKSIZE]; - unsigned bufBytes; // valid bytes in dataBuf[p] -} sha1Inst; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void) -{ - sha1Inst *sinst; - - sinst = (sha1Inst *)fmalloc(sizeof(sha1Inst)); - if(sinst == NULL) { - return NULL; - } - shsInit(&sinst->context); - sha1Reinit((sha1Obj)sinst); - return (sha1Obj)sinst; -} - -/* - * Reusable init function. - */ -void sha1Reinit(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - shsInit(&sinst->context); - sinst->isDone = 0; - sinst->bufBytes = 0; -} - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - memset(sha1, 0, sizeof(sha1Inst)); - ffree(sinst); -} - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - unsigned toMove; - unsigned blocks; - - if(sinst->isDone) { - /* - * Log some kind of error here... - */ - return; - } - - /* - * First deal with partial buffered block - */ - if(sinst->bufBytes != 0) { - toMove = SHS_BLOCKSIZE - sinst->bufBytes; - if(toMove > dataLen) { - toMove = dataLen; - } - memmove(sinst->dataBuf+sinst->bufBytes, data, toMove); - data += toMove; - dataLen -= toMove; - sinst->bufBytes += toMove; - if(sinst->bufBytes == SHS_BLOCKSIZE) { - shsUpdate(&sinst->context, sinst->dataBuf, SHS_BLOCKSIZE); - sinst->bufBytes = 0; - } - } - - /* - * Now the bulk of the data, in a multiple of full blocks - */ - blocks = dataLen / SHS_BLOCKSIZE; - toMove = blocks * SHS_BLOCKSIZE; - if(toMove != 0) { - shsUpdate(&sinst->context, data, toMove); - data += toMove; - dataLen -= toMove; - } - - /* - * Store any remainder in dataBuf - */ - if(dataLen != 0) { - memmove(sinst->dataBuf, data, dataLen); - sinst->bufBytes = dataLen; - } -} - -/* - * Obtain a pointer to completed message digest, and the length of the digest. - */ -unsigned char *sha1Digest(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - if(!sinst->isDone) { - /* - * Deal with partial resid block - */ - if(sinst->bufBytes != 0) { - shsUpdate(&sinst->context, sinst->dataBuf, - sinst->bufBytes); - sinst->bufBytes = 0; - } - shsFinal(&sinst->context); - sinst->isDone = 1; - } - /* - * FIXME - should do explicit conversion to char array....? - */ - return (unsigned char *)sinst->context.digest; -} - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest) -{ - unsigned char *dig = sha1Digest(sha1); - memmove(digest, dig, SHS_DIGESTSIZE); -} - -unsigned sha1DigestLen(void) -{ - return SHS_DIGESTSIZE; -} diff --git a/AppleCSP/MiscCSPAlgs/SHA1.h b/AppleCSP/MiscCSPAlgs/SHA1.h deleted file mode 100644 index f1dd3942..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.h - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#ifndef _CK_SHA1_H_ -#define _CK_SHA1_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#define SHA1_DIGEST_SIZE 20 /* in bytes */ -#define SHA1_BLOCK_SIZE 64 /* in bytes */ - -/* - * Opaque sha1 object handle. - */ -typedef void *sha1Obj; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void); - -/* - * reinitialize an sha1 object for reuse. - */ -void sha1Reinit(sha1Obj sha1); - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1); - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen); - -/* - * Obtain a pointer to completed message digest. This disables further calls - * to sha1AddData(). This pointer is NOT malloc'd; the associated data - * persists only as long as this object does. - */ -unsigned char *sha1Digest(sha1Obj sha1); - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest); - -/* - * Obtain the length of the message digest. - */ -unsigned sha1DigestLen(void); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_SHA1_H_*/ diff --git a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp deleted file mode 100644 index c83c0bbd..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DigestObject.cpp - generic C++ implementations of SHA1 and MD5. - * - * Created 2/19/2001 by dmitch. - */ - -#include "SHA1_MD5_Object.h" -#include -#include - -/*** - *** MD5 - ***/ -void MD5Object::digestInit() -{ - mIsDone = false; - MD5Init(&mCtx); -} - -void MD5Object::digestUpdate( - const void *data, - size_t len) -{ - if(mIsDone) { - throw std::runtime_error("MD5 digestUpdate after final"); - } - MD5Update(&mCtx, (unsigned char *)data, len); -} - -void MD5Object::digestFinal( - void *digest) -{ - if(mIsDone) { - throw std::runtime_error("MD5 digestFinal after final"); - } - MD5Final(&mCtx, (unsigned char *)digest); - mIsDone = true; -} - -/* use default memberwise init */ -DigestObject *MD5Object::digestClone() const -{ - return new MD5Object(*this); -} - -UInt32 MD5Object::digestSizeInBytes() const -{ - return MD5_DIGEST_SIZE; -} - -/*** - *** SHA1 - ***/ -void SHA1Object::digestInit() -{ - mIsDone = false; - shsInit(&mCtx); - mBufferCount = 0; -} - -void SHA1Object::digestUpdate( - const void *data, - size_t len) -{ - size_t cnt; - uint8 *uData = (uint8 *)data; - - if(mIsDone) { - throw std::runtime_error("SHA1 digestUpdate after final"); - } - - // deal with miniscule input leaving still less than one block - if (mBufferCount + len < SHS_BLOCKSIZE) { - memcpy(mBuffer + mBufferCount, uData, len); - mBufferCount += len; - return; - } - - // fill possible partial existing buffer and process - if (mBufferCount > 0) { - cnt = SHS_BLOCKSIZE - mBufferCount; - memcpy(mBuffer + mBufferCount, uData, cnt); - shsUpdate(&mCtx, mBuffer, SHS_BLOCKSIZE); - uData += cnt; - len -= cnt; - } - - // process remaining whole buffer multiples - UInt32 blocks = len / SHS_BLOCKSIZE; - if(blocks) { - cnt = blocks * SHS_BLOCKSIZE; - shsUpdate(&mCtx, uData, cnt); - uData += cnt; - len -= cnt; - } - - // keep remainder - mBufferCount = len; - if (len > 0) { - memcpy(mBuffer, uData, len); - } -} - -void SHA1Object::digestFinal( - void *digest) -{ - if(mIsDone) { - throw std::runtime_error("SHA1 digestFinal after final"); - } - if (mBufferCount > 0) { - shsUpdate(&mCtx, mBuffer, mBufferCount); - } - shsFinal(&mCtx); - memcpy(digest, mCtx.digest, SHS_DIGESTSIZE); - mIsDone = true; -} - -/* use default memberwise init */ -DigestObject *SHA1Object::digestClone() const -{ - return new SHA1Object(*this); -} - -UInt32 SHA1Object::digestSizeInBytes() const -{ - return SHS_DIGESTSIZE; -} - diff --git a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h deleted file mode 100644 index fc22114e..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * SHA1_MD5_Object.h - SHA1, MD5 digest objects - * - * Created 2/19/2001 by dmitch. - */ - -#ifndef _SHA1_MD5_OBJECT_H_ -#define _SHA1_MD5_OBJECT_H_ - -#include -#include -#include -#include - -class SHA1Object : public DigestObject -{ -public: - SHA1Object() { } - virtual ~SHA1Object() { }; - virtual void digestInit(); - virtual void digestUpdate( - const void *data, - size_t len); - virtual void digestFinal( - void *digest); - virtual DigestObject *digestClone() const; - virtual size_t digestSizeInBytes() const; -private: - SHS_INFO mCtx; - UInt8 mBuffer[SHS_BLOCKSIZE]; - size_t mBufferCount; - -}; - -class MD5Object : public DigestObject -{ -public: - MD5Object() { } - virtual ~MD5Object() { } - virtual void digestInit(); - virtual void digestUpdate( - const void *data, - size_t len); - virtual void digestFinal( - void *digest); - virtual DigestObject *digestClone() const; - virtual size_t digestSizeInBytes() const; -private: - MD5Context mCtx; -}; - -#endif /* _SHA1_MD5_OBJECT_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/SHA1_priv.c b/AppleCSP/MiscCSPAlgs/SHA1_priv.c deleted file mode 100644 index 66f42f10..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1_priv.c +++ /dev/null @@ -1,313 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.c - low-level SHA-1 hash algorithm. - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created, based on source by Peter C. Gutmann. - * Mods: made reentrant, added NIST fix to expand(), eliminated - * unnecessary copy to local W[] array. - */ - - -/* NIST proposed Secure Hash Standard. - - Written 2 September 1992, Peter C. Gutmann. - This implementation placed in the public domain. - - Comments to pgut1@cs.aukuni.ac.nz */ - - -#include "SHA1_priv.h" -#include - -/* The SHS f()-functions */ - -#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) /* Rounds 0-19 */ -#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ -#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) /* Rounds 40-59 */ -#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ - -/* The SHS Mysterious Constants */ - -#define K1 0x5A827999L /* Rounds 0-19 */ -#define K2 0x6ED9EBA1L /* Rounds 20-39 */ -#define K3 0x8F1BBCDCL /* Rounds 40-59 */ -#define K4 0xCA62C1D6L /* Rounds 60-79 */ - -/* SHS initial values */ - -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* 32-bit rotate - kludged with shifts */ - -#define S(n,X) ( ( X << n ) | ( X >> ( 32 - n ) ) ) - -/* The initial expanding function */ - -/* - * 06 Jan 1998. Added left circular shift per NIST FIPS-180-1 (at - * http://www.nist.gov/itl/div897/pubs/fip180-1.htm). Also see - * B. Schneier, Applied Cryptography, Second Edition, section 18.7 - * for info on this addenda to the original NIST spec. - */ -#define expand(count) { \ - W[count] = W[count - 3] ^ W[count - 8] ^ W[count - 14] ^ W[count - 16]; \ - W[count] = S(1, W[count]); \ -} - -/* The four SHS sub-rounds */ - -#define subRound1(count) \ - { \ - temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound2(count) \ - { \ - temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound3(count) \ - { \ - temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound4(count) \ - { \ - temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -/* Initialize the SHS values */ - -void shsInit( SHS_INFO *shsInfo ) - { - /* Set the h-vars to their initial values */ - shsInfo->digest[ 0 ] = h0init; - shsInfo->digest[ 1 ] = h1init; - shsInfo->digest[ 2 ] = h2init; - shsInfo->digest[ 3 ] = h3init; - shsInfo->digest[ 4 ] = h4init; - - /* Initialise bit count */ - shsInfo->countLo = shsInfo->countHi = 0L; - } - -/* Perform the SHS transformation. Note that this code, like MD5, seems to - break some optimizing compilers - it may be necessary to split it into - sections, eg based on the four subrounds */ - -static void shsTransform( SHS_INFO *shsInfo ) -{ - LONG *W, temp; - LONG A, B, C, D, E; - - /* Step A. Copy the data buffer into the local work buffer. */ - /* 07 Jan 1998, dmitch: skip this bogus move, and let the caller - * copy data directly into the W[] array. To minimize changes, - * we'll just increase the size of shsInfo->data[] and make W - * a pointer here. - */ - W = shsInfo->data; - - /* Step B. Expand the 16 words into 64 temporary data words */ - - /* - * Note: I tried optimizing this via a for loop, and for some reason, - * the "optimized" version ran slower on PPC than the original - * unrolled version. The optimized version does run faster on i486 than - * the unrolled version. - * - * Similarly, the set of subRounds, below, runs slower on i486 when - * optimized via 4 'for' loops. The "optimized" version of that is - * a wash on PPC. - * - * Conclusion: leave both of 'em unrolled. We could ifdef per machine, - * but this would get messy once we had more than two architectures. - * We may want to revisit this. --dpm - */ - expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 ); - expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 ); - expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 ); - expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 ); - expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 ); - expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 ); - expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 ); - expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 ); - expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 ); - expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 ); - expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 ); - expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 ); - expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 ); - - /* Step C. Set up first buffer */ - A = shsInfo->digest[ 0 ]; - B = shsInfo->digest[ 1 ]; - C = shsInfo->digest[ 2 ]; - D = shsInfo->digest[ 3 ]; - E = shsInfo->digest[ 4 ]; - - /* Step D. Serious mangling, divided into four sub-rounds */ - subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 ); - subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 ); - subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 ); - subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 ); - subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 ); - subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 ); - subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 ); - subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 ); - subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 ); - subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 ); - subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 ); - subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 ); - subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 ); - subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 ); - subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 ); - subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 ); - subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 ); - subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 ); - subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 ); - subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 ); - - /* Step E. Build message digest */ - shsInfo->digest[ 0 ] += A; - shsInfo->digest[ 1 ] += B; - shsInfo->digest[ 2 ] += C; - shsInfo->digest[ 3 ] += D; - shsInfo->digest[ 4 ] += E; -} - -#ifdef __LITTLE_ENDIAN__ - -/* When run on a little-endian CPU we need to perform byte reversal on an - array of longwords. It is possible to make the code endianness- - independant by fiddling around with data at the byte level, but this - makes for very slow code, so we rely on the user to sort out endianness - at compile time */ - -static void byteReverse( buffer, byteCount ) - LONG *buffer; - int byteCount; - - { - LONG value; - int count; - - byteCount /= sizeof( LONG ); - for( count = 0; count < byteCount; count++ ) - { - value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 ); - buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 ); - } - } - -#else /* __LITTLE_ENDIAN__ */ - -/* - * Nop for big-endian machines - */ -#define byteReverse( buffer, byteCount ) - -#endif /* __LITTLE_ENDIAN__ */ - - -/* Update SHS for a block of data. This code assumes that the buffer size - is a multiple of SHS_BLOCKSIZE bytes long, which makes the code a lot - more efficient since it does away with the need to handle partial blocks - between calls to shsUpdate() */ - -void shsUpdate( - SHS_INFO *shsInfo, - const BYTE *buffer, - int count) - - { - /* Update bitcount */ - if( ( shsInfo->countLo + ( ( LONG ) count << 3 ) ) < shsInfo->countLo ) - shsInfo->countHi++; /* Carry from low to high bitCount */ - shsInfo->countLo += ( ( LONG ) count << 3 ); - shsInfo->countHi += ( ( LONG ) count >> 29 ); - - /* Process data in SHS_BLOCKSIZE chunks */ - while( count >= SHS_BLOCKSIZE ) - { - memcpy( shsInfo->data, buffer, SHS_BLOCKSIZE ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - buffer += SHS_BLOCKSIZE; - count -= SHS_BLOCKSIZE; - } - - /* Handle any remaining bytes of data. This should only happen once - on the final lot of data */ - memcpy( shsInfo->data, buffer, count ); - } - -void shsFinal(SHS_INFO *shsInfo) - { - int count; - LONG lowBitcount = shsInfo->countLo, highBitcount = shsInfo->countHi; - - /* Compute number of bytes mod 64 */ - count = ( int ) ( ( shsInfo->countLo >> 3 ) & 0x3F ); - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - ( ( BYTE * ) shsInfo->data )[ count++ ] = 0x80; - - /* Pad out to 56 mod 64 */ - if( count > 56 ) - { - /* Two lots of padding: Pad the first block to 64 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 64 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - - /* Now fill the next block with 56 bytes */ - memset( &shsInfo->data, 0, 56 ); - } - else - /* Pad block to 56 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 56 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - - /* Append length in bits and transform */ - shsInfo->data[ 14 ] = highBitcount; - shsInfo->data[ 15 ] = lowBitcount; - - shsTransform( shsInfo ); - byteReverse( shsInfo->digest, SHS_DIGESTSIZE ); - } diff --git a/AppleCSP/MiscCSPAlgs/SHA1_priv.h b/AppleCSP/MiscCSPAlgs/SHA1_priv.h deleted file mode 100644 index 77ab7e8f..00000000 --- a/AppleCSP/MiscCSPAlgs/SHA1_priv.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.h - private low-level API for SHA-1 hash algorithm - * - * Revision History - * ---------------- - * 22 Aug 96 Doug Mitchell at NeXT - * Created. - */ - -/* Useful defines/typedefs */ - -#ifndef _CK_SHA1_PRIV_H_ -#define _CK_SHA1_PRIV_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char BYTE; -typedef unsigned long LONG; - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_BLOCKSIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - LONG digest[ 5 ]; /* Message digest */ - LONG countLo, countHi; /* 64-bit bit count */ - LONG data[ 80 ]; /* SHS data buffer */ - } SHS_INFO; - -extern void shsInit(SHS_INFO *shsInfo); -extern void shsUpdate(SHS_INFO *shsInfo, - const BYTE *buffer, - int count); -extern void shsFinal(SHS_INFO *shsInfo); - -#ifdef __cplusplus -} -#endif - -#endif /* _CK_SHA1_PRIV_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/bfContext.cpp b/AppleCSP/MiscCSPAlgs/bfContext.cpp deleted file mode 100644 index 4ed73ac7..00000000 --- a/AppleCSP/MiscCSPAlgs/bfContext.cpp +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * bfContext.cpp - glue between BlockCrytpor and ssleay Blowfish - * implementation - * Written by Doug Mitchell 4/23/2003 - */ - -#include "bfContext.h" - -BlowfishContext::~BlowfishContext() -{ - deleteKey(); -} - -void BlowfishContext::deleteKey() -{ - memset(&mBfKey, 0, sizeof(mBfKey)); - mInitFlag = false; -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void BlowfishContext::init( - const Context &context, - bool encrypting) -{ - if(mInitFlag && !opStarted()) { - return; - } - - UInt32 keyLen; - UInt8 *keyData = NULL; - bool sameKeySize = false; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_BLOWFISH, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < BF_MIN_KEY_SIZE_BYTES) || (keyLen > BF_MAX_KEY_SIZE_BYTES)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* - * Delete existing key if key size changed - */ - if(mRawKeySize == keyLen) { - sameKeySize = true; - } - else { - deleteKey(); - } - - /* init key only if key size or key bits have changed */ - if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { - BF_set_key(&mBfKey, keyLen, keyData); - - /* save this raw key data */ - memmove(mRawKey, keyData, keyLen); - mRawKeySize = keyLen; - } - - /* Finally, have BlockCryptor do its setup */ - setup(BF_BLOCK, context); - mInitFlag = true; -} - -/* - * Functions called by BlockCryptor - */ -void BlowfishContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != BF_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < BF_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - BF_ecb_encrypt((const unsigned char *)plainText, (unsigned char *)cipherText, - &mBfKey, BF_ENCRYPT); - cipherTextLen = BF_BLOCK; -} - -void BlowfishContext::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < BF_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - BF_ecb_encrypt((const unsigned char *)cipherText, (unsigned char *)plainText, - &mBfKey, BF_DECRYPT); - plainTextLen = BF_BLOCK; -} diff --git a/AppleCSP/MiscCSPAlgs/bfContext.h b/AppleCSP/MiscCSPAlgs/bfContext.h deleted file mode 100644 index 4de5ab2d..00000000 --- a/AppleCSP/MiscCSPAlgs/bfContext.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * bfContext.h - glue between BlockCrytpor and ssleay Blowfish - * implementation - * Written by Doug Mitchell 4/23/2003 - */ - -#ifndef _BF_CONTEXT_H_ -#define _BF_CONTEXT_H_ - -#include "AppleCSPContext.h" -#include "BlockCryptor.h" -#include -#include - -class BlowfishContext : public BlockCryptor { -public: - BlowfishContext(AppleCSPSession &session) : - BlockCryptor(session), - mInitFlag(false), - mRawKeySize(0) { } - ~BlowfishContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // As an optimization, we allow reuse of a modified context. - // The main thing we avoid is a redundant key scheduling. We - // save the current raw keys bits in mRawKey and compare on - // re-init. - bool changed(const Context &context) { return true; } - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - void deleteKey(); - - /* scheduled key */ - BF_KEY mBfKey; - bool mInitFlag; // for easy reuse - - /* - * Raw key bits saved here and checked on re-init to avoid - * extra key schedule - */ - uint8 mRawKey[BF_MAX_KEY_SIZE_BYTES]; - uint32 mRawKeySize; - - -}; /* BlowfishContext */ - -#endif //_BF_CONTEXT_H_ diff --git a/AppleCSP/MiscCSPAlgs/castContext.cpp b/AppleCSP/MiscCSPAlgs/castContext.cpp deleted file mode 100644 index d74c792c..00000000 --- a/AppleCSP/MiscCSPAlgs/castContext.cpp +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * castContext.cpp - glue between BlockCrytpor and ssleay CAST128 (CAST5) - * implementation - * - * Written by Doug Mitchell 4/24/2003 - */ - -#include "castContext.h" - -CastContext::~CastContext() -{ - deleteKey(); -} - -void CastContext::deleteKey() -{ - memset(&mCastKey, 0, sizeof(mCastKey)); - mInitFlag = false; -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void CastContext::init( - const Context &context, - bool encrypting) -{ - if(mInitFlag && !opStarted()) { - return; - } - - UInt32 keyLen; - UInt8 *keyData = NULL; - bool sameKeySize = false; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_CAST, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < CAST_MIN_KEY_LENGTH) || (keyLen > CAST_KEY_LENGTH)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* - * Delete existing key if key size changed - */ - if(mRawKeySize == keyLen) { - sameKeySize = true; - } - else { - deleteKey(); - } - - /* init key only if key size or key bits have changed */ - if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { - CAST_set_key(&mCastKey, keyLen, keyData); - - /* save this raw key data */ - memmove(mRawKey, keyData, keyLen); - mRawKeySize = keyLen; - } - - /* Finally, have BlockCryptor do its setup */ - setup(CAST_BLOCK, context); - mInitFlag = true; -} - -/* - * Functions called by BlockCryptor - */ -void CastContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != CAST_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < CAST_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - CAST_ecb_encrypt((const unsigned char *)plainText, (unsigned char *)cipherText, - &mCastKey, CAST_ENCRYPT); - cipherTextLen = CAST_BLOCK; -} - -void CastContext::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < CAST_BLOCK) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - CAST_ecb_encrypt((const unsigned char *)cipherText, (unsigned char *)plainText, - &mCastKey, CAST_DECRYPT); - plainTextLen = CAST_BLOCK; -} diff --git a/AppleCSP/MiscCSPAlgs/castContext.h b/AppleCSP/MiscCSPAlgs/castContext.h deleted file mode 100644 index 87f2cb3a..00000000 --- a/AppleCSP/MiscCSPAlgs/castContext.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * castContext.h - glue between BlockCrytpor and ssleay CAST-128 (CAST5) - * implementation - * - * Written by Doug Mitchell 4/24/2003 - * - * Here's what RFC 2144 has to say about CAST128 and CAST5 nomenclature: - * - * In order to avoid confusion when variable keysize operation is - * used, the name CAST-128 is to be considered synonymous with the - * name CAST5; this allows a keysize to be appended without ambiguity. - * Thus, for example, CAST-128 with a 40-bit key is to be referred to - * as CAST5-40; where a 128-bit key is explicitly intended, the - * name CAST5-128 should be used. - * - * This module implements a variable key length, from 40 bits to 128 bits, - * and can thus be said to implement both CAST-128 and CAST5. - */ - -#ifndef _CAST_CONTEXT_H_ -#define _CAST_CONTEXT_H_ - -#include "AppleCSPContext.h" -#include "BlockCryptor.h" -#include -#include - -class CastContext : public BlockCryptor { -public: - CastContext(AppleCSPSession &session) : - BlockCryptor(session), - mInitFlag(false), - mRawKeySize(0) { } - ~CastContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // As an optimization, we allow reuse of a modified context. - // The main thing we avoid is a redundant key scheduling. We - // save the current raw keys bits in mRawKey and compare on - // re-init. - bool changed(const Context &context) { return true; } - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - void deleteKey(); - - /* scheduled key */ - CAST_KEY mCastKey; - bool mInitFlag; // for easy reuse - - /* - * Raw key bits saved here and checked on re-init to avoid - * extra key schedule - */ - uint8 mRawKey[CAST_KEY_LENGTH]; - uint32 mRawKeySize; - - -}; /* CastContext */ - -#endif //_CAST_CONTEXT_H_ diff --git a/AppleCSP/MiscCSPAlgs/desContext.cpp b/AppleCSP/MiscCSPAlgs/desContext.cpp deleted file mode 100644 index d17133a6..00000000 --- a/AppleCSP/MiscCSPAlgs/desContext.cpp +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * desContext.cpp - glue between BlockCrytpor and DES implementation - * Written by Doug Mitchell 3/28/2001 - */ - -#include "desContext.h" -#include -#include -#include - -ModuleNexus desInitMutex; - -#define DESDebug(args...) secdebug("desContext", ## args) - -/* - * DES encrypt/decrypt. - */ -DESContext::~DESContext() -{ - desdone(&DesInst); - memset(&DesInst, 0, sizeof(struct _desInst)); -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void DESContext::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_DES, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if(keyLen != (DES_KEY_SIZE_BITS_EXTERNAL / 8)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* init the low-level state */ - { - StLock _(desInitMutex()); - if(IFDEBUG(int irtn =) desinit(&DesInst, DES_MODE_STD)) { - DESDebug("desinit returned %d\n", irtn); - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - } - dessetkey(&DesInst, (char *)keyData); - - /* Finally, have BlockCryptor do its setup */ - setup(DES_BLOCK_SIZE_BYTES, context); -} - -/* - * Functions called by BlockCryptor - * DES does encrypt/decrypt in place - */ -void DESContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != DES_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < DES_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - if(plainText != cipherText) { - /* little optimization for callers who want to encrypt in place */ - memmove(cipherText, plainText, DES_BLOCK_SIZE_BYTES); - } - endes(&DesInst, (char *)cipherText); - cipherTextLen = DES_BLOCK_SIZE_BYTES; -} - -void DESContext::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < DES_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - if(plainText != cipherText) { - /* little optimization for callers who want to decrypt in place */ - memmove(plainText, cipherText, DES_BLOCK_SIZE_BYTES); - } - dedes(&DesInst, (char *)plainText); - plainTextLen = DES_BLOCK_SIZE_BYTES; -} - -/*** - *** Triple-DES - EDE, 24-bit key only - ***/ - -DES3Context::~DES3Context() -{ - for(int i =0; i<3; i++) { - desdone(&DesInst[i]); - memset(&DesInst[i], 0, sizeof(struct _desInst)); - } -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void DES3Context::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_3DES_3KEY_EDE, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if(keyLen != DES3_KEY_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* init the low-level state */ - int irtn; - unsigned i; - { - StLock _(desInitMutex()); - for(i=0; i<3; i++) { - if((irtn = desinit(&DesInst[i], DES_MODE_STD))) { - DESDebug("desinit returned %d\n", irtn); - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - dessetkey(&DesInst[i], (char *)keyData + (8 * i)); - } - } - - /* Finally, have BlockCryptor do its setup */ - setup(DES3_BLOCK_SIZE_BYTES, context); -} - -/* - * Functions called by BlockCryptor - * DES does encrypt/decrypt in place - */ -void DES3Context::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != DES3_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < DES3_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - if(plainText != cipherText) { - /* little optimization for callers who want to encrypt in place */ - memmove(cipherText, plainText, DES3_BLOCK_SIZE_BYTES); - } - - /* encrypt --> decrypt --> encrypt */ - endes(&DesInst[0], (char *)cipherText); - dedes(&DesInst[1], (char *)cipherText); - endes(&DesInst[2], (char *)cipherText); - cipherTextLen = DES3_BLOCK_SIZE_BYTES; -} - -void DES3Context::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < DES3_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - if(plainText != cipherText) { - /* little optimization for callers who want to decrypt in place */ - memmove(plainText, cipherText, DES3_BLOCK_SIZE_BYTES); - } - - /* decrypt --> encrypt -->decrypt */ - dedes(&DesInst[2], (char *)plainText); - endes(&DesInst[1], (char *)plainText); - dedes(&DesInst[0], (char *)plainText); - plainTextLen = DES3_BLOCK_SIZE_BYTES; -} diff --git a/AppleCSP/MiscCSPAlgs/desContext.h b/AppleCSP/MiscCSPAlgs/desContext.h deleted file mode 100644 index efa49c87..00000000 --- a/AppleCSP/MiscCSPAlgs/desContext.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * desContext.h - glue between BlockCrytpor and DES/3DES implementations - * Written by Doug Mitchell 3/28/2001 - */ -#ifndef _DES_CONTEXT_H_ -#define _DES_CONTEXT_H_ - -#include -#include "AppleCSP.h" -#include "AppleCSPContext.h" -#include "AppleCSPSession.h" -#include "BlockCryptor.h" -#include - -/* DES Symmetric encryption context */ -class DESContext : public BlockCryptor { -public: - DESContext(AppleCSPSession &session) : - BlockCryptor(session) { } - ~DESContext(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - struct _desInst DesInst; - -}; /* DESContext */ - -/* Triple-DES (EDE, 24 byte key) Symmetric encryption context */ - -#define DES3_KEY_SIZE_BYTES (3 * (DES_KEY_SIZE_BITS_EXTERNAL / 8)) -#define DES3_BLOCK_SIZE_BYTES DES_BLOCK_SIZE_BYTES - -class DES3Context : public BlockCryptor { -public: - DES3Context(AppleCSPSession &session) : - BlockCryptor(session) { } - ~DES3Context(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - struct _desInst DesInst[3]; - -}; /* DES3Context */ - -#endif //_DES_CONTEXT_H_ diff --git a/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp b/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp deleted file mode 100644 index 2adaf144..00000000 --- a/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp +++ /dev/null @@ -1,346 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// miscAlgFactory.h - miscellaneous algorithm factory -// Written by Doug Mitchell 3/28/2001 -// - -#include "miscAlgFactory.h" -#include -#include -#include "desContext.h" -#include "rc2Context.h" -#include "rc4Context.h" -#include "rc5Context.h" -#include "MacContext.h" -#include "DigestContext.h" -#include "SHA1_MD5_Object.h" /* raw digest */ -#include "MD2Object.h" -#include "NullCryptor.h" -#include "bfContext.h" -#include "castContext.h" -#include - -/* - * These #defines are mainly to facilitate measuring the performance of our own - * implementation vs. the ones in BSafe. This factory gets called first; if - * we disable e.g. DES here the BSAFE version will be used. - */ -#ifdef BSAFE_CSP_ENABLE - -#define MAF_DES_ENABLE 0 -#define MAF_DES3_ENABLE 0 -#define MAF_RC2_ENABLE 0 -#define MAF_RC4_ENABLE 0 -#define MAF_RC5_ENABLE 0 -#define MAF_MAC_ENABLE 0 - -#else /* !BSAFE_CSP_ENABLE, normal case */ - -#define MAF_DES_ENABLE 1 -#define MAF_DES3_ENABLE 1 -#define MAF_RC2_ENABLE 1 -#define MAF_RC4_ENABLE 1 -#define MAF_RC5_ENABLE 1 -#define MAF_MAC_ENABLE 1 - -#endif /* BSAFE_CSP_ENABLE */ - -#if (!MAF_DES_ENABLE || !MAF_DES3_ENABLE || !MAF_RC2_ENABLE || !MAF_RC4_ENABLE || \ - !MAF_RC5_ENABLE || !MAF_MAC_ENABLE) -#warning Internal DES/RC2/RC4/RC5/Mac implementation disabled! -#endif - -bool MiscAlgFactory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - CSSM_CONTEXT_TYPE ctype = context.type(); - CSSM_ALGORITHMS alg = context.algorithm(); - - switch(ctype) { - case CSSM_ALGCLASS_SYMMETRIC: - switch(alg) { - case CSSM_ALGID_AES: - if(cspCtx == NULL) { - /* - * Get optional block size to determine correct implementation - */ - uint32 blockSize = context.getInt(CSSM_ATTRIBUTE_BLOCK_SIZE); - if(blockSize == 0) { - blockSize = GLADMAN_BLOCK_SIZE_BYTES; - } - if(GLADMAN_AES_128_ENABLE && - (blockSize == GLADMAN_BLOCK_SIZE_BYTES)) { - cspCtx = new GAESContext(session); - } - else { - cspCtx = new AESContext(session); - } - } - return true; - - #if MAF_DES_ENABLE - case CSSM_ALGID_DES: - if(cspCtx == NULL) { - cspCtx = new DESContext(session); - } - return true; - #endif /* MAF_DES_ENABLE */ - - #if MAF_DES3_ENABLE - /* - * TripleDES: for some reason, cssmtype.h defines different symbols - * for CSSM_ALGID_3DES_3KEY (key gen) and CSSM_ALGID_3DES_3KEY_EDE - * (an encrypt alg with mode), but they define to the same value. - */ - case CSSM_ALGID_3DES_3KEY_EDE: - if(cspCtx == NULL) { - cspCtx = new DES3Context(session); - } - return true; - #endif - - #if MAF_RC2_ENABLE - case CSSM_ALGID_RC2: - if(cspCtx == NULL) { - cspCtx = new RC2Context(session); - } - return true; - #endif - - #if MAF_RC4_ENABLE - case CSSM_ALGID_RC4: - if(cspCtx == NULL) { - cspCtx = new RC4Context(session); - } - return true; - #endif - - #if MAF_RC5_ENABLE - case CSSM_ALGID_RC5: - if(cspCtx == NULL) { - cspCtx = new RC5Context(session); - } - return true; - #endif - - case CSSM_ALGID_BLOWFISH: - if(cspCtx == NULL) { - cspCtx = new BlowfishContext(session); - } - return true; - - case CSSM_ALGID_CAST: - case CSSM_ALGID_CAST5: - if(cspCtx == NULL) { - cspCtx = new CastContext(session); - } - return true; - - #if NULL_CRYPT_ENABLE - case CSSM_ALGID_NONE: - if(cspCtx == NULL) { - cspCtx = new NullCryptor(session); - } - return true; - #endif /* NULL_CRYPT_ENABLE */ - - default: - break; // not our symmetric alg - } // switch alg for symmetric - break; // from case CSSM_ALGCLASS_SYMMETRIC - - /* digest algorithms always enabled here */ - case CSSM_ALGCLASS_DIGEST: - switch(alg) { - case CSSM_ALGID_SHA1: - if(cspCtx == NULL) { - /* reuse is OK */ - cspCtx = new DigestContext(session, - *(new SHA1Object)); - } - return true; - case CSSM_ALGID_MD5: - if(cspCtx == NULL) { - /* reuse is OK */ - cspCtx = new DigestContext(session, - *(new MD5Object)); - } - return true; - case CSSM_ALGID_MD2: - if(cspCtx == NULL) { - /* reuse is OK */ - cspCtx = new DigestContext(session, - *(new MD2Object)); - } - return true; - default: - break; // not our digest alg - } // switch digest alg - break; // from case CSSM_ALGCLASS_DIGEST - - case CSSM_ALGCLASS_KEYGEN: - switch(alg) { - case CSSM_ALGID_AES: - if(cspCtx == NULL) { - cspCtx = new AESKeyGenContext(session); - } - return true; - - #if MAF_DES_ENABLE - case CSSM_ALGID_DES: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - DES_KEY_SIZE_BITS_EXTERNAL, - DES_KEY_SIZE_BITS_EXTERNAL, - true); // must be byte size - } - return true; - #endif /* MAF_DES_ENABLE */ - - #if MAF_DES3_ENABLE - case CSSM_ALGID_3DES_3KEY_EDE: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - DES3_KEY_SIZE_BYTES * 8, - DES3_KEY_SIZE_BYTES * 8, - true); // must be byte size - } - return true; - #endif - - #if MAF_RC2_ENABLE - case CSSM_ALGID_RC2: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - RC2_MIN_KEY_SIZE_BYTES * 8, - RC2_MAX_KEY_SIZE_BYTES * 8, - true); // must be byte size - } - return true; - #endif - - #if MAF_RC4_ENABLE - case CSSM_ALGID_RC4: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - RC4_MIN_KEY_SIZE_BYTES * 8, - RC4_MAX_KEY_SIZE_BYTES * 8, - true); // must be byte size - } - return true; - #endif - - #if MAF_RC5_ENABLE - case CSSM_ALGID_RC5: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - RC5_MIN_KEY_SIZE_BYTES * 8, - RC5_MAX_KEY_SIZE_BYTES * 8, - true); // must be byte size - } - return true; - #endif - - case CSSM_ALGID_BLOWFISH: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - BF_MIN_KEY_SIZE_BYTES * 8, - BF_MAX_KEY_SIZE_BYTES * 8, - true); // must be byte size - } - return true; - - /* Note we require keys to be ALGID_CAST, not ALGID_CAST5 */ - case CSSM_ALGID_CAST: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - CAST_MIN_KEY_LENGTH * 8, - CAST_KEY_LENGTH * 8, - true); // must be byte size - } - return true; - - #if MAF_MAC_ENABLE - case CSSM_ALGID_SHA1HMAC: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - HMAC_SHA_MIN_KEY_SIZE * 8, - HMAC_MAX_KEY_SIZE * 8, - true); // must be byte size - } - return true; - case CSSM_ALGID_MD5HMAC: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - HMAC_MD5_MIN_KEY_SIZE * 8, - HMAC_MAX_KEY_SIZE * 8, - true); // must be byte size - } - return true; - #endif - - #if NULL_CRYPT_ENABLE - case CSSM_ALGID_NONE: - if(cspCtx == NULL) { - cspCtx = new AppleSymmKeyGenerator(session, - NULL_CRYPT_BLOCK_SIZE * 8, - NULL_CRYPT_BLOCK_SIZE * 8, - true); // must be byte size - } - return true; - #endif /* NULL_CRYPT_ENABLE */ - - default: - break; // not our keygen alg - } // switch alg for keygen - break; // from case CSSM_ALGCLASS_KEYGEN - - case CSSM_ALGCLASS_MAC: - switch(alg) { - #if MAF_MAC_ENABLE - case CSSM_ALGID_SHA1HMAC: - case CSSM_ALGID_MD5HMAC: - if(cspCtx == NULL) { - cspCtx = new MacContext(session, alg); - } - return true; - #endif - #if CRYPTKIT_CSP_ENABLE - case CSSM_ALGID_SHA1HMAC_LEGACY: - if(cspCtx == NULL) { - cspCtx = new MacLegacyContext(session, alg); - } - return true; - #endif - default: - /* not our mac alg */ - break; - } - break; - - default: - break; // not our context type - } // switch context type - - /* not ours */ - return false; -} diff --git a/AppleCSP/MiscCSPAlgs/miscAlgFactory.h b/AppleCSP/MiscCSPAlgs/miscAlgFactory.h deleted file mode 100644 index c368483e..00000000 --- a/AppleCSP/MiscCSPAlgs/miscAlgFactory.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// miscAlgFactory.h - miscellaneous algorithm factory -// Written by Doug Mitchell 3/28/2001 -// -#ifndef _MISC_ALG_FACTORY_H_ -#define _MISC_ALG_FACTORY_H_ - -#include -#include "AppleCSP.h" - -class AppleCSPSession; - -class MiscAlgFactory : public AppleCSPAlgorithmFactory { -public: - - MiscAlgFactory( - CssmAllocator *normAlloc = NULL, - CssmAllocator *privAlloc = NULL) - { } - ~MiscAlgFactory() { } - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - -}; - -#endif //_MISC_ALG_FACTORY_H_ diff --git a/AppleCSP/MiscCSPAlgs/pkcs12Derive.cpp b/AppleCSP/MiscCSPAlgs/pkcs12Derive.cpp deleted file mode 100644 index 17ca47c0..00000000 --- a/AppleCSP/MiscCSPAlgs/pkcs12Derive.cpp +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * pkcs12Derive.cpp - PKCS12 PBE routine - * - * Created 2/28/03 by Doug Mitchell. - */ - -#include -#include -#include - -#include "pkcs12Derive.h" -#include -#include -#include -#include -#include - -/* specify which flavor of bits to generate */ -typedef enum { - PBE_ID_Key = 1, - PBE_ID_IV = 2, - PBE_ID_MAC = 3 -} P12_PBE_ID; - -/* - * implementation dependent hash object - */ - #if 0 -typedef CSSM_CC_HANDLE HashHand; -static HashHand hashCreate(CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg) -{ - CSSM_CC_HANDLE hashHand; - CSSM_RETURN crtn = CSSM_CSP_CreateDigestContext(cspHand, - alg, - &hashHand); - if(crtn) { - printf("CSSM_CSP_CreateDigestContext error\n"); - return 0; - } - return hashHand; -} - -static CSSM_RETURN hashInit(HashHand hand) -{ - return CSSM_DigestDataInit(hand); -} - -static CSSM_RETURN hashUpdate(HashHand hand, - const unsigned char *buf, - unsigned bufLen) -{ - const CSSM_DATA cdata = {bufLen, (uint8 *)buf}; - return CSSM_DigestDataUpdate(hand, &cdata, 1); -} - -static CSSM_RETURN hashFinal(HashHand hand, - unsigned char *digest, // mallocd by caller - unsigned *digestLen) // IN/OUT -{ - CSSM_DATA cdata = {(uint32)digestLen, digest}; - return CSSM_DigestDataFinal(hand, &cdata); -} - -static CSSM_RETURN hashDone(HashHand hand) -{ - return CSSM_DeleteContext(hand); -} - #endif - -/* - * Create a "string" (in the loose p12 notation) of specified length - * from the concatention of copies of the specified input string. - */ -static unsigned char *p12StrCat( - const unsigned char *inStr, - unsigned inStrLen, - SecNssCoder &coder, - unsigned outLen, - unsigned char *outStr = NULL) // if not present, we malloc -{ - if(outStr == NULL) { - outStr = (unsigned char *)coder.malloc(outLen); - } - unsigned toMove = outLen; - unsigned char *outp = outStr; - while(toMove) { - unsigned thisMove = inStrLen; - if(thisMove > toMove) { - thisMove = toMove; - } - memmove(outp, inStr, thisMove); - toMove -= thisMove; - outp += thisMove; - } - return outStr; -} - -/* - * PBE generator per PKCS12 v.1 section B.2. - */ -static CSSM_RETURN p12PbeGen( - const CSSM_DATA &pwd, // unicode, double null terminated - const uint8 *salt, - unsigned saltLen, - unsigned iterCount, - P12_PBE_ID pbeId, - CSSM_ALGORITHMS hashAlg, // MS5 or SHA1 only - SecNssCoder &coder, // for temp allocs - /* result goes here, mallocd by caller */ - uint8 *outbuf, - unsigned outbufLen) -{ - CSSM_RETURN ourRtn = CSSM_OK; - unsigned unipassLen = pwd.Length; - unsigned char *unipass = pwd.Data; - - /* - * all variables of the form p12_ represent from the - * PKCS12 spec. E.g., p12_u is u, the length of the digest output. - * Only difference here is: all of our sizes are in BYTES, not - * bits. - */ - unsigned p12_r = iterCount; - unsigned p12_n = outbufLen; - - unsigned p12_u; // hash output size - unsigned p12_v; // hash block size - unsigned char *p12_P = NULL; // catted passwords - unsigned char *p12_S = NULL; // catted salts - CSSM_BOOL isSha1 = CSSM_TRUE; // for DigestCtx - - switch(hashAlg) { - case CSSM_ALGID_MD5: - p12_u = kMD5DigestSize; - p12_v = kMD5BlockSize; - isSha1 = CSSM_FALSE; - break; - case CSSM_ALGID_SHA1: - p12_u = kSHA1DigestSize; - p12_v = kSHA1BlockSize; - break; - default: - return CSSMERR_CSP_INVALID_ALGORITHM; - } - - /* - * 1. Construct a string, D (the diversifier), by - * concatenating v/8 copies of ID. - */ - unsigned char *p12_D = NULL; // diversifier - p12_D = (unsigned char *)coder.malloc(p12_v); - for(unsigned dex=0; dex p12_v) { - BN_bn2bin (Ij, p12_B); - memcpy (p12_I + j, p12_B + 1, p12_v); - /* If less than v bytes pad with zeroes */ - } else if (Ijlen < p12_v) { - memset(p12_I + j, 0, p12_v - Ijlen); - BN_bn2bin(Ij, p12_I + j + p12_v - Ijlen); - } else BN_bn2bin (Ij, p12_I + j); - } - } - - if(ourRtn == CSSM_OK) { - /* - * 7. Concatenate A[1], A[2], ..., A[c] together to form a - * pseudo-random bit string, A. - * - * 8. Use the first n bits of A as the output of this entire - * process. - */ - memmove(outbuf, p12_A, outbufLen); - } - - /* clear all these strings */ - if(p12_D) { - memset(p12_D, 0, p12_v); - } - if(p12_S) { - memset(p12_S, 0, p12_Slen); - } - if(p12_P) { - memset(p12_P, 0, p12_Plen); - } - if(p12_I) { - memset(p12_I, 0, p12_Slen + p12_Plen); - } - if(p12_A) { - memset(p12_A, 0, p12_c * p12_u); - } - if(p12_B) { - memset(p12_B, 0, p12_v); - } - if(hashHand) { - DigestCtxFree(hashHand); - } - BN_free(Bpl1); - BN_free(Ij); - return ourRtn; -} - -/* - * Public P12 derive key function, called out from - * AppleCSPSession::DeriveKey() - * - * On input: - * --------- - * Context parameters: - * Salt - * Iteration Count - * CSSM_CRYPTO_DATA.Param - Unicode passphrase, double-NULL terminated - * Algorithm - CSSM_ALGID_PKCS12_PBE_{ENCR,MAC} - * Passed explicitly from DeriveKey(): - * CSSM_DATA Param - IN/OUT - optional IV - caller mallocs space to - * tell us to generate an IV. The param itself is not - * optional; the presence or absence of allocated data in it - * is our IV indicator (present/absent as well as size) - * KeyData - mallocd by caller, we fill in keyData->Length bytes - */ -void DeriveKey_PKCS12 ( - const Context &context, - const CssmData &Param, // other's public key - CSSM_DATA *keyData) // mallocd by caller - // we fill in keyData->Length bytes -{ - /* - * According to the spec, both passphrase and salt are optional. - * Get them from context if they're present. - */ - CSSM_DATA pwd = {0, NULL}; - CssmCryptoData *cryptData = - context.get(CSSM_ATTRIBUTE_SEED); - if(cryptData) { - pwd.Length = cryptData->Param.Length; - pwd.Data = cryptData->Param.Data; - } - - /* salt from context */ - uint32 saltLen = 0; - uint8 *salt = NULL; - CssmData *csalt = context.get(CSSM_ATTRIBUTE_SALT); - if(csalt) { - salt = csalt->Data; - saltLen = csalt->Length; - } - - /* - * Iteration count, from context, required. - * The spec's ASN1 definition says this is optional with a default - * of one but that's a BER encode/decode issue. Here we require - * a nonzero value. - */ - uint32 iterCount = context.getInt(CSSM_ATTRIBUTE_ITERATION_COUNT, - CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT); - if(iterCount == 0) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT); - } - - /* - * Algorithm determines which of {PBE_ID_Key,PBE_ID_MAC} we now - * generate. We'll also do an optional PBE_ID_IV later. - */ - P12_PBE_ID pbeId = PBE_ID_Key; - switch(context.algorithm()) { - case CSSM_ALGID_PKCS12_PBE_ENCR: - pbeId = PBE_ID_Key; - break; - case CSSM_ALGID_PKCS12_PBE_MAC: - pbeId = PBE_ID_MAC; - break; - default: - /* really should not be here */ - assert(0); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - - /* Go */ - SecNssCoder tmpCoder; - CSSM_RETURN crtn = p12PbeGen(pwd, - salt, saltLen, - iterCount, - pbeId, - CSSM_ALGID_SHA1, // all we support for now - tmpCoder, - keyData->Data, - keyData->Length); - if(crtn) { - CssmError::throwMe(crtn); - } - - /* - * Optional IV - makes no sense if we just did PBE_ID_MAC, but why - * bother restricting? - */ - if(Param.Data) { - crtn = p12PbeGen(pwd, - salt, saltLen, - iterCount, - PBE_ID_IV, - CSSM_ALGID_SHA1, // all we support for now - tmpCoder, - Param.Data, - Param.Length); - if(crtn) { - CssmError::throwMe(crtn); - } - } -} - diff --git a/AppleCSP/MiscCSPAlgs/pkcs12Derive.h b/AppleCSP/MiscCSPAlgs/pkcs12Derive.h deleted file mode 100644 index f63fc370..00000000 --- a/AppleCSP/MiscCSPAlgs/pkcs12Derive.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * pkcs12Derive.cpp - PKCS12 PBE routine - * - * Created 2/28/03 by Doug Mitchell. - */ - -#ifndef _PKCS12_DERIVE_H_ -#define _PKCS12_DERIVE_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -void DeriveKey_PKCS12 ( - const Context &context, - const CssmData &Param, // other's public key - CSSM_DATA *keyData); // mallocd by caller - // we fill in keyData->Length bytes - -#ifdef __cplusplus -} -#endif - -#endif /* _PKCS12_DERIVE_H_ */ - diff --git a/AppleCSP/MiscCSPAlgs/platform.h b/AppleCSP/MiscCSPAlgs/platform.h deleted file mode 100644 index ddc1b18e..00000000 --- a/AppleCSP/MiscCSPAlgs/platform.h +++ /dev/null @@ -1,61 +0,0 @@ -/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * platform.h - platform-dependent C functions - * - * Revision History - * ---------------- - * 6 Sep 96 Doug Mitchell at NeXT - * Created. - */ - -#ifndef _CK_PLATFORM_H_ -#define _CK_PLATFORM_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -/* many ways to determin macintosh - different for 68k, PPC/OS9, X */ -#if defined(__POWERPC__) || defined(__CFM68K__) || defined(__APPLE__) - #undef __MAC_BUILD__ - #define __MAC_BUILD__ 1 -#endif - -/* - * Make sure endianness is defined... - */ -#if defined(__BIG_ENDIAN__) && defined(__LITTLE_ENDIAN__) -#error Hey! multiply defined endianness! -#endif -#if !defined(__BIG_ENDIAN__) && !defined(__LITTLE_ENDIAN__) - #if __MAC_BUILD__ - #define __BIG_ENDIAN__ 1 - #elif __i386__ || __i486__ - #define __LITTLE_ENDIAN__ 1 - #else - #error Platform dependent work needed - #endif -#endif /* endian */ - -#ifndef NeXT - #define bcopy(s, d, l) memmove(d, s, l) - #define bzero(s, l) memset(s, 0, l) - #define bcmp(s, d, l) memcmp(s, d, l) -#endif - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_PLATFORM_H_*/ diff --git a/AppleCSP/MiscCSPAlgs/rc2Context.cpp b/AppleCSP/MiscCSPAlgs/rc2Context.cpp deleted file mode 100644 index 31169689..00000000 --- a/AppleCSP/MiscCSPAlgs/rc2Context.cpp +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc2Context.cpp - glue between BlockCrytpor and ssleay RC2 implementation - * Written by Doug Mitchell 04/03/2001 - */ - -#include -#include -#include "rc2Context.h" - -RC2Context::~RC2Context() -{ - memset(&rc2Key, 0, sizeof(RC2_KEY)); -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void RC2Context::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - UInt32 effectiveBits; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_RC2, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < RC2_MIN_KEY_SIZE_BYTES) || (keyLen > RC2_MAX_KEY_SIZE_BYTES)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* - * Optional effective key size in bits - either from Context, - * or the key - */ - effectiveBits = context.getInt(CSSM_ATTRIBUTE_EFFECTIVE_BITS); - if(effectiveBits == 0) { - CssmKey &key = context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - effectiveBits = key.KeyHeader.LogicalKeySizeInBits; - } - - /* init the low-level state */ - RC2_set_key(&rc2Key, keyLen, keyData, effectiveBits); - - /* Finally, have BlockCryptor do its setup */ - setup(RC2_BLOCK_SIZE_BYTES, context); -} - -/* - * Functions called by BlockCryptor - */ -void RC2Context::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != RC2_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < RC2_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - - /* - * Low-level code operates on array of unsigned 32-bit integers - */ - RC2_INT d[2]; - RC2_INT l; - c2l((unsigned char *)plainText, l); d[0]=l; - c2l((unsigned char *)plainText, l); d[1]=l; - RC2_encrypt(d, &rc2Key); - l=d[0]; l2c(l, (unsigned char *)cipherText); - l=d[1]; l2c(l, (unsigned char *)cipherText); - cipherTextLen = RC2_BLOCK_SIZE_BYTES; -} - -void RC2Context::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < RC2_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - /* - * Low-level code operates on array of unsigned 32-bit integers - */ - RC2_INT d[2]; - RC2_INT l; - c2l((unsigned char *)cipherText, l); d[0]=l; - c2l((unsigned char *)cipherText, l); d[1]=l; - RC2_decrypt(d, &rc2Key); - l=d[0]; l2c(l, (unsigned char *)plainText); - l=d[1]; l2c(l, (unsigned char *)plainText); - plainTextLen = RC2_BLOCK_SIZE_BYTES; -} - diff --git a/AppleCSP/MiscCSPAlgs/rc2Context.h b/AppleCSP/MiscCSPAlgs/rc2Context.h deleted file mode 100644 index 9b5d762f..00000000 --- a/AppleCSP/MiscCSPAlgs/rc2Context.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc2Context.h - glue between BlockCrytpor and ssleay RC2 implementation - * Written by Doug Mitchell 4/3/2001 - */ -#ifndef _RC2_CONTEXT_H_ -#define _RC2_CONTEXT_H_ - -#include -#include - -/* RC2 Symmetric encryption context */ -class RC2Context : public BlockCryptor { -public: - RC2Context(AppleCSPSession &session) : - BlockCryptor(session) { } - ~RC2Context(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - RC2_KEY rc2Key; - -}; /* RC2Context */ - -#endif //_RC2_CONTEXT_H_ diff --git a/AppleCSP/MiscCSPAlgs/rc4Context.cpp b/AppleCSP/MiscCSPAlgs/rc4Context.cpp deleted file mode 100644 index 3d60ea12..00000000 --- a/AppleCSP/MiscCSPAlgs/rc4Context.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc4Context.cpp - glue between BlockCrytpor and ssleay RC4 implementation - * Written by Doug Mitchell 04/03/2001 - */ - -#include -#include "rc4Context.h" - -RC4Context::~RC4Context() -{ - memset(&rc4Key, 0, sizeof(RC4_KEY)); -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void RC4Context::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_RC4, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < RC4_MIN_KEY_SIZE_BYTES) || (keyLen > RC4_MAX_KEY_SIZE_BYTES)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* All other context attributes ignored */ - /* init the low-level state */ - RC4_set_key(&rc4Key, keyLen, keyData); -} - -/* - * All of these functions are called by CSPFullPluginSession. - */ -void RC4Context::update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize) // in/out -{ - RC4(&rc4Key, inSize, (unsigned char *)inp, (unsigned char *)outp); - outSize = inSize; -} - -/* remainding functions are trivial for any stream cipher */ -void RC4Context::final( - CssmData &out) -{ - out.length(0); -} - -size_t RC4Context::inputSize( - size_t outSize) // input for given output size -{ - return outSize; -} - -size_t RC4Context::outputSize( - bool final /*= false*/, - size_t inSize /*= 0*/) // output for given input size -{ - return inSize; -} - -void RC4Context::minimumProgress( - size_t &in, - size_t &out) // minimum progress chunks -{ - in = 1; - out = 1; -} diff --git a/AppleCSP/MiscCSPAlgs/rc4Context.h b/AppleCSP/MiscCSPAlgs/rc4Context.h deleted file mode 100644 index 274f8acb..00000000 --- a/AppleCSP/MiscCSPAlgs/rc4Context.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc4Context.h - glue between BlockCrytpor and ssleay RC4 implementation - * Written by Doug Mitchell 4/3/2001 - */ -#ifndef _RC4_CONTEXT_H_ -#define _RC4_CONTEXT_H_ - -#include "AppleCSPContext.h" -#include -#include - -class RC4Context : public AppleCSPContext { -public: - RC4Context(AppleCSPSession &session) : - AppleCSPContext(session) { } - ~RC4Context(); - - // called by CSPFullPluginSession - void init( - const Context &context, - bool encoding = true); - void update( - void *inp, - size_t &inSize, // in/out - void *outp, - size_t &outSize); // in/out - void final( - CssmData &out); - - size_t inputSize( - size_t outSize); // input for given output size - size_t outputSize( - bool final = false, - size_t inSize = 0); // output for given input size - void minimumProgress( - size_t &in, - size_t &out); // minimum progress chunks - -private: - RC4_KEY rc4Key; - -}; /* RC4Context */ - -#endif //_RC4_CONTEXT_H_ diff --git a/AppleCSP/MiscCSPAlgs/rc5Context.cpp b/AppleCSP/MiscCSPAlgs/rc5Context.cpp deleted file mode 100644 index 5f4c340b..00000000 --- a/AppleCSP/MiscCSPAlgs/rc5Context.cpp +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc5Context.cpp - glue between BlockCrytpor and ssleay RC5 implementation - * Written by Doug Mitchell 04/03/2001 - */ - -#include -#include -#include "rc5Context.h" - -RC5Context::~RC5Context() -{ - memset(&rc5Key, 0, sizeof(RC5_32_KEY)); -} - -/* - * Standard CSPContext init, called from CSPFullPluginSession::init(). - * Reusable, e.g., query followed by en/decrypt. - */ -void RC5Context::init( - const Context &context, - bool encrypting) -{ - UInt32 keyLen; - UInt8 *keyData = NULL; - UInt32 rounds = RC5_16_ROUNDS; - - /* obtain key from context */ - symmetricKeyBits(context, CSSM_ALGID_RC5, - encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keyData, keyLen); - if((keyLen < RC5_MIN_KEY_SIZE_BYTES) || (keyLen > RC5_MAX_KEY_SIZE_BYTES)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); - } - - /* - * Optional rounds - */ - rounds = context.getInt(CSSM_ATTRIBUTE_ROUNDS); - if(rounds == 0) { - /* default */ - rounds = RC5_16_ROUNDS; - } - - /* init the low-level state */ - RC5_32_set_key(&rc5Key, keyLen, keyData, rounds); - - /* Finally, have BlockCryptor do its setup */ - setup(RC5_BLOCK_SIZE_BYTES, context); -} - -/* - * Functions called by BlockCryptor - */ -void RC5Context::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen != RC5_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); - } - if(cipherTextLen < RC5_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - - /* - * Low-level code operates on array of unsigned 32-bit integers - */ - RC5_32_INT d[2]; - RC5_32_INT l; - c2l((unsigned char *)plainText, l); d[0]=l; - c2l((unsigned char *)plainText, l); d[1]=l; - RC5_32_encrypt(d, &rc5Key); - l=d[0]; l2c(l, (unsigned char *)cipherText); - l=d[1]; l2c(l, (unsigned char *)cipherText); - cipherTextLen = RC5_BLOCK_SIZE_BYTES; -} - -void RC5Context::decryptBlock( - const void *cipherText, // length implied (one block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) // ignored -{ - if(plainTextLen < RC5_BLOCK_SIZE_BYTES) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - /* - * Low-level code operates on array of unsigned 32-bit integers - */ - RC5_32_INT d[2]; - RC5_32_INT l; - c2l((unsigned char *)cipherText, l); d[0]=l; - c2l((unsigned char *)cipherText, l); d[1]=l; - RC5_32_decrypt(d, &rc5Key); - l=d[0]; l2c(l, (unsigned char *)plainText); - l=d[1]; l2c(l, (unsigned char *)plainText); - plainTextLen = RC5_BLOCK_SIZE_BYTES; -} - diff --git a/AppleCSP/MiscCSPAlgs/rc5Context.h b/AppleCSP/MiscCSPAlgs/rc5Context.h deleted file mode 100644 index 7a09c0cf..00000000 --- a/AppleCSP/MiscCSPAlgs/rc5Context.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * rc5Context.h - glue between BlockCrytpor and ssleay RC5 implementation - * Written by Doug Mitchell 4/3/2001 - */ -#ifndef _RC5_CONTEXT_H_ -#define _RC5_CONTEXT_H_ - -#include -#include - -class RC5Context : public BlockCryptor { -public: - RC5Context(AppleCSPSession &session) : - BlockCryptor(session) { } - ~RC5Context(); - - // called by CSPFullPluginSession - void init(const Context &context, bool encoding = true); - - // called by BlockCryptor - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - -private: - RC5_32_KEY rc5Key; - -}; /* RC5Context */ - -#endif //_RC2_CONTEXT_H_ diff --git a/AppleCSP/PBKDF2/HMACSHA1.c b/AppleCSP/PBKDF2/HMACSHA1.c deleted file mode 100644 index a6f772eb..00000000 --- a/AppleCSP/PBKDF2/HMACSHA1.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: HMACSHA1.c - Contains: Apple Data Security Services HMACSHA1 function definition. - Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved - Written by: Michael Brouwer -*/ -#include "HMACSHA1.h" -#include "pbkdDigest.h" -#include -#include -#include -#include // for malloc - maybe we should use CssmAllocator? -#include - - - -struct hmacContext { - DigestCtx digest; - UInt8 k_opad[kSHA1BlockSize]; -}; - -hmacContextRef hmacAlloc() -{ - hmacContextRef hmac = (hmacContextRef)malloc(sizeof(struct hmacContext)); - memset(hmac, 0, sizeof(struct hmacContext)); - return hmac; -} - -void hmacFree( - hmacContextRef hmac) -{ - if(hmac != NULL) { - DigestCtxFree(&hmac->digest); - memset(hmac, 0, sizeof(struct hmacContext)); - free(hmac); - } -} - -/* reusable init */ -CSSM_RETURN hmacInit( - hmacContextRef hmac, - const void *keyPtr, - UInt32 keyLen, - CSSM_BOOL isSha1) // true -> SHA1; false -> MD5 -{ - UInt8 tk[kSHA1DigestSize]; - UInt8 *key; - UInt32 byte; - UInt8 k_ipad[kSHA1BlockSize]; - UInt32 digestSize = sha1Digest ? kSHA1DigestSize : MD5_DIGEST_SIZE; - - DigestCtxInit(&hmac->digest, isSha1); - - /* If the key is longer than kSHA1BlockSize reset it to key=digest(key) */ - if (keyLen <= kSHA1BlockSize) - key = (UInt8*)keyPtr; - else { - DigestCtxUpdate(&hmac->digest, (UInt8*)keyPtr, keyLen); - DigestCtxFinal(&hmac->digest, tk); - key = tk; - keyLen = digestSize; - DigestCtxInit(&hmac->digest, isSha1); - } - - /* The HMAC_ transform looks like: - (K XOR opad || (K XOR ipad || text)) - Where K is a n byte key - ipad is the byte 0x36 repeated 64 times. - opad is the byte 0x5c repeated 64 times. - text is the data being protected. - */ - /* Copy the key into k_ipad and k_opad while doing the XOR. */ - for (byte = 0; byte < keyLen; byte++) - { - k_ipad[byte] = key[byte] ^ 0x36; - hmac->k_opad[byte] = key[byte] ^ 0x5c; - } - /* Fill the remainder of k_ipad and k_opad with 0 XORed with the appropriate value. */ - if (keyLen < kSHA1BlockSize) - { - memset (k_ipad + keyLen, 0x36, kSHA1BlockSize - keyLen); - memset (hmac->k_opad + keyLen, 0x5c, kSHA1BlockSize - keyLen); - } - DigestCtxUpdate(&hmac->digest, k_ipad, kSHA1BlockSize); - return CSSM_OK; -} - -CSSM_RETURN hmacUpdate( - hmacContextRef hmac, - const void *textPtr, - UInt32 textLen) -{ - DigestCtxUpdate(&hmac->digest, textPtr, textLen); - return CSSM_OK; -} - -CSSM_RETURN hmacFinal( - hmacContextRef hmac, - void *resultPtr) // caller mallocs, must be appropriate output size for - // current digest algorithm -{ - UInt32 digestSize = hmac->digest.isSha1 ? kSHA1DigestSize : kHMACMD5DigestSize; - - DigestCtxFinal(&hmac->digest, resultPtr); - DigestCtxInit(&hmac->digest, hmac->digest.isSha1); - /* Perform outer digest */ - DigestCtxUpdate(&hmac->digest, hmac->k_opad, kSHA1BlockSize); - DigestCtxUpdate(&hmac->digest, resultPtr, digestSize); - DigestCtxFinal(&hmac->digest, resultPtr); - return CSSM_OK; -} - -/* one-shot, ignoring memory errors. */ -void -hmacsha1 (const void *keyPtr, UInt32 keyLen, - const void *textPtr, UInt32 textLen, - void *resultPtr) -{ - hmacContextRef hmac = hmacAlloc(); - hmacInit(hmac, keyPtr, keyLen, CSSM_TRUE); - hmacUpdate(hmac, textPtr, textLen); - hmacFinal(hmac, resultPtr); - hmacFree(hmac); -} - diff --git a/AppleCSP/PBKDF2/HMACSHA1.h b/AppleCSP/PBKDF2/HMACSHA1.h deleted file mode 100644 index bf2da808..00000000 --- a/AppleCSP/PBKDF2/HMACSHA1.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: HMACSHA1.h - Contains: Apple Data Security Services HMAC{SHA1,MD5} function declaration. - Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved - Written by: Michael Brouwer -*/ -#ifndef __HMACSHA1__ -#define __HMACSHA1__ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define kHMACSHA1DigestSize SHA1_DIGEST_SIZE -#define kHMACMD5DigestSize MD5_DIGEST_SIZE - -/* This function create an HMACSHA1 digest of kHMACSHA1DigestSizestSize bytes - * and outputs it to resultPtr. See RFC 2104 for details. */ -void -hmacsha1 (const void *keyPtr, UInt32 keyLen, - const void *textPtr, UInt32 textLen, - void *resultPtr); - -/* - * Staged version. - * - * Opaque reference to an hmac session - */ -struct hmacContext; -typedef struct hmacContext *hmacContextRef; - -hmacContextRef hmacAlloc(); -void hmacFree( - hmacContextRef hmac); -CSSM_RETURN hmacInit( - hmacContextRef hmac, - const void *keyPtr, - UInt32 keyLen, - CSSM_BOOL sha1Digest); // true -> SHA1; false -> MD5 -CSSM_RETURN hmacUpdate( - hmacContextRef hmac, - const void *textPtr, - UInt32 textLen); -CSSM_RETURN hmacFinal( - hmacContextRef hmac, - void *resultPtr); // caller mallocs, must be kSHA1DigestSize bytes - -#ifdef __cplusplus -} -#endif - -#endif /* __HMACSHA1__ */ diff --git a/AppleCSP/PBKDF2/pbkdDigest.cpp b/AppleCSP/PBKDF2/pbkdDigest.cpp deleted file mode 100644 index 79235506..00000000 --- a/AppleCSP/PBKDF2/pbkdDigest.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * pbkdDigest.cpp - SHA1/MD5 digest object for HMAC and PBE routines - */ - -#include "pbkdDigest.h" -#include -#include - -/* Ops on a DigestCtx */ -/* Note caller has to memset(0) the DigestCtx before using */ -CSSM_RETURN DigestCtxInit( - DigestCtx *ctx, - CSSM_BOOL isSha1) -{ - if(isSha1) { - if(ctx->dig.sha1Context == NULL) { - ctx->dig.sha1Context = sha1Alloc(); - if(ctx->dig.sha1Context == NULL) { - return CSSMERR_CSP_MEMORY_ERROR; - } - } - else { - sha1Reinit(ctx->dig.sha1Context); - } - } - else { - MD5Init(&ctx->dig.md5Context); - } - ctx->isSha1 = isSha1; - return CSSM_OK; -} - -void DigestCtxFree( - DigestCtx *ctx) -{ - if(ctx->isSha1) { - sha1Free(ctx->dig.sha1Context); - } - memset(ctx, 0, sizeof(DigestCtx)); -} - -void DigestCtxUpdate( - DigestCtx *ctx, - const void *textPtr, - UInt32 textLen) -{ - if(ctx->isSha1) { - sha1AddData(ctx->dig.sha1Context, (unsigned char *)textPtr, textLen); - } - else { - MD5Update(&ctx->dig.md5Context, (unsigned char *)textPtr, textLen); - } -} - -void DigestCtxFinal( - DigestCtx *ctx, - void *digest) -{ - if(ctx->isSha1) { - sha1GetDigest(ctx->dig.sha1Context, (unsigned char *)digest); - } - else { - MD5Final(&ctx->dig.md5Context, (unsigned char *)digest); - } -} diff --git a/AppleCSP/PBKDF2/pbkdDigest.h b/AppleCSP/PBKDF2/pbkdDigest.h deleted file mode 100644 index f91cf820..00000000 --- a/AppleCSP/PBKDF2/pbkdDigest.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * pbkdDigest.h - SHA1/MD5 digest object for HMAC and PBE routines - */ - -#ifndef _PBKD_DIGEST_H_ -#define _PBKD_DIGEST_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define kSHA1DigestSize SHA1_DIGEST_SIZE -#define kSHA1BlockSize SHA1_BLOCK_SIZE - -#define kMD5DigestSize MD5_DIGEST_SIZE -#define kMD5BlockSize MD5_BLOCK_SIZE - - -typedef struct { - union { - sha1Obj sha1Context; // must be allocd via sha1Alloc - struct MD5Context md5Context; - } dig; - CSSM_BOOL isSha1; -} DigestCtx; - -/* Ops on a DigestCtx */ -CSSM_RETURN DigestCtxInit( - DigestCtx *ctx, - CSSM_BOOL isSha1); -void DigestCtxFree( - DigestCtx *ctx); -void DigestCtxUpdate( - DigestCtx *ctx, - const void *textPtr, - UInt32 textLen); -void DigestCtxFinal( - DigestCtx *ctx, - void *digest); - -#ifdef __cplusplus -} -#endif - -#endif /* _PBKD_DIGEST_H_ */ - diff --git a/AppleCSP/PBKDF2/pbkdf2.c b/AppleCSP/PBKDF2/pbkdf2.c deleted file mode 100644 index 43af0ac6..00000000 --- a/AppleCSP/PBKDF2/pbkdf2.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: pbkdf2.c - Contains: Apple Data Security Services PKCS #5 PBKDF2 function definition. - Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved - Written by: Michael Brouwer -*/ -#include "pbkdf2.h" -#include -#include -/* Will write hLen bytes into dataPtr according to PKCS #5 2.0 spec. - See: http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-5.html for details. - tempBuffer is a pointer to at least MAX (hLen, saltLen + 4) + hLen bytes. */ -static void -F (PRF prf, UInt32 hLen, - const void *passwordPtr, UInt32 passwordLen, - const void *saltPtr, UInt32 saltLen, - UInt32 iterationCount, - UInt32 blockNumber, - void *dataPtr, - void *tempBuffer) -{ - UInt8 *inBlock, *outBlock, *resultBlockPtr; - UInt32 iteration; - outBlock = (UInt8*)tempBuffer; - inBlock = outBlock + hLen; - /* Set up inBlock to contain Salt || INT (blockNumber). */ - memcpy (inBlock, saltPtr, saltLen); - - inBlock[saltLen + 0] = (UInt8)(blockNumber >> 24); - inBlock[saltLen + 1] = (UInt8)(blockNumber >> 16); - inBlock[saltLen + 2] = (UInt8)(blockNumber >> 8); - inBlock[saltLen + 3] = (UInt8)(blockNumber); - - /* Caculate U1 (result goes to outBlock) and copy it to resultBlockPtr. */ - resultBlockPtr = (UInt8*)dataPtr; - prf (passwordPtr, passwordLen, inBlock, saltLen + 4, outBlock); - memcpy (resultBlockPtr, outBlock, hLen); - /* Calculate U2 though UiterationCount. */ - for (iteration = 2; iteration <= iterationCount; iteration++) - { - UInt8 *tempBlock; - UInt32 byte; - /* Swap inBlock and outBlock pointers. */ - tempBlock = inBlock; - inBlock = outBlock; - outBlock = tempBlock; - /* Now inBlock conatins Uiteration-1. Calclulate Uiteration into outBlock. */ - prf (passwordPtr, passwordLen, inBlock, hLen, outBlock); - /* Xor data in dataPtr (U1 \xor U2 \xor ... \xor Uiteration-1) with - outBlock (Uiteration). */ - for (byte = 0; byte < hLen; byte++) - resultBlockPtr[byte] ^= outBlock[byte]; - } -} -void pbkdf2 (PRF prf, UInt32 hLen, - const void *passwordPtr, UInt32 passwordLen, - const void *saltPtr, UInt32 saltLen, - UInt32 iterationCount, - void *dkPtr, UInt32 dkLen, - void *tempBuffer) -{ - UInt32 completeBlocks = dkLen / hLen; - UInt32 partialBlockSize = dkLen % hLen; - UInt32 blockNumber; - UInt8 *dataPtr = (UInt8*)dkPtr; - UInt8 *blkBuffer = (UInt8*)tempBuffer; - /* First cacluate all the complete hLen sized blocks required. */ - for (blockNumber = 1; blockNumber <= completeBlocks; blockNumber++) - { - F (prf, hLen, passwordPtr, passwordLen, saltPtr, saltLen, - iterationCount, blockNumber, dataPtr, blkBuffer + hLen); - dataPtr += hLen; - } - /* Finally if the requested output size was not an even multiple of hLen, calculate - the final block and copy the first partialBlockSize bytes of it to the output. */ - if (partialBlockSize > 0) - { - F (prf, hLen, passwordPtr, passwordLen, saltPtr, saltLen, - iterationCount, blockNumber, blkBuffer, blkBuffer + hLen); - memcpy (dataPtr, blkBuffer, partialBlockSize); - } -} diff --git a/AppleCSP/PBKDF2/pbkdf2.h b/AppleCSP/PBKDF2/pbkdf2.h deleted file mode 100644 index 66771702..00000000 --- a/AppleCSP/PBKDF2/pbkdf2.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: pbkdf2.h - Contains: Apple Data Security Services PKCS #5 PBKDF2 function declaration. - Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved - Written by: Michael Brouwer -*/ - -#ifndef __PBKDF2__ -#define __PBKDF2__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* This function should generate a pseudo random octect stream - of hLen bytes long (The value hLen is specified as an argument to pbkdf2 - and should be constant for any given prf function.) which is output in the buffer - pointed to by randomPtr (the caller of this function is responsible for allocation - of the buffer). - The inputs to the pseudo random function are the first keyLen octets pointed - to by keyPtr and the first textLen octets pointed to by textPtr. - Both keyLen and textLen can have any nonzero value. - A good prf would be a HMAC-SHA-1 algorithm where the keyPtr octets serve as - HMAC's "key" and the textPtr octets serve as HMAC's "text". */ -typedef void (*PRF)(const void *keyPtr, UInt32 keyLen, - const void *textPtr, UInt32 textLen, - void *randomPtr); - -/* This function implements the PBKDF2 key derrivation algorithm described in - http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-5.html - The output is a derived key of dkLen bytes which is written to the buffer - pointed to by dkPtr. - The caller should ensure dkPtr is at least dkLen bytes long. - The Key is derived from passwordPtr (which is passwordLen bytes long) and from - saltPtr (which is saltLen bytes long). The algorithm used is desacribed in - PKCS #5 version 2.0 and iterationCount iterations are performed. - The argument prf is a pointer to a psuedo random number generator declared above. - It should write exactly hLen bytes into its output buffer each time it is called. - The argument tempBuffer should point to a buffer MAX (hLen, saltLen + 4) + 2 * hLen - bytes long. This buffer is used during the calculation for intermediate results. - Security Considerations: - The argument saltPtr should be a pointer to a buffer of at least 8 random bytes - (64 bits). Thus saltLen should be >= 8. - For each session a new salt should be generated. - The value of iterationCount should be at least 1000 (one thousand). - A good prf would be a HMAC-SHA-1 algorithm where the password serves as - HMAC's "key" and the data serves as HMAC's "text". */ -void pbkdf2 (PRF prf, UInt32 hLen, - const void *passwordPtr, UInt32 passwordLen, - const void *saltPtr, UInt32 saltLen, - UInt32 iterationCount, - void *dkPtr, UInt32 dkLen, - void *tempBuffer); - -#ifdef __cplusplus -} -#endif - -#endif /* __PBKDF2__ */ diff --git a/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp b/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp deleted file mode 100644 index 3cc7dee7..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_csp.cpp - Algorithm factory for RSA/DSA - */ - -#include "RSA_DSA_csp.h" -#include "RSA_DSA_signature.h" /* raw signer */ -#include /* raw digest */ -#include -#include -#include "RSA_DSA_keys.h" -#include "RSA_asymmetric.h" -#include -#include - -#define OPENSSL_DSA_ENABLE 1 - -CssmAllocator *RSA_DSA_Factory::normAllocator; -CssmAllocator *RSA_DSA_Factory::privAllocator; - -/* normally found in crypto.h, which has way too much useless cruft....move these to - * a local header.... */ -extern "C" { -extern int CRYPTO_set_mem_functions( - void *(*m)(size_t), - void *(*r)(void *,size_t), - void (*f)(void *)); -int CRYPTO_set_locked_mem_functions( - void *(*m)(size_t), - void (*free_func)(void *)); -} - -/* - * openssl-style memory allocator callbacks - */ -static void *osMalloc(size_t size) -{ - return RSA_DSA_Factory::privAllocator->malloc(size); -} -static void osFree(void *data) -{ - RSA_DSA_Factory::privAllocator->free(data); -} -static void *osRealloc(void *oldPtr, size_t newSize) -{ - return RSA_DSA_Factory::privAllocator->realloc(oldPtr, newSize); -} - -RSA_DSA_Factory::RSA_DSA_Factory(CssmAllocator *normAlloc, CssmAllocator *privAlloc) -{ - setNormAllocator(normAlloc); - setPrivAllocator(privAlloc); - /* once-per-address space */ - CRYPTO_set_mem_functions(osMalloc, osRealloc, osFree); - CRYPTO_set_locked_mem_functions(osMalloc, osFree); - /* these should go in a lib somewhere */ - ERR_load_RSA_strings(); - ERR_load_BN_strings(); - ERR_load_DSA_strings(); -} - -RSA_DSA_Factory::~RSA_DSA_Factory() -{ - // TBD terminateCryptKit(); -} - -bool RSA_DSA_Factory::setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context) -{ - switch(context.type()) { - case CSSM_ALGCLASS_SIGNATURE: - switch(context.algorithm()) { - case CSSM_ALGID_SHA1WithRSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new SHA1Object()), - *(new RSASigner(*privAllocator, - session, - CSSM_ALGID_SHA1))); - } - return true; - case CSSM_ALGID_MD5WithRSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new MD5Object()), - *(new RSASigner(*privAllocator, - session, - CSSM_ALGID_MD5))); - } - return true; - case CSSM_ALGID_MD2WithRSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new MD2Object()), - *(new RSASigner(*privAllocator, - session, - CSSM_ALGID_MD2))); - } - return true; - #if OPENSSL_DSA_ENABLE - case CSSM_ALGID_SHA1WithDSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new SHA1Object()), - *(new DSASigner(*privAllocator, - session, - CSSM_ALGID_SHA1))); - } - return true; - case CSSM_ALGID_DSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new NullDigest()), - *(new DSASigner(*privAllocator, - session, - // set later via setDigestAlgorithm but not used by DSA - CSSM_ALGID_NONE))); - } - return true; - #endif - case CSSM_ALGID_RSA: - if(cspCtx == NULL) { - cspCtx = new SignatureContext(session, - *(new NullDigest()), - *(new RSASigner(*privAllocator, - session, - // set later via setDigestAlgorithm - CSSM_ALGID_NONE))); - } - return true; - default: - break; - } - break; - - case CSSM_ALGCLASS_KEYGEN: - switch(context.algorithm()) { - case CSSM_ALGID_RSA: - if(cspCtx == NULL) { - cspCtx = new RSAKeyPairGenContext(session, context); - } - return true; - #if OPENSSL_DSA_ENABLE - case CSSM_ALGID_DSA: - if(cspCtx == NULL) { - cspCtx = new DSAKeyPairGenContext(session, context); - } - return true; - #endif - default: - break; - } - break; - - case CSSM_ALGCLASS_ASYMMETRIC: - switch(context.algorithm()) { - case CSSM_ALGID_RSA: - if(cspCtx == NULL) { - cspCtx = new RSA_CryptContext(session); - } - return true; - default: - break; - } - break; - - /* more here - symmetric, etc. */ - default: - break; - } - /* not implemented here */ - return false; -} - - - diff --git a/AppleCSP/RSA_DSA/RSA_DSA_csp.h b/AppleCSP/RSA_DSA/RSA_DSA_csp.h deleted file mode 100644 index ac796a3c..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_csp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_csp.h - Algorithm factory for RSA/DSA - */ - -#ifndef _RSA_DSA_CSP_H_ -#define _RSA_DSA_CSP_H_ - -#include -#include - -/* Can't include AppleCSPSession.h due to circular dependency */ -class AppleCSPSession; - -class RSA_DSA_Factory : public AppleCSPAlgorithmFactory { -public: - RSA_DSA_Factory(CssmAllocator *normAlloc = NULL, CssmAllocator *privAlloc = NULL); - ~RSA_DSA_Factory(); - - bool setup( - AppleCSPSession &session, - CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context); - - static void setNormAllocator(CssmAllocator *alloc) - { assert(!normAllocator); normAllocator = alloc; } - static void setPrivAllocator(CssmAllocator *alloc) - { assert(!privAllocator); privAllocator = alloc; } - - // memory allocators - static CssmAllocator *normAllocator; - static CssmAllocator *privAllocator; - -}; - -#endif /* _RSA_DSA_CSP_H_ */ diff --git a/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp b/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp deleted file mode 100644 index 0fdaa0b8..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp +++ /dev/null @@ -1,761 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_Keys.cpp - RSA, DSA related asymmetric key pair classes. - */ - -#include "RSA_DSA_keys.h" -#include -#include -#include -#include -#include -#include -#include -#include "RSA_DSA_utils.h" -#include -#include - -#define RSA_PUB_EXPONENT 0x10001 /* recommended by RSA */ - -#define rsaKeyDebug(args...) secdebug("rsaKey", ## args) - -/*** - *** RSA-style BinaryKey - ***/ - -/* constructor with optional existing RSA key */ -RSABinaryKey::RSABinaryKey(RSA *rsaKey) - : mRsaKey(rsaKey) -{ -} - -RSABinaryKey::~RSABinaryKey() -{ - if(mRsaKey) { - RSA_free(mRsaKey); - mRsaKey = NULL; - } -} - -void RSABinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, /* IN/OUT */ - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ -{ - bool isPub; - CSSM_RETURN crtn; - - /* - * Here, the incoming default of CSSM_KEYBLOB_RAW_FORMAT_NONE - * is translated to our AppleCSP-custom defaults. App can override. - */ - switch(mKeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - isPub = true; - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - format = RSA_PUB_KEY_FORMAT; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - /* calculate digest on PKCS1 blob */ - format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - isPub = false; - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: // default - format = RSA_PRIV_KEY_FORMAT; - break; - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - /* calculate digest on Public PKCS1 blob */ - format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - isPub = true; - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - CssmAutoData encodedKey(allocator); - if(isPub) { - crtn = RSAPublicKeyEncode(mRsaKey, format, encodedKey); - } - else { - crtn = RSAPrivateKeyEncode(mRsaKey, format, encodedKey); - } - if(crtn) { - CssmError::throwMe(crtn); - } - blob = encodedKey.release(); -} - -/*** - *** RSA-style AppleKeyPairGenContext - ***/ - -/* - * This one is specified in, and called from, CSPFullPluginSession. Our - * only job is to prepare two subclass-specific BinaryKeys and call up to - * AppleKeyPairGenContext. - */ -void RSAKeyPairGenContext::generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey) -{ - RSABinaryKey *pubBinKey = new RSABinaryKey(); - RSABinaryKey *privBinKey = new RSABinaryKey(); - - try { - AppleKeyPairGenContext::generate(context, - session(), - pubKey, - pubBinKey, - privKey, - privBinKey); - } - catch (...) { - delete pubBinKey; - delete privBinKey; - throw; - } - -} - -// this one is specified in, and called from, AppleKeyPairGenContext -void RSAKeyPairGenContext::generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keyBits) -{ - /* - * These casts throw exceptions if the keys are of the - * wrong classes, which would be a major bogon, since we created - * the keys in the above generate() function. - */ - RSABinaryKey &rPubBinKey = - dynamic_cast(pubBinKey); - RSABinaryKey &rPrivBinKey = - dynamic_cast(privBinKey); - - /* - * One parameter from context: Key size in bits is required. - * FIXME - get public exponent from context? - */ - keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - - /* generate the private key */ - rPrivBinKey.mRsaKey = RSA_generate_key(keyBits, - RSA_PUB_EXPONENT, - NULL, // no callback - NULL); - if(rPrivBinKey.mRsaKey == NULL) { - rsaKeyDebug("RSA_generate_key returned NULL"); - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); // ??? - } - - /* public key is subset of private key */ - rPubBinKey.mRsaKey = RSA_new(); - if(rPrivBinKey.mRsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - RSA *pub = rPubBinKey.mRsaKey; - RSA *priv = rPrivBinKey.mRsaKey; - pub->n = BN_dup(priv->n); - pub->e = BN_dup(priv->e); - if((pub->n == NULL) || (pub->e == NULL)) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } -} - - -/*** - *** RSA-style CSPKeyInfoProvider. - ***/ -RSAKeyInfoProvider::RSAKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ -} - -CSPKeyInfoProvider *RSAKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - switch(cssmKey.algorithm()) { - case CSSM_ALGID_RSA: - break; - default: - return NULL; - } - switch(cssmKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - return NULL; - } - /* OK, we'll handle this one */ - return new RSAKeyInfoProvider(cssmKey, session); -} - -/* Given a raw key, cook up a Binary key */ -void RSAKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // ignored - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT, unused here - BinaryKey **binKey) -{ - *binKey = NULL; - RSA *rsaKey = NULL; - - /* first cook up an RSA key, then drop that into a BinaryKey */ - rsaKey = rawCssmKeyToRsa(mKey); - RSABinaryKey *rsaBinKey = new RSABinaryKey(rsaKey); - *binKey = rsaBinKey; -} - -/* - * Obtain key size in bits. - */ -void RSAKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - RSA *rsaKey = NULL; - - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - rsaKey = rawCssmKeyToRsa(mKey); - keySize.LogicalKeySizeInBits = RSA_size(rsaKey) * 8; - keySize.EffectiveKeySizeInBits = keySize.LogicalKeySizeInBits; - RSA_free(rsaKey); -} - -/* - * Obtain blob suitable for hashing in CSSM_APPLECSP_KEYDIGEST - * passthrough. - */ -bool RSAKeyInfoProvider::getHashableBlob( - CssmAllocator &allocator, - CssmData &blob) // blob to hash goes here -{ - /* - * The optimized case, a raw key in the "proper" format already. - * Only public keys in PKCS1 format fit this bill. - */ - assert(mKey.blobType() == CSSM_KEYBLOB_RAW); - bool useAsIs = false; - - switch(mKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - if(mKey.blobFormat() == CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { - useAsIs = true; - } - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - /* shouldn't be here */ - assert(0); - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(useAsIs) { - const CssmData &keyBlob = CssmData::overlay(mKey.KeyData); - copyCssmData(keyBlob, blob, allocator); - return true; - } - - /* caller converts to binary and proceeds */ - return false; -} - -/*** - *** DSA key support - ***/ - - -/*** - *** DSA-style BinaryKey - ***/ - -/* constructor with optional existing DSA key */ -DSABinaryKey::DSABinaryKey(DSA *dsaKey) - : mDsaKey(dsaKey) -{ -} - -DSABinaryKey::~DSABinaryKey() -{ - if(mDsaKey) { - DSA_free(mDsaKey); - mDsaKey = NULL; - } -} - -void DSABinaryKey::generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional */ - CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ -{ - bool isPub; - CSSM_RETURN crtn; - - /* - * Here, the incoming default of CSSM_KEYBLOB_RAW_FORMAT_NONE - * is translated to our AppleCSP-custom defaults. App can override. - */ - switch(mKeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - isPub = true; - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - format = DSA_PUB_KEY_FORMAT; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - isPub = false; - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - format = DSA_PRIV_KEY_FORMAT; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - /* - * This is calculated on the public key, which - * is not part of a DSA private key's encoding... - * so first calculate the public key. - */ - dsaKeyPrivToPub(mDsaKey); - isPub = true; - break; - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: - break; - default: - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT); - } - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* possible conversion from partial binary key to fully - * formed blob */ - DSA *dsaToEncode = mDsaKey; - DSA *dsaUpgrade = NULL; - if(isPub && - (mDsaKey->p == NULL) && - (paramKey != NULL)) { - /* - * Don't modify BinaryKey; make a copy. - */ - dsaUpgrade = DSA_new(); - if(dsaUpgrade == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - dsaUpgrade->pub_key = BN_dup(mDsaKey->pub_key); - crtn = dsaGetParamsFromKey(dsaUpgrade, *paramKey, session); - if(crtn) { - DSA_free(dsaUpgrade); - CssmError::throwMe(crtn); - } - - /* success - switch keys and inform caller of attr change */ - dsaToEncode = dsaUpgrade; - attrFlags &= ~CSSM_KEYATTR_PARTIAL; - } - - CssmAutoData encodedKey(allocator); - if(isPub) { - crtn = DSAPublicKeyEncode(dsaToEncode, format, encodedKey); - } - else { - crtn = DSAPrivateKeyEncode(dsaToEncode, format, encodedKey); - } - if(dsaUpgrade != NULL) { - /* temp key, get rid of it */ - DSA_free(dsaUpgrade); - } - if(crtn) { - CssmError::throwMe(crtn); - } - blob = encodedKey.release(); -} - -/*** - *** DSA-style AppleKeyPairGenContext - ***/ - -/* - * This one is specified in, and called from, CSPFullPluginSession. Our - * only job is to prepare two subclass-specific BinaryKeys and call up to - * AppleKeyPairGenContext. - */ -void DSAKeyPairGenContext::generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey) -{ - DSABinaryKey *pubBinKey = new DSABinaryKey(); - DSABinaryKey *privBinKey = new DSABinaryKey(); - - try { - AppleKeyPairGenContext::generate(context, - session(), - pubKey, - pubBinKey, - privKey, - privBinKey); - } - catch (...) { - delete pubBinKey; - delete privBinKey; - throw; - } - -} - -/* - * This one is specified in, and called from, AppleKeyPairGenContext - */ -void DSAKeyPairGenContext::generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keyBits) -{ - /* - * These casts throw exceptions if the keys are of the - * wrong classes, which would be a major bogon, since we created - * the keys in the above generate() function. - */ - DSABinaryKey &rPubBinKey = - dynamic_cast(pubBinKey); - DSABinaryKey &rPrivBinKey = - dynamic_cast(privBinKey); - - /* - * Parameters from context: - * Key size in bits, required; - * {p,q,g} from generateParams, optional - */ - keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); - CssmData *paramData = context.get(CSSM_ATTRIBUTE_ALG_PARAMS); - - NSS_DSAAlgParams algParams; - SecNssCoder coder; // generated algParams mallocd from here - if(paramData != NULL) { - /* this contains the DER encoding of a NSS_DSAAlgParams */ - CSSM_RETURN crtn = DSADecodeAlgParams(algParams, paramData->Data, - paramData->Length, coder); - if(crtn) { - CssmError::throwMe(crtn); - } - } - else { - /* no alg params specified; generate them now using null (random) seed */ - dsaGenParams(keyBits, NULL, 0, algParams, coder); - } - - /* create key, stuff params into it */ - rPrivBinKey.mDsaKey = DSA_new(); - if(rPrivBinKey.mDsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - DSA *dsaKey = rPrivBinKey.mDsaKey; - dsaKey->p = cssmDataToBn(algParams.p); - dsaKey->q = cssmDataToBn(algParams.q); - dsaKey->g = cssmDataToBn(algParams.g); - - /* generate the key (both public and private capabilities) */ - int irtn = DSA_generate_key(dsaKey); - if(!irtn) { - throwRsaDsa("DSA_generate_key"); - } - - /* public key is subset of private key */ - rPubBinKey.mDsaKey = DSA_new(); - if(rPrivBinKey.mDsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - DSA *pub = rPubBinKey.mDsaKey; - DSA *priv = rPrivBinKey.mDsaKey; - pub->p = BN_dup(priv->p); - pub->q = BN_dup(priv->q); - pub->g = BN_dup(priv->g); - pub->pub_key = BN_dup(priv->pub_key); - if((pub->p == NULL) || (pub->q == NULL) || (pub->g == NULL) || - (pub->pub_key == NULL)) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } -} - -/* - * Generate keygen parameters, stash them in a context attr array for later use - * when actually generating the keys. - */ -void DSAKeyPairGenContext::generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, - uint32 &attrCount, - Context::Attr * &attrs) -{ - void *seed = NULL; - unsigned seedLen = 0; - - /* optional seed from context */ - CssmData *seedData = context.get(CSSM_ATTRIBUTE_SEED); - if(seedData) { - seed = seedData->data(); - seedLen = seedData->length(); - } - - /* generate the params, temp alloc from SecNssCoder */ - NSS_DSAAlgParams algParams; - SecNssCoder coder; - dsaGenParams(bitSize, seed, seedLen, algParams, coder); - - /* - * Here comes the fun part. - * We "return" the DER encoding of these generated params in two ways: - * 1. Copy out to app via the params argument, mallocing if Data ptr is NULL. - * The app must free this. - * 2. Cook up a 1-element Context::attr array containing one ALG_PARAM attr, - * a CSSM_DATA_PTR containing the DER encoding. We have to save a ptr to - * this attr array and free it, the CSSM_DATA it points to, and the DER - * encoding *that* points to, in our destructor. - * - * First, DER encode. - */ - CssmAutoData aDerData(session()); - DSAEncodeAlgParams(algParams, aDerData); - - /* copy/release that into a mallocd CSSM_DATA. */ - CSSM_DATA_PTR derData = (CSSM_DATA_PTR)session().malloc(sizeof(CSSM_DATA)); - *derData = aDerData.release(); - - /* stuff that into a one-element Attr array which we keep after returning */ - freeGenAttrs(); - mGenAttrs = (Context::Attr *)session().malloc(sizeof(Context::Attr)); - mGenAttrs->AttributeType = CSSM_ATTRIBUTE_ALG_PARAMS; - mGenAttrs->AttributeLength = sizeof(CSSM_DATA); - mGenAttrs->Attribute.Data = derData; - - /* and "return" this stuff */ - copyCssmData(CssmData::overlay(*derData), params, session()); - attrCount = 1; - attrs = mGenAttrs; -} - -/* free mGenAttrs and its referents if present */ -void DSAKeyPairGenContext::freeGenAttrs() -{ - if(mGenAttrs == NULL) { - return; - } - if(mGenAttrs->Attribute.Data) { - if(mGenAttrs->Attribute.Data->Data) { - session().free(mGenAttrs->Attribute.Data->Data); - } - session().free(mGenAttrs->Attribute.Data); - } - session().free(mGenAttrs); -} - -/* - * Generate DSA algorithm parameters from optional seed input, returning result - * into NSS_DSAAlgParamss.[pqg]. This is called from both GenerateParameters and from - * KeyPairGenerate (if no GenerateParameters has yet been called). - */ -void DSAKeyPairGenContext::dsaGenParams( - uint32 keySizeInBits, - const void *inSeed, // optional - unsigned inSeedLen, - NSS_DSAAlgParams &algParams, - SecNssCoder &coder) // contents of algParams mallocd from here -{ - unsigned char seedBuf[SHA1_DIGEST_SIZE]; - void *seedPtr; - - /* validate key size */ - if((keySizeInBits < DSA_MIN_KEY_SIZE) || - (keySizeInBits > DSA_MAX_KEY_SIZE) || - (keySizeInBits & DSA_KEY_BITS_MASK)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); - } - - /* seed from one of three sources */ - if(inSeed == NULL) { - /* 20 random seed bytes */ - session().getRandomBytes(SHA1_DIGEST_SIZE, seedBuf); - seedPtr = seedBuf; - } - else if(inSeedLen == SHA1_DIGEST_SIZE) { - /* perfect */ - seedPtr = (void *)inSeed; - } - else { - /* hash caller's seed */ - cspGenSha1Hash(inSeed, inSeedLen, seedBuf); - seedPtr = seedBuf; - } - - DSA *dsaKey = DSA_generate_parameters(keySizeInBits, - (unsigned char *)seedPtr, - SHA1_DIGEST_SIZE, - NULL, // counter_ret - NULL, // h_ret - NULL, - NULL); - if(dsaKey == NULL) { - throwRsaDsa("DSA_generate_parameters"); - } - - /* stuff dsaKey->[pqg] into a caller's NSS_DSAAlgParams */ - bnToCssmData(dsaKey->p, algParams.p, coder); - bnToCssmData(dsaKey->q, algParams.q, coder); - bnToCssmData(dsaKey->g, algParams.g, coder); - - DSA_free(dsaKey); -} - -/*** - *** DSA-style CSPKeyInfoProvider. - ***/ -DSAKeyInfoProvider::DSAKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session) : - CSPKeyInfoProvider(cssmKey, session) -{ - -} -CSPKeyInfoProvider *DSAKeyInfoProvider::provider( - const CssmKey &cssmKey, - AppleCSPSession &session) -{ - switch(cssmKey.algorithm()) { - case CSSM_ALGID_DSA: - break; - default: - return NULL; - } - switch(cssmKey.keyClass()) { - case CSSM_KEYCLASS_PUBLIC_KEY: - case CSSM_KEYCLASS_PRIVATE_KEY: - break; - default: - return NULL; - } - /* OK, we'll handle this one */ - return new DSAKeyInfoProvider(cssmKey, session); -} - -/* Given a raw key, cook up a Binary key */ -void DSAKeyInfoProvider::CssmKeyToBinary( - CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey) -{ - *binKey = NULL; - DSA *dsaKey = NULL; - - /* first cook up an DSA key, then drop that into a BinaryKey */ - dsaKey = rawCssmKeyToDsa(mKey, mSession, paramKey); - if(dsaKey->p == NULL) { - attrFlags |= CSSM_KEYATTR_PARTIAL; - } - else { - attrFlags &= ~CSSM_KEYATTR_PARTIAL; - } - DSABinaryKey *dsaBinKey = new DSABinaryKey(dsaKey); - *binKey = dsaBinKey; -} - -/* - * Obtain key size in bits. - */ -void DSAKeyInfoProvider::QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize) -{ - DSA *dsaKey = NULL; - - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - dsaKey = rawCssmKeyToDsa(mKey, - mSession, - NULL); // no param key allowed here - if(dsaKey->p != NULL) { - /* normal fully-formed key */ - keySize.LogicalKeySizeInBits = BN_num_bits(dsaKey->p); - keySize.EffectiveKeySizeInBits = keySize.LogicalKeySizeInBits; - DSA_free(dsaKey); - } - else { - /* partial key, get an approximation from pub_key */ - keySize.LogicalKeySizeInBits = BN_num_bits(dsaKey->pub_key); - DSA_free(dsaKey); - /* and indicate this anomaly like so */ - CssmError::throwMe(CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE); - } -} - -/* - * Obtain blob suitable for hashing in CSSM_APPLECSP_KEYDIGEST - * passthrough. - */ -bool DSAKeyInfoProvider::getHashableBlob( - CssmAllocator &allocator, - CssmData &blob) // blob to hash goes here -{ - /* No optimized case for DSA keys */ - return false; -} diff --git a/AppleCSP/RSA_DSA/RSA_DSA_keys.h b/AppleCSP/RSA_DSA/RSA_DSA_keys.h deleted file mode 100644 index 08f609e0..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_keys.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_keys.h - key pair support for RSA/DSA - */ - -#ifndef _RSA_DSA_KEYS_H_ -#define _RSA_DSA_KEYS_H_ - -#include -#include -#include -#include "AppleCSPKeys.h" -#include -#include -#include -#include -#include - -#define RSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS1 -#define RSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS8 - -#define DSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_X509 -#define DSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_FIPS186 - -#define DSA_MIN_KEY_SIZE 512 -#define DSA_MAX_KEY_SIZE 1024 -#define DSA_KEY_BITS_MASK (64 - 1) /* these bits must be zero */ - /* i.e., aligned to 64 bits */ -/* - * RSA version of a BinaryKey. - */ -class RSABinaryKey : public BinaryKey { -public: - RSABinaryKey(RSA *rsaKey = NULL); - ~RSABinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional, unused here */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - RSA *mRsaKey; -}; - -class RSAKeyPairGenContext : - public AppleCSPContext, private AppleKeyPairGenContext { -public: - RSAKeyPairGenContext( - AppleCSPSession &session, - const Context &) : - AppleCSPContext(session) {} - - ~RSAKeyPairGenContext() { } - - /* no init functionality, but we need to implement it */ - void init( - const Context &, - bool) { } - - // this one is specified in, and called from, CSPFullPluginSession - void generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey); - - // this one is specified in, and called from, AppleKeyPairGenContext - void generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keySize); - -}; /* KeyPairGenContext */ - -/* - * CSPKeyInfoProvider for RSA keys - */ -class RSAKeyInfoProvider : public CSPKeyInfoProvider -{ -private: - RSAKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); -public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - - ~RSAKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob); -}; - -/* - * DSA version of a BinaryKey. - */ -class DSABinaryKey : public BinaryKey { -public: - DSABinaryKey(DSA *dsaKey = NULL); - ~DSABinaryKey(); - void generateKeyBlob( - CssmAllocator &allocator, - CssmData &blob, - CSSM_KEYBLOB_FORMAT &format, - AppleCSPSession &session, - const CssmKey *paramKey, /* optional */ - CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ - - DSA *mDsaKey; -}; - -class DSAKeyPairGenContext : - public AppleCSPContext, private AppleKeyPairGenContext { -public: - DSAKeyPairGenContext( - AppleCSPSession &session, - const Context &) : - AppleCSPContext(session), mGenAttrs(NULL) {} - - ~DSAKeyPairGenContext() { freeGenAttrs(); } - - /* no init functionality, but we need to implement it */ - void init( - const Context &, - bool) { } - - // this one is specified in, and called from, CSPFullPluginSession - void generate( - const Context &context, - CssmKey &pubKey, - CssmKey &privKey); - - // this one is specified in, and called from, AppleKeyPairGenContext - void generate( - const Context &context, - BinaryKey &pubBinKey, - BinaryKey &privBinKey, - uint32 &keySize); - - // specified in, and called from, CSPFullPluginSessionÊ- generate parameters - void generate( - const Context &context, - uint32 bitSize, - CssmData ¶ms, - uint32 &attrCount, - Context::Attr * &attrs); - - /* - * Necessary to handle and deflect "context changed" notification which occurs - * after the strange return from "generate parameters", when the plugin adds - * the "returned" values to the Context. - */ - bool changed(const Context &context) { return true; } - - void dsaGenParams( - uint32 keySizeInBits, - const void *inSeed, // optional - unsigned inSeedLen, - NSS_DSAAlgParams &algParams, - SecNssCoder &coder); - -private: - /* gross hack to store attributes "returned" from GenParams */ - Context::Attr *mGenAttrs; - void freeGenAttrs(); -}; /* KeyPairGenContext */ - -/* - * CSPKeyInfoProvider for DSA keys - */ -class DSAKeyInfoProvider : public CSPKeyInfoProvider -{ -private: - DSAKeyInfoProvider( - const CssmKey &cssmKey, - AppleCSPSession &session); -public: - static CSPKeyInfoProvider *provider( - const CssmKey &cssmKey, - AppleCSPSession &session); - - ~DSAKeyInfoProvider() { } - void CssmKeyToBinary( - CssmKey *paramKey, // optional - CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT - BinaryKey **binKey); // RETURNED - void QueryKeySizeInBits( - CSSM_KEY_SIZE &keySize); // RETURNED - bool getHashableBlob( - CssmAllocator &allocator, - CssmData &hashBlob); -}; - -#endif /* _RSA_DSA_KEYS_H_ */ diff --git a/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp b/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp deleted file mode 100644 index 35cd0a83..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp +++ /dev/null @@ -1,378 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_signature.cpp - openssl-based signature classes. - */ - -#include "RSA_DSA_signature.h" -#include "RSA_DSA_utils.h" -#include -#include -#include -#include -#include -#include - -#define rsaSigDebug(args...) secdebug("rsaSig", ## args) - -RSASigner::~RSASigner() -{ - if(mWeMallocdRsaKey) { - assert(mRsaKey != NULL); - RSA_free(mRsaKey); - mRsaKey = NULL; - mWeMallocdRsaKey = false; - } -} - -/* reusable init */ -void RSASigner::signerInit( - const Context &context, - bool isSigning) -{ - setIsSigning(isSigning); - keyFromContext(context); - - /* optional padding attribute */ - uint32 padding; - bool padPresent = context.getInt(CSSM_ATTRIBUTE_PADDING, padding); - if(padPresent) { - /* padding specified in context, convert to openssl style */ - switch(padding) { - case CSSM_PADDING_NONE: - mPadding = RSA_NO_PADDING; - break; - case CSSM_PADDING_PKCS1: - mPadding = RSA_PKCS1_PADDING; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - } - - /* optional blinding attribute */ - uint32 blinding = context.getInt(CSSM_ATTRIBUTE_RSA_BLINDING); - if(blinding) { - if(RSA_blinding_on(mRsaKey, NULL) <= 0) { - /* actually no legit failures */ - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - } - else { - RSA_blinding_off(mRsaKey); - } - - setInitFlag(true); -} - -/* sign */ -void RSASigner::sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen) /* IN/OUT */ -{ - if(mRsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - - /* get encoded digest info */ - CssmAutoData encodedInfo(alloc()); - int irtn = generateDigestInfo(data, - dataLen, - digestAlg(), - encodedInfo, - RSA_size(mRsaKey)); - if(irtn) { - rsaSigDebug("***digestInfo error\n"); - throwOpensslErr(irtn); - } - - /* signature := encrypted digest info */ - irtn = RSA_private_encrypt(encodedInfo.length(), - (unsigned char *)encodedInfo.data(), - (unsigned char *)sig, - mRsaKey, - mPadding); - if(irtn < 0) { - throwRsaDsa("RSA_private_encrypt"); - } - if((unsigned)irtn > *sigLen) { - rsaSigDebug("RSA_private_encrypt: sig overflow"); - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - *sigLen = (unsigned)irtn; -} - -/* verify */ -void RSASigner::verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen) -{ - const char *op = NULL; - bool throwSigVerify = false; - - if(mRsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - - /* get encoded digest info */ - CssmAutoData encodedInfo(alloc()); - int irtn = generateDigestInfo(data, - dataLen, - digestAlg(), - encodedInfo, - RSA_size(mRsaKey)); - if(irtn) { - rsaSigDebug("***digestInfo error\n"); - CssmError::throwMe(/* FIXME */CSSMERR_CSP_INTERNAL_ERROR); - } - - /* malloc decrypted signature */ - unsigned char *decryptSig = - (unsigned char *)alloc().malloc(RSA_size(mRsaKey)); - unsigned decryptSigLen; - - /* signature should be encrypted digest info; decrypt the signature */ - irtn = RSA_public_decrypt(sigLen, - (unsigned char *)sig, - decryptSig, - mRsaKey, - mPadding); - if(irtn < 0) { - op = "RSA_public_decrypt"; - throwSigVerify = true; - goto abort; - } - decryptSigLen = (unsigned)irtn; - if(decryptSigLen != encodedInfo.length()) { - rsaSigDebug("***Decrypted signature length error (exp %ld, got %d)\n", - encodedInfo.length(), decryptSigLen); - throwSigVerify = true; - op = "RSA Sig length check"; - goto abort; - } - if(memcmp(decryptSig, encodedInfo.data(), decryptSigLen)) { - rsaSigDebug("***Signature miscompare\n"); - throwSigVerify = true; - op = "RSA Sig miscompare"; - goto abort; - } - else { - irtn = 0; - } -abort: - if(decryptSig != NULL) { - alloc().free(decryptSig); - } - if(throwSigVerify) { - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } -} - -/* works for both, but only used for signing */ -size_t RSASigner::maxSigSize() -{ - if(mRsaKey == NULL) { - return 0; - } - return RSA_size(mRsaKey); -} - -/* - * obtain key from context, validate, convert to native RSA key - */ -void RSASigner::keyFromContext( - const Context &context) -{ - if(initFlag() && (mRsaKey != NULL)) { - /* reusing context, OK */ - return; - } - - CSSM_KEYCLASS keyClass; - CSSM_KEYUSE keyUse; - if(isSigning()) { - /* signing with private key */ - keyClass = CSSM_KEYCLASS_PRIVATE_KEY; - keyUse = CSSM_KEYUSE_SIGN; - } - else { - /* verifying with public key */ - keyClass = CSSM_KEYCLASS_PUBLIC_KEY; - keyUse = CSSM_KEYUSE_VERIFY; - } - if(mRsaKey == NULL) { - mRsaKey = contextToRsaKey(context, - mSession, - keyClass, - keyUse, - mWeMallocdRsaKey); - } -} - -DSASigner::~DSASigner() -{ - if(mWeMallocdDsaKey) { - assert(mDsaKey != NULL); - DSA_free(mDsaKey); - mDsaKey = NULL; - mWeMallocdDsaKey = false; - } -} - -/* reusable init */ -void DSASigner::signerInit( - const Context &context, - bool isSigning) -{ - setIsSigning(isSigning); - keyFromContext(context); - setInitFlag(true); -} - -/* sign */ -void DSASigner::sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen) /* IN/OUT */ -{ - if(mDsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(mDsaKey->priv_key == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* get signature in internal format */ - DSA_SIG *dsaSig = DSA_do_sign((unsigned char *)data, dataLen, mDsaKey); - if(dsaSig == NULL) { - throwRsaDsa("DSA_do_sign"); - } - - /* DER encode the signature */ - CssmAutoData encodedSig(alloc()); - int irtn = DSASigEncode(dsaSig, encodedSig); - if(irtn) { - throwRsaDsa("DSASigEncode"); - } - if(encodedSig.length() > *sigLen) { - throwRsaDsa("DSA sign overflow"); - } - memmove(sig, encodedSig.data(), encodedSig.length()); - *sigLen = encodedSig.length(); - DSA_SIG_free(dsaSig); -} - -/* verify */ -void DSASigner::verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen) -{ - bool throwSigVerify = false; - DSA_SIG *dsaSig = NULL; - CSSM_RETURN crtn = CSSM_OK; - int irtn; - - if(mDsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - if(mDsaKey->pub_key == NULL) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - /* incoming sig is DER encoded....decode into internal format */ - dsaSig = DSA_SIG_new(); - crtn = DSASigDecode(dsaSig, sig, sigLen); - if(crtn) { - goto abort; - } - - irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey); - if(irtn != 1) { - throwSigVerify = true; - } - -abort: - if(dsaSig != NULL) { - DSA_SIG_free(dsaSig); - } - if(throwSigVerify) { - CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } - else if(crtn) { - CssmError::throwMe(crtn); - } -} - -/* - * Works for both, but only used for signing. - * DSA sig is a sequence of two 160-bit integers. - */ -size_t DSASigner::maxSigSize() -{ - if(mDsaKey == NULL) { - return 0; - } - size_t outSize; - size_t sizeOfOneInt; - - sizeOfOneInt = (160 / 8) + // the raw contents - 1 + // possible leading zero - 2; // tag + length (assume DER, not BER) - outSize = (2 * sizeOfOneInt) + 5; - return outSize; -} - -/* - * obtain key from context, validate, convert to native DSA key - */ -void DSASigner::keyFromContext( - const Context &context) -{ - if(initFlag() && (mDsaKey != NULL)) { - /* reusing context, OK */ - return; - } - - CSSM_KEYCLASS keyClass; - CSSM_KEYUSE keyUse; - if(isSigning()) { - /* signing with private key */ - keyClass = CSSM_KEYCLASS_PRIVATE_KEY; - keyUse = CSSM_KEYUSE_SIGN; - } - else { - /* verifying with public key */ - keyClass = CSSM_KEYCLASS_PUBLIC_KEY; - keyUse = CSSM_KEYUSE_VERIFY; - } - if(mDsaKey == NULL) { - mDsaKey = contextToDsaKey(context, - mSession, - keyClass, - keyUse, - mWeMallocdDsaKey); - } -} diff --git a/AppleCSP/RSA_DSA/RSA_DSA_signature.h b/AppleCSP/RSA_DSA/RSA_DSA_signature.h deleted file mode 100644 index ac1b610f..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_signature.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_signature.h - openssl-based signature classes. - */ - -#ifndef _RSA_DSA_SIGNATURE_H_ -#define _RSA_DSA_SIGNATURE_H_ - -#include -#include -#include -#include -#include - -#define RSA_SIG_PADDING_DEFAULT RSA_PKCS1_PADDING - -class RSASigner : public RawSigner { -public: - RSASigner( - CssmAllocator &alloc, - AppleCSPSession &session, - CSSM_ALGORITHMS digestAlg) : - RawSigner(alloc, digestAlg), - mRsaKey(NULL), - mWeMallocdRsaKey(false), - mSession(session), - mPadding(RSA_SIG_PADDING_DEFAULT) { } - - ~RSASigner(); - - /* reusable init */ - void signerInit( - const Context &context, - bool isSigning); - - - /* sign */ - void sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen); /* IN/OUT */ - - /* verify */ - void verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen); - - /* works for both, but only used for signing */ - size_t maxSigSize(); - -private: - - /* - * obtain key from context, validate, convert to RSA key - */ - void keyFromContext( - const Context &context); - - RSA *mRsaKey; - bool mWeMallocdRsaKey; - AppleCSPSession &mSession; - int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING -}; - -class DSASigner : public RawSigner { -public: - DSASigner( - CssmAllocator &alloc, - AppleCSPSession &session, - CSSM_ALGORITHMS digestAlg) : - RawSigner(alloc, digestAlg), - mDsaKey(NULL), - mWeMallocdDsaKey(false), - mSession(session) { } - - ~DSASigner(); - - /* reusable init */ - void signerInit( - const Context &context, - bool isSigning); - - - /* sign */ - void sign( - const void *data, - size_t dataLen, - void *sig, - size_t *sigLen); /* IN/OUT */ - - /* verify */ - void verify( - const void *data, - size_t dataLen, - const void *sig, - size_t sigLen); - - /* works for both, but only used for signing */ - size_t maxSigSize(); - -private: - - /* - * obtain key from context, validate, convert to DSA key - */ - void keyFromContext( - const Context &context); - - DSA *mDsaKey; - bool mWeMallocdDsaKey; - AppleCSPSession &mSession; -}; - - -#endif /* _RSA_DSA_SIGNATURE_H_ */ diff --git a/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp b/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp deleted file mode 100644 index 30125d47..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp +++ /dev/null @@ -1,454 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_utils.cpp - */ - -#include "RSA_DSA_utils.h" -#include "RSA_DSA_keys.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#define rsaMiscDebug(args...) secdebug("rsaMisc", ## args) - -/* - * Given a Context: - * -- obtain CSSM key (there must only be one) - * -- validate keyClass - * -- validate keyUsage - * -- convert to RSA *, allocating the RSA key if necessary - */ -RSA *contextToRsaKey( - const Context &context, - AppleCSPSession &session, - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey) // RETURNED -{ - CssmKey &cssmKey = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader; - if(hdr.AlgorithmId != CSSM_ALGID_RSA) { - CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); - } - if(hdr.KeyClass != keyClass) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - cspValidateIntendedKeyUsage(&hdr, usage); - cspVerifyKeyTimes(hdr); - return cssmKeyToRsa(cssmKey, session, mallocdKey); -} -/* - * Convert a CssmKey to an RSA * key. May result in the creation of a new - * RSA (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -RSA *cssmKeyToRsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey) // RETURNED -{ - RSA *rsaKey = NULL; - allocdKey = false; - - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - if(hdr->AlgorithmId != CSSM_ALGID_RSA) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - switch(hdr->BlobType) { - case CSSM_KEYBLOB_RAW: - rsaKey = rawCssmKeyToRsa(cssmKey); - allocdKey = true; - break; - case CSSM_KEYBLOB_REFERENCE: - { - BinaryKey &binKey = session.lookupRefKey(cssmKey); - RSABinaryKey *rsaBinKey = dynamic_cast(&binKey); - /* this cast failing means that this is some other - * kind of binary key */ - if(rsaBinKey == NULL) { - rsaMiscDebug("cssmKeyToRsa: wrong BinaryKey subclass\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(rsaBinKey->mRsaKey != NULL); - rsaKey = rsaBinKey->mRsaKey; - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - return rsaKey; -} - -/* - * Convert a raw CssmKey to a newly alloc'd RSA key. - */ -RSA *rawCssmKeyToRsa( - const CssmKey &cssmKey) -{ - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - bool isPub; - - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - - if(hdr->AlgorithmId != CSSM_ALGID_RSA) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - /* validate and figure out what we're dealing with */ - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT); - } - isPub = true; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // default - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: // openssl style - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT); - } - isPub = false; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - RSA *rsaKey = RSA_new(); - if(rsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - CSSM_RETURN crtn; - if(isPub) { - crtn = RSAPublicKeyDecode(rsaKey, hdr->Format, - cssmKey.KeyData.Data, cssmKey.KeyData.Length); - } - else { - crtn = RSAPrivateKeyDecode(rsaKey, hdr->Format, - cssmKey.KeyData.Data, cssmKey.KeyData.Length); - } - if(crtn) { - CssmError::throwMe(crtn); - } - return rsaKey; -} - -/* - * Given a partially formed DSA public key (with no p, q, or g) and a - * CssmKey representing a supposedly fully-formed DSA key, populate - * the public key's p, g, and q with values from the fully formed key. - */ -CSSM_RETURN dsaGetParamsFromKey( - DSA *partialKey, - const CssmKey ¶mKey, - AppleCSPSession &session) -{ - bool allocdKey; - DSA *dsaParamKey = cssmKeyToDsa(paramKey, session, allocdKey); - if(dsaParamKey == NULL) { - errorLog0("dsaGetParamsFromKey: bad paramKey\n"); - return CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE; - } - CSSM_RETURN crtn = CSSM_OK; - - /* require fully formed other key of course... */ - if((dsaParamKey->p == NULL) || - (dsaParamKey->q == NULL) || - (dsaParamKey->g == NULL)) { - errorLog0("dsaGetParamsFromKey: incomplete paramKey\n"); - crtn = CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE; - goto abort; - } - rsaMiscDebug("dsaGetParamsFromKey: partialKey %p paramKey %p", - partialKey, dsaParamKey); - - partialKey->q = BN_dup(dsaParamKey->q); - partialKey->p = BN_dup(dsaParamKey->p); - partialKey->g = BN_dup(dsaParamKey->g); - -abort: - if(allocdKey) { - DSA_free(dsaParamKey); - } - return crtn; -} - -/* - * Given a Context: - * -- obtain CSSM key (there must only be one) - * -- validate keyClass - * -- validate keyUsage - * -- convert to DSA *, allocating the DSA key if necessary - */ -DSA *contextToDsaKey( - const Context &context, - AppleCSPSession &session, - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey) // RETURNED -{ - CssmKey &cssmKey = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader; - if(hdr.AlgorithmId != CSSM_ALGID_DSA) { - CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); - } - if(hdr.KeyClass != keyClass) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - cspValidateIntendedKeyUsage(&hdr, usage); - cspVerifyKeyTimes(hdr); - DSA *rtnDsa = cssmKeyToDsa(cssmKey, session, mallocdKey); - if((keyClass == CSSM_KEYCLASS_PUBLIC_KEY) && - (rtnDsa->p == NULL)) { - /* - * Special case: this specific key is only partially formed; - * it's missing the DSA parameters p, g, and q. To proceed with this - * key, the caller must pass in another fully formned DSA public key - * in raw form in the context. If it's there we use those parameters. - */ - rsaMiscDebug("contextToDsaKey; partial DSA key %p", rtnDsa); - CssmKey *paramKey = context.get(CSSM_ATTRIBUTE_PARAM_KEY); - if(paramKey == NULL) { - rsaMiscDebug("contextToDsaKey: missing DSA params, no pub key in " - "context"); - if(mallocdKey) { - DSA_free(rtnDsa); - mallocdKey = false; - } - CssmError::throwMe(CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE); - } - - /* - * If this is a ref key, we have to cook up a new DSA key to - * avoid modifying the existing key. If we started with a raw key, - * we can modify it directly since the underlying DSA key has - * a lifetime only as long as this context (and since the context - * contains the parameter-bearing key, the params are valid - * as long as the DSA key). - */ - if(!mallocdKey) { - DSA *existKey = rtnDsa; - rtnDsa = DSA_new(); - if(rtnDsa == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - rtnDsa->pub_key = BN_dup(existKey->pub_key); - rsaMiscDebug("contextToDsaKey; temp partial copy %p", rtnDsa); - mallocdKey = true; - } - - /* - * Add params from paramKey into rtnDsa - */ - CSSM_RETURN crtn = dsaGetParamsFromKey(rtnDsa, *paramKey, session); - if(crtn) { - if(mallocdKey) { - DSA_free(rtnDsa); - mallocdKey = false; - } - CssmError::throwMe(crtn); - } - } - return rtnDsa; -} - -/* - * Convert a CssmKey to an DSA * key. May result in the creation of a new - * DSA (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -DSA *cssmKeyToDsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey) // RETURNED -{ - DSA *dsaKey = NULL; - allocdKey = false; - - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - if(hdr->AlgorithmId != CSSM_ALGID_DSA) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - switch(hdr->BlobType) { - case CSSM_KEYBLOB_RAW: - dsaKey = rawCssmKeyToDsa(cssmKey, session, NULL); - allocdKey = true; - break; - case CSSM_KEYBLOB_REFERENCE: - { - BinaryKey &binKey = session.lookupRefKey(cssmKey); - DSABinaryKey *dsaBinKey = dynamic_cast(&binKey); - /* this cast failing means that this is some other - * kind of binary key */ - if(dsaBinKey == NULL) { - rsaMiscDebug("cssmKeyToDsa: wrong BinaryKey subclass\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - assert(dsaBinKey->mDsaKey != NULL); - dsaKey = dsaBinKey->mDsaKey; - break; - } - default: - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - return dsaKey; -} - -/* - * Convert a raw CssmKey to a newly alloc'd DSA key. - */ -DSA *rawCssmKeyToDsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - const CssmKey *paramKey) // optional -{ - const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; - bool isPub; - - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - - if(hdr->AlgorithmId != CSSM_ALGID_DSA) { - // someone else's key (should never happen) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - /* validate and figure out what we're dealing with */ - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - case CSSM_KEYBLOB_RAW_FORMAT_X509: - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT); - } - isPub = true; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - switch(hdr->Format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: // default - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: // openssl style - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // SMIME style - break; - /* openssh real soon now */ - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: - default: - CssmError::throwMe( - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT); - } - isPub = false; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - } - - DSA *dsaKey = DSA_new(); - if(dsaKey == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - CSSM_RETURN crtn; - if(isPub) { - crtn = DSAPublicKeyDecode(dsaKey, hdr->Format, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - else { - crtn = DSAPrivateKeyDecode(dsaKey, hdr->Format, - cssmKey.KeyData.Data, - cssmKey.KeyData.Length); - } - if(crtn) { - CssmError::throwMe(crtn); - } - - /* - * Add in optional external parameters if this is not fully formed. - * This path is only taken from DSAKeyInfoProvider::CssmKeyToBinary, - * e.g., when doing a NULL unwrap of a partially formed DSA public - * key with the "complete the key with these params" option. - */ - if(isPub && (dsaKey->p == NULL) && (paramKey != NULL)) { - rsaMiscDebug("rawCssmKeyToDsa; updating dsaKey %p", dsaKey); - crtn = dsaGetParamsFromKey(dsaKey, *paramKey, session); - if(crtn) { - DSA_free(dsaKey); - CssmError::throwMe(crtn); - } - } - return dsaKey; -} - -/* - * Given a DSA private key, calculate its public component if it - * doesn't already exist. Used for calculating the key digest of - * an incoming raw private key. - */ -void dsaKeyPrivToPub( - DSA *dsaKey) -{ - assert(dsaKey != NULL); - assert(dsaKey->priv_key != NULL); - - if(dsaKey->pub_key != NULL) { - return; - } - - /* logic copied from DSA_generate_key() */ - dsaKey->pub_key = BN_new(); - if(dsaKey->pub_key == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - BN_CTX *ctx = BN_CTX_new(); - if (ctx == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - int rtn = BN_mod_exp(dsaKey->pub_key, - dsaKey->g, - dsaKey->priv_key, - dsaKey->p, - ctx); - BN_CTX_free(ctx); - if(rtn == 0) { - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } -} diff --git a/AppleCSP/RSA_DSA/RSA_DSA_utils.h b/AppleCSP/RSA_DSA/RSA_DSA_utils.h deleted file mode 100644 index 0a761d4b..00000000 --- a/AppleCSP/RSA_DSA/RSA_DSA_utils.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_DSA_utils.h - */ -#ifndef _RSA_DSA_UTILS_H_ -#define _RSA_DSA_UTILS_H_ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given a Context: - * -- obtain CSSM key (there must only be one) - * -- validate keyClass - * -- validate keyUsage - * -- convert to RSA *, allocating the RSA key if necessary - */ -RSA *contextToRsaKey( - const Context &context, - AppleCSPSession &session, - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey); // RETURNED - -/* - * Convert a CssmKey to an RSA * key. May result in the creation of a new - * RSA (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -RSA *cssmKeyToRsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey); // RETURNED - -/* - * Convert a raw CssmKey to a newly alloc'd RSA *. - */ -RSA *rawCssmKeyToRsa( - const CssmKey &cssmKey); - -/* - * Given a partially formed DSA public key (with no p, q, or g) and a - * CssmKey representing a supposedly fully-formed DSA key, populate - * the public key's p, g, and q with values from the fully formed key. - */ -CSSM_RETURN dsaGetParamsFromKey( - DSA *partialKey, - const CssmKey ¶mKey, - AppleCSPSession &session); - -/* - * Given a Context: - * -- obtain CSSM key (there must only be one) - * -- validate keyClass - * -- validate keyUsage - * -- convert to DSA *, allocating the DSA key if necessary - */ -DSA *contextToDsaKey( - const Context &context, - AppleCSPSession &session, - CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY - CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. - bool &mallocdKey); // RETURNED - -/* - * Convert a CssmKey to an DSA * key. May result in the creation of a new - * DSA (when cssmKey is a raw key); allocdKey is true in that case - * in which case the caller generally has to free the allocd key). - */ -DSA *cssmKeyToDsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - bool &allocdKey); // RETURNED - -/* - * Convert a raw CssmKey to a newly alloc'd DSA *. - */ -DSA *rawCssmKeyToDsa( - const CssmKey &cssmKey, - AppleCSPSession &session, - const CssmKey *paramKey); // optional - -/* - * Given a DSA private key, calculate its public component if it - * doesn't already exist. Used for calculating the key digest of - * an incoming raw private key. - */ -void dsaKeyPrivToPub( - DSA *dsaKey); - -#ifdef __cplusplus -} -#endif - -#endif /*_RSA_DSA_UTILS_H_ */ \ No newline at end of file diff --git a/AppleCSP/RSA_DSA/RSA_asymmetric.cpp b/AppleCSP/RSA_DSA/RSA_asymmetric.cpp deleted file mode 100644 index 38908106..00000000 --- a/AppleCSP/RSA_DSA/RSA_asymmetric.cpp +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_asymmetric.cpp - CSPContext for RSA asymmetric encryption - */ - -#include "RSA_asymmetric.h" -#include "RSA_DSA_utils.h" -#include -#include - -#define rsaCryptDebug(args...) secdebug("rsaCrypt", ## args) -#define rbprintf(args...) secdebug("rsaBuf", ## args) - -RSA_CryptContext::~RSA_CryptContext() -{ - if(mAllocdRsaKey) { - assert(mRsaKey != NULL); - RSA_free(mRsaKey); - mRsaKey = NULL; - mAllocdRsaKey = false; - } -} - -/* called by CSPFullPluginSession */ -void RSA_CryptContext::init(const Context &context, bool encoding /*= true*/) -{ - if(mInitFlag && !opStarted()) { - /* reusing - e.g. query followed by encrypt */ - return; - } - - /* optional mode to use alternate key class (e.g., decrypt with public key) */ - CSSM_KEYCLASS keyClass; - switch (context.getInt(CSSM_ATTRIBUTE_MODE)) { - case CSSM_ALGMODE_PUBLIC_KEY: - keyClass = CSSM_KEYCLASS_PUBLIC_KEY; - break; - case CSSM_ALGMODE_PRIVATE_KEY: - keyClass = CSSM_KEYCLASS_PRIVATE_KEY; - break; - case CSSM_ALGMODE_NONE: - /* default, not present in context: infer from op type */ - keyClass = encoding ? CSSM_KEYCLASS_PUBLIC_KEY : CSSM_KEYCLASS_PRIVATE_KEY; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE); - } - - /* fetch key from context */ - if(mRsaKey == NULL) { - assert(!opStarted()); - mRsaKey = contextToRsaKey(context, - session(), - keyClass, - encoding ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - mAllocdRsaKey); - } - else { - assert(opStarted()); - } - - unsigned cipherBlockSize = RSA_size(mRsaKey); - unsigned plainBlockSize; - - /* padding - not present means value zero, CSSM_PADDING_NONE */ - uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING); - switch(padding) { - case CSSM_PADDING_NONE: - mPadding = RSA_NO_PADDING; - plainBlockSize = cipherBlockSize; - break; - case CSSM_PADDING_PKCS1: - mPadding = RSA_PKCS1_PADDING; - plainBlockSize = cipherBlockSize - 11; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); - } - - /* optional blinding attribute */ - uint32 blinding = context.getInt(CSSM_ATTRIBUTE_RSA_BLINDING); - if(blinding) { - if(RSA_blinding_on(mRsaKey, NULL) <= 0) { - /* actually no legit failures */ - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); - } - } - else { - RSA_blinding_off(mRsaKey); - } - - /* finally, have BlockCryptor set up its stuff. */ - setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn - encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut - false, // pkcs5Pad - false, // needsFinal - BCM_ECB, - NULL); // IV - mInitFlag = true; - -} -/* called by BlockCryptor */ -void RSA_CryptContext::encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final) -{ - int irtn; - - if(mRsaKey->d == NULL) { - irtn = RSA_public_encrypt(plainTextLen, - (unsigned char *)plainText, - (unsigned char *)cipherText, - mRsaKey, - mPadding); - } - else { - irtn = RSA_private_encrypt(plainTextLen, - (unsigned char *)plainText, - (unsigned char *)cipherText, - mRsaKey, - mPadding); - } - if(irtn < 0) { - throwRsaDsa("RSA_public_encrypt"); - } - else if((unsigned)irtn > cipherTextLen) { - rsaCryptDebug("RSA_public_encrypt overflow"); - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - cipherTextLen = (size_t)irtn; -} - -void RSA_CryptContext::decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final) -{ - int irtn; - - if(mRsaKey->d == NULL) { - irtn = RSA_public_decrypt(inBlockSize(), - (unsigned char *)cipherText, - (unsigned char *)plainText, - mRsaKey, - mPadding); - } - else { - irtn = RSA_private_decrypt(inBlockSize(), - (unsigned char *)cipherText, - (unsigned char *)plainText, - mRsaKey, - mPadding); - } - if(irtn < 0) { - throwRsaDsa("RSA_private_decrypt"); - } - else if((unsigned)irtn > plainTextLen) { - rsaCryptDebug("RSA_private_decrypt overflow"); - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - plainTextLen = (size_t)irtn; -} - -size_t RSA_CryptContext::outputSize( - bool final, // ignored - size_t inSize /*= 0*/) // output for given input size -{ - UInt32 rawBytes = inSize + inBufSize(); - UInt32 rawBlocks = (rawBytes + inBlockSize() - 1) / inBlockSize(); - rbprintf("--- RSA_CryptContext::outputSize inSize 0x%lx outSize 0x%lx mInBufSize 0x%lx", - inSize, rawBlocks * outBlockSize(), inBufSize()); - return rawBlocks * outBlockSize(); -} diff --git a/AppleCSP/RSA_DSA/RSA_asymmetric.h b/AppleCSP/RSA_DSA/RSA_asymmetric.h deleted file mode 100644 index a62e8095..00000000 --- a/AppleCSP/RSA_DSA/RSA_asymmetric.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * RSA_asymmetric.h - CSPContext for RSA asymmetric encryption - */ - -#ifndef _RSA_ASYMMETRIC_H_ -#define _RSA_ASYMMETRIC_H_ - -#include -#include -#include -#include -#include -#include - -#define RSA_ASYM_PADDING_DEFAULT RSA_PKCS1_PADDING - -class RSA_CryptContext : public BlockCryptor { -public: - RSA_CryptContext(AppleCSPSession &session) : - BlockCryptor(session), - mRsaKey(NULL), - mAllocdRsaKey(false), - mInitFlag(false), - mPadding(RSA_ASYM_PADDING_DEFAULT) { } - - ~RSA_CryptContext(); - - /* called by CSPFullPluginSession */ - void init(const Context &context, bool encoding = true); - - /* called by BlockCryptor */ - void encryptBlock( - const void *plainText, // length implied (one block) - size_t plainTextLen, - void *cipherText, - size_t &cipherTextLen, // in/out, throws on overflow - bool final); - void decryptBlock( - const void *cipherText, // length implied (one cipher block) - void *plainText, - size_t &plainTextLen, // in/out, throws on overflow - bool final); - - size_t RSA_CryptContext::outputSize( - bool final, // ignored - size_t inSize = 0); // output for given input size - -private: - RSA *mRsaKey; - bool mAllocdRsaKey; - bool mInitFlag; // allows easy reuse - int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING -}; /* RSA_CryptContext */ - - -#endif // _RSA_ASYMMETRIC_H_ diff --git a/AppleCSP/TODO b/AppleCSP/TODO deleted file mode 100644 index cbdab795..00000000 --- a/AppleCSP/TODO +++ /dev/null @@ -1 +0,0 @@ -Things TODO in AppleCSPDL diff --git a/AppleCSP/csp_capabilities.mdsinfo b/AppleCSP/csp_capabilities.mdsinfo deleted file mode 100644 index 57b19954..00000000 --- a/AppleCSP/csp_capabilities.mdsinfo +++ /dev/null @@ -1,18 +0,0 @@ - - - - - Capabilities - file:csp_capabilities_common.mds - MdsFileDescription - Built-in CSP Capabilities - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE - ModuleID - {87191ca2-0fc9-11d4-849a000502b52122} - SSID - 0 - - diff --git a/AppleCSP/csp_capabilities_common.mds b/AppleCSP/csp_capabilities_common.mds deleted file mode 100644 index e5035a41..00000000 --- a/AppleCSP/csp_capabilities_common.mds +++ /dev/null @@ -1,741 +0,0 @@ - - - - - - AlgType - CSSM_ALGID_SHA1 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_OUTPUT_SIZE - AttributeValue - 20 - - - ContextType - CSSM_ALGCLASS_DIGEST - Description - SHA1 Digest - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_MD5 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_OUTPUT_SIZE - AttributeValue - 16 - - - ContextType - CSSM_ALGCLASS_DIGEST - Description - MD5 Digest - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_MD2 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_OUTPUT_SIZE - AttributeValue - 16 - - - ContextType - CSSM_ALGCLASS_DIGEST - Description - MD2 Digest - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - RSA Key Pair Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_DES - Attributes - - - AttributeType - CSSM_ATTRIBUTE_KEY_LENGTH - AttributeValue - 64 - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - DES Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_3DES_3KEY - Attributes - - - AttributeType - CSSM_ATTRIBUTE_KEY_LENGTH - AttributeValue - 192 - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - 3DES Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RC2 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - RC2 Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RC4 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - RC4 Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RC5 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - RC5 Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1HMAC - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - SHA1HMAC Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_AES - Attributes - - - AttributeType - CSSM_ATTRIBUTE_KEY_LENGTH - AttributeValue - - 128 - 192 - 256 - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - AES Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_ASC - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - ASC Key Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEE - Attributes - - - AttributeType - CSSM_ATTRIBUTE_KEY_LENGTH - AttributeValue - - 31 - 127 - 128 - 161 - 192 - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - FEE Key Pair Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_DSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_KEYGEN - Description - DSA Key Pair Generation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_PKCS5_PBKDF2 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_DERIVEKEY - Description - PKCS5 Key Derivation - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_DES - Attributes - - - AttributeType - CSSM_ATTRIBUTE_MODE - AttributeValue - - 2 - 3 - 5 - 6 - - - - ContextType - CSSM_ALGCLASS_SYMMETRIC - Description - DES Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_3DES_3KEY_EDE - Attributes - - - AttributeType - CSSM_ATTRIBUTE_MODE - AttributeValue - - 2 - 3 - 5 - 6 - - - - ContextType - CSSM_ALGCLASS_SYMMETRIC - Description - 3DES EDE Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_AES - Attributes - - - AttributeType - CSSM_ATTRIBUTE_MODE - AttributeValue - - 2 - 3 - 5 - 6 - - - - ContextType - CSSM_ALGCLASS_SYMMETRIC - Description - AES Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RC4 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_MODE - AttributeValue - - 0 - - - - ContextType - CSSM_ALGCLASS_SYMMETRIC - Description - RC4 Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RC5 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_MODE - AttributeValue - - 2 - 3 - 5 - 6 - - - - ContextType - CSSM_ALGCLASS_SYMMETRIC - Description - RC5 Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_ASYMMETRIC - Description - RSA Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEEDEXP - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_ASYMMETRIC - Description - FEEDExp Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEED - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_ASYMMETRIC - Description - FEED Encryption - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1WithRSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - SHA1 With RSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_MD5WithRSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - MD5 With RSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_MD2WithRSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - MD2 With RSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_RSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - Raw RSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1WithDSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - SHA1 With DSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_DSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - Raw DSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEE_MD5 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - MD5 with FEE Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEE_SHA1 - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - SHA1 with FEE Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_FEE - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - Raw FEE Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1WithECDSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - SHA1 with ECDSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_ECDSA - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_SIGNATURE - Description - Raw ECDSA Signature - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1HMAC - Attributes - - - AttributeType - CSSM_ATTRIBUTE_OUTPUT_SIZE - AttributeValue - 20 - - - ContextType - CSSM_ALGCLASS_MAC - Description - SHA1HMAC MAC - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_SHA1HMAC_LEGACY - Attributes - - - AttributeType - CSSM_ATTRIBUTE_OUTPUT_SIZE - AttributeValue - 20 - - - ContextType - CSSM_ALGCLASS_MAC - Description - SHA1HMAC MAC Legacy - UseeTag - CSSM_USEE_NONE - - - AlgType - CSSM_ALGID_APPLE_YARROW - Attributes - - - AttributeType - CSSM_ATTRIBUTE_NONE - AttributeValue - - - - ContextType - CSSM_ALGCLASS_RANDOMGEN - Description - Yarrow PRNG - UseeTag - CSSM_USEE_NONE - - - diff --git a/AppleCSP/csp_common.mdsinfo b/AppleCSP/csp_common.mdsinfo deleted file mode 100644 index 80c759fd..00000000 --- a/AppleCSP/csp_common.mdsinfo +++ /dev/null @@ -1,28 +0,0 @@ - - - - - BuiltIn - - CDSAVersion - 2.0 - Desc - Apple built-in CSP - DynamicFlag - - MdsFileDescription - Built-in CSP Common info - MdsFileType - PluginCommon - ModuleID - {87191ca2-0fc9-11d4-849a000502b52122} - ModuleName - AppleCSP - MultiThreadFlag - - ProductVersion - 1.0 - ServiceMask - CSSM_SERVICE_CSP - - diff --git a/AppleCSP/csp_primary.mdsinfo b/AppleCSP/csp_primary.mdsinfo deleted file mode 100644 index e708c16e..00000000 --- a/AppleCSP/csp_primary.mdsinfo +++ /dev/null @@ -1,36 +0,0 @@ - - - - - AclSubjectTypes - - AuthTags - - CspCustomFlags - 0 - CspFlags - - CspType - CSSM_CSP_SOFTWARE - MdsFileDescription - Built-in CSP Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE - ModuleID - {87191ca2-0fc9-11d4-849a000502b52122} - ModuleName - AppleCSP - ProductVersion - 1.0 - SSID - 0 - SampleTypes - - UseeTags - - Vendor - Apple Computer, Inc. - - diff --git a/AppleCSP/open_ssl/LICENSE b/AppleCSP/open_ssl/LICENSE deleted file mode 100644 index c885273f..00000000 --- a/AppleCSP/open_ssl/LICENSE +++ /dev/null @@ -1,60 +0,0 @@ - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - diff --git a/AppleCSP/open_ssl/bf/COPYRIGHT b/AppleCSP/open_ssl/bf/COPYRIGHT deleted file mode 100644 index 68572235..00000000 --- a/AppleCSP/open_ssl/bf/COPYRIGHT +++ /dev/null @@ -1,46 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an Blowfish implementation written -by Eric Young (eay@cryptsoft.com). - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/AppleCSP/open_ssl/bf/README b/AppleCSP/open_ssl/bf/README deleted file mode 100644 index f2712fd0..00000000 --- a/AppleCSP/open_ssl/bf/README +++ /dev/null @@ -1,8 +0,0 @@ -This is a quick packaging up of my blowfish code into a library. -It has been lifted from SSLeay. -The copyright notices seem a little harsh because I have not spent the -time to rewrite the conditions from the normal SSLeay ones. - -Basically if you just want to play with the library, not a problem. - -eric 15-Apr-1997 diff --git a/AppleCSP/open_ssl/bf/bf_ecb.c b/AppleCSP/open_ssl/bf/bf_ecb.c deleted file mode 100644 index 34199163..00000000 --- a/AppleCSP/open_ssl/bf/bf_ecb.c +++ /dev/null @@ -1,96 +0,0 @@ -/* crypto/bf/bf_ecb.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "bf_locl.h" -#include - -/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT; - -const char *BF_options(void) - { -#ifdef BF_PTR - return("blowfish(ptr)"); -#elif defined(BF_PTR2) - return("blowfish(ptr2)"); -#else - return("blowfish(idx)"); -#endif - } - -void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int encrypt) - { - BF_LONG l,d[2]; - - n2l(in,l); d[0]=l; - n2l(in,l); d[1]=l; - if (encrypt) - BF_encrypt(d,key); - else - BF_decrypt(d,key); - l=d[0]; l2n(l,out); - l=d[1]; l2n(l,out); - l=d[0]=d[1]=0; - } - diff --git a/AppleCSP/open_ssl/bf/bf_enc.c b/AppleCSP/open_ssl/bf/bf_enc.c deleted file mode 100644 index b380acf9..00000000 --- a/AppleCSP/open_ssl/bf/bf_enc.c +++ /dev/null @@ -1,306 +0,0 @@ -/* crypto/bf/bf_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "bf_locl.h" - -/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ -to modify the code. -#endif - -void BF_encrypt(BF_LONG *data, const BF_KEY *key) - { -#ifndef BF_PTR2 - register BF_LONG l,r; - const register BF_LONG *p,*s; - - p=key->P; - s= &(key->S[0]); - l=data[0]; - r=data[1]; - - l^=p[0]; - BF_ENC(r,l,s,p[ 1]); - BF_ENC(l,r,s,p[ 2]); - BF_ENC(r,l,s,p[ 3]); - BF_ENC(l,r,s,p[ 4]); - BF_ENC(r,l,s,p[ 5]); - BF_ENC(l,r,s,p[ 6]); - BF_ENC(r,l,s,p[ 7]); - BF_ENC(l,r,s,p[ 8]); - BF_ENC(r,l,s,p[ 9]); - BF_ENC(l,r,s,p[10]); - BF_ENC(r,l,s,p[11]); - BF_ENC(l,r,s,p[12]); - BF_ENC(r,l,s,p[13]); - BF_ENC(l,r,s,p[14]); - BF_ENC(r,l,s,p[15]); - BF_ENC(l,r,s,p[16]); -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[17]); - BF_ENC(l,r,s,p[18]); - BF_ENC(r,l,s,p[19]); - BF_ENC(l,r,s,p[20]); -#endif - r^=p[BF_ROUNDS+1]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#else - register BF_LONG l,r,t,*k; - - l=data[0]; - r=data[1]; - k=(BF_LONG*)key; - - l^=k[0]; - BF_ENC(r,l,k, 1); - BF_ENC(l,r,k, 2); - BF_ENC(r,l,k, 3); - BF_ENC(l,r,k, 4); - BF_ENC(r,l,k, 5); - BF_ENC(l,r,k, 6); - BF_ENC(r,l,k, 7); - BF_ENC(l,r,k, 8); - BF_ENC(r,l,k, 9); - BF_ENC(l,r,k,10); - BF_ENC(r,l,k,11); - BF_ENC(l,r,k,12); - BF_ENC(r,l,k,13); - BF_ENC(l,r,k,14); - BF_ENC(r,l,k,15); - BF_ENC(l,r,k,16); -#if BF_ROUNDS == 20 - BF_ENC(r,l,k,17); - BF_ENC(l,r,k,18); - BF_ENC(r,l,k,19); - BF_ENC(l,r,k,20); -#endif - r^=k[BF_ROUNDS+1]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#endif - } - -#ifndef BF_DEFAULT_OPTIONS - -void BF_decrypt(BF_LONG *data, const BF_KEY *key) - { -#ifndef BF_PTR2 - register BF_LONG l,r; - const register BF_LONG *p,*s; - - p=key->P; - s= &(key->S[0]); - l=data[0]; - r=data[1]; - - l^=p[BF_ROUNDS+1]; -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[20]); - BF_ENC(l,r,s,p[19]); - BF_ENC(r,l,s,p[18]); - BF_ENC(l,r,s,p[17]); -#endif - BF_ENC(r,l,s,p[16]); - BF_ENC(l,r,s,p[15]); - BF_ENC(r,l,s,p[14]); - BF_ENC(l,r,s,p[13]); - BF_ENC(r,l,s,p[12]); - BF_ENC(l,r,s,p[11]); - BF_ENC(r,l,s,p[10]); - BF_ENC(l,r,s,p[ 9]); - BF_ENC(r,l,s,p[ 8]); - BF_ENC(l,r,s,p[ 7]); - BF_ENC(r,l,s,p[ 6]); - BF_ENC(l,r,s,p[ 5]); - BF_ENC(r,l,s,p[ 4]); - BF_ENC(l,r,s,p[ 3]); - BF_ENC(r,l,s,p[ 2]); - BF_ENC(l,r,s,p[ 1]); - r^=p[0]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#else - register BF_LONG l,r,t,*k; - - l=data[0]; - r=data[1]; - k=(BF_LONG *)key; - - l^=k[BF_ROUNDS+1]; -#if BF_ROUNDS == 20 - BF_ENC(r,l,k,20); - BF_ENC(l,r,k,19); - BF_ENC(r,l,k,18); - BF_ENC(l,r,k,17); -#endif - BF_ENC(r,l,k,16); - BF_ENC(l,r,k,15); - BF_ENC(r,l,k,14); - BF_ENC(l,r,k,13); - BF_ENC(r,l,k,12); - BF_ENC(l,r,k,11); - BF_ENC(r,l,k,10); - BF_ENC(l,r,k, 9); - BF_ENC(r,l,k, 8); - BF_ENC(l,r,k, 7); - BF_ENC(r,l,k, 6); - BF_ENC(l,r,k, 5); - BF_ENC(r,l,k, 4); - BF_ENC(l,r,k, 3); - BF_ENC(r,l,k, 2); - BF_ENC(l,r,k, 1); - r^=k[0]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#endif - } - -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) - { - register BF_LONG tin0,tin1; - register BF_LONG tout0,tout1,xor0,xor1; - register long l=length; - BF_LONG tin[2]; - - if (encrypt) - { - n2l(ivec,tout0); - n2l(ivec,tout1); - ivec-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,schedule); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - if (l != -8) - { - n2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,schedule); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - l2n(tout0,ivec); - l2n(tout1,ivec); - } - else - { - n2l(ivec,xor0); - n2l(ivec,xor1); - ivec-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_decrypt(tin,schedule); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2n(tout0,out); - l2n(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_decrypt(tin,schedule); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2nn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2n(xor0,ivec); - l2n(xor1,ivec); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif diff --git a/AppleCSP/open_ssl/bf/bf_locl.h b/AppleCSP/open_ssl/bf/bf_locl.h deleted file mode 100644 index 778420b0..00000000 --- a/AppleCSP/open_ssl/bf/bf_locl.h +++ /dev/null @@ -1,232 +0,0 @@ -/* crypto/bf/bf_locl.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BF_LOCL_H -#define HEADER_BF_LOCL_H -#include /* BF_PTR, BF_PTR2 */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#if defined(__GNUC__) && defined(__ppc__) -/* alignment tolerant big-endian optimization */ - #define n2l(c,l) { l= *((unsigned long *)c); c += 4; } -#else -/* little endian, etc. */ - #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) -#endif - -#undef l2n -#if defined(__GNUC__) && defined(__ppc__) - /* alignment tolerant big-endian optimization */ - #define l2n(l,c) { *((unsigned long *)c) = l; c += 4; } -#else - /* little endian, etc. */ - #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#endif /* GNU, big endian */ - -/* This is actually a big endian algorithm, the most significant byte - * is used to lookup array 0 */ - -#if defined(BF_PTR2) - -/* - * This is basically a special Intel version. Point is that Intel - * doesn't have many registers, but offers a reach choice of addressing - * modes. So we spare some registers by directly traversing BF_KEY - * structure and hiring the most decorated addressing mode. The code - * generated by EGCS is *perfectly* competitive with assembler - * implementation! - */ -#define BF_ENC(LL,R,KEY,Pi) (\ - LL^=KEY[Pi], \ - t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \ - t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \ - LL^=t \ - ) - -#elif defined(BF_PTR) - -#ifndef BF_LONG_LOG2 -#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */ -#endif -#define BF_M (0xFF<>BF_i)&BF_M gets folded into a single instruction, namely - * rlwinm. So let'em double-check if their compiler does it. - */ - -#define BF_ENC(LL,R,S,P) ( \ - LL^=P, \ - LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \ - *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \ - *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \ - *(BF_LONG *)((unsigned char *)&(S[768])+((R<>24)&0xff)] + \ - S[0x0100+((int)(R>>16)&0xff)])^ \ - S[0x0200+((int)(R>> 8)&0xff)])+ \ - S[0x0300+((int)(R )&0xff)])&0xffffffffL \ - ) -#endif - -#endif diff --git a/AppleCSP/open_ssl/bf/bf_pi.h b/AppleCSP/open_ssl/bf/bf_pi.h deleted file mode 100644 index 9949513c..00000000 --- a/AppleCSP/open_ssl/bf/bf_pi.h +++ /dev/null @@ -1,325 +0,0 @@ -/* crypto/bf/bf_pi.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -static const BF_KEY bf_init= { - { - 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, - 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, - 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, - 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, - 0x9216d5d9L, 0x8979fb1b - },{ - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, - } - }; - diff --git a/AppleCSP/open_ssl/bf/bf_skey.c b/AppleCSP/open_ssl/bf/bf_skey.c deleted file mode 100644 index 4d6a232f..00000000 --- a/AppleCSP/open_ssl/bf/bf_skey.c +++ /dev/null @@ -1,116 +0,0 @@ -/* crypto/bf/bf_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include "bf_locl.h" -#include "bf_pi.h" - -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) - { - int i; - BF_LONG *p,ri,in[2]; - const unsigned char *d,*end; - - - memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY)); - p=key->P; - - if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; - - d=data; - end= &(data[len]); - for (i=0; i<(BF_ROUNDS+2); i++) - { - ri= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - p[i]^=ri; - } - - in[0]=0L; - in[1]=0L; - for (i=0; i<(BF_ROUNDS+2); i+=2) - { - BF_encrypt(in,key); - p[i ]=in[0]; - p[i+1]=in[1]; - } - - p=key->S; - for (i=0; i<4*256; i+=2) - { - BF_encrypt(in,key); - p[i ]=in[0]; - p[i+1]=in[1]; - } - } - diff --git a/AppleCSP/open_ssl/bio/bio_lib.c b/AppleCSP/open_ssl/bio/bio_lib.c deleted file mode 100644 index 4040be73..00000000 --- a/AppleCSP/open_ssl/bio/bio_lib.c +++ /dev/null @@ -1,552 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bio/bio_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include "cryptlib.h" -#include -#include - -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; -static int bio_meth_num=0; - -BIO *BIO_new(const BIO_METHOD *method) - { - BIO *ret=NULL; - - ret=(BIO *)Malloc(sizeof(BIO)); - if (ret == NULL) - { - BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - if (!BIO_set(ret,method)) - { - Free(ret); - ret=NULL; - } - return(ret); - } - -int BIO_set(BIO *bio, const BIO_METHOD *method) - { - bio->method=method; - bio->callback=NULL; - bio->cb_arg=NULL; - bio->init=0; - bio->shutdown=1; - bio->flags=0; - bio->retry_reason=0; - bio->num=0; - bio->ptr=NULL; - bio->prev_bio=NULL; - bio->next_bio=NULL; - bio->references=1; - bio->num_read=0L; - bio->num_write=0L; - CRYPTO_new_ex_data(bio_meth,bio,&bio->ex_data); - if (method->create != NULL) - if (!method->create(bio)) - return(0); - return(1); - } - -int BIO_free(BIO *a) - { - int ret=0,i; - - if (a == NULL) return(0); - - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO); -#ifdef REF_PRINT - REF_PRINT("BIO",a); -#endif - if (i > 0) return(1); -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"BIO_free, bad reference count\n"); - abort(); - } -#endif - if ((a->callback != NULL) && - ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) - return(i); - - CRYPTO_free_ex_data(bio_meth,a,&a->ex_data); - - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); - Free(a); - return(1); - } - -int BIO_read(BIO *b, void *out, int outl) - { - int i; - long (*cb)(); - - if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) - { - BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - cb=b->callback; - if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0)) - return(i); - - if (!b->init) - { - BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED); - return(-2); - } - - i=b->method->bread(b,out,outl); - - if (i > 0) b->num_read+=(unsigned long)i; - - if (cb != NULL) - i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl, - 0L,(long)i); - return(i); - } - -int BIO_write(BIO *b, const void *in, int inl) - { - int i; - long (*cb)(); - - if (b == NULL) - return(0); - - cb=b->callback; - if ((b->method == NULL) || (b->method->bwrite == NULL)) - { - BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0)) - return(i); - - if (!b->init) - { - BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED); - return(-2); - } - - i=b->method->bwrite(b,in,inl); - - if (i > 0) b->num_write+=(unsigned long)i; - - /* This is evil and not thread safe. If the BIO has been freed, - * we must not call the callback. The only way to be able to - * determine this is the reference count which is now invalid since - * the memory has been free()ed. - */ - if (b->references <= 0) abort(); - if (cb != NULL) /* && (b->references >= 1)) */ - i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl, - 0L,(long)i); - return(i); - } - -int BIO_puts(BIO *b, const char *in) - { - int i; - long (*cb)(); - - if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) - { - BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - cb=b->callback; - - if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0)) - return(i); - - if (!b->init) - { - BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED); - return(-2); - } - - i=b->method->bputs(b,in); - - if (cb != NULL) - i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, - 0L,(long)i); - return(i); - } - -int BIO_gets(BIO *b, char *in, int inl) - { - int i; - long (*cb)(); - - if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) - { - BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - cb=b->callback; - - if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0)) - return(i); - - if (!b->init) - { - BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED); - return(-2); - } - - i=b->method->bgets(b,in,inl); - - if (cb != NULL) - i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl, - 0L,(long)i); - return(i); - } - -long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) - { - int i; - - i=iarg; - return(BIO_ctrl(b,cmd,larg,(char *)&i)); - } - -char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) - { - char *p=NULL; - - if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0) - return(NULL); - else - return(p); - } - -long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) - { - long ret; - long (*cb)(); - - if (b == NULL) return(0); - - if ((b->method == NULL) || (b->method->ctrl == NULL)) - { - BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - cb=b->callback; - - if ((cb != NULL) && - ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0)) - return(ret); - - ret=b->method->ctrl(b,cmd,larg,parg); - - if (cb != NULL) - ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, - larg,ret); - return(ret); - } - -long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)()) - { - long ret; - long (*cb)(); - - if (b == NULL) return(0); - - if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) - { - BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } - - cb=b->callback; - - if ((cb != NULL) && - ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0)) - return(ret); - - ret=b->method->callback_ctrl(b,cmd,fp); - - if (cb != NULL) - ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd, - 0,ret); - return(ret); - } - -/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros - * do; but those macros have inappropriate return type, and for interfacing - * from other programming languages, C macros aren't much of a help anyway. */ -size_t BIO_ctrl_pending(BIO *bio) - { - return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); - } - -size_t BIO_ctrl_wpending(BIO *bio) - { - return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); - } - - -/* put the 'bio' on the end of b's list of operators */ -BIO *BIO_push(BIO *b, BIO *bio) - { - BIO *lb; - - if (b == NULL) return(bio); - lb=b; - while (lb->next_bio != NULL) - lb=lb->next_bio; - lb->next_bio=bio; - if (bio != NULL) - bio->prev_bio=lb; - /* called to do internal processing */ - BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL); - return(b); - } - -/* Remove the first and return the rest */ -BIO *BIO_pop(BIO *b) - { - BIO *ret; - - if (b == NULL) return(NULL); - ret=b->next_bio; - - if (b->prev_bio != NULL) - b->prev_bio->next_bio=b->next_bio; - if (b->next_bio != NULL) - b->next_bio->prev_bio=b->prev_bio; - - b->next_bio=NULL; - b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); - return(ret); - } - -BIO *BIO_get_retry_BIO(BIO *bio, int *reason) - { - BIO *b,*last; - - b=last=bio; - for (;;) - { - if (!BIO_should_retry(b)) break; - last=b; - b=b->next_bio; - if (b == NULL) break; - } - if (reason != NULL) *reason=last->retry_reason; - return(last); - } - -int BIO_get_retry_reason(BIO *bio) - { - return(bio->retry_reason); - } - -BIO *BIO_find_type(BIO *bio, int type) - { - int mt,mask; - - mask=type&0xff; - do { - if (bio->method != NULL) - { - mt=bio->method->type; - - if (!mask) - { - if (mt & type) return(bio); - } - else if (mt == type) - return(bio); - } - bio=bio->next_bio; - } while (bio != NULL); - return(NULL); - } - -void BIO_free_all(BIO *bio) - { - BIO *b; - int ref; - - while (bio != NULL) - { - b=bio; - ref=b->references; - bio=bio->next_bio; - BIO_free(b); - /* Since ref count > 1, don't free anyone else. */ - if (ref > 1) break; - } - } - -BIO *BIO_dup_chain(BIO *in) - { - BIO *ret=NULL,*eoc=NULL,*bio,*new; - - for (bio=in; bio != NULL; bio=bio->next_bio) - { - if ((new=BIO_new(bio->method)) == NULL) goto err; - new->callback=bio->callback; - new->cb_arg=bio->cb_arg; - new->init=bio->init; - new->shutdown=bio->shutdown; - new->flags=bio->flags; - - /* This will let SSL_s_sock() work with stdin/stdout */ - new->num=bio->num; - - if (!BIO_dup_state(bio,(char *)new)) - { - BIO_free(new); - goto err; - } - - /* copy app data */ - if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data)) - goto err; - - if (ret == NULL) - { - eoc=new; - ret=eoc; - } - else - { - BIO_push(eoc,new); - eoc=new; - } - } - return(ret); -err: - if (ret != NULL) - BIO_free(ret); - return(NULL); - } - -void BIO_copy_next_retry(BIO *b) - { - BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); - b->retry_reason=b->next_bio->retry_reason; - } - -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - bio_meth_num++; - return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth, - argl,argp,new_func,dup_func,free_func)); - } - -int BIO_set_ex_data(BIO *bio, int idx, void *data) - { - return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); - } - -void *BIO_get_ex_data(BIO *bio, int idx) - { - return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); - } - -unsigned long BIO_number_read(BIO *bio) -{ - if(bio) return bio->num_read; - return 0; -} - -unsigned long BIO_number_written(BIO *bio) -{ - if(bio) return bio->num_write; - return 0; -} diff --git a/AppleCSP/open_ssl/bio/bss_file.c b/AppleCSP/open_ssl/bio/bss_file.c deleted file mode 100644 index 97ad27b7..00000000 --- a/AppleCSP/open_ssl/bio/bss_file.c +++ /dev/null @@ -1,328 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bio/bss_file.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout - * with binary data (e.g. asn1parse -inform DER < xxx) under - * Windows - */ - -#ifndef HEADER_BSS_FILE_C -#define HEADER_BSS_FILE_C - -#include -#include -#include "cryptlib.h" -#include -#include - -#if !defined(NO_STDIO) - -static int MS_CALLBACK file_write(BIO *h,char *buf,int num); -static int MS_CALLBACK file_read(BIO *h,char *buf,int size); -static int MS_CALLBACK file_puts(BIO *h,char *str); -static int MS_CALLBACK file_gets(BIO *h,char *str,int size); -static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2); -static int MS_CALLBACK file_new(BIO *h); -static int MS_CALLBACK file_free(BIO *data); -static const BIO_METHOD methods_filep= - { - BIO_TYPE_FILE, - "FILE pointer", - file_write, - file_read, - file_puts, - file_gets, - file_ctrl, - file_new, - file_free, - NULL, - }; - -BIO *BIO_new_file(const char *filename, const char *mode) - { - BIO *ret; - FILE *file; - - if ((file=fopen(filename,mode)) == NULL) - { - SYSerr(SYS_F_FOPEN,get_last_sys_error()); - ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); - BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); - return(NULL); - } - if ((ret=BIO_new(BIO_s_file_internal())) == NULL) - return(NULL); - - BIO_set_fp(ret,file,BIO_CLOSE); - return(ret); - } - -BIO *BIO_new_fp(FILE *stream, int close_flag) - { - BIO *ret; - - if ((ret=BIO_new(BIO_s_file())) == NULL) - return(NULL); - - BIO_set_fp(ret,stream,close_flag); - return(ret); - } - -const BIO_METHOD *BIO_s_file(void) - { - return(&methods_filep); - } - -static int MS_CALLBACK file_new(BIO *bi) - { - bi->init=0; - bi->num=0; - bi->ptr=NULL; - return(1); - } - -static int MS_CALLBACK file_free(BIO *a) - { - if (a == NULL) return(0); - if (a->shutdown) - { - if ((a->init) && (a->ptr != NULL)) - { - fclose((FILE *)a->ptr); - a->ptr=NULL; - } - a->init=0; - } - return(1); - } - -static int MS_CALLBACK file_read(BIO *b, char *out, int outl) - { - int ret=0; - - if (b->init && (out != NULL)) - { - ret=fread(out,1,(int)outl,(FILE *)b->ptr); - } - return(ret); - } - -static int MS_CALLBACK file_write(BIO *b, char *in, int inl) - { - int ret=0; - - if (b->init && (in != NULL)) - { - if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) - ret=inl; - /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ - /* according to Tim Hudson , the commented - * out version above can cause 'inl' write calls under - * some stupid stdio implementations (VMS) */ - } - return(ret); - } - -static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, char *ptr) - { - long ret=1; - FILE *fp=(FILE *)b->ptr; - FILE **fpp; - char p[4]; - - switch (cmd) - { - case BIO_C_FILE_SEEK: - case BIO_CTRL_RESET: - ret=(long)fseek(fp,num,0); - break; - case BIO_CTRL_EOF: - ret=(long)feof(fp); - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret=ftell(fp); - break; - case BIO_C_SET_FILE_PTR: - file_free(b); - b->shutdown=(int)num&BIO_CLOSE; - b->ptr=(char *)ptr; - b->init=1; -#if defined(MSDOS) || defined(WINDOWS) - /* Set correct text/binary mode */ - if (num & BIO_FP_TEXT) - _setmode(fileno((FILE *)ptr),_O_TEXT); - else - _setmode(fileno((FILE *)ptr),_O_BINARY); -#endif - break; - case BIO_C_SET_FILENAME: - file_free(b); - b->shutdown=(int)num&BIO_CLOSE; - if (num & BIO_FP_APPEND) - { - if (num & BIO_FP_READ) - strcpy(p,"a+"); - else strcpy(p,"a"); - } - else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - strcpy(p,"r+"); - else if (num & BIO_FP_WRITE) - strcpy(p,"w"); - else if (num & BIO_FP_READ) - strcpy(p,"r"); - else - { - BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); - ret=0; - break; - } -#if defined(MSDOS) || defined(WINDOWS) - if (!(num & BIO_FP_TEXT)) - strcat(p,"b"); - else - strcat(p,"t"); -#endif - fp=fopen(ptr,p); - if (fp == NULL) - { - SYSerr(SYS_F_FOPEN,get_last_sys_error()); - ERR_add_error_data(5,"fopen('",ptr,"','",p,"')"); - BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB); - ret=0; - break; - } - b->ptr=(char *)fp; - b->init=1; - break; - case BIO_C_GET_FILE_PTR: - /* the ptr parameter is actually a FILE ** in this case. */ - if (ptr != NULL) - { - fpp=(FILE **)ptr; - *fpp=(FILE *)b->ptr; - } - break; - case BIO_CTRL_GET_CLOSE: - ret=(long)b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; - break; - case BIO_CTRL_FLUSH: - fflush((FILE *)b->ptr); - break; - case BIO_CTRL_DUP: - ret=1; - break; - - case BIO_CTRL_WPENDING: - case BIO_CTRL_PENDING: - case BIO_CTRL_PUSH: - case BIO_CTRL_POP: - default: - ret=0; - break; - } - return(ret); - } - -static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) - { - int ret=0; - - buf[0]='\0'; - fgets(buf,size,(FILE *)bp->ptr); - if (buf[0] != '\0') - ret=strlen(buf); - return(ret); - } - -static int MS_CALLBACK file_puts(BIO *bp, char *str) - { - int n,ret; - - n=strlen(str); - ret=file_write(bp,str,n); - return(ret); - } - -#endif /* NO_STDIO */ - -#endif /* HEADER_BSS_FILE_C */ - - diff --git a/AppleCSP/open_ssl/bn/bn_add.c b/AppleCSP/open_ssl/bn/bn_add.c deleted file mode 100644 index 3abd7499..00000000 --- a/AppleCSP/open_ssl/bn/bn_add.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_add.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -/* r can == a or b */ -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - /* a + b a+b - * a + -b a-b - * -a + b b-a - * -a + -b -(a+b) - */ - if (a->neg ^ b->neg) - { - /* only one is negative */ - if (a->neg) - { tmp=a; a=b; b=tmp; } - - /* we are now a - b */ - - if (BN_ucmp(a,b) < 0) - { - if (!BN_usub(r,b,a)) return(0); - r->neg=1; - } - else - { - if (!BN_usub(r,a,b)) return(0); - r->neg=0; - } - return(1); - } - - if (a->neg) /* both are neg */ - r->neg=1; - else - r->neg=0; - - if (!BN_uadd(r,a,b)) return(0); - return(1); - } - -/* unsigned add of b to a, r must be large enough */ -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - register int i; - int max,min; - BN_ULONG *ap,*bp,*rp,carry,t1; - const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) - { tmp=a; a=b; b=tmp; } - max=a->top; - min=b->top; - - if (bn_wexpand(r,max+1) == NULL) - return(0); - - r->top=max; - - - ap=a->d; - bp=b->d; - rp=r->d; - carry=0; - - carry=bn_add_words(rp,ap,bp,min); - rp+=min; - ap+=min; - bp+=min; - i=min; - - if (carry) - { - while (i < max) - { - i++; - t1= *(ap++); - if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) - { - carry=0; - break; - } - } - if ((i >= max) && carry) - { - *(rp++)=1; - r->top++; - } - } - if (rp != ap) - { - for (; itop < b->top) /* hmm... should not be happening */ - { - BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); - return(0); - } - - max=a->top; - min=b->top; - if (bn_wexpand(r,max) == NULL) return(0); - - ap=a->d; - bp=b->d; - rp=r->d; - -#if 1 - carry=0; - for (i=0; i t2) break; - } - } -#if 0 - memcpy(rp,ap,sizeof(*rp)*(max-i)); -#else - if (rp != ap) - { - for (;;) - { - if (i++ >= max) break; - rp[0]=ap[0]; - if (i++ >= max) break; - rp[1]=ap[1]; - if (i++ >= max) break; - rp[2]=ap[2]; - if (i++ >= max) break; - rp[3]=ap[3]; - rp+=4; - ap+=4; - } - } -#endif - - r->top=max; - bn_fix_top(r); - return(1); - } - -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max; - int add=0,neg=0; - const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - /* a - b a-b - * a - -b a+b - * -a - b -(a+b) - * -a - -b b-a - */ - if (a->neg) - { - if (b->neg) - { tmp=a; a=b; b=tmp; } - else - { add=1; neg=1; } - } - else - { - if (b->neg) { add=1; neg=0; } - } - - if (add) - { - if (!BN_uadd(r,a,b)) return(0); - r->neg=neg; - return(1); - } - - /* We are actually doing a - b :-) */ - - max=(a->top > b->top)?a->top:b->top; - if (bn_wexpand(r,max) == NULL) return(0); - if (BN_ucmp(a,b) < 0) - { - if (!BN_usub(r,b,a)) return(0); - r->neg=1; - } - else - { - if (!BN_usub(r,a,b)) return(0); - r->neg=0; - } - return(1); - } - diff --git a/AppleCSP/open_ssl/bn/bn_asm.c b/AppleCSP/open_ssl/bn/bn_asm.c deleted file mode 100644 index d5c137f3..00000000 --- a/AppleCSP/open_ssl/bn/bn_asm.c +++ /dev/null @@ -1,855 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_asm.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; - - assert(num >= 0); - if (num <= 0) return(c1); - - while (num&~3) - { - mul_add(rp[0],ap[0],w,c1); - mul_add(rp[1],ap[1],w,c1); - mul_add(rp[2],ap[2],w,c1); - mul_add(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; - mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; - mul_add(rp[2],ap[2],w,c1); return c1; - } - - return(c1); - } - -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; - - assert(num >= 0); - if (num <= 0) return(c1); - - while (num&~3) - { - mul(rp[0],ap[0],w,c1); - mul(rp[1],ap[1],w,c1); - mul(rp[2],ap[2],w,c1); - mul(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; - mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; - mul(rp[2],ap[2],w,c1); - } - return(c1); - } - -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) - { - assert(n >= 0); - if (n <= 0) return; - while (n&~3) - { - sqr(r[0],r[1],a[0]); - sqr(r[2],r[3],a[1]); - sqr(r[4],r[5],a[2]); - sqr(r[6],r[7],a[3]); - a+=4; r+=8; n-=4; - } - if (n) - { - sqr(r[0],r[1],a[0]); if (--n == 0) return; - sqr(r[2],r[3],a[1]); if (--n == 0) return; - sqr(r[4],r[5],a[2]); - } - } - -#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c=0; - BN_ULONG bl,bh; - - assert(num >= 0); - if (num <= 0) return((BN_ULONG)0); - - bl=LBITS(w); - bh=HBITS(w); - - for (;;) - { - mul_add(rp[0],ap[0],bl,bh,c); - if (--num == 0) break; - mul_add(rp[1],ap[1],bl,bh,c); - if (--num == 0) break; - mul_add(rp[2],ap[2],bl,bh,c); - if (--num == 0) break; - mul_add(rp[3],ap[3],bl,bh,c); - if (--num == 0) break; - ap+=4; - rp+=4; - } - return(c); - } - -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG carry=0; - BN_ULONG bl,bh; - - assert(num >= 0); - if (num <= 0) return((BN_ULONG)0); - - bl=LBITS(w); - bh=HBITS(w); - - for (;;) - { - mul(rp[0],ap[0],bl,bh,carry); - if (--num == 0) break; - mul(rp[1],ap[1],bl,bh,carry); - if (--num == 0) break; - mul(rp[2],ap[2],bl,bh,carry); - if (--num == 0) break; - mul(rp[3],ap[3],bl,bh,carry); - if (--num == 0) break; - ap+=4; - rp+=4; - } - return(carry); - } - -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) - { - assert(n >= 0); - if (n <= 0) return; - for (;;) - { - sqr64(r[0],r[1],a[0]); - if (--n == 0) break; - - sqr64(r[2],r[3],a[1]); - if (--n == 0) break; - - sqr64(r[4],r[5],a[2]); - if (--n == 0) break; - - sqr64(r[6],r[7],a[3]); - if (--n == 0) break; - - a+=4; - r+=8; - } - } - -#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ - -#if defined(BN_LLONG) && defined(BN_DIV2W) - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) - { - return((BN_ULONG)(((((BN_ULLONG)h)< (BN_ULONG)1<= d) h-=d; - - if (i) - { - d<<=i; - h=(h<>(BN_BITS2-i)); - l<<=i; - } - dh=(d&BN_MASK2h)>>BN_BITS4; - dl=(d&BN_MASK2l); - for (;;) - { - if ((h>>BN_BITS4) == dh) - q=BN_MASK2l; - else - q=h/dh; - - th=q*dh; - tl=dl*q; - for (;;) - { - t=h-th; - if ((t&BN_MASK2h) || - ((tl) <= ( - (t<>BN_BITS4)))) - break; - q--; - th-=dh; - tl-=dl; - } - t=(tl>>BN_BITS4); - tl=(tl<>BN_BITS4))&BN_MASK2; - l=(l&BN_MASK2l)<= 0); - if (n <= 0) return((BN_ULONG)0); - - for (;;) - { - ll+=(BN_ULLONG)a[0]+b[0]; - r[0]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[1]+b[1]; - r[1]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[2]+b[2]; - r[2]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[3]+b[3]; - r[3]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return((BN_ULONG)ll); - } -#else /* !BN_LLONG */ -BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { - BN_ULONG c,l,t; - - assert(n >= 0); - if (n <= 0) return((BN_ULONG)0); - - c=0; - for (;;) - { - t=a[0]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[0])&BN_MASK2; - c+=(l < t); - r[0]=l; - if (--n <= 0) break; - - t=a[1]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[1])&BN_MASK2; - c+=(l < t); - r[1]=l; - if (--n <= 0) break; - - t=a[2]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[2])&BN_MASK2; - c+=(l < t); - r[2]=l; - if (--n <= 0) break; - - t=a[3]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[3])&BN_MASK2; - c+=(l < t); - r[3]=l; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return((BN_ULONG)c); - } -#endif /* !BN_LLONG */ - -BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { - BN_ULONG t1,t2; - int c=0; - - assert(n >= 0); - if (n <= 0) return((BN_ULONG)0); - - for (;;) - { - t1=a[0]; t2=b[0]; - r[0]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[1]; t2=b[1]; - r[1]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[2]; t2=b[2]; - r[2]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[3]; t2=b[3]; - r[3]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return(c); - } - -#ifdef BN_MUL_COMBA - -#undef bn_mul_comba8 -#undef bn_mul_comba4 -#undef bn_sqr_comba8 -#undef bn_sqr_comba4 - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ - -#ifdef BN_LLONG -#define mul_add_c(a,b,c0,c1,c2) \ - t=(BN_ULLONG)a*b; \ - t1=(BN_ULONG)Lw(t); \ - t2=(BN_ULONG)Hw(t); \ - c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; - -#define mul_add_c2(a,b,c0,c1,c2) \ - t=(BN_ULLONG)a*b; \ - tt=(t+t)&BN_MASK; \ - if (tt < t) c2++; \ - t1=(BN_ULONG)Lw(tt); \ - t2=(BN_ULONG)Hw(tt); \ - c0=(c0+t1)&BN_MASK2; \ - if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; - -#define sqr_add_c(a,i,c0,c1,c2) \ - t=(BN_ULLONG)a[i]*a[i]; \ - t1=(BN_ULONG)Lw(t); \ - t2=(BN_ULONG)Hw(t); \ - c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; - -#define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) - -#elif defined(BN_UMULT_HIGH) - -#define mul_add_c(a,b,c0,c1,c2) { \ - BN_ULONG ta=(a),tb=(b); \ - t1 = ta * tb; \ - t2 = BN_UMULT_HIGH(ta,tb); \ - c0 += t1; t2 += (c0 -#include "cryptlib.h" -#include "bn_lcl.h" - -BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) - { - BN_BLINDING *ret=NULL; - - bn_check_top(Ai); - bn_check_top(mod); - - if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL) - { - BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret,0,sizeof(BN_BLINDING)); - if ((ret->A=BN_new()) == NULL) goto err; - if ((ret->Ai=BN_new()) == NULL) goto err; - if (!BN_copy(ret->A,A)) goto err; - if (!BN_copy(ret->Ai,Ai)) goto err; - ret->mod=mod; - return(ret); -err: - if (ret != NULL) BN_BLINDING_free(ret); - return(NULL); - } - -void BN_BLINDING_free(BN_BLINDING *r) - { - if(r == NULL) - return; - - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - Free(r); - } - -int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) - { - int ret=0; - - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); - goto err; - } - - if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; - if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; - - ret=1; -err: - return(ret); - } - -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) - { - bn_check_top(n); - - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); - return(0); - } - return(BN_mod_mul(n,n,b->A,b->mod,ctx)); - } - -int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) - { - int ret; - - bn_check_top(n); - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); - return(0); - } - if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) - { - if (!BN_BLINDING_update(b,ctx)) - return(0); - } - return(ret); - } - diff --git a/AppleCSP/open_ssl/bn/bn_ctx.c b/AppleCSP/open_ssl/bn/bn_ctx.c deleted file mode 100644 index bcb922cb..00000000 --- a/AppleCSP/open_ssl/bn/bn_ctx.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_ctx.c */ -/* Written by Ulf Moeller for the OpenSSL project. */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include -#include -#include "cryptlib.h" -#include - - -BN_CTX *BN_CTX_new(void) - { - BN_CTX *ret; - - ret=(BN_CTX *)Malloc(sizeof(BN_CTX)); - if (ret == NULL) - { - BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - - BN_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } - -void BN_CTX_init(BN_CTX *ctx) - { - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; - ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); - } - -void BN_CTX_free(BN_CTX *ctx) - { - int i; - - if (ctx == NULL) return; - assert(ctx->depth == 0); - - for (i=0; i < BN_CTX_NUM; i++) - BN_clear_free(&(ctx->bn[i])); - if (ctx->flags & BN_FLG_MALLOCED) - Free(ctx); - } - -void BN_CTX_start(BN_CTX *ctx) - { - if (ctx->depth < BN_CTX_NUM_POS) - ctx->pos[ctx->depth] = ctx->tos; - ctx->depth++; - } - -BIGNUM *BN_CTX_get(BN_CTX *ctx) - { - if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) - { - if (!ctx->too_many) - { - BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); - /* disable error code until BN_CTX_end is called: */ - ctx->too_many = 1; - } - return NULL; - } - return (&(ctx->bn[ctx->tos++])); - } - -void BN_CTX_end(BN_CTX *ctx) - { - if (ctx == NULL) return; - assert(ctx->depth > 0); - if (ctx->depth == 0) - /* should never happen, but we can tolerate it if not in - * debug mode (could be a 'goto err' in the calling function - * before BN_CTX_start was reached) */ - BN_CTX_start(ctx); - - ctx->too_many = 0; - ctx->depth--; - if (ctx->depth < BN_CTX_NUM_POS) - ctx->tos = ctx->pos[ctx->depth]; - } diff --git a/AppleCSP/open_ssl/bn/bn_div.c b/AppleCSP/open_ssl/bn/bn_div.c deleted file mode 100644 index a85fb3a4..00000000 --- a/AppleCSP/open_ssl/bn/bn_div.c +++ /dev/null @@ -1,398 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_div.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -/* The old slow way */ -#if 0 -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx) - { - int i,nm,nd; - int ret = 0; - BIGNUM *D; - - bn_check_top(m); - bn_check_top(d); - if (BN_is_zero(d)) - { - BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); - return(0); - } - - if (BN_ucmp(m,d) < 0) - { - if (rem != NULL) - { if (BN_copy(rem,m) == NULL) return(0); } - if (dv != NULL) BN_zero(dv); - return(1); - } - - BN_CTX_start(ctx); - D = BN_CTX_get(ctx); - if (dv == NULL) dv = BN_CTX_get(ctx); - if (rem == NULL) rem = BN_CTX_get(ctx); - if (D == NULL || dv == NULL || rem == NULL) - goto end; - - nd=BN_num_bits(d); - nm=BN_num_bits(m); - if (BN_copy(D,d) == NULL) goto end; - if (BN_copy(rem,m) == NULL) goto end; - - /* The next 2 are needed so we can do a dv->d[0]|=1 later - * since BN_lshift1 will only work once there is a value :-) */ - BN_zero(dv); - bn_wexpand(dv,1); - dv->top=1; - - if (!BN_lshift(D,D,nm-nd)) goto end; - for (i=nm-nd; i>=0; i--) - { - if (!BN_lshift1(dv,dv)) goto end; - if (BN_ucmp(rem,D) >= 0) - { - dv->d[0]|=1; - if (!BN_usub(rem,rem,D)) goto end; - } -/* CAN IMPROVE (and have now :=) */ - if (!BN_rshift1(D,D)) goto end; - } - rem->neg=BN_is_zero(rem)?0:m->neg; - dv->neg=m->neg^d->neg; - ret = 1; - end: - BN_CTX_end(ctx); - return(ret); - } - -#else - -#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) - /* - * There were two reasons for implementing this template: - * - GNU C generates a call to a function (__udivdi3 to be exact) - * in reply to ((((BN_ULLONG)n0)< - */ -# define bn_div_words(n0,n1,d0) \ - ({ asm volatile ( \ - "divl %4" \ - : "=a"(q), "=d"(rem) \ - : "a"(n1), "d"(n0), "g"(d0) \ - : "cc"); \ - q; \ - }) -# define REMAINDER_IS_ALREADY_CALCULATED -# endif /* __ */ -# endif /* __GNUC__ */ -#endif /* NO_ASM */ - -int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) - { - int norm_shift,i,j,loop; - BIGNUM *tmp,wnum,*snum,*sdiv,*res; - BN_ULONG *resp,*wnump; - BN_ULONG d0,d1; - int num_n,div_n; - - bn_check_top(num); - bn_check_top(divisor); - - if (BN_is_zero(divisor)) - { - BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); - return(0); - } - - if (BN_ucmp(num,divisor) < 0) - { - if (rm != NULL) - { if (BN_copy(rm,num) == NULL) return(0); } - if (dv != NULL) BN_zero(dv); - return(1); - } - - BN_CTX_start(ctx); - tmp=BN_CTX_get(ctx); - tmp->neg=0; - snum=BN_CTX_get(ctx); - sdiv=BN_CTX_get(ctx); - if (dv == NULL) - res=BN_CTX_get(ctx); - else res=dv; - if (res == NULL) goto err; - - /* First we normalise the numbers */ - norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); - BN_lshift(sdiv,divisor,norm_shift); - sdiv->neg=0; - norm_shift+=BN_BITS2; - BN_lshift(snum,num,norm_shift); - snum->neg=0; - div_n=sdiv->top; - num_n=snum->top; - loop=num_n-div_n; - - /* Lets setup a 'window' into snum - * This is the part that corresponds to the current - * 'area' being divided */ - BN_init(&wnum); - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.max= snum->max+1; /* a bit of a lie */ - - /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ - d0=sdiv->d[div_n-1]; - d1=(div_n == 1)?0:sdiv->d[div_n-2]; - - /* pointer to the 'top' of snum */ - wnump= &(snum->d[num_n-1]); - - /* Setup to 'res' */ - res->neg= (num->neg^divisor->neg); - if (!bn_wexpand(res,(loop+1))) goto err; - res->top=loop; - resp= &(res->d[loop-1]); - - /* space for temp */ - if (!bn_wexpand(tmp,(div_n+1))) goto err; - - if (BN_ucmp(&wnum,sdiv) >= 0) - { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; - *resp=1; - res->d[res->top-1]=1; - } - else - res->top--; - resp--; - - for (i=0; id,sdiv->d,div_n,q); - wnum.d--; wnum.top++; - tmp->d[div_n]=l0; - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - BN_sub(&wnum,&wnum,tmp); - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) - { - q--; - j=wnum.top; - BN_add(&wnum,&wnum,sdiv); - snum->top+=wnum.top-j; - } - *(resp--)=q; - wnump--; - } - if (rm != NULL) - { - BN_rshift(rm,snum,norm_shift); - rm->neg=num->neg; - } - BN_CTX_end(ctx); - return(1); -err: - BN_CTX_end(ctx); - return(0); - } - -#endif - -/* rem != m */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) - { -#if 0 /* The old slow way */ - int i,nm,nd; - BIGNUM *dv; - - if (BN_ucmp(m,d) < 0) - return((BN_copy(rem,m) == NULL)?0:1); - - BN_CTX_start(ctx); - dv=BN_CTX_get(ctx); - - if (!BN_copy(rem,m)) goto err; - - nm=BN_num_bits(rem); - nd=BN_num_bits(d); - if (!BN_lshift(dv,d,nm-nd)) goto err; - for (i=nm-nd; i>=0; i--) - { - if (BN_cmp(rem,dv) >= 0) - { - if (!BN_sub(rem,rem,dv)) goto err; - } - if (!BN_rshift1(dv,dv)) goto err; - } - BN_CTX_end(ctx); - return(1); - err: - BN_CTX_end(ctx); - return(0); -#else - return(BN_div(NULL,rem,m,d,ctx)); -#endif - } - diff --git a/AppleCSP/open_ssl/bn/bn_err.c b/AppleCSP/open_ssl/bn/bn_err.c deleted file mode 100644 index d706e586..00000000 --- a/AppleCSP/open_ssl/bn/bn_err.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA BN_str_functs[]= - { -{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"}, -{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, -{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, -{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, -{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, -{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, -{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, -{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, -{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, -{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, -{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, -{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, -{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, -{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, -{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, -{0,NULL} - }; - -static ERR_STRING_DATA BN_str_reasons[]= - { -{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, -{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, -{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, -{BN_R_DIV_BY_ZERO ,"div by zero"}, -{BN_R_ENCODING_ERROR ,"encoding error"}, -{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, -{BN_R_INVALID_LENGTH ,"invalid length"}, -{BN_R_INVALID_RANGE ,"invalid range"}, -{BN_R_NOT_INITIALIZED ,"not initialized"}, -{BN_R_NO_INVERSE ,"no inverse"}, -{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, -{0,NULL} - }; - -#endif - -void ERR_load_BN_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_BN,BN_str_functs); - ERR_load_strings(ERR_LIB_BN,BN_str_reasons); -#endif - - } - } diff --git a/AppleCSP/open_ssl/bn/bn_exp.c b/AppleCSP/open_ssl/bn/bn_exp.c deleted file mode 100644 index 81173237..00000000 --- a/AppleCSP/open_ssl/bn/bn_exp.c +++ /dev/null @@ -1,901 +0,0 @@ -/* crypto/bn/bn_exp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include "bn_lcl.h" -#ifdef ATALLA -# include -# include -# include -# include -#endif - - -#define TABLE_SIZE 32 - -/* slow but works */ -int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) - { - BIGNUM *t; - int r=0; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(m); - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) goto err; - if (a == b) - { if (!BN_sqr(t,a,ctx)) goto err; } - else - { if (!BN_mul(t,a,b,ctx)) goto err; } - if (!BN_mod(ret,t,m,ctx)) goto err; - r=1; -err: - BN_CTX_end(ctx); - return(r); - } - - -/* this one works - simple but works */ -int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx) - { - int i,bits,ret=0; - BIGNUM *v,*rr; - - BN_CTX_start(ctx); - if ((r == a) || (r == p)) - rr = BN_CTX_get(ctx); - else - rr = r; - if ((v = BN_CTX_get(ctx)) == NULL) goto err; - - if (BN_copy(v,a) == NULL) goto err; - bits=BN_num_bits(p); - - if (BN_is_odd(p)) - { if (BN_copy(rr,a) == NULL) goto err; } - else { if (!BN_one(rr)) goto err; } - - for (i=1; i= m. eay 07-May-97 */ -/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ - - if (BN_is_odd(m)) - { - if (a->top == 1) - { - BN_ULONG A = a->d[0]; - ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); - } - else - ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); - } - else -#endif -#ifdef RECP_MUL_MOD - { ret=BN_mod_exp_recp(r,a,p,m,ctx); } -#else - { ret=BN_mod_exp_simple(r,a,p,m,ctx); } -#endif - -#ifdef ATALLA - tried_atalla=0; -#endif - - return(ret); - } - - -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - int i,j,bits,ret=0,wstart,wend,window,wvalue; - int start=1,ts=0; - BIGNUM *aa; - BIGNUM val[TABLE_SIZE]; - BN_RECP_CTX recp; - - bits=BN_num_bits(p); - - if (bits == 0) - { - BN_one(r); - return(1); - } - - BN_CTX_start(ctx); - if ((aa = BN_CTX_get(ctx)) == NULL) goto err; - - BN_RECP_CTX_init(&recp); - if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; - - BN_init(&(val[0])); - ts=1; - - if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) - goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i>1]),&recp,ctx)) - goto err; - - /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - ret=1; -err: - BN_CTX_end(ctx); - for (i=0; id[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } - bits=BN_num_bits(p); - if (bits == 0) - { - BN_one(rr); - return(1); - } - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - if (d == NULL || r == NULL) goto err; - - /* If this is not done, things will break in the montgomery - * part */ - - if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; - } - - BN_init(&val[0]); - ts=1; - if (BN_ucmp(a,m) >= 0) - { - if (!BN_mod(&(val[0]),a,m,ctx)) - goto err; - aa= &(val[0]); - } - else - aa=a; - if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i>1]),mont,ctx)) - goto err; - - /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; - ret=1; -err: - if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - for (i=0; id[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } - bits = BN_num_bits(p); - if (bits == 0) - { - BN_one(rr); - return(1); - } - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - if (d == NULL || r == NULL || t == NULL) goto err; - -#ifdef ATALLA - if (!tried_atalla) - { - BN_set_word(t, a); - if (BN_mod_exp_atalla(rr, t, p, m)) - { - BN_CTX_end(ctx); - return 1; - } - } -/* If it fails, try the other methods */ -#endif - - if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont = BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; - } - - r_is_one = 1; /* except for Montgomery factor */ - - /* bits-1 >= 0 */ - - /* The result is accumulated in the product r*w. */ - w = a; /* bit 'bits-1' of 'p' is always set */ - for (b = bits-2; b >= 0; b--) - { - /* First, square r*w. */ - next_w = w*w; - if ((next_w/w) != w) /* overflow */ - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; - r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } - next_w = 1; - } - w = next_w; - if (!r_is_one) - { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; - } - - /* Second, multiply r*w by 'a' if exponent bit is set. */ - if (BN_is_bit_set(p, b)) - { - next_w = w*a; - if ((next_w/a) != w) /* overflow */ - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; - r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } - next_w = a; - } - w = next_w; - } - } - - /* Finally, set r:=r*w. */ - if (w != 1) - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; - r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } - } - - if (r_is_one) /* can happen only if a == 1*/ - { - if (!BN_one(rr)) goto err; - } - else - { - if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; - } - ret = 1; -err: - if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - return(ret); - } - - -/* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, - BN_CTX *ctx) - { - int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; - int start=1; - BIGNUM *d; - BIGNUM val[TABLE_SIZE]; - - bits=BN_num_bits(p); - - if (bits == 0) - { - BN_one(r); - return(1); - } - - BN_CTX_start(ctx); - if ((d = BN_CTX_get(ctx)) == NULL) goto err; - - BN_init(&(val[0])); - ts=1; - if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) - goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i>1]),m,ctx)) - goto err; - - /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - ret=1; -err: - BN_CTX_end(ctx); - for (i=0; i -#include "cryptlib.h" -#include "bn_lcl.h" - -/* I've done some timing with different table sizes. - * The main hassle is that even with bits set at 3, this requires - * 63 BIGNUMs to store the pre-calculated values. - * 512 1024 - * bits=1 75.4% 79.4% - * bits=2 61.2% 62.4% - * bits=3 61.3% 59.3% - * The lack of speed improvement is also a function of the pre-calculation - * which could be removed. - */ -#define EXP2_TABLE_BITS 2 /* 1 2 3 4 5 */ -#define EXP2_TABLE_SIZE 4 /* 2 4 8 16 32 */ - -int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, - BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue; - int start=1,ts=0,x,y; - BIGNUM *d,*aa1,*aa2,*r; - BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE]; - BN_MONT_CTX *mont=NULL; - - bn_check_top(a1); - bn_check_top(p1); - bn_check_top(a2); - bn_check_top(p2); - bn_check_top(m); - - if (!(m->d[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } - bits1=BN_num_bits(p1); - bits2=BN_num_bits(p2); - if ((bits1 == 0) && (bits2 == 0)) - { - BN_one(rr); - return(1); - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - if (d == NULL || r == NULL) goto err; - - bits=(bits1 > bits2)?bits1:bits2; - - /* If this is not done, things will break in the montgomery - * part */ - - if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; - } - - BN_init(&(val[0][0])); - BN_init(&(val[1][1])); - BN_init(&(val[0][1])); - BN_init(&(val[1][0])); - ts=1; - if (BN_ucmp(a1,m) >= 0) - { - BN_mod(&(val[1][0]),a1,m,ctx); - aa1= &(val[1][0]); - } - else - aa1=a1; - if (BN_ucmp(a2,m) >= 0) - { - BN_mod(&(val[0][1]),a2,m,ctx); - aa2= &(val[0][1]); - } - else - aa2=a2; - if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err; - if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err; - if (!BN_mod_mul_montgomery(&(val[1][1]), - &(val[1][0]),&(val[0][1]),mont,ctx)) - goto err; - -#if 0 - if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */ - window=1; - else if (bits > 250) - window=5; /* max size of window */ - else if (bits >= 120) - window=4; - else - window=3; -#else - window=EXP2_TABLE_BITS; -#endif - - k=1<= 2) - { - BN_init(&(val[x][0])); - BN_init(&(val[x][1])); - if (!BN_mod_mul_montgomery(&(val[x][0]), - &(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err; - if (!BN_mod_mul_montgomery(&(val[x][1]), - &(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err; - } - for (y=2; y -#include "cryptlib.h" -#include "bn_lcl.h" - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - -int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx) - { - BIGNUM *a,*b,*t; - int ret=0; - - bn_check_top(in_a); - bn_check_top(in_b); - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (a == NULL || b == NULL) goto err; - - if (BN_copy(a,in_a) == NULL) goto err; - if (BN_copy(b,in_b) == NULL) goto err; - - if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } - t=euclid(a,b); - if (t == NULL) goto err; - - if (BN_copy(r,t) == NULL) goto err; - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) - { - BIGNUM *t; - int shifts=0; - - bn_check_top(a); - bn_check_top(b); - - for (;;) - { - if (BN_is_zero(b)) - break; - - if (BN_is_odd(a)) - { - if (BN_is_odd(b)) - { - if (!BN_sub(a,a,b)) goto err; - if (!BN_rshift1(a,a)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } - } - else /* a odd - b even */ - { - if (!BN_rshift1(b,b)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } - } - } - else /* a is even */ - { - if (BN_is_odd(b)) - { - if (!BN_rshift1(a,a)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } - } - else /* a even - b even */ - { - if (!BN_rshift1(a,a)) goto err; - if (!BN_rshift1(b,b)) goto err; - shifts++; - } - } - } - if (shifts) - { - if (!BN_lshift(a,a,shifts)) goto err; - } - return(a); -err: - return(NULL); - } - -/* solves ax == 1 (mod n) */ -BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) - { - BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL; - BIGNUM *T,*ret=NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - if (Y == NULL) goto err; - - if (in == NULL) - R=BN_new(); - else - R=in; - if (R == NULL) goto err; - - BN_zero(X); - BN_one(Y); - if (BN_copy(A,a) == NULL) goto err; - if (BN_copy(B,n) == NULL) goto err; - sign=1; - - while (!BN_is_zero(B)) - { - if (!BN_div(D,M,A,B,ctx)) goto err; - T=A; - A=B; - B=M; - /* T has a struct, M does not */ - - if (!BN_mul(T,D,X,ctx)) goto err; - if (!BN_add(T,T,Y)) goto err; - M=Y; - Y=X; - X=T; - sign= -sign; - } - if (sign < 0) - { - if (!BN_sub(Y,n,Y)) goto err; - } - - if (BN_is_one(A)) - { if (!BN_mod(R,Y,n,ctx)) goto err; } - else - { - BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); - goto err; - } - ret=R; -err: - if ((ret == NULL) && (in == NULL)) BN_free(R); - BN_CTX_end(ctx); - return(ret); - } - diff --git a/AppleCSP/open_ssl/bn/bn_lcl.h b/AppleCSP/open_ssl/bn/bn_lcl.h deleted file mode 100644 index 9c959921..00000000 --- a/AppleCSP/open_ssl/bn/bn_lcl.h +++ /dev/null @@ -1,419 +0,0 @@ -/* crypto/bn/bn_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_BN_LCL_H -#define HEADER_BN_LCL_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -/* - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * - * - * For window size 'w' (w >= 2) and a random 'b' bits exponent, - * the number of multiplications is a constant plus on average - * - * 2^(w-1) + (b-w)/(w+1); - * - * here 2^(w-1) is for precomputing the table (we actually need - * entries only for windows that have the lowest bit set), and - * (b-w)/(w+1) is an approximation for the expected number of - * w-bit windows, not counting the first one. - * - * Thus we should use - * - * w >= 6 if b > 671 - * w = 5 if 671 > b > 239 - * w = 4 if 239 > b > 79 - * w = 3 if 79 > b > 23 - * w <= 2 if 23 > b - * - * (with draws in between). Very small exponents are often selected - * with low Hamming weight, so we use w = 1 for b <= 23. - */ -#if 1 -#define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) -#else -/* Old SSLeay/OpenSSL table. - * Maximum window size was 5, so this table differs for b==1024; - * but it coincides for other interesting values (b==160, b==512). - */ -#define BN_window_bits_for_exponent_size(b) \ - ((b) > 255 ? 5 : \ - (b) > 127 ? 4 : \ - (b) > 17 ? 3 : 1) -#endif - - - -/* Pentium pro 16,16,16,32,64 */ -/* Alpha 16,16,16,16.64 */ -#define BN_MULL_SIZE_NORMAL (16) /* 32 */ -#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */ -#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */ -#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ -#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ - -#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) -/* - * BN_UMULT_HIGH section. - * - * No, I'm not trying to overwhelm you when stating that the - * product of N-bit numbers is 2*N bits wide:-) No, I don't expect - * you to be impressed when I say that if the compiler doesn't - * support 2*N integer type, then you have to replace every N*N - * multiplication with 4 (N/2)*(N/2) accompanied by some shifts - * and additions which unavoidably results in severe performance - * penalties. Of course provided that the hardware is capable of - * producing 2*N result... That's when you normally start - * considering assembler implementation. However! It should be - * pointed out that some CPUs (most notably Alpha, PowerPC and - * upcoming IA-64 family:-) provide *separate* instruction - * calculating the upper half of the product placing the result - * into a general purpose register. Now *if* the compiler supports - * inline assembler, then it's not impossible to implement the - * "bignum" routines (and have the compiler optimize 'em) - * exhibiting "native" performance in C. That's what BN_UMULT_HIGH - * macro is about:-) - * - * - */ -# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %1,%2,%0" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("mulhdu %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# endif /* cpu */ -#endif /* NO_ASM */ - -/************************************************************* - * Using the long long type - */ -#define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - -/* This macro is to add extra stuff for development checking */ -#ifdef BN_DEBUG -#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) -#else -#define bn_set_max(r) -#endif - -/* These macros are used to 'take' a section of a bignum for read only use */ -#define bn_set_low(r,a,n) \ - { \ - (r)->top=((a)->top > (n))?(n):(a)->top; \ - (r)->d=(a)->d; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#define bn_set_high(r,a,n) \ - { \ - if ((a)->top > (n)) \ - { \ - (r)->top=(a)->top-n; \ - (r)->d= &((a)->d[n]); \ - } \ - else \ - (r)->top=0; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#ifdef BN_LLONG -#define mul_add(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (r) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -#define mul(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -#define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - -#elif defined(BN_UMULT_HIGH) -#define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - high= BN_UMULT_HIGH(w,tmp); \ - ret += (c); \ - low = (w) * tmp; \ - (c) = (ret<(c))?1:0; \ - (c) += high; \ - ret += low; \ - (c) += (ret>BN_BITS4)&BN_MASK2l) -#define L2HBITS(a) ((BN_ULONG)((a)&BN_MASK2l)<>BN_BITS2)&BN_MASKl) -#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ - m =(m&BN_MASK2l)<<(BN_BITS4+1); \ - l=(l+m)&BN_MASK2; if (l < m) h++; \ - (lo)=l; \ - (ho)=h; \ - } - -#define mul_add(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=(r); \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l; \ - } - -#define mul(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l+=(c); if ((l&BN_MASK2) < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l&BN_MASK2; \ - } -#endif /* !BN_LLONG */ - -void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); -void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); -void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); -void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a); -void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a); -int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n); -void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t); -void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, - int tn, int n,BN_ULONG *t); -void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t); -void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); -void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, - BN_ULONG *t); -void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, - BN_ULONG *t); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/bn/bn_lib.c b/AppleCSP/open_ssl/bn/bn_lib.c deleted file mode 100644 index 667dca23..00000000 --- a/AppleCSP/open_ssl/bn/bn_lib.c +++ /dev/null @@ -1,778 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT; - -#if BN_PARAMS_ENABLE - -/* For a 32 bit machine - * 2 - 4 == 128 - * 3 - 8 == 256 - * 4 - 16 == 512 - * 5 - 32 == 1024 - * 6 - 64 == 2048 - * 7 - 128 == 4096 - * 8 - 256 == 8192 - */ -static int bn_limit_bits=0; -static int bn_limit_num=8; /* (1<= 0) - { - if (mult > (sizeof(int)*8)-1) - mult=sizeof(int)*8-1; - bn_limit_bits=mult; - bn_limit_num=1<= 0) - { - if (high > (sizeof(int)*8)-1) - high=sizeof(int)*8-1; - bn_limit_bits_high=high; - bn_limit_num_high=1<= 0) - { - if (low > (sizeof(int)*8)-1) - low=sizeof(int)*8-1; - bn_limit_bits_low=low; - bn_limit_num_low=1<= 0) - { - if (mont > (sizeof(int)*8)-1) - mont=sizeof(int)*8-1; - bn_limit_bits_mont=mont; - bn_limit_num_mont=1<>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000L) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } - else -#else -#ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) - { - if (l & 0xffff000000000000LL) - { - if (l & 0xff00000000000000LL) - { - return(bits[(int)(l>>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000LL) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } - else -#endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) - { - if (l & 0xff000000L) - return(bits[(int)(l>>24L)]+24); - else return(bits[(int)(l>>16L)]+16); - } - else -#endif - { -#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return(bits[(int)(l>>8)]+8); - else -#endif - return(bits[(int)(l )] ); - } - } - } - -int BN_num_bits(const BIGNUM *a) - { - BN_ULONG l; - int i; - - bn_check_top(a); - - if (a->top == 0) return(0); - l=a->d[a->top-1]; - i=(a->top-1)*BN_BITS2; - if (l == 0) - { -#if !defined(NO_STDIO) && !defined(WIN16) - fprintf(stderr,"BAD TOP VALUE\n"); -#endif - abort(); - } - return(i+BN_num_bits_word(l)); - } - -void BN_clear_free(BIGNUM *a) - { - int i; - - if (a == NULL) return; - if (a->d != NULL) - { - memset(a->d,0,a->max*sizeof(a->d[0])); - if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) - Free(a->d); - } - i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); - if (i) - Free(a); - } - -void BN_free(BIGNUM *a) - { - if (a == NULL) return; - if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) - Free(a->d); - a->flags|=BN_FLG_FREE; /* REMOVE? */ - if (a->flags & BN_FLG_MALLOCED) - Free(a); - } - -void BN_init(BIGNUM *a) - { - memset(a,0,sizeof(BIGNUM)); - } - -BIGNUM *BN_new(void) - { - BIGNUM *ret; - - if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL) - { - BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->flags=BN_FLG_MALLOCED; - ret->top=0; - ret->neg=0; - ret->max=0; - ret->d=NULL; - return(ret); - } - -/* This is an internal function that should not be used in applications. - * It ensures that 'b' has enough room for a 'words' word number number. - * It is mostly used by the various BIGNUM routines. If there is an error, - * NULL is returned. If not, 'b' is returned. */ - -BIGNUM *bn_expand2(BIGNUM *b, int words) - { - BN_ULONG *A,*a; - const BN_ULONG *B; - int i; - - bn_check_top(b); - - if (words > b->max) - { - bn_check_top(b); - if (BN_get_flags(b,BN_FLG_STATIC_DATA)) - { - BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return(NULL); - } - a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1)); - if (A == NULL) - { - BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE); - return(NULL); - } -#if 1 - B=b->d; - /* Check if the previous number needs to be copied */ - if (B != NULL) - { -#if 0 - /* This lot is an unrolled loop to copy b->top - * BN_ULONGs from B to A - */ -/* - * I have nothing against unrolling but it's usually done for - * several reasons, namely: - * - minimize percentage of decision making code, i.e. branches; - * - avoid cache trashing; - * - make it possible to schedule loads earlier; - * Now let's examine the code below. The cornerstone of C is - * "programmer is always right" and that's what we love it for:-) - * For this very reason C compilers have to be paranoid when it - * comes to data aliasing and assume the worst. Yeah, but what - * does it mean in real life? This means that loop body below will - * be compiled to sequence of loads immediately followed by stores - * as compiler assumes the worst, something in A==B+1 style. As a - * result CPU pipeline is going to starve for incoming data. Secondly - * if A and B happen to share same cache line such code is going to - * cause severe cache trashing. Both factors have severe impact on - * performance of modern CPUs and this is the reason why this - * particular piece of code is #ifdefed away and replaced by more - * "friendly" version found in #else section below. This comment - * also applies to BN_copy function. - * - * - */ - for (i=b->top&(~7); i>0; i-=8) - { - A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3]; - A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7]; - A+=8; - B+=8; - } - switch (b->top&7) - { - case 7: - A[6]=B[6]; - case 6: - A[5]=B[5]; - case 5: - A[4]=B[4]; - case 4: - A[3]=B[3]; - case 3: - A[2]=B[2]; - case 2: - A[1]=B[1]; - case 1: - A[0]=B[0]; - case 0: - /* I need the 'case 0' entry for utrix cc. - * If the optimizer is turned on, it does the - * switch table by doing - * a=top&7 - * a--; - * goto jump_table[a]; - * If top is 0, this makes us jump to 0xffffffc - * which is rather bad :-(. - * eric 23-Apr-1998 - */ - ; - } -#else - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { - /* - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough - * registers to accomodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * - */ - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see above */ - } -#endif - Free(b->d); - } - - b->d=a; - b->max=words; - - /* Now need to zero any data between b->top and b->max */ - - A= &(b->d[b->top]); - for (i=(b->max - b->top)>>3; i>0; i--,A+=8) - { - A[0]=0; A[1]=0; A[2]=0; A[3]=0; - A[4]=0; A[5]=0; A[6]=0; A[7]=0; - } - for (i=(b->max - b->top)&7; i>0; i--,A++) - A[0]=0; -#else - memset(A,0,sizeof(BN_ULONG)*(words+1)); - memcpy(A,b->d,sizeof(b->d[0])*b->top); - b->d=a; - b->max=words; -#endif - -/* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */ -/* { int i; for (i=b->max; itop) == NULL) return(NULL); - -#if 1 - A=a->d; - B=b->d; - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */ - } -#else - memcpy(a->d,b->d,sizeof(b->d[0])*b->top); -#endif - -/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ - a->top=b->top; - if ((a->top == 0) && (a->d != NULL)) - a->d[0]=0; - a->neg=b->neg; - return(a); - } - -void BN_clear(BIGNUM *a) - { - if (a->d != NULL) - memset(a->d,0,a->max*sizeof(a->d[0])); - a->top=0; - a->neg=0; - } - -BN_ULONG BN_get_word(BIGNUM *a) - { - int i; - unsigned n; - BN_ULONG ret=0; - - n=BN_num_bytes(a); - if (n > sizeof(BN_ULONG)) - return(BN_MASK2); - for (i=a->top-1; i>=0; i--) - { -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - ret<<=BN_BITS4; /* stops the compiler complaining */ - ret<<=BN_BITS4; -#else - ret=0; -#endif - ret|=a->d[i]; - } - return(ret); - } - -int BN_set_word(BIGNUM *a, BN_ULONG w) - { - int i,n; - - if (bn_expand(a,(int)(sizeof(BN_ULONG)*8)) == NULL) return(0); - - n=sizeof(BN_ULONG)/BN_BYTES; - a->neg=0; - a->top=0; - a->d[0]=(BN_ULONG)w&BN_MASK2; - if (a->d[0] != 0) a->top=1; - for (i=1; i>=BN_BITS2 so compilers don't complain - * on builds where sizeof(long) == BN_TYPES */ -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - w>>=BN_BITS4; - w>>=BN_BITS4; -#else - w=0; -#endif - a->d[i]=(BN_ULONG)w&BN_MASK2; - if (a->d[i] != 0) a->top=i+1; - } - return(1); - } - -/* ignore negative */ -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - { - unsigned int i,m; - unsigned int n; - BN_ULONG l; - - if (ret == NULL) ret=BN_new(); - if (ret == NULL) return(NULL); - l=0; - n=len; - if (n == 0) - { - ret->top=0; - return(ret); - } - if (bn_expand(ret,(int)(n+2)*8) == NULL) - return(NULL); - i=((n-1)/BN_BYTES)+1; - m=((n-1)%(BN_BYTES)); - ret->top=i; - while (n-- > 0) - { - l=(l<<8L)| *(s++); - if (m-- == 0) - { - ret->d[--i]=l; - l=0; - m=BN_BYTES-1; - } - } - /* need to call this due to clear byte at top if avoiding - * having the top bit set (-ve number) */ - bn_fix_top(ret); - return(ret); - } - -/* ignore negative */ -int BN_bn2bin(const BIGNUM *a, unsigned char *to) - { - int n,i; - BN_ULONG l; - - n=i=BN_num_bytes(a); - while (i-- > 0) - { - l=a->d[i/BN_BYTES]; - *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; - } - return(n); - } - -int BN_ucmp(const BIGNUM *a, const BIGNUM *b) - { - int i; - BN_ULONG t1,t2,*ap,*bp; - - bn_check_top(a); - bn_check_top(b); - - i=a->top-b->top; - if (i != 0) return(i); - ap=a->d; - bp=b->d; - for (i=a->top-1; i>=0; i--) - { - t1= ap[i]; - t2= bp[i]; - if (t1 != t2) - return(t1 > t2?1:-1); - } - return(0); - } - -int BN_cmp(const BIGNUM *a, const BIGNUM *b) - { - int i; - int gt,lt; - BN_ULONG t1,t2; - - if ((a == NULL) || (b == NULL)) - { - if (a != NULL) - return(-1); - else if (b != NULL) - return(1); - else - return(0); - } - - bn_check_top(a); - bn_check_top(b); - - if (a->neg != b->neg) - { - if (a->neg) - return(-1); - else return(1); - } - if (a->neg == 0) - { gt=1; lt= -1; } - else { gt= -1; lt=1; } - - if (a->top > b->top) return(gt); - if (a->top < b->top) return(lt); - for (i=a->top-1; i>=0; i--) - { - t1=a->d[i]; - t2=b->d[i]; - if (t1 > t2) return(gt); - if (t1 < t2) return(lt); - } - return(0); - } - -int BN_set_bit(BIGNUM *a, int n) - { - int i,j,k; - - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) - { - if (bn_wexpand(a,i+1) == NULL) return(0); - for(k=a->top; kd[k]=0; - a->top=i+1; - } - - a->d[i]|=(((BN_ULONG)1)<top <= i) return(0); - - a->d[i]&=(~(((BN_ULONG)1)<top <= i) return(0); - return((a->d[i]&(((BN_ULONG)1)<= a->top) return(0); - if (b == 0) - a->top=w; - else - { - a->top=w+1; - a->d[w]&= ~(BN_MASK2< bb)?1:-1); - for (i=n-2; i>=0; i--) - { - aa=a[i]; - bb=b[i]; - if (aa != bb) return((aa > bb)?1:-1); - } - return(0); - } - diff --git a/AppleCSP/open_ssl/bn/bn_mont.c b/AppleCSP/open_ssl/bn/bn_mont.c deleted file mode 100644 index 69e573b3..00000000 --- a/AppleCSP/open_ssl/bn/bn_mont.c +++ /dev/null @@ -1,357 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_mont.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -#define MONT_WORD /* use the faster word-based algorithm */ - -int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) - { - BIGNUM *tmp,*tmp2; - int ret=0; - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - if (tmp == NULL || tmp2 == NULL) goto err; - - bn_check_top(tmp); - bn_check_top(tmp2); - - if (a == b) - { -#if 0 - bn_wexpand(tmp,a->top*2); - bn_wexpand(tmp2,a->top*4); - bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d); - tmp->top=a->top*2; - if (tmp->d[tmp->top-1] == 0) - tmp->top--; -#else - if (!BN_sqr(tmp,a,ctx)) goto err; -#endif - } - else - { - if (!BN_mul(tmp,a,b,ctx)) goto err; - } - /* reduce from aRR to aR */ - if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; - -#ifdef MONT_WORD - BIGNUM *n,*r; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; - - BN_CTX_start(ctx); - if ((r = BN_CTX_get(ctx)) == NULL) goto err; - - if (!BN_copy(r,a)) goto err; - n= &(mont->N); - - ap=a->d; - /* mont->ri is the size of mont->N in bits (rounded up - to the word size) */ - al=ri=mont->ri/BN_BITS2; - - nl=n->top; - if ((al == 0) || (nl == 0)) { r->top=0; return(1); } - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; - if (bn_wexpand(ret,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; - rp=r->d; - nrp= &(r->d[nl]); - - /* clear the top words of T */ -#if 1 - for (i=r->top; id[i]=0; -#else - memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); -#endif - - r->top=max; - n0=mont->n0; - -#ifdef BN_COUNT - printf("word BN_from_montgomery %d * %d\n",nl,nl); -#endif - for (i=0; i= v) - continue; - else - { - if (((++nrp[0])&BN_MASK2) != 0) continue; - if (((++nrp[1])&BN_MASK2) != 0) continue; - for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; - } - } - bn_fix_top(r); - - /* mont->ri will be a multiple of the word size */ -#if 0 - BN_rshift(ret,r,mont->ri); -#else - x=ri; - rp=ret->d; - ap= &(r->d[x]); - if (r->top < x) - al=0; - else - al=r->top-x; - ret->top=al; - al-=4; - for (i=0; iri); - - if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; - BN_mask_bits(t2,mont->ri); - - if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; - if (!BN_add(t2,a,t1)) goto err; - BN_rshift(ret,t2,mont->ri); -#endif /* MONT_WORD */ - - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - BN_usub(ret,ret,&(mont->N)); - } - retn=1; - err: - BN_CTX_end(ctx); - return(retn); - } - -BN_MONT_CTX *BN_MONT_CTX_new(void) - { - BN_MONT_CTX *ret; - - if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL) - return(NULL); - - BN_MONT_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } - -void BN_MONT_CTX_init(BN_MONT_CTX *ctx) - { - ctx->ri=0; - BN_init(&(ctx->RR)); - BN_init(&(ctx->N)); - BN_init(&(ctx->Ni)); - ctx->flags=0; - } - -void BN_MONT_CTX_free(BN_MONT_CTX *mont) - { - if(mont == NULL) - return; - - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); - if (mont->flags & BN_FLG_MALLOCED) - Free(mont); - } - -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) - { - BIGNUM Ri,*R; - - BN_init(&Ri); - R= &(mont->RR); /* grab RR as a temp */ - BN_copy(&(mont->N),mod); /* Set N */ - -#ifdef MONT_WORD - { - BIGNUM tmod; - BN_ULONG buf[2]; - - mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - BN_zero(R); - BN_set_bit(R,BN_BITS2); /* R */ - - buf[0]=mod->d[0]; /* tmod = N mod word size */ - buf[1]=0; - tmod.d=buf; - tmod.top=1; - tmod.max=2; - tmod.neg=mod->neg; - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) - goto err; - BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */ - if (!BN_is_zero(&Ri)) - BN_sub_word(&Ri,1); - else /* if N mod word size == 1 */ - BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */ - BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N, - * keep only least significant word: */ - mont->n0=Ri.d[0]; - BN_free(&Ri); - } -#else /* !MONT_WORD */ - { /* bignum version */ - mont->ri=BN_num_bits(mod); - BN_zero(R); - BN_set_bit(R,mont->ri); /* R = 2^ri */ - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL) - goto err; - BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */ - BN_sub_word(&Ri,1); - /* Ni = (R*Ri-1) / N */ - BN_div(&(mont->Ni),NULL,&Ri,mod,ctx); - BN_free(&Ri); - } -#endif - - /* setup RR for conversions */ - BN_zero(&(mont->RR)); - BN_set_bit(&(mont->RR),mont->ri*2); - BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx); - - return(1); -err: - return(0); - } - -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) - { - if (to == from) return(to); - - BN_copy(&(to->RR),&(from->RR)); - BN_copy(&(to->N),&(from->N)); - BN_copy(&(to->Ni),&(from->Ni)); - to->ri=from->ri; - to->n0=from->n0; - return(to); - } - diff --git a/AppleCSP/open_ssl/bn/bn_mpi.c b/AppleCSP/open_ssl/bn/bn_mpi.c deleted file mode 100644 index 1aefdaaf..00000000 --- a/AppleCSP/open_ssl/bn/bn_mpi.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_mpi.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -int BN_bn2mpi(const BIGNUM *a, unsigned char *d) - { - int bits; - int num=0; - int ext=0; - long l; - - bits=BN_num_bits(a); - num=(bits+7)/8; - if (bits > 0) - { - ext=((bits & 0x07) == 0); - } - if (d == NULL) - return(num+4+ext); - - l=num+ext; - d[0]=(unsigned char)(l>>24)&0xff; - d[1]=(unsigned char)(l>>16)&0xff; - d[2]=(unsigned char)(l>> 8)&0xff; - d[3]=(unsigned char)(l )&0xff; - if (ext) d[4]=0; - num=BN_bn2bin(a,&(d[4+ext])); - if (a->neg) - d[4]|=0x80; - return(num+4+ext); - } - -BIGNUM *BN_mpi2bn(unsigned char *d, int n, BIGNUM *a) - { - long len; - int neg=0; - - if (n < 4) - { - BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); - return(NULL); - } - len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; - if ((len+4) != n) - { - BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); - return(NULL); - } - - if (a == NULL) a=BN_new(); - if (a == NULL) return(NULL); - - if (len == 0) - { - a->neg=0; - a->top=0; - return(a); - } - d+=4; - if ((*d) & 0x80) - neg=1; - if (BN_bin2bn(d,(int)len,a) == NULL) - return(NULL); - a->neg=neg; - if (neg) - { - BN_clear_bit(a,BN_num_bits(a)-1); - } - return(a); - } - diff --git a/AppleCSP/open_ssl/bn/bn_mul.c b/AppleCSP/open_ssl/bn/bn_mul.c deleted file mode 100644 index 20987d95..00000000 --- a/AppleCSP/open_ssl/bn/bn_mul.c +++ /dev/null @@ -1,812 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_mul.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -#ifdef BN_RECURSION -/* Karatsuba recursive multiplication algorithm - * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ - -/* r is 2*n2 words in size, - * a and b are both n2 words in size. - * n2 must be a power of 2. - * We multiply and return the result. - * t must be 2*n2 words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) - { - int n=n2/2,c1,c2; - unsigned int neg,zero; - BN_ULONG ln,lo,*p; - -# ifdef BN_COUNT - printf(" bn_mul_recursive %d * %d\n",n2,n2); -# endif -# ifdef BN_MUL_COMBA -# if 0 - if (n2 == 4) - { - bn_mul_comba4(r,a,b); - return; - } -# endif - if (n2 == 8) - { - bn_mul_comba8(r,a,b); - return; - } -# endif /* BN_MUL_COMBA */ - if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) - { - /* This should not happen */ - bn_mul_normal(r,a,n2,b,n2); - return; - } - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); - zero=neg=0; - switch (c1*3+c2) - { - case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ - break; - case -3: - zero=1; - break; - case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ - neg=1; - break; - case -1: - case 0: - case 1: - zero=1; - break; - case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ - neg=1; - break; - case 3: - zero=1; - break; - case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); - break; - } - -# ifdef BN_MUL_COMBA - if (n == 4) - { - if (!zero) - bn_mul_comba4(&(t[n2]),t,&(t[n])); - else - memset(&(t[n2]),0,8*sizeof(BN_ULONG)); - - bn_mul_comba4(r,a,b); - bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); - } - else if (n == 8) - { - if (!zero) - bn_mul_comba8(&(t[n2]),t,&(t[n])); - else - memset(&(t[n2]),0,16*sizeof(BN_ULONG)); - - bn_mul_comba8(r,a,b); - bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); - } - else -# endif /* BN_MUL_COMBA */ - { - p= &(t[n2*2]); - if (!zero) - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); - else - memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_mul_recursive(r,a,b,n,p); - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p); - } - - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); - - if (neg) /* if t[32] is negative */ - { - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - } - else - { - /* Might have a carry */ - c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); - } - - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); - lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; - - /* The overflow will stop before we over write - * words we should not overwrite */ - if (ln < (BN_ULONG)c1) - { - do { - p++; - lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } - } - } - -/* n+tn is the word length - * t needs to be n*4 is size, as does r */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, - int n, BN_ULONG *t) - { - int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; - BN_ULONG ln,lo,*p; - -# ifdef BN_COUNT - printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); -# endif - if (n < 8) - { - i=tn+n; - bn_mul_normal(r,a,i,b,i); - return; - } - - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); - zero=neg=0; - switch (c1*3+c2) - { - case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ - break; - case -3: - zero=1; - /* break; */ - case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ - neg=1; - break; - case -1: - case 0: - case 1: - zero=1; - /* break; */ - case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ - neg=1; - break; - case 3: - zero=1; - /* break; */ - case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); - break; - } - /* The zero case isn't yet implemented here. The speedup - would probably be negligible. */ -# if 0 - if (n == 4) - { - bn_mul_comba4(&(t[n2]),t,&(t[n])); - bn_mul_comba4(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); - } - else -# endif - if (n == 8) - { - bn_mul_comba8(&(t[n2]),t,&(t[n])); - bn_mul_comba8(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); - } - else - { - p= &(t[n2*2]); - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); - bn_mul_recursive(r,a,b,n,p); - i=n/2; - /* If there is only a bottom half to the number, - * just do it */ - j=tn-i; - if (j == 0) - { - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p); - memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); - } - else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ - { - bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), - j,i,p); - memset(&(r[n2+tn*2]),0, - sizeof(BN_ULONG)*(n2-tn*2)); - } - else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - { - memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); - if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL) - { - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - } - else - { - for (;;) - { - i/=2; - if (i < tn) - { - bn_mul_part_recursive(&(r[n2]), - &(a[n]),&(b[n]), - tn-i,i,p); - break; - } - else if (i == tn) - { - bn_mul_recursive(&(r[n2]), - &(a[n]),&(b[n]), - i,p); - break; - } - } - } - } - } - - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); - - if (neg) /* if t[32] is negative */ - { - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - } - else - { - /* Might have a carry */ - c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); - } - - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); - lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; - - /* The overflow will stop before we over write - * words we should not overwrite */ - if (ln < c1) - { - do { - p++; - lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } - } - } - -/* a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - */ -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) - { - int n=n2/2; - -# ifdef BN_COUNT - printf(" bn_mul_low_recursive %d * %d\n",n2,n2); -# endif - - bn_mul_recursive(r,a,b,n,&(t[0])); - if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) - { - bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - } - else - { - bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); - bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - bn_add_words(&(r[n]),&(r[n]),&(t[n]),n); - } - } - -/* a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - * l is the low words of the output. - * t needs to be n2*3 - */ -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t) - { - int i,n; - int c1,c2; - int neg,oneg,zero; - BN_ULONG ll,lc,*lp,*mp; - -# ifdef BN_COUNT - printf(" bn_mul_high %d * %d\n",n2,n2); -# endif - n=n2/2; - - /* Calculate (al-ah)*(bh-bl) */ - neg=zero=0; - c1=bn_cmp_words(&(a[0]),&(a[n]),n); - c2=bn_cmp_words(&(b[n]),&(b[0]),n); - switch (c1*3+c2) - { - case -4: - bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); - bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); - break; - case -3: - zero=1; - break; - case -2: - bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); - bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); - neg=1; - break; - case -1: - case 0: - case 1: - zero=1; - break; - case 2: - bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); - bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); - neg=1; - break; - case 3: - zero=1; - break; - case 4: - bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); - bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); - break; - } - - oneg=neg; - /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ - /* r[10] = (a[1]*b[1]) */ -# ifdef BN_MUL_COMBA - if (n == 8) - { - bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); - bn_mul_comba8(r,&(a[n]),&(b[n])); - } - else -# endif - { - bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); - bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); - } - - /* s0 == low(al*bl) - * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) - * We know s0 and s1 so the only unknown is high(al*bl) - * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) - * high(al*bl) == s1 - (r[0]+l[0]+t[0]) - */ - if (l != NULL) - { - lp= &(t[n2+n]); - c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); - } - else - { - c1=0; - lp= &(r[0]); - } - - if (neg) - neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); - else - { - bn_add_words(&(t[n2]),lp,&(t[0]),n); - neg=0; - } - - if (l != NULL) - { - bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); - } - else - { - lp= &(t[n2+n]); - mp= &(t[n2]); - for (i=0; i 0) - { - lc=c1; - do { - ll=(r[i]+lc)&BN_MASK2; - r[i++]=ll; - lc=(lc > ll); - } while (lc); - } - else - { - lc= -c1; - do { - ll=r[i]; - r[i++]=(ll-lc)&BN_MASK2; - lc=(lc > ll); - } while (lc); - } - } - if (c2 != 0) /* Add starting at r[1] */ - { - i=n; - if (c2 > 0) - { - lc=c2; - do { - ll=(r[i]+lc)&BN_MASK2; - r[i++]=ll; - lc=(lc > ll); - } while (lc); - } - else - { - lc= -c2; - do { - ll=r[i]; - r[i++]=(ll-lc)&BN_MASK2; - lc=(lc > ll); - } while (lc); - } - } - } -#endif /* BN_RECURSION */ - -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - int top,al,bl; - BIGNUM *rr; - int ret = 0; -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - int i; -#endif -#ifdef BN_RECURSION - BIGNUM *t; - int j,k; -#endif - -#ifdef BN_COUNT - printf("BN_mul %d * %d\n",a->top,b->top); -#endif - - bn_check_top(a); - bn_check_top(b); - bn_check_top(r); - - al=a->top; - bl=b->top; - r->neg=a->neg^b->neg; - - if ((al == 0) || (bl == 0)) - { - BN_zero(r); - return(1); - } - top=al+bl; - - BN_CTX_start(ctx); - if ((r == a) || (r == b)) - { - if ((rr = BN_CTX_get(ctx)) == NULL) goto err; - } - else - rr = r; - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - i = al-bl; -#endif -#ifdef BN_MUL_COMBA - if (i == 0) - { -# if 0 - if (al == 4) - { - if (bn_wexpand(rr,8) == NULL) goto err; - rr->top=8; - bn_mul_comba4(rr->d,a->d,b->d); - goto end; - } -# endif - if (al == 8) - { - if (bn_wexpand(rr,16) == NULL) goto err; - rr->top=16; - bn_mul_comba8(rr->d,a->d,b->d); - goto end; - } - } -#endif /* BN_MUL_COMBA */ -#ifdef BN_RECURSION - if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) - { - if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) - { - bn_wexpand(b,al); - b->d[bl]=0; - bl++; - i--; - } - else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) - { - bn_wexpand(a,bl); - a->d[al]=0; - al++; - i++; - } - if (i == 0) - { - /* symmetric and > 4 */ - /* 16 or larger */ - j=BN_num_bits_word((BN_ULONG)al); - j=1<<(j-1); - k=j+j; - t = BN_CTX_get(ctx); - if (al == j) /* exact multiple */ - { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); - bn_mul_recursive(rr->d,a->d,b->d,al,t->d); - } - else - { - bn_wexpand(a,k); - bn_wexpand(b,k); - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); - for (i=a->top; id[i]=0; - for (i=b->top; id[i]=0; - bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); - } - rr->top=top; - goto end; - } - } -#endif /* BN_RECURSION */ - if (bn_wexpand(rr,top) == NULL) goto err; - rr->top=top; - bn_mul_normal(rr->d,a->d,al,b->d,bl); - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) -end: -#endif - bn_fix_top(rr); - if (r != rr) BN_copy(r,rr); - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) - { - BN_ULONG *rr; - -#ifdef BN_COUNT - printf(" bn_mul_normal %d * %d\n",na,nb); -#endif - - if (na < nb) - { - int itmp; - BN_ULONG *ltmp; - - itmp=na; na=nb; nb=itmp; - ltmp=a; a=b; b=ltmp; - - } - rr= &(r[na]); - rr[0]=bn_mul_words(r,a,na,b[0]); - - for (;;) - { - if (--nb <= 0) return; - rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); - if (--nb <= 0) return; - rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); - if (--nb <= 0) return; - rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); - if (--nb <= 0) return; - rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); - rr+=4; - r+=4; - b+=4; - } - } - -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { -#ifdef BN_COUNT - printf(" bn_mul_low_normal %d * %d\n",n,n); -#endif - bn_mul_words(r,a,n,b[0]); - - for (;;) - { - if (--n <= 0) return; - bn_mul_add_words(&(r[1]),a,n,b[1]); - if (--n <= 0) return; - bn_mul_add_words(&(r[2]),a,n,b[2]); - if (--n <= 0) return; - bn_mul_add_words(&(r[3]),a,n,b[3]); - if (--n <= 0) return; - bn_mul_add_words(&(r[4]),a,n,b[4]); - r+=4; - b+=4; - } - } diff --git a/AppleCSP/open_ssl/bn/bn_prime.c b/AppleCSP/open_ssl/bn/bn_prime.c deleted file mode 100644 index a1dad1ec..00000000 --- a/AppleCSP/open_ssl/bn/bn_prime.c +++ /dev/null @@ -1,483 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_prime.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include "bn_lcl.h" -#include - -/* The quick sieve algorithm approach to weeding out primes is - * Philip Zimmermann's, as implemented in PGP. I have had a read of - * his comments and implemented my own version. - */ -#include "bn_prime.h" - -static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); -static int probable_prime(BIGNUM *rnd, int bits); -static int probable_prime_dh(BIGNUM *rnd, int bits, - BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); -static int probable_prime_dh_safe(BIGNUM *rnd, int bits, - BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); - -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add, - BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) - { - BIGNUM *rnd=NULL; - BIGNUM t; - int found=0; - int i,j,c1=0; - BN_CTX *ctx; - int checks = BN_prime_checks_for_size(bits); - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - if (ret == NULL) - { - if ((rnd=BN_new()) == NULL) goto err; - } - else - rnd=ret; - BN_init(&t); -loop: - /* make a random number and set the top and bottom bits */ - if (add == NULL) - { - if (!probable_prime(rnd,bits)) goto err; - } - else - { - if (safe) - { - if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) - goto err; - } - else - { - if (!probable_prime_dh(rnd,bits,add,rem,ctx)) - goto err; - } - } - /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ - if (callback != NULL) callback(0,c1++,cb_arg); - - if (!safe) - { - i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); - if (i == -1) goto err; - if (i == 0) goto loop; - } - else - { - /* for "safe prime" generation, - * check that (p-1)/2 is prime. - * Since a prime is odd, We just - * need to divide by 2 */ - if (!BN_rshift1(&t,rnd)) goto err; - - for (i=0; ineg) - { - BIGNUM *t; - if ((t = BN_CTX_get(ctx)) == NULL) goto err; - BN_copy(t, a); - t->neg = 0; - A = t; - } - else - A = a; - A1 = BN_CTX_get(ctx); - A1_odd = BN_CTX_get(ctx); - check = BN_CTX_get(ctx); - if (check == NULL) goto err; - - /* compute A1 := A - 1 */ - if (!BN_copy(A1, A)) - goto err; - if (!BN_sub_word(A1, 1)) - goto err; - if (BN_is_zero(A1)) - { - ret = 0; - goto err; - } - - /* write A1 as A1_odd * 2^k */ - k = 1; - while (!BN_is_bit_set(A1, k)) - k++; - if (!BN_rshift(A1_odd, A1, k)) - goto err; - - /* Montgomery setup for computations mod A */ - mont = BN_MONT_CTX_new(); - if (mont == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, A, ctx)) - goto err; - - for (i = 0; i < checks; i++) - { - if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0)) - goto err; - if (BN_cmp(check, A1) >= 0) - if (!BN_sub(check, check, A1)) - goto err; - if (!BN_add_word(check, 1)) - goto err; - /* now 1 <= check < A */ - - j = witness(check, A, A1, A1_odd, k, ctx, mont); - if (j == -1) goto err; - if (j) - { - ret=0; - goto err; - } - if (callback != NULL) callback(1,i,cb_arg); - } - ret=1; -err: - if (ctx != NULL) - { - BN_CTX_end(ctx); - if (ctx_passed == NULL) - BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); - - return(ret); - } - -static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) - { - if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ - return -1; - if (BN_is_one(w)) - return 0; /* probably prime */ - if (BN_cmp(w, a1) == 0) - return 0; /* w == -1 (mod a), 'a' is probably prime */ - while (--k) - { - if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ - return -1; - if (BN_is_one(w)) - return 1; /* 'a' is composite, otherwise a previous 'w' would - * have been == -1 (mod 'a') */ - if (BN_cmp(w, a1) == 0) - return 0; /* w == -1 (mod a), 'a' is probably prime */ - } - /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', - * and it is neither -1 nor +1 -- so 'a' cannot be prime */ - return 1; - } - -static int probable_prime(BIGNUM *rnd, int bits) - { - int i; - BN_ULONG mods[NUMPRIMES]; - BN_ULONG delta,d; - -again: - if (!BN_rand(rnd,bits,1,1)) return(0); - /* we now have a random number 'rand' to test. */ - for (i=1; i -#include -#include "cryptlib.h" -#include -#include "bn_lcl.h" - -static const char *Hex="0123456789ABCDEF"; - -/* Must 'Free' the returned data */ -char *BN_bn2hex(const BIGNUM *a) - { - int i,j,v,z=0; - char *buf; - char *p; - - buf=(char *)Malloc(a->top*BN_BYTES*2+2); - if (buf == NULL) - { - BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); - goto err; - } - p=buf; - if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; - for (i=a->top-1; i >=0; i--) - { - for (j=BN_BITS2-8; j >= 0; j-=8) - { - /* strip leading zeros */ - v=((int)(a->d[i]>>(long)j))&0xff; - if (z || (v != 0)) - { - *(p++)=Hex[v>>4]; - *(p++)=Hex[v&0x0f]; - z=1; - } - } - } - *p='\0'; -err: - return(buf); - } - -/* Must 'Free' the returned data */ -char *BN_bn2dec(const BIGNUM *a) - { - int i=0,num; - char *buf=NULL; - char *p; - BIGNUM *t=NULL; - BN_ULONG *bn_data=NULL,*lp; - - i=BN_num_bits(a)*3; - num=(i/10+i/1000+3)+1; - bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); - buf=(char *)Malloc(num+3); - if ((buf == NULL) || (bn_data == NULL)) - { - BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); - goto err; - } - if ((t=BN_dup(a)) == NULL) goto err; - - p=buf; - lp=bn_data; - if (t->neg) *(p++)='-'; - if (t->top == 0) - { - *(p++)='0'; - *(p++)='\0'; - } - else - { - i=0; - while (!BN_is_zero(t)) - { - *lp=BN_div_word(t,BN_DEC_CONV); - lp++; - } - lp--; - /* We now have a series of blocks, BN_DEC_NUM chars - * in length, where the last one needs truncation. - * The blocks need to be reversed in order. */ - sprintf(p,BN_DEC_FMT1,*lp); - while (*p) p++; - while (lp != bn_data) - { - lp--; - sprintf(p,BN_DEC_FMT2,*lp); - while (*p) p++; - } - } -err: - if (bn_data != NULL) Free(bn_data); - if (t != NULL) BN_free(t); - return(buf); - } - -int BN_hex2bn(BIGNUM **bn, const char *a) - { - BIGNUM *ret=NULL; - BN_ULONG l=0; - int neg=0,h,m,i,j,k,c; - int num; - - if ((a == NULL) || (*a == '\0')) return(0); - - if (*a == '-') { neg=1; a++; } - - for (i=0; isxdigit((unsigned char) a[i]); i++) - ; - - num=i+neg; - if (bn == NULL) return(num); - - /* a is the start of the hex digits, and it is 'i' long */ - if (*bn == NULL) - { - if ((ret=BN_new()) == NULL) return(0); - } - else - { - ret= *bn; - BN_zero(ret); - } - - /* i is the number of hex digests; */ - if (bn_expand(ret,i*4) == NULL) goto err; - - j=i; /* least significant 'hex' */ - m=0; - h=0; - while (j > 0) - { - m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j; - l=0; - for (;;) - { - c=a[j-m]; - if ((c >= '0') && (c <= '9')) k=c-'0'; - else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10; - else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10; - else k=0; /* paranoia */ - l=(l<<4)|k; - - if (--m <= 0) - { - ret->d[h++]=l; - break; - } - } - j-=(BN_BYTES*2); - } - ret->top=h; - bn_fix_top(ret); - ret->neg=neg; - - *bn=ret; - return(num); -err: - if (*bn == NULL) BN_free(ret); - return(0); - } - -int BN_dec2bn(BIGNUM **bn, const char *a) - { - BIGNUM *ret=NULL; - BN_ULONG l=0; - int neg=0,i,j; - int num; - - if ((a == NULL) || (*a == '\0')) return(0); - if (*a == '-') { neg=1; a++; } - - for (i=0; isdigit((unsigned char) a[i]); i++) - ; - - num=i+neg; - if (bn == NULL) return(num); - - /* a is the start of the digits, and it is 'i' long. - * We chop it into BN_DEC_NUM digits at a time */ - if (*bn == NULL) - { - if ((ret=BN_new()) == NULL) return(0); - } - else - { - ret= *bn; - BN_zero(ret); - } - - /* i is the number of digests, a bit of an over expand; */ - if (bn_expand(ret,i*4) == NULL) goto err; - - j=BN_DEC_NUM-(i%BN_DEC_NUM); - if (j == BN_DEC_NUM) j=0; - l=0; - while (*a) - { - l*=10; - l+= *a-'0'; - a++; - if (++j == BN_DEC_NUM) - { - BN_mul_word(ret,BN_DEC_CONV); - BN_add_word(ret,l); - l=0; - j=0; - } - } - ret->neg=neg; - - bn_fix_top(ret); - *bn=ret; - return(num); -err: - if (*bn == NULL) BN_free(ret); - return(0); - } - -#ifndef NO_BIO -#ifndef NO_FP_API -int BN_print_fp(FILE *fp, const BIGNUM *a) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - return(0); - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=BN_print(b,a); - BIO_free(b); - return(ret); - } -#endif - -int BN_print(BIO *bp, const BIGNUM *a) - { - int i,j,v,z=0; - int ret=0; - - if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; - for (i=a->top-1; i >=0; i--) - { - for (j=BN_BITS2-4; j >= 0; j-=4) - { - /* strip leading zeros */ - v=((int)(a->d[i]>>(long)j))&0x0f; - if (z || (v != 0)) - { - if (BIO_write(bp,&(Hex[v]),1) != 1) - goto end; - z=1; - } - } - } - ret=1; -end: - return(ret); - } -#endif - -#ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n) - { - int i; - fprintf(o, "%s=", a); - for (i=n-1;i>=0;i--) - fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */ - fprintf(o, "\n"); - } -#endif diff --git a/AppleCSP/open_ssl/bn/bn_rand.c b/AppleCSP/open_ssl/bn/bn_rand.c deleted file mode 100644 index 05eeff1f..00000000 --- a/AppleCSP/open_ssl/bn/bn_rand.c +++ /dev/null @@ -1,223 +0,0 @@ -/* crypto/bn/bn_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include "bn_lcl.h" -#include - -static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - { - unsigned char *buf=NULL; - int ret=0,bit,bytes,mask; - time_t tim; - - if (bits == 0) - { - BN_zero(rnd); - return 1; - } - - bytes=(bits+7)/8; - bit=(bits-1)%8; - mask=0xff<<(bit+1); - - buf=(unsigned char *)Malloc(bytes); - if (buf == NULL) - { - BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* make a random number and set the top and bottom bits */ - time(&tim); - RAND_add(&tim,sizeof(tim),0); - - if (pseudorand) - { - if (RAND_pseudo_bytes(buf, bytes) == -1) - goto err; - } - else - { - if (RAND_bytes(buf, bytes) <= 0) - goto err; - } - -#if 1 - if (pseudorand == 2) - { - /* generate patterns that are more likely to trigger BN - library bugs */ - int i; - unsigned char c; - - for (i = 0; i < bytes; i++) - { - RAND_pseudo_bytes(&c, 1); - if (c >= 128 && i > 0) - buf[i] = buf[i-1]; - else if (c < 42) - buf[i] = 0; - else if (c < 84) - buf[i] = 255; - } - } -#endif - - if (top != -1) - { - if (top) - { - if (bit == 0) - { - buf[0]=1; - buf[1]|=0x80; - } - else - { - buf[0]|=(3<<(bit-1)); - } - } - else - { - buf[0]|=(1<neg || BN_is_zero(range)) - { - BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); - return 0; - } - - n = BN_num_bits(range); /* n > 0 */ - - if (n == 1) - { - if (!BN_zero(r)) return 0; - } - else if (BN_is_bit_set(range, n - 2)) - { - do - { - /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, -1, 0)) return 0; - } - while (BN_cmp(r, range) >= 0); - } - else - { - /* range = 10..._2, - * so 3*range (= 11..._2) is exactly one bit longer than range */ - do - { - if (!BN_rand(r, n + 1, -1, 0)) return 0; - /* If r < 3*range, use r := r MOD range - * (which is either r, r - range, or r - 2*range). - * Otherwise, iterate once more. - * Since 3*range = 11..._2, each iteration succeeds with - * probability >= .75. */ - if (BN_cmp(r ,range) >= 0) - { - if (!BN_sub(r, r, range)) return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) return 0; - } - } - while (BN_cmp(r, range) >= 0); - } - - return 1; - } diff --git a/AppleCSP/open_ssl/bn/bn_recp.c b/AppleCSP/open_ssl/bn/bn_recp.c deleted file mode 100644 index 6fc6952a..00000000 --- a/AppleCSP/open_ssl/bn/bn_recp.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_recp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -void BN_RECP_CTX_init(BN_RECP_CTX *recp) - { - BN_init(&(recp->N)); - BN_init(&(recp->Nr)); - recp->num_bits=0; - recp->flags=0; - } - -BN_RECP_CTX *BN_RECP_CTX_new(void) - { - BN_RECP_CTX *ret; - - if ((ret=(BN_RECP_CTX *)Malloc(sizeof(BN_RECP_CTX))) == NULL) - return(NULL); - - BN_RECP_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } - -void BN_RECP_CTX_free(BN_RECP_CTX *recp) - { - if(recp == NULL) - return; - - BN_free(&(recp->N)); - BN_free(&(recp->Nr)); - if (recp->flags & BN_FLG_MALLOCED) - Free(recp); - } - -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) - { - BN_copy(&(recp->N),d); - BN_zero(&(recp->Nr)); - recp->num_bits=BN_num_bits(d); - recp->shift=0; - return(1); - } - -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp, - BN_CTX *ctx) - { - int ret=0; - BIGNUM *a; - - BN_CTX_start(ctx); - if ((a = BN_CTX_get(ctx)) == NULL) goto err; - if (y != NULL) - { - if (x == y) - { if (!BN_sqr(a,x,ctx)) goto err; } - else - { if (!BN_mul(a,x,y,ctx)) goto err; } - } - else - a=x; /* Just do the mod */ - - BN_div_recp(NULL,r,a,recp,ctx); - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp, - BN_CTX *ctx) - { - int i,j,ret=0; - BIGNUM *a,*b,*d,*r; - - BN_CTX_start(ctx); - a=BN_CTX_get(ctx); - b=BN_CTX_get(ctx); - if (dv != NULL) - d=dv; - else - d=BN_CTX_get(ctx); - if (rem != NULL) - r=rem; - else - r=BN_CTX_get(ctx); - if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; - - if (BN_ucmp(m,&(recp->N)) < 0) - { - BN_zero(d); - BN_copy(r,m); - BN_CTX_end(ctx); - return(1); - } - - /* We want the remainder - * Given input of ABCDEF / ab - * we need multiply ABCDEF by 3 digests of the reciprocal of ab - * - */ - i=BN_num_bits(m); - - j=recp->num_bits<<1; - if (j>i) i=j; - j>>=1; - - if (i != recp->shift) - recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), - i,ctx); - - if (!BN_rshift(a,m,j)) goto err; - if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; - if (!BN_rshift(d,b,i-j)) goto err; - d->neg=0; - if (!BN_mul(b,&(recp->N),d,ctx)) goto err; - if (!BN_usub(r,m,b)) goto err; - r->neg=0; - -#if 1 - j=0; - while (BN_ucmp(r,&(recp->N)) >= 0) - { - if (j++ > 2) - { - BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); - goto err; - } - if (!BN_usub(r,r,&(recp->N))) goto err; - if (!BN_add_word(d,1)) goto err; - } -#endif - - r->neg=BN_is_zero(r)?0:m->neg; - d->neg=m->neg^recp->N.neg; - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -/* len is the expected size of the result - * We actually calculate with an extra word of precision, so - * we can do faster division if the remainder is not required. - */ -int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx) - { - int ret= -1; - BIGNUM t; - - BN_init(&t); - - BN_zero(&t); - if (!BN_set_bit(&t,len)) goto err; - - if (!BN_div(r,NULL,&t,m,ctx)) goto err; - ret=len; -err: - BN_free(&t); - return(ret); - } - diff --git a/AppleCSP/open_ssl/bn/bn_shift.c b/AppleCSP/open_ssl/bn/bn_shift.c deleted file mode 100644 index 879a6757..00000000 --- a/AppleCSP/open_ssl/bn/bn_shift.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_shift.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -int BN_lshift1(BIGNUM *r, BIGNUM *a) - { - register BN_ULONG *ap,*rp,t,c; - int i; - - if (r != a) - { - r->neg=a->neg; - if (bn_wexpand(r,a->top+1) == NULL) return(0); - r->top=a->top; - } - else - { - if (bn_wexpand(r,a->top+1) == NULL) return(0); - } - ap=a->d; - rp=r->d; - c=0; - for (i=0; itop; i++) - { - t= *(ap++); - *(rp++)=((t<<1)|c)&BN_MASK2; - c=(t & BN_TBIT)?1:0; - } - if (c) - { - *rp=1; - r->top++; - } - return(1); - } - -int BN_rshift1(BIGNUM *r, BIGNUM *a) - { - BN_ULONG *ap,*rp,t,c; - int i; - - if (BN_is_zero(a)) - { - BN_zero(r); - return(1); - } - if (a != r) - { - if (bn_wexpand(r,a->top) == NULL) return(0); - r->top=a->top; - r->neg=a->neg; - } - ap=a->d; - rp=r->d; - c=0; - for (i=a->top-1; i>=0; i--) - { - t=ap[i]; - rp[i]=((t>>1)&BN_MASK2)|c; - c=(t&1)?BN_TBIT:0; - } - bn_fix_top(r); - return(1); - } - -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) - { - int i,nw,lb,rb; - BN_ULONG *t,*f; - BN_ULONG l; - - r->neg=a->neg; - if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0); - nw=n/BN_BITS2; - lb=n%BN_BITS2; - rb=BN_BITS2-lb; - f=a->d; - t=r->d; - t[a->top+nw]=0; - if (lb == 0) - for (i=a->top-1; i>=0; i--) - t[nw+i]=f[i]; - else - for (i=a->top-1; i>=0; i--) - { - l=f[i]; - t[nw+i+1]|=(l>>rb)&BN_MASK2; - t[nw+i]=(l<top=a->top+nw+1; - bn_fix_top(r); - return(1); - } - -int BN_rshift(BIGNUM *r, BIGNUM *a, int n) - { - int i,j,nw,lb,rb; - BN_ULONG *t,*f; - BN_ULONG l,tmp; - - nw=n/BN_BITS2; - rb=n%BN_BITS2; - lb=BN_BITS2-rb; - if (nw > a->top) - { - BN_zero(r); - return(1); - } - if (r != a) - { - r->neg=a->neg; - if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); - } - - f= &(a->d[nw]); - t=r->d; - j=a->top-nw; - r->top=j; - - if (rb == 0) - { - for (i=j+1; i > 0; i--) - *(t++)= *(f++); - } - else - { - l= *(f++); - for (i=1; i>rb)&BN_MASK2; - l= *(f++); - *(t++) =(tmp|(l<>rb)&BN_MASK2; - } - *t=0; - bn_fix_top(r); - return(1); - } diff --git a/AppleCSP/open_ssl/bn/bn_sqr.c b/AppleCSP/open_ssl/bn/bn_sqr.c deleted file mode 100644 index 0c08ced2..00000000 --- a/AppleCSP/open_ssl/bn/bn_sqr.c +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_sqr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -/* r must not be a */ -/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ -int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx) - { - int max,al; - int ret = 0; - BIGNUM *tmp,*rr; - -#ifdef BN_COUNT -printf("BN_sqr %d * %d\n",a->top,a->top); -#endif - bn_check_top(a); - - al=a->top; - if (al <= 0) - { - r->top=0; - return(1); - } - - BN_CTX_start(ctx); - rr=(a != r) ? r : BN_CTX_get(ctx); - tmp=BN_CTX_get(ctx); - if (tmp == NULL) goto err; - - max=(al+al); - if (bn_wexpand(rr,max+1) == NULL) goto err; - - r->neg=0; - if (al == 4) - { -#ifndef BN_SQR_COMBA - BN_ULONG t[8]; - bn_sqr_normal(rr->d,a->d,4,t); -#else - bn_sqr_comba4(rr->d,a->d); -#endif - } - else if (al == 8) - { -#ifndef BN_SQR_COMBA - BN_ULONG t[16]; - bn_sqr_normal(rr->d,a->d,8,t); -#else - bn_sqr_comba8(rr->d,a->d); -#endif - } - else - { -#if defined(BN_RECURSION) - if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) - { - BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; - bn_sqr_normal(rr->d,a->d,al,t); - } - else - { - int j,k; - - j=BN_num_bits_word((BN_ULONG)al); - j=1<<(j-1); - k=j+j; - if (al == j) - { - if (bn_wexpand(a,k*2) == NULL) goto err; - if (bn_wexpand(tmp,k*2) == NULL) goto err; - bn_sqr_recursive(rr->d,a->d,al,tmp->d); - } - else - { - if (bn_wexpand(tmp,max) == NULL) goto err; - bn_sqr_normal(rr->d,a->d,al,tmp->d); - } - } -#else - if (bn_wexpand(tmp,max) == NULL) goto err; - bn_sqr_normal(rr->d,a->d,al,tmp->d); -#endif - } - - rr->top=max; - if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; - if (rr != r) BN_copy(r,rr); - ret = 1; - err: - BN_CTX_end(ctx); - return(ret); - } - -/* tmp must have 2*n words */ -void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp) - { - int i,j,max; - BN_ULONG *ap,*rp; - - max=n*2; - ap=a; - rp=r; - rp[0]=rp[max-1]=0; - rp++; - j=n; - - if (--j > 0) - { - ap++; - rp[j]=bn_mul_words(rp,ap,j,ap[-1]); - rp+=2; - } - - for (i=n-2; i>0; i--) - { - j--; - ap++; - rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); - rp+=2; - } - - bn_add_words(r,r,r,max); - - /* There will not be a carry */ - - bn_sqr_words(tmp,a,n); - - bn_add_words(r,r,tmp,max); - } - -#ifdef BN_RECURSION -/* r is 2*n words in size, - * a and b are both n words in size. - * n must be a power of 2. - * We multiply and return the result. - * t must be 2*n words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t) - { - int n=n2/2; - int zero,c1; - BN_ULONG ln,lo,*p; - -#ifdef BN_COUNT -printf(" bn_sqr_recursive %d * %d\n",n2,n2); -#endif - if (n2 == 4) - { -#ifndef BN_SQR_COMBA - bn_sqr_normal(r,a,4,t); -#else - bn_sqr_comba4(r,a); -#endif - return; - } - else if (n2 == 8) - { -#ifndef BN_SQR_COMBA - bn_sqr_normal(r,a,8,t); -#else - bn_sqr_comba8(r,a); -#endif - return; - } - if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) - { - bn_sqr_normal(r,a,n2,t); - return; - } - /* r=(a[0]-a[1])*(a[1]-a[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - zero=0; - if (c1 > 0) - bn_sub_words(t,a,&(a[n]),n); - else if (c1 < 0) - bn_sub_words(t,&(a[n]),a,n); - else - zero=1; - - /* The result will always be negative unless it is zero */ - p= &(t[n2*2]); - - if (!zero) - bn_sqr_recursive(&(t[n2]),t,n,p); - else - memset(&(t[n2]),0,n*sizeof(BN_ULONG)); - bn_sqr_recursive(r,a,n,p); - bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); - - /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); - - /* t[32] is negative */ - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - - /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) - * r[10] holds (a[0]*a[0]) - * r[32] holds (a[1]*a[1]) - * c1 holds the carry bits - */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); - lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; - - /* The overflow will stop before we over write - * words we should not overwrite */ - if (ln < (BN_ULONG)c1) - { - do { - p++; - lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } - } - } -#endif diff --git a/AppleCSP/open_ssl/bn/bn_word.c b/AppleCSP/open_ssl/bn/bn_word.c deleted file mode 100644 index d970d351..00000000 --- a/AppleCSP/open_ssl/bn/bn_word.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn_word.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) - { -#ifndef BN_LLONG - BN_ULONG ret=0; -#else - BN_ULLONG ret=0; -#endif - int i; - - w&=BN_MASK2; - for (i=a->top-1; i>=0; i--) - { -#ifndef BN_LLONG - ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%w; - ret=((ret<d[i]&BN_MASK2l))%w; -#else - ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% - (BN_ULLONG)w); -#endif - } - return((BN_ULONG)ret); - } - -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG ret; - int i; - - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; - for (i=a->top-1; i>=0; i--) - { - BN_ULONG l,d; - - l=a->d[i]; - d=bn_div_words(ret,l,w); - ret=(l-((d*w)&BN_MASK2))&BN_MASK2; - a->d[i]=d; - } - if ((a->top > 0) && (a->d[a->top-1] == 0)) - a->top--; - return(ret); - } - -int BN_add_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG l; - int i; - - if (a->neg) - { - a->neg=0; - i=BN_sub_word(a,w); - if (!BN_is_zero(a)) - a->neg=1; - return(i); - } - w&=BN_MASK2; - if (bn_wexpand(a,a->top+1) == NULL) return(0); - i=0; - for (;;) - { - l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; - a->d[i]=l; - if (w > l) - w=1; - else - break; - i++; - } - if (i >= a->top) - a->top++; - return(1); - } - -int BN_sub_word(BIGNUM *a, BN_ULONG w) - { - int i; - - if (a->neg) - { - a->neg=0; - i=BN_add_word(a,w); - a->neg=1; - return(i); - } - - w&=BN_MASK2; - if ((a->top == 1) && (a->d[0] < w)) - { - a->d[0]=w-a->d[0]; - a->neg=1; - return(1); - } - i=0; - for (;;) - { - if (a->d[i] >= w) - { - a->d[i]-=w; - break; - } - else - { - a->d[i]=(a->d[i]-w)&BN_MASK2; - i++; - w=1; - } - } - if ((a->d[i] == 0) && (i == (a->top-1))) - a->top--; - return(1); - } - -int BN_mul_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG ll; - - w&=BN_MASK2; - if (a->top) - { - ll=bn_mul_words(a->d,a->d,a->top,w); - if (ll) - { - if (bn_wexpand(a,a->top+1) == NULL) return(0); - a->d[a->top++]=ll; - } - } - return(1); - } - diff --git a/AppleCSP/open_ssl/bn/bnspeed.c b/AppleCSP/open_ssl/bn/bnspeed.c deleted file mode 100644 index 41b47b06..00000000 --- a/AppleCSP/open_ssl/bn/bnspeed.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* unused */ - -/* crypto/bn/bnspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 1000000 -#undef PROG -#define PROG bnspeed_main - -#include -#include -#include -#include -#include -#include - -#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) -#define TIMES -#endif - -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run=0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret < 1e-3)?1e-3:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); - } -#endif - } - -#define NUM_SIZES 5 -static int sizes[NUM_SIZES]={128,256,512,1024,2048}; -/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */ - -void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); - -int main(int argc, char **argv) - { - BN_CTX *ctx; - BIGNUM a,b,c; - - ctx=BN_CTX_new(); - BN_init(&a); - BN_init(&b); - BN_init(&c); - - do_mul(&a,&b,&c,ctx); - } - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - int i,j,k; - double tm; - long num; - - for (i=0; i %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num); - } - } - - for (i=0; i %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num); - } - - for (i=0; i %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num); - } - } - } - diff --git a/AppleCSP/open_ssl/bn/bntest.c b/AppleCSP/open_ssl/bn/bntest.c deleted file mode 100644 index 4549814f..00000000 --- a/AppleCSP/open_ssl/bn/bntest.c +++ /dev/null @@ -1,1096 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bntest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include "openssl/e_os.h" - -#include -#include -#include -#include -#include - -#ifdef WINDOWS -#include "../bio/bss_file.c" -#endif - -const int num0 = 100; /* number of tests */ -const int num1 = 50; /* additional tests for some functions */ -const int num2 = 5; /* number of tests for slow functions */ - -int test_add(BIO *bp); -int test_sub(BIO *bp); -int test_lshift1(BIO *bp); -int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_); -int test_rshift1(BIO *bp); -int test_rshift(BIO *bp,BN_CTX *ctx); -int test_div(BIO *bp,BN_CTX *ctx); -int test_div_recp(BIO *bp,BN_CTX *ctx); -int test_mul(BIO *bp); -int test_sqr(BIO *bp,BN_CTX *ctx); -int test_mont(BIO *bp,BN_CTX *ctx); -int test_mod(BIO *bp,BN_CTX *ctx); -int test_mod_mul(BIO *bp,BN_CTX *ctx); -int test_mod_exp(BIO *bp,BN_CTX *ctx); -int test_exp(BIO *bp,BN_CTX *ctx); -int rand_neg(void); -static int results=0; - -#ifdef NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - -static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" -"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -static void message(BIO *out, char *m) - { - fprintf(stderr, "test %s\n", m); -#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */ - BIO_puts(out, "print \"test "); - BIO_puts(out, m); - BIO_puts(out, "\\n\"\n"); -#endif - } - -int main(int argc, char *argv[]) - { - BN_CTX *ctx; - BIO *out; - char *outfile=NULL; - - results = 0; - - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ - - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-results") == 0) - results=1; - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) break; - outfile= *(++argv); - } - argc--; - argv++; - } - - - ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); - - out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (!BIO_write_filename(out,outfile)) - { - perror(outfile); - exit(1); - } - } - - if (!results) - BIO_puts(out,"obase=16\nibase=16\n"); - - message(out,"BN_add"); - if (!test_add(out)) goto err; - BIO_flush(out); - - message(out,"BN_sub"); - if (!test_sub(out)) goto err; - BIO_flush(out); - - message(out,"BN_lshift1"); - if (!test_lshift1(out)) goto err; - BIO_flush(out); - - message(out,"BN_lshift (fixed)"); - if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) - goto err; - BIO_flush(out); - - message(out,"BN_lshift"); - if (!test_lshift(out,ctx,NULL)) goto err; - BIO_flush(out); - - message(out,"BN_rshift1"); - if (!test_rshift1(out)) goto err; - BIO_flush(out); - - message(out,"BN_rshift"); - if (!test_rshift(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_sqr"); - if (!test_sqr(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mul"); - if (!test_mul(out)) goto err; - BIO_flush(out); - - message(out,"BN_div"); - if (!test_div(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_div_recp"); - if (!test_div_recp(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod"); - if (!test_mod(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod_mul"); - if (!test_mod_mul(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mont"); - if (!test_mont(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod_exp"); - if (!test_mod_exp(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_exp"); - if (!test_exp(out,ctx)) goto err; - BIO_flush(out); - - BN_CTX_free(ctx); - BIO_free(out); - -/**/ - exit(0); -err: - BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices - * the failure, see test_bn in test/Makefile.ssl*/ - BIO_flush(out); - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - return(1); - } - -int test_add(BIO *bp) - { - BIGNUM a,b,c; - int i; - int j; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - BN_rand(&a,512,0,0); - for (i=0; iN)); -#endif - BN_print(bp,&a); - BIO_puts(bp," * "); - BN_print(bp,&b); - BIO_puts(bp," % "); - BN_print(bp,&(mont->N)); - BIO_puts(bp," - "); - } - BN_print(bp,&A); - BIO_puts(bp,"\n"); - } - BN_mod_mul(&d,&a,&b,&n,ctx); - BN_sub(&d,&d,&A); - if(!BN_is_zero(&d)) - { - fprintf(stderr,"Montgomery multiplication test failed!\n"); - return 0; - } - } - BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); - return(1); - } - -int test_mod(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i; - int j; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - BN_rand(a,1024,0,0); /**/ - for (i=0; ineg=rand_neg(); - b->neg=rand_neg(); - if (bp == NULL) - for (j=0; j<100; j++) - BN_mod(c,a,b,ctx);/**/ - BN_mod(c,a,b,ctx);/**/ - if (bp != NULL) - { - if (!results) - { - BN_print(bp,a); - BIO_puts(bp," % "); - BN_print(bp,b); - BIO_puts(bp," - "); - } - BN_print(bp,c); - BIO_puts(bp,"\n"); - } - BN_div(d,e,a,b,ctx); - BN_sub(e,e,c); - if(!BN_is_zero(e)) - { - fprintf(stderr,"Modulo test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return(1); - } - -int test_mod_mul(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - BN_rand(c,1024,0,0); /**/ - for (i=0; ineg=rand_neg(); - b->neg=rand_neg(); - /* if (bp == NULL) - for (j=0; j<100; j++) - BN_mod_mul(d,a,b,c,ctx);*/ /**/ - - if (!BN_mod_mul(e,a,b,c,ctx)) - { - unsigned long l; - - while ((l=ERR_get_error())) - fprintf(stderr,"ERROR:%s\n", - ERR_error_string(l,NULL)); - exit(1); - } - if (bp != NULL) - { - if (!results) - { - BN_print(bp,a); - BIO_puts(bp," * "); - BN_print(bp,b); - BIO_puts(bp," % "); - BN_print(bp,c); - BIO_puts(bp," - "); - } - BN_print(bp,e); - BIO_puts(bp,"\n"); - } - BN_mul(d,a,b,ctx); - BN_sub(d,d,e); - BN_div(a,b,d,c,ctx); - if(!BN_is_zero(b)) - { - fprintf(stderr,"Modulo multiply test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return(1); - } - -int test_mod_exp(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - BN_rand(c,30,0,1); /* must be odd for montgomery */ - for (i=0; ineg=rand_neg(); - } - for (i=0; ineg=rand_neg(); - for (i=0; ineg=rand_neg(); - for (i=0; ineg=rand_neg(); - for (i=0; i -#include - -static int rand(n) -{ - unsigned char x[2]; - RAND_pseudo_bytes(x,2); - return (x[0] + 2*x[1]); -} - -static void bug(char *m, BIGNUM *a, BIGNUM *b) -{ - printf("%s!\na=",m); - BN_print_fp(stdout, a); - printf("\nb="); - BN_print_fp(stdout, b); - printf("\n"); - fflush(stdout); -} - -main() -{ - BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(), - *C=BN_new(), *D=BN_new(); - BN_RECP_CTX *recp=BN_RECP_CTX_new(); - BN_CTX *ctx=BN_CTX_new(); - - for(;;) { - BN_pseudo_rand(a,rand(),0,0); - BN_pseudo_rand(b,rand(),0,0); - if (BN_is_zero(b)) continue; - - BN_RECP_CTX_set(recp,b,ctx); - if (BN_div(C,D,a,b,ctx) != 1) - bug("BN_div failed",a,b); - if (BN_div_recp(c,d,a,recp,ctx) != 1) - bug("BN_div_recp failed",a,b); - else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0) - bug("mismatch",a,b); - } -} diff --git a/AppleCSP/open_ssl/bn/exp.c b/AppleCSP/open_ssl/bn/exp.c deleted file mode 100644 index 7daec41d..00000000 --- a/AppleCSP/open_ssl/bn/exp.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* unused */ - -#include -#include -#include "bn_lcl.h" - -#define SIZE 256 -#define NUM (8*8*8) -#define MOD (8*8*8*8*8) - -main(argc,argv) -int argc; -char *argv[]; - { - BN_CTX ctx; - BIGNUM a,b,c,r,rr,t,l; - int j,i,size=SIZE,num=NUM,mod=MOD; - char *start,*end; - BN_MONT_CTX mont; - double d,md; - - BN_MONT_CTX_init(&mont); - BN_CTX_init(&ctx); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&r); - - start=ms_time_new(); - end=ms_time_new(); - while (size <= 1024*8) - { - BN_rand(&a,size,0,0); - BN_rand(&b,size,1,0); - BN_rand(&c,size,0,1); - - BN_mod(&a,&a,&c,&ctx); - - ms_time_get(start); - for (i=0; i<10; i++) - BN_MONT_CTX_set(&mont,&c,&ctx); - ms_time_get(end); - md=ms_time_diff(start,end); - - ms_time_get(start); - for (i=0; i -#include -#include -#include -#include -#include - -#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) -#define TIMES -#endif - -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run=0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret < 1e-3)?1e-3:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); - } -#endif - } - -#define NUM_SIZES 6 -static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192}; -static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1}; -/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */ - -void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); - -int main(int argc, char **argv) - { - BN_CTX *ctx; - BIGNUM *a,*b,*c,*r; - - ctx=BN_CTX_new(); - a=BN_new(); - b=BN_new(); - c=BN_new(); - r=BN_new(); - - do_mul_exp(r,a,b,c,ctx); - } - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) - { - int i,k; - double tm; - long num; - BN_MONT_CTX m; - - memset(&m,0,sizeof(m)); - - num=BASENUM; - for (i=0; i %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num); - num/=7; - if (num <= 0) num=1; - } - - } - diff --git a/AppleCSP/open_ssl/bn/exptest.c b/AppleCSP/open_ssl/bn/exptest.c deleted file mode 100644 index 92ce6b00..00000000 --- a/AppleCSP/open_ssl/bn/exptest.c +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/exptest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include -#include -#ifdef WINDOWS -#include "../bio/bss_file.c" -#endif - -#define NUM_BITS (BN_BITS*2) - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) - { - BN_CTX *ctx; - BIO *out=NULL; - int i,ret; - unsigned char c; - BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; - - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ - - ERR_load_BN_strings(); - - ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); - r_mont=BN_new(); - r_recp=BN_new(); - r_simple=BN_new(); - a=BN_new(); - b=BN_new(); - m=BN_new(); - if ( (r_mont == NULL) || (r_recp == NULL) || - (a == NULL) || (b == NULL)) - goto err; - - out=BIO_new(BIO_s_file()); - - if (out == NULL) exit(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - for (i=0; i<200; i++) - { - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(a,NUM_BITS+c,0,0); - - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(b,NUM_BITS+c,0,0); - - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(m,NUM_BITS+c,0,1); - - BN_mod(a,a,m,ctx); - BN_mod(b,b,m,ctx); - - ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL); - if (ret <= 0) - { - printf("BN_mod_exp_mont() problems\n"); - ERR_print_errors(out); - exit(1); - } - - ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); - if (ret <= 0) - { - printf("BN_mod_exp_recp() problems\n"); - ERR_print_errors(out); - exit(1); - } - - ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); - if (ret <= 0) - { - printf("BN_mod_exp_simple() problems\n"); - ERR_print_errors(out); - exit(1); - } - - if (BN_cmp(r_simple, r_mont) == 0 - && BN_cmp(r_simple,r_recp) == 0) - { - printf("."); - fflush(stdout); - } - else - { - if (BN_cmp(r_simple,r_mont) != 0) - printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple,r_recp) != 0) - printf("\nsimple and recp results differ\n"); - - printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a); - printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b); - printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m); - printf("\nsimple ="); BN_print(out,r_simple); - printf("\nrecp ="); BN_print(out,r_recp); - printf("\nmont ="); BN_print(out,r_mont); - printf("\n"); - exit(1); - } - } - BN_free(r_mont); - BN_free(r_recp); - BN_free(r_simple); - BN_free(a); - BN_free(b); - BN_free(m); - BN_CTX_free(ctx); - ERR_remove_state(0); - CRYPTO_mem_leaks(out); - BIO_free(out); - printf(" done\n"); - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors(out); - exit(1); - return(1); - } - diff --git a/AppleCSP/open_ssl/bn/vms-helper.c b/AppleCSP/open_ssl/bn/vms-helper.c deleted file mode 100644 index f0ec672a..00000000 --- a/AppleCSP/open_ssl/bn/vms-helper.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* vms-helper.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -bn_div_words_abort(int i) -{ -#if !defined(NO_STDIO) && !defined(WIN16) - fprintf(stderr,"Division would overflow (%d)\n",i); -#endif - abort(); -} diff --git a/AppleCSP/open_ssl/buffer/buf_err.c b/AppleCSP/open_ssl/buffer/buf_err.c deleted file mode 100644 index 223547fd..00000000 --- a/AppleCSP/open_ssl/buffer/buf_err.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/buffer/buf_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA BUF_str_functs[]= - { -{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, -{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, -{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, -{0,NULL} - }; - -static ERR_STRING_DATA BUF_str_reasons[]= - { -{0,NULL} - }; - -#endif - -void ERR_load_BUF_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); - ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); -#endif - - } - } diff --git a/AppleCSP/open_ssl/buffer/buffer.c b/AppleCSP/open_ssl/buffer/buffer.c deleted file mode 100644 index 5fa4d11d..00000000 --- a/AppleCSP/open_ssl/buffer/buffer.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/buffer/buffer.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include - -BUF_MEM *BUF_MEM_new(void) - { - BUF_MEM *ret; - - ret=Malloc(sizeof(BUF_MEM)); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->length=0; - ret->max=0; - ret->data=NULL; - return(ret); - } - -void BUF_MEM_free(BUF_MEM *a) - { - if(a == NULL) - return; - - if (a->data != NULL) - { - memset(a->data,0,(unsigned int)a->max); - Free(a->data); - } - Free(a); - } - -int BUF_MEM_grow(BUF_MEM *str, int len) - { - char *ret; - unsigned int n; - - if (str->length >= len) - { - str->length=len; - return(len); - } - if (str->max >= len) - { - memset(&str->data[str->length],0,len-str->length); - str->length=len; - return(len); - } - n=(len+3)/3*4; - if (str->data == NULL) - ret=Malloc(n); - else - ret=Realloc(str->data,n); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); - len=0; - } - else - { - str->data=ret; - str->length=len; - str->max=n; - } - return(len); - } - -char *BUF_strdup(const char *str) - { - char *ret; - int n; - - if (str == NULL) return(NULL); - - n=strlen(str); - ret=Malloc(n+1); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memcpy(ret,str,n+1); - return(ret); - } - diff --git a/AppleCSP/open_ssl/cast/c_ecb.c b/AppleCSP/open_ssl/cast/c_ecb.c deleted file mode 100644 index 0b3da9ad..00000000 --- a/AppleCSP/open_ssl/cast/c_ecb.c +++ /dev/null @@ -1,80 +0,0 @@ -/* crypto/cast/c_ecb.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_lcl.h" -#include - -const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT; - -void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - CAST_KEY *ks, int enc) - { - CAST_LONG l,d[2]; - - n2l(in,l); d[0]=l; - n2l(in,l); d[1]=l; - if (enc) - CAST_encrypt(d,ks); - else - CAST_decrypt(d,ks); - l=d[0]; l2n(l,out); - l=d[1]; l2n(l,out); - l=d[0]=d[1]=0; - } - diff --git a/AppleCSP/open_ssl/cast/c_enc.c b/AppleCSP/open_ssl/cast/c_enc.c deleted file mode 100644 index 33c7066d..00000000 --- a/AppleCSP/open_ssl/cast/c_enc.c +++ /dev/null @@ -1,210 +0,0 @@ -/* crypto/cast/c_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_lcl.h" - -void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) - { - register CAST_LONG l,r,*k,t; - - k= &(key->data[0]); - l=data[0]; - r=data[1]; - - E_CAST( 0,k,l,r,+,^,-); - E_CAST( 1,k,r,l,^,-,+); - E_CAST( 2,k,l,r,-,+,^); - E_CAST( 3,k,r,l,+,^,-); - E_CAST( 4,k,l,r,^,-,+); - E_CAST( 5,k,r,l,-,+,^); - E_CAST( 6,k,l,r,+,^,-); - E_CAST( 7,k,r,l,^,-,+); - E_CAST( 8,k,l,r,-,+,^); - E_CAST( 9,k,r,l,+,^,-); - E_CAST(10,k,l,r,^,-,+); - E_CAST(11,k,r,l,-,+,^); - if(!key->short_key) - { - E_CAST(12,k,l,r,+,^,-); - E_CAST(13,k,r,l,^,-,+); - E_CAST(14,k,l,r,-,+,^); - E_CAST(15,k,r,l,+,^,-); - } - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; - } - -void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) - { - register CAST_LONG l,r,*k,t; - - k= &(key->data[0]); - l=data[0]; - r=data[1]; - - if(!key->short_key) - { - E_CAST(15,k,l,r,+,^,-); - E_CAST(14,k,r,l,-,+,^); - E_CAST(13,k,l,r,^,-,+); - E_CAST(12,k,r,l,+,^,-); - } - E_CAST(11,k,l,r,-,+,^); - E_CAST(10,k,r,l,^,-,+); - E_CAST( 9,k,l,r,+,^,-); - E_CAST( 8,k,r,l,-,+,^); - E_CAST( 7,k,l,r,^,-,+); - E_CAST( 6,k,r,l,+,^,-); - E_CAST( 5,k,l,r,-,+,^); - E_CAST( 4,k,r,l,^,-,+); - E_CAST( 3,k,l,r,+,^,-); - E_CAST( 2,k,r,l,-,+,^); - E_CAST( 1,k,l,r,^,-,+); - E_CAST( 0,k,r,l,+,^,-); - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; - } - -#ifndef __APPLE__ -/* CBC logic not needed here */ -void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc) - { - register CAST_LONG tin0,tin1; - register CAST_LONG tout0,tout1,xor0,xor1; - register long l=length; - CAST_LONG tin[2]; - - if (enc) - { - n2l(iv,tout0); - n2l(iv,tout1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - CAST_encrypt(tin,ks); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - if (l != -8) - { - n2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - CAST_encrypt(tin,ks); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - l2n(tout0,iv); - l2n(tout1,iv); - } - else - { - n2l(iv,xor0); - n2l(iv,xor1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - CAST_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2n(tout0,out); - l2n(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - CAST_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2nn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2n(xor0,iv); - l2n(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif /* __APPLE__ */ diff --git a/AppleCSP/open_ssl/cast/c_skey.c b/AppleCSP/open_ssl/cast/c_skey.c deleted file mode 100644 index 76e40005..00000000 --- a/AppleCSP/open_ssl/cast/c_skey.c +++ /dev/null @@ -1,166 +0,0 @@ -/* crypto/cast/c_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_lcl.h" -#include "cast_s.h" - -#define CAST_exp(l,A,a,n) \ - A[n/4]=l; \ - a[n+3]=(l )&0xff; \ - a[n+2]=(l>> 8)&0xff; \ - a[n+1]=(l>>16)&0xff; \ - a[n+0]=(l>>24)&0xff; - -#define S4 CAST_S_table4 -#define S5 CAST_S_table5 -#define S6 CAST_S_table6 -#define S7 CAST_S_table7 - -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) - { - CAST_LONG x[16]; - CAST_LONG z[16]; - CAST_LONG k[32]; - CAST_LONG X[4],Z[4]; - CAST_LONG l,*K; - int i; - - for (i=0; i<16; i++) x[i]=0; - if (len > 16) len=16; - for (i=0; ishort_key=1; - else - key->short_key=0; - - K= &k[0]; - X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; - X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL; - X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL; - X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL; - - for (;;) - { - l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; - CAST_exp(l,Z,z, 0); - l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; - CAST_exp(l,Z,z, 4); - l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; - CAST_exp(l,Z,z, 8); - l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; - CAST_exp(l,Z,z,12); - - K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]]; - K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]]; - K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]]; - K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]]; - - l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; - CAST_exp(l,X,x, 0); - l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; - CAST_exp(l,X,x, 4); - l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; - CAST_exp(l,X,x, 8); - l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; - CAST_exp(l,X,x,12); - - K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]]; - K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]]; - K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]]; - K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]]; - - l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; - CAST_exp(l,Z,z, 0); - l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; - CAST_exp(l,Z,z, 4); - l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; - CAST_exp(l,Z,z, 8); - l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; - CAST_exp(l,Z,z,12); - - K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]]; - K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]]; - K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]]; - K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]]; - - l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; - CAST_exp(l,X,x, 0); - l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; - CAST_exp(l,X,x, 4); - l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; - CAST_exp(l,X,x, 8); - l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; - CAST_exp(l,X,x,12); - - K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]]; - K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]]; - K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]]; - K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]]; - if (K != k) break; - K+=16; - } - - for (i=0; i<16; i++) - { - key->data[i*2]=k[i]; - key->data[i*2+1]=((k[i+16])+16)&0x1f; - } - } - diff --git a/AppleCSP/open_ssl/cast/cast_lcl.h b/AppleCSP/open_ssl/cast/cast_lcl.h deleted file mode 100644 index dcd9798f..00000000 --- a/AppleCSP/open_ssl/cast/cast_lcl.h +++ /dev/null @@ -1,239 +0,0 @@ -/* crypto/cast/cast_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifdef WIN32 -#include -#endif - - -#include "openssl/e_os.h" /* OPENSSL_EXTERN */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#if defined(__GNUC__) && defined(__ppc__) -/* alignment tolerant big-endian optimization */ - #define n2l(c,l) { l= *((unsigned long *)c); c += 4; } -#else -/* little endian, etc. */ - #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) -#endif - -#undef l2n -#if defined(__GNUC__) && defined(__ppc__) - /* alignment tolerant big-endian optimization */ - #define l2n(l,c) { *((unsigned long *)c) = l; c += 4; } -#else - /* little endian, etc. */ - #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#endif /* GNU, big endian */ - -#if defined(WIN32) && defined(_MSC_VER) -#define ROTL(a,n) (_lrotl(a,n)) -#else -#define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n)))) -#endif - -#define C_M 0x3fc -#define C_0 22L -#define C_1 14L -#define C_2 6L -#define C_3 2L /* left shift */ - -/* The rotate has an extra 16 added to it to help the x86 asm */ -#if defined(CAST_PTR) -#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - t=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - t=ROTL(t,i); \ - L^= (((((*(CAST_LONG *)((unsigned char *) \ - CAST_S_table0+((t>>C_2)&C_M)) OP2 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ - } -#elif defined(CAST_PTR2) -#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - CAST_LONG u,v,w; \ - w=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - w=ROTL(w,i); \ - u=w>>C_2; \ - v=w<>C_0; \ - t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ - v=w>>C_1; \ - u&=C_M; \ - v&=C_M; \ - t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ - t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ - L^=(t&0xffffffff); \ - } -#else -#define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - CAST_LONG a,b,c,d; \ - t=(key[n*2] OP1 R)&0xffffffff; \ - t=ROTL(t,(key[n*2+1])); \ - a=CAST_S_table0[(t>> 8)&0xff]; \ - b=CAST_S_table1[(t )&0xff]; \ - c=CAST_S_table2[(t>>24)&0xff]; \ - d=CAST_S_table3[(t>>16)&0xff]; \ - L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ - } -#endif - -OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; diff --git a/AppleCSP/open_ssl/cast/cast_s.h b/AppleCSP/open_ssl/cast/cast_s.h deleted file mode 100644 index c483fd5e..00000000 --- a/AppleCSP/open_ssl/cast/cast_s.h +++ /dev/null @@ -1,585 +0,0 @@ -/* crypto/cast/cast_s.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={ - 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a, - 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949, - 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675, - 0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e, - 0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2, - 0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d, - 0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f, - 0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0, - 0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de, - 0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7, - 0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f, - 0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935, - 0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d, - 0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d, - 0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165, - 0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50, - 0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272, - 0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe, - 0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d, - 0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3, - 0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a, - 0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167, - 0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f, - 0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291, - 0xd7894360,0x425c750d,0x93b39e26,0x187184c9, - 0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779, - 0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6, - 0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2, - 0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9, - 0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511, - 0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e, - 0x31366241,0x051ef495,0xaa573b04,0x4a805d8d, - 0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e, - 0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5, - 0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82, - 0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324, - 0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac, - 0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c, - 0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f, - 0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc, - 0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491, - 0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d, - 0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de, - 0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96, - 0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a, - 0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a, - 0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79, - 0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d, - 0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779, - 0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd, - 0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755, - 0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6, - 0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb, - 0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9, - 0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0, - 0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872, - 0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79, - 0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c, - 0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298, - 0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e, - 0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571, - 0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9, - 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d, - 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={ - 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380, - 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651, - 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba, - 0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3, - 0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909, - 0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb, - 0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b, - 0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806, - 0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4, - 0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b, - 0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f, - 0x62143154,0x0d554b63,0x5d681121,0xc866c359, - 0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21, - 0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b, - 0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d, - 0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c, - 0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f, - 0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34, - 0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d, - 0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb, - 0xe8256333,0x844e8212,0x128d8098,0xfed33fb4, - 0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd, - 0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801, - 0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860, - 0x54f03084,0x066ff472,0xa31aa153,0xdadc4755, - 0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b, - 0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709, - 0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304, - 0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b, - 0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b, - 0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c, - 0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf, - 0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9, - 0x0beeff53,0xe3214517,0xb4542835,0x9f63293c, - 0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3, - 0xf33401c6,0x30a22c95,0x31a70850,0x60930f13, - 0x73f98417,0xa1269859,0xec645c44,0x52c877a9, - 0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f, - 0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab, - 0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6, - 0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4, - 0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6, - 0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43, - 0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58, - 0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8, - 0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906, - 0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171, - 0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d, - 0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89, - 0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6, - 0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b, - 0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4, - 0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb, - 0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6, - 0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e, - 0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f, - 0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea, - 0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249, - 0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea, - 0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa, - 0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd, - 0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9, - 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef, - 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={ - 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907, - 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90, - 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae, - 0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5, - 0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e, - 0xb9afa820,0xfade82e0,0xa067268b,0x8272792e, - 0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc, - 0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240, - 0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e, - 0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5, - 0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f, - 0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b, - 0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99, - 0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71, - 0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f, - 0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04, - 0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380, - 0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82, - 0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8, - 0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15, - 0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504, - 0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2, - 0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6, - 0x94fd6574,0x927985b2,0x8276dbcb,0x02778176, - 0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e, - 0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148, - 0xef303cab,0x984faf28,0x779faf9b,0x92dc560d, - 0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc, - 0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1, - 0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341, - 0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c, - 0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e, - 0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15, - 0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51, - 0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4, - 0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f, - 0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b, - 0x6d498623,0x193cbcfa,0x27627545,0x825cf47a, - 0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392, - 0x10428db7,0x8272a972,0x9270c4a8,0x127de50b, - 0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231, - 0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b, - 0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889, - 0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5, - 0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67, - 0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45, - 0x3a609437,0xec00c9a9,0x44715253,0x0a874b49, - 0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536, - 0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d, - 0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc, - 0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d, - 0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0, - 0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e, - 0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69, - 0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767, - 0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2, - 0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce, - 0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49, - 0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24, - 0xaf96da0f,0x68458425,0x99833be5,0x600d457d, - 0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0, - 0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a, - 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5, - 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={ - 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298, - 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1, - 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120, - 0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf, - 0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220, - 0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15, - 0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe, - 0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121, - 0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701, - 0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25, - 0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b, - 0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5, - 0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93, - 0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb, - 0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746, - 0xc9335400,0x6920318f,0x081dbb99,0xffc304a5, - 0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9, - 0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d, - 0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb, - 0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6, - 0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c, - 0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23, - 0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7, - 0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003, - 0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340, - 0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6, - 0xe756bdff,0xdd3369ac,0xec17b035,0x06572327, - 0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119, - 0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec, - 0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24, - 0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205, - 0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a, - 0x6701902c,0x9b757a54,0x31d477f7,0x9126b031, - 0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79, - 0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5, - 0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df, - 0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c, - 0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26, - 0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69, - 0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab, - 0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9, - 0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7, - 0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff, - 0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417, - 0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3, - 0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2, - 0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2, - 0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2, - 0x109873f6,0x00613096,0xc32d9521,0xada121ff, - 0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a, - 0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091, - 0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919, - 0x77079103,0xdea03af6,0x78a8565e,0xdee356df, - 0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef, - 0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf, - 0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876, - 0x39e4460c,0x1fda8538,0x1987832f,0xca007367, - 0xa99144f8,0x296b299e,0x492fc295,0x9266beab, - 0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c, - 0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04, - 0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43, - 0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282, - 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e, - 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={ - 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911, - 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f, - 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00, - 0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a, - 0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180, - 0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff, - 0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2, - 0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02, - 0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725, - 0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a, - 0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b, - 0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7, - 0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571, - 0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9, - 0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec, - 0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981, - 0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea, - 0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774, - 0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263, - 0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655, - 0x911e739a,0x17af8975,0x32c7911c,0x89f89468, - 0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2, - 0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b, - 0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910, - 0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284, - 0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1, - 0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4, - 0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da, - 0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7, - 0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049, - 0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce, - 0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f, - 0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6, - 0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba, - 0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4, - 0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be, - 0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561, - 0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3, - 0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6, - 0x309e374f,0x2cb6356a,0x85808573,0x4991f840, - 0x76f0ae02,0x083be84d,0x28421c9a,0x44489406, - 0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4, - 0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472, - 0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2, - 0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487, - 0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7, - 0x445f7382,0x175683f4,0xcdc66a97,0x70be0288, - 0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5, - 0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2, - 0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e, - 0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78, - 0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e, - 0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76, - 0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801, - 0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0, - 0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad, - 0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58, - 0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0, - 0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2, - 0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20, - 0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be, - 0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8, - 0xe822fe15,0x88570983,0x750e6249,0xda627e55, - 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={ - 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c, - 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac, - 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9, - 0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138, - 0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e, - 0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367, - 0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866, - 0xa084db2d,0x09a8486f,0xa888614a,0x2900af98, - 0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c, - 0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072, - 0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd, - 0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3, - 0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53, - 0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd, - 0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d, - 0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8, - 0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf, - 0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9, - 0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807, - 0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54, - 0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a, - 0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387, - 0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563, - 0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc, - 0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0, - 0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf, - 0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be, - 0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf, - 0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0, - 0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f, - 0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2, - 0x372b74af,0x692573e4,0xe9a9d848,0xf3160289, - 0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853, - 0x20951063,0x4576698d,0xb6fad407,0x592af950, - 0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa, - 0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f, - 0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9, - 0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b, - 0x7dede786,0xc39a3373,0x42410005,0x6a091751, - 0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be, - 0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358, - 0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13, - 0x8cf63166,0x061c87be,0x88c98f88,0x6062e397, - 0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976, - 0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459, - 0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0, - 0x3007cd3e,0x74719eef,0xdc872681,0x073340d4, - 0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891, - 0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f, - 0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da, - 0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb, - 0xe2969123,0x257f0c3d,0x9348af49,0x361400bc, - 0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2, - 0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084, - 0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab, - 0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25, - 0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b, - 0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121, - 0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b, - 0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5, - 0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855, - 0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd, - 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454, - 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={ - 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693, - 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f, - 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82, - 0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de, - 0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd, - 0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43, - 0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f, - 0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19, - 0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9, - 0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2, - 0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e, - 0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516, - 0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83, - 0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88, - 0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e, - 0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816, - 0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a, - 0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756, - 0xc06eba30,0x07211b24,0x45c28829,0xc95e317f, - 0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a, - 0xad4ebc46,0x468f508b,0x7829435f,0xf124183b, - 0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264, - 0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78, - 0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688, - 0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d, - 0xf7debb85,0x61fe033c,0x16746233,0x3c034c28, - 0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802, - 0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3, - 0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9, - 0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7, - 0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302, - 0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06, - 0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858, - 0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033, - 0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a, - 0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a, - 0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4, - 0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566, - 0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df, - 0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509, - 0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9, - 0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962, - 0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c, - 0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e, - 0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07, - 0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c, - 0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939, - 0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c, - 0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e, - 0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285, - 0x74904698,0x4c2b0edd,0x4f757656,0x5d393378, - 0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301, - 0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd, - 0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be, - 0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567, - 0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767, - 0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2, - 0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647, - 0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf, - 0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914, - 0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2, - 0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c, - 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada, - 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3, - }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={ - 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095, - 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5, - 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174, - 0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc, - 0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940, - 0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd, - 0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42, - 0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d, - 0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164, - 0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2, - 0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4, - 0x38129022,0xce949ad4,0xb84769ad,0x965bd862, - 0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0, - 0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc, - 0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6, - 0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c, - 0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491, - 0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e, - 0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b, - 0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039, - 0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8, - 0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8, - 0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006, - 0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42, - 0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564, - 0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5, - 0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab, - 0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472, - 0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc, - 0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225, - 0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8, - 0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c, - 0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441, - 0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb, - 0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f, - 0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054, - 0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504, - 0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70, - 0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c, - 0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc, - 0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6, - 0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c, - 0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd, - 0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3, - 0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4, - 0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4, - 0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc, - 0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101, - 0x730edebc,0x5b643113,0x94917e4f,0x503c2fba, - 0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f, - 0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf, - 0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e, - 0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603, - 0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a, - 0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37, - 0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c, - 0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819, - 0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384, - 0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d, - 0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c, - 0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347, - 0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82, - 0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d, - 0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e, - }; diff --git a/AppleCSP/open_ssl/cryptlib.c b/AppleCSP/open_ssl/cryptlib.c deleted file mode 100644 index 50255293..00000000 --- a/AppleCSP/open_ssl/cryptlib.c +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/cryptlib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include - -#if defined(WIN32) || defined(WIN16) -static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -#endif - -/* real #defines in crypto.h, keep these upto date */ -#if defined(LOCK_DEBUG) -static const char* const lock_names[CRYPTO_NUM_LOCKS] = - { - "<>", - "err", - "err_hash", - "x509", - "x509_info", - "x509_pkey", - "x509_crl", - "x509_req", - "dsa", - "rsa", - "evp_pkey", - "x509_store", - "ssl_ctx", - "ssl_cert", - "ssl_session", - "ssl_sess_cert", - "ssl", - "rand", - "debug_malloc", - "BIO", - "gethostbyname", - "getservbyname", - "readdir", - "RSA_blinding", - "dh", - "debug_malloc2", -#if CRYPTO_NUM_LOCKS != 26 -# error "Inconsistency between crypto.h and cryptlib.c" -#endif - }; -#endif /*LOCK_DEBUG*/ - -static STACK *app_locks=NULL; - -#if CRYPTO_CALLBACK_ENABLE -static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=NULL; -static int (MS_FAR *add_lock_callback)(int *pointer,int amount, - int type,const char *file,int line)=NULL; -static unsigned long (MS_FAR *id_callback)(void)=NULL; -#endif /* CRYPTO_CALLBACK_ENABLE */ - -int CRYPTO_get_new_lockid(char *name) - { - char *str; - int i; - - /* A hack to make Visual C++ 5.0 work correctly when linking as - * a DLL using /MT. Without this, the application cannot use - * and floating point printf's. - * It also seems to be needed for Visual C 1.5 (win16) */ -#if defined(WIN32) || defined(WIN16) - SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; -#endif - - if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((str=BUF_strdup(name)) == NULL) - return(0); - i=sk_push(app_locks,str); - if (!i) - Free(str); - else - i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ - return(i); - } - -int CRYPTO_num_locks(void) - { - return CRYPTO_NUM_LOCKS; - } - -void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, - int line) - { - #if CRYPTO_CALLBACK_ENABLE - return(locking_callback); - #else - return NULL; - #endif - } - -int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, - const char *file,int line) - { - #if CRYPTO_CALLBACK_ENABLE - return(add_lock_callback); - #else - return NULL; - #endif - } - -void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)) - { - #if CRYPTO_CALLBACK_ENABLE - locking_callback=func; - #endif - } - -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, - const char *file,int line)) - { - #if CRYPTO_CALLBACK_ENABLE - add_lock_callback=func; - #endif - } - -unsigned long (*CRYPTO_get_id_callback(void))(void) - { - #if CRYPTO_CALLBACK_ENABLE - return(id_callback); - #else - return NULL; - #endif - } - -void CRYPTO_set_id_callback(unsigned long (*func)(void)) - { - #if CRYPTO_CALLBACK_ENABLE - id_callback=func; - #endif - } - -unsigned long CRYPTO_thread_id(void) - { - unsigned long ret=0; - -#if CRYPTO_CALLBACK_ENABLE - if (id_callback == NULL) - { -#ifdef WIN16 - ret=(unsigned long)GetCurrentTask(); -#elif defined(WIN32) - ret=(unsigned long)GetCurrentThreadId(); -#elif defined(GETPID_IS_MEANINGLESS) - ret=1L; -#else - ret=(unsigned long)getpid(); -#endif - } - else - ret=id_callback(); -#endif /* CRYPTO_CALLBACK_ENABLE */ - return(ret); - } - -void CRYPTO_lock(int mode, int type, const char *file, int line) - { -#ifdef LOCK_DEBUG - { - char *rw_text,*operation_text; - - if (mode & CRYPTO_LOCK) - operation_text="lock "; - else if (mode & CRYPTO_UNLOCK) - operation_text="unlock"; - else - operation_text="ERROR "; - - if (mode & CRYPTO_READ) - rw_text="r"; - else if (mode & CRYPTO_WRITE) - rw_text="w"; - else - rw_text="ERROR"; - - fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", - CRYPTO_thread_id(), rw_text, operation_text, - CRYPTO_get_lock_name(type), file, line); - } -#endif -#if CRYPTO_CALLBACK_ENABLE - if (locking_callback != NULL) - locking_callback(mode,type,file,line); -#endif - } - -int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, - int line) - { - int ret; -#if CRYPTO_CALLBACK_ENABLE - if (add_lock_callback != NULL) - { -#ifdef LOCK_DEBUG - int before= *pointer; -#endif - - ret=add_lock_callback(pointer,amount,type,file,line); -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - before,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - *pointer=ret; - } - else -#endif /* CRYPTO_CALLBACK_ENABLE */ - { - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); - - ret= *pointer+amount; -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - *pointer,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - *pointer=ret; - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); - } - return(ret); - } - -#ifdef LOCK_DEBUG -const char *CRYPTO_get_lock_name(int type) - { - if (type < 0) - return("ERROR"); - else if (type < CRYPTO_NUM_LOCKS) - return(lock_names[type]); - else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) - return("ERROR"); - else - return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); - } -#endif /*LOCK_DEBUG*/ - -#ifdef _DLL -#ifdef WIN32 - -/* All we really need to do is remove the 'error' state when a thread - * detaches */ - -BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, - LPVOID lpvReserved) - { - switch(fdwReason) - { - case DLL_PROCESS_ATTACH: - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - ERR_remove_state(0); - break; - case DLL_PROCESS_DETACH: - break; - } - return(TRUE); - } -#endif - -#endif diff --git a/AppleCSP/open_ssl/cryptlib.h b/AppleCSP/open_ssl/cryptlib.h deleted file mode 100644 index 438031b3..00000000 --- a/AppleCSP/open_ssl/cryptlib.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/cryptlib.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_CRYPTLIB_H -#define HEADER_CRYPTLIB_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#include "openssl/e_os.h" - -#include -#include -#include -#include -#include - -#ifndef VMS -#define X509_CERT_AREA OPENSSLDIR -#define X509_CERT_DIR OPENSSLDIR "/certs" -#define X509_CERT_FILE OPENSSLDIR "/cert.pem" -#define X509_PRIVATE_DIR OPENSSLDIR "/private" -#else -#define X509_CERT_AREA "SSLROOT:[000000]" -#define X509_CERT_DIR "SSLCERTS:" -#define X509_CERT_FILE "SSLCERTS:cert.pem" -#define X509_PRIVATE_DIR "SSLPRIVATE:" -#endif - -#define X509_CERT_DIR_EVP "SSL_CERT_DIR" -#define X509_CERT_FILE_EVP "SSL_CERT_FILE" - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/dh/dh_check.c b/AppleCSP/open_ssl/dh/dh_check.c deleted file mode 100644 index 3737f379..00000000 --- a/AppleCSP/open_ssl/dh/dh_check.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh_check.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -/* Check that p is a safe prime and - * if g is 2, 3 or 5, check that is is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. - */ - -int DH_check(DH *dh, int *ret) - { - int ok=0; - BN_CTX *ctx=NULL; - BN_ULONG l; - BIGNUM *q=NULL; - - *ret=0; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - q=BN_new(); - if (q == NULL) goto err; - - if (BN_is_word(dh->g,DH_GENERATOR_2)) - { - l=BN_mod_word(dh->p,24); - if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#if 0 - else if (BN_is_word(dh->g,DH_GENERATOR_3)) - { - l=BN_mod_word(dh->p,12); - if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#endif - else if (BN_is_word(dh->g,DH_GENERATOR_5)) - { - l=BN_mod_word(dh->p,10); - if ((l != 3) && (l != 7)) - *ret|=DH_NOT_SUITABLE_GENERATOR; - } - else - *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - - if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_PRIME; - else - { - if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_SAFE_PRIME; - } - ok=1; -err: - if (ctx != NULL) BN_CTX_free(ctx); - if (q != NULL) BN_free(q); - return(ok); - } diff --git a/AppleCSP/open_ssl/dh/dh_err.c b/AppleCSP/open_ssl/dh/dh_err.c deleted file mode 100644 index edf04592..00000000 --- a/AppleCSP/open_ssl/dh/dh_err.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA DH_str_functs[]= - { -{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, -{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, -{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, -{ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"}, -{0,NULL} - }; - -static ERR_STRING_DATA DH_str_reasons[]= - { -{DH_R_NO_PRIVATE_VALUE ,"no private value"}, -{0,NULL} - }; - -#endif - -void ERR_load_DH_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_DH,DH_str_functs); - ERR_load_strings(ERR_LIB_DH,DH_str_reasons); -#endif - - } - } diff --git a/AppleCSP/open_ssl/dh/dh_gen.c b/AppleCSP/open_ssl/dh/dh_gen.c deleted file mode 100644 index e0d7ffba..00000000 --- a/AppleCSP/open_ssl/dh/dh_gen.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh_gen.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -/* We generate DH parameters as follows - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if - * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. - * Since the factors of p-1 are q and 2, we just need to check - * g^2 mod p != 1 and g^q mod p != 1. - * - * Having said all that, - * there is another special case method for the generators 2, 3 and 5. - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for safe primes. - * for 5, p mod 10 == 3 or 7 - * - * Thanks to Phil Karn for the pointers about the - * special generators and for answering some of my questions. - * - * I've implemented the second simple method :-). - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ - -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) - { - BIGNUM *p=NULL,*t1,*t2; - DH *ret=NULL; - int g,ok= -1; - BN_CTX *ctx=NULL; - - ret=DH_new(); - if (ret == NULL) goto err; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) goto err; - - if (generator == DH_GENERATOR_2) - { - BN_set_word(t1,24); - BN_set_word(t2,11); - g=2; - } -#ifdef undef /* does not work for safe primes */ - else if (generator == DH_GENERATOR_3) - { - BN_set_word(t1,12); - BN_set_word(t2,5); - g=3; - } -#endif - else if (generator == DH_GENERATOR_5) - { - BN_set_word(t1,10); - BN_set_word(t2,3); - /* BN_set_word(t3,7); just have to miss - * out on these ones :-( */ - g=5; - } - else - g=generator; - - p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); - if (p == NULL) goto err; - if (callback != NULL) callback(3,0,cb_arg); - ret->p=p; - ret->g=BN_new(); - if (!BN_set_word(ret->g,g)) goto err; - ok=1; -err: - if (ok == -1) - { - DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); - ok=0; - } - - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (!ok && (ret != NULL)) - { - DH_free(ret); - ret=NULL; - } - return(ret); - } diff --git a/AppleCSP/open_ssl/dh/dh_key.c b/AppleCSP/open_ssl/dh/dh_key.c deleted file mode 100644 index d1af8573..00000000 --- a/AppleCSP/open_ssl/dh/dh_key.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh_key.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -static int generate_key(DH *dh); -static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); -static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int dh_init(DH *dh); -static int dh_finish(DH *dh); - -int DH_generate_key(DH *dh) - { - return dh->meth->generate_key(dh); - } - -int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) - { - return dh->meth->compute_key(key, pub_key, dh); - } - -static DH_METHOD dh_ossl = { -"OpenSSL DH Method", -generate_key, -compute_key, -dh_bn_mod_exp, -dh_init, -dh_finish, -0, -NULL -}; - -DH_METHOD *DH_OpenSSL(void) -{ - return &dh_ossl; -} - -static int generate_key(DH *dh) - { - int ok=0; - BN_CTX ctx; - BN_MONT_CTX *mont; - BIGNUM *pub_key=NULL,*priv_key=NULL; - - BN_CTX_init(&ctx); - - if (dh->priv_key == NULL) - { - priv_key=BN_new(); - if (priv_key == NULL) goto err; - do - if (!BN_rand_range(priv_key, dh->p)) goto err; - while (BN_is_zero(priv_key)); - } - else - priv_key=dh->priv_key; - - if (dh->pub_key == NULL) - { - pub_key=BN_new(); - if (pub_key == NULL) goto err; - } - else - pub_key=dh->pub_key; - - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) - { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,&ctx)) goto err; - } - mont=(BN_MONT_CTX *)dh->method_mont_p; - - if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) - goto err; - - dh->pub_key=pub_key; - dh->priv_key=priv_key; - ok=1; -err: - if (ok != 1) - DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); - - if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); - BN_CTX_free(&ctx); - return(ok); - } - -static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) - { - BN_CTX ctx; - BN_MONT_CTX *mont; - BIGNUM *tmp; - int ret= -1; - - BN_CTX_init(&ctx); - BN_CTX_start(&ctx); - tmp = BN_CTX_get(&ctx); - - if (dh->priv_key == NULL) - { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); - goto err; - } - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) - { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,&ctx)) goto err; - } - - mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont)) - { - DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); - goto err; - } - - ret=BN_bn2bin(tmp,key); -err: - BN_CTX_end(&ctx); - BN_CTX_free(&ctx); - return(ret); - } - -static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - if (a->top == 1) - { - BN_ULONG A = a->d[0]; - return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); - } - else - return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); - } - - -static int dh_init(DH *dh) - { - dh->flags |= DH_FLAG_CACHE_MONT_P; - return(1); - } - -static int dh_finish(DH *dh) - { - if(dh->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); - return(1); - } diff --git a/AppleCSP/open_ssl/dh/dh_lib.c b/AppleCSP/open_ssl/dh/dh_lib.c deleted file mode 100644 index ff639b2a..00000000 --- a/AppleCSP/open_ssl/dh/dh_lib.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; - -static DH_METHOD *default_DH_method; -static int dh_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; - -void DH_set_default_method(DH_METHOD *meth) -{ - default_DH_method = meth; -} - -DH_METHOD *DH_get_default_method(void) -{ - if(!default_DH_method) default_DH_method = DH_OpenSSL(); - return default_DH_method; -} - -DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) -{ - DH_METHOD *mtmp; - mtmp = dh->meth; - if (mtmp->finish) mtmp->finish(dh); - dh->meth = meth; - if (meth->init) meth->init(dh); - return mtmp; -} - -DH *DH_new(void) -{ - return DH_new_method(NULL); -} - -DH *DH_new_method(DH_METHOD *meth) - { - DH *ret; - ret=(DH *)Malloc(sizeof(DH)); - - if (ret == NULL) - { - DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - if(meth) ret->meth = meth; - else ret->meth = DH_get_default_method(); - ret->pad=0; - ret->version=0; - ret->p=NULL; - ret->g=NULL; - ret->length=0; - ret->pub_key=NULL; - ret->priv_key=NULL; - ret->q=NULL; - ret->j=NULL; - ret->seed = NULL; - ret->seedlen = 0; - ret->counter = NULL; - ret->method_mont_p=NULL; - ret->references = 1; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); - Free(ret); - ret=NULL; - } - return(ret); - } - -void DH_free(DH *r) - { - int i; - if(r == NULL) return; - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); -#ifdef REF_PRINT - REF_PRINT("DH",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DH_free, bad reference count\n"); - abort(); - } -#endif - - if(r->meth->finish) r->meth->finish(r); - - CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); - - if (r->p != NULL) BN_clear_free(r->p); - if (r->g != NULL) BN_clear_free(r->g); - if (r->q != NULL) BN_clear_free(r->q); - if (r->j != NULL) BN_clear_free(r->j); - if (r->seed) Free(r->seed); - if (r->counter != NULL) BN_clear_free(r->counter); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - Free(r); - } - -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - dh_meth_num++; - return(CRYPTO_get_ex_new_index(dh_meth_num-1, - &dh_meth,argl,argp,new_func,dup_func,free_func)); - } - -int DH_set_ex_data(DH *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } - -void *DH_get_ex_data(DH *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } - -int DH_size(DH *dh) - { - return(BN_num_bytes(dh->p)); - } diff --git a/AppleCSP/open_ssl/dsa/dsa_asn1.c b/AppleCSP/open_ssl/dsa/dsa_asn1.c deleted file mode 100644 index ac46c6cb..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_asn1.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_asn1.c */ - -#include -#include "cryptlib.h" -#include -#include -#ifndef _OPENSSL_APPLE_CDSA_ -#include -#endif - -DSA_SIG *DSA_SIG_new(void) -{ - DSA_SIG *ret; - - ret = Malloc(sizeof(DSA_SIG)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->r = NULL; - ret->s = NULL; - return(ret); -} - -void DSA_SIG_free(DSA_SIG *r) -{ - if (r == NULL) return; - if (r->r) BN_clear_free(r->r); - if (r->s) BN_clear_free(r->s); - Free(r); -} - -#ifndef _OPENSSL_APPLE_CDSA_ - -int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp) -{ - int t=0,len; - ASN1_INTEGER rbs,sbs; - unsigned char *p; - - rbs.data=Malloc(BN_num_bits(v->r)/8+1); - if (rbs.data == NULL) - { - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - rbs.type=V_ASN1_INTEGER; - rbs.length=BN_bn2bin(v->r,rbs.data); - sbs.data=Malloc(BN_num_bits(v->s)/8+1); - if (sbs.data == NULL) - { - Free(rbs.data); - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - sbs.type=V_ASN1_INTEGER; - sbs.length=BN_bn2bin(v->s,sbs.data); - - len=i2d_ASN1_INTEGER(&rbs,NULL); - len+=i2d_ASN1_INTEGER(&sbs,NULL); - - if (pp) - { - p=*pp; - ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_INTEGER(&rbs,&p); - i2d_ASN1_INTEGER(&sbs,&p); - } - t=ASN1_object_size(1,len,V_ASN1_SEQUENCE); - Free(rbs.data); - Free(sbs.data); - return(t); -} - -DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length) -{ - int i=ERR_R_NESTED_ASN1_ERROR; - ASN1_INTEGER *bs=NULL; - M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) - goto err_bn; - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) - goto err_bn; - M_ASN1_BIT_STRING_free(bs); - M_ASN1_D2I_Finish_2(a); - -err_bn: - i=ERR_R_BN_LIB; -err: - DSAerr(DSA_F_D2I_DSA_SIG,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); - if (bs != NULL) M_ASN1_BIT_STRING_free(bs); - return(NULL); -} - -#endif /* _OPENSSL_APPLE_CDSA_ */ diff --git a/AppleCSP/open_ssl/dsa/dsa_err.c b/AppleCSP/open_ssl/dsa/dsa_err.c deleted file mode 100644 index 9ddab261..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_err.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA DSA_str_functs[]= - { -{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, -{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, -{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, -{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, -{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, -{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, -{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, -{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, -{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, -{0,NULL} - }; - -static ERR_STRING_DATA DSA_str_reasons[]= - { -{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{0,NULL} - }; - -#endif - -void ERR_load_DSA_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); - ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); -#endif - - } - } diff --git a/AppleCSP/open_ssl/dsa/dsa_gen.c b/AppleCSP/open_ssl/dsa/dsa_gen.c deleted file mode 100644 index 951b4b80..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_gen.c +++ /dev/null @@ -1,312 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_gen.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH SHA -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH SHA1 -#endif - -#ifndef NO_SHA - -#include -#include -#include "cryptlib.h" -#include -#include -#include -#include - -DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) - { - int ok=0; - unsigned char seed[SHA_DIGEST_LENGTH]; - unsigned char md[SHA_DIGEST_LENGTH]; - unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; - BIGNUM *r0,*W,*X,*c,*test; - BIGNUM *g=NULL,*q=NULL,*p=NULL; - BN_MONT_CTX *mont=NULL; - int k,n=0,i,b,m=0; - int counter=0; - int r=0; - BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; - unsigned int h=2; - DSA *ret=NULL; - - if (bits < 512) bits=512; - bits=(bits+63)/64*64; - - if (seed_len < 20) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > 20) - seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ - if ((seed_in != NULL) && (seed_len == 20)) - memcpy(seed,seed_in,seed_len); - - if ((ctx=BN_CTX_new()) == NULL) goto err; - if ((ctx2=BN_CTX_new()) == NULL) goto err; - if ((ctx3=BN_CTX_new()) == NULL) goto err; - if ((ret=DSA_new()) == NULL) goto err; - - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - - BN_CTX_start(ctx2); - r0 = BN_CTX_get(ctx2); - g = BN_CTX_get(ctx2); - W = BN_CTX_get(ctx2); - q = BN_CTX_get(ctx2); - X = BN_CTX_get(ctx2); - c = BN_CTX_get(ctx2); - p = BN_CTX_get(ctx2); - test = BN_CTX_get(ctx2); - - BN_lshift(test,BN_value_one(),bits-1); - - for (;;) - { - for (;;) /* find q */ - { - int seed_is_random; - - /* step 1 */ - if (callback != NULL) callback(0,m++,cb_arg); - - if (!seed_len) - { - RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); - seed_is_random = 1; - } - else - { - seed_is_random = 0; - seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ - } - memcpy(buf,seed,SHA_DIGEST_LENGTH); - memcpy(buf2,seed,SHA_DIGEST_LENGTH); - /* precompute "SEED + 1" for step 7: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) - { - buf[i]++; - if (buf[i] != 0) break; - } - - /* step 2 */ - HASH(seed,SHA_DIGEST_LENGTH,md); - HASH(buf,SHA_DIGEST_LENGTH,buf2); - for (i=0; i 0) - break; - if (r != 0) - goto err; - - /* do a callback call */ - /* step 5 */ - } - - if (callback != NULL) callback(2,0,cb_arg); - if (callback != NULL) callback(3,0,cb_arg); - - /* step 6 */ - counter=0; - /* "offset = 2" */ - - n=(bits-1)/160; - b=(bits-1)-n*160; - - for (;;) - { - if (callback != NULL && counter != 0) - callback(0,counter,cb_arg); - - /* step 7 */ - BN_zero(W); - /* now 'buf' contains "SEED + offset - 1" */ - for (k=0; k<=n; k++) - { - /* obtain "SEED + offset + k" by incrementing: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) - { - buf[i]++; - if (buf[i] != 0) break; - } - - HASH(buf,SHA_DIGEST_LENGTH,md); - - /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) - goto err; - BN_lshift(r0,r0,160*k); - BN_add(W,W,r0); - } - - /* more of step 8 */ - BN_mask_bits(W,bits-1); - BN_copy(X,W); /* this should be ok */ - BN_add(X,X,test); /* this should be ok */ - - /* step 9 */ - BN_lshift1(r0,q); - BN_mod(c,X,r0,ctx); - BN_sub(r0,c,BN_value_one()); - BN_sub(p,X,r0); - - /* step 10 */ - if (BN_cmp(p,test) >= 0) - { - /* step 11 */ - r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); - if (r > 0) - goto end; /* found it */ - if (r != 0) - goto err; - } - - /* step 13 */ - counter++; - /* "offset = offset + n + 1" */ - - /* step 14 */ - if (counter >= 4096) break; - } - } -end: - if (callback != NULL) callback(2,1,cb_arg); - - /* We now need to generate g */ - /* Set r0=(p-1)/q */ - BN_sub(test,p,BN_value_one()); - BN_div(r0,NULL,test,q,ctx); - - BN_set_word(test,h); - BN_MONT_CTX_set(mont,p,ctx); - - for (;;) - { - /* g=test^r0%p */ - BN_mod_exp_mont(g,test,r0,p,ctx,mont); - if (!BN_is_one(g)) break; - BN_add(test,test,BN_value_one()); - h++; - } - - if (callback != NULL) callback(3,1,cb_arg); - - ok=1; -err: - if (!ok) - { - if (ret != NULL) DSA_free(ret); - } - else - { - ret->p=BN_dup(p); - ret->q=BN_dup(q); - ret->g=BN_dup(g); - if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); - if (counter_ret != NULL) *counter_ret=counter; - if (h_ret != NULL) *h_ret=h; - } - if (ctx != NULL) BN_CTX_free(ctx); - if (ctx2 != NULL) - { - BN_CTX_end(ctx2); - BN_CTX_free(ctx2); - } - if (ctx3 != NULL) BN_CTX_free(ctx3); - if (mont != NULL) BN_MONT_CTX_free(mont); - return(ok?ret:NULL); - } -#endif diff --git a/AppleCSP/open_ssl/dsa/dsa_key.c b/AppleCSP/open_ssl/dsa/dsa_key.c deleted file mode 100644 index 0af87775..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_key.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_key.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -//#include -#include -#include -#include - -int DSA_generate_key(DSA *dsa) - { - int ok=0; - unsigned int i; - BN_CTX *ctx=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; - - if ((ctx=BN_CTX_new()) == NULL) goto err; - - if (dsa->priv_key == NULL) - { - if ((priv_key=BN_new()) == NULL) goto err; - } - else - priv_key=dsa->priv_key; - - i=BN_num_bits(dsa->q); - for (;;) - { - if (!BN_rand(priv_key,i,1,0)) - goto err; - if (BN_cmp(priv_key,dsa->q) >= 0) - BN_sub(priv_key,priv_key,dsa->q); - if (!BN_is_zero(priv_key)) break; - } - - if (dsa->pub_key == NULL) - { - if ((pub_key=BN_new()) == NULL) goto err; - } - else - pub_key=dsa->pub_key; - - if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err; - - dsa->priv_key=priv_key; - dsa->pub_key=pub_key; - ok=1; - -err: - if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); - if (ctx != NULL) BN_CTX_free(ctx); - return(ok); - } diff --git a/AppleCSP/open_ssl/dsa/dsa_lib.c b/AppleCSP/open_ssl/dsa/dsa_lib.c deleted file mode 100644 index aad0f5e5..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_lib.c +++ /dev/null @@ -1,266 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Original version from Steven Schoch */ - -#include -#include "cryptlib.h" -#include -#include -#include - -const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; - -static const DSA_METHOD *default_DSA_method; -static int dsa_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; - -void DSA_set_default_method(const DSA_METHOD *meth) -{ - default_DSA_method = meth; -} - -const DSA_METHOD *DSA_get_default_method(void) -{ - if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); - return default_DSA_method; -} - -DSA *DSA_new(void) -{ - return DSA_new_method(NULL); -} - -const DSA_METHOD *DSA_set_method(DSA *dsa, const DSA_METHOD *meth) -{ - const DSA_METHOD *mtmp; - mtmp = dsa->meth; - if (mtmp->finish) mtmp->finish(dsa); - dsa->meth = meth; - if (meth->init) meth->init(dsa); - return mtmp; -} - - -DSA *DSA_new_method(const DSA_METHOD *meth) - { - DSA *ret; - - ret=(DSA *)Malloc(sizeof(DSA)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); - if(meth) ret->meth = meth; - else ret->meth = default_DSA_method; - ret->pad=0; - ret->version=0; - ret->write_params=1; - ret->p=NULL; - ret->q=NULL; - ret->g=NULL; - - ret->pub_key=NULL; - ret->priv_key=NULL; - - ret->kinv=NULL; - ret->r=NULL; - ret->method_mont_p=NULL; - - ret->references=1; - ret->flags=ret->meth->flags; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - Free(ret); - ret=NULL; - } - else - CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); - - return(ret); - } - -void DSA_free(DSA *r) - { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); -#ifdef REF_PRINT - REF_PRINT("DSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DSA_free, bad reference count\n"); - abort(); - } -#endif - - CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); - - if(r->meth->finish) r->meth->finish(r); - - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->g != NULL) BN_clear_free(r->g); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - if (r->kinv != NULL) BN_clear_free(r->kinv); - if (r->r != NULL) BN_clear_free(r->r); - Free(r); - } - -#ifndef _OPENSSL_APPLE_CDSA_ -int DSA_size(DSA *r) - { - int ret,i; - ASN1_INTEGER bs; - unsigned char buf[4]; - - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } -#endif /* _OPENSSL_APPLE_CDSA_ */ - -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - dsa_meth_num++; - return(CRYPTO_get_ex_new_index(dsa_meth_num-1, - &dsa_meth,argl,argp,new_func,dup_func,free_func)); - } - -int DSA_set_ex_data(DSA *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } - -void *DSA_get_ex_data(DSA *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } - -#ifndef NO_DH -DH *DSA_dup_DH(DSA *r) - { - /* DSA has p, q, g, optional pub_key, optional priv_key. - * DH has p, optional length, g, optional pub_key, optional priv_key. - */ - - DH *ret = NULL; - - if (r == NULL) - goto err; - ret = DH_new(); - if (ret == NULL) - goto err; - if (r->p != NULL) - if ((ret->p = BN_dup(r->p)) == NULL) - goto err; - if (r->q != NULL) - ret->length = BN_num_bits(r->q); - if (r->g != NULL) - if ((ret->g = BN_dup(r->g)) == NULL) - goto err; - if (r->pub_key != NULL) - if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) - goto err; - if (r->priv_key != NULL) - if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) - goto err; - - return ret; - - err: - if (ret != NULL) - DH_free(ret); - return NULL; - } -#endif diff --git a/AppleCSP/open_ssl/dsa/dsa_ossl.c b/AppleCSP/open_ssl/dsa/dsa_ossl.c deleted file mode 100644 index aae23451..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_ossl.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_ossl.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Original version from Steven Schoch */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa); -static int dsa_init(DSA *dsa); -static int dsa_finish(DSA *dsa); -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - -static const DSA_METHOD openssl_dsa_meth = { -"OpenSSL DSA method", -dsa_do_sign, -dsa_sign_setup, -dsa_do_verify, -dsa_mod_exp, -dsa_bn_mod_exp, -dsa_init, -dsa_finish, -0, -NULL -}; - -const DSA_METHOD *DSA_OpenSSL(void) -{ - return &openssl_dsa_meth; -} - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL; - BIGNUM m; - BIGNUM xr; - BN_CTX *ctx=NULL; - int i,reason=ERR_R_BN_LIB; - DSA_SIG *ret=NULL; - - BN_init(&m); - BN_init(&xr); - s=BN_new(); - if (s == NULL) goto err; - - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; - } - - if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; - - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ - if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ - if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - - ret=DSA_SIG_new(); - if (ret == NULL) goto err; - ret->r = r; - ret->s = s; - -err: - if (!ret) - { - DSAerr(DSA_F_DSA_DO_SIGN,reason); - BN_free(r); - BN_free(s); - } - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&m); - BN_clear_free(&xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - return(ret); - } - -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { - BN_CTX *ctx; - BIGNUM k,*kinv=NULL,*r=NULL; - int ret=0; - - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; - - BN_init(&k); - if ((r=BN_new()) == NULL) goto err; - kinv=NULL; - - /* Get random k */ - for (;;) - { - if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; - if (BN_cmp(&k,dsa->q) >= 0) - BN_sub(&k,&k,dsa->q); - if (!BN_is_zero(&k)) break; - } - - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } - - /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; - if (!BN_mod(r,r,dsa->q,ctx)) goto err; - - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; -err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); - if (kinv != NULL) BN_clear_free(kinv); - BN_clear_free(&k); - return(ret); - } - -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { - BN_CTX *ctx; - BIGNUM u1,u2,t1; - BN_MONT_CTX *mont=NULL; - int ret = -1; - - if ((ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&u1); - BN_init(&u2); - BN_init(&t1); - - /* Calculate W = inv(S) mod Q - * save W in u2 */ - if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; - - /* save M in u1 */ - if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; - - /* u1 = M * w mod q */ - if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; - - /* u2 = r * w mod q */ - if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; - - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } - mont=(BN_MONT_CTX *)dsa->method_mont_p; - -#if 0 - { - BIGNUM t2; - - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); - } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, - dsa->p,ctx,mont)) goto err; - /* BN_copy(&u1,&t1); */ - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif - /* V is now in u1. If the signature is correct, it will be - * equal to R. */ - ret=(BN_ucmp(&u1, sig->r) == 0); - - err: - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); - if (ctx != NULL) BN_CTX_free(ctx); - BN_free(&u1); - BN_free(&u2); - BN_free(&t1); - return(ret); - } - -static int dsa_init(DSA *dsa) -{ - dsa->flags|=DSA_FLAG_CACHE_MONT_P; - return(1); -} - -static int dsa_finish(DSA *dsa) -{ - if(dsa->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); - return(1); -} - -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); -} - -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} diff --git a/AppleCSP/open_ssl/dsa/dsa_sign.c b/AppleCSP/open_ssl/dsa/dsa_sign.c deleted file mode 100644 index e4d62a79..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_sign.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_sign.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Original version from Steven Schoch */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } - -#ifndef _OPENSSL_APPLE_CDSA_ -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) - { - DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); - } -#endif /* _OPENSSL_APPLE_CDSA_ */ - -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); - } - diff --git a/AppleCSP/open_ssl/dsa/dsa_vrf.c b/AppleCSP/open_ssl/dsa/dsa_vrf.c deleted file mode 100644 index 1ed605b7..00000000 --- a/AppleCSP/open_ssl/dsa/dsa_vrf.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa_vrf.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Original version from Steven Schoch */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include -//#include - -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { - return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -#ifndef _OPENSSL_APPLE_CDSA_ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - unsigned char *sigbuf, int siglen, DSA *dsa) - { - DSA_SIG *s; - int ret=-1; - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); - } -#endif /* _OPENSSL_APPLE_CDSA_ */ diff --git a/AppleCSP/open_ssl/err/err.c b/AppleCSP/open_ssl/err/err.c deleted file mode 100644 index 32325ca1..00000000 --- a/AppleCSP/open_ssl/err/err.c +++ /dev/null @@ -1,781 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/err/err.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#include "cryptlib.h" -#include -#include -#include - - -static LHASH *error_hash=NULL; -static LHASH *thread_hash=NULL; - -static unsigned long err_hash(ERR_STRING_DATA *a); -static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); -static unsigned long pid_hash(ERR_STATE *pid); -static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); -static unsigned long get_error_values(int inc,const char **file,int *line, - const char **data,int *flags); -static void ERR_STATE_free(ERR_STATE *s); -#ifndef NO_ERR -static ERR_STRING_DATA ERR_str_libraries[]= - { -{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, -{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, -{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, -{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, -{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, -{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, -{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, -{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, -{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, -{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, -{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, -{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, -{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, -{ERR_PACK(ERR_LIB_METH,0,0) ,"X509 lookup 'method' routines"}, -{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, -{ERR_PACK(ERR_LIB_RSAREF,0,0) ,"RSAref routines"}, -{ERR_PACK(ERR_LIB_PROXY,0,0) ,"Proxy routines"}, -{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, -{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, -{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, -{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, -{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, -{0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_functs[]= - { - {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, - {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, - {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, - {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, - {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, - {ERR_PACK(0,SYS_F_BIND,0), "bind"}, - {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, - {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, -#ifdef WINDOWS - {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, -#endif - {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, - {0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_reasons[]= - { -{ERR_R_FATAL ,"fatal"}, -{ERR_R_SYS_LIB ,"system lib"}, -{ERR_R_BN_LIB ,"BN lib"}, -{ERR_R_RSA_LIB ,"RSA lib"}, -{ERR_R_DH_LIB ,"DH lib"}, -{ERR_R_EVP_LIB ,"EVP lib"}, -{ERR_R_BUF_LIB ,"BUF lib"}, -{ERR_R_BIO_LIB ,"BIO lib"}, -{ERR_R_OBJ_LIB ,"OBJ lib"}, -{ERR_R_PEM_LIB ,"PEM lib"}, -{ERR_R_X509_LIB ,"X509 lib"}, -{ERR_R_METH_LIB ,"METH lib"}, -{ERR_R_ASN1_LIB ,"ASN1 lib"}, -{ERR_R_CONF_LIB ,"CONF lib"}, -{ERR_R_SSL_LIB ,"SSL lib"}, -{ERR_R_PROXY_LIB ,"PROXY lib"}, -{ERR_R_BIO_LIB ,"BIO lib"}, -{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, -{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, -{ERR_R_MALLOC_FAILURE ,"Malloc failure"}, -{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, -{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, -{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, -{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, -{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, -{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, -{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, -{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, - -{0,NULL}, - }; - - -#define NUM_SYS_STR_REASONS 127 -#define LEN_SYS_STR_REASON 32 - -static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -/* SYS_str_reasons is filled with copies of strerror() results at - * initialization. - * 'errno' values up to 127 should cover all usual errors, - * others will be displayed numerically by ERR_error_string. - * It is crucial that we have something for each reason code - * that occurs in ERR_str_reasons, or bogus reason strings - * will be returned for SYSerr(), which always gets an errno - * value and never one of those 'standard' reason codes. */ - -static void build_SYS_str_reasons() - { - /* Malloc cannot be used here, use static storage instead */ - static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; - int i; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH); - - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) - { - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = (unsigned long)i; - if (str->string == NULL) - { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); - char *src = strerror(i); - if (src != NULL) - { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; - str->string = *dest; - } - } - if (str->string == NULL) - str->string = "unknown"; - } - - /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, - * as required by ERR_load_strings. */ - - CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); - } -#endif - -#define err_clear_data(p,i) \ - if (((p)->err_data[i] != NULL) && \ - (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ - { \ - Free((p)->err_data[i]); \ - (p)->err_data[i]=NULL; \ - } \ - (p)->err_data_flags[i]=0; - -static void ERR_STATE_free(ERR_STATE *s) - { - int i; - - if(s == NULL) - return; - - for (i=0; ierror) - { - str->error|=ERR_PACK(lib,0,0); - lh_insert(error_hash,str); - str++; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); - } - -void ERR_free_strings(void) - { - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - - if (error_hash != NULL) - { - lh_free(error_hash); - error_hash=NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - -/********************************************************/ - -void ERR_put_error(int lib, int func, int reason, const char *file, - int line) - { - ERR_STATE *es; - -#ifdef _OSD_POSIX - /* In the BS2000-OSD POSIX subsystem, the compiler generates - * path names in the form "*POSIX(/etc/passwd)". - * This dirty hack strips them to something sensible. - * @@@ We shouldn't modify a const string, though. - */ - if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) { - char *end; - - /* Skip the "*POSIX(" prefix */ - file += sizeof("*POSIX(")-1; - end = &file[strlen(file)-1]; - if (*end == ')') - *end = '\0'; - /* Optional: use the basename of the path only. */ - if ((end = strrchr(file, '/')) != NULL) - file = &end[1]; - } -#endif - es=ERR_get_state(); - - es->top=(es->top+1)%ERR_NUM_ERRORS; - if (es->top == es->bottom) - es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; - es->err_buffer[es->top]=ERR_PACK(lib,func,reason); - es->err_file[es->top]=file; - es->err_line[es->top]=line; - err_clear_data(es,es->top); - } - -void ERR_clear_error(void) - { - ERR_STATE *es; - - es=ERR_get_state(); - -#if 0 - /* hmm... is this needed */ - for (i=0; ierr_buffer[i]=0; - es->err_file[i]=NULL; - es->err_line[i]= -1; - err_clear_data(es,i); - } -#endif - es->top=es->bottom=0; - } - - -unsigned long ERR_get_error(void) - { return(get_error_values(1,NULL,NULL,NULL,NULL)); } - -unsigned long ERR_get_error_line(const char **file, - int *line) - { return(get_error_values(1,file,line,NULL,NULL)); } - -unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags) - { return(get_error_values(1,file,line, - data,flags)); } - -unsigned long ERR_peek_error(void) - { return(get_error_values(0,NULL,NULL,NULL,NULL)); } - -unsigned long ERR_peek_error_line(const char **file, - int *line) - { return(get_error_values(0,file,line,NULL,NULL)); } - -unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags) - { return(get_error_values(0,file,line, - data,flags)); } - -static unsigned long get_error_values(int inc, const char **file, int *line, - const char **data, int *flags) - { - int i=0; - ERR_STATE *es; - unsigned long ret; - - es=ERR_get_state(); - - if (es->bottom == es->top) return(0); - i=(es->bottom+1)%ERR_NUM_ERRORS; - - ret=es->err_buffer[i]; - if (inc) - { - es->bottom=i; - es->err_buffer[i]=0; - } - - if ((file != NULL) && (line != NULL)) - { - if (es->err_file[i] == NULL) - { - *file="NA"; - if (line != NULL) *line=0; - } - else - { - *file=es->err_file[i]; - if (line != NULL) *line=es->err_line[i]; - } - } - - if (data != NULL) - { - if (es->err_data[i] == NULL) - { - *data=""; - if (flags != NULL) *flags=0; - } - else - { - *data=es->err_data[i]; - if (flags != NULL) *flags=es->err_data_flags[i]; - } - } - return(ret); - } - -/* BAD for multi-threaded, uses a local buffer if ret == NULL */ -char *ERR_error_string(unsigned long e, char *ret) - { - #ifdef NO_ERR - if(ret != NULL) { - strcpy(ret, "No Error String Info."); - } - return "No Error String info."; - #else - static char buf[256]; - const char *ls,*fs,*rs; - unsigned long l,f,r; - int i; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - r=ERR_GET_REASON(e); - - ls=ERR_lib_error_string(e); - fs=ERR_func_error_string(e); - rs=ERR_reason_error_string(e); - - if (ret == NULL) ret=buf; - - sprintf(&(ret[0]),"error:%08lX:",e); - i=strlen(ret); - if (ls == NULL) - sprintf(&(ret[i]),":lib(%lu) ",l); - else sprintf(&(ret[i]),"%s",ls); - i=strlen(ret); - if (fs == NULL) - sprintf(&(ret[i]),":func(%lu) ",f); - else sprintf(&(ret[i]),":%s",fs); - i=strlen(ret); - if (rs == NULL) - sprintf(&(ret[i]),":reason(%lu)",r); - else sprintf(&(ret[i]),":%s",rs); - - return(ret); - #endif - } - -LHASH *ERR_get_string_table(void) - { - return(error_hash); - } - -LHASH *ERR_get_err_state_table(void) - { - return(thread_hash); - } - -const char *ERR_lib_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l; - - l=ERR_GET_LIB(e); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); - - if (error_hash != NULL) - { - d.error=ERR_PACK(l,0,0); - p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d); - } - - CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); - - return((p == NULL)?NULL:p->string); - } - -const char *ERR_func_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l,f; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); - - if (error_hash != NULL) - { - d.error=ERR_PACK(l,f,0); - p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d); - } - - CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); - - return((p == NULL)?NULL:p->string); - } - -const char *ERR_reason_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l,r; - - l=ERR_GET_LIB(e); - r=ERR_GET_REASON(e); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); - - if (error_hash != NULL) - { - d.error=ERR_PACK(l,0,r); - p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d); - if (p == NULL) - { - d.error=ERR_PACK(0,0,r); - p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d); - } - } - - CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); - - return((p == NULL)?NULL:p->string); - } - -static unsigned long err_hash(ERR_STRING_DATA *a) - { - unsigned long ret,l; - - l=a->error; - ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); - return(ret^ret%19*13); - } - -static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) - { - return((int)(a->error-b->error)); - } - -static unsigned long pid_hash(ERR_STATE *a) - { - return(a->pid*13); - } - -static int pid_cmp(ERR_STATE *a, ERR_STATE *b) - { - return((int)((long)a->pid - (long)b->pid)); - } - -void ERR_remove_state(unsigned long pid) - { - ERR_STATE *p,tmp; - - if (thread_hash == NULL) - return; - if (pid == 0) - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p=(ERR_STATE *)lh_delete(thread_hash,&tmp); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - if (p != NULL) ERR_STATE_free(p); - } - -static ERR_STATE *fallback = NULL; -static ERR_STATE *getFallback() -{ - if(fallback == NULL) { - fallback = (ERR_STATE *)Malloc(sizeof(ERR_STATE)); - } - return fallback; -} - -ERR_STATE *ERR_get_state(void) - { - ERR_STATE *ret=NULL,tmp,*tmpp; - int i; - unsigned long pid; - - pid=(unsigned long)CRYPTO_thread_id(); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (thread_hash == NULL) - { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (thread_hash == NULL) - { - MemCheck_off(); - thread_hash=lh_new(pid_hash,pid_cmp); - MemCheck_on(); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - if (thread_hash == NULL) return(getFallback()); - } - else - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - else - { - tmp.pid=pid; - ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - } - - /* ret == the error state, if NULL, make a new one */ - if (ret == NULL) - { - ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE)); - if (ret == NULL) return(getFallback()); - ret->pid=pid; - ret->top=0; - ret->bottom=0; - for (i=0; ierr_data[i]=NULL; - ret->err_data_flags[i]=0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - tmpp=(ERR_STATE *)lh_insert(thread_hash,ret); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - if (tmpp != NULL) /* old entry - should not happen */ - { - ERR_STATE_free(tmpp); - } - } - return(ret); - } - -int ERR_get_next_error_library(void) - { - static int value=ERR_LIB_USER; - - return(value++); - } - -void ERR_set_error_data(char *data, int flags) - { - ERR_STATE *es; - int i; - - es=ERR_get_state(); - - i=es->top; - if (i == 0) - i=ERR_NUM_ERRORS-1; - - es->err_data[i]=data; - es->err_data_flags[es->top]=flags; - } - -void ERR_add_error_data(int num, ...) - { - va_list args; - int i,n,s; - char *str,*p,*a; - - s=64; - str=Malloc(s+1); - if (str == NULL) return; - str[0]='\0'; - - va_start(args, num); - n=0; - for (i=0; i */ - if (a != NULL) - { - n+=strlen(a); - if (n > s) - { - s=n+20; - p=Realloc(str,s+1); - if (p == NULL) - { - Free(str); - return; - } - else - str=p; - } - strcat(str,a); - } - } - ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); - - va_end(args); - } - diff --git a/AppleCSP/open_ssl/err/err_prn.c b/AppleCSP/open_ssl/err/err_prn.c deleted file mode 100644 index a878c75f..00000000 --- a/AppleCSP/open_ssl/err/err_prn.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/err/err_prn.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include "cryptlib.h" -#include -#include -#include - -#ifndef NO_FP_API -void ERR_print_errors_fp(FILE *fp) - { - unsigned long l; - char buf[200]; - const char *file,*data; - int line,flags; - unsigned long es; - - es=CRYPTO_thread_id(); - while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) - { - fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf), - file,line,(flags&ERR_TXT_STRING)?data:""); - } - } -#endif - -void ERR_print_errors(BIO *bp) - { - unsigned long l; - char buf[256]; - char buf2[256]; - const char *file,*data; - int line,flags; - unsigned long es; - - es=CRYPTO_thread_id(); - while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) - { - sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf), - file,line); - BIO_write(bp,buf2,strlen(buf2)); - if (flags & ERR_TXT_STRING) - BIO_write(bp,data,strlen(data)); - BIO_write(bp,"\n",1); - } - } - diff --git a/AppleCSP/open_ssl/ex_data.c b/AppleCSP/open_ssl/ex_data.c deleted file mode 100644 index faadeea2..00000000 --- a/AppleCSP/open_ssl/ex_data.c +++ /dev/null @@ -1,241 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/ex_data.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include "cryptlib.h" - -int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - int ret= -1; - CRYPTO_EX_DATA_FUNCS *a; - - MemCheck_off(); - if (*skp == NULL) - *skp=sk_CRYPTO_EX_DATA_FUNCS_new_null(); - if (*skp == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); - goto err; - } - a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); - if (a == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); - goto err; - } - a->argl=argl; - a->argp=argp; - a->new_func=new_func; - a->dup_func=dup_func; - a->free_func=free_func; - while (sk_CRYPTO_EX_DATA_FUNCS_num(*skp) <= idx) - { - if (!sk_CRYPTO_EX_DATA_FUNCS_push(*skp,NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); - Free(a); - goto err; - } - } - sk_CRYPTO_EX_DATA_FUNCS_set(*skp,idx, a); - ret=idx; -err: - MemCheck_on(); - return(idx); - } - -int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) - { - int i; - - if (ad->sk == NULL) - { - if ((ad->sk=sk_new_null()) == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); - return(0); - } - } - i=sk_num(ad->sk); - - while (i <= idx) - { - if (!sk_push(ad->sk,NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); - return(0); - } - i++; - } - sk_set(ad->sk,idx,val); - return(1); - } - -void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx) - { - if (ad->sk == NULL) - return(0); - else if (idx >= sk_num(ad->sk)) - return(0); - else - return(sk_value(ad->sk,idx)); - } - -/* The callback is called with the 'object', which is the original data object - * being duplicated, a pointer to the - * 'new' object to be inserted, the index, and the argi/argp - */ -int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from) - { - int i,j,m,r; - CRYPTO_EX_DATA_FUNCS *mm; - char *from_d; - - if (meth == NULL) return(1); - if (from->sk == NULL) return(1); - m=sk_CRYPTO_EX_DATA_FUNCS_num(meth); - j=sk_num(from->sk); - for (i=0; idup_func != NULL) - r=mm->dup_func(to,from,(char **)&from_d,i, - mm->argl,mm->argp); - } - CRYPTO_set_ex_data(to,i,from_d); - } - return(1); - } - -/* Call each free callback */ -void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad) - { - CRYPTO_EX_DATA_FUNCS *m; - void *ptr; - int i,max; - - if (meth != NULL) - { - max=sk_CRYPTO_EX_DATA_FUNCS_num(meth); - for (i=0; ifree_func != NULL)) - { - ptr=CRYPTO_get_ex_data(ad,i); - m->free_func(obj,ptr,ad,i,m->argl,m->argp); - } - } - } - if (ad->sk != NULL) - { - sk_free(ad->sk); - ad->sk=NULL; - } - } - -void CRYPTO_new_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad) - { - CRYPTO_EX_DATA_FUNCS *m; - void *ptr; - int i,max; - - ad->sk=NULL; - if (meth != NULL) - { - max=sk_CRYPTO_EX_DATA_FUNCS_num(meth); - for (i=0; inew_func != NULL)) - { - ptr=CRYPTO_get_ex_data(ad,i); - m->new_func(obj,ptr,ad,i,m->argl,m->argp); - } - } - } - } - -IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) diff --git a/AppleCSP/open_ssl/lhash/lhash.c b/AppleCSP/open_ssl/lhash/lhash.c deleted file mode 100644 index 9169be4b..00000000 --- a/AppleCSP/open_ssl/lhash/lhash.c +++ /dev/null @@ -1,479 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/lhash/lhash.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Code for dynamic hash table routines - * Author - Eric Young v 2.0 - * - * 2.2 eay - added #include "crypto.h" so the memory leak checking code is - * present. eay 18-Jun-98 - * - * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 - * - * 2.0 eay - Fixed a bug that occurred when using lh_delete - * from inside lh_doall(). As entries were deleted, - * the 'table' was 'contract()ed', making some entries - * jump from the end of the table to the start, there by - * skipping the lh_doall() processing. eay - 4/12/95 - * - * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs - * were not being free()ed. 21/11/95 - * - * 1.8 eay - Put the stats routines into a separate file, lh_stats.c - * 19/09/95 - * - * 1.7 eay - Removed the fputs() for realloc failures - the code - * should silently tolerate them. I have also fixed things - * lint complained about 04/05/95 - * - * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92 - * - * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992 - * - * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91 - * - * 1.3 eay - Fixed a few lint problems 19/3/1991 - * - * 1.2 eay - Fixed lh_doall problem 13/3/1991 - * - * 1.1 eay - Added lh_doall - * - * 1.0 eay - First version - */ -#include -#include -#include -#include -#include - -const char *lh_version="lhash" OPENSSL_VERSION_PTEXT; - -#undef MIN_NODES -#define MIN_NODES 16 -#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ -#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ - -static void expand(LHASH *lh); -static void contract(LHASH *lh); -static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash); - -LHASH *lh_new(unsigned long (*h)(), int (*c)()) - { - LHASH *ret; - int i; - - if ((ret=(LHASH *)Malloc(sizeof(LHASH))) == NULL) - goto err0; - if ((ret->b=(LHASH_NODE **)Malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) - goto err1; - for (i=0; ib[i]=NULL; - ret->comp=((c == NULL)?(int (*)())strcmp:c); - ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h); - ret->num_nodes=MIN_NODES/2; - ret->num_alloc_nodes=MIN_NODES; - ret->p=0; - ret->pmax=MIN_NODES/2; - ret->up_load=UP_LOAD; - ret->down_load=DOWN_LOAD; - ret->num_items=0; - - ret->num_expands=0; - ret->num_expand_reallocs=0; - ret->num_contracts=0; - ret->num_contract_reallocs=0; - ret->num_hash_calls=0; - ret->num_comp_calls=0; - ret->num_insert=0; - ret->num_replace=0; - ret->num_delete=0; - ret->num_no_delete=0; - ret->num_retrieve=0; - ret->num_retrieve_miss=0; - ret->num_hash_comps=0; - - ret->error=0; - return(ret); -err1: - Free(ret); -err0: - return(NULL); - } - -void lh_free(LHASH *lh) - { - unsigned int i; - LHASH_NODE *n,*nn; - - if (lh == NULL) - return; - - for (i=0; inum_nodes; i++) - { - n=lh->b[i]; - while (n != NULL) - { - nn=n->next; - Free(n); - n=nn; - } - } - Free(lh->b); - Free(lh); - } - -void *lh_insert(LHASH *lh, void *data) - { - unsigned long hash; - LHASH_NODE *nn,**rn; - void *ret; - - lh->error=0; - if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) - expand(lh); - - rn=getrn(lh,data,&hash); - - if (*rn == NULL) - { - if ((nn=(LHASH_NODE *)Malloc(sizeof(LHASH_NODE))) == NULL) - { - lh->error++; - return(NULL); - } - nn->data=data; - nn->next=NULL; -#ifndef NO_HASH_COMP - nn->hash=hash; -#endif - *rn=nn; - ret=NULL; - lh->num_insert++; - lh->num_items++; - } - else /* replace same key */ - { - ret= (*rn)->data; - (*rn)->data=data; - lh->num_replace++; - } - return(ret); - } - -void *lh_delete(LHASH *lh, void *data) - { - unsigned long hash; - LHASH_NODE *nn,**rn; - void *ret; - - lh->error=0; - rn=getrn(lh,data,&hash); - - if (*rn == NULL) - { - lh->num_no_delete++; - return(NULL); - } - else - { - nn= *rn; - *rn=nn->next; - ret=nn->data; - Free(nn); - lh->num_delete++; - } - - lh->num_items--; - if ((lh->num_nodes > MIN_NODES) && - (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) - contract(lh); - - return(ret); - } - -void *lh_retrieve(LHASH *lh, void *data) - { - unsigned long hash; - LHASH_NODE **rn; - void *ret; - - lh->error=0; - rn=getrn(lh,data,&hash); - - if (*rn == NULL) - { - lh->num_retrieve_miss++; - return(NULL); - } - else - { - ret= (*rn)->data; - lh->num_retrieve++; - } - return(ret); - } - -void lh_doall(LHASH *lh, void (*func)()) - { - lh_doall_arg(lh,func,NULL); - } - -void lh_doall_arg(LHASH *lh, void (*func)(), void *arg) - { - int i; - LHASH_NODE *a,*n; - - /* reverse the order so we search from 'top to bottom' - * We were having memory leaks otherwise */ - for (i=lh->num_nodes-1; i>=0; i--) - { - a=lh->b[i]; - while (a != NULL) - { - /* 28/05/91 - eay - n added so items can be deleted - * via lh_doall */ - n=a->next; - func(a->data,arg); - a=n; - } - } - } - -static void expand(LHASH *lh) - { - LHASH_NODE **n,**n1,**n2,*np; - unsigned int p,i,j; - unsigned long hash,nni; - - lh->num_nodes++; - lh->num_expands++; - p=(int)lh->p++; - n1= &(lh->b[p]); - n2= &(lh->b[p+(int)lh->pmax]); - *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni=lh->num_alloc_nodes; - - for (np= *n1; np != NULL; ) - { -#ifndef NO_HASH_COMP - hash=np->hash; -#else - hash=(*(lh->hash))(np->data); - lh->num_hash_calls++; -#endif - if ((hash%nni) != p) - { /* move it */ - *n1= (*n1)->next; - np->next= *n2; - *n2=np; - } - else - n1= &((*n1)->next); - np= *n1; - } - - if ((lh->p) >= lh->pmax) - { - j=(int)lh->num_alloc_nodes*2; - n=(LHASH_NODE **)Realloc(lh->b, - (unsigned int)sizeof(LHASH_NODE *)*j); - if (n == NULL) - { -/* fputs("realloc error in lhash",stderr); */ - lh->error++; - lh->p=0; - return; - } - /* else */ - for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; - lh->num_alloc_nodes=j; - lh->num_expand_reallocs++; - lh->p=0; - lh->b=n; - } - } - -static void contract(LHASH *lh) - { - LHASH_NODE **n,*n1,*np; - - np=lh->b[lh->p+lh->pmax-1]; - lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ - if (lh->p == 0) - { - n=(LHASH_NODE **)Realloc(lh->b, - (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); - if (n == NULL) - { -/* fputs("realloc error in lhash",stderr); */ - lh->error++; - return; - } - lh->num_contract_reallocs++; - lh->num_alloc_nodes/=2; - lh->pmax/=2; - lh->p=lh->pmax-1; - lh->b=n; - } - else - lh->p--; - - lh->num_nodes--; - lh->num_contracts++; - - n1=lh->b[(int)lh->p]; - if (n1 == NULL) - lh->b[(int)lh->p]=np; - else - { - while (n1->next != NULL) - n1=n1->next; - n1->next=np; - } - } - -static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash) - { - LHASH_NODE **ret,*n1; - unsigned long hash,nn; - int (*cf)(); - - hash=(*(lh->hash))(data); - lh->num_hash_calls++; - *rhash=hash; - - nn=hash%lh->pmax; - if (nn < lh->p) - nn=hash%lh->num_alloc_nodes; - - cf=lh->comp; - ret= &(lh->b[(int)nn]); - for (n1= *ret; n1 != NULL; n1=n1->next) - { -#ifndef NO_HASH_COMP - lh->num_hash_comps++; - if (n1->hash != hash) - { - ret= &(n1->next); - continue; - } -#endif - lh->num_comp_calls++; - if ((*cf)(n1->data,data) == 0) - break; - ret= &(n1->next); - } - return(ret); - } - -/* The following hash seems to work very well on normal text strings - * no collisions on /usr/dict/words and it distributes on %2^n quite - * well, not as good as MD5, but still good. - */ -unsigned long lh_strhash(const char *c) - { - unsigned long ret=0; - long n; - unsigned long v; - int r; - - if ((c == NULL) || (*c == '\0')) - return(ret); -/* - unsigned char b[16]; - MD5(c,strlen(c),b); - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); -*/ - - n=0x100; - while (*c) - { - v=n|(*c); - n+=0x100; - r= (int)((v>>2)^v)&0x0f; - ret=(ret<>(32-r)); - ret&=0xFFFFFFFFL; - ret^=v*v; - c++; - } - return((ret>>16)^ret); - } - -unsigned long lh_num_items(LHASH *lh) - { - return lh ? lh->num_items : 0; - } diff --git a/AppleCSP/open_ssl/mem.c b/AppleCSP/open_ssl/mem.c deleted file mode 100644 index fd995d0c..00000000 --- a/AppleCSP/open_ssl/mem.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/mem.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include "cryptlib.h" - - -static int allow_customize = 1; /* we provide flexible functions for */ -static int allow_customize_debug = 1;/* exchanging memory-related functions at - * run-time, but this must be done - * before any blocks are actually - * allocated; or we'll run into huge - * problems when malloc/free pairs - * don't match etc. */ - -/* may be changed as long as `allow_customize' is set */ -static void *(*malloc_locked_func)(size_t) = malloc; -static void (*free_locked_func)(void *) = free; -static void *(*malloc_func)(size_t) = malloc; -static void *(*realloc_func)(void *, size_t)= realloc; -static void (*free_func)(void *) = free; - -/* may be changed as long as `allow_customize_debug' is set */ -/* XXX use correct function pointer types */ -#ifdef CRYPTO_MDEBUG - /* use default functions from mem_dbg.c */ - static void (*malloc_debug_func)()= (void (*)())CRYPTO_dbg_malloc; - static void (*realloc_debug_func)()= (void (*)())CRYPTO_dbg_realloc; - static void (*free_debug_func)()= (void (*)())CRYPTO_dbg_free; - static void (*set_debug_options_func)()= (void (*)())CRYPTO_dbg_set_options; - static long (*get_debug_options_func)()= (long (*)())CRYPTO_dbg_get_options; -#else - /* applications can use CRYPTO_malloc_debug_init() to select above case - * at run-time */ - static void (*malloc_debug_func)()= NULL; - static void (*realloc_debug_func)()= NULL; - static void (*free_debug_func)()= NULL; - static void (*set_debug_options_func)()= NULL; - static long (*get_debug_options_func)()= NULL; -#endif - - -int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), - void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == NULL) || (r == NULL) || (f == NULL)) - return 0; - malloc_func=m; - realloc_func=r; - free_func=f; - malloc_locked_func=m; - free_locked_func=f; - return 1; - } - -int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == NULL) || (f == NULL)) - return 0; - malloc_locked_func=m; - free_locked_func=f; - return 1; - } - -int CRYPTO_set_mem_debug_functions(void (*m)(), void (*r)(), void (*f)(),void (*so)(),long (*go)()) - { - if (!allow_customize_debug) - return 0; - malloc_debug_func=m; - realloc_debug_func=r; - free_debug_func=f; - set_debug_options_func=so; - get_debug_options_func=go; - return 1; - } - -void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), - void (**f)(void *)) - { - if (m != NULL) *m=malloc_func; - if (r != NULL) *r=realloc_func; - if (f != NULL) *f=free_func; - } - -void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) - { - if (m != NULL) *m=malloc_locked_func; - if (f != NULL) *f=free_locked_func; - } - -void CRYPTO_get_mem_debug_functions(void (**m)(), void (**r)(), void (**f)(),void (**so)(),long (**go)()) - { - if (m != NULL) *m=malloc_debug_func; - if (r != NULL) *r=realloc_debug_func; - if (f != NULL) *f=free_debug_func; - if (so != NULL) *so=set_debug_options_func; - if (go != NULL) *go=get_debug_options_func; - } - - -void *CRYPTO_malloc_locked(int num, const char *file, int line) - { - char *ret = NULL; - - allow_customize = 0; - if (malloc_debug_func != NULL) - { - allow_customize_debug = 0; - malloc_debug_func(NULL, num, file, line, 0); - } - ret = malloc_locked_func(num); -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: > 0x%p (%d)\n", ret, num); -#endif - if (malloc_debug_func != NULL) - malloc_debug_func(ret, num, file, line, 1); - - return ret; - } - -void CRYPTO_free_locked(void *str) - { - if (free_debug_func != NULL) - free_debug_func(str, 0); -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: < 0x%p\n", str); -#endif - free_locked_func(str); - if (free_debug_func != NULL) - free_debug_func(NULL, 1); - } - -void *CRYPTO_malloc(int num, const char *file, int line) - { - char *ret = NULL; - - allow_customize = 0; - if (malloc_debug_func != NULL) - { - allow_customize_debug = 0; - malloc_debug_func(NULL, num, file, line, 0); - } - ret = malloc_func(num); -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: > 0x%p (%d)\n", ret, num); -#endif - if (malloc_debug_func != NULL) - malloc_debug_func(ret, num, file, line, 1); - - return ret; - } - -void *CRYPTO_realloc(void *str, int num, const char *file, int line) - { - char *ret = NULL; - - if (realloc_debug_func != NULL) - realloc_debug_func(str, NULL, num, file, line, 0); - ret = realloc_func(str,num); -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: | 0x%p -> 0x%p (%d)\n", str, ret, num); -#endif - if (realloc_debug_func != NULL) - realloc_debug_func(str, ret, num, file, line, 1); - - return ret; - } - -void CRYPTO_free(void *str) - { - if (free_debug_func != NULL) - free_debug_func(str, 0); -#ifdef LEVITTE_DEBUG - fprintf(stderr, "LEVITTE_DEBUG: < 0x%p\n", str); -#endif - free_func(str); - if (free_debug_func != NULL) - free_debug_func(NULL, 1); - } - -void *CRYPTO_remalloc(void *a, int num, const char *file, int line) - { - if (a != NULL) Free(a); - a=(char *)Malloc(num); - return(a); - } - - -void CRYPTO_set_mem_debug_options(long bits) - { - if (set_debug_options_func != NULL) - set_debug_options_func(bits); - } - -long CRYPTO_get_mem_debug_options(void) - { - if (get_debug_options_func != NULL) - return get_debug_options_func(); - return 0; - } diff --git a/AppleCSP/open_ssl/misc/md2_dgst.c b/AppleCSP/open_ssl/misc/md2_dgst.c deleted file mode 100644 index 186be7c1..00000000 --- a/AppleCSP/open_ssl/misc/md2_dgst.c +++ /dev/null @@ -1,223 +0,0 @@ -/* crypto/md2/md2_dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; - -/* Implemented from RFC1319 The MD2 Message-Digest Algorithm - */ - -#define UCHAR unsigned char - -static void md2_block(MD2_CTX *c, const unsigned char *d); -/* The magic S table - I have converted it to hex since it is - * basically just a random byte string. */ -static const MD2_INT S[256]={ - 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, - 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, - 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, - 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, - 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, - 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, - 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, - 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, - 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, - 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, - 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, - 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, - 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, - 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, - 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, - 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, - 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, - 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, - 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, - 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, - 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, - 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, - 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, - 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, - 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, - 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, - 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, - 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, - 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, - 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, - 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, - 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, - }; - -const char *MD2_options(void) - { - if (sizeof(MD2_INT) == 1) - return("md2(char)"); - else - return("md2(int)"); - } - -void MD2_Init(MD2_CTX *c) - { - c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); - } - -void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) - { - register UCHAR *p; - - if (len == 0) return; - - p=c->data; - if (c->num != 0) - { - if ((c->num+len) >= MD2_BLOCK) - { - memcpy(&(p[c->num]),data,MD2_BLOCK-c->num); - md2_block(c,c->data); - data+=(MD2_BLOCK - c->num); - len-=(MD2_BLOCK - c->num); - c->num=0; - /* drop through and do the rest */ - } - else - { - memcpy(&(p[c->num]),data,(int)len); - /* data+=len; */ - c->num+=(int)len; - return; - } - } - /* we now can process the input data in blocks of MD2_BLOCK - * chars and save the leftovers to c->data. */ - while (len >= MD2_BLOCK) - { - md2_block(c,data); - data+=MD2_BLOCK; - len-=MD2_BLOCK; - } - memcpy(p,data,(int)len); - c->num=(int)len; - } - -static void md2_block(MD2_CTX *c, const unsigned char *d) - { - register MD2_INT t,*sp1,*sp2; - register int i,j; - MD2_INT state[48]; - - sp1=c->state; - sp2=c->cksm; - j=sp2[MD2_BLOCK-1]; - for (i=0; i<16; i++) - { - state[i]=sp1[i]; - state[i+16]=t=d[i]; - state[i+32]=(t^sp1[i]); - j=sp2[i]^=S[t^j]; - } - t=0; - for (i=0; i<18; i++) - { - for (j=0; j<48; j+=8) - { - t= state[j+ 0]^=S[t]; - t= state[j+ 1]^=S[t]; - t= state[j+ 2]^=S[t]; - t= state[j+ 3]^=S[t]; - t= state[j+ 4]^=S[t]; - t= state[j+ 5]^=S[t]; - t= state[j+ 6]^=S[t]; - t= state[j+ 7]^=S[t]; - } - t=(t+i)&0xff; - } - memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); - } - -void MD2_Final(unsigned char *md, MD2_CTX *c) - { - int i,v; - register UCHAR *cp; - register MD2_INT *p1,*p2; - - cp=c->data; - p1=c->state; - p2=c->cksm; - v=MD2_BLOCK-c->num; - for (i=c->num; i -#include "rc2_locl.h" - -#ifndef _OPENSSL_APPLE_CDSA_ - -void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, int encrypt) - { - register unsigned long tin0,tin1; - register unsigned long tout0,tout1,xor0,xor1; - register long l=length; - unsigned long tin[2]; - - if (encrypt) - { - c2l(iv,tout0); - c2l(iv,tout1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - RC2_encrypt(tin,ks); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - if (l != -8) - { - c2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - RC2_encrypt(tin,ks); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - l2c(tout0,iv); - l2c(tout1,iv); - } - else - { - c2l(iv,xor0); - c2l(iv,xor1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - RC2_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2c(tout0,out); - l2c(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - RC2_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2cn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2c(xor0,iv); - l2c(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif /* _OPENSSL_APPLE_CDSA_ */ - -#ifdef _OPENSSL_APPLE_CDSA_ -void RC2_encrypt(RC2_INT *d, RC2_KEY *key) -#else -void RC2_encrypt(unsigned long *d, RC2_KEY *key) -#endif - { - int i,n; - register RC2_INT *p0,*p1; - register RC2_INT x0,x1,x2,x3,t; - unsigned long l; - - l=d[0]; - x0=(RC2_INT)l&0xffff; - x1=(RC2_INT)(l>>16L); - l=d[1]; - x2=(RC2_INT)l&0xffff; - x3=(RC2_INT)(l>>16L); - - n=3; - i=5; - - p0=p1= &(key->data[0]); - for (;;) - { - t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; - x0=(t<<1)|(t>>15); - t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; - x1=(t<<2)|(t>>14); - t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; - x2=(t<<3)|(t>>13); - t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; - x3=(t<<5)|(t>>11); - - if (--i == 0) - { - if (--n == 0) break; - i=(n == 2)?6:5; - - x0+=p1[x3&0x3f]; - x1+=p1[x0&0x3f]; - x2+=p1[x1&0x3f]; - x3+=p1[x2&0x3f]; - } - } - - d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); - d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); - } - -#ifdef _OPENSSL_APPLE_CDSA_ -void RC2_decrypt(RC2_INT *d, RC2_KEY *key) -#else -void RC2_decrypt(unsigned long *d, RC2_KEY *key) -#endif - { - int i,n; - register RC2_INT *p0,*p1; - register RC2_INT x0,x1,x2,x3,t; - unsigned long l; - - l=d[0]; - x0=(RC2_INT)l&0xffff; - x1=(RC2_INT)(l>>16L); - l=d[1]; - x2=(RC2_INT)l&0xffff; - x3=(RC2_INT)(l>>16L); - - n=3; - i=5; - - p0= &(key->data[63]); - p1= &(key->data[0]); - for (;;) - { - t=((x3<<11)|(x3>>5))&0xffff; - x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff; - t=((x2<<13)|(x2>>3))&0xffff; - x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff; - t=((x1<<14)|(x1>>2))&0xffff; - x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff; - t=((x0<<15)|(x0>>1))&0xffff; - x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff; - - if (--i == 0) - { - if (--n == 0) break; - i=(n == 2)?6:5; - - x3=(x3-p1[x2&0x3f])&0xffff; - x2=(x2-p1[x1&0x3f])&0xffff; - x1=(x1-p1[x0&0x3f])&0xffff; - x0=(x0-p1[x3&0x3f])&0xffff; - } - } - - d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); - d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); - } - diff --git a/AppleCSP/open_ssl/misc/rc2_locl.h b/AppleCSP/open_ssl/misc/rc2_locl.h deleted file mode 100644 index 6b66202b..00000000 --- a/AppleCSP/open_ssl/misc/rc2_locl.h +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc2/rc2_locl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define C_RC2(n) \ - t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ - x0=(t<<1)|(t>>15); \ - t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ - x1=(t<<2)|(t>>14); \ - t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ - x2=(t<<3)|(t>>13); \ - t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ - x3=(t<<5)|(t>>11); - diff --git a/AppleCSP/open_ssl/misc/rc2_skey.c b/AppleCSP/open_ssl/misc/rc2_skey.c deleted file mode 100644 index ea73fb6a..00000000 --- a/AppleCSP/open_ssl/misc/rc2_skey.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc2/rc2_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "rc2_locl.h" - -static const unsigned char key_table[256]={ - 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, - 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, - 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, - 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32, - 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22, - 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c, - 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f, - 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26, - 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b, - 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7, - 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde, - 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a, - 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e, - 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc, - 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85, - 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31, - 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10, - 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c, - 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b, - 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e, - 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68, - 0xfe,0x7f,0xc1,0xad, - }; - -/* It has come to my attention that there are 2 versions of the RC2 - * key schedule. One which is normal, and anther which has a hook to - * use a reduced key length. - * BSAFE uses the 'retarded' version. What I previously shipped is - * the same as specifying 1024 for the 'bits' parameter. Bsafe uses - * a version where the bits parameter is the same as len*8 */ -void RC2_set_key(RC2_KEY *key, int len, unsigned char *data, int bits) - { - int i,j; - unsigned char *k; - RC2_INT *ki; - unsigned int c,d; - - k= (unsigned char *)&(key->data[0]); - *k=0; /* for if there is a zero length key */ - - if (len > 128) len=128; - if (bits <= 0) bits=1024; - if (bits > 1024) bits=1024; - - for (i=0; i>3; - i=128-j; - c= (0xff>>(-bits & 0x07)); - - d=key_table[k[i]&c]; - k[i]=d; - while (i--) - { - d=key_table[k[i+j]^d]; - k[i]=d; - } - - /* copy from bytes into RC2_INT's */ - ki= &(key->data[63]); - for (i=127; i>=0; i-=2) - *(ki--)=((k[i]<<8)|k[i-1])&0xffff; - } - diff --git a/AppleCSP/open_ssl/misc/rc4_enc.c b/AppleCSP/open_ssl/misc/rc4_enc.c deleted file mode 100644 index 55c710bf..00000000 --- a/AppleCSP/open_ssl/misc/rc4_enc.c +++ /dev/null @@ -1,332 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc4/rc4_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -/* RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) - * Subject: RC4 Algorithm revealed. - * Message-ID: - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, - unsigned char *outdata) - { - register RC4_INT *d; - register RC4_INT x,y,tx,ty; - int i; - - x=key->x; - y=key->y; - d=key->data; - -#if defined(RC4_CHUNK) - /* - * The original reason for implementing this(*) was the fact that - * pre-21164a Alpha CPUs don't have byte load/store instructions - * and e.g. a byte store has to be done with 64-bit load, shift, - * and, or and finally 64-bit store. Peaking data and operating - * at natural word size made it possible to reduce amount of - * instructions as well as to perform early read-ahead without - * suffering from RAW (read-after-write) hazard. This resulted - * in ~40%(**) performance improvement on 21064 box with gcc. - * But it's not only Alpha users who win here:-) Thanks to the - * early-n-wide read-ahead this implementation also exhibits - * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending - * on sizeof(RC4_INT)). - * - * (*) "this" means code which recognizes the case when input - * and output pointers appear to be aligned at natural CPU - * word boundary - * (**) i.e. according to 'apps/openssl speed rc4' benchmark, - * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... - * - * Cavets. - * - * - RC4_CHUNK="unsigned long long" should be a #1 choice for - * UltraSPARC. Unfortunately gcc generates very slow code - * (2.5-3 times slower than one generated by Sun's WorkShop - * C) and therefore gcc (at least 2.95 and earlier) should - * always be told that RC4_CHUNK="unsigned long". - * - * - */ - -# define RC4_STEP ( \ - x=(x+1) &0xff, \ - tx=d[x], \ - y=(tx+y)&0xff, \ - ty=d[y], \ - d[y]=tx, \ - d[x]=ty, \ - (RC4_CHUNK)d[(tx+ty)&0xff]\ - ) - - if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | - ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) - { - RC4_CHUNK ichunk,otp; - const union { long one; char little; } is_endian = {1}; - - /* - * I reckon we can afford to implement both endian - * cases and to decide which way to take at run-time - * because the machine code appears to be very compact - * and redundant 1-2KB is perfectly tolerable (i.e. - * in case the compiler fails to eliminate it:-). By - * suggestion from Terrel Larson - * who also stands for the is_endian union:-) - * - * Special notes. - * - * - is_endian is declared automatic as doing otherwise - * (declaring static) prevents gcc from eliminating - * the redundant code; - * - compilers (those I've tried) don't seem to have - * problems eliminating either the operators guarded - * by "if (sizeof(RC4_CHUNK)==8)" or the condition - * expressions themselves so I've got 'em to replace - * corresponding #ifdefs from the previous version; - * - I chose to let the redundant switch cases when - * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed - * before); - * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in - * [LB]ESHFT guards against "shift is out of range" - * warnings when sizeof(RC4_CHUNK)!=8 - * - * - */ - if (!is_endian.little) - { /* BIG-ENDIAN CASE */ -# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) - { - ichunk = *(RC4_CHUNK *)indata; - otp = RC4_STEP<x=x; - key->y=y; - return; - } /* big-endian */ - else - { /* LITTLE-ENDIAN CASE */ -# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) - { - ichunk = *(RC4_CHUNK *)indata; - otp = RC4_STEP; - otp |= RC4_STEP<<8; - otp |= RC4_STEP<<16; - otp |= RC4_STEP<<24; - if (sizeof(RC4_CHUNK)==8) - { - otp |= RC4_STEP<>= (sizeof(RC4_CHUNK)-len)<<3; - switch (len&(sizeof(RC4_CHUNK)-1)) - { - case 7: otp = RC4_STEP, i+=8; - case 6: otp |= RC4_STEP<x=x; - key->y=y; - return; - } /* little-endian */ - } -#endif -#define LOOP(in,out) \ - x=((x+1)&0xff); \ - tx=d[x]; \ - y=(tx+y)&0xff; \ - d[x]=ty=d[y]; \ - d[y]=tx; \ - (out) = d[(tx+ty)&0xff]^ (in); - -#ifndef RC4_INDEX -#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) -#else -#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) -#endif - - i=(int)(len>>3L); - if (i) - { - for (;;) - { - RC4_LOOP(indata,outdata,0); - RC4_LOOP(indata,outdata,1); - RC4_LOOP(indata,outdata,2); - RC4_LOOP(indata,outdata,3); - RC4_LOOP(indata,outdata,4); - RC4_LOOP(indata,outdata,5); - RC4_LOOP(indata,outdata,6); - RC4_LOOP(indata,outdata,7); -#ifdef RC4_INDEX - indata+=8; - outdata+=8; -#endif - if (--i == 0) break; - } - } - i=(int)len&0x07; - if (i) - { - for (;;) - { - RC4_LOOP(indata,outdata,0); if (--i == 0) break; - RC4_LOOP(indata,outdata,1); if (--i == 0) break; - RC4_LOOP(indata,outdata,2); if (--i == 0) break; - RC4_LOOP(indata,outdata,3); if (--i == 0) break; - RC4_LOOP(indata,outdata,4); if (--i == 0) break; - RC4_LOOP(indata,outdata,5); if (--i == 0) break; - RC4_LOOP(indata,outdata,6); if (--i == 0) break; - } - } - key->x=x; - key->y=y; - } diff --git a/AppleCSP/open_ssl/misc/rc4_skey.c b/AppleCSP/open_ssl/misc/rc4_skey.c deleted file mode 100644 index c5eba017..00000000 --- a/AppleCSP/open_ssl/misc/rc4_skey.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc4/rc4_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#ifndef _OPENSSL_APPLE_CDSA_ - -#include "rc4_locl.h" -#include - -const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT; - -const char *RC4_options(void) - { -#ifdef RC4_INDEX - if (sizeof(RC4_INT) == 1) - return("rc4(idx,char)"); - else - return("rc4(idx,int)"); -#else - if (sizeof(RC4_INT) == 1) - return("rc4(ptr,char)"); - else - return("rc4(ptr,int)"); -#endif - } - -#endif /* _OPENSSL_APPLE_CDSA_*/ - -/* RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) - * Subject: RC4 Algorithm revealed. - * Message-ID: - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) - { - register RC4_INT tmp; - register int id1,id2; - register RC4_INT *d; - unsigned int i; - - d= &(key->data[0]); - for (i=0; i<256; i++) - d[i]=i; - key->x = 0; - key->y = 0; - id1=id2=0; - -#define SK_LOOP(n) { \ - tmp=d[(n)]; \ - id2 = (data[id1] + tmp + id2) & 0xff; \ - if (++id1 == len) id1=0; \ - d[(n)]=d[id2]; \ - d[id2]=tmp; } - - for (i=0; i < 256; i+=4) - { - SK_LOOP(i+0); - SK_LOOP(i+1); - SK_LOOP(i+2); - SK_LOOP(i+3); - } - } - diff --git a/AppleCSP/open_ssl/misc/rc5_enc.c b/AppleCSP/open_ssl/misc/rc5_enc.c deleted file mode 100644 index 630e5eac..00000000 --- a/AppleCSP/open_ssl/misc/rc5_enc.c +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc5/rc5_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "rc5_locl.h" - -#ifndef _OPENSSL_APPLE_CDSA_ -void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length, - RC5_32_KEY *ks, unsigned char *iv, int encrypt) - { - register unsigned long tin0,tin1; - register unsigned long tout0,tout1,xor0,xor1; - register long l=length; - unsigned long tin[2]; - - if (encrypt) - { - c2l(iv,tout0); - c2l(iv,tout1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - RC5_32_encrypt(tin,ks); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - if (l != -8) - { - c2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - RC5_32_encrypt(tin,ks); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - l2c(tout0,iv); - l2c(tout1,iv); - } - else - { - c2l(iv,xor0); - c2l(iv,xor1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - RC5_32_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2c(tout0,out); - l2c(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - RC5_32_decrypt(tin,ks); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2cn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2c(xor0,iv); - l2c(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif - -#ifdef _OPENSSL_APPLE_CDSA_ -void RC5_32_encrypt(RC5_32_INT *d, RC5_32_KEY *key) -#else -void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key) -#endif /* _OPENSSL_APPLE_CDSA_ */ - { - RC5_32_INT a,b,*s; - - s=key->data; - - a=d[0]+s[0]; - b=d[1]+s[1]; - E_RC5_32(a,b,s, 2); - E_RC5_32(a,b,s, 4); - E_RC5_32(a,b,s, 6); - E_RC5_32(a,b,s, 8); - E_RC5_32(a,b,s,10); - E_RC5_32(a,b,s,12); - E_RC5_32(a,b,s,14); - E_RC5_32(a,b,s,16); - if (key->rounds == 12) - { - E_RC5_32(a,b,s,18); - E_RC5_32(a,b,s,20); - E_RC5_32(a,b,s,22); - E_RC5_32(a,b,s,24); - } - else if (key->rounds == 16) - { - /* Do a full expansion to avoid a jump */ - E_RC5_32(a,b,s,18); - E_RC5_32(a,b,s,20); - E_RC5_32(a,b,s,22); - E_RC5_32(a,b,s,24); - E_RC5_32(a,b,s,26); - E_RC5_32(a,b,s,28); - E_RC5_32(a,b,s,30); - E_RC5_32(a,b,s,32); - } - d[0]=a; - d[1]=b; - } - -#ifdef _OPENSSL_APPLE_CDSA_ -void RC5_32_decrypt(RC5_32_INT *d, RC5_32_KEY *key) -#else -void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key) -#endif /* _OPENSSL_APPLE_CDSA_*/ - { - RC5_32_INT a,b,*s; - - s=key->data; - - a=d[0]; - b=d[1]; - if (key->rounds == 16) - { - D_RC5_32(a,b,s,32); - D_RC5_32(a,b,s,30); - D_RC5_32(a,b,s,28); - D_RC5_32(a,b,s,26); - /* Do a full expansion to avoid a jump */ - D_RC5_32(a,b,s,24); - D_RC5_32(a,b,s,22); - D_RC5_32(a,b,s,20); - D_RC5_32(a,b,s,18); - } - else if (key->rounds == 12) - { - D_RC5_32(a,b,s,24); - D_RC5_32(a,b,s,22); - D_RC5_32(a,b,s,20); - D_RC5_32(a,b,s,18); - } - D_RC5_32(a,b,s,16); - D_RC5_32(a,b,s,14); - D_RC5_32(a,b,s,12); - D_RC5_32(a,b,s,10); - D_RC5_32(a,b,s, 8); - D_RC5_32(a,b,s, 6); - D_RC5_32(a,b,s, 4); - D_RC5_32(a,b,s, 2); - d[0]=a-s[0]; - d[1]=b-s[1]; - } - diff --git a/AppleCSP/open_ssl/misc/rc5_locl.h b/AppleCSP/open_ssl/misc/rc5_locl.h deleted file mode 100644 index 2c45d85d..00000000 --- a/AppleCSP/open_ssl/misc/rc5_locl.h +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc5/rc5_locl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#if defined(WIN32) && defined(_MSC_VER) -#define ROTATE_l32(a,n) _lrotl(a,n) -#define ROTATE_r32(a,n) _lrotr(a,n) -#else -#define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f)))) -#define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f))) -#endif - -#define RC5_32_MASK 0xffffffffL - -#define RC5_16_P 0xB7E1 -#define RC5_16_Q 0x9E37 -#define RC5_32_P 0xB7E15163L -#define RC5_32_Q 0x9E3779B9L -#define RC5_64_P 0xB7E151628AED2A6BLL -#define RC5_64_Q 0x9E3779B97F4A7C15LL - -#define E_RC5_32(a,b,s,n) \ - a^=b; \ - a=ROTATE_l32(a,b); \ - a+=s[n]; \ - a&=RC5_32_MASK; \ - b^=a; \ - b=ROTATE_l32(b,a); \ - b+=s[n+1]; \ - b&=RC5_32_MASK; - -#define D_RC5_32(a,b,s,n) \ - b-=s[n+1]; \ - b&=RC5_32_MASK; \ - b=ROTATE_r32(b,a); \ - b^=a; \ - a-=s[n]; \ - a&=RC5_32_MASK; \ - a=ROTATE_r32(a,b); \ - a^=b; - - - diff --git a/AppleCSP/open_ssl/misc/rc5_skey.c b/AppleCSP/open_ssl/misc/rc5_skey.c deleted file mode 100644 index f1aad501..00000000 --- a/AppleCSP/open_ssl/misc/rc5_skey.c +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc5/rc5_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "rc5_locl.h" - -void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data, - int rounds) - { - RC5_32_INT L[64],l,ll,A,B,*S,k; - int i,j,m,c,t,ii,jj; - - if ( (rounds != RC5_16_ROUNDS) && - (rounds != RC5_12_ROUNDS) && - (rounds != RC5_8_ROUNDS)) - rounds=RC5_16_ROUNDS; - - key->rounds=rounds; - S= &(key->data[0]); - j=0; - for (i=0; i<=(len-8); i+=8) - { - c2l(data,l); - L[j++]=l; - c2l(data,l); - L[j++]=l; - } - ii=len-i; - if (ii) - { - k=len&0x07; - c2ln(data,l,ll,k); - L[j+0]=l; - L[j+1]=ll; - } - - c=(len+3)/4; - t=(rounds+1)*2; - S[0]=RC5_32_P; - for (i=1; ic)?t:c; - j*=3; - ii=jj=0; - A=B=0; - for (i=0; i= t) ii=0; - if (++jj >= c) jj=0; - } - } - diff --git a/AppleCSP/open_ssl/openssl/asn1.h b/AppleCSP/open_ssl/openssl/asn1.h deleted file mode 100644 index 021405ca..00000000 --- a/AppleCSP/open_ssl/openssl/asn1.h +++ /dev/null @@ -1,1085 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/asn1/asn1.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ASN1_H -#define HEADER_ASN1_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include -#include - -#ifdef VMS -#include -#endif - -#define V_ASN1_UNIVERSAL 0x00 -#define V_ASN1_APPLICATION 0x40 -#define V_ASN1_CONTEXT_SPECIFIC 0x80 -#define V_ASN1_PRIVATE 0xc0 - -#define V_ASN1_CONSTRUCTED 0x20 -#define V_ASN1_PRIMITIVE_TAG 0x1f -#define V_ASN1_PRIMATIVE_TAG 0x1f - -#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ - -#define V_ASN1_UNDEF -1 -#define V_ASN1_EOC 0 -#define V_ASN1_BOOLEAN 1 /**/ -#define V_ASN1_INTEGER 2 -#define V_ASN1_NEG_INTEGER (2+0x100) -#define V_ASN1_BIT_STRING 3 -#define V_ASN1_OCTET_STRING 4 -#define V_ASN1_NULL 5 -#define V_ASN1_OBJECT 6 -#define V_ASN1_OBJECT_DESCRIPTOR 7 -#define V_ASN1_EXTERNAL 8 -#define V_ASN1_REAL 9 -#define V_ASN1_ENUMERATED 10 -#define V_ASN1_NEG_ENUMERATED (10+0x100) -#define V_ASN1_UTF8STRING 12 -#define V_ASN1_SEQUENCE 16 -#define V_ASN1_SET 17 -#define V_ASN1_NUMERICSTRING 18 /**/ -#define V_ASN1_PRINTABLESTRING 19 -#define V_ASN1_T61STRING 20 -#define V_ASN1_TELETEXSTRING 20 /* alias */ -#define V_ASN1_VIDEOTEXSTRING 21 /**/ -#define V_ASN1_IA5STRING 22 -#define V_ASN1_UTCTIME 23 -#define V_ASN1_GENERALIZEDTIME 24 /**/ -#define V_ASN1_GRAPHICSTRING 25 /**/ -#define V_ASN1_ISO64STRING 26 /**/ -#define V_ASN1_VISIBLESTRING 26 /* alias */ -#define V_ASN1_GENERALSTRING 27 /**/ -#define V_ASN1_UNIVERSALSTRING 28 /**/ -#define V_ASN1_BMPSTRING 30 - -/* For use with d2i_ASN1_type_bytes() */ -#define B_ASN1_NUMERICSTRING 0x0001 -#define B_ASN1_PRINTABLESTRING 0x0002 -#define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 -#define B_ASN1_VIDEOTEXSTRING 0x0008 -#define B_ASN1_IA5STRING 0x0010 -#define B_ASN1_GRAPHICSTRING 0x0020 -#define B_ASN1_ISO64STRING 0x0040 -#define B_ASN1_VISIBLESTRING 0x0040 -#define B_ASN1_GENERALSTRING 0x0080 -#define B_ASN1_UNIVERSALSTRING 0x0100 -#define B_ASN1_OCTET_STRING 0x0200 -#define B_ASN1_BIT_STRING 0x0400 -#define B_ASN1_BMPSTRING 0x0800 -#define B_ASN1_UNKNOWN 0x1000 -#define B_ASN1_UTF8STRING 0x2000 - -/* For use with ASN1_mbstring_copy() */ -#define MBSTRING_FLAG 0x1000 -#define MBSTRING_ASC (MBSTRING_FLAG|1) -#define MBSTRING_BMP (MBSTRING_FLAG|2) -#define MBSTRING_UNIV (MBSTRING_FLAG|3) -#define MBSTRING_UTF8 (MBSTRING_FLAG|4) - -#define DECLARE_ASN1_SET_OF(type) \ -int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ - int (*func)(type *,unsigned char **), int ex_tag, \ - int ex_class, int is_set); \ -STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ - long length, \ - type *(*func)(type **, \ - unsigned char **,long), \ - void (*free_func)(type *), \ - int ex_tag,int ex_class); - -#define IMPLEMENT_ASN1_SET_OF(type) \ -int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ - int (*func)(type *,unsigned char **), int ex_tag, \ - int ex_class, int is_set) \ - { return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \ -STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ - long length, \ - type *(*func)(type **, \ - unsigned char **,long), \ - void (*free_func)(type *), \ - int ex_tag,int ex_class) \ - { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \ - (char *(*)())func, \ - (void (*)())free_func, \ - ex_tag,ex_class); } - -typedef struct asn1_ctx_st - { - unsigned char *p;/* work char pointer */ - int eos; /* end of sequence read for indefinite encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - unsigned char *max; /* largest value of p allowed */ - unsigned char *q;/* temporary variable */ - unsigned char **pp;/* variable */ - int line; /* used in error processing */ - } ASN1_CTX; - -/* These are used internally in the ASN1_OBJECT to keep track of - * whether the names and data need to be free()ed */ -#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ -#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ -#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ -#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ -typedef struct asn1_object_st - { - const char *sn,*ln; - int nid; - int length; - unsigned char *data; - int flags; /* Should we free this one */ - } ASN1_OBJECT; - -#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ -/* This is the base type that holds just about everything :-) */ -typedef struct asn1_string_st - { - int length; - int type; - unsigned char *data; - /* The value of the following field depends on the type being - * held. It is mostly being used for BIT_STRING so if the - * input data has a non-zero 'unused bits' value, it will be - * handled correctly */ - long flags; - } ASN1_STRING; - -#define STABLE_FLAGS_MALLOC 0x01 -#define STABLE_NO_MASK 0x02 -#define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) -#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) - -typedef struct asn1_string_table_st { - int nid; - long minsize; - long maxsize; - unsigned long mask; - unsigned long flags; -} ASN1_STRING_TABLE; - -DECLARE_STACK_OF(ASN1_STRING_TABLE) - -/* size limits: this stuff is taken straight from RFC2459 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 - -#ifdef NO_ASN1_TYPEDEFS -#define ASN1_INTEGER ASN1_STRING -#define ASN1_ENUMERATED ASN1_STRING -#define ASN1_BIT_STRING ASN1_STRING -#define ASN1_OCTET_STRING ASN1_STRING -#define ASN1_PRINTABLESTRING ASN1_STRING -#define ASN1_T61STRING ASN1_STRING -#define ASN1_IA5STRING ASN1_STRING -#define ASN1_UTCTIME ASN1_STRING -#define ASN1_GENERALIZEDTIME ASN1_STRING -#define ASN1_TIME ASN1_STRING -#define ASN1_GENERALSTRING ASN1_STRING -#define ASN1_UNIVERSALSTRING ASN1_STRING -#define ASN1_BMPSTRING ASN1_STRING -#define ASN1_VISIBLESTRING ASN1_STRING -#define ASN1_UTF8STRING ASN1_STRING -#else -typedef struct asn1_string_st ASN1_INTEGER; -typedef struct asn1_string_st ASN1_ENUMERATED; -typedef struct asn1_string_st ASN1_BIT_STRING; -typedef struct asn1_string_st ASN1_OCTET_STRING; -typedef struct asn1_string_st ASN1_PRINTABLESTRING; -typedef struct asn1_string_st ASN1_T61STRING; -typedef struct asn1_string_st ASN1_IA5STRING; -typedef struct asn1_string_st ASN1_GENERALSTRING; -typedef struct asn1_string_st ASN1_UNIVERSALSTRING; -typedef struct asn1_string_st ASN1_BMPSTRING; -typedef struct asn1_string_st ASN1_UTCTIME; -typedef struct asn1_string_st ASN1_TIME; -typedef struct asn1_string_st ASN1_GENERALIZEDTIME; -typedef struct asn1_string_st ASN1_VISIBLESTRING; -typedef struct asn1_string_st ASN1_UTF8STRING; -#endif - -typedef int ASN1_NULL; - -typedef struct asn1_type_st - { - int type; - union { - char *ptr; - ASN1_STRING * asn1_string; - ASN1_OBJECT * object; - ASN1_INTEGER * integer; - ASN1_ENUMERATED * enumerated; - ASN1_BIT_STRING * bit_string; - ASN1_OCTET_STRING * octet_string; - ASN1_PRINTABLESTRING * printablestring; - ASN1_T61STRING * t61string; - ASN1_IA5STRING * ia5string; - ASN1_GENERALSTRING * generalstring; - ASN1_BMPSTRING * bmpstring; - ASN1_UNIVERSALSTRING * universalstring; - ASN1_UTCTIME * utctime; - ASN1_GENERALIZEDTIME * generalizedtime; - ASN1_VISIBLESTRING * visiblestring; - ASN1_UTF8STRING * utf8string; - /* set and sequence are left complete and still - * contain the set or sequence bytes */ - ASN1_STRING * set; - ASN1_STRING * sequence; - } value; - } ASN1_TYPE; - -DECLARE_STACK_OF(ASN1_TYPE) -DECLARE_ASN1_SET_OF(ASN1_TYPE) - -typedef struct asn1_method_st - { - int (*i2d)(); - char *(*d2i)(); - char *(*create)(); - void (*destroy)(); - } ASN1_METHOD; - -/* This is used when parsing some Netscape objects */ -typedef struct asn1_header_st - { - ASN1_OCTET_STRING *header; - char *data; - ASN1_METHOD *meth; - } ASN1_HEADER; - -/* This is used to contain a list of bit names */ -typedef struct BIT_STRING_BITNAME_st { - int bitnum; - const char *lname; - const char *sname; -} BIT_STRING_BITNAME; - - -#define M_ASN1_STRING_length(x) ((x)->length) -#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) -#define M_ASN1_STRING_type(x) ((x)->type) -#define M_ASN1_STRING_data(x) ((x)->data) - -/* Macros for string operations */ -#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ - ASN1_STRING_type_new(V_ASN1_BIT_STRING) -#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) -#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) - -#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ - ASN1_STRING_type_new(V_ASN1_INTEGER) -#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) - -#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ - ASN1_STRING_type_new(V_ASN1_ENUMERATED) -#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) - -#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ - ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) -#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) -#define M_i2d_ASN1_OCTET_STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ - V_ASN1_UNIVERSAL) - -#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_T61STRING| \ - B_ASN1_IA5STRING| \ - B_ASN1_BIT_STRING| \ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING|\ - B_ASN1_UNKNOWN) - -#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_DIRECTORYSTRING(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_TELETEXSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_UTF8STRING) - -#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_DISPLAYTEXT(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_VISIBLESTRING| \ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING) - -#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ - (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) - -#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ - ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_T61STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_T61STRING(a,pp,l) \ - (ASN1_T61STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) - -#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ - ASN1_STRING_type_new(V_ASN1_IA5STRING) -#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_i2d_ASN1_IA5STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_IA5STRING(a,pp,l) \ - (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ - B_ASN1_IA5STRING) - -#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) - -#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ - ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (ASN1_STRING *)a) - -#define M_ASN1_TIME_new() (ASN1_TIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) - -#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_GENERALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ - (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) - -#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ - (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) - -#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ - ASN1_STRING_type_new(V_ASN1_BMPSTRING) -#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_BMPSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ - (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) - -#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ - (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) - -#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ - ASN1_STRING_type_new(V_ASN1_UTF8STRING) -#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_UTF8STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ - (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) - - /* for the is_set parameter to i2d_ASN1_SET */ -#define IS_SEQUENCE 0 -#define IS_SET 1 - -ASN1_TYPE * ASN1_TYPE_new(void ); -void ASN1_TYPE_free(ASN1_TYPE *a); -int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp); -ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length); -int ASN1_TYPE_get(ASN1_TYPE *a); -void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); - -ASN1_OBJECT * ASN1_OBJECT_new(void ); -void ASN1_OBJECT_free(ASN1_OBJECT *a); -int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); -ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, - long length); - -DECLARE_STACK_OF(ASN1_OBJECT) -DECLARE_ASN1_SET_OF(ASN1_OBJECT) - -ASN1_STRING * ASN1_STRING_new(void); -void ASN1_STRING_free(ASN1_STRING *a); -ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); -ASN1_STRING * ASN1_STRING_type_new(int type ); -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); - /* Since this is used to store all sorts of things, via macros, for now, make - its data void * */ -int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -int ASN1_STRING_length(ASN1_STRING *x); -void ASN1_STRING_length_set(ASN1_STRING *x, int n); -int ASN1_STRING_type(ASN1_STRING *x); -unsigned char * ASN1_STRING_data(ASN1_STRING *x); - -ASN1_BIT_STRING * ASN1_BIT_STRING_new(void); -void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); -int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); -ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, - long length); -int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, - int length ); -int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); - -#ifdef HEADER_BIO_H -int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); -#endif -int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); -int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, - BIT_STRING_BITNAME *tbl); - -int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); - -ASN1_INTEGER * ASN1_INTEGER_new(void); -void ASN1_INTEGER_free(ASN1_INTEGER *a); -int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); -ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, - long length); -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, - long length); -ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); - -ASN1_ENUMERATED * ASN1_ENUMERATED_new(void); -void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a); -int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp); -ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp, - long length); - -int ASN1_UTCTIME_check(ASN1_UTCTIME *a); -ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); - -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); -ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); - -ASN1_OCTET_STRING * ASN1_OCTET_STRING_new(void); -void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a); -int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp); -ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, - unsigned char **pp,long length); -ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); - -ASN1_VISIBLESTRING * ASN1_VISIBLESTRING_new(void); -void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a); -int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp); -ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, - unsigned char **pp,long length); - -ASN1_UTF8STRING * ASN1_UTF8STRING_new(void); -void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a); -int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp); -ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, - unsigned char **pp,long length); - -ASN1_NULL * ASN1_NULL_new(void); -void ASN1_NULL_free(ASN1_NULL *a); -int i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp); -ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length); - -ASN1_BMPSTRING * ASN1_BMPSTRING_new(void); -void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a); -int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp); -ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp, - long length); - - -int UTF8_getc(const unsigned char *str, int len, unsigned long *val); -int UTF8_putc(unsigned char *str, int len, unsigned long value); - -int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp); -ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, - unsigned char **pp, long l); - -ASN1_PRINTABLESTRING * ASN1_PRINTABLESTRING_new(void); -void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a); -ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, - unsigned char **pp, long l); -int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp); - -ASN1_STRING * DIRECTORYSTRING_new(void); -void DIRECTORYSTRING_free(ASN1_STRING *a); -int i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp); -ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp, - long length); - -ASN1_STRING * DISPLAYTEXT_new(void); -void DISPLAYTEXT_free(ASN1_STRING *a); -int i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp); -ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length); - -ASN1_T61STRING * ASN1_T61STRING_new(void); -void ASN1_T61STRING_free(ASN1_IA5STRING *a); -ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, - unsigned char **pp, long l); - -ASN1_IA5STRING * ASN1_IA5STRING_new(void); -void ASN1_IA5STRING_free(ASN1_IA5STRING *a); -int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp); -ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, - unsigned char **pp, long l); - -ASN1_UTCTIME * ASN1_UTCTIME_new(void); -void ASN1_UTCTIME_free(ASN1_UTCTIME *a); -int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp); -ASN1_UTCTIME * d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp, - long length); - -ASN1_GENERALIZEDTIME * ASN1_GENERALIZEDTIME_new(void); -void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a); -int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp); -ASN1_GENERALIZEDTIME * d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp, - long length); - -ASN1_TIME * ASN1_TIME_new(void); -void ASN1_TIME_free(ASN1_TIME *a); -int i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp); -ASN1_TIME * d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length); -ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); - -int i2d_ASN1_SET(STACK *a, unsigned char **pp, - int (*func)(), int ex_tag, int ex_class, int is_set); -STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, - char *(*func)(), void (*free_func)(), - int ex_tag, int ex_class); - -#ifdef HEADER_BIO_H -int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); -int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); -int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); -int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); -int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); -int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); -int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); -#endif -int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); - -int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); -ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, - char *sn, char *ln); - -int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); -long ASN1_INTEGER_get(ASN1_INTEGER *a); -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); - -int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); -long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); - -/* General */ -/* given a string, return the correct type, max is the maximum length */ -int ASN1_PRINTABLE_type(unsigned char *s, int max); - -int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, - long length, int Ptag, int Pclass); -/* type is one or more of the B_ASN1_ values. */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, - long length,int type); - -/* PARSING */ -int asn1_Finish(ASN1_CTX *c); - -/* SPECIALS */ -int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax); -int ASN1_check_infinite_end(unsigned char **p,long len); -void ASN1_put_object(unsigned char **pp, int constructed, int length, - int tag, int xclass); -int ASN1_object_size(int constructed, int length, int tag); - -/* Used to implement other functions */ -char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); - -#ifndef NO_FP_API -char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); -int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); -#endif - -#ifdef HEADER_BIO_H -char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); -int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); -int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); -int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); -int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); -int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); -int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); -#endif -const char *ASN1_tag2str(int tag); - -/* Used to load and write netscape format cert/key */ -int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length); -ASN1_HEADER *ASN1_HEADER_new(void ); -void ASN1_HEADER_free(ASN1_HEADER *a); - -int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); - -void ERR_load_ASN1_strings(void); - -/* Not used that much at this point, except for the first two */ -ASN1_METHOD *X509_asn1_meth(void); -ASN1_METHOD *RSAPrivateKey_asn1_meth(void); -ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); -ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); - -int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, - unsigned char *data, int len); -int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, - unsigned char *data, int max_len); -int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, - unsigned char *data, int len); -int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, - unsigned char *data, int max_len); - -STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), - void (*free_func)() ); -unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len ); -void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); -ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); - -void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); -unsigned long ASN1_STRING_get_default_mask(void); -int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask); -int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize); - -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, int inform, int nid); -ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); -int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); -void ASN1_STRING_TABLE_cleanup(void); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the ASN1 functions. */ - -/* Function codes. */ -#define ASN1_F_A2D_ASN1_OBJECT 100 -#define ASN1_F_A2I_ASN1_ENUMERATED 236 -#define ASN1_F_A2I_ASN1_INTEGER 101 -#define ASN1_F_A2I_ASN1_STRING 102 -#define ASN1_F_ACCESS_DESCRIPTION_NEW 291 -#define ASN1_F_ASN1_COLLATE_PRIMITIVE 103 -#define ASN1_F_ASN1_D2I_BIO 104 -#define ASN1_F_ASN1_D2I_FP 105 -#define ASN1_F_ASN1_DUP 106 -#define ASN1_F_ASN1_ENUMERATED_SET 232 -#define ASN1_F_ASN1_ENUMERATED_TO_BN 233 -#define ASN1_F_ASN1_GENERALIZEDTIME_NEW 222 -#define ASN1_F_ASN1_GET_OBJECT 107 -#define ASN1_F_ASN1_HEADER_NEW 108 -#define ASN1_F_ASN1_I2D_BIO 109 -#define ASN1_F_ASN1_I2D_FP 110 -#define ASN1_F_ASN1_INTEGER_SET 111 -#define ASN1_F_ASN1_INTEGER_TO_BN 112 -#define ASN1_F_ASN1_MBSTRING_COPY 282 -#define ASN1_F_ASN1_OBJECT_NEW 113 -#define ASN1_F_ASN1_PACK_STRING 245 -#define ASN1_F_ASN1_PBE_SET 253 -#define ASN1_F_ASN1_SEQ_PACK 246 -#define ASN1_F_ASN1_SEQ_UNPACK 247 -#define ASN1_F_ASN1_SIGN 114 -#define ASN1_F_ASN1_STRING_NEW 115 -#define ASN1_F_ASN1_STRING_TABLE_ADD 283 -#define ASN1_F_ASN1_STRING_TYPE_NEW 116 -#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 -#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 -#define ASN1_F_ASN1_TYPE_NEW 119 -#define ASN1_F_ASN1_UNPACK_STRING 248 -#define ASN1_F_ASN1_UTCTIME_NEW 120 -#define ASN1_F_ASN1_VERIFY 121 -#define ASN1_F_AUTHORITY_KEYID_NEW 237 -#define ASN1_F_BASIC_CONSTRAINTS_NEW 226 -#define ASN1_F_BN_TO_ASN1_ENUMERATED 234 -#define ASN1_F_BN_TO_ASN1_INTEGER 122 -#define ASN1_F_D2I_ACCESS_DESCRIPTION 284 -#define ASN1_F_D2I_ASN1_BIT_STRING 123 -#define ASN1_F_D2I_ASN1_BMPSTRING 124 -#define ASN1_F_D2I_ASN1_BOOLEAN 125 -#define ASN1_F_D2I_ASN1_BYTES 126 -#define ASN1_F_D2I_ASN1_ENUMERATED 235 -#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 223 -#define ASN1_F_D2I_ASN1_HEADER 127 -#define ASN1_F_D2I_ASN1_INTEGER 128 -#define ASN1_F_D2I_ASN1_NULL 292 -#define ASN1_F_D2I_ASN1_OBJECT 129 -#define ASN1_F_D2I_ASN1_OCTET_STRING 130 -#define ASN1_F_D2I_ASN1_PRINT_TYPE 131 -#define ASN1_F_D2I_ASN1_SET 132 -#define ASN1_F_D2I_ASN1_TIME 224 -#define ASN1_F_D2I_ASN1_TYPE 133 -#define ASN1_F_D2I_ASN1_TYPE_BYTES 134 -#define ASN1_F_D2I_ASN1_UINTEGER 280 -#define ASN1_F_D2I_ASN1_UTCTIME 135 -#define ASN1_F_D2I_ASN1_UTF8STRING 266 -#define ASN1_F_D2I_ASN1_VISIBLESTRING 267 -#define ASN1_F_D2I_AUTHORITY_KEYID 238 -#define ASN1_F_D2I_BASIC_CONSTRAINTS 227 -#define ASN1_F_D2I_DHPARAMS 136 -#define ASN1_F_D2I_DIST_POINT 276 -#define ASN1_F_D2I_DIST_POINT_NAME 277 -#define ASN1_F_D2I_DSAPARAMS 137 -#define ASN1_F_D2I_DSAPRIVATEKEY 138 -#define ASN1_F_D2I_DSAPUBLICKEY 139 -#define ASN1_F_D2I_GENERAL_NAME 230 -#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE 228 -#define ASN1_F_D2I_NETSCAPE_PKEY 140 -#define ASN1_F_D2I_NETSCAPE_RSA 141 -#define ASN1_F_D2I_NETSCAPE_RSA_2 142 -#define ASN1_F_D2I_NETSCAPE_SPKAC 143 -#define ASN1_F_D2I_NETSCAPE_SPKI 144 -#define ASN1_F_D2I_NOTICEREF 268 -#define ASN1_F_D2I_OTHERNAME 287 -#define ASN1_F_D2I_PBE2PARAM 262 -#define ASN1_F_D2I_PBEPARAM 249 -#define ASN1_F_D2I_PBKDF2PARAM 263 -#define ASN1_F_D2I_PKCS12 254 -#define ASN1_F_D2I_PKCS12_BAGS 255 -#define ASN1_F_D2I_PKCS12_MAC_DATA 256 -#define ASN1_F_D2I_PKCS12_SAFEBAG 257 -#define ASN1_F_D2I_PKCS7 145 -#define ASN1_F_D2I_PKCS7_DIGEST 146 -#define ASN1_F_D2I_PKCS7_ENCRYPT 147 -#define ASN1_F_D2I_PKCS7_ENC_CONTENT 148 -#define ASN1_F_D2I_PKCS7_ENVELOPE 149 -#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL 150 -#define ASN1_F_D2I_PKCS7_RECIP_INFO 151 -#define ASN1_F_D2I_PKCS7_SIGNED 152 -#define ASN1_F_D2I_PKCS7_SIGNER_INFO 153 -#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 -#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 -#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 -#define ASN1_F_D2I_POLICYINFO 269 -#define ASN1_F_D2I_POLICYQUALINFO 270 -#define ASN1_F_D2I_PRIVATEKEY 155 -#define ASN1_F_D2I_PUBLICKEY 156 -#define ASN1_F_D2I_RSAPRIVATEKEY 157 -#define ASN1_F_D2I_RSAPUBLICKEY 158 -#define ASN1_F_D2I_SXNET 241 -#define ASN1_F_D2I_SXNETID 243 -#define ASN1_F_D2I_USERNOTICE 271 -#define ASN1_F_D2I_X509 159 -#define ASN1_F_D2I_X509_ALGOR 160 -#define ASN1_F_D2I_X509_ATTRIBUTE 161 -#define ASN1_F_D2I_X509_CERT_AUX 285 -#define ASN1_F_D2I_X509_CINF 162 -#define ASN1_F_D2I_X509_CRL 163 -#define ASN1_F_D2I_X509_CRL_INFO 164 -#define ASN1_F_D2I_X509_EXTENSION 165 -#define ASN1_F_D2I_X509_KEY 166 -#define ASN1_F_D2I_X509_NAME 167 -#define ASN1_F_D2I_X509_NAME_ENTRY 168 -#define ASN1_F_D2I_X509_PKEY 169 -#define ASN1_F_D2I_X509_PUBKEY 170 -#define ASN1_F_D2I_X509_REQ 171 -#define ASN1_F_D2I_X509_REQ_INFO 172 -#define ASN1_F_D2I_X509_REVOKED 173 -#define ASN1_F_D2I_X509_SIG 174 -#define ASN1_F_D2I_X509_VAL 175 -#define ASN1_F_DIST_POINT_NAME_NEW 278 -#define ASN1_F_DIST_POINT_NEW 279 -#define ASN1_F_GENERAL_NAME_NEW 231 -#define ASN1_F_I2D_ASN1_HEADER 176 -#define ASN1_F_I2D_ASN1_TIME 225 -#define ASN1_F_I2D_DHPARAMS 177 -#define ASN1_F_I2D_DSAPARAMS 178 -#define ASN1_F_I2D_DSAPRIVATEKEY 179 -#define ASN1_F_I2D_DSAPUBLICKEY 180 -#define ASN1_F_I2D_DSA_PUBKEY 290 -#define ASN1_F_I2D_NETSCAPE_RSA 181 -#define ASN1_F_I2D_PKCS7 182 -#define ASN1_F_I2D_PRIVATEKEY 183 -#define ASN1_F_I2D_PUBLICKEY 184 -#define ASN1_F_I2D_RSAPRIVATEKEY 185 -#define ASN1_F_I2D_RSAPUBLICKEY 186 -#define ASN1_F_I2D_RSA_PUBKEY 289 -#define ASN1_F_I2D_X509_ATTRIBUTE 187 -#define ASN1_F_I2T_ASN1_OBJECT 188 -#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW 229 -#define ASN1_F_NETSCAPE_PKEY_NEW 189 -#define ASN1_F_NETSCAPE_SPKAC_NEW 190 -#define ASN1_F_NETSCAPE_SPKI_NEW 191 -#define ASN1_F_NOTICEREF_NEW 272 -#define ASN1_F_OTHERNAME_NEW 288 -#define ASN1_F_PBE2PARAM_NEW 264 -#define ASN1_F_PBEPARAM_NEW 251 -#define ASN1_F_PBKDF2PARAM_NEW 265 -#define ASN1_F_PKCS12_BAGS_NEW 258 -#define ASN1_F_PKCS12_MAC_DATA_NEW 259 -#define ASN1_F_PKCS12_NEW 260 -#define ASN1_F_PKCS12_SAFEBAG_NEW 261 -#define ASN1_F_PKCS5_PBE2_SET 281 -#define ASN1_F_PKCS7_DIGEST_NEW 192 -#define ASN1_F_PKCS7_ENCRYPT_NEW 193 -#define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 -#define ASN1_F_PKCS7_ENVELOPE_NEW 195 -#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW 196 -#define ASN1_F_PKCS7_NEW 197 -#define ASN1_F_PKCS7_RECIP_INFO_NEW 198 -#define ASN1_F_PKCS7_SIGNED_NEW 199 -#define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 -#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 -#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 -#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 -#define ASN1_F_POLICYINFO_NEW 273 -#define ASN1_F_POLICYQUALINFO_NEW 274 -#define ASN1_F_SXNETID_NEW 244 -#define ASN1_F_SXNET_NEW 242 -#define ASN1_F_USERNOTICE_NEW 275 -#define ASN1_F_X509_ALGOR_NEW 202 -#define ASN1_F_X509_ATTRIBUTE_NEW 203 -#define ASN1_F_X509_CERT_AUX_NEW 286 -#define ASN1_F_X509_CINF_NEW 204 -#define ASN1_F_X509_CRL_INFO_NEW 205 -#define ASN1_F_X509_CRL_NEW 206 -#define ASN1_F_X509_DHPARAMS_NEW 207 -#define ASN1_F_X509_EXTENSION_NEW 208 -#define ASN1_F_X509_INFO_NEW 209 -#define ASN1_F_X509_KEY_NEW 210 -#define ASN1_F_X509_NAME_ENTRY_NEW 211 -#define ASN1_F_X509_NAME_NEW 212 -#define ASN1_F_X509_NEW 213 -#define ASN1_F_X509_PKEY_NEW 214 -#define ASN1_F_X509_PUBKEY_NEW 215 -#define ASN1_F_X509_REQ_INFO_NEW 216 -#define ASN1_F_X509_REQ_NEW 217 -#define ASN1_F_X509_REVOKED_NEW 218 -#define ASN1_F_X509_SIG_NEW 219 -#define ASN1_F_X509_VAL_FREE 220 -#define ASN1_F_X509_VAL_NEW 221 - -/* Reason codes. */ -#define ASN1_R_BAD_CLASS 100 -#define ASN1_R_BAD_OBJECT_HEADER 101 -#define ASN1_R_BAD_PASSWORD_READ 102 -#define ASN1_R_BAD_PKCS7_CONTENT 103 -#define ASN1_R_BAD_PKCS7_TYPE 104 -#define ASN1_R_BAD_TAG 105 -#define ASN1_R_BAD_TYPE 106 -#define ASN1_R_BN_LIB 107 -#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108 -#define ASN1_R_BUFFER_TOO_SMALL 109 -#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 166 -#define ASN1_R_DATA_IS_WRONG 110 -#define ASN1_R_DECODE_ERROR 155 -#define ASN1_R_DECODING_ERROR 111 -#define ASN1_R_ENCODE_ERROR 156 -#define ASN1_R_ERROR_PARSING_SET_ELEMENT 112 -#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 157 -#define ASN1_R_EXPECTING_AN_ENUMERATED 154 -#define ASN1_R_EXPECTING_AN_INTEGER 113 -#define ASN1_R_EXPECTING_AN_OBJECT 114 -#define ASN1_R_EXPECTING_AN_OCTET_STRING 115 -#define ASN1_R_EXPECTING_A_BIT_STRING 116 -#define ASN1_R_EXPECTING_A_BOOLEAN 117 -#define ASN1_R_EXPECTING_A_GENERALIZEDTIME 151 -#define ASN1_R_EXPECTING_A_NULL 164 -#define ASN1_R_EXPECTING_A_TIME 152 -#define ASN1_R_EXPECTING_A_UTCTIME 118 -#define ASN1_R_FIRST_NUM_TOO_LARGE 119 -#define ASN1_R_GENERALIZEDTIME_TOO_LONG 153 -#define ASN1_R_HEADER_TOO_LONG 120 -#define ASN1_R_ILLEGAL_CHARACTERS 158 -#define ASN1_R_INVALID_BMPSTRING_LENGTH 159 -#define ASN1_R_INVALID_DIGIT 121 -#define ASN1_R_INVALID_SEPARATOR 122 -#define ASN1_R_INVALID_TIME_FORMAT 123 -#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 160 -#define ASN1_R_INVALID_UTF8STRING 161 -#define ASN1_R_IV_TOO_LARGE 124 -#define ASN1_R_LENGTH_ERROR 125 -#define ASN1_R_MISSING_SECOND_NUMBER 126 -#define ASN1_R_NON_HEX_CHARACTERS 127 -#define ASN1_R_NOT_ENOUGH_DATA 128 -#define ASN1_R_NULL_IS_WRONG_LENGTH 165 -#define ASN1_R_ODD_NUMBER_OF_CHARS 129 -#define ASN1_R_PARSING 130 -#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 131 -#define ASN1_R_SECOND_NUMBER_TOO_LARGE 132 -#define ASN1_R_SHORT_LINE 133 -#define ASN1_R_STRING_TOO_LONG 163 -#define ASN1_R_STRING_TOO_SHORT 134 -#define ASN1_R_TAG_VALUE_TOO_HIGH 135 -#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136 -#define ASN1_R_TOO_LONG 137 -#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 138 -#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 139 -#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE 140 -#define ASN1_R_UNKNOWN_FORMAT 162 -#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 141 -#define ASN1_R_UNKNOWN_OBJECT_TYPE 142 -#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 143 -#define ASN1_R_UNSUPPORTED_CIPHER 144 -#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 145 -#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 146 -#define ASN1_R_UTCTIME_TOO_LONG 147 -#define ASN1_R_WRONG_PRINTABLE_TYPE 148 -#define ASN1_R_WRONG_TAG 149 -#define ASN1_R_WRONG_TYPE 150 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/bio.h b/AppleCSP/open_ssl/openssl/bio.h deleted file mode 100644 index 0c96f118..00000000 --- a/AppleCSP/open_ssl/openssl/bio.h +++ /dev/null @@ -1,685 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bio/bio.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BIO_H -#define HEADER_BIO_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include - -/* These are the 'types' of BIOs */ -#define BIO_TYPE_NONE 0 -#define BIO_TYPE_MEM (1|0x0400) -#define BIO_TYPE_FILE (2|0x0400) - -#define BIO_TYPE_FD (4|0x0400|0x0100) -#define BIO_TYPE_SOCKET (5|0x0400|0x0100) -#define BIO_TYPE_NULL (6|0x0400) -#define BIO_TYPE_SSL (7|0x0200) -#define BIO_TYPE_MD (8|0x0200) /* passive filter */ -#define BIO_TYPE_BUFFER (9|0x0200) /* filter */ -#define BIO_TYPE_CIPHER (10|0x0200) /* filter */ -#define BIO_TYPE_BASE64 (11|0x0200) /* filter */ -#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */ -#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */ -#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */ -#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ -#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ -#define BIO_TYPE_NULL_FILTER (17|0x0200) -#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ -#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ - -#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ -#define BIO_TYPE_FILTER 0x0200 -#define BIO_TYPE_SOURCE_SINK 0x0400 - -/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. - * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ -#define BIO_NOCLOSE 0x00 -#define BIO_CLOSE 0x01 - -/* These are used in the following macros and are passed to - * BIO_ctrl() */ -#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ -#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ -#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ -#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ -#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ -#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ -#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ -#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ -#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ -#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ -#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ -#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ -#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ -/* callback is int cb(BIO *bio,state,ret); */ -#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ -#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ - -#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ - -/* modifiers */ -#define BIO_FP_READ 0x02 -#define BIO_FP_WRITE 0x04 -#define BIO_FP_APPEND 0x08 -#define BIO_FP_TEXT 0x10 - -#define BIO_FLAGS_READ 0x01 -#define BIO_FLAGS_WRITE 0x02 -#define BIO_FLAGS_IO_SPECIAL 0x04 -#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) -#define BIO_FLAGS_SHOULD_RETRY 0x08 - -/* Used in BIO_gethostbyname() */ -#define BIO_GHBN_CTRL_HITS 1 -#define BIO_GHBN_CTRL_MISSES 2 -#define BIO_GHBN_CTRL_CACHE_SIZE 3 -#define BIO_GHBN_CTRL_GET_ENTRY 4 -#define BIO_GHBN_CTRL_FLUSH 5 - -/* Mostly used in the SSL BIO */ -/* Not used anymore - * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 - * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 - * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 - */ - -#define BIO_FLAGS_BASE64_NO_NL 0x100 - -/* This is used with memory BIOs: it means we shouldn't free up or change the - * data in any way. - */ -#define BIO_FLAGS_MEM_RDONLY 0x200 - -#define BIO_set_flags(b,f) ((b)->flags|=(f)) -#define BIO_get_flags(b) ((b)->flags) -#define BIO_set_retry_special(b) \ - ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) -#define BIO_set_retry_read(b) \ - ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) -#define BIO_set_retry_write(b) \ - ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) - -/* These are normally used internally in BIOs */ -#define BIO_clear_flags(b,f) ((b)->flags&= ~(f)) -#define BIO_clear_retry_flags(b) \ - ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) -#define BIO_get_retry_flags(b) \ - ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) - -/* These should be used by the application to tell why we should retry */ -#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) -#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) -#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) -#define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) -#define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) - -/* The next two are used in conjunction with the - * BIO_should_io_special() condition. After this returns true, - * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO - * stack and return the 'reason' for the special and the offending BIO. - * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ -/* Returned from the SSL bio when the certificate retrieval code had an error */ -#define BIO_RR_SSL_X509_LOOKUP 0x01 -/* Returned from the connect BIO when a connect would have blocked */ -#define BIO_RR_CONNECT 0x02 - -/* These are passed by the BIO callback */ -#define BIO_CB_FREE 0x01 -#define BIO_CB_READ 0x02 -#define BIO_CB_WRITE 0x03 -#define BIO_CB_PUTS 0x04 -#define BIO_CB_GETS 0x05 -#define BIO_CB_CTRL 0x06 - -/* The callback is called before and after the underling operation, - * The BIO_CB_RETURN flag indicates if it is after the call */ -#define BIO_CB_RETURN 0x80 -#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) -#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) -#define BIO_cb_post(a) ((a)&BIO_CB_RETURN) - -#define BIO_set_callback(b,cb) ((b)->callback=(cb)) -#define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg)) -#define BIO_get_callback_arg(b) ((b)->cb_arg) -#define BIO_get_callback(b) ((b)->callback) -#define BIO_method_name(b) ((b)->method->name) -#define BIO_method_type(b) ((b)->method->type) - -#ifndef WIN16 -typedef struct bio_method_st - { - int type; - const char *name; - int (*bwrite)(); - int (*bread)(); - int (*bputs)(); - int (*bgets)(); - long (*ctrl)(); - int (*create)(); - int (*destroy)(); - long (*callback_ctrl)(); - } BIO_METHOD; -#else -typedef struct bio_method_st - { - int type; - const char *name; - int (_far *bwrite)(); - int (_far *bread)(); - int (_far *bputs)(); - int (_far *bgets)(); - long (_far *ctrl)(); - int (_far *create)(); - int (_far *destroy)(); - long (_fat *callback_ctrl)(); - } BIO_METHOD; -#endif - -typedef struct bio_st - { - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ - long (*callback)(struct bio_st *,int,const char *,int, long,long); - char *cb_arg; /* first argument for the callback */ - - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - int references; - unsigned long num_read; - unsigned long num_write; - - CRYPTO_EX_DATA ex_data; - } BIO; - -typedef struct bio_f_buffer_ctx_struct - { - /* BIO *bio; */ /* this is now in the BIO struct */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ - } BIO_F_BUFFER_CTX; - -/* connect BIO stuff */ -#define BIO_CONN_S_BEFORE 1 -#define BIO_CONN_S_GET_IP 2 -#define BIO_CONN_S_GET_PORT 3 -#define BIO_CONN_S_CREATE_SOCKET 4 -#define BIO_CONN_S_CONNECT 5 -#define BIO_CONN_S_OK 6 -#define BIO_CONN_S_BLOCKED_CONNECT 7 -#define BIO_CONN_S_NBIO 8 -/*#define BIO_CONN_get_param_hostname BIO_ctrl */ - -#define BIO_C_SET_CONNECT 100 -#define BIO_C_DO_STATE_MACHINE 101 -#define BIO_C_SET_NBIO 102 -#define BIO_C_SET_PROXY_PARAM 103 -#define BIO_C_SET_FD 104 -#define BIO_C_GET_FD 105 -#define BIO_C_SET_FILE_PTR 106 -#define BIO_C_GET_FILE_PTR 107 -#define BIO_C_SET_FILENAME 108 -#define BIO_C_SET_SSL 109 -#define BIO_C_GET_SSL 110 -#define BIO_C_SET_MD 111 -#define BIO_C_GET_MD 112 -#define BIO_C_GET_CIPHER_STATUS 113 -#define BIO_C_SET_BUF_MEM 114 -#define BIO_C_GET_BUF_MEM_PTR 115 -#define BIO_C_GET_BUFF_NUM_LINES 116 -#define BIO_C_SET_BUFF_SIZE 117 -#define BIO_C_SET_ACCEPT 118 -#define BIO_C_SSL_MODE 119 -#define BIO_C_GET_MD_CTX 120 -#define BIO_C_GET_PROXY_PARAM 121 -#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ -#define BIO_C_GET_CONNECT 123 -#define BIO_C_GET_ACCEPT 124 -#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -#define BIO_C_FILE_SEEK 128 -#define BIO_C_GET_CIPHER_CTX 129 -#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ -#define BIO_C_SET_BIND_MODE 131 -#define BIO_C_GET_BIND_MODE 132 -#define BIO_C_FILE_TELL 133 -#define BIO_C_GET_SOCKS 134 -#define BIO_C_SET_SOCKS 135 - -#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ -#define BIO_C_GET_WRITE_BUF_SIZE 137 -#define BIO_C_MAKE_BIO_PAIR 138 -#define BIO_C_DESTROY_BIO_PAIR 139 -#define BIO_C_GET_WRITE_GUARANTEE 140 -#define BIO_C_GET_READ_REQUEST 141 -#define BIO_C_SHUTDOWN_WR 142 -#define BIO_C_NREAD0 143 -#define BIO_C_NREAD 144 -#define BIO_C_NWRITE0 145 -#define BIO_C_NWRITE 146 -#define BIO_C_RESET_READ_REQUEST 147 - - -#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) -#define BIO_get_app_data(s) BIO_get_ex_data(s,0) - -/* BIO_s_connect() and BIO_s_socks4a_connect() */ -#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) -#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) - - -#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) - -/* BIO_s_accept_socket() */ -#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) -/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) -#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) - -#define BIO_BIND_NORMAL 0 -#define BIO_BIND_REUSEADDR_IF_UNUSED 1 -#define BIO_BIND_REUSEADDR 2 -#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) - -#define BIO_do_connect(b) BIO_do_handshake(b) -#define BIO_do_accept(b) BIO_do_handshake(b) -#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) - -/* BIO_s_proxy_client() */ -#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) -#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) -/* BIO_set_nbio(b,n) */ -#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) -/* BIO *BIO_get_filter_bio(BIO *bio); */ -#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) -#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) -#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) - -#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) -#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) -#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) -#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) - -#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) - -#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) -#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) - -#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) -#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) - -/* name is cast to lose const, but might be better to route through a function - so we can do it safely */ -#ifdef CONST_STRICT -/* If you are wondering why this isn't defined, its because CONST_STRICT is - * purely a compile-time kludge to allow const to be checked. - */ -int BIO_read_filename(BIO *b,const char *name); -#else -#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ,(char *)name) -#endif -#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_WRITE,name) -#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_APPEND,name) -#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) - -/* WARNING WARNING, this ups the reference count on the read bio of the - * SSL structure. This is because the ssl read BIO is now pointed to by - * the next_bio field in the bio. So when you free the BIO, make sure - * you are doing a BIO_free_all() to catch the underlying BIO. */ -#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) -#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) -#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) -#define BIO_set_ssl_renegotiate_bytes(b,num) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); -#define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); -#define BIO_set_ssl_renegotiate_timeout(b,seconds) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); - -/* defined in evp.h */ -/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ - -#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) -#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) -#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) -#define BIO_set_mem_eof_return(b,v) \ - BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) - -/* For the BIO_f_buffer() type */ -#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) -#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) -#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) -#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) -#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) - -/* Don't use the next one unless you know what you are doing :-) */ -#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) - -#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) -#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) -#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) -#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) -#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) -#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) -/* ...pending macros have inappropriate return type */ -size_t BIO_ctrl_pending(BIO *b); -size_t BIO_ctrl_wpending(BIO *b); -#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) -#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(void (**)())(cbp)) -#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,(void (*)())(cb)) - -/* For the BIO_f_buffer() type */ -#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) - -/* For BIO_s_bio() */ -#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) -#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) -#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) -#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) -/* macros with inappropriate type -- but ...pending macros use int too: */ -#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) -#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) -size_t BIO_ctrl_get_write_guarantee(BIO *b); -size_t BIO_ctrl_get_read_request(BIO *b); -int BIO_ctrl_reset_read_request(BIO *b); - -#ifdef NO_STDIO -#define NO_FP_API -#endif - - -/* These two aren't currently implemented */ -/* int BIO_get_ex_num(BIO *bio); */ -/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ -int BIO_set_ex_data(BIO *bio,int idx,void *data); -void *BIO_get_ex_data(BIO *bio,int idx); -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -unsigned long BIO_number_read(BIO *bio); -unsigned long BIO_number_written(BIO *bio); - -# if defined(WIN16) && defined(_WINDLL) -BIO_METHOD *BIO_s_file_internal(void); -BIO *BIO_new_file_internal(char *filename, char *mode); -BIO *BIO_new_fp_internal(FILE *stream, int close_flag); -# define BIO_s_file BIO_s_file_internal -# define BIO_new_file BIO_new_file_internal -# define BIO_new_fp BIO_new_fp_internal -# else /* FP_API */ -const BIO_METHOD *BIO_s_file(void ); -BIO *BIO_new_file(const char *filename, const char *mode); -BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file -# define BIO_new_file_internal BIO_new_file -# define BIO_new_fp_internal BIO_s_file -# endif /* FP_API */ -BIO * BIO_new(const BIO_METHOD *type); -int BIO_set(BIO *a,const BIO_METHOD *type); -int BIO_free(BIO *a); -int BIO_read(BIO *b, void *data, int len); -int BIO_gets(BIO *bp,char *buf, int size); -int BIO_write(BIO *b, const void *data, int len); -int BIO_puts(BIO *bp,const char *buf); -long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); -long BIO_callback_ctrl(BIO *bp,int cmd,void (*fp)()); -char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); -long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); -BIO * BIO_push(BIO *b,BIO *append); -BIO * BIO_pop(BIO *b); -void BIO_free_all(BIO *a); -BIO * BIO_find_type(BIO *b,int bio_type); -BIO * BIO_get_retry_BIO(BIO *bio, int *reason); -int BIO_get_retry_reason(BIO *bio); -BIO * BIO_dup_chain(BIO *in); - -int BIO_nread0(BIO *bio, char **buf); -int BIO_nread(BIO *bio, char **buf, int num); -int BIO_nwrite0(BIO *bio, char **buf); -int BIO_nwrite(BIO *bio, char **buf, int num); - -#ifndef WIN16 -long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, - long argl,long ret); -#else -long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, - long argl,long ret); -#endif - -BIO_METHOD *BIO_s_mem(void); -BIO *BIO_new_mem_buf(void *buf, int len); -BIO_METHOD *BIO_s_socket(void); -BIO_METHOD *BIO_s_connect(void); -BIO_METHOD *BIO_s_accept(void); -BIO_METHOD *BIO_s_fd(void); -BIO_METHOD *BIO_s_log(void); -BIO_METHOD *BIO_s_bio(void); -BIO_METHOD *BIO_s_null(void); -BIO_METHOD *BIO_f_null(void); -BIO_METHOD *BIO_f_buffer(void); -BIO_METHOD *BIO_f_nbio_test(void); -/* BIO_METHOD *BIO_f_ber(void); */ - -int BIO_sock_should_retry(int i); -int BIO_sock_non_fatal_error(int error); -int BIO_fd_should_retry(int i); -int BIO_fd_non_fatal_error(int error); -int BIO_dump(BIO *b,const char *bytes,int len); - -struct hostent *BIO_gethostbyname(const char *name); -/* We might want a thread-safe interface too: - * struct hostent *BIO_gethostbyname_r(const char *name, - * struct hostent *result, void *buffer, size_t buflen); - * or something similar (caller allocates a struct hostent, - * pointed to by "result", and additional buffer space for the various - * substructures; if the buffer does not suffice, NULL is returned - * and an appropriate error code is set). - */ -int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); -int BIO_socket_nbio(int fd,int mode); -int BIO_get_port(const char *str, unsigned short *port_ptr); -int BIO_get_host_ip(const char *str, unsigned char *ip); -int BIO_get_accept_socket(char *host_port,int mode); -int BIO_accept(int sock,char **ip_port); -int BIO_sock_init(void ); -void BIO_sock_cleanup(void); -int BIO_set_tcp_ndelay(int sock,int turn_on); - -void ERR_load_BIO_strings(void ); - -BIO *BIO_new_socket(int sock, int close_flag); -BIO *BIO_new_fd(int fd, int close_flag); -BIO *BIO_new_connect(char *host_port); -BIO *BIO_new_accept(char *host_port); - -int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, - BIO **bio2, size_t writebuf2); -/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. - * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. - * Size 0 uses default value. - */ - -void BIO_copy_next_retry(BIO *b); - -long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); - -int BIO_printf(BIO *bio, ...); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the BIO functions. */ - -/* Function codes. */ -#define BIO_F_ACPT_STATE 100 -#define BIO_F_BIO_ACCEPT 101 -#define BIO_F_BIO_BER_GET_HEADER 102 -#define BIO_F_BIO_CTRL 103 -#define BIO_F_BIO_GETHOSTBYNAME 120 -#define BIO_F_BIO_GETS 104 -#define BIO_F_BIO_GET_ACCEPT_SOCKET 105 -#define BIO_F_BIO_GET_HOST_IP 106 -#define BIO_F_BIO_GET_PORT 107 -#define BIO_F_BIO_MAKE_PAIR 121 -#define BIO_F_BIO_NEW 108 -#define BIO_F_BIO_NEW_FILE 109 -#define BIO_F_BIO_NEW_MEM_BUF 126 -#define BIO_F_BIO_NREAD 123 -#define BIO_F_BIO_NREAD0 124 -#define BIO_F_BIO_NWRITE 125 -#define BIO_F_BIO_NWRITE0 122 -#define BIO_F_BIO_PUTS 110 -#define BIO_F_BIO_READ 111 -#define BIO_F_BIO_SOCK_INIT 112 -#define BIO_F_BIO_WRITE 113 -#define BIO_F_BUFFER_CTRL 114 -#define BIO_F_CONN_CTRL 127 -#define BIO_F_CONN_STATE 115 -#define BIO_F_FILE_CTRL 116 -#define BIO_F_MEM_WRITE 117 -#define BIO_F_SSL_NEW 118 -#define BIO_F_WSASTARTUP 119 - -/* Reason codes. */ -#define BIO_R_ACCEPT_ERROR 100 -#define BIO_R_BAD_FOPEN_MODE 101 -#define BIO_R_BAD_HOSTNAME_LOOKUP 102 -#define BIO_R_BROKEN_PIPE 124 -#define BIO_R_CONNECT_ERROR 103 -#define BIO_R_ERROR_SETTING_NBIO 104 -#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 -#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 -#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 -#define BIO_R_INVALID_ARGUMENT 125 -#define BIO_R_INVALID_IP_ADDRESS 108 -#define BIO_R_IN_USE 123 -#define BIO_R_KEEPALIVE 109 -#define BIO_R_NBIO_CONNECT_ERROR 110 -#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 -#define BIO_R_NO_HOSTNAME_SPECIFIED 112 -#define BIO_R_NO_PORT_DEFINED 113 -#define BIO_R_NO_PORT_SPECIFIED 114 -#define BIO_R_NULL_PARAMETER 115 -#define BIO_R_TAG_MISMATCH 116 -#define BIO_R_UNABLE_TO_BIND_SOCKET 117 -#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 -#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 -#define BIO_R_UNINITIALIZED 120 -#define BIO_R_UNSUPPORTED_METHOD 121 -#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 -#define BIO_R_WSASTARTUP 122 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/blowfish.h b/AppleCSP/open_ssl/openssl/blowfish.h deleted file mode 100644 index 648a7ce7..00000000 --- a/AppleCSP/open_ssl/openssl/blowfish.h +++ /dev/null @@ -1,129 +0,0 @@ -/* crypto/bf/blowfish.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BLOWFISH_H -#define HEADER_BLOWFISH_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_BF -#error BF is disabled. -#endif - -#define BF_ENCRYPT 1 -#define BF_DECRYPT 0 - -/* - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! BF_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - -#if defined(WIN16) || defined(__LP32__) || \ - ((defined(__ppc__) || defined(__i386__)) && defined(__APPLE__)) -#define BF_LONG unsigned long -#elif defined(_CRAY) || defined(__ILP64__) -#define BF_LONG unsigned long -#define BF_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ -#else -#warning BF_LONG really should be explicitly defined\ -#define BF_LONG unsigned int -#endif - -#define BF_ROUNDS 16 -#define BF_BLOCK 8 /* block size in bytes */ -#define BF_MIN_KEY_SIZE_BYTES (32 / 8) -#define BF_MAX_KEY_SIZE_BYTES (448 / 8) /* 56 */ - -typedef struct bf_key_st - { - BF_LONG P[BF_ROUNDS+2]; - BF_LONG S[4*256]; - } BF_KEY; - - -void BF_set_key(BF_KEY *key, int len, const unsigned char *data); - -void BF_encrypt(BF_LONG *data,const BF_KEY *key); -void BF_decrypt(BF_LONG *data,const BF_KEY *key); - -void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int enc); -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int enc); -void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); -void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num); -const char *BF_options(void); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/bn.h b/AppleCSP/open_ssl/openssl/bn.h deleted file mode 100644 index 76835f4c..00000000 --- a/AppleCSP/open_ssl/openssl/bn.h +++ /dev/null @@ -1,536 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/bn/bn.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BN_H -#define HEADER_BN_H - -#ifndef WIN16 -#include /* FILE */ -#endif -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef VMS -#undef BN_LLONG /* experimental, so far... */ -#endif - -#define BN_MUL_COMBA -#define BN_SQR_COMBA -#define BN_RECURSION -#define RECP_MUL_MOD -#define MONT_MUL_MOD - -/* This next option uses the C libraries (2 word)/(1 word) function. - * If it is not defined, I use my C version (which is slower). - * The reason for this flag is that when the particular C compiler - * library routine is used, and the library is linked with a different - * compiler, the library is missing. This mostly happens when the - * library is built with gcc and then linked using normal cc. This would - * be a common occurrence because gcc normally produces code that is - * 2 times faster than system compilers for the big number stuff. - * For machines with only one compiler (or shared libraries), this should - * be on. Again this in only really a problem on machines - * using "long long's", are 32bit, and are not using my assembler code. */ -#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux) -#define BN_DIV2W -#endif - -/* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ -#ifdef SIXTY_FOUR_BIT_LONG -#define BN_ULLONG unsigned long long -#define BN_ULONG unsigned long -#define BN_LONG long -#define BN_BITS 128 -#define BN_BYTES 8 -#define BN_BITS2 64 -#define BN_BITS4 32 -#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -#define BN_MASK2 (0xffffffffffffffffL) -#define BN_MASK2l (0xffffffffL) -#define BN_MASK2h (0xffffffff00000000L) -#define BN_MASK2h1 (0xffffffff80000000L) -#define BN_TBIT (0x8000000000000000L) -#define BN_DEC_CONV (10000000000000000000UL) -#define BN_DEC_FMT1 "%lu" -#define BN_DEC_FMT2 "%019lu" -#define BN_DEC_NUM 19 -#endif - -/* This is where the long long data type is 64 bits, but long is 32. - * For machines where there are 64bit registers, this is the mode to use. - * IRIX, on R4000 and above should use this mode, along with the relevant - * assembler code :-). Do NOT define BN_LLONG. - */ -#ifdef SIXTY_FOUR_BIT -#undef BN_LLONG -#undef BN_ULLONG -#define BN_ULONG unsigned long long -#define BN_LONG long long -#define BN_BITS 128 -#define BN_BYTES 8 -#define BN_BITS2 64 -#define BN_BITS4 32 -#define BN_MASK2 (0xffffffffffffffffLL) -#define BN_MASK2l (0xffffffffL) -#define BN_MASK2h (0xffffffff00000000LL) -#define BN_MASK2h1 (0xffffffff80000000LL) -#define BN_TBIT (0x8000000000000000LL) -#define BN_DEC_CONV (10000000000000000000LL) -#define BN_DEC_FMT1 "%llu" -#define BN_DEC_FMT2 "%019llu" -#define BN_DEC_NUM 19 -#endif - -#ifdef THIRTY_TWO_BIT -#if defined(WIN32) && !defined(__GNUC__) -#define BN_ULLONG unsigned _int64 -#else -#define BN_ULLONG unsigned long long -#endif -#define BN_ULONG unsigned long -#define BN_LONG long -#define BN_BITS 64 -#define BN_BYTES 4 -#define BN_BITS2 32 -#define BN_BITS4 16 -#ifdef WIN32 -/* VC++ doesn't like the LL suffix */ -#define BN_MASK (0xffffffffffffffffL) -#else -#define BN_MASK (0xffffffffffffffffLL) -#endif -#define BN_MASK2 (0xffffffffL) -#define BN_MASK2l (0xffff) -#define BN_MASK2h1 (0xffff8000L) -#define BN_MASK2h (0xffff0000L) -#define BN_TBIT (0x80000000L) -#define BN_DEC_CONV (1000000000L) -#define BN_DEC_FMT1 "%lu" -#define BN_DEC_FMT2 "%09lu" -#define BN_DEC_NUM 9 -#endif - -#ifdef SIXTEEN_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned long -#define BN_ULONG unsigned short -#define BN_LONG short -#define BN_BITS 32 -#define BN_BYTES 2 -#define BN_BITS2 16 -#define BN_BITS4 8 -#define BN_MASK (0xffffffff) -#define BN_MASK2 (0xffff) -#define BN_MASK2l (0xff) -#define BN_MASK2h1 (0xff80) -#define BN_MASK2h (0xff00) -#define BN_TBIT (0x8000) -#define BN_DEC_CONV (100000) -#define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%05u" -#define BN_DEC_NUM 5 -#endif - -#ifdef EIGHT_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned short -#define BN_ULONG unsigned char -#define BN_LONG char -#define BN_BITS 16 -#define BN_BYTES 1 -#define BN_BITS2 8 -#define BN_BITS4 4 -#define BN_MASK (0xffff) -#define BN_MASK2 (0xff) -#define BN_MASK2l (0xf) -#define BN_MASK2h1 (0xf8) -#define BN_MASK2h (0xf0) -#define BN_TBIT (0x80) -#define BN_DEC_CONV (100) -#define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%02u" -#define BN_DEC_NUM 2 -#endif - -#define BN_DEFAULT_BITS 1280 - -#ifdef BIGNUM -#undef BIGNUM -#endif - -#define BN_FLG_MALLOCED 0x01 -#define BN_FLG_STATIC_DATA 0x02 -#define BN_FLG_FREE 0x8000 /* used for debuging */ -#define BN_set_flags(b,n) ((b)->flags|=(n)) -#define BN_get_flags(b,n) ((b)->flags&(n)) - -typedef struct bignum_st - { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int max; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; - } BIGNUM; - -/* Used for temp variables */ -#define BN_CTX_NUM 12 -#define BN_CTX_NUM_POS 12 -typedef struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } BN_CTX; - -typedef struct bn_blinding_st - { - int init; - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *mod; /* just a reference */ - } BN_BLINDING; - -/* Used for montgomery multiplication */ -typedef struct bn_mont_ctx_st - { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 - * (Ni is only stored for bignum algorithm) */ - BN_ULONG n0; /* least significant word of Ni */ - int flags; - } BN_MONT_CTX; - -/* Used for reciprocal division/mod functions - * It cannot be shared between threads - */ -typedef struct bn_recp_ctx_st - { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; - } BN_RECP_CTX; - -#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - r,a,&((mont)->RR),(mont),ctx) - -#define BN_prime_checks 0 /* default: select number of iterations - based on the size of the number */ - -/* number of Miller-Rabin iterations for an error rate of less than 2^-80 - * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook - * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error estimates - * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ -#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) - -#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_is_word(a,0)) -#define BN_is_one(a) (BN_is_word((a),1)) -#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) -#define BN_one(a) (BN_set_word((a),1)) -#define BN_zero(a) (BN_set_word((a),0)) - -/*#define BN_ascii2bn(a) BN_hex2bn(a) */ -/*#define BN_bn2ascii(a) BN_bn2hex(a) */ - -BIGNUM *BN_value_one(void); -char * BN_options(void); -BN_CTX *BN_CTX_new(void); -void BN_CTX_init(BN_CTX *c); -void BN_CTX_free(BN_CTX *c); -void BN_CTX_start(BN_CTX *ctx); -BIGNUM *BN_CTX_get(BN_CTX *ctx); -void BN_CTX_end(BN_CTX *ctx); -int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_rand_range(BIGNUM *rnd, BIGNUM *range); -int BN_num_bits(const BIGNUM *a); -int BN_num_bits_word(BN_ULONG); -BIGNUM *BN_new(void); -void BN_init(BIGNUM *); -void BN_clear_free(BIGNUM *a); -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); -BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); -int BN_bn2bin(const BIGNUM *a, unsigned char *to); -BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret); -int BN_bn2mpi(const BIGNUM *a, unsigned char *to); -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx); -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); -int BN_mul_word(BIGNUM *a, BN_ULONG w); -int BN_add_word(BIGNUM *a, BN_ULONG w); -int BN_sub_word(BIGNUM *a, BN_ULONG w); -int BN_set_word(BIGNUM *a, BN_ULONG w); -BN_ULONG BN_get_word(BIGNUM *a); -int BN_cmp(const BIGNUM *a, const BIGNUM *b); -void BN_free(BIGNUM *a); -int BN_is_bit_set(const BIGNUM *a, int n); -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -int BN_lshift1(BIGNUM *r, BIGNUM *a); -int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx); -int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m,BN_CTX *ctx); -int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2, - BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx); -int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, - BIGNUM *m,BN_CTX *ctx); -int BN_mask_bits(BIGNUM *a,int n); -int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); -#ifndef NO_FP_API -int BN_print_fp(FILE *fp, const BIGNUM *a); -#endif -#ifdef HEADER_BIO_H -int BN_print(BIO *fp, const BIGNUM *a); -#else -int BN_print(void *fp, const BIGNUM *a); -#endif -int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx); -int BN_rshift(BIGNUM *r, BIGNUM *a, int n); -int BN_rshift1(BIGNUM *r, BIGNUM *a); -void BN_clear(BIGNUM *a); -BIGNUM *BN_dup(const BIGNUM *a); -int BN_ucmp(const BIGNUM *a, const BIGNUM *b); -int BN_set_bit(BIGNUM *a, int n); -int BN_clear_bit(BIGNUM *a, int n); -char * BN_bn2hex(const BIGNUM *a); -char * BN_bn2dec(const BIGNUM *a); -int BN_hex2bn(BIGNUM **a, const char *str); -int BN_dec2bn(BIGNUM **a, const char *str); -int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx); -BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add, - BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg); -int BN_is_prime(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *), - BN_CTX *ctx,void *cb_arg); -int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, - int do_trial_division); -void ERR_load_BN_strings(void ); - -BN_MONT_CTX *BN_MONT_CTX_new(void ); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont, - BN_CTX *ctx); -int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); -void BN_MONT_CTX_free(BN_MONT_CTX *mont); -int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); - -BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); -void BN_BLINDING_free(BN_BLINDING *b); -int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx); -int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - -#if BN_PARAMS_ENABLE -void BN_set_params(int mul,int high,int low,int mont); -int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -#endif /* BN_PARAMS_ENABLE */ - -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -BN_RECP_CTX *BN_RECP_CTX_new(void); -void BN_RECP_CTX_free(BN_RECP_CTX *recp); -int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, - BN_RECP_CTX *recp,BN_CTX *ctx); -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx); - -/* library internal functions */ - -#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->max)?\ - (a):bn_expand2((a),(bits)/BN_BITS2+1)) -#define bn_wexpand(a,words) (((words) <= (a)->max)?(a):bn_expand2((a),(words))) -BIGNUM *bn_expand2(BIGNUM *a, int words); - -#define bn_fix_top(a) \ - { \ - BN_ULONG *ftl; \ - if ((a)->top > 0) \ - { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ - } \ - } - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); - -#ifdef BN_DEBUG - void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n); -# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ - fprintf(stderr,"\n");} -# define bn_dump(a,n) bn_dump1(stderr,#a,a,n); -#else -# define bn_print(a) -# define bn_dump(a,b) -#endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the BN functions. */ - -/* Function codes. */ -#define BN_F_BN_BLINDING_CONVERT 100 -#define BN_F_BN_BLINDING_INVERT 101 -#define BN_F_BN_BLINDING_NEW 102 -#define BN_F_BN_BLINDING_UPDATE 103 -#define BN_F_BN_BN2DEC 104 -#define BN_F_BN_BN2HEX 105 -#define BN_F_BN_CTX_GET 116 -#define BN_F_BN_CTX_NEW 106 -#define BN_F_BN_DIV 107 -#define BN_F_BN_EXPAND2 108 -#define BN_F_BN_MOD_EXP_MONT 109 -#define BN_F_BN_MOD_EXP_MONT_WORD 117 -#define BN_F_BN_MOD_INVERSE 110 -#define BN_F_BN_MOD_MUL_RECIPROCAL 111 -#define BN_F_BN_MPI2BN 112 -#define BN_F_BN_NEW 113 -#define BN_F_BN_RAND 114 -#define BN_F_BN_RAND_RANGE 122 -#define BN_F_BN_USUB 115 - -/* Reason codes. */ -#define BN_R_ARG2_LT_ARG3 100 -#define BN_R_BAD_RECIPROCAL 101 -#define BN_R_CALLED_WITH_EVEN_MODULUS 102 -#define BN_R_DIV_BY_ZERO 103 -#define BN_R_ENCODING_ERROR 104 -#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -#define BN_R_INVALID_LENGTH 106 -#define BN_R_INVALID_RANGE 115 -#define BN_R_NOT_INITIALIZED 107 -#define BN_R_NO_INVERSE 108 -#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/buffer.h b/AppleCSP/open_ssl/openssl/buffer.h deleted file mode 100644 index 9f9103ab..00000000 --- a/AppleCSP/open_ssl/openssl/buffer.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/buffer/buffer.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BUFFER_H -#define HEADER_BUFFER_H - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct buf_mem_st - { - int length; /* current number of bytes */ - char *data; - int max; /* size of buffer */ - } BUF_MEM; - -BUF_MEM *BUF_MEM_new(void); -void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, int len); -char * BUF_strdup(const char *str); - -void ERR_load_BUF_strings(void ); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the BUF functions. */ - -/* Function codes. */ -#define BUF_F_BUF_MEM_GROW 100 -#define BUF_F_BUF_MEM_NEW 101 -#define BUF_F_BUF_STRDUP 102 - -/* Reason codes. */ - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/cast.h b/AppleCSP/open_ssl/openssl/cast.h deleted file mode 100644 index 2c9d0019..00000000 --- a/AppleCSP/open_ssl/openssl/cast.h +++ /dev/null @@ -1,103 +0,0 @@ -/* crypto/cast/cast.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_CAST_H -#define HEADER_CAST_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_CAST -#error CAST is disabled. -#endif - -#define CAST_ENCRYPT 1 -#define CAST_DECRYPT 0 - -#define CAST_LONG unsigned long - -#define CAST_BLOCK 8 /* block size in bytes */ -#define CAST_KEY_LENGTH 16 /* MAX key size in bytes */ -#define CAST_MIN_KEY_LENGTH 5 /* MIN key size in bytes */ -typedef struct cast_key_st - { - CAST_LONG data[32]; - int short_key; /* Use reduced rounds for short key */ - } CAST_KEY; - - -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, - int enc); -void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); -void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); -void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc); -void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, - int *num, int enc); -void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, - int *num); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/crypto.h b/AppleCSP/open_ssl/openssl/crypto.h deleted file mode 100644 index b2c7a6c9..00000000 --- a/AppleCSP/open_ssl/openssl/crypto.h +++ /dev/null @@ -1,391 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/crypto.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_CRYPTO_H -#define HEADER_CRYPTO_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#ifndef NO_FP_API -#include -#endif - -#include -#include -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -#if defined(VMS) || defined(__VMS) -#include "vms_idhacks.h" -#endif - - -/* Backward compatibility to SSLeay */ -/* This is more to be used to check the correct DLL is being used - * in the MS world. */ -#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -#define SSLEAY_VERSION 0 -/* #define SSLEAY_OPTIONS 1 no longer supported */ -#define SSLEAY_CFLAGS 2 -#define SSLEAY_BUILT_ON 3 -#define SSLEAY_PLATFORM 4 - -/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock - * names in cryptlib.c - */ - -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_ERR_HASH 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 -#define CRYPTO_LOCK_X509_CRL 6 -#define CRYPTO_LOCK_X509_REQ 7 -#define CRYPTO_LOCK_DSA 8 -#define CRYPTO_LOCK_RSA 9 -#define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_RAND 17 -#define CRYPTO_LOCK_MALLOC 18 -#define CRYPTO_LOCK_BIO 19 -#define CRYPTO_LOCK_GETHOSTBYNAME 20 -#define CRYPTO_LOCK_GETSERVBYNAME 21 -#define CRYPTO_LOCK_READDIR 22 -#define CRYPTO_LOCK_RSA_BLINDING 23 -#define CRYPTO_LOCK_DH 24 -#define CRYPTO_LOCK_MALLOC2 25 -#define CRYPTO_NUM_LOCKS 26 - -#define CRYPTO_LOCK 1 -#define CRYPTO_UNLOCK 2 -#define CRYPTO_READ 4 -#define CRYPTO_WRITE 8 - -#ifndef NO_LOCKING -#ifndef CRYPTO_w_lock -#define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -#define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -#define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -#define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -#define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -#endif -#else -#define CRYPTO_w_lock(a) -#define CRYPTO_w_unlock(a) -#define CRYPTO_r_lock(a) -#define CRYPTO_r_unlock(a) -#define CRYPTO_add(a,b,c) ((*(a))+=(b)) -#endif - -/* The following can be used to detect memory leaks in the SSLeay library. - * It used, it turns on malloc checking */ - -#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ -#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ -#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ -#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ - -/* The following are bit values to turn on or off options connected to the - * malloc checking functionality */ - -/* Adds time to the memory checking information */ -#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ -/* Adds thread number to the memory checking information */ -#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ - -#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) - - -/* predec of the BIO type */ -typedef struct bio_st BIO_dummy; - -typedef struct crypto_ex_data_st - { - STACK *sk; - int dummy; /* gcc is screwing up this data structure :-( */ - } CRYPTO_EX_DATA; - -/* Called when a new object is created */ -typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when an object is free()ed */ -typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when we need to dup an object */ -typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -/* This stuff is basically class callback functions - * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ - -typedef struct crypto_ex_data_func_st - { - long argl; /* Arbitary long */ - void *argp; /* Arbitary void * */ - CRYPTO_EX_new *new_func; - CRYPTO_EX_free *free_func; - CRYPTO_EX_dup *dup_func; - } CRYPTO_EX_DATA_FUNCS; - -DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) - -/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA - * entry. - */ - -#define CRYPTO_EX_INDEX_BIO 0 -#define CRYPTO_EX_INDEX_SSL 1 -#define CRYPTO_EX_INDEX_SSL_CTX 2 -#define CRYPTO_EX_INDEX_SSL_SESSION 3 -#define CRYPTO_EX_INDEX_X509_STORE 4 -#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 - - -/* This is the default callbacks, but we can have others as well: - * this is needed in Win32 where the application malloc and the - * library malloc may not be the same. - */ -#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ - malloc, realloc, free) - -#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD -# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ -# define CRYPTO_MDEBUG -# endif -#endif - -/* Set standard debugging functions (not done by default - * unless CRYPTO_MDEBUG is defined) */ -#define CRYPTO_malloc_debug_init() do {\ - CRYPTO_set_mem_debug_functions(\ - (void (*)())CRYPTO_dbg_malloc,\ - (void (*)())CRYPTO_dbg_realloc,\ - (void (*)())CRYPTO_dbg_free,\ - (void (*)())CRYPTO_dbg_set_options,\ - (long (*)())CRYPTO_dbg_get_options);\ - } while(0) - -int CRYPTO_mem_ctrl(int mode); -int CRYPTO_is_mem_check_on(void); - -/* for applications */ -#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) -#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) - -/* for library-internal use */ -#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) -#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) -#define is_MemCheck_on() CRYPTO_is_mem_check_on() - -#define Malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -#define Realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) -#define Remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) -#define FreeFunc CRYPTO_free -#define Free(addr) CRYPTO_free(addr) - -#define Malloc_locked(num) CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) -#define Free_locked(addr) CRYPTO_free_locked(addr) - - -/* Case insensiteve linking causes problems.... */ -#if defined(WIN16) || defined(VMS) -#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings -#endif - - -const char *SSLeay_version(int type); -unsigned long SSLeay(void); - -int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); -void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx); -int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); -void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad); -void CRYPTO_new_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad); - -int CRYPTO_get_new_lockid(char *name); - -int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ -void CRYPTO_lock(int mode, int type,const char *file,int line); -void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)); -void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, - int line); -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, - const char *file, int line)); -int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, - const char *file,int line); -void CRYPTO_set_id_callback(unsigned long (*func)(void)); -unsigned long (*CRYPTO_get_id_callback(void))(void); -unsigned long CRYPTO_thread_id(void); -const char *CRYPTO_get_lock_name(int type); -int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, - int line); - -/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- - * call the latter last if you need different functions */ -int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); -int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); -int CRYPTO_set_mem_debug_functions(void (*m)(),void (*r)(),void (*f)(),void (*so)(),long (*go)()); -void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); -void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); -void CRYPTO_get_mem_debug_functions(void (**m)(),void (**r)(),void (**f)(),void (**so)(),long (**go)()); - -void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *); -void *CRYPTO_malloc(int num, const char *file, int line); -void CRYPTO_free(void *); -void *CRYPTO_realloc(void *addr,int num, const char *file, int line); -void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); - -void CRYPTO_set_mem_debug_options(long bits); -long CRYPTO_get_mem_debug_options(void); - -#define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); -int CRYPTO_push_info_(const char *info, const char *file, int line); -int CRYPTO_pop_info(void); -int CRYPTO_remove_all_info(void); - -/* The last argument has the following significance: - * - * 0: called before the actual memory allocation has taken place - * 1: called after the actual memory allocation has taken place - */ -void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); -void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); -void CRYPTO_dbg_free(void *addr,int before_p); - -/* Tell the debugging code about options. By default, the following values - * apply: - * - * 0: Clear all options. - * 1: Set the "Show Time" option. - * 2: Set the "Show Thread Number" option. - * 3: 1 + 2 - */ -void CRYPTO_dbg_set_options(long bits); -long CRYPTO_dbg_get_options(void); - -#ifndef NO_FP_API -void CRYPTO_mem_leaks_fp(FILE *); -#endif -void CRYPTO_mem_leaks(struct bio_st *bio); -/* unsigned long order, char *file, int line, int num_bytes, char *addr */ -void CRYPTO_mem_leaks_cb(void (*cb)()); - -void ERR_load_CRYPTO_strings(void); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the CRYPTO functions. */ - -/* Function codes. */ -#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 -#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 -#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 - -/* Reason codes. */ - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/dh.h b/AppleCSP/open_ssl/openssl/dh.h deleted file mode 100644 index 4903c1a4..00000000 --- a/AppleCSP/open_ssl/openssl/dh.h +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* crypto/dh/dh.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_DH_H -#define HEADER_DH_H - -#ifdef NO_DH -#error DH is disabled. -#endif - -#ifndef NO_BIO -#include -#endif -#include -#include - -#define DH_FLAG_CACHE_MONT_P 0x01 - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct dh_st DH; - -typedef struct dh_method { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; -} DH_METHOD; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - int length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - char *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - DH_METHOD *meth; - }; - -#define DH_GENERATOR_2 2 -/* #define DH_GENERATOR_3 3 */ -#define DH_GENERATOR_5 5 - -/* DH_check error codes */ -#define DH_CHECK_P_NOT_PRIME 0x01 -#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -#define DH_NOT_SUITABLE_GENERATOR 0x08 - -/* primes p where (p-1)/2 is prime too are called "safe"; we define - this for backward compatibility: */ -#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME - -#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ - (char *(*)())d2i_DHparams,(char *)(x)) -#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) -#ifdef __cplusplus -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#else -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#endif - -DH_METHOD *DH_OpenSSL(void); - -void DH_set_default_method(DH_METHOD *meth); -DH_METHOD *DH_get_default_method(void); -DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); -DH *DH_new_method(DH_METHOD *meth); - -DH * DH_new(void); -void DH_free(DH *dh); -int DH_size(DH *dh); -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int DH_set_ex_data(DH *d, int idx, void *arg); -void *DH_get_ex_data(DH *d, int idx); -DH * DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int,void *),void *cb_arg); -int DH_check(DH *dh,int *codes); -int DH_generate_key(DH *dh); -int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh); -DH * d2i_DHparams(DH **a,unsigned char **pp, long length); -int i2d_DHparams(DH *a,unsigned char **pp); -#ifndef NO_FP_API -int DHparams_print_fp(FILE *fp, DH *x); -#endif -#ifndef NO_BIO -int DHparams_print(BIO *bp, DH *x); -#else -int DHparams_print(char *bp, DH *x); -#endif -void ERR_load_DH_strings(void ); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the DH functions. */ - -/* Function codes. */ -#define DH_F_DHPARAMS_PRINT 100 -#define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_COMPUTE_KEY 102 -#define DH_F_DH_GENERATE_KEY 103 -#define DH_F_DH_GENERATE_PARAMETERS 104 -#define DH_F_DH_NEW 105 - -/* Reason codes. */ -#define DH_R_NO_PRIVATE_VALUE 100 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/dsa.h b/AppleCSP/open_ssl/openssl/dsa.h deleted file mode 100644 index 08fdfaca..00000000 --- a/AppleCSP/open_ssl/openssl/dsa.h +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/dsa/dsa.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * The DSS routines are based on patches supplied by - * Steven Schoch . He basically did the - * work and I have just tweaked them a little to fit into my - * stylistic vision for SSLeay :-) */ - -#ifndef HEADER_DSA_H -#define HEADER_DSA_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_DSA -#error DSA is disabled. -#endif - -#include -#include -#ifndef NO_DH -# include -#endif - -#define DSA_FLAG_CACHE_MONT_P 0x01 - -typedef struct dsa_st DSA; - -typedef struct DSA_SIG_st - { - BIGNUM *r; - BIGNUM *s; - } DSA_SIG; - -typedef struct dsa_method { - const char *name; - DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(DSA *dsa); - int (*finish)(DSA *dsa); - int flags; - char *app_data; -} DSA_METHOD; - -struct dsa_st - { - /* This first variable is used to pick up errors where - * a DSA is passed instead of of a EVP_PKEY */ - int pad; - int version; - int write_params; - BIGNUM *p; - BIGNUM *q; /* == 20 */ - BIGNUM *g; - - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ - - BIGNUM *kinv; /* Signing pre-calc */ - BIGNUM *r; /* Signing pre-calc */ - - int flags; - /* Normally used to cache montgomery values */ - char *method_mont_p; - int references; - CRYPTO_EX_DATA ex_data; - const DSA_METHOD *meth; - }; - -#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ - (char *(*)())d2i_DSAparams,(char *)(x)) -#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) -#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) -#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ - (unsigned char *)(x)) - - -DSA_SIG * DSA_SIG_new(void); -void DSA_SIG_free(DSA_SIG *a); -int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); -DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); - -DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); -int DSA_do_verify(const unsigned char *dgst,int dgst_len, - DSA_SIG *sig,DSA *dsa); - -const DSA_METHOD *DSA_OpenSSL(void); - -void DSA_set_default_method(const DSA_METHOD *); -const DSA_METHOD *DSA_get_default_method(void); -const DSA_METHOD *DSA_set_method(DSA *dsa, const DSA_METHOD *); - -DSA * DSA_new(void); -DSA * DSA_new_method(const DSA_METHOD *meth); -int DSA_size(DSA *); - /* next 4 return -1 on error */ -int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); -int DSA_sign(int type,const unsigned char *dgst,int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa); -int DSA_verify(int type,const unsigned char *dgst,int dgst_len, - unsigned char *sigbuf, int siglen, DSA *dsa); -void DSA_free (DSA *r); -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int DSA_set_ex_data(DSA *d, int idx, void *arg); -void *DSA_get_ex_data(DSA *d, int idx); - -void ERR_load_DSA_strings(void ); - -DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, - int *counter_ret, unsigned long *h_ret,void - (*callback)(int, int, void *),void *cb_arg); -int DSA_generate_key(DSA *a); -int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -int i2d_DSAparams(DSA *a,unsigned char **pp); - -#ifdef HEADER_BIO_H -int DSAparams_print(BIO *bp, DSA *x); -int DSA_print(BIO *bp, DSA *x, int off); -#endif -#ifndef NO_FP_API -int DSAparams_print_fp(FILE *fp, DSA *x); -int DSA_print_fp(FILE *bp, DSA *x, int off); -#endif - -#define DSS_prime_checks 50 -/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: - * 50 rounds of Rabin-Miller */ -#define DSA_is_prime(n, callback, cb_arg) \ - BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) - -#ifndef NO_DH -/* Convert DSA structure (key or just parameters) into DH structure - * (be careful to avoid small subgroup attacks when using this!) */ -DH *DSA_dup_DH(DSA *r); -#endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the DSA functions. */ - -/* Function codes. */ -#define DSA_F_D2I_DSA_SIG 110 -#define DSA_F_DSAPARAMS_PRINT 100 -#define DSA_F_DSAPARAMS_PRINT_FP 101 -#define DSA_F_DSA_DO_SIGN 112 -#define DSA_F_DSA_DO_VERIFY 113 -#define DSA_F_DSA_NEW 103 -#define DSA_F_DSA_PRINT 104 -#define DSA_F_DSA_PRINT_FP 105 -#define DSA_F_DSA_SIGN 106 -#define DSA_F_DSA_SIGN_SETUP 107 -#define DSA_F_DSA_SIG_NEW 109 -#define DSA_F_DSA_VERIFY 108 -#define DSA_F_I2D_DSA_SIG 111 - -/* Reason codes. */ -#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/e_os.h b/AppleCSP/open_ssl/openssl/e_os.h deleted file mode 100644 index c94d6dd9..00000000 --- a/AppleCSP/open_ssl/openssl/e_os.h +++ /dev/null @@ -1,464 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* e_os.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_E_OS_H -#define HEADER_E_OS_H - -#include - -#include -/* contains what we can justify to make visible - * to the outside; this file e_os.h is not part of the exported - * interface. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Used to checking reference counts, most while doing perl5 stuff :-) */ -#ifdef REF_PRINT -#undef REF_PRINT -#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) -#endif - -#ifndef DEVRANDOM -/* set this to your 'random' device if you have one. - * My default, we will try to read this file */ -#define DEVRANDOM "/dev/urandom" -#endif - -#if defined(__MWERKS__) && defined(macintosh) -# if macintosh==1 -# ifndef MAC_OS_GUSI_SOURCE -# define MAC_OS_pre_X -# define NO_SYS_TYPES_H -# endif -# define NO_SYS_PARAM_H -# define NO_CHMOD -# define NO_SYSLOG -# undef DEVRANDOM -# define GETPID_IS_MEANINGLESS -# endif -#endif - -/******************************************************************** - The Microsoft section - ********************************************************************/ -/* The following is used becaue of the small stack in some - * Microsoft operating systems */ -#if defined(WIN16) || defined(MSDOS) -# define MS_STATIC static -#else -# define MS_STATIC -#endif - -#if defined(_WIN32) && !defined(WIN32) -# define WIN32 -#endif - -#if defined(WIN32) || defined(WIN16) -# ifndef WINDOWS -# define WINDOWS -# endif -# ifndef MSDOS -# define MSDOS -# endif -#endif - -#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) -# define GETPID_IS_MEANINGLESS -#endif - -#ifdef WIN32 -#define get_last_sys_error() GetLastError() -#define clear_sys_error() SetLastError(0) -#if !defined(WINNT) -#define WIN_CONSOLE_BUG -#endif -#else -#define get_last_sys_error() errno -#define clear_sys_error() errno=0 -#endif - -#ifdef WINDOWS -#define get_last_socket_error() WSAGetLastError() -#define clear_socket_error() WSASetLastError(0) -#define readsocket(s,b,n) recv((s),(b),(n),0) -#define writesocket(s,b,n) send((s),(b),(n),0) -#define EADDRINUSE WSAEADDRINUSE -#elif defined(MAC_OS_pre_X) -#define get_last_socket_error() errno -#define clear_socket_error() errno=0 -#define closesocket(s) MacSocket_close(s) -#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) -#define writesocket(s,b,n) MacSocket_send((s),(b),(n)) -#else -#define get_last_socket_error() errno -#define clear_socket_error() errno=0 -#define ioctlsocket(a,b,c) ioctl(a,b,c) -#define closesocket(s) close(s) -#define readsocket(s,b,n) read((s),(b),(n)) -#define writesocket(s,b,n) write((s),(b),(n)) -#endif - -#ifdef WIN16 -# define NO_FP_API -# define MS_CALLBACK _far _loadds -# define MS_FAR _far -#else -# define MS_CALLBACK -# define MS_FAR -#endif - -#ifdef NO_STDIO -# define NO_FP_API -#endif - -#if defined(WINDOWS) || defined(MSDOS) - -# ifndef S_IFDIR -# define S_IFDIR _S_IFDIR -# endif - -# ifndef S_IFMT -# define S_IFMT _S_IFMT -# endif - -# if !defined(WINNT) -# define NO_SYSLOG -# endif -# define NO_DIRENT - -# ifdef WINDOWS -# include -# include -# include -# include -# include -# endif -# include -# include - -# define ssize_t long - -# if defined (__BORLANDC__) -# define _setmode setmode -# define _O_TEXT O_TEXT -# define _O_BINARY O_BINARY -# define _int64 __int64 -# define _kbhit kbhit -# endif - -# if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) -# define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); } -# else -# define EXIT(n) return(n); -# endif -# define LIST_SEPARATOR_CHAR ';' -# ifndef X_OK -# define X_OK 0 -# endif -# ifndef W_OK -# define W_OK 2 -# endif -# ifndef R_OK -# define R_OK 4 -# endif -# define OPENSSL_CONF "openssl.cnf" -# define SSLEAY_CONF OPENSSL_CONF -# define NUL_DEV "nul" -# define RFILE ".rnd" - -#else /* The non-microsoft world world */ - -# if defined(__VMS) && !defined(VMS) -# define VMS 1 -# endif - -# ifdef VMS - /* some programs don't include stdlib, so exit() and others give implicit - function warnings */ -# include -# if defined(__DECC) -# include -# else -# include -# endif -# define OPENSSL_CONF "openssl.cnf" -# define SSLEAY_CONF OPENSSL_CONF -# define RFILE ".rnd" -# define LIST_SEPARATOR_CHAR ',' -# define NUL_DEV "NLA0:" - /* We need to do this since VMS has the following coding on status codes: - - Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... - The important thing to know is that odd numbers are considered - good, while even ones are considered errors. - Bits 3-15: actual status number - Bits 16-27: facility number. 0 is considered "unknown" - Bits 28-31: control bits. If bit 28 is set, the shell won't try to - output the message (which, for random codes, just looks ugly) - - So, what we do here is to change 0 to 1 to get the default success status, - and everything else is shifted up to fit into the status number field, and - the status is tagged as an error, which I believe is what is wanted here. - -- Richard Levitte - */ -# if !defined(MONOLITH) || defined(OPENSSL_C) -# define EXIT(n) do { int __VMS_EXIT = n; \ - if (__VMS_EXIT == 0) \ - __VMS_EXIT = 1; \ - else \ - __VMS_EXIT = (n << 3) | 2; \ - __VMS_EXIT |= 0x10000000; \ - exit(__VMS_EXIT); \ - return(__VMS_EXIT); } while(0) -# else -# define EXIT(n) return(n) -# endif -# define NO_SYS_PARAM_H -# else - /* !defined VMS */ -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include -# endif -# ifndef NO_SYS_TYPES_H -# include -# endif -# ifdef NeXT -# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP - * (unless when compiling with -D_POSIX_SOURCE, - * which doesn't work for us) */ -# define ssize_t int /* ditto */ -# endif - -# define OPENSSL_CONF "openssl.cnf" -# define SSLEAY_CONF OPENSSL_CONF -# define RFILE ".rnd" -# define LIST_SEPARATOR_CHAR ':' -# define NUL_DEV "/dev/null" -# ifndef MONOLITH -# define EXIT(n) exit(n); return(n) -# else -# define EXIT(n) return(n) -# endif -# endif - -# define SSLeay_getpid() getpid() - -#endif - - -/*************/ - -#ifdef USE_SOCKETS -# if defined(WINDOWS) || defined(MSDOS) - /* windows world */ - -# ifdef NO_SOCK -# define SSLeay_Write(a,b,c) (-1) -# define SSLeay_Read(a,b,c) (-1) -# define SHUTDOWN(fd) close(fd) -# define SHUTDOWN2(fd) close(fd) -# else -# include -extern HINSTANCE _hInstance; -# define SSLeay_Write(a,b,c) send((a),(b),(c),0) -# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) -# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } -# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } -# endif - -# elif defined(MAC_OS_pre_X) - -# include "MacSocket.h" -# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) -# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) -# define SHUTDOWN(fd) MacSocket_close(fd) -# define SHUTDOWN2(fd) MacSocket_close(fd) - -# else - -# ifndef NO_SYS_PARAM_H -# include -# endif -# include /* Needed under linux for FD_XXX */ - -# include -# if defined(VMS) && !defined(__DECC) -# include -# include -# else -# include -# ifdef FILIO_H -# include /* Added for FIONBIO under unixware */ -# endif -# include -# endif - -# if defined(NeXT) || defined(_NEXT_SOURCE) -# include -# include -# endif - -# ifdef AIX -# include -# endif - -# if defined(sun) -# include -# else -# ifndef VMS -# include -# else - /* ioctl is only in VMS > 7.0 and when socketshr is not used */ -# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) -# include -# endif -# endif -# endif - -# ifdef VMS -# include -# if defined(TCPIP_TYPE_SOCKETSHR) -# include -# endif -# endif - -# define SSLeay_Read(a,b,c) read((a),(b),(c)) -# define SSLeay_Write(a,b,c) write((a),(b),(c)) -# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } -# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } -# define INVALID_SOCKET (-1) -# endif -#endif - -#if defined(__ultrix) -# ifndef ssize_t -# define ssize_t int -# endif -#endif - -#if defined(THREADS) || defined(sun) -#ifndef _REENTRANT -#define _REENTRANT -#endif -#endif - -/***********************************************/ - -/* do we need to do this for getenv. - * Just define getenv for use under windows */ - -#ifdef WIN16 -/* How to do this needs to be thought out a bit more.... */ -/*char *GETENV(char *); -#define Getenv GETENV*/ -#define Getenv getenv -#else -#define Getenv getenv -#endif - -#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ - -#ifdef sgi -#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ -#endif -#ifdef SNI -#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ -#endif - -#ifdef NO_MD2 -#define MD2_Init MD2Init -#define MD2_Update MD2Update -#define MD2_Final MD2Final -#define MD2_DIGEST_LENGTH 16 -#endif -#ifdef NO_MD5 -#define MD5_Init MD5Init -#define MD5_Update MD5Update -#define MD5_Final MD5Final -#define MD5_DIGEST_LENGTH 16 -#endif - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/AppleCSP/open_ssl/openssl/e_os2.h b/AppleCSP/open_ssl/openssl/e_os2.h deleted file mode 100644 index 47ab43b3..00000000 --- a/AppleCSP/open_ssl/openssl/e_os2.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* e_os2.h */ - -#ifndef HEADER_E_OS2_H -#define HEADER_E_OS2_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include /* OPENSSL_UNISTD */ - -#ifdef MSDOS -# define OPENSSL_UNISTD_IO -# define OPENSSL_DECLARE_EXIT extern void exit(int); -#else -# define OPENSSL_UNISTD_IO OPENSSL_UNISTD -# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ -#endif - -/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, - to define and declare certain global - symbols that, with some compilers under VMS, have to be defined and - declared explicitely with globaldef and globalref. On other OS:es, - these macros are defined with something sensible. */ - -#if defined(VMS) && !defined(__DECC) -# define OPENSSL_EXTERN globalref -# define OPENSSL_GLOBAL globaldef -#else -# define OPENSSL_EXTERN extern -# define OPENSSL_GLOBAL -#endif - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/err.h b/AppleCSP/open_ssl/openssl/err.h deleted file mode 100644 index 255c8cca..00000000 --- a/AppleCSP/open_ssl/openssl/err.h +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/err/err.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ERR_H -#define HEADER_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#ifndef NO_FP_API -#include -#endif - -/* The following is a bit of a trick to help the object files only contain - * the 'name of the file' string once. Since 'err.h' is protected by the - * HEADER_ERR_H stuff, this should be included only once per file. */ - -#define ERR_file_name __FILE__ - -#ifndef NO_ERR -#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) -#else -#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) -#endif - -#include - -#define ERR_TXT_MALLOCED 0x01 -#define ERR_TXT_STRING 0x02 - -#define ERR_NUM_ERRORS 16 -typedef struct err_state_st - { - unsigned long pid; - unsigned long err_buffer[ERR_NUM_ERRORS]; - char *err_data[ERR_NUM_ERRORS]; - int err_data_flags[ERR_NUM_ERRORS]; - const char *err_file[ERR_NUM_ERRORS]; - int err_line[ERR_NUM_ERRORS]; - int top,bottom; - } ERR_STATE; - -/* library */ -#define ERR_LIB_NONE 1 -#define ERR_LIB_SYS 2 -#define ERR_LIB_BN 3 -#define ERR_LIB_RSA 4 -#define ERR_LIB_DH 5 -#define ERR_LIB_EVP 6 -#define ERR_LIB_BUF 7 -#define ERR_LIB_OBJ 8 -#define ERR_LIB_PEM 9 -#define ERR_LIB_DSA 10 -#define ERR_LIB_X509 11 -#define ERR_LIB_METH 12 -#define ERR_LIB_ASN1 13 -#define ERR_LIB_CONF 14 -#define ERR_LIB_CRYPTO 15 -#define ERR_LIB_SSL 20 -#define ERR_LIB_SSL23 21 -#define ERR_LIB_SSL2 22 -#define ERR_LIB_SSL3 23 -#define ERR_LIB_RSAREF 30 -#define ERR_LIB_PROXY 31 -#define ERR_LIB_BIO 32 -#define ERR_LIB_PKCS7 33 -#define ERR_LIB_X509V3 34 -#define ERR_LIB_PKCS12 35 -#define ERR_LIB_RAND 36 - -#define ERR_LIB_USER 128 - -#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__) -#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__) -#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__) -#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__) -#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__) -#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__) -#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__) -#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__) -#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__) -#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__) -#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__) -#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__) -#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__) -#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__) -#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__) -#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__) -#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__) -#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__) -#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__) -#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__) -#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__) -#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__) -#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__) -#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__) -#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__) - -/* Borland C seems too stupid to be able to shift and do longs in - * the pre-processor :-( */ -#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ - ((((unsigned long)f)&0xfffL)*0x1000)| \ - ((((unsigned long)r)&0xfffL))) -#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) -#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) -#define ERR_GET_REASON(l) (int)((l)&0xfffL) -#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) - -/* OS functions */ -#define SYS_F_FOPEN 1 -#define SYS_F_CONNECT 2 -#define SYS_F_GETSERVBYNAME 3 -#define SYS_F_SOCKET 4 -#define SYS_F_IOCTLSOCKET 5 -#define SYS_F_BIND 6 -#define SYS_F_LISTEN 7 -#define SYS_F_ACCEPT 8 -#define SYS_F_WSASTARTUP 9 /* Winsock stuff */ -#define SYS_F_OPENDIR 10 - -#define ERR_R_FATAL 32 -/* reasons */ -#define ERR_R_SYS_LIB ERR_LIB_SYS -#define ERR_R_BN_LIB ERR_LIB_BN -#define ERR_R_RSA_LIB ERR_LIB_RSA -#define ERR_R_DSA_LIB ERR_LIB_DSA -#define ERR_R_DH_LIB ERR_LIB_DH -#define ERR_R_EVP_LIB ERR_LIB_EVP -#define ERR_R_BUF_LIB ERR_LIB_BUF -#define ERR_R_BIO_LIB ERR_LIB_BIO -#define ERR_R_OBJ_LIB ERR_LIB_OBJ -#define ERR_R_PEM_LIB ERR_LIB_PEM -#define ERR_R_X509_LIB ERR_LIB_X509 -#define ERR_R_METH_LIB ERR_LIB_METH -#define ERR_R_ASN1_LIB ERR_LIB_ASN1 -#define ERR_R_CONF_LIB ERR_LIB_CONF -#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO -#define ERR_R_SSL_LIB ERR_LIB_SSL -#define ERR_R_SSL23_LIB ERR_LIB_SSL23 -#define ERR_R_SSL2_LIB ERR_LIB_SSL2 -#define ERR_R_SSL3_LIB ERR_LIB_SSL3 -#define ERR_R_PROXY_LIB ERR_LIB_PROXY -#define ERR_R_BIO_LIB ERR_LIB_BIO -#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 -#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 - -/* fatal error */ -#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) -#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) -#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) -#define ERR_R_NESTED_ASN1_ERROR (4) -#define ERR_R_BAD_ASN1_OBJECT_HEADER (5) -#define ERR_R_BAD_GET_ASN1_OBJECT_CALL (6) -#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE (7) -#define ERR_R_ASN1_LENGTH_MISMATCH (8) -#define ERR_R_MISSING_ASN1_EOS (9) - -typedef struct ERR_string_data_st - { - unsigned long error; - const char *string; - } ERR_STRING_DATA; - -void ERR_put_error(int lib, int func,int reason,const char *file,int line); -void ERR_set_error_data(char *data,int flags); - -unsigned long ERR_get_error(void ); -unsigned long ERR_get_error_line(const char **file,int *line); -unsigned long ERR_get_error_line_data(const char **file,int *line, - const char **data, int *flags); -unsigned long ERR_peek_error(void ); -unsigned long ERR_peek_error_line(const char **file,int *line); -unsigned long ERR_peek_error_line_data(const char **file,int *line, - const char **data,int *flags); -void ERR_clear_error(void ); -char *ERR_error_string(unsigned long e,char *buf); -const char *ERR_lib_error_string(unsigned long e); -const char *ERR_func_error_string(unsigned long e); -const char *ERR_reason_error_string(unsigned long e); -#ifndef NO_FP_API -void ERR_print_errors_fp(FILE *fp); -#endif -#ifdef HEADER_BIO_H -void ERR_print_errors(BIO *bp); -void ERR_add_error_data(int num, ...); -#endif -void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -void ERR_load_ERR_strings(void); -void ERR_load_crypto_strings(void); -void ERR_free_strings(void); - -void ERR_remove_state(unsigned long pid); /* if zero we look it up */ -ERR_STATE *ERR_get_state(void); - -#ifdef HEADER_LHASH_H -LHASH *ERR_get_string_table(void ); -LHASH *ERR_get_err_state_table(void ); -#else -char *ERR_get_string_table(void ); -char *ERR_get_err_state_table(void ); -#endif - -int ERR_get_next_error_library(void ); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/evp.h b/AppleCSP/open_ssl/openssl/evp.h deleted file mode 100644 index 02d69fd3..00000000 --- a/AppleCSP/open_ssl/openssl/evp.h +++ /dev/null @@ -1,761 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/evp/evp.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ENVELOPE_H -#define HEADER_ENVELOPE_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef NO_MD2 -#include -#endif -#ifndef NO_MD5 -#include -#endif -#ifndef NO_SHA -#include -#endif -#ifndef NO_RIPEMD -#include -#endif -#ifndef NO_DES -#include -#endif -#ifndef NO_RC4 -#include -#endif -#ifndef NO_RC2 -#include -#endif -#ifndef NO_RC5 -#include -#endif -#ifndef NO_BF -#include -#endif -#ifndef NO_CAST -#include -#endif -#ifndef NO_IDEA -#include -#endif -#ifndef NO_MDC2 -#include -#endif - -#define EVP_RC2_KEY_SIZE 16 -#define EVP_RC4_KEY_SIZE 16 -#define EVP_BLOWFISH_KEY_SIZE 16 -#define EVP_CAST5_KEY_SIZE 16 -#define EVP_RC5_32_12_16_KEY_SIZE 16 -#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ -#define EVP_MAX_KEY_LENGTH 24 -#define EVP_MAX_IV_LENGTH 8 - -#define PKCS5_SALT_LEN 8 -/* Default PKCS#5 iteration count */ -#define PKCS5_DEFAULT_ITER 2048 - -#ifndef NO_RSA -#include -#endif - -#ifndef NO_DSA -#include -#endif - -#ifndef NO_DH -#include -#endif - -#include - -#define EVP_PK_RSA 0x0001 -#define EVP_PK_DSA 0x0002 -#define EVP_PK_DH 0x0004 -#define EVP_PKT_SIGN 0x0010 -#define EVP_PKT_ENC 0x0020 -#define EVP_PKT_EXCH 0x0040 -#define EVP_PKS_RSA 0x0100 -#define EVP_PKS_DSA 0x0200 -#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ - -#define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_RSA NID_rsaEncryption -#define EVP_PKEY_RSA2 NID_rsa -#define EVP_PKEY_DSA NID_dsa -#define EVP_PKEY_DSA1 NID_dsa_2 -#define EVP_PKEY_DSA2 NID_dsaWithSHA -#define EVP_PKEY_DSA3 NID_dsaWithSHA1 -#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 -#define EVP_PKEY_DH NID_dhKeyAgreement - -/* Type needs to be a bit field - * Sub-type needs to be for variations on the method, as in, can it do - * arbitrary encryption.... */ -typedef struct evp_pkey_st - { - int type; - int save_type; - int references; - union { - char *ptr; -#ifndef NO_RSA - struct rsa_st *rsa; /* RSA */ -#endif -#ifndef NO_DSA - struct dsa_st *dsa; /* DSA */ -#endif -#ifndef NO_DH - struct dh_st *dh; /* DH */ -#endif - } pkey; - int save_parameters; - STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */ - } EVP_PKEY; - -#define EVP_PKEY_MO_SIGN 0x0001 -#define EVP_PKEY_MO_VERIFY 0x0002 -#define EVP_PKEY_MO_ENCRYPT 0x0004 -#define EVP_PKEY_MO_DECRYPT 0x0008 - -#if 0 -/* This structure is required to tie the message digest and signing together. - * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or - * oid, md and pkey. - * This is required because for various smart-card perform the digest and - * signing/verification on-board. To handle this case, the specific - * EVP_MD and EVP_PKEY_METHODs need to be closely associated. - * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. - * This can either be software or a token to provide the required low level - * routines. - */ -typedef struct evp_pkey_md_st - { - int oid; - EVP_MD *md; - EVP_PKEY_METHOD *pkey; - } EVP_PKEY_MD; - -#define EVP_rsa_md2() \ - EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md2()) -#define EVP_rsa_md5() \ - EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md5()) -#define EVP_rsa_sha0() \ - EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha()) -#define EVP_rsa_sha1() \ - EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha1()) -#define EVP_rsa_ripemd160() \ - EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ - EVP_rsa_pkcs1(),EVP_ripemd160()) -#define EVP_rsa_mdc2() \ - EVP_PKEY_MD_add(NID_mdc2WithRSA,\ - EVP_rsa_octet_string(),EVP_mdc2()) -#define EVP_dsa_sha() \ - EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_mdc2()) -#define EVP_dsa_sha1() \ - EVP_PKEY_MD_add(NID_dsaWithSHA1,\ - EVP_dsa(),EVP_sha1()) - -typedef struct evp_pkey_method_st - { - char *name; - int flags; - int type; /* RSA, DSA, an SSLeay specific constant */ - int oid; /* For the pub-key type */ - int encrypt_oid; /* pub/priv key encryption */ - - int (*sign)(); - int (*verify)(); - struct { - int - int (*set)(); /* get and/or set the underlying type */ - int (*get)(); - int (*encrypt)(); - int (*decrypt)(); - int (*i2d)(); - int (*d2i)(); - int (*dup)(); - } pub,priv; - int (*set_asn1_parameters)(); - int (*get_asn1_parameters)(); - } EVP_PKEY_METHOD; -#endif - -#ifndef EVP_MD -typedef struct env_md_st - { - int type; - int pkey_type; - int md_size; - void (*init)(); - void (*update)(); - void (*final)(); - - int (*sign)(); - int (*verify)(); - int required_pkey_type[5]; /*EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx need to be */ - } EVP_MD; - - - -#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -#ifndef NO_DSA -#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -#else -#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -#endif - -#ifndef NO_RSA -#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - RSA_sign_ASN1_OCTET_STRING, \ - RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#else -#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -#endif - -#endif /* !EVP_MD */ - -typedef struct env_md_ctx_st - { - const EVP_MD *digest; - union { - unsigned char base[4]; -#ifndef NO_MD2 - MD2_CTX md2; -#endif -#ifndef NO_MD5 - MD5_CTX md5; -#endif -#ifndef NO_RIPEMD - RIPEMD160_CTX ripemd160; -#endif -#ifndef NO_SHA - SHA_CTX sha; -#endif -#ifndef NO_MDC2 - MDC2_CTX mdc2; -#endif - } md; - } EVP_MD_CTX; - -typedef struct evp_cipher_st - { - int nid; - int block_size; - int key_len; - int iv_len; - void (*init)(); /* init for encryption */ - void (*do_cipher)(); /* encrypt data */ - void (*cleanup)(); /* used by cipher method */ - int ctx_size; /* how big the ctx needs to be */ - /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */ - /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */ - } EVP_CIPHER; - -typedef struct evp_cipher_info_st - { - const EVP_CIPHER *cipher; - unsigned char iv[EVP_MAX_IV_LENGTH]; - } EVP_CIPHER_INFO; - -typedef struct evp_cipher_ctx_st - { - const EVP_CIPHER *cipher; - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb mode */ - - char *app_data; /* application stuff */ - union { -#ifndef NO_RC4 - struct - { - unsigned char key[EVP_RC4_KEY_SIZE]; - RC4_KEY ks; /* working key */ - } rc4; -#endif -#ifndef NO_DES - des_key_schedule des_ks;/* key schedule */ - struct - { - des_key_schedule ks;/* key schedule */ - des_cblock inw; - des_cblock outw; - } desx_cbc; - struct - { - des_key_schedule ks1;/* key schedule */ - des_key_schedule ks2;/* key schedule (for ede) */ - des_key_schedule ks3;/* key schedule (for ede3) */ - } des_ede; -#endif -#ifndef NO_IDEA - IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ -#endif -#ifndef NO_RC2 - RC2_KEY rc2_ks;/* key schedule */ -#endif -#ifndef NO_RC5 - RC5_32_KEY rc5_ks;/* key schedule */ -#endif -#ifndef NO_BF - BF_KEY bf_ks;/* key schedule */ -#endif -#ifndef NO_CAST - CAST_KEY cast_ks;/* key schedule */ -#endif - } c; - } EVP_CIPHER_CTX; - -typedef struct evp_Encode_Ctx_st - { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ - int expect_nl; - } EVP_ENCODE_CTX; - -/* Password based encryption function */ -typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, - EVP_MD *md, int en_de); - -#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (char *)(rsa)) -#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ - (char *)(dsa)) -#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ - (char *)(dh)) - -/* Add some extra combinations */ -#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) -#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) -#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) -#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - -#define EVP_MD_type(e) ((e)->type) -#define EVP_MD_pkey_type(e) ((e)->pkey_type) -#define EVP_MD_size(e) ((e)->md_size) -#define EVP_MD_block_size(e) ((e)->block_size) - -#define EVP_MD_CTX_md(e) ((e)->digest) -#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) -#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) -#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) - -#define EVP_CIPHER_nid(e) ((e)->nid) -#define EVP_CIPHER_block_size(e) ((e)->block_size) -#define EVP_CIPHER_key_length(e) ((e)->key_len) -#define EVP_CIPHER_iv_length(e) ((e)->iv_len) - -#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) -#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) -#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) -#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) -#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) - -#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) - -#define EVP_SignInit(a,b) EVP_DigestInit(a,b) -#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) - -#ifdef CONST_STRICT -void BIO_set_md(BIO *,const EVP_MD *md); -#else -# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) -#endif -#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) -#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) - -#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) - -#define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_add_digest_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_delete_cipher_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -#define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - - -int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); -void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, - unsigned int cnt); -void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); - -int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); -void EVP_set_pw_prompt(char *prompt); -char * EVP_get_pw_prompt(void); - -int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, - unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); - -void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); -void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); -void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); -void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -void EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key,unsigned char *iv,int enc); -void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, - EVP_PKEY *pkey); - -int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, - unsigned int siglen,EVP_PKEY *pkey); - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); - -void ERR_load_EVP_strings(void ); - -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); - -#ifdef HEADER_BIO_H -BIO_METHOD *BIO_f_md(void); -BIO_METHOD *BIO_f_base64(void); -BIO_METHOD *BIO_f_cipher(void); -BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, - unsigned char *i, int enc); -#endif - -EVP_MD *EVP_md_null(void); -EVP_MD *EVP_md2(void); -EVP_MD *EVP_md5(void); -EVP_MD *EVP_sha(void); -EVP_MD *EVP_sha1(void); -EVP_MD *EVP_dss(void); -EVP_MD *EVP_dss1(void); -EVP_MD *EVP_mdc2(void); -EVP_MD *EVP_ripemd160(void); - -EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -EVP_CIPHER *EVP_des_ecb(void); -EVP_CIPHER *EVP_des_ede(void); -EVP_CIPHER *EVP_des_ede3(void); -EVP_CIPHER *EVP_des_cfb(void); -EVP_CIPHER *EVP_des_ede_cfb(void); -EVP_CIPHER *EVP_des_ede3_cfb(void); -EVP_CIPHER *EVP_des_ofb(void); -EVP_CIPHER *EVP_des_ede_ofb(void); -EVP_CIPHER *EVP_des_ede3_ofb(void); -EVP_CIPHER *EVP_des_cbc(void); -EVP_CIPHER *EVP_des_ede_cbc(void); -EVP_CIPHER *EVP_des_ede3_cbc(void); -EVP_CIPHER *EVP_desx_cbc(void); -EVP_CIPHER *EVP_rc4(void); -EVP_CIPHER *EVP_rc4_40(void); -EVP_CIPHER *EVP_idea_ecb(void); -EVP_CIPHER *EVP_idea_cfb(void); -EVP_CIPHER *EVP_idea_ofb(void); -EVP_CIPHER *EVP_idea_cbc(void); -EVP_CIPHER *EVP_rc2_ecb(void); -EVP_CIPHER *EVP_rc2_cbc(void); -EVP_CIPHER *EVP_rc2_40_cbc(void); -EVP_CIPHER *EVP_rc2_64_cbc(void); -EVP_CIPHER *EVP_rc2_cfb(void); -EVP_CIPHER *EVP_rc2_ofb(void); -EVP_CIPHER *EVP_bf_ecb(void); -EVP_CIPHER *EVP_bf_cbc(void); -EVP_CIPHER *EVP_bf_cfb(void); -EVP_CIPHER *EVP_bf_ofb(void); -EVP_CIPHER *EVP_cast5_ecb(void); -EVP_CIPHER *EVP_cast5_cbc(void); -EVP_CIPHER *EVP_cast5_cfb(void); -EVP_CIPHER *EVP_cast5_ofb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); - -void OpenSSL_add_all_algorithms(void); -void OpenSSL_add_all_ciphers(void); -void OpenSSL_add_all_digests(void); -#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -#define SSLeay_add_all_digests() OpenSSL_add_all_digests() - -int EVP_add_cipher(EVP_CIPHER *cipher); -int EVP_add_digest(EVP_MD *digest); - -const EVP_CIPHER *EVP_get_cipherbyname(const char *name); -const EVP_MD *EVP_get_digestbyname(const char *name); -void EVP_cleanup(void); - -int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, - int enc_key_len,EVP_PKEY *private_key); -int EVP_PKEY_encrypt(unsigned char *enc_key, - unsigned char *key,int key_len,EVP_PKEY *pub_key); -int EVP_PKEY_type(int type); -int EVP_PKEY_bits(EVP_PKEY *pkey); -int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); -#ifndef NO_RSA -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); -RSA * EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -#endif -#ifndef NO_DSA -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); -DSA * EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -#endif -#ifndef NO_DH -int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); -DH * EVP_PKEY_get1_DH(EVP_PKEY *pkey); -#endif -EVP_PKEY * EVP_PKEY_new(void); -void EVP_PKEY_free(EVP_PKEY *pkey); -EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, - long length); -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); - -EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, - long length); -EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, - long length); -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); - -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); -int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); - -int EVP_CIPHER_type(const EVP_CIPHER *ctx); - -/* calls methods */ -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* These are used by EVP_CIPHER methods */ -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); - -/* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, - int en_de); -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out); -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, - int en_de); - -void PKCS5_PBE_add(void); - -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); -int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, - EVP_PBE_KEYGEN *keygen); -void EVP_PBE_cleanup(void); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the EVP functions. */ - -/* Function codes. */ -#define EVP_F_D2I_PKEY 100 -#define EVP_F_EVP_DECRYPTFINAL 101 -#define EVP_F_EVP_MD_CTX_COPY 110 -#define EVP_F_EVP_OPENINIT 102 -#define EVP_F_EVP_PBE_ALG_ADD 115 -#define EVP_F_EVP_PBE_CIPHERINIT 116 -#define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS8_SET_BROKEN 112 -#define EVP_F_EVP_PKEY2PKCS8 113 -#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -#define EVP_F_EVP_PKEY_DECRYPT 104 -#define EVP_F_EVP_PKEY_ENCRYPT 105 -#define EVP_F_EVP_PKEY_GET1_DH 119 -#define EVP_F_EVP_PKEY_GET1_DSA 120 -#define EVP_F_EVP_PKEY_GET1_RSA 121 -#define EVP_F_EVP_PKEY_NEW 106 -#define EVP_F_EVP_SIGNFINAL 107 -#define EVP_F_EVP_VERIFYFINAL 108 -#define EVP_F_PKCS5_PBE_KEYIVGEN 117 -#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -#define EVP_F_RC2_MAGIC_TO_METH 109 - -/* Reason codes. */ -#define EVP_R_BAD_DECRYPT 100 -#define EVP_R_BN_DECODE_ERROR 112 -#define EVP_R_BN_PUBKEY_ERROR 113 -#define EVP_R_CIPHER_PARAMETER_ERROR 122 -#define EVP_R_DECODE_ERROR 114 -#define EVP_R_DIFFERENT_KEY_TYPES 101 -#define EVP_R_ENCODE_ERROR 115 -#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 -#define EVP_R_EXPECTING_AN_RSA_KEY 127 -#define EVP_R_EXPECTING_A_DH_KEY 128 -#define EVP_R_EXPECTING_A_DSA_KEY 129 -#define EVP_R_INPUT_NOT_INITIALIZED 111 -#define EVP_R_IV_TOO_LARGE 102 -#define EVP_R_KEYGEN_FAILURE 120 -#define EVP_R_MISSING_PARAMETERS 103 -#define EVP_R_NO_DSA_PARAMETERS 116 -#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 -#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 -#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 -#define EVP_R_PUBLIC_KEY_NOT_RSA 106 -#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -#define EVP_R_UNSUPPORTED_CIPHER 107 -#define EVP_R_UNSUPPORTED_KEYLENGTH 123 -#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -#define EVP_R_UNSUPPORTED_KEY_SIZE 108 -#define EVP_R_UNSUPPORTED_PRF 125 -#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -#define EVP_R_UNSUPPORTED_SALT_TYPE 126 -#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/lhash.h b/AppleCSP/open_ssl/openssl/lhash.h deleted file mode 100644 index 748d47b5..00000000 --- a/AppleCSP/open_ssl/openssl/lhash.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/lhash/lhash.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Header for dynamic hash table routines - * Author - Eric Young - */ - -#ifndef HEADER_LHASH_H -#define HEADER_LHASH_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef NO_FP_API -#include -#endif - -typedef struct lhash_node_st - { - void *data; - struct lhash_node_st *next; -#ifndef NO_HASH_COMP - unsigned long hash; -#endif - } LHASH_NODE; - -typedef struct lhash_st - { - LHASH_NODE **b; - int (*comp)(); - unsigned long (*hash)(); - unsigned int num_nodes; - unsigned int num_alloc_nodes; - unsigned int p; - unsigned int pmax; - unsigned long up_load; /* load times 256 */ - unsigned long down_load; /* load times 256 */ - unsigned long num_items; - - unsigned long num_expands; - unsigned long num_expand_reallocs; - unsigned long num_contracts; - unsigned long num_contract_reallocs; - unsigned long num_hash_calls; - unsigned long num_comp_calls; - unsigned long num_insert; - unsigned long num_replace; - unsigned long num_delete; - unsigned long num_no_delete; - unsigned long num_retrieve; - unsigned long num_retrieve_miss; - unsigned long num_hash_comps; - - int error; - } LHASH; - -#define LH_LOAD_MULT 256 - -/* Indicates a malloc() error in the last call, this is only bad - * in lh_insert(). */ -#define lh_error(lh) ((lh)->error) - -LHASH *lh_new(unsigned long (*h)(/* void *a */), int (*c)(/* void *a,void *b */)); -void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, void *data); -void *lh_delete(LHASH *lh, void *data); -void *lh_retrieve(LHASH *lh, void *data); - void lh_doall(LHASH *lh, void (*func)(/*void *b*/)); -void lh_doall_arg(LHASH *lh, void (*func)(/*void *a,void *b*/),void *arg); -unsigned long lh_strhash(const char *c); -unsigned long lh_num_items(LHASH *lh); - -#ifndef NO_FP_API -void lh_stats(LHASH *lh, FILE *out); -void lh_node_stats(LHASH *lh, FILE *out); -void lh_node_usage_stats(LHASH *lh, FILE *out); -#endif - -#ifdef HEADER_BIO_H -void lh_stats_bio(LHASH *lh, BIO *out); -void lh_node_stats_bio(LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(LHASH *lh, BIO *out); -#endif -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/AppleCSP/open_ssl/openssl/md2.h b/AppleCSP/open_ssl/openssl/md2.h deleted file mode 100644 index 582bffb8..00000000 --- a/AppleCSP/open_ssl/openssl/md2.h +++ /dev/null @@ -1,91 +0,0 @@ -/* crypto/md/md2.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_MD2_H -#define HEADER_MD2_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_MD2 -#error MD2 is disabled. -#endif - -#define MD2_DIGEST_LENGTH 16 -#define MD2_BLOCK 16 -#include /* MD2_INT */ - -typedef struct MD2state_st - { - int num; - unsigned char data[MD2_BLOCK]; - MD2_INT cksm[MD2_BLOCK]; - MD2_INT state[MD2_BLOCK]; - } MD2_CTX; - -const char *MD2_options(void); -void MD2_Init(MD2_CTX *c); -void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); -void MD2_Final(unsigned char *md, MD2_CTX *c); -unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/objects.h b/AppleCSP/open_ssl/openssl/objects.h deleted file mode 100644 index d65f8cf9..00000000 --- a/AppleCSP/open_ssl/openssl/objects.h +++ /dev/null @@ -1,1050 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/objects/objects.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_OBJECTS_H -#define HEADER_OBJECTS_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L - -#define SN_Algorithm "Algorithm" -#define LN_algorithm "algorithm" -#define NID_algorithm 38 -#define OBJ_algorithm 1L,3L,14L,3L,2L - -#define LN_rsadsi "rsadsi" -#define NID_rsadsi 1 -#define OBJ_rsadsi 1L,2L,840L,113549L - -#define LN_pkcs "pkcs" -#define NID_pkcs 2 -#define OBJ_pkcs OBJ_rsadsi,1L - -#define SN_md2 "MD2" -#define LN_md2 "md2" -#define NID_md2 3 -#define OBJ_md2 OBJ_rsadsi,2L,2L - -#define SN_md5 "MD5" -#define LN_md5 "md5" -#define NID_md5 4 -#define OBJ_md5 OBJ_rsadsi,2L,5L - -#define SN_rc4 "RC4" -#define LN_rc4 "rc4" -#define NID_rc4 5 -#define OBJ_rc4 OBJ_rsadsi,3L,4L - -#define LN_rsaEncryption "rsaEncryption" -#define NID_rsaEncryption 6 -#define OBJ_rsaEncryption OBJ_pkcs,1L,1L - -#define SN_md2WithRSAEncryption "RSA-MD2" -#define LN_md2WithRSAEncryption "md2WithRSAEncryption" -#define NID_md2WithRSAEncryption 7 -#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L - -#define SN_md5WithRSAEncryption "RSA-MD5" -#define LN_md5WithRSAEncryption "md5WithRSAEncryption" -#define NID_md5WithRSAEncryption 8 -#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L - -#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" -#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" -#define NID_pbeWithMD2AndDES_CBC 9 -#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L - -#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" -#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" -#define NID_pbeWithMD5AndDES_CBC 10 -#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L - -#define LN_X500 "X500" -#define NID_X500 11 -#define OBJ_X500 2L,5L - -#define LN_X509 "X509" -#define NID_X509 12 -#define OBJ_X509 OBJ_X500,4L - -#define SN_commonName "CN" -#define LN_commonName "commonName" -#define NID_commonName 13 -#define OBJ_commonName OBJ_X509,3L - -#define SN_countryName "C" -#define LN_countryName "countryName" -#define NID_countryName 14 -#define OBJ_countryName OBJ_X509,6L - -#define SN_localityName "L" -#define LN_localityName "localityName" -#define NID_localityName 15 -#define OBJ_localityName OBJ_X509,7L - -/* Postal Address? PA */ - -/* should be "ST" (rfc1327) but MS uses 'S' */ -#define SN_stateOrProvinceName "ST" -#define LN_stateOrProvinceName "stateOrProvinceName" -#define NID_stateOrProvinceName 16 -#define OBJ_stateOrProvinceName OBJ_X509,8L - -#define SN_organizationName "O" -#define LN_organizationName "organizationName" -#define NID_organizationName 17 -#define OBJ_organizationName OBJ_X509,10L - -#define SN_organizationalUnitName "OU" -#define LN_organizationalUnitName "organizationalUnitName" -#define NID_organizationalUnitName 18 -#define OBJ_organizationalUnitName OBJ_X509,11L - -#define SN_rsa "RSA" -#define LN_rsa "rsa" -#define NID_rsa 19 -#define OBJ_rsa OBJ_X500,8L,1L,1L - -#define LN_pkcs7 "pkcs7" -#define NID_pkcs7 20 -#define OBJ_pkcs7 OBJ_pkcs,7L - -#define LN_pkcs7_data "pkcs7-data" -#define NID_pkcs7_data 21 -#define OBJ_pkcs7_data OBJ_pkcs7,1L - -#define LN_pkcs7_signed "pkcs7-signedData" -#define NID_pkcs7_signed 22 -#define OBJ_pkcs7_signed OBJ_pkcs7,2L - -#define LN_pkcs7_enveloped "pkcs7-envelopedData" -#define NID_pkcs7_enveloped 23 -#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L - -#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" -#define NID_pkcs7_signedAndEnveloped 24 -#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L - -#define LN_pkcs7_digest "pkcs7-digestData" -#define NID_pkcs7_digest 25 -#define OBJ_pkcs7_digest OBJ_pkcs7,5L - -#define LN_pkcs7_encrypted "pkcs7-encryptedData" -#define NID_pkcs7_encrypted 26 -#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L - -#define LN_pkcs3 "pkcs3" -#define NID_pkcs3 27 -#define OBJ_pkcs3 OBJ_pkcs,3L - -#define LN_dhKeyAgreement "dhKeyAgreement" -#define NID_dhKeyAgreement 28 -#define OBJ_dhKeyAgreement OBJ_pkcs3,1L - -#define SN_des_ecb "DES-ECB" -#define LN_des_ecb "des-ecb" -#define NID_des_ecb 29 -#define OBJ_des_ecb OBJ_algorithm,6L - -#define SN_des_cfb64 "DES-CFB" -#define LN_des_cfb64 "des-cfb" -#define NID_des_cfb64 30 -/* IV + num */ -#define OBJ_des_cfb64 OBJ_algorithm,9L - -#define SN_des_cbc "DES-CBC" -#define LN_des_cbc "des-cbc" -#define NID_des_cbc 31 -/* IV */ -#define OBJ_des_cbc OBJ_algorithm,7L - -#define SN_des_ede "DES-EDE" -#define LN_des_ede "des-ede" -#define NID_des_ede 32 -/* ?? */ -#define OBJ_des_ede OBJ_algorithm,17L - -#define SN_des_ede3 "DES-EDE3" -#define LN_des_ede3 "des-ede3" -#define NID_des_ede3 33 - -#define SN_idea_cbc "IDEA-CBC" -#define LN_idea_cbc "idea-cbc" -#define NID_idea_cbc 34 -#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L - -#define SN_idea_cfb64 "IDEA-CFB" -#define LN_idea_cfb64 "idea-cfb" -#define NID_idea_cfb64 35 - -#define SN_idea_ecb "IDEA-ECB" -#define LN_idea_ecb "idea-ecb" -#define NID_idea_ecb 36 - -#define SN_rc2_cbc "RC2-CBC" -#define LN_rc2_cbc "rc2-cbc" -#define NID_rc2_cbc 37 -#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L - -#define SN_rc2_ecb "RC2-ECB" -#define LN_rc2_ecb "rc2-ecb" -#define NID_rc2_ecb 38 - -#define SN_rc2_cfb64 "RC2-CFB" -#define LN_rc2_cfb64 "rc2-cfb" -#define NID_rc2_cfb64 39 - -#define SN_rc2_ofb64 "RC2-OFB" -#define LN_rc2_ofb64 "rc2-ofb" -#define NID_rc2_ofb64 40 - -#define SN_sha "SHA" -#define LN_sha "sha" -#define NID_sha 41 -#define OBJ_sha OBJ_algorithm,18L - -#define SN_shaWithRSAEncryption "RSA-SHA" -#define LN_shaWithRSAEncryption "shaWithRSAEncryption" -#define NID_shaWithRSAEncryption 42 -#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L - -#define SN_des_ede_cbc "DES-EDE-CBC" -#define LN_des_ede_cbc "des-ede-cbc" -#define NID_des_ede_cbc 43 - -#define SN_des_ede3_cbc "DES-EDE3-CBC" -#define LN_des_ede3_cbc "des-ede3-cbc" -#define NID_des_ede3_cbc 44 -#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L - -#define SN_des_ofb64 "DES-OFB" -#define LN_des_ofb64 "des-ofb" -#define NID_des_ofb64 45 -#define OBJ_des_ofb64 OBJ_algorithm,8L - -#define SN_idea_ofb64 "IDEA-OFB" -#define LN_idea_ofb64 "idea-ofb" -#define NID_idea_ofb64 46 - -#define LN_pkcs9 "pkcs9" -#define NID_pkcs9 47 -#define OBJ_pkcs9 OBJ_pkcs,9L - -#define SN_pkcs9_emailAddress "Email" -#define LN_pkcs9_emailAddress "emailAddress" -#define NID_pkcs9_emailAddress 48 -#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L - -#define LN_pkcs9_unstructuredName "unstructuredName" -#define NID_pkcs9_unstructuredName 49 -#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L - -#define LN_pkcs9_contentType "contentType" -#define NID_pkcs9_contentType 50 -#define OBJ_pkcs9_contentType OBJ_pkcs9,3L - -#define LN_pkcs9_messageDigest "messageDigest" -#define NID_pkcs9_messageDigest 51 -#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L - -#define LN_pkcs9_signingTime "signingTime" -#define NID_pkcs9_signingTime 52 -#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L - -#define LN_pkcs9_countersignature "countersignature" -#define NID_pkcs9_countersignature 53 -#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L - -#define LN_pkcs9_challengePassword "challengePassword" -#define NID_pkcs9_challengePassword 54 -#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L - -#define LN_pkcs9_unstructuredAddress "unstructuredAddress" -#define NID_pkcs9_unstructuredAddress 55 -#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L - -#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" -#define NID_pkcs9_extCertAttributes 56 -#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L - -#define SN_netscape "Netscape" -#define LN_netscape "Netscape Communications Corp." -#define NID_netscape 57 -#define OBJ_netscape 2L,16L,840L,1L,113730L - -#define SN_netscape_cert_extension "nsCertExt" -#define LN_netscape_cert_extension "Netscape Certificate Extension" -#define NID_netscape_cert_extension 58 -#define OBJ_netscape_cert_extension OBJ_netscape,1L - -#define SN_netscape_data_type "nsDataType" -#define LN_netscape_data_type "Netscape Data Type" -#define NID_netscape_data_type 59 -#define OBJ_netscape_data_type OBJ_netscape,2L - -#define SN_des_ede_cfb64 "DES-EDE-CFB" -#define LN_des_ede_cfb64 "des-ede-cfb" -#define NID_des_ede_cfb64 60 - -#define SN_des_ede3_cfb64 "DES-EDE3-CFB" -#define LN_des_ede3_cfb64 "des-ede3-cfb" -#define NID_des_ede3_cfb64 61 - -#define SN_des_ede_ofb64 "DES-EDE-OFB" -#define LN_des_ede_ofb64 "des-ede-ofb" -#define NID_des_ede_ofb64 62 - -#define SN_des_ede3_ofb64 "DES-EDE3-OFB" -#define LN_des_ede3_ofb64 "des-ede3-ofb" -#define NID_des_ede3_ofb64 63 - -/* I'm not sure about the object ID */ -#define SN_sha1 "SHA1" -#define LN_sha1 "sha1" -#define NID_sha1 64 -#define OBJ_sha1 OBJ_algorithm,26L -/* 28 Jun 1996 - eay */ -/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ - -#define SN_sha1WithRSAEncryption "RSA-SHA1" -#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" -#define NID_sha1WithRSAEncryption 65 -#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L - -#define SN_dsaWithSHA "DSA-SHA" -#define LN_dsaWithSHA "dsaWithSHA" -#define NID_dsaWithSHA 66 -#define OBJ_dsaWithSHA OBJ_algorithm,13L - -#define SN_dsa_2 "DSA-old" -#define LN_dsa_2 "dsaEncryption-old" -#define NID_dsa_2 67 -#define OBJ_dsa_2 OBJ_algorithm,12L - -/* proposed by microsoft to RSA */ -#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" -#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" -#define NID_pbeWithSHA1AndRC2_CBC 68 -#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L - -/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now - * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something - * completely different. - */ -#define LN_id_pbkdf2 "PBKDF2" -#define NID_id_pbkdf2 69 -#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L - -#define SN_dsaWithSHA1_2 "DSA-SHA1-old" -#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" -#define NID_dsaWithSHA1_2 70 -/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ -#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L - -#define SN_netscape_cert_type "nsCertType" -#define LN_netscape_cert_type "Netscape Cert Type" -#define NID_netscape_cert_type 71 -#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L - -#define SN_netscape_base_url "nsBaseUrl" -#define LN_netscape_base_url "Netscape Base Url" -#define NID_netscape_base_url 72 -#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L - -#define SN_netscape_revocation_url "nsRevocationUrl" -#define LN_netscape_revocation_url "Netscape Revocation Url" -#define NID_netscape_revocation_url 73 -#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L - -#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" -#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" -#define NID_netscape_ca_revocation_url 74 -#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L - -#define SN_netscape_renewal_url "nsRenewalUrl" -#define LN_netscape_renewal_url "Netscape Renewal Url" -#define NID_netscape_renewal_url 75 -#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L - -#define SN_netscape_ca_policy_url "nsCaPolicyUrl" -#define LN_netscape_ca_policy_url "Netscape CA Policy Url" -#define NID_netscape_ca_policy_url 76 -#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L - -#define SN_netscape_ssl_server_name "nsSslServerName" -#define LN_netscape_ssl_server_name "Netscape SSL Server Name" -#define NID_netscape_ssl_server_name 77 -#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L - -#define SN_netscape_comment "nsComment" -#define LN_netscape_comment "Netscape Comment" -#define NID_netscape_comment 78 -#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L - -#define SN_netscape_cert_sequence "nsCertSequence" -#define LN_netscape_cert_sequence "Netscape Certificate Sequence" -#define NID_netscape_cert_sequence 79 -#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L - -#define SN_desx_cbc "DESX-CBC" -#define LN_desx_cbc "desx-cbc" -#define NID_desx_cbc 80 - -#define SN_ld_ce "ld-ce" -#define NID_ld_ce 81 -#define OBJ_ld_ce 2L,5L,29L - -#define SN_subject_key_identifier "subjectKeyIdentifier" -#define LN_subject_key_identifier "X509v3 Subject Key Identifier" -#define NID_subject_key_identifier 82 -#define OBJ_subject_key_identifier OBJ_ld_ce,14L - -#define SN_key_usage "keyUsage" -#define LN_key_usage "X509v3 Key Usage" -#define NID_key_usage 83 -#define OBJ_key_usage OBJ_ld_ce,15L - -#define SN_private_key_usage_period "privateKeyUsagePeriod" -#define LN_private_key_usage_period "X509v3 Private Key Usage Period" -#define NID_private_key_usage_period 84 -#define OBJ_private_key_usage_period OBJ_ld_ce,16L - -#define SN_subject_alt_name "subjectAltName" -#define LN_subject_alt_name "X509v3 Subject Alternative Name" -#define NID_subject_alt_name 85 -#define OBJ_subject_alt_name OBJ_ld_ce,17L - -#define SN_issuer_alt_name "issuerAltName" -#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" -#define NID_issuer_alt_name 86 -#define OBJ_issuer_alt_name OBJ_ld_ce,18L - -#define SN_basic_constraints "basicConstraints" -#define LN_basic_constraints "X509v3 Basic Constraints" -#define NID_basic_constraints 87 -#define OBJ_basic_constraints OBJ_ld_ce,19L - -#define SN_crl_number "crlNumber" -#define LN_crl_number "X509v3 CRL Number" -#define NID_crl_number 88 -#define OBJ_crl_number OBJ_ld_ce,20L - -#define SN_certificate_policies "certificatePolicies" -#define LN_certificate_policies "X509v3 Certificate Policies" -#define NID_certificate_policies 89 -#define OBJ_certificate_policies OBJ_ld_ce,32L - -#define SN_authority_key_identifier "authorityKeyIdentifier" -#define LN_authority_key_identifier "X509v3 Authority Key Identifier" -#define NID_authority_key_identifier 90 -#define OBJ_authority_key_identifier OBJ_ld_ce,35L - -#define SN_bf_cbc "BF-CBC" -#define LN_bf_cbc "bf-cbc" -#define NID_bf_cbc 91 -#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L - -#define SN_bf_ecb "BF-ECB" -#define LN_bf_ecb "bf-ecb" -#define NID_bf_ecb 92 - -#define SN_bf_cfb64 "BF-CFB" -#define LN_bf_cfb64 "bf-cfb" -#define NID_bf_cfb64 93 - -#define SN_bf_ofb64 "BF-OFB" -#define LN_bf_ofb64 "bf-ofb" -#define NID_bf_ofb64 94 - -#define SN_mdc2 "MDC2" -#define LN_mdc2 "mdc2" -#define NID_mdc2 95 -#define OBJ_mdc2 2L,5L,8L,3L,101L -/* An alternative? 1L,3L,14L,3L,2L,19L */ - -#define SN_mdc2WithRSA "RSA-MDC2" -#define LN_mdc2WithRSA "mdc2withRSA" -#define NID_mdc2WithRSA 96 -#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L - -#define SN_rc4_40 "RC4-40" -#define LN_rc4_40 "rc4-40" -#define NID_rc4_40 97 - -#define SN_rc2_40_cbc "RC2-40-CBC" -#define LN_rc2_40_cbc "rc2-40-cbc" -#define NID_rc2_40_cbc 98 - -#define SN_givenName "G" -#define LN_givenName "givenName" -#define NID_givenName 99 -#define OBJ_givenName OBJ_X509,42L - -#define SN_surname "S" -#define LN_surname "surname" -#define NID_surname 100 -#define OBJ_surname OBJ_X509,4L - -#define SN_initials "I" -#define LN_initials "initials" -#define NID_initials 101 -#define OBJ_initials OBJ_X509,43L - -#define SN_uniqueIdentifier "UID" -#define LN_uniqueIdentifier "uniqueIdentifier" -#define NID_uniqueIdentifier 102 -#define OBJ_uniqueIdentifier OBJ_X509,45L - -#define SN_crl_distribution_points "crlDistributionPoints" -#define LN_crl_distribution_points "X509v3 CRL Distribution Points" -#define NID_crl_distribution_points 103 -#define OBJ_crl_distribution_points OBJ_ld_ce,31L - -#define SN_md5WithRSA "RSA-NP-MD5" -#define LN_md5WithRSA "md5WithRSA" -#define NID_md5WithRSA 104 -#define OBJ_md5WithRSA OBJ_algorithm,3L - -#define SN_serialNumber "SN" -#define LN_serialNumber "serialNumber" -#define NID_serialNumber 105 -#define OBJ_serialNumber OBJ_X509,5L - -#define SN_title "T" -#define LN_title "title" -#define NID_title 106 -#define OBJ_title OBJ_X509,12L - -#define SN_description "D" -#define LN_description "description" -#define NID_description 107 -#define OBJ_description OBJ_X509,13L - -/* CAST5 is CAST-128, I'm just sticking with the documentation */ -#define SN_cast5_cbc "CAST5-CBC" -#define LN_cast5_cbc "cast5-cbc" -#define NID_cast5_cbc 108 -#define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L - -#define SN_cast5_ecb "CAST5-ECB" -#define LN_cast5_ecb "cast5-ecb" -#define NID_cast5_ecb 109 - -#define SN_cast5_cfb64 "CAST5-CFB" -#define LN_cast5_cfb64 "cast5-cfb" -#define NID_cast5_cfb64 110 - -#define SN_cast5_ofb64 "CAST5-OFB" -#define LN_cast5_ofb64 "cast5-ofb" -#define NID_cast5_ofb64 111 - -#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" -#define NID_pbeWithMD5AndCast5_CBC 112 -#define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L - -/* This is one sun will soon be using :-( - * id-dsa-with-sha1 ID ::= { - * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } - */ -#define SN_dsaWithSHA1 "DSA-SHA1" -#define LN_dsaWithSHA1 "dsaWithSHA1" -#define NID_dsaWithSHA1 113 -#define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L - -#define NID_md5_sha1 114 -#define SN_md5_sha1 "MD5-SHA1" -#define LN_md5_sha1 "md5-sha1" - -#define SN_sha1WithRSA "RSA-SHA1-2" -#define LN_sha1WithRSA "sha1WithRSA" -#define NID_sha1WithRSA 115 -#define OBJ_sha1WithRSA OBJ_algorithm,29L - -#define SN_dsa "DSA" -#define LN_dsa "dsaEncryption" -#define NID_dsa 116 -#define OBJ_dsa 1L,2L,840L,10040L,4L,1L - -#define SN_ripemd160 "RIPEMD160" -#define LN_ripemd160 "ripemd160" -#define NID_ripemd160 117 -#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L - -/* The name should actually be rsaSignatureWithripemd160, but I'm going - * to continue using the convention I'm using with the other ciphers */ -#define SN_ripemd160WithRSA "RSA-RIPEMD160" -#define LN_ripemd160WithRSA "ripemd160WithRSA" -#define NID_ripemd160WithRSA 119 -#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L - -/* Taken from rfc2040 - * RC5_CBC_Parameters ::= SEQUENCE { - * version INTEGER (v1_0(16)), - * rounds INTEGER (8..127), - * blockSizeInBits INTEGER (64, 128), - * iv OCTET STRING OPTIONAL - * } - */ -#define SN_rc5_cbc "RC5-CBC" -#define LN_rc5_cbc "rc5-cbc" -#define NID_rc5_cbc 120 -#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L - -#define SN_rc5_ecb "RC5-ECB" -#define LN_rc5_ecb "rc5-ecb" -#define NID_rc5_ecb 121 - -#define SN_rc5_cfb64 "RC5-CFB" -#define LN_rc5_cfb64 "rc5-cfb" -#define NID_rc5_cfb64 122 - -#define SN_rc5_ofb64 "RC5-OFB" -#define LN_rc5_ofb64 "rc5-ofb" -#define NID_rc5_ofb64 123 - -#define SN_rle_compression "RLE" -#define LN_rle_compression "run length compression" -#define NID_rle_compression 124 -#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L - -#define SN_zlib_compression "ZLIB" -#define LN_zlib_compression "zlib compression" -#define NID_zlib_compression 125 -#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L - -#define SN_ext_key_usage "extendedKeyUsage" -#define LN_ext_key_usage "X509v3 Extended Key Usage" -#define NID_ext_key_usage 126 -#define OBJ_ext_key_usage OBJ_ld_ce,37 - -#define SN_id_pkix "PKIX" -#define NID_id_pkix 127 -#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L - -#define SN_id_kp "id-kp" -#define NID_id_kp 128 -#define OBJ_id_kp OBJ_id_pkix,3L - -/* PKIX extended key usage OIDs */ - -#define SN_server_auth "serverAuth" -#define LN_server_auth "TLS Web Server Authentication" -#define NID_server_auth 129 -#define OBJ_server_auth OBJ_id_kp,1L - -#define SN_client_auth "clientAuth" -#define LN_client_auth "TLS Web Client Authentication" -#define NID_client_auth 130 -#define OBJ_client_auth OBJ_id_kp,2L - -#define SN_code_sign "codeSigning" -#define LN_code_sign "Code Signing" -#define NID_code_sign 131 -#define OBJ_code_sign OBJ_id_kp,3L - -#define SN_email_protect "emailProtection" -#define LN_email_protect "E-mail Protection" -#define NID_email_protect 132 -#define OBJ_email_protect OBJ_id_kp,4L - -#define SN_time_stamp "timeStamping" -#define LN_time_stamp "Time Stamping" -#define NID_time_stamp 133 -#define OBJ_time_stamp OBJ_id_kp,8L - -/* Additional extended key usage OIDs: Microsoft */ - -#define SN_ms_code_ind "msCodeInd" -#define LN_ms_code_ind "Microsoft Individual Code Signing" -#define NID_ms_code_ind 134 -#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L - -#define SN_ms_code_com "msCodeCom" -#define LN_ms_code_com "Microsoft Commercial Code Signing" -#define NID_ms_code_com 135 -#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L - -#define SN_ms_ctl_sign "msCTLSign" -#define LN_ms_ctl_sign "Microsoft Trust List Signing" -#define NID_ms_ctl_sign 136 -#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L - -#define SN_ms_sgc "msSGC" -#define LN_ms_sgc "Microsoft Server Gated Crypto" -#define NID_ms_sgc 137 -#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L - -#define SN_ms_efs "msEFS" -#define LN_ms_efs "Microsoft Encrypted File System" -#define NID_ms_efs 138 -#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L - -/* Additional usage: Netscape */ - -#define SN_ns_sgc "nsSGC" -#define LN_ns_sgc "Netscape Server Gated Crypto" -#define NID_ns_sgc 139 -#define OBJ_ns_sgc OBJ_netscape,4L,1L - -#define SN_delta_crl "deltaCRL" -#define LN_delta_crl "X509v3 Delta CRL Indicator" -#define NID_delta_crl 140 -#define OBJ_delta_crl OBJ_ld_ce,27L - -#define SN_crl_reason "CRLReason" -#define LN_crl_reason "CRL Reason Code" -#define NID_crl_reason 141 -#define OBJ_crl_reason OBJ_ld_ce,21L - -#define SN_invalidity_date "invalidityDate" -#define LN_invalidity_date "Invalidity Date" -#define NID_invalidity_date 142 -#define OBJ_invalidity_date OBJ_ld_ce,24L - -#define SN_sxnet "SXNetID" -#define LN_sxnet "Strong Extranet ID" -#define NID_sxnet 143 -#define OBJ_sxnet 1L,3L,101L,1L,4L,1L - -/* PKCS12 and related OBJECT IDENTIFIERS */ - -#define OBJ_pkcs12 OBJ_pkcs,12L -#define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 - -#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" -#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" -#define NID_pbe_WithSHA1And128BitRC4 144 -#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L - -#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" -#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" -#define NID_pbe_WithSHA1And40BitRC4 145 -#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L - -#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" -#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" -#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 -#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L - -#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" -#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" -#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 -#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L - -#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" -#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" -#define NID_pbe_WithSHA1And128BitRC2_CBC 148 -#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L - -#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" -#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" -#define NID_pbe_WithSHA1And40BitRC2_CBC 149 -#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L - -#define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L - -#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L - -#define LN_keyBag "keyBag" -#define NID_keyBag 150 -#define OBJ_keyBag OBJ_pkcs12_BagIds, 1L - -#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" -#define NID_pkcs8ShroudedKeyBag 151 -#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L - -#define LN_certBag "certBag" -#define NID_certBag 152 -#define OBJ_certBag OBJ_pkcs12_BagIds, 3L - -#define LN_crlBag "crlBag" -#define NID_crlBag 153 -#define OBJ_crlBag OBJ_pkcs12_BagIds, 4L - -#define LN_secretBag "secretBag" -#define NID_secretBag 154 -#define OBJ_secretBag OBJ_pkcs12_BagIds, 5L - -#define LN_safeContentsBag "safeContentsBag" -#define NID_safeContentsBag 155 -#define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L - -#define LN_friendlyName "friendlyName" -#define NID_friendlyName 156 -#define OBJ_friendlyName OBJ_pkcs9, 20L - -#define LN_localKeyID "localKeyID" -#define NID_localKeyID 157 -#define OBJ_localKeyID OBJ_pkcs9, 21L - -#define OBJ_certTypes OBJ_pkcs9, 22L - -#define LN_x509Certificate "x509Certificate" -#define NID_x509Certificate 158 -#define OBJ_x509Certificate OBJ_certTypes, 1L - -#define LN_sdsiCertificate "sdsiCertificate" -#define NID_sdsiCertificate 159 -#define OBJ_sdsiCertificate OBJ_certTypes, 2L - -#define OBJ_crlTypes OBJ_pkcs9, 23L - -#define LN_x509Crl "x509Crl" -#define NID_x509Crl 160 -#define OBJ_x509Crl OBJ_crlTypes, 1L - -/* PKCS#5 v2 OIDs */ - -#define LN_pbes2 "PBES2" -#define NID_pbes2 161 -#define OBJ_pbes2 OBJ_pkcs,5L,13L - -#define LN_pbmac1 "PBMAC1" -#define NID_pbmac1 162 -#define OBJ_pbmac1 OBJ_pkcs,5L,14L - -#define LN_hmacWithSHA1 "hmacWithSHA1" -#define NID_hmacWithSHA1 163 -#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L - -/* Policy Qualifier Ids */ - -#define LN_id_qt_cps "Policy Qualifier CPS" -#define SN_id_qt_cps "id-qt-cps" -#define NID_id_qt_cps 164 -#define OBJ_id_qt_cps OBJ_id_pkix,2L,1L - -#define LN_id_qt_unotice "Policy Qualifier User Notice" -#define SN_id_qt_unotice "id-qt-unotice" -#define NID_id_qt_unotice 165 -#define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L - -#define SN_rc2_64_cbc "RC2-64-CBC" -#define LN_rc2_64_cbc "rc2-64-cbc" -#define NID_rc2_64_cbc 166 - -#define SN_SMIMECapabilities "SMIME-CAPS" -#define LN_SMIMECapabilities "S/MIME Capabilities" -#define NID_SMIMECapabilities 167 -#define OBJ_SMIMECapabilities OBJ_pkcs9,15L - -#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" -#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" -#define NID_pbeWithMD2AndRC2_CBC 168 -#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L - -#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" -#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" -#define NID_pbeWithMD5AndRC2_CBC 169 -#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L - -#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" -#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" -#define NID_pbeWithSHA1AndDES_CBC 170 -#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L - -/* Extension request OIDs */ - -#define LN_ms_ext_req "Microsoft Extension Request" -#define SN_ms_ext_req "msExtReq" -#define NID_ms_ext_req 171 -#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L - -#define LN_ext_req "Extension Request" -#define SN_ext_req "extReq" -#define NID_ext_req 172 -#define OBJ_ext_req OBJ_pkcs9,14L - -#define SN_name "name" -#define LN_name "name" -#define NID_name 173 -#define OBJ_name OBJ_X509,41L - -#define SN_dnQualifier "dnQualifier" -#define LN_dnQualifier "dnQualifier" -#define NID_dnQualifier 174 -#define OBJ_dnQualifier OBJ_X509,46L - -#define SN_id_pe "id-pe" -#define NID_id_pe 175 -#define OBJ_id_pe OBJ_id_pkix,1L - -#define SN_id_ad "id-ad" -#define NID_id_ad 176 -#define OBJ_id_ad OBJ_id_pkix,48L - -#define SN_info_access "authorityInfoAccess" -#define LN_info_access "Authority Information Access" -#define NID_info_access 177 -#define OBJ_info_access OBJ_id_pe,1L - -#define SN_ad_OCSP "OCSP" -#define LN_ad_OCSP "OCSP" -#define NID_ad_OCSP 178 -#define OBJ_ad_OCSP OBJ_id_ad,1L - -#define SN_ad_ca_issuers "caIssuers" -#define LN_ad_ca_issuers "CA Issuers" -#define NID_ad_ca_issuers 179 -#define OBJ_ad_ca_issuers OBJ_id_ad,2L - -#define SN_OCSP_sign "OCSPSigning" -#define LN_OCSP_sign "OCSP Signing" -#define NID_OCSP_sign 180 -#define OBJ_OCSP_sign OBJ_id_kp,9L - -#include -#include - -#define OBJ_NAME_TYPE_UNDEF 0x00 -#define OBJ_NAME_TYPE_MD_METH 0x01 -#define OBJ_NAME_TYPE_CIPHER_METH 0x02 -#define OBJ_NAME_TYPE_PKEY_METH 0x03 -#define OBJ_NAME_TYPE_COMP_METH 0x04 -#define OBJ_NAME_TYPE_NUM 0x05 - -#define OBJ_NAME_ALIAS 0x8000 - - -typedef struct obj_name_st - { - int type; - int alias; - const char *name; - const char *data; - } OBJ_NAME; - -#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) - - -int OBJ_NAME_init(void); -int OBJ_NAME_new_index(unsigned long (*hash_func)(),int (*cmp_func)(), - void (*free_func)()); -const char *OBJ_NAME_get(const char *name,int type); -int OBJ_NAME_add(const char *name,int type,const char *data); -int OBJ_NAME_remove(const char *name,int type); -void OBJ_NAME_cleanup(int type); /* -1 for everything */ - -ASN1_OBJECT * OBJ_dup(ASN1_OBJECT *o); -ASN1_OBJECT * OBJ_nid2obj(int n); -const char * OBJ_nid2ln(int n); -const char * OBJ_nid2sn(int n); -int OBJ_obj2nid(ASN1_OBJECT *o); -ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); -int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name); -int OBJ_txt2nid(char *s); -int OBJ_ln2nid(const char *s); -int OBJ_sn2nid(const char *s); -int OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b); -char * OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)()); - -void ERR_load_OBJ_strings(void ); - -int OBJ_new_nid(int num); -int OBJ_add_object(ASN1_OBJECT *obj); -int OBJ_create(char *oid,char *sn,char *ln); -void OBJ_cleanup(void ); -int OBJ_create_objects(BIO *in); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the OBJ functions. */ - -/* Function codes. */ -#define OBJ_F_OBJ_CREATE 100 -#define OBJ_F_OBJ_DUP 101 -#define OBJ_F_OBJ_NID2LN 102 -#define OBJ_F_OBJ_NID2OBJ 103 -#define OBJ_F_OBJ_NID2SN 104 - -/* Reason codes. */ -#define OBJ_R_MALLOC_FAILURE 100 -#define OBJ_R_UNKNOWN_NID 101 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/openssl_pkcs7.h b/AppleCSP/open_ssl/openssl/openssl_pkcs7.h deleted file mode 100644 index 223438ba..00000000 --- a/AppleCSP/open_ssl/openssl/openssl_pkcs7.h +++ /dev/null @@ -1,516 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/pkcs7/pkcs7.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_PKCS7_H -#define HEADER_PKCS7_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -#ifdef VMS -#include -#endif - -#ifdef WIN32 -/* Under Win32 thes are defined in wincrypt.h */ -#undef PKCS7_ISSUER_AND_SERIAL -#undef PKCS7_SIGNER_INFO -#endif - -/* -Encryption_ID DES-CBC -Digest_ID MD5 -Digest_Encryption_ID rsaEncryption -Key_Encryption_ID rsaEncryption -*/ - -typedef struct pkcs7_issuer_and_serial_st - { - X509_NAME *issuer; - ASN1_INTEGER *serial; - } PKCS7_ISSUER_AND_SERIAL; - -typedef struct pkcs7_signer_info_st - { - ASN1_INTEGER *version; /* version 1 */ - PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; - X509_ALGOR *digest_alg; - STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; - STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ - - /* The private key to sign with */ - EVP_PKEY *pkey; - } PKCS7_SIGNER_INFO; - -DECLARE_STACK_OF(PKCS7_SIGNER_INFO) -DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) - -typedef struct pkcs7_recip_info_st - { - ASN1_INTEGER *version; /* version 0 */ - PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; - X509_ALGOR *key_enc_algor; - ASN1_OCTET_STRING *enc_key; - X509 *cert; /* get the pub-key from this */ - } PKCS7_RECIP_INFO; - -DECLARE_STACK_OF(PKCS7_RECIP_INFO) -DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) - -typedef struct pkcs7_signed_st - { - ASN1_INTEGER *version; /* version 1 */ - STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - - struct pkcs7_st *contents; - } PKCS7_SIGNED; -/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. - * How about merging the two */ - -typedef struct pkcs7_enc_content_st - { - ASN1_OBJECT *content_type; - X509_ALGOR *algorithm; - ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ - const EVP_CIPHER *cipher; - } PKCS7_ENC_CONTENT; - -typedef struct pkcs7_enveloped_st - { - ASN1_INTEGER *version; /* version 0 */ - STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; - PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENVELOPE; - -typedef struct pkcs7_signedandenveloped_st - { - ASN1_INTEGER *version; /* version 1 */ - STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - - PKCS7_ENC_CONTENT *enc_data; - STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; - } PKCS7_SIGN_ENVELOPE; - -typedef struct pkcs7_digest_st - { - ASN1_INTEGER *version; /* version 0 */ - X509_ALGOR *md; /* md used */ - struct pkcs7_st *contents; - ASN1_OCTET_STRING *digest; - } PKCS7_DIGEST; - -typedef struct pkcs7_encrypted_st - { - ASN1_INTEGER *version; /* version 0 */ - PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENCRYPT; - -typedef struct pkcs7_st - { - /* The following is non NULL if it contains ASN1 encoding of - * this structure */ - unsigned char *asn1; - long length; - -#define PKCS7_S_HEADER 0 -#define PKCS7_S_BODY 1 -#define PKCS7_S_TAIL 2 - int state; /* used during processing */ - - int detached; - - ASN1_OBJECT *type; - /* content as defined by the type */ - /* all encryption/message digests are applied to the 'contents', - * leaving out the 'type' field. */ - union { - char *ptr; - - /* NID_pkcs7_data */ - ASN1_OCTET_STRING *data; - - /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; - - /* NID_pkcs7_enveloped */ - PKCS7_ENVELOPE *enveloped; - - /* NID_pkcs7_signedAndEnveloped */ - PKCS7_SIGN_ENVELOPE *signed_and_enveloped; - - /* NID_pkcs7_digest */ - PKCS7_DIGEST *digest; - - /* NID_pkcs7_encrypted */ - PKCS7_ENCRYPT *encrypted; - } d; - } PKCS7; - -#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 -#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 - -#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) -#define PKCS7_get_attributes(si) ((si)->unauth_attr) - -#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) -#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) -#define PKCS7_type_is_signedAndEnveloped(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) -#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) - -#define PKCS7_set_detached(p,v) \ - PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) -#define PKCS7_get_detached(p) \ - PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) - -#ifdef SSLEAY_MACROS -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - -/* S/MIME related flags */ - -#define PKCS7_TEXT 0x1 -#define PKCS7_NOCERTS 0x2 -#define PKCS7_NOSIGS 0x4 -#define PKCS7_NOCHAIN 0x8 -#define PKCS7_NOINTERN 0x10 -#define PKCS7_NOVERIFY 0x20 -#define PKCS7_DETACHED 0x40 -#define PKCS7_BINARY 0x80 -#define PKCS7_NOATTR 0x100 - -/* Flags: for compatibility with older code */ - -#define SMIME_TEXT PKCS7_TEXT -#define SMIME_NOCERTS PKCS7_NOCERTS -#define SMIME_NOSIGS PKCS7_NOSIGS -#define SMIME_NOCHAIN PKCS7_NOCHAIN -#define SMIME_NOINTERN PKCS7_NOINTERN -#define SMIME_NOVERIFY PKCS7_NOVERIFY -#define SMIME_DETACHED PKCS7_DETACHED -#define SMIME_BINARY PKCS7_BINARY -#define SMIME_NOATTR PKCS7_NOATTR - -PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void ); -void PKCS7_ISSUER_AND_SERIAL_free( - PKCS7_ISSUER_AND_SERIAL *a); -int i2d_PKCS7_ISSUER_AND_SERIAL( - PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp); -PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL( - PKCS7_ISSUER_AND_SERIAL **a, - unsigned char **pp, long length); - -#ifndef SSLEAY_MACROS -int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); -#ifndef NO_FP_API -PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); -int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); -#endif -PKCS7 *PKCS7_dup(PKCS7 *p7); -PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); -int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); -#endif - -PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void); -void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a); -int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, - unsigned char **pp); -PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, - unsigned char **pp,long length); - -PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void); -void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a); -int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, - unsigned char **pp); -PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, - unsigned char **pp,long length); - -PKCS7_SIGNED *PKCS7_SIGNED_new(void); -void PKCS7_SIGNED_free(PKCS7_SIGNED *a); -int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, - unsigned char **pp); -PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, - unsigned char **pp,long length); - -PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void); -void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a); -int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, - unsigned char **pp); -PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, - unsigned char **pp,long length); - -PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void); -void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a); -int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, - unsigned char **pp); -PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, - unsigned char **pp,long length); - -PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void); -void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a); -int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, - unsigned char **pp); -PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, - unsigned char **pp,long length); - -PKCS7_DIGEST *PKCS7_DIGEST_new(void); -void PKCS7_DIGEST_free(PKCS7_DIGEST *a); -int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, - unsigned char **pp); -PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, - unsigned char **pp,long length); - -PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void); -void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a); -int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, - unsigned char **pp); -PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, - unsigned char **pp,long length); - -PKCS7 *PKCS7_new(void); -void PKCS7_free(PKCS7 *a); -void PKCS7_content_free(PKCS7 *a); -int i2d_PKCS7(PKCS7 *a, - unsigned char **pp); -PKCS7 *d2i_PKCS7(PKCS7 **a, - unsigned char **pp,long length); - -void ERR_load_PKCS7_strings(void); - - -long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); - -int PKCS7_set_type(PKCS7 *p7, int type); -int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); -int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst); -int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); -int PKCS7_content_new(PKCS7 *p7, int nid); -int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, - BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); -int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); - -BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); -int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); -BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); - - -PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, EVP_MD *dgst); -X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); -STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); - -PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); -int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); -int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); -int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); - -PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); -ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, - void *data); -int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value); -ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); -ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); -int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); - - -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags); -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, - int flags); -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); - -int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap); -STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); -int PKCS7_simple_smimecap(STACK *sk, int nid, int arg); - -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); -int SMIME_crlf_copy(BIO *in, BIO *out, int flags); -int SMIME_text(BIO *in, BIO *out); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the PKCS7 functions. */ - -/* Function codes. */ -#define PKCS7_F_B64_READ_PKCS7 120 -#define PKCS7_F_B64_WRITE_PKCS7 121 -#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 -#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -#define PKCS7_F_PKCS7_ADD_CRL 101 -#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 -#define PKCS7_F_PKCS7_ADD_SIGNER 103 -#define PKCS7_F_PKCS7_CTRL 104 -#define PKCS7_F_PKCS7_DATADECODE 112 -#define PKCS7_F_PKCS7_DATAINIT 105 -#define PKCS7_F_PKCS7_DATASIGN 106 -#define PKCS7_F_PKCS7_DATAVERIFY 107 -#define PKCS7_F_PKCS7_DECRYPT 114 -#define PKCS7_F_PKCS7_ENCRYPT 115 -#define PKCS7_F_PKCS7_GET0_SIGNERS 124 -#define PKCS7_F_PKCS7_SET_CIPHER 108 -#define PKCS7_F_PKCS7_SET_CONTENT 109 -#define PKCS7_F_PKCS7_SET_TYPE 110 -#define PKCS7_F_PKCS7_SIGN 116 -#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 -#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 -#define PKCS7_F_PKCS7_VERIFY 117 -#define PKCS7_F_SMIME_READ_PKCS7 122 -#define PKCS7_F_SMIME_TEXT 123 - -/* Reason codes. */ -#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 -#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 -#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 -#define PKCS7_R_DECODE_ERROR 130 -#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 -#define PKCS7_R_DECRYPT_ERROR 119 -#define PKCS7_R_DIGEST_FAILURE 101 -#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 -#define PKCS7_R_ERROR_SETTING_CIPHER 121 -#define PKCS7_R_INTERNAL_ERROR 102 -#define PKCS7_R_INVALID_MIME_TYPE 131 -#define PKCS7_R_INVALID_NULL_POINTER 143 -#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 -#define PKCS7_R_MIME_PARSE_ERROR 133 -#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 -#define PKCS7_R_MISSING_CERIPEND_INFO 103 -#define PKCS7_R_NO_CONTENT 122 -#define PKCS7_R_NO_CONTENT_TYPE 135 -#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 -#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 -#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 -#define PKCS7_R_NO_SIGNERS 142 -#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 -#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 -#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 -#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -#define PKCS7_R_PKCS7_DATASIGN 126 -#define PKCS7_R_PKCS7_PARSE_ERROR 139 -#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 -#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 -#define PKCS7_R_SIGNATURE_FAILURE 105 -#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 -#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 -#define PKCS7_R_SMIME_TEXT_ERROR 129 -#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 -#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 -#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 -#define PKCS7_R_UNKNOWN_OPERATION 110 -#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 -#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 -#define PKCS7_R_WRONG_CONTENT_TYPE 113 -#define PKCS7_R_WRONG_PKCS7_TYPE 114 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/opensslconf.h b/AppleCSP/open_ssl/openssl/opensslconf.h deleted file mode 100644 index 4de0f709..00000000 --- a/AppleCSP/open_ssl/openssl/opensslconf.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * opensslconf.h - hand-rolled config #defines for openssl code used in AppleCSP - * Written by Doug Mitchell 4/3/2001 - */ -#ifndef _OPENSSL_CONF_H_ -#define _OPENSSL_CONF_H_ - -#include /* for uint32, etc. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Flags to disable a lot of code we don't need. - */ -#define _OPENSSL_APPLE_CDSA_ 1 - -#define NO_MD5 1 -#define NO_RIPEMD 1 -#define NO_DES 1 -#define NO_IDEA 1 -#define NO_MDC2 1 - -#ifdef NDEBUG -#define NO_ERR 1 -#endif - -/* disable the static callback ptrs in cryptlib.c */ -#define CRYPTO_CALLBACK_ENABLE 0 - -/* disable the BN_{set,get}_params mechanism, unused */ -#define BN_PARAMS_ENABLE 0 - -typedef uint32 RC2_INT; -typedef uint32 RC4_INT; - -/* the following two need calibration and lots of testing; see rc4_enc.c... */ -#undef RC4_CHUNK -#undef RC4_INDEX - -typedef uint32 RC5_32_INT; -typedef uint32 MD2_INT; - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#define BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -/* - * FIXME - this could certainly use some tweaking - */ -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ - -/* - * Using 64 bit results in an 8% speedup for RSA sign, but a 3% - * slowdown for RSA verify on a G4 cubeÊcompared to 32 bit. - * --dpm, 5/10/01 - */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT - -#ifdef __cplusplus -} -#endif - - -#endif /* _OPENSSL_CONF_H_ */ diff --git a/AppleCSP/open_ssl/openssl/opensslv.h b/AppleCSP/open_ssl/openssl/opensslv.h deleted file mode 100644 index 81326858..00000000 --- a/AppleCSP/open_ssl/openssl/opensslv.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef HEADER_OPENSSLV_H -#define HEADER_OPENSSLV_H - -/* Numeric release version identifier: - * MMNNFFPPS: major minor fix patch status - * The status nibble has one of the values 0 for development, 1 to e for betas - * 1 to 14, and f for release. The patch level is exactly that. - * For example: - * 0.9.3-dev 0x00903000 - * 0.9.3-beta1 0x00903001 - * 0.9.3-beta2-dev 0x00903002 - * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) - * 0.9.3 0x0090300f - * 0.9.3a 0x0090301f - * 0.9.4 0x0090400f - * 1.2.3z 0x102031af - * - * For continuity reasons (because 0.9.5 is already out, and is coded - * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level - * part is slightly different, by setting the highest bit. This means - * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start - * with 0x0090600S... - * - * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ -#define OPENSSL_VERSION_NUMBER 0x0090581fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.5a 1 Apr 2000" -#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT - -#endif /* HEADER_OPENSSLV_H */ diff --git a/AppleCSP/open_ssl/openssl/rand.h b/AppleCSP/open_ssl/openssl/rand.h deleted file mode 100644 index 3175a468..00000000 --- a/AppleCSP/open_ssl/openssl/rand.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rand/rand.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RAND_H -#define HEADER_RAND_H - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, double entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - } RAND_METHOD; - -#ifdef BN_DEBUG -extern int rand_predictable; -#endif - -void RAND_set_rand_method(RAND_METHOD *meth); -RAND_METHOD *RAND_get_rand_method(void ); -RAND_METHOD *RAND_SSLeay(void); -void RAND_cleanup(void ); -int RAND_bytes(unsigned char *buf,int num); -int RAND_pseudo_bytes(unsigned char *buf,int num); -void RAND_seed(const void *buf,int num); -void RAND_add(const void *buf,int num,double entropy); -int RAND_load_file(const char *file,long max_bytes); -int RAND_write_file(const char *file); -const char *RAND_file_name(char *file,int num); -int RAND_status(void); -int RAND_egd(const char *path); -#if defined(WINDOWS) || defined(WIN32) -#include -void RAND_screen(void); -int RAND_event(UINT, WPARAM, LPARAM); -#endif -void ERR_load_RAND_strings(void); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the RAND functions. */ - -/* Function codes. */ -#define RAND_F_SSLEAY_RAND_BYTES 100 - -/* Reason codes. */ -#define RAND_R_PRNG_NOT_SEEDED 100 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/rc2.h b/AppleCSP/open_ssl/openssl/rc2.h deleted file mode 100644 index 563365e0..00000000 --- a/AppleCSP/open_ssl/openssl/rc2.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc2/rc2.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RC2_H -#define HEADER_RC2_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_RC2 -#error RC2 is disabled. -#endif - -#define RC2_ENCRYPT 1 -#define RC2_DECRYPT 0 - -#include /* RC2_INT */ -#define RC2_BLOCK_SIZE_BYTES 8 -#define RC2_MIN_KEY_SIZE_BYTES 1 -#define RC2_MAX_KEY_SIZE_BYTES 128 - -typedef struct rc2_key_st - { - RC2_INT data[64]; - } RC2_KEY; - - -void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits); -#ifdef _OPENSSL_APPLE_CDSA_ -void RC2_encrypt(RC2_INT *data,RC2_KEY *key); -void RC2_decrypt(RC2_INT *data,RC2_KEY *key); -#else -void RC2_encrypt(unsigned long *data,RC2_KEY *key); -void RC2_decrypt(unsigned long *data,RC2_KEY *key); -void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key, - int enc); -void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, int enc); -void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - RC2_KEY *schedule, unsigned char *ivec, int *num, int enc); -void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - RC2_KEY *schedule, unsigned char *ivec, int *num); -#endif /* _OPENSSL_APPLE_CDSA_ */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/rc4.h b/AppleCSP/open_ssl/openssl/rc4.h deleted file mode 100644 index 9ed5e05b..00000000 --- a/AppleCSP/open_ssl/openssl/rc4.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc4/rc4.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RC4_H -#define HEADER_RC4_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_RC4 -#error RC4 is disabled. -#endif - -#include /* RC4_INT */ - -#define RC4_MIN_KEY_SIZE_BYTES 1 -#define RC4_MAX_KEY_SIZE_BYTES 512 - -typedef struct rc4_key_st - { - RC4_INT x,y; - RC4_INT data[256]; - } RC4_KEY; - - -const char *RC4_options(void); -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, - unsigned char *outdata); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/rc5.h b/AppleCSP/open_ssl/openssl/rc5.h deleted file mode 100644 index 123374b5..00000000 --- a/AppleCSP/open_ssl/openssl/rc5.h +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rc5/rc5.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RC5_H -#define HEADER_RC5_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_RC5 -#error RC5 is disabled. -#endif - -#define RC5_ENCRYPT 1 -#define RC5_DECRYPT 0 - -#include /* RC5_INT */ - -#ifdef _OPENSSL_APPLE_CDSA_ - -#define RC5_BLOCK_SIZE_BYTES 8 -#define RC5_MIN_KEY_SIZE_BYTES 1 -#define RC5_MAX_KEY_SIZE_BYTES 255 - -#else - -/* 32 bit. For Alpha, things may get weird */ -#define RC5_32_INT unsigned long - -#define RC5_32_BLOCK 8 -#define RC5_32_KEY_LENGTH 16 /* This is a default, max is 255 */ - -#endif /* _OPENSSL_APPLE_CDSA_ */ - -/* This are the only values supported. Tweak the code if you want more - * The most supported modes will be - * RC5-32/12/16 - * RC5-32/16/8 - */ -#define RC5_8_ROUNDS 8 -#define RC5_12_ROUNDS 12 -#define RC5_16_ROUNDS 16 - -typedef struct rc5_key_st - { - /* Number of rounds */ - int rounds; - RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; - } RC5_32_KEY; - - -void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data, - int rounds); - -#ifdef _OPENSSL_APPLE_CDSA_ -void RC5_32_encrypt(RC5_32_INT *data,RC5_32_KEY *key); -void RC5_32_decrypt(RC5_32_INT *data,RC5_32_KEY *key); -#else -void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key, - int enc); -void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key); -void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key); -void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length, - RC5_32_KEY *ks, unsigned char *iv, int enc); -void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc); -void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - RC5_32_KEY *schedule, unsigned char *ivec, int *num); - -#endif /* _OPENSSL_APPLE_CDSA_ */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/rsa.h b/AppleCSP/open_ssl/openssl/rsa.h deleted file mode 100644 index f17cbd3c..00000000 --- a/AppleCSP/open_ssl/openssl/rsa.h +++ /dev/null @@ -1,356 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RSA_H -#define HEADER_RSA_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -#ifdef NO_RSA -#error RSA is disabled. -#endif - -typedef struct rsa_st RSA; - -typedef struct rsa_meth_st - { - const char *name; - int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, - RSA *rsa,int padding); - int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, - RSA *rsa,int padding); - int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, - RSA *rsa,int padding); - int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, - RSA *rsa,int padding); - int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(RSA *rsa); /* called at new */ - int (*finish)(RSA *rsa); /* called at free */ - int flags; /* RSA_METHOD_FLAG_* things */ - char *app_data; /* may be needed! */ -/* New sign and verify functions: some libraries don't allow arbitrary data - * to be signed/verified: this allows them to be used. Note: for this to work - * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used - * RSA_sign(), RSA_verify() should be used instead. Note: for backwards - * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER - * option is set in 'flags'. - */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - - } RSA_METHOD; - -struct rsa_st - { - /* The first parameter is used to pickup errors where - * this is passed instead of aEVP_PKEY, it is set to 0 */ - int pad; - int version; - const RSA_METHOD *meth; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - /* be careful using this if the RSA structure is shared */ - CRYPTO_EX_DATA ex_data; - int references; - int flags; - - /* Used to cache montgomery values */ - BN_MONT_CTX *_method_mod_n; - BN_MONT_CTX *_method_mod_p; - BN_MONT_CTX *_method_mod_q; - - /* all BIGNUM values are actually in the following data, if it is not - * NULL */ - char *bignum_data; - BN_BLINDING *blinding; - }; - -#define RSA_3 0x3L -#define RSA_F4 0x10001L - -#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ - -#define RSA_FLAG_CACHE_PUBLIC 0x02 -#define RSA_FLAG_CACHE_PRIVATE 0x04 -#define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_THREAD_SAFE 0x10 -/* This flag means the private key operations will be handled by rsa_mod_exp - * and that they do not depend on the private key components being present: - * for example a key stored in external hardware. Without this flag bn_mod_exp - * gets called when private key components are absent. - */ -#define RSA_FLAG_EXT_PKEY 0x20 - -/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. - */ -#define RSA_FLAG_SIGN_VER 0x40 - -#define RSA_PKCS1_PADDING 1 -#define RSA_SSLV23_PADDING 2 -#define RSA_NO_PADDING 3 -#define RSA_PKCS1_OAEP_PADDING 4 - -#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) -#define RSA_get_app_data(s) RSA_get_ex_data(s,0) - -RSA * RSA_new(void); -RSA * RSA_new_method(const RSA_METHOD *method); -int RSA_size(RSA *); -RSA * RSA_generate_key(int bits, unsigned long e,void - (*callback)(int,int,void *),void *cb_arg); -int RSA_check_key(RSA *); - /* next 4 return -1 on error */ -int RSA_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -void RSA_free (RSA *r); - -int RSA_flags(RSA *r); - -void RSA_set_default_method(const RSA_METHOD *meth); -const RSA_METHOD *RSA_get_default_method(void); -const RSA_METHOD *RSA_get_method(RSA *rsa); -const RSA_METHOD *RSA_set_method(RSA *rsa, const RSA_METHOD *meth); - -/* This function needs the memory locking malloc callbacks to be installed */ -int RSA_memory_lock(RSA *r); - -/* If you have RSAref compiled in. */ -const RSA_METHOD *RSA_PKCS1_RSAref(void); - -/* these are the actual SSLeay RSA functions */ -const RSA_METHOD *RSA_PKCS1_SSLeay(void); - -const RSA_METHOD *RSA_null_method(void); - -void ERR_load_RSA_strings(void ); - -RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPublicKey(RSA *a, unsigned char **pp); -RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); -#ifndef NO_FP_API -int RSA_print_fp(FILE *fp, RSA *r,int offset); -#endif - -#ifdef HEADER_BIO_H -int RSA_print(BIO *bp, RSA *r,int offset); -#endif - -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); -/* Naughty internal function required elsewhere, to handle a MS structure - * that is the same as the netscape one :-) */ -RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); - -/* The following 2 functions sign and verify a X509_SIG ASN1 object - * inside PKCS#1 padded RSA encryption */ -int RSA_sign(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - -/* The following 2 function sign and verify a ASN1_OCTET_STRING - * object inside PKCS#1 padded RSA encryption */ -int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - -int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); -void RSA_blinding_off(RSA *rsa); - -int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl); -int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl); -int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,unsigned char *p, - int pl); -int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len, - unsigned char *p,int pl); -int RSA_padding_add_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl); -int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_none(unsigned char *to,int tlen, - unsigned char *f,int fl); -int RSA_padding_check_none(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); - -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int RSA_set_ex_data(RSA *r,int idx,void *arg); -void *RSA_get_ex_data(RSA *r, int idx); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the RSA functions. */ - -/* Function codes. */ -#define RSA_F_MEMORY_LOCK 100 -#define RSA_F_RSA_CHECK_KEY 123 -#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 -#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 -#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 -#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 -#define RSA_F_RSA_GENERATE_KEY 105 -#define RSA_F_RSA_NEW_METHOD 106 -#define RSA_F_RSA_NULL 124 -#define RSA_F_RSA_PADDING_ADD_NONE 107 -#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 -#define RSA_F_RSA_PADDING_ADD_SSLV23 110 -#define RSA_F_RSA_PADDING_CHECK_NONE 111 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 -#define RSA_F_RSA_PRINT 115 -#define RSA_F_RSA_PRINT_FP 116 -#define RSA_F_RSA_SIGN 117 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 -#define RSA_F_RSA_VERIFY 119 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 - -/* Reason codes. */ -#define RSA_R_ALGORITHM_MISMATCH 100 -#define RSA_R_BAD_E_VALUE 101 -#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 -#define RSA_R_BAD_PAD_BYTE_COUNT 103 -#define RSA_R_BAD_SIGNATURE 104 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 -#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 -#define RSA_R_DATA_TOO_LARGE 109 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 -#define RSA_R_DATA_TOO_SMALL 111 -#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 -#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 -#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 -#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 -#define RSA_R_INVALID_MESSAGE_LENGTH 131 -#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 -#define RSA_R_KEY_SIZE_TOO_SMALL 120 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 -#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 -#define RSA_R_OAEP_DECODING_ERROR 121 -#define RSA_R_PADDING_CHECK_FAILED 114 -#define RSA_R_P_NOT_PRIME 128 -#define RSA_R_Q_NOT_PRIME 129 -#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -#define RSA_R_UNKNOWN_PADDING_TYPE 118 -#define RSA_R_WRONG_SIGNATURE_LENGTH 119 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/safestack.h b/AppleCSP/open_ssl/openssl/safestack.h deleted file mode 100644 index ce7d3cf5..00000000 --- a/AppleCSP/open_ssl/openssl/safestack.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_SAFESTACK_H -#define HEADER_SAFESTACK_H - -#include - -#define STACK_OF(type) STACK_##type - -#define DECLARE_STACK_OF(type) \ -typedef struct stack_st_##type \ - { \ - STACK stack; \ - } STACK_OF(type); \ -STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ -STACK_OF(type) *sk_##type##_new_null(void); \ -void sk_##type##_free(STACK_OF(type) *sk); \ -int sk_##type##_num(const STACK_OF(type) *sk); \ -type *sk_##type##_value(const STACK_OF(type) *sk,int n); \ -type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \ -void sk_##type##_zero(STACK_OF(type) *sk); \ -int sk_##type##_push(STACK_OF(type) *sk,type *v); \ -int sk_##type##_unshift(STACK_OF(type) *sk,type *v); \ -int sk_##type##_find(STACK_OF(type) *sk,type *v); \ -type *sk_##type##_delete(STACK_OF(type) *sk,int n); \ -void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \ -int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \ -int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \ - int (*cmp)(type **,type **)))(type **,type **); \ -STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \ -void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \ -type *sk_##type##_shift(STACK_OF(type) *sk); \ -type *sk_##type##_pop(STACK_OF(type) *sk); \ -void sk_##type##_sort(STACK_OF(type) *sk); - -#define IMPLEMENT_STACK_OF(type) \ -STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \ - { return (STACK_OF(type) *)sk_new(cmp); } \ -STACK_OF(type) *sk_##type##_new_null() \ - { return (STACK_OF(type) *)sk_new_null(); } \ -void sk_##type##_free(STACK_OF(type) *sk) \ - { sk_free((STACK *)sk); } \ -int sk_##type##_num(const STACK_OF(type) *sk) \ - { return M_sk_num((const STACK *)sk); } \ -type *sk_##type##_value(const STACK_OF(type) *sk,int n) \ - { return (type *)sk_value((STACK *)sk,n); } \ -type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \ - { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \ -void sk_##type##_zero(STACK_OF(type) *sk) \ - { sk_zero((STACK *)sk); } \ -int sk_##type##_push(STACK_OF(type) *sk,type *v) \ - { return sk_push((STACK *)sk,(char *)v); } \ -int sk_##type##_unshift(STACK_OF(type) *sk,type *v) \ - { return sk_unshift((STACK *)sk,(char *)v); } \ -int sk_##type##_find(STACK_OF(type) *sk,type *v) \ - { return sk_find((STACK *)sk,(char *)v); } \ -type *sk_##type##_delete(STACK_OF(type) *sk,int n) \ - { return (type *)sk_delete((STACK *)sk,n); } \ -void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \ - { sk_delete_ptr((STACK *)sk,(char *)v); } \ -int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \ - { return sk_insert((STACK *)sk,(char *)v,n); } \ -int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \ - int (*cmp)(type **,type **)))(type **,type **) \ - { return (int (*)(type **,type **))sk_set_cmp_func((STACK *)sk,cmp); } \ -STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \ - { return (STACK_OF(type) *)sk_dup((STACK *)sk); } \ -void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)) \ - { sk_pop_free((STACK *)sk,func); } \ -type *sk_##type##_shift(STACK_OF(type) *sk) \ - { return (type *)sk_shift((STACK *)sk); } \ -type *sk_##type##_pop(STACK_OF(type) *sk) \ - { return (type *)sk_pop((STACK *)sk); } \ -void sk_##type##_sort(STACK_OF(type) *sk) \ - { sk_sort((STACK *)sk); } - -#endif /* ndef HEADER_SAFESTACK_H */ diff --git a/AppleCSP/open_ssl/openssl/sha.h b/AppleCSP/open_ssl/openssl/sha.h deleted file mode 100644 index a611ba75..00000000 --- a/AppleCSP/open_ssl/openssl/sha.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/sha/sha.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_SHA_H -#define HEADER_SHA_H - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(NO_SHA) || (defined(NO_SHA0) && defined(NO_SHA1)) -#error SHA is disabled. -#endif - -/* - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! SHA_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - -#if defined(WIN16) || defined(__LP32__) -#define SHA_LONG unsigned long -#elif defined(_CRAY) || defined(__ILP64__) -#define SHA_LONG unsigned long -#define SHA_LONG_LOG2 3 -#else -#define SHA_LONG unsigned int -#endif - -#define SHA_LBLOCK 16 -#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a - * contiguous array of 32 bit - * wide big-endian values. */ -#define SHA_LAST_BLOCK (SHA_CBLOCK-8) -#define SHA_DIGEST_LENGTH 20 - -typedef struct SHAstate_st - { - SHA_LONG h0,h1,h2,h3,h4; - SHA_LONG Nl,Nh; - SHA_LONG data[SHA_LBLOCK]; - int num; - } SHA_CTX; - -#ifndef NO_SHA0 -void SHA_Init(SHA_CTX *c); -void SHA_Update(SHA_CTX *c, const void *data, unsigned long len); -void SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md); -void SHA_Transform(SHA_CTX *c, const unsigned char *data); -#endif -#ifndef NO_SHA1 -void SHA1_Init(SHA_CTX *c); -void SHA1_Update(SHA_CTX *c, const void *data, unsigned long len); -void SHA1_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md); -void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -#endif -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/stack.h b/AppleCSP/open_ssl/openssl/stack.h deleted file mode 100644 index d126b5b1..00000000 --- a/AppleCSP/open_ssl/openssl/stack.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/stack/stack.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_STACK_H -#define HEADER_STACK_H - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct stack_st - { - int num; - char **data; - int sorted; - - int num_alloc; - int (*comp)(); - } STACK; - - -#define sk_new_null() sk_new(NULL) - -#define M_sk_num(sk) ((sk) ? (sk)->num:-1) -#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) - -int sk_num(STACK *); -char *sk_value(STACK *, int); - -char *sk_set(STACK *, int, char *); - -STACK *sk_new(int (*cmp)()); -void sk_free(STACK *); -void sk_pop_free(STACK *st, void (*func)()); -int sk_insert(STACK *sk,char *data,int where); -char *sk_delete(STACK *st,int loc); -char *sk_delete_ptr(STACK *st, char *p); -int sk_find(STACK *st,char *data); -int sk_push(STACK *st,char *data); -int sk_unshift(STACK *st,char *data); -char *sk_shift(STACK *st); -char *sk_pop(STACK *st); -void sk_zero(STACK *st); -int (*sk_set_cmp_func(STACK *sk, int (*c)()))(); -STACK *sk_dup(STACK *st); -void sk_sort(STACK *st); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/AppleCSP/open_ssl/openssl/x509.h b/AppleCSP/open_ssl/openssl/x509.h deleted file mode 100644 index b9cc05dd..00000000 --- a/AppleCSP/open_ssl/openssl/x509.h +++ /dev/null @@ -1,1222 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/x509/x509.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_X509_H -#define HEADER_X509_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef VMS -#undef X509_REVOKED_get_ext_by_critical -#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic -#endif - -#include -#include -#include - -#ifndef NO_RSA -#include -#endif - -#ifndef NO_DSA -#include -#endif - -#ifndef NO_DH -#include -#endif - -#include - - -#ifdef WIN32 -/* Under Win32 this is defined in wincrypt.h */ -#undef X509_NAME -#endif - -#define X509_FILETYPE_PEM 1 -#define X509_FILETYPE_ASN1 2 -#define X509_FILETYPE_DEFAULT 3 - -#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -#define X509v3_KU_NON_REPUDIATION 0x0040 -#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -#define X509v3_KU_KEY_AGREEMENT 0x0008 -#define X509v3_KU_KEY_CERT_SIGN 0x0004 -#define X509v3_KU_CRL_SIGN 0x0002 -#define X509v3_KU_ENCIPHER_ONLY 0x0001 -#define X509v3_KU_DECIPHER_ONLY 0x8000 -#define X509v3_KU_UNDEF 0xffff - -typedef struct X509_objects_st - { - int nid; - int (*a2i)(); - int (*i2a)(); - } X509_OBJECTS; - -typedef struct X509_algor_st - { - ASN1_OBJECT *algorithm; - ASN1_TYPE *parameter; - } X509_ALGOR; - -DECLARE_STACK_OF(X509_ALGOR) -DECLARE_ASN1_SET_OF(X509_ALGOR) - -typedef struct X509_val_st - { - ASN1_UTCTIME *notBefore; - ASN1_UTCTIME *notAfter; - } X509_VAL; - -typedef struct X509_pubkey_st - { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; - } X509_PUBKEY; - -typedef struct X509_sig_st - { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; - } X509_SIG; - -typedef struct X509_name_entry_st - { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; - int size; /* temp variable */ - } X509_NAME_ENTRY; - -DECLARE_STACK_OF(X509_NAME_ENTRY) -DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) - -/* we always keep X509_NAMEs in 2 forms. */ -typedef struct X509_name_st - { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; /* true if 'bytes' needs to be built */ -#ifdef HEADER_BUFFER_H - BUF_MEM *bytes; -#else - char *bytes; -#endif - unsigned long hash; /* Keep the hash around for lookups */ - } X509_NAME; - -DECLARE_STACK_OF(X509_NAME) - -#define X509_EX_V_NETSCAPE_HACK 0x8000 -#define X509_EX_V_INIT 0x0001 -typedef struct X509_extension_st - { - ASN1_OBJECT *object; - short critical; - short netscape_hack; - ASN1_OCTET_STRING *value; - struct v3_ext_method *method; /* V3 method to use */ - void *ext_val; /* extension value */ - } X509_EXTENSION; - -DECLARE_STACK_OF(X509_EXTENSION) -DECLARE_ASN1_SET_OF(X509_EXTENSION) - -/* a sequence of these are used */ -typedef struct x509_attributes_st - { - ASN1_OBJECT *object; - int set; /* 1 for a set, 0 for a single item (which is wrong) */ - union { - char *ptr; -/* 1 */ STACK_OF(ASN1_TYPE) *set; -/* 0 */ ASN1_TYPE *single; - } value; - } X509_ATTRIBUTE; - -DECLARE_STACK_OF(X509_ATTRIBUTE) -DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) - -typedef struct X509_req_info_st - { - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - int req_kludge; - } X509_REQ_INFO; - -typedef struct X509_req_st - { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - } X509_REQ; - -typedef struct x509_cinf_st - { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - } X509_CINF; - -/* This stuff is certificate "auxiliary info" - * it contains details which are useful in certificate - * stores and databases. When used this is tagged onto - * the end of the certificate itself - */ - -typedef struct x509_cert_aux_st - { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ - } X509_CERT_AUX; - -typedef struct x509_st - { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int valid; - int references; - char *name; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; -#ifndef NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -#endif - X509_CERT_AUX *aux; - } X509; - -DECLARE_STACK_OF(X509) -DECLARE_ASN1_SET_OF(X509) - -/* This is used for a table of trust checking functions */ - -typedef struct x509_trust_st { - int trust; - int flags; - int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *name; - int arg1; - void *arg2; -} X509_TRUST; - -DECLARE_STACK_OF(X509_TRUST) - -/* standard trust ids */ - -#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ - -#define X509_TRUST_COMPAT 1 -#define X509_TRUST_SSL_CLIENT 2 -#define X509_TRUST_SSL_SERVER 3 -#define X509_TRUST_EMAIL 4 -#define X509_TRUST_OBJECT_SIGN 5 - -/* Keep these up to date! */ -#define X509_TRUST_MIN 1 -#define X509_TRUST_MAX 5 - - -/* trust_flags values */ -#define X509_TRUST_DYNAMIC 1 -#define X509_TRUST_DYNAMIC_NAME 2 - -/* check_trust return codes */ - -#define X509_TRUST_TRUSTED 1 -#define X509_TRUST_REJECTED 2 -#define X509_TRUST_UNTRUSTED 3 - -typedef struct X509_revoked_st - { - ASN1_INTEGER *serialNumber; - ASN1_UTCTIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ *extensions; - int sequence; /* load sequence */ - } X509_REVOKED; - -DECLARE_STACK_OF(X509_REVOKED) -DECLARE_ASN1_SET_OF(X509_REVOKED) - -typedef struct X509_crl_info_st - { - ASN1_INTEGER *version; - X509_ALGOR *sig_alg; - X509_NAME *issuer; - ASN1_UTCTIME *lastUpdate; - ASN1_UTCTIME *nextUpdate; - STACK_OF(X509_REVOKED) *revoked; - STACK_OF(X509_EXTENSION) /* [0] */ *extensions; - } X509_CRL_INFO; - -typedef struct X509_crl_st - { - /* actual signature */ - X509_CRL_INFO *crl; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - } X509_CRL; - -DECLARE_STACK_OF(X509_CRL) -DECLARE_ASN1_SET_OF(X509_CRL) - -typedef struct private_key_st - { - int version; - /* The PKCS#8 data types */ - X509_ALGOR *enc_algor; - ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ - - /* When decrypted, the following will not be NULL */ - EVP_PKEY *dec_pkey; - - /* used to encrypt and decrypt */ - int key_length; - char *key_data; - int key_free; /* true if we should auto free key_data */ - - /* expanded version of 'enc_algor' */ - EVP_CIPHER_INFO cipher; - - int references; - } X509_PKEY; - -#ifdef HEADER_ENVELOPE_H -typedef struct X509_info_st - { - X509 *x509; - X509_CRL *crl; - X509_PKEY *x_pkey; - - EVP_CIPHER_INFO enc_cipher; - int enc_len; - char *enc_data; - - int references; - } X509_INFO; - -DECLARE_STACK_OF(X509_INFO) -#endif - -/* The next 2 structures and their 8 routines were sent to me by - * Pat Richard and are used to manipulate - * Netscapes spki structures - useful if you are writing a CA web page - */ -typedef struct Netscape_spkac_st - { - X509_PUBKEY *pubkey; - ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ - } NETSCAPE_SPKAC; - -typedef struct Netscape_spki_st - { - NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ - X509_ALGOR *sig_algor; - ASN1_BIT_STRING *signature; - } NETSCAPE_SPKI; - -/* Netscape certificate sequence structure */ -typedef struct Netscape_certificate_sequence - { - ASN1_OBJECT *type; - STACK_OF(X509) *certs; - } NETSCAPE_CERT_SEQUENCE; - -typedef struct CBCParameter_st - { - unsigned char iv[8]; - } CBC_PARAM; - -/* Password based encryption structure */ - -typedef struct PBEPARAM_st { -ASN1_OCTET_STRING *salt; -ASN1_INTEGER *iter; -} PBEPARAM; - -/* Password based encryption V2 structures */ - -typedef struct PBE2PARAM_st { -X509_ALGOR *keyfunc; -X509_ALGOR *encryption; -} PBE2PARAM; - -typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ -ASN1_INTEGER *iter; -ASN1_INTEGER *keylength; -X509_ALGOR *prf; -} PBKDF2PARAM; - - -/* PKCS#8 private key info structure */ - -typedef struct pkcs8_priv_key_info_st - { - int broken; /* Flag for various broken formats */ -#define PKCS8_OK 0 -#define PKCS8_NO_OCTET 1 -#define PKCS8_EMBEDDED_PARAM 2 -#define PKCS8_NS_DB 3 - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ - STACK_OF(X509_ATTRIBUTE) *attributes; - } PKCS8_PRIV_KEY_INFO; - -#include -#include - -#ifdef SSLEAY_MACROS -#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ - a->signature,(char *)a->cert_info,r) -#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ - a->sig_alg,a->signature,(char *)a->req_info,r) -#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ - a->sig_alg, a->signature,(char *)a->crl,r) - -#define X509_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ - x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) -#define X509_REQ_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ - x->signature, (char *)x->req_info,pkey,md) -#define X509_CRL_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ - x->signature, (char *)x->crl,pkey,md) -#define NETSCAPE_SPKI_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ - x->signature, (char *)x->spkac,pkey,md) - -#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ - (char *(*)())d2i_X509,(char *)x509) -#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ - (int (*)())i2d_X509_ATTRIBUTE, \ - (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) -#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ - (int (*)())i2d_X509_EXTENSION, \ - (char *(*)())d2i_X509_EXTENSION,(char *)ex) -#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) -#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) -#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) -#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) - -#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ - (char *(*)())d2i_X509_CRL,(char *)crl) -#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ - (unsigned char *)crl) -#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ - (unsigned char *)crl) - -#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ - (char *(*)())d2i_PKCS7,(char *)p7) -#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ - (unsigned char *)p7) -#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ - (unsigned char *)p7) - -#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ - (char *(*)())d2i_X509_REQ,(char *)req) -#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ - (unsigned char *)req) -#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ - (unsigned char *)req) - -#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ - (char *(*)())d2i_RSAPublicKey,(char *)rsa) -#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ - (char *(*)())d2i_RSAPrivateKey,(char *)rsa) - -#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ - (unsigned char *)rsa) - -#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ - (unsigned char *)rsa) - -#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ - (unsigned char *)dsa) -#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ - (unsigned char *)dsa) - -#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ - (char *(*)())d2i_X509_ALGOR,(char *)xn) - -#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ - (char *(*)())d2i_X509_NAME,(char *)xn) -#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ - (int (*)())i2d_X509_NAME_ENTRY, \ - (char *(*)())d2i_X509_NAME_ENTRY,\ - (char *)ne) - -#define X509_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) -#define X509_NAME_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - -#define X509_EXT_PACK_UNKNOWN 1 -#define X509_EXT_PACK_STRING 2 - -#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) -#define X509_extract_key(x) X509_get_pubkey(x) /*****/ -#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) -#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) -#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) - -#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -#define X509_CRL_get_issuer(x) ((x)->crl->issuer) -#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) - -/* This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ -#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - - -const char *X509_verify_cert_error_string(long n); - -#ifndef SSLEAY_MACROS -#ifdef HEADER_ENVELOPE_H -int X509_verify(X509 *a, EVP_PKEY *r); - -int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); -int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); -int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); - -NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); -char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); -EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); -int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); - -int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); - -int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); -int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); -int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); - -int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_NAME_digest(X509_NAME *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); -#endif - -#ifndef NO_FP_API -X509 *d2i_X509_fp(FILE *fp, X509 **x509); -int i2d_X509_fp(FILE *fp,X509 *x509); -X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); -int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); -X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); -int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); -#ifndef NO_RSA -RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); -int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); -RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); -int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); -RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); -int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); -#endif -#ifndef NO_DSA -DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); -int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); -DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); -int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); -#endif -X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); -int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf); -int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); -int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); -int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); -EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); -#endif - -#ifdef HEADER_BIO_H -X509 *d2i_X509_bio(BIO *bp,X509 **x509); -int i2d_X509_bio(BIO *bp,X509 *x509); -X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); -int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); -X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); -int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); -#ifndef NO_RSA -RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); -int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); -RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); -int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); -RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); -int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); -#endif -#ifndef NO_DSA -DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); -int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); -DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); -int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); -#endif -X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); -int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf); -int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); -int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); -int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); -EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); -#endif - -X509 *X509_dup(X509 *x509); -X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); -X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); -X509_CRL *X509_CRL_dup(X509_CRL *crl); -X509_REQ *X509_REQ_dup(X509_REQ *req); -X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); -X509_NAME *X509_NAME_dup(X509_NAME *xn); -X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#ifndef NO_RSA -RSA *RSAPublicKey_dup(RSA *rsa); -RSA *RSAPrivateKey_dup(RSA *rsa); -#endif - -#endif /* !SSLEAY_MACROS */ - -int X509_cmp_current_time(ASN1_UTCTIME *s); -ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); - -const char * X509_get_default_cert_area(void ); -const char * X509_get_default_cert_dir(void ); -const char * X509_get_default_cert_file(void ); -const char * X509_get_default_cert_dir_env(void ); -const char * X509_get_default_cert_file_env(void ); -const char * X509_get_default_private_dir(void ); - -X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); -void ERR_load_X509_strings(void ); - -X509_ALGOR * X509_ALGOR_new(void ); -void X509_ALGOR_free(X509_ALGOR *a); -int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp); -X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp, - long length); - -X509_VAL * X509_VAL_new(void ); -void X509_VAL_free(X509_VAL *a); -int i2d_X509_VAL(X509_VAL *a,unsigned char **pp); -X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp, - long length); - -X509_PUBKEY * X509_PUBKEY_new(void ); -void X509_PUBKEY_free(X509_PUBKEY *a); -int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp); -X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp, - long length); -int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); -int X509_get_pubkey_parameters(EVP_PKEY *pkey, - STACK_OF(X509) *chain); -int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); -EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, - long length); -#ifndef NO_RSA -int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); -RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, - long length); -#endif -#ifndef NO_DSA -int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); -DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, - long length); -#endif - -X509_SIG * X509_SIG_new(void ); -void X509_SIG_free(X509_SIG *a); -int i2d_X509_SIG(X509_SIG *a,unsigned char **pp); -X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length); - -X509_REQ_INFO *X509_REQ_INFO_new(void); -void X509_REQ_INFO_free(X509_REQ_INFO *a); -int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp); -X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp, - long length); - -X509_REQ * X509_REQ_new(void); -void X509_REQ_free(X509_REQ *a); -int i2d_X509_REQ(X509_REQ *a,unsigned char **pp); -X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length); - -X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); -void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); -int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp); -X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp, - long length); -X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); - - -X509_EXTENSION *X509_EXTENSION_new(void ); -void X509_EXTENSION_free(X509_EXTENSION *a); -int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp); -X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp, - long length); - -X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); -void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); -int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp); -X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp, - long length); - -X509_NAME * X509_NAME_new(void); -void X509_NAME_free(X509_NAME *a); -int i2d_X509_NAME(X509_NAME *a,unsigned char **pp); -X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length); -int X509_NAME_set(X509_NAME **xn, X509_NAME *name); - - -X509_CINF * X509_CINF_new(void); -void X509_CINF_free(X509_CINF *a); -int i2d_X509_CINF(X509_CINF *a,unsigned char **pp); -X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length); - -X509 * X509_new(void); -void X509_free(X509 *a); -int i2d_X509(X509 *a,unsigned char **pp); -X509 * d2i_X509(X509 **a,unsigned char **pp,long length); -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int X509_set_ex_data(X509 *r, int idx, void *arg); -void *X509_get_ex_data(X509 *r, int idx); -int i2d_X509_AUX(X509 *a,unsigned char **pp); -X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); - -X509_CERT_AUX * X509_CERT_AUX_new(void); -void X509_CERT_AUX_free(X509_CERT_AUX *a); -int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp); -X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp, - long length); -int X509_alias_set1(X509 *x, unsigned char *name, int len); -unsigned char * X509_alias_get0(X509 *x, int *len); -int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); -int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); -int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); -void X509_trust_clear(X509 *x); -void X509_reject_clear(X509 *x); - -X509_REVOKED * X509_REVOKED_new(void); -void X509_REVOKED_free(X509_REVOKED *a); -int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp); -X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length); - -X509_CRL_INFO *X509_CRL_INFO_new(void); -void X509_CRL_INFO_free(X509_CRL_INFO *a); -int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp); -X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp, - long length); - -X509_CRL * X509_CRL_new(void); -void X509_CRL_free(X509_CRL *a); -int i2d_X509_CRL(X509_CRL *a,unsigned char **pp); -X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); - -X509_PKEY * X509_PKEY_new(void ); -void X509_PKEY_free(X509_PKEY *a); -int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); -X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); - -NETSCAPE_SPKI * NETSCAPE_SPKI_new(void ); -void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); -int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp); -NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp, - long length); - -NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void ); -void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); -int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp); -NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp, - long length); - - -int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp); -NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void); -NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length); -void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a); - -#ifdef HEADER_ENVELOPE_H -X509_INFO * X509_INFO_new(void); -void X509_INFO_free(X509_INFO *a); -char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); - -int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, - ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); - -int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, - unsigned char *md,unsigned int *len); - -int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, - char *data,EVP_PKEY *pkey, const EVP_MD *type); -#endif - -int X509_set_version(X509 *x,long version); -int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); -ASN1_INTEGER * X509_get_serialNumber(X509 *x); -int X509_set_issuer_name(X509 *x, X509_NAME *name); -X509_NAME * X509_get_issuer_name(X509 *a); -int X509_set_subject_name(X509 *x, X509_NAME *name); -X509_NAME * X509_get_subject_name(X509 *a); -int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); -int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); -int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); -EVP_PKEY * X509_get_pubkey(X509 *x); -int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); - -int X509_REQ_set_version(X509_REQ *x,long version); -int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); -int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); -EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); -int X509_REQ_extension_nid(int nid); -int * X509_REQ_get_extension_nids(void); -void X509_REQ_set_extension_nids(int *nids); -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); -int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid); -int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); -int X509_REQ_get_attr_count(const X509_REQ *req); -int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, - int lastpos); -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos); -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); -X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); -int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); -int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - ASN1_OBJECT *obj, int type, - unsigned char *bytes, int len); -int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - unsigned char *bytes, int len); -int X509_REQ_add1_attr_by_txt(X509_REQ *req, - char *attrname, int type, - unsigned char *bytes, int len); - -int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); - -int X509_issuer_and_serial_cmp(X509 *a, X509 *b); -unsigned long X509_issuer_and_serial_hash(X509 *a); - -int X509_issuer_name_cmp(X509 *a, X509 *b); -unsigned long X509_issuer_name_hash(X509 *a); - -int X509_subject_name_cmp(X509 *a,X509 *b); -unsigned long X509_subject_name_hash(X509 *x); - -int X509_cmp (X509 *a, X509 *b); -int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); -unsigned long X509_NAME_hash(X509_NAME *x); - -int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); -#ifndef NO_FP_API -int X509_print_fp(FILE *bp,X509 *x); -int X509_CRL_print_fp(FILE *bp,X509_CRL *x); -int X509_REQ_print_fp(FILE *bp,X509_REQ *req); -#endif - -#ifdef HEADER_BIO_H -int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -int X509_print(BIO *bp,X509 *x); -int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); -int X509_CRL_print(BIO *bp,X509_CRL *x); -int X509_REQ_print(BIO *bp,X509_REQ *req); -#endif - -int X509_NAME_entry_count(X509_NAME *name); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, - char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, - char *buf,int len); - -/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use - * lastpos, search after that position on. */ -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, - int lastpos); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, - int loc, int set); -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, - unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - unsigned char *bytes, int len, int loc, int set); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type,unsigned char *bytes, int len); -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type,unsigned char *bytes, - int len); -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, - ASN1_OBJECT *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len); -ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); - -int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); -int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, - int nid, int lastpos); -int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, - ASN1_OBJECT *obj,int lastpos); -int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, - int crit, int lastpos); -X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); -X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); -STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); - -int X509_get_ext_count(X509 *x); -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -X509_EXTENSION *X509_get_ext(X509 *x, int loc); -X509_EXTENSION *X509_delete_ext(X509 *x, int loc); -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); - -int X509_CRL_get_ext_count(X509_CRL *x); -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); -X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); - -int X509_REVOKED_get_ext_count(X509_REVOKED *x); -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); -X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); - -X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, - int nid, int crit, ASN1_OCTET_STRING *data); -X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); -int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); -int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); -int X509_EXTENSION_set_data(X509_EXTENSION *ex, - ASN1_OCTET_STRING *data); -ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); -ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); -int X509_EXTENSION_get_critical(X509_EXTENSION *ex); - -int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); -int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); -int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, - int lastpos); -X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); -X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - ASN1_OBJECT *obj, int type, - unsigned char *bytes, int len); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - unsigned char *bytes, int len); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - char *attrname, int type, - unsigned char *bytes, int len); -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, void *data, int len); -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - ASN1_OBJECT *obj, int atrtype, void *data, int len); -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - char *atrname, int type, unsigned char *bytes, int len); -int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj); -int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len); -void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - int atrtype, void *data); -int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); -ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); -ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); - -int X509_verify_cert(X509_STORE_CTX *ctx); - -/* lookup a cert from a X509 STACK */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, - ASN1_INTEGER *serial); -X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); - -int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp); -PBEPARAM *PBEPARAM_new(void); -PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length); -void PBEPARAM_free(PBEPARAM *a); -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); -X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen); - -int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp); -PBKDF2PARAM *PBKDF2PARAM_new(void); -PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length); -void PBKDF2PARAM_free(PBKDF2PARAM *a); - -int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp); -PBE2PARAM *PBE2PARAM_new(void); -PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length); -void PBE2PARAM_free(PBE2PARAM *a); - -/* PKCS#8 utilities */ - -int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp); -PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, - unsigned char **pp, long length); -void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); - -EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); -PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); - -int X509_check_trust(X509 *x, int id, int flags); -int X509_TRUST_get_count(void); -X509_TRUST * X509_TRUST_get0(int idx); -int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2); -void X509_TRUST_cleanup(void); -int X509_TRUST_get_flags(X509_TRUST *xp); -char *X509_TRUST_get0_name(X509_TRUST *xp); -int X509_TRUST_get_trust(X509_TRUST *xp); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -/* Error codes for the X509 functions. */ - -/* Function codes. */ -#define X509_F_ADD_CERT_DIR 100 -#define X509_F_BY_FILE_CTRL 101 -#define X509_F_DIR_CTRL 102 -#define X509_F_GET_CERT_BY_SUBJECT 103 -#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 -#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 -#define X509_F_X509V3_ADD_EXT 104 -#define X509_F_X509_ADD_ATTR 135 -#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 -#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 -#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 -#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 -#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 -#define X509_F_X509_CHECK_PRIVATE_KEY 128 -#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 -#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 -#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 -#define X509_F_X509_LOAD_CERT_CRL_FILE 132 -#define X509_F_X509_LOAD_CERT_FILE 111 -#define X509_F_X509_LOAD_CRL_FILE 112 -#define X509_F_X509_NAME_ADD_ENTRY 113 -#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 -#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 -#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 -#define X509_F_X509_NAME_ONELINE 116 -#define X509_F_X509_NAME_PRINT 117 -#define X509_F_X509_PRINT_FP 118 -#define X509_F_X509_PUBKEY_GET 119 -#define X509_F_X509_PUBKEY_SET 120 -#define X509_F_X509_REQ_PRINT 121 -#define X509_F_X509_REQ_PRINT_FP 122 -#define X509_F_X509_REQ_TO_X509 123 -#define X509_F_X509_STORE_ADD_CERT 124 -#define X509_F_X509_STORE_ADD_CRL 125 -#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 -#define X509_F_X509_TO_X509_REQ 126 -#define X509_F_X509_TRUST_ADD 133 -#define X509_F_X509_VERIFY_CERT 127 - -/* Reason codes. */ -#define X509_R_BAD_X509_FILETYPE 100 -#define X509_R_BASE64_DECODE_ERROR 118 -#define X509_R_CANT_CHECK_DH_KEY 114 -#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 -#define X509_R_ERR_ASN1_LIB 102 -#define X509_R_INVALID_DIRECTORY 113 -#define X509_R_INVALID_FIELD_NAME 119 -#define X509_R_KEY_TYPE_MISMATCH 115 -#define X509_R_KEY_VALUES_MISMATCH 116 -#define X509_R_LOADING_CERT_DIR 103 -#define X509_R_LOADING_DEFAULTS 104 -#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 -#define X509_R_SHOULD_RETRY 106 -#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 -#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 -#define X509_R_UNKNOWN_KEY_TYPE 117 -#define X509_R_UNKNOWN_NID 109 -#define X509_R_UNKNOWN_PURPOSE_ID 121 -#define X509_R_UNKNOWN_TRUST_ID 120 -#define X509_R_UNSUPPORTED_ALGORITHM 111 -#define X509_R_WRONG_LOOKUP_TYPE 112 -#define X509_R_WRONG_TYPE 122 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/openssl/x509_vfy.h b/AppleCSP/open_ssl/openssl/x509_vfy.h deleted file mode 100644 index 7ddfde7b..00000000 --- a/AppleCSP/open_ssl/openssl/x509_vfy.h +++ /dev/null @@ -1,380 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/x509/x509_vfy.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_X509_H -#include -/* openssl/x509.h ends up #include-ing this file at about the only - * appropriate moment. */ -#endif - -#ifndef HEADER_X509_VFY_H -#define HEADER_X509_VFY_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -/* Outer object */ -typedef struct x509_hash_dir_st - { - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; - } X509_HASH_DIR_CTX; - -typedef struct x509_file_st - { - int num_paths; /* number of paths to files or directories */ - int num_alloced; - char **paths; /* the list of paths or directories */ - int *path_type; - } X509_CERT_FILE_CTX; - -/*******************************/ -/* -SSL_CTX -> X509_STORE - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -SSL -> X509_STORE_CTX - ->X509_STORE - -The X509_STORE holds the tables etc for verification stuff. -A X509_STORE_CTX is used while validating a single certificate. -The X509_STORE has X509_LOOKUPs for looking up certs. -The X509_STORE then calls a function to actually verify the -certificate chain. -*/ - -#define X509_LU_RETRY -1 -#define X509_LU_FAIL 0 -#define X509_LU_X509 1 -#define X509_LU_CRL 2 -#define X509_LU_PKEY 3 - -typedef struct x509_object_st - { - /* one of the above types */ - int type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; - } X509_OBJECT; - -typedef struct x509_lookup_st X509_LOOKUP; - -DECLARE_STACK_OF(X509_LOOKUP) - -/* This is a static that defines the function interface */ -typedef struct x509_lookup_method_st - { - const char *name; - int (*new_item)(X509_LOOKUP *ctx); - void (*free)(X509_LOOKUP *ctx); - int (*init)(X509_LOOKUP *ctx); - int (*shutdown)(X509_LOOKUP *ctx); - int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, - char **ret); - int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, - X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, - ASN1_INTEGER *serial,X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, - unsigned char *bytes,int len, - X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, - X509_OBJECT *ret); - } X509_LOOKUP_METHOD; - -typedef struct x509_store_state_st X509_STORE_CTX; - -/* This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' - * function is then called to actually check the cert chain. */ -typedef struct x509_store_st - { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ -#ifdef HEADER_LHASH_H - LHASH *certs; /* cached certs; */ -#else - char *certs; -#endif - - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - - CRYPTO_EX_DATA ex_data; - int references; - int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ - } X509_STORE; - -#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) - -#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st - { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ - - X509_STORE *store_ctx; /* who owns us */ - }; - -/* This is a temporary used when processing cert chains. Since the - * gathering of the cert chain can take some time (and have to be - * 'retried', this needs to be kept and passed around. */ -struct x509_store_state_st /* X509_STORE_CTX */ - { - X509_STORE *ctx; - int current_method; /* used when looking up certs */ - - /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - - /* The following is built up */ - int depth; /* how far to go looking up certs */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* index of last untrusted cert */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - - CRYPTO_EX_DATA ex_data; - }; - -#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) - -#define X509_STORE_CTX_set_app_data(ctx,data) \ - X509_STORE_CTX_set_ex_data(ctx,0,data) -#define X509_STORE_CTX_get_app_data(ctx) \ - X509_STORE_CTX_get_ex_data(ctx,0) - -#define X509_L_FILE_LOAD 1 -#define X509_L_ADD_DIR 2 - -#define X509_LOOKUP_load_file(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) - -#define X509_LOOKUP_add_dir(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) - -#define X509_V_OK 0 -/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ - -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -#define X509_V_ERR_UNABLE_TO_GET_CRL 3 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 -#define X509_V_ERR_CERT_HAS_EXPIRED 10 -#define X509_V_ERR_CRL_NOT_YET_VALID 11 -#define X509_V_ERR_CRL_HAS_EXPIRED 12 -#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -#define X509_V_ERR_OUT_OF_MEM 17 -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -#define X509_V_ERR_CERT_REVOKED 23 -#define X509_V_ERR_INVALID_CA 24 -#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -#define X509_V_ERR_INVALID_PURPOSE 26 -#define X509_V_ERR_CERT_UNTRUSTED 27 -#define X509_V_ERR_CERT_REJECTED 28 - -/* The application is not happy */ -#define X509_V_ERR_APPLICATION_VERIFICATION 50 - - /* These functions are being redefined in another directory, - and clash when the linker is case-insensitive, so let's - hide them a little, by giving them an extra 'o' at the - beginning of the name... */ -#ifdef VMS -#undef X509v3_cleanup_extensions -#define X509v3_cleanup_extensions oX509v3_cleanup_extensions -#undef X509v3_add_extension -#define X509v3_add_extension oX509v3_add_extension -#undef X509v3_add_netscape_extensions -#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions -#undef X509v3_add_standard_extensions -#define X509v3_add_standard_extensions oX509v3_add_standard_extensions -#endif - -#ifdef HEADER_LHASH_H -X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name); -#endif -void X509_OBJECT_up_ref_count(X509_OBJECT *a); -void X509_OBJECT_free_contents(X509_OBJECT *a); -X509_STORE *X509_STORE_new(void ); -void X509_STORE_free(X509_STORE *v); - -X509_STORE_CTX *X509_STORE_CTX_new(void); -void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, - X509 *x509, STACK_OF(X509) *chain); -void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); - -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); - -X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); -X509_LOOKUP_METHOD *X509_LOOKUP_file(void); - -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - -int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, - X509_OBJECT *ret); - -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); - -#ifndef NO_STDIO -int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); -int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); -int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); -#endif - - -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); -void X509_LOOKUP_free(X509_LOOKUP *ctx); -int X509_LOOKUP_init(X509_LOOKUP *ctx); -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret); -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - unsigned char *bytes, int len, X509_OBJECT *ret); -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, - int len, X509_OBJECT *ret); -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); - -#ifndef NO_STDIO -int X509_STORE_load_locations (X509_STORE *ctx, - const char *file, const char *dir); -int X509_STORE_set_default_paths(X509_STORE *ctx); -#endif - -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); -void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); -void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); -X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); -void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); -void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); -int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); -int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust); - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/AppleCSP/open_ssl/opensslUtils/opensslAsn1.cpp b/AppleCSP/open_ssl/opensslUtils/opensslAsn1.cpp deleted file mode 100644 index 27a837ad..00000000 --- a/AppleCSP/open_ssl/opensslUtils/opensslAsn1.cpp +++ /dev/null @@ -1,1686 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * opensslAsn1.h - ANS1 encode/decode of openssl object, libssnasn1 version - */ -#include "opensslAsn1.h" -#include "BinaryKey.h" -#include "AppleCSPUtils.h" -#include "osKeyTemplates.h" -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -#define sslAsn1Debug(args...) secdebug("sslAsn1", ##args) - -#ifndef NDEBUG -#include -#include - -static void logAsnErr( - const char *op, - PRErrorCode perr) -{ - printf("Error on %s: %s\n", op, SECErrorString(perr)); -} -#else -#define logAsnErr(op, perr) -#endif - -/* CSSM_DATA --> BIGNUM */ -BIGNUM *cssmDataToBn( - const CSSM_DATA &cdata) -{ - BIGNUM *bn = BN_new(); - BIGNUM *rtn; - - rtn = BN_bin2bn(cdata.Data, cdata.Length, bn); - if(rtn == NULL) { - BN_free(bn); - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - return bn; -} - -/* BIGNUM --> CSSM_DATA, mallocing from a SecNssCoder's PL_ArenaPool */ -void bnToCssmData( - const BIGNUM *bn, - CSSM_DATA &cdata, - SecNssCoder &coder) -{ - assert(bn != NULL); - unsigned numBytes = BN_num_bytes(bn); - cdata.Data = (uint8 *)coder.malloc(numBytes); - if(cdata.Data == NULL) { - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); - } - cdata.Length = numBytes; - BN_bn2bin(bn, cdata.Data); -} - -/* - * CSSM_DATA --> unsigned int - */ -unsigned cssmDataToInt( - const CSSM_DATA &cdata) -{ - if((cdata.Length == 0) || (cdata.Data == NULL)) { - return 0; - } - unsigned len = (unsigned)cdata.Length; - if(len > sizeof(int)) { - logAsnErr("cssmDataToInt: Length error (%u)", len); - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); - } - - unsigned rtn = 0; - uint8 *cp = cdata.Data; - for(unsigned i=0; i CSSM_DATA, mallocing from an SecNssCoder - */ -void intToCssmData( - unsigned num, - CSSM_DATA &cdata, - SecNssCoder &coder) -{ - unsigned len = 0; - - if(num < 0x100) { - len = 1; - } - else if(num < 0x10000) { - len = 2; - } - else if(num < 0x1000000) { - len = 3; - } - else { - len = 4; - } - cdata.Data = (uint8 *)coder.malloc(len); - cdata.Length = len; - uint8 *cp = &cdata.Data[len - 1]; - for(unsigned i=0; i>= 8; - } -} - -/* - * Set up a encoded NULL for AlgorithmIdentifier.parameters, - * required for RSA - */ -static void nullAlgParams( - CSSM_X509_ALGORITHM_IDENTIFIER &algId) -{ - static const uint8 encNull[2] = { SEC_ASN1_NULL, 0 }; - CSSM_DATA encNullData; - encNullData.Data = (uint8 *)encNull; - encNullData.Length = 2; - - algId.parameters = encNullData; -} - -#pragma mark - -#pragma mark *** RSA key encode/decode *** - -/* - * DER encode/decode RSA keys in various formats. - * - * Public key, CSSM_KEYBLOB_RAW_FORMAT_PKCS1 - * -- compatible with BSAFE - * -- used for CSSM_KEYBLOB_RAW_FORMAT_DIGEST on both keys - */ -static CSSM_RETURN RSAPublicKeyDecodePKCS1( - SecNssCoder &coder, - RSA *openKey, - void *p, - size_t length) -{ - NSS_RSAPublicKeyPKCS1 nssPubKey; - - memset(&nssPubKey, 0, sizeof(nssPubKey)); - PRErrorCode perr = coder.decode(p, length, - NSS_RSAPublicKeyPKCS1Template, &nssPubKey); - if(perr) { - logAsnErr("decode(RSAPublicKeyPKCS1)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - try { - openKey->n = cssmDataToBn(nssPubKey.modulus); - openKey->e = cssmDataToBn(nssPubKey.publicExponent); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -static CSSM_RETURN RSAPublicKeyEncodePKCS1( - SecNssCoder &coder, - RSA *openKey, - CssmOwnedData &encodedKey) -{ - /* convert to NSS_RSAPublicKeyPKCS1 */ - NSS_RSAPublicKeyPKCS1 nssPubKey; - - try { - bnToCssmData(openKey->n, nssPubKey.modulus, coder); - bnToCssmData(openKey->e, nssPubKey.publicExponent, coder); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - - PRErrorCode prtn; - prtn = SecNssEncodeItemOdata(&nssPubKey, - NSS_RSAPublicKeyPKCS1Template, encodedKey); - if(prtn) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -/* - * SubjectPublicKeyInfo, as used by openssl. - * The subjectPublicKey component is a PKCS1-style RSAPublicKey. - */ -static CSSM_RETURN RSAPublicKeyDecodeX509( - SecNssCoder &coder, - RSA *openKey, - void *p, - size_t length) -{ - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO nssPubKeyInfo; - PRErrorCode perr; - - memset(&nssPubKeyInfo, 0, sizeof(nssPubKeyInfo)); - perr = coder.decode(p, length, NSS_SubjectPublicKeyInfoTemplate, - &nssPubKeyInfo); - if(perr) { - logAsnErr("decode(RSA SubjectPublicKeyInfo)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* verify alg identifier */ - const CSSM_OID *oid = &nssPubKeyInfo.algorithm.algorithm; - if(!cspCompareCssmData(oid, &CSSMOID_RSA)) { - sslAsn1Debug("RSAPublicKeyDecodeX509: bad OID"); - return CSSMERR_CSP_INVALID_KEY; - } - - /* decode the raw bits */ - CSSM_DATA *pubKey = &nssPubKeyInfo.subjectPublicKey; - /* decoded length was in bits */ - pubKey->Length = (pubKey->Length + 7) / 8; - return RSAPublicKeyDecodePKCS1(coder, openKey, pubKey->Data, - pubKey->Length); -} - -static CSSM_RETURN RSAPublicKeyEncodeX509( - SecNssCoder &coder, - RSA *openKey, - CssmOwnedData &encodedKey) -{ - CssmAutoData aData(CssmAllocator::standard()); - CSSM_RETURN crtn; - - /* First get an encoded PKCS1-style RSAPublicKey */ - crtn = RSAPublicKeyEncodePKCS1(coder, openKey, aData); - if(crtn) { - return crtn; - } - - /* - * That's the AsnBits subjectPublicKey component of a - * SubjectPublicKeyInfo - */ - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO nssPubKeyInfo; - memset(&nssPubKeyInfo, 0, sizeof(nssPubKeyInfo)); - nssPubKeyInfo.subjectPublicKey.Data = (uint8 *)aData.data(); - nssPubKeyInfo.subjectPublicKey.Length = aData.length() * 8; - - CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssPubKeyInfo.algorithm; - algId.algorithm = CSSMOID_RSA; - - /* NULL algorithm paramneters, always in this case */ - nullAlgParams(algId); - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPubKeyInfo, - NSS_SubjectPublicKeyInfoTemplate, encodedKey); - - if(perr) { - logAsnErr("encode(RSA SubjectPublicKeyInfo)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -/* - * RSA private key, PKCS1 format, used by openssl. - */ -static CSSM_RETURN RSAPrivateKeyDecodePKCS1( - SecNssCoder &coder, - RSA *openKey, - void *p, - size_t length) -{ - NSS_RSAPrivateKeyPKCS1 nssPrivKey; - PRErrorCode perr; - - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - perr = coder.decode(p, length, NSS_RSAPrivateKeyPKCS1Template, &nssPrivKey); - if(perr) { - logAsnErr("decode(RSAPrivateKeyPKCS)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* convert nssPrivKey fields to RSA key fields */ - try { - openKey->version = cssmDataToInt(nssPrivKey.version); - openKey->n = cssmDataToBn(nssPrivKey.modulus); - openKey->e = cssmDataToBn(nssPrivKey.publicExponent); - openKey->d = cssmDataToBn(nssPrivKey.privateExponent); - openKey->p = cssmDataToBn(nssPrivKey.prime1); - openKey->q = cssmDataToBn(nssPrivKey.prime2); - openKey->dmp1 = cssmDataToBn(nssPrivKey.exponent1); - openKey->dmq1 = cssmDataToBn(nssPrivKey.exponent2); - openKey->iqmp = cssmDataToBn(nssPrivKey.coefficient); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -static CSSM_RETURN RSAPrivateKeyEncodePKCS1( - SecNssCoder &coder, - RSA *openKey, - CssmOwnedData &encodedKey) -{ - NSS_RSAPrivateKeyPKCS1 nssPrivKey; - PRErrorCode perr; - - /* convert to NSS_RSAPrivateKeyPKCS1 */ - try { - intToCssmData(openKey->version, nssPrivKey.version, coder); - bnToCssmData(openKey->n, nssPrivKey.modulus, coder); - bnToCssmData(openKey->e, nssPrivKey.publicExponent, coder); - bnToCssmData(openKey->d, nssPrivKey.privateExponent, coder); - bnToCssmData(openKey->p, nssPrivKey.prime1, coder); - bnToCssmData(openKey->q, nssPrivKey.prime2, coder); - bnToCssmData(openKey->dmp1, nssPrivKey.exponent1, coder); - bnToCssmData(openKey->dmq1, nssPrivKey.exponent2, coder); - bnToCssmData(openKey->iqmp, nssPrivKey.coefficient, coder); - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - - /* DER encode */ - perr = SecNssEncodeItemOdata(&nssPrivKey, NSS_RSAPrivateKeyPKCS1Template, - encodedKey); - if(perr) { - logAsnErr("encode(RSAPrivateKeyPKCS1)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -/* - * RSA private key, PKCS8, compatible with BSAFE. - */ -static CSSM_RETURN RSAPrivateKeyDecodePKCS8( - SecNssCoder &coder, - RSA *openKey, - void *p, - size_t length) -{ - NSS_PrivateKeyInfo nssPrivKeyInfo; - PRErrorCode perr; - - memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo)); - perr = coder.decode(p, length, NSS_PrivateKeyInfoTemplate, &nssPrivKeyInfo); - if(perr) { - logAsnErr("decode(PrivateKeyInfo)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* verify alg identifier */ - const CSSM_OID *oid = &nssPrivKeyInfo.algorithm.algorithm; - if(!cspCompareCssmData(oid, &CSSMOID_RSA)) { - sslAsn1Debug("RSAPrivateKeyDecodePKCS8: bad OID"); - return CSSMERR_CSP_INVALID_KEY; - } - - /* - * nssPrivKeyInfo.privateKey is an octet string which needs - * subsequent decoding - */ - CSSM_DATA *privKey = &nssPrivKeyInfo.privateKey; - return RSAPrivateKeyDecodePKCS1(coder, openKey, - privKey->Data, privKey->Length); -} - -static CSSM_RETURN RSAPrivateKeyEncodePKCS8( - SecNssCoder &coder, - RSA *openKey, - CssmOwnedData &encodedKey) -{ - - /* First get PKCS1-style encoding */ - CssmAutoData aData(CssmAllocator::standard()); - CSSM_RETURN crtn = RSAPrivateKeyEncodePKCS1(coder, openKey, aData); - if(crtn) { - return crtn; - } - - /* that encoding is the privateKey field of a NSS_PrivateKeyInfo */ - NSS_PrivateKeyInfo nssPrivKeyInfo; - memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo)); - nssPrivKeyInfo.privateKey.Data = (uint8 *)aData.data(); - nssPrivKeyInfo.privateKey.Length = aData.length(); - - CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssPrivKeyInfo.algorithm; - algId.algorithm = CSSMOID_RSA; - - /* NULL algorithm paramneters, always in this case */ - nullAlgParams(algId); - - /* FIXME : attributes? */ - - uint8 vers = 0; - nssPrivKeyInfo.version.Data = &vers; - nssPrivKeyInfo.version.Length = 1; - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPrivKeyInfo, - NSS_PrivateKeyInfoTemplate, encodedKey); - - if(perr) { - logAsnErr("encode(RSA PrivateKeyInfo)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -CSSM_RETURN RSAPublicKeyDecode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - return RSAPublicKeyDecodePKCS1(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return RSAPublicKeyDecodeX509(coder, openKey, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN RSAPublicKeyEncode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - return RSAPublicKeyEncodePKCS1(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return RSAPublicKeyEncodeX509(coder, openKey, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN RSAPrivateKeyDecode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - return RSAPrivateKeyDecodePKCS1(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return RSAPrivateKeyDecodePKCS8(coder, openKey, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN RSAPrivateKeyEncode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - return RSAPrivateKeyEncodePKCS1(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return RSAPrivateKeyEncodePKCS8(coder, openKey, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -#pragma mark - -#pragma mark *** DSA key encode/decode *** - -/*** - *** DSA - ***/ - -/* NSS_DSAAlgorithmIdBSAFE <--> DSA->{p,g,q} */ -static void dsaToNssAlgIdBSAFE( - const DSA *openKey, - NSS_DSAAlgorithmIdBSAFE &algId, - SecNssCoder &coder) -{ - /* non-standard, BSAFE-specific OID */ - algId.algorithm = CSSMOID_DSA; // not mallocd - unsigned numBits = BN_num_bits(openKey->p); - intToCssmData(numBits, algId.params.keySizeInBits, coder); - bnToCssmData(openKey->p, algId.params.p, coder); - bnToCssmData(openKey->q, algId.params.q, coder); - bnToCssmData(openKey->g, algId.params.g, coder); -} - -static CSSM_RETURN nssAlgIdToDsaBSAFE( - NSS_DSAAlgorithmIdBSAFE &algId, - DSA *openKey) -{ - /* non-standard, BSAFE-specific OID */ - if(!cspCompareCssmData(&algId.algorithm, &CSSMOID_DSA)) { - sslAsn1Debug("nssAlgIdToDsaBSAFE: bad OID"); - return CSSMERR_CSP_INVALID_KEY; - } - openKey->p = cssmDataToBn(algId.params.p); - openKey->q = cssmDataToBn(algId.params.q); - openKey->g = cssmDataToBn(algId.params.g); - return CSSM_OK; -} - -/* NSS_DSAAlgorithmIdX509 <--> DSA->{p,g,q} */ -static void dsaToNssAlgIdX509( - const DSA *openKey, - NSS_DSAAlgorithmIdX509 &algId, - SecNssCoder &coder) -{ - algId.algorithm = CSSMOID_DSA_CMS; // not mallocd - bnToCssmData(openKey->p, algId.params->p, coder); - bnToCssmData(openKey->q, algId.params->q, coder); - bnToCssmData(openKey->g, algId.params->g, coder); -} - -static CSSM_RETURN nssAlgIdToDsaX509( - NSS_DSAAlgorithmIdX509 &algId, - DSA *openKey) -{ - if(!cspCompareCssmData(&algId.algorithm, &CSSMOID_DSA_CMS) && - !cspCompareCssmData(&algId.algorithm, &CSSMOID_DSA_JDK)) { - sslAsn1Debug("nssAlgIdToDsaX509: bad OID"); - return CSSMERR_CSP_INVALID_KEY; - } - /* these might be absent per CMS */ - if(algId.params == NULL) { - return CSSM_OK; - } - openKey->p = cssmDataToBn(algId.params->p); - openKey->q = cssmDataToBn(algId.params->q); - openKey->g = cssmDataToBn(algId.params->g); - return CSSM_OK; -} - -/* - * DSA public keys, FIPS186 format. - * Compatible with BSAFE. - */ -CSSM_RETURN DSAPublicKeyDecodeFIPS186( - SecNssCoder &coder, - DSA *openKey, - void *p, - unsigned length) -{ - NSS_DSAPublicKeyBSAFE nssPubKey; - PRErrorCode perr; - CSSM_RETURN crtn; - - memset(&nssPubKey, 0, sizeof(nssPubKey)); - perr = coder.decode(p, length, NSS_DSAPublicKeyBSAFETemplate, - &nssPubKey); - if(perr) { - logAsnErr("decode(DSAPublicKeyBSAFE)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* BSAFE style DSA-specific alg params */ - NSS_DSAAlgorithmIdBSAFE &algId = nssPubKey.dsaAlg; - crtn = nssAlgIdToDsaBSAFE(algId, openKey); - if(crtn) { - return crtn; - } - - /* inside of nssPubKey.publicKey is the DER-encoding of a - * ASN Integer; decoded length was in bits */ - nssPubKey.publicKey.Length = (nssPubKey.publicKey.Length + 7) / 8; - CSSM_DATA pubKeyBytes; - perr = coder.decodeItem(nssPubKey.publicKey, - SEC_UnsignedIntegerTemplate, - &pubKeyBytes); - if(perr) { - logAsnErr("decode(NSS_DSAPublicKeyBSAFE.publicKey)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - openKey->pub_key = cssmDataToBn(pubKeyBytes); - - if(openKey->pub_key == NULL) { - return CSSMERR_CSP_INVALID_KEY; - } - return 0; -} - -CSSM_RETURN DSAPublicKeyEncodeFIPS186( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - try { - /* convert to NSS_DSAPublicKeyBSAFE */ - NSS_DSAPublicKeyBSAFE nssPubKey; - memset(&nssPubKey, 0, sizeof(nssPubKey)); - dsaToNssAlgIdBSAFE(openKey, nssPubKey.dsaAlg, coder); - - /* - * publicKey is the DER-encoding of a ASN INTEGER wrapped in - * an AsnBits - */ - CSSM_DATA pubKeyRaw; - PRErrorCode perr; - bnToCssmData(openKey->pub_key, pubKeyRaw, coder); - perr = coder.encodeItem(&pubKeyRaw, SEC_UnsignedIntegerTemplate, - nssPubKey.publicKey); - if(perr) { - logAsnErr("encodeItem(DSAPublicKeyBSAFE.publicKey)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - nssPubKey.publicKey.Length *= 8; - - /* DER encode */ - SecNssEncodeItemOdata(&nssPubKey, NSS_DSAPublicKeyBSAFETemplate, - encodedKey); - return CSSM_OK; - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -/* - * DSA private keys, FIPS186 format. - * Compatible with BSAFE. - */ -CSSM_RETURN DSAPrivateKeyDecodeFIPS186( - SecNssCoder &coder, - DSA *openKey, - void *p, - unsigned length) -{ - NSS_DSAPrivateKeyBSAFE nssPrivKeyInfo; - PRErrorCode perr; - - memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo)); - perr = coder.decode(p, length, NSS_DSAPrivateKeyBSAFETemplate, - &nssPrivKeyInfo); - if(perr) { - logAsnErr("decode(DSA PrivateKeyInfo)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - CSSM_RETURN crtn = nssAlgIdToDsaBSAFE(nssPrivKeyInfo.dsaAlg, openKey); - if(crtn) { - return crtn; - } - - /* nssPrivKeyInfo.privateKey is the DER-encoding of a - * DSAPrivateKeyOcts... */ - try { - PRErrorCode perr; - NSS_DSAPrivateKeyOcts keyOcts; - - perr = coder.decodeItem(nssPrivKeyInfo.privateKey, - NSS_DSAPrivateKeyOctsTemplate, &keyOcts); - if(perr) { - logAsnErr("decode(DSA PrivateKeyInfoOcts)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - openKey->priv_key = cssmDataToBn(keyOcts.privateKey); - if(openKey->priv_key == NULL) { - return CSSMERR_CSP_INVALID_KEY; - } - return 0; - } - catch(...) { - return CSSMERR_CSP_INVALID_KEY; - } -} - -CSSM_RETURN DSAPrivateKeyEncodeFIPS186( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - try { - /* First convert into a NSS_DSAPrivateKeyBSAFE */ - NSS_DSAPrivateKeyBSAFE nssPrivKey; - intToCssmData(openKey->version, nssPrivKey.version, coder); - dsaToNssAlgIdBSAFE(openKey, nssPrivKey.dsaAlg, coder); - - /* nssPrivKey.privateKey is the DER-encoding of one of these... */ - NSS_DSAPrivateKeyOcts privKeyOcts; - bnToCssmData(openKey->priv_key, privKeyOcts.privateKey, coder); - - /* DER encode the privateKey portion into arena pool memory - * into NSS_DSAPrivateKeyPKCS8.privateKey */ - coder.encodeItem(&privKeyOcts, NSS_DSAPrivateKeyOctsTemplate, - nssPrivKey.privateKey); - - /* DER encode the whole thing */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPrivKey, - NSS_DSAPrivateKeyBSAFETemplate, encodedKey); - return 0; - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -/* - * DSA private keys, PKCS8/SMIME format. - */ -CSSM_RETURN DSAPrivateKeyDecodePKCS8( - SecNssCoder &coder, - DSA *openKey, - void *p, - unsigned length) -{ - NSS_DSAPrivateKeyPKCS8 nssPrivKeyInfo; - PRErrorCode perr; - - memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo)); - perr = coder.decode(p, length, NSS_DSAPrivateKeyPKCS8Template, - &nssPrivKeyInfo); - if(perr) { - logAsnErr("decode(DSA NSS_DSAPrivateKeyPKCS8)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - CSSM_RETURN crtn = nssAlgIdToDsaX509(nssPrivKeyInfo.dsaAlg, openKey); - if(crtn) { - return crtn; - } - - /* - * Post-decode, nssPrivKeyInfo.privateKey is the DER-encoding of a - * an ASN integer. - */ - try { - PRErrorCode perr; - CSSM_DATA privKeyInt = {0, NULL}; - - perr = coder.decodeItem(nssPrivKeyInfo.privateKey, - SEC_UnsignedIntegerTemplate, &privKeyInt); - if(perr) { - logAsnErr("decode(DSA nssPrivKeyInfo.privateKey)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - openKey->priv_key = cssmDataToBn(privKeyInt); - if(openKey->priv_key == NULL) { - return CSSMERR_CSP_INVALID_KEY; - } - return 0; - } - catch(...) { - return CSSMERR_CSP_INVALID_KEY; - } -} - -CSSM_RETURN DSAPrivateKeyEncodePKCS8( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - try { - /* First convert into a NSS_DSAPrivateKeyPKCS8 */ - NSS_DSAPrivateKeyPKCS8 nssPrivKey; - NSS_DSAAlgParams algParams; - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - memset(&algParams, 0, sizeof(algParams)); - nssPrivKey.dsaAlg.params = &algParams; - intToCssmData(openKey->version, nssPrivKey.version, coder); - dsaToNssAlgIdX509(openKey, nssPrivKey.dsaAlg, coder); - - /* pre-encode, nssPrivKey.privateKey is the DER-encoding of - * an ASN integer... */ - CSSM_DATA privKeyInt; - bnToCssmData(openKey->priv_key, privKeyInt, coder); - - /* DER encode the privateKey portion into arena pool memory - * into NSS_DSAPrivateKeyPKCS8.privateKey */ - coder.encodeItem(&privKeyInt, SEC_UnsignedIntegerTemplate, - nssPrivKey.privateKey); - - /* DER encode the whole thing */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPrivKey, - NSS_DSAPrivateKeyPKCS8Template, encodedKey); - return 0; - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -/* - * DSA public key, X509/openssl format. - */ -static CSSM_RETURN DSAPublicKeyDecodeX509( - SecNssCoder &coder, - DSA *openKey, - void *p, - size_t length) -{ - NSS_DSAPublicKeyX509 nssPubKey; - PRErrorCode perr; - CSSM_RETURN crtn; - - memset(&nssPubKey, 0, sizeof(nssPubKey)); - perr = coder.decode(p, length, NSS_DSAPublicKeyX509Template, - &nssPubKey); - if(perr) { - logAsnErr("decode(DSAPublicKeyX509)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* X509 style DSA-specific alg params */ - NSS_DSAAlgorithmIdX509 &algId = nssPubKey.dsaAlg; - crtn = nssAlgIdToDsaX509(algId, openKey); - if(crtn) { - return crtn; - } - - /* inside of nssPubKey.publicKey is the DER-encoding of a - * ASN Integer; decoded length was in bits */ - nssPubKey.publicKey.Length = (nssPubKey.publicKey.Length + 7) / 8; - CSSM_DATA pubKeyBytes = {0, NULL}; - perr = coder.decodeItem(nssPubKey.publicKey, - SEC_UnsignedIntegerTemplate, - &pubKeyBytes); - if(perr) { - logAsnErr("decode(NSS_DSAPublicKeyX509.publicKey)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - openKey->pub_key = cssmDataToBn(pubKeyBytes); - - if(openKey->pub_key == NULL) { - return CSSMERR_CSP_INVALID_KEY; - } - return 0; -} - -static CSSM_RETURN DSAPublicKeyEncodeX509( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - try { - /* convert to NSS_DSAPublicKeyX509 */ - NSS_DSAPublicKeyX509 nssPubKey; - NSS_DSAAlgParams algParams; - memset(&nssPubKey, 0, sizeof(nssPubKey)); - memset(&algParams, 0, sizeof(algParams)); - nssPubKey.dsaAlg.params = &algParams; - dsaToNssAlgIdX509(openKey, nssPubKey.dsaAlg, coder); - - /* - * publicKey is the DER-encoding of a ASN INTEGER wrapped in - * an AsnBits - */ - CSSM_DATA pubKeyRaw; - PRErrorCode perr; - bnToCssmData(openKey->pub_key, pubKeyRaw, coder); - perr = coder.encodeItem(&pubKeyRaw, SEC_UnsignedIntegerTemplate, - nssPubKey.publicKey); - if(perr) { - logAsnErr("encodeItem(DSAPublicKeyX509.publicKey)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - nssPubKey.publicKey.Length *= 8; - - /* DER encode */ - SecNssEncodeItemOdata(&nssPubKey, NSS_DSAPublicKeyX509Template, - encodedKey); - return CSSM_OK; - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -/* - * Encode public key portion only for calculating key digest. - * Note this works just fine on a partial DSA public key, i.e., - * A DSA public key's digest-capable blob is the same whether or - * not the DSA key has its DSA parameters p, q, and g. - */ -static CSSM_RETURN DSAPublicKeyEncodeHashable( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - try { - /* - * publicKey is the DER-encoding of an ASN integer - */ - CSSM_DATA pubKey; - bnToCssmData(openKey->pub_key, pubKey, coder); - PRErrorCode perr; - - perr = SecNssEncodeItemOdata(&pubKey, SEC_UnsignedIntegerTemplate, - encodedKey); - if(perr) { - logAsnErr("encode(DSAPubHashable)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -/* - * DSA private key, custom openssl format. - */ -static CSSM_RETURN DSAPrivateKeyDecodeOpenssl( - SecNssCoder &coder, - DSA *openKey, - void *p, - size_t length) -{ - NSS_DSAPrivateKeyOpenssl nssPrivKey; - PRErrorCode perr; - - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - perr = coder.decode(p, length, NSS_DSAPrivateKeyOpensslTemplate, - &nssPrivKey); - if(perr) { - logAsnErr("decode(DSAPrivateKeyOpenssl)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* convert nssPrivKey fields to RSA key fields */ - try { - openKey->version = cssmDataToInt(nssPrivKey.version); - openKey->p = cssmDataToBn(nssPrivKey.p); - openKey->q = cssmDataToBn(nssPrivKey.q); - openKey->g = cssmDataToBn(nssPrivKey.g); - openKey->pub_key = cssmDataToBn(nssPrivKey.pub); - openKey->priv_key = cssmDataToBn(nssPrivKey.priv); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -static CSSM_RETURN DSAPrivateKeyEncodeOpenssl( - SecNssCoder &coder, - DSA *openKey, - CssmOwnedData &encodedKey) -{ - NSS_DSAPrivateKeyOpenssl nssPrivKey; - PRErrorCode perr; - - /* convert to NSS_DSAPrivateKeyOpenssl */ - try { - intToCssmData(openKey->version, nssPrivKey.version, coder); - bnToCssmData(openKey->p, nssPrivKey.p, coder); - bnToCssmData(openKey->q, nssPrivKey.q, coder); - bnToCssmData(openKey->g, nssPrivKey.g, coder); - bnToCssmData(openKey->pub_key, nssPrivKey.pub, coder); - bnToCssmData(openKey->priv_key, nssPrivKey.priv, coder); - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - - /* DER encode */ - perr = SecNssEncodeItemOdata(&nssPrivKey, NSS_DSAPrivateKeyOpensslTemplate, - encodedKey); - if(perr) { - logAsnErr("encode(DSAPrivateKeyOpenssl)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -CSSM_RETURN DSAPublicKeyDecode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - return DSAPublicKeyDecodeFIPS186(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return DSAPublicKeyDecodeX509(coder, openKey, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DSAPublicKeyEncode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - return DSAPublicKeyEncodeFIPS186(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return DSAPublicKeyEncodeX509(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: - return DSAPublicKeyEncodeHashable(coder, openKey, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DSAPrivateKeyDecode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - return DSAPrivateKeyDecodeFIPS186(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: - return DSAPrivateKeyDecodeOpenssl(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return DSAPrivateKeyDecodePKCS8(coder, openKey, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DSAPrivateKeyEncode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - return DSAPrivateKeyEncodeFIPS186(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: - return DSAPrivateKeyEncodeOpenssl(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return DSAPrivateKeyEncodePKCS8(coder, openKey, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -#pragma mark - -#pragma mark *** DSA Signature encode/decode *** - -CSSM_RETURN DSASigEncode( - DSA_SIG *openSig, - CssmOwnedData &encodedSig) -{ - /* temp allocs from this pool */ - SecNssCoder coder; - /* convert to NSS_DSASignature */ - NSS_DSASignature nssSig; - - try { - bnToCssmData(openSig->r, nssSig.r, coder); - bnToCssmData(openSig->s, nssSig.s, coder); - } - catch(...) { - /* ? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - - PRErrorCode prtn = SecNssEncodeItemOdata(&nssSig, - NSS_DSASignatureTemplate, encodedSig); - if(prtn) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -CSSM_RETURN DSASigDecode( - DSA_SIG *openSig, - const void *p, - unsigned length) -{ - NSS_DSASignature nssSig; - SecNssCoder coder; - - memset(&nssSig, 0, sizeof(nssSig)); - PRErrorCode perr = coder.decode(p, length, - NSS_DSASignatureTemplate, &nssSig); - if(perr) { - logAsnErr("decode(DSASigDecode)", perr); - return CSSMERR_CSP_INVALID_SIGNATURE; - } - - try { - openSig->r = cssmDataToBn(nssSig.r); - openSig->s = cssmDataToBn(nssSig.s); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -#pragma mark - -#pragma mark *** DSA Algorithm Parameters encode/decode *** - -CSSM_RETURN DSAEncodeAlgParams( - NSS_DSAAlgParams &algParams, - CssmOwnedData &encodedParams) -{ - PRErrorCode prtn = SecNssEncodeItemOdata(&algParams, - NSS_DSAAlgParamsTemplate, encodedParams); - if(prtn) { - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -CSSM_RETURN DSADecodeAlgParams( - NSS_DSAAlgParams &algParams, - const void *p, - unsigned len, - SecNssCoder &coder) -{ - - memset(&algParams, 0, sizeof(algParams)); - PRErrorCode perr = coder.decode(p, len, - NSS_DSAAlgParamsTemplate, &algParams); - if(perr) { - logAsnErr("decode(DSAAlgParams)", perr); - return CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS; - } - return CSSM_OK; -} - -#pragma mark - -#pragma mark *** Diffie-Hellman key encode/decode *** - -CSSM_RETURN DHPrivateKeyDecodePKCS3( - SecNssCoder &coder, - DH *openKey, - unsigned char *p, - unsigned length) -{ - NSS_DHPrivateKey nssPrivKey; - PRErrorCode perr; - - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - perr = coder.decode(p, length, NSS_DHPrivateKeyTemplate, &nssPrivKey); - if(perr) { - logAsnErr("decode(DHPrivateKey)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - /* verify alg identifier */ - const CSSM_OID *oid = &nssPrivKey.dhOid; - if(!cspCompareCssmData(oid, &CSSMOID_DH)) { - sslAsn1Debug("DHPrivateKeyDecode: bad OID"); - return CSSMERR_CSP_ALGID_MISMATCH; - } - - NSS_DHParameter ¶ms = nssPrivKey.params; - - try { - openKey->priv_key = cssmDataToBn(nssPrivKey.secretPart); - openKey->p = cssmDataToBn(params.prime); - openKey->g = cssmDataToBn(params.base); - /* TBD - ignore privateValueLength for now */ - } - catch(...) { - /* FIXME - bad sig? memory? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -CSSM_RETURN DHPrivateKeyEncodePKCS3( - SecNssCoder &coder, - DH *openKey, - CssmOwnedData &encodedKey) -{ - /* convert into a NSS_DHPrivateKey */ - NSS_DHPrivateKey nssPrivKey; - NSS_DHParameter ¶ms = nssPrivKey.params; - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - nssPrivKey.dhOid = CSSMOID_DH; - - - try { - bnToCssmData(openKey->priv_key, nssPrivKey.secretPart, coder); - bnToCssmData(openKey->p, params.prime, coder); - bnToCssmData(openKey->g, params.base, coder); - if(openKey->length) { - /* actually currently not supported in openssl... */ - intToCssmData(openKey->length, params.privateValueLength, coder); - } - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPrivKey, NSS_DHPrivateKeyTemplate, - encodedKey); - if(perr) { - logAsnErr("encode(DHPrivateKey)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -/* - * NSS_DHAlgorithmIdentifierX942 <--> DH - * NOTE this is incomplete. It's functional on decode, but we throw - * away everything except p and g. On encode, we put zeroes in - * all the fields we don't deal with. Thus the encode side will NOT be - * interoperable with other implementations. - */ -static void dhToNssAlgIdX942( - const DH *openKey, - NSS_DHAlgorithmIdentifierX942 &algId, - SecNssCoder &coder) -{ - /* - * When trying to encode a public key in X509 form, we may in - * fact have nothing here - public keys created and exported in - * PKCS3 have the pub_key value, and that's it. - */ - - memset(&algId, 0, sizeof(algId)); - algId.oid = CSSMOID_ANSI_DH_PUB_NUMBER; // not mallocd - NSS_DHDomainParamsX942 ¶ms = algId.params; - uint8 zero = 0; - CSSM_DATA czero = {1, &zero}; - if(openKey->p != NULL) { - bnToCssmData(openKey->p, params.p, coder); - } - else { - coder.allocCopyItem(czero, params.p); - } - if(openKey->g != NULL) { - bnToCssmData(openKey->g, params.g, coder); - } - else { - coder.allocCopyItem(czero, params.g); - } - /* and we never have a vali0d q */ - coder.allocCopyItem(czero, params.q); - -} - -static CSSM_RETURN nssAlgIdToDhX942( - NSS_DHAlgorithmIdentifierX942 &algId, - DH *openKey) -{ - if(!cspCompareCssmData(&algId.oid, &CSSMOID_ANSI_DH_PUB_NUMBER)) { - sslAsn1Debug("nssAlgIdToDhX942: bad OID"); - return CSSMERR_CSP_INVALID_KEY; - } - openKey->p = cssmDataToBn(algId.params.p); - openKey->g = cssmDataToBn(algId.params.g); - return CSSM_OK; -} - -CSSM_RETURN DHPrivateKeyDecodePKCS8( - SecNssCoder &coder, - DH *openKey, - unsigned char *p, - unsigned length) -{ - NSS_DHPrivateKeyPKCS8 nssPrivKey; - PRErrorCode perr; - - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - perr = coder.decode(p, length, NSS_DHPrivateKeyPKCS8Template, - &nssPrivKey); - if(perr) { - logAsnErr("decode(DHPrivateKeyPKCS8)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - try { - CSSM_RETURN crtn = nssAlgIdToDhX942(nssPrivKey.algorithm, openKey); - if(crtn) { - return crtn; - } - - /* post-decode private key is a DER encoded integer */ - CSSM_DATA privKeyInt = {0, NULL}; - if(coder.decodeItem(nssPrivKey.privateKey, - SEC_UnsignedIntegerTemplate, - &privKeyInt)) { - logAsnErr("decode(DHPrivateKeyPKCS8 privKey int)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - openKey->priv_key = cssmDataToBn(privKeyInt); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -CSSM_RETURN DHPrivateKeyEncodePKCS8( - SecNssCoder &coder, - DH *openKey, - CssmOwnedData &encodedKey) -{ - /* convert into a NSS_DHPrivateKeyPKCS8 */ - NSS_DHPrivateKeyPKCS8 nssPrivKey; - memset(&nssPrivKey, 0, sizeof(nssPrivKey)); - uint8 vers = 0; - nssPrivKey.version.Length = 1; - nssPrivKey.version.Data = &vers; - NSS_DHAlgorithmIdentifierX942 &alg = nssPrivKey.algorithm; - - try { - - dhToNssAlgIdX942(openKey, alg, coder); - /* pre-encode, nssPrivKey.privateKey is the DER-encoding of - * an ASN integer... */ - CSSM_DATA privKeyInt; - bnToCssmData(openKey->priv_key, privKeyInt, coder); - - /* DER encode the privateKey portion into arena pool memory - * into nssPrivKey.privateKey */ - coder.encodeItem(&privKeyInt, SEC_UnsignedIntegerTemplate, - nssPrivKey.privateKey); - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPrivKey, NSS_DHPrivateKeyPKCS8Template, - encodedKey); - if(perr) { - logAsnErr("encode(DHPrivateKey)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -/* - * In the PKCS3 form, the public blob is simply the literal - * public key value, not DER encoded. - */ -static CSSM_RETURN DHPublicKeyDecodePKCS3( - DH *openKey, - SecNssCoder &coder, - unsigned char *p, - unsigned length) -{ - try { - CSSM_DATA pubKey = {(uint32)length, (uint8 *)p}; - openKey->pub_key = cssmDataToBn(pubKey); - return CSSM_OK; - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -static CSSM_RETURN DHPublicKeyEncodePKCS3( - DH *openKey, - SecNssCoder &coder, - CssmOwnedData &encodedKey) -{ - try { - CSSM_DATA pubKey; - bnToCssmData(openKey->pub_key, pubKey, coder); - encodedKey.copy(CssmData::overlay(pubKey)); - return CSSM_OK; - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } -} - -static CSSM_RETURN DHPublicKeyDecodeX509( - DH *openKey, - SecNssCoder &coder, - unsigned char *p, - unsigned length) -{ - NSS_DHPublicKeyX509 nssPubKey; - PRErrorCode perr; - - memset(&nssPubKey, 0, sizeof(nssPubKey)); - perr = coder.decode(p, length, NSS_DHPublicKeyX509Template, - &nssPubKey); - if(perr) { - logAsnErr("decode(DHPublicKeyX509)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - - try { - CSSM_RETURN crtn = nssAlgIdToDhX942(nssPubKey.algorithm, openKey); - if(crtn) { - return crtn; - } - - /* - * Post-decode public key length in bits - * Contents are pub_key as DER-encoded INTEGER - */ - CSSM_DATA &pubKey = nssPubKey.publicKey; - pubKey.Length = (pubKey.Length + 7) / 8; - CSSM_DATA pubKeyInt = {0, NULL}; - if(coder.decodeItem(pubKey, - SEC_UnsignedIntegerTemplate, &pubKeyInt)) { - logAsnErr("decode(DHPublicKeyX509 pub key int)", perr); - return CSSMERR_CSP_INVALID_KEY; - } - openKey->pub_key = cssmDataToBn(pubKeyInt); - } - catch(...) { - /* FIXME - bad sig? memory? */ - return CSSMERR_CSP_MEMORY_ERROR; - } - return 0; -} - -static CSSM_RETURN DHPublicKeyEncodeX509( - DH *openKey, - SecNssCoder &coder, - CssmOwnedData &encodedKey) -{ - /* convert into a NSS_DHPublicKeyX509 */ - NSS_DHPublicKeyX509 nssPubKey; - memset(&nssPubKey, 0, sizeof(nssPubKey)); - NSS_DHAlgorithmIdentifierX942 &alg = nssPubKey.algorithm; - - try { - dhToNssAlgIdX942(openKey, alg, coder); - - /* encode pub_key as integer */ - CSSM_DATA pubKeyInt = {0, NULL}; - bnToCssmData(openKey->pub_key, pubKeyInt, coder); - coder.encodeItem(&pubKeyInt, SEC_UnsignedIntegerTemplate, - nssPubKey.publicKey); - /* specify length in bits */ - nssPubKey.publicKey.Length *= 8; - } - catch(...) { - return CSSMERR_CSP_MEMORY_ERROR; - } - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&nssPubKey, NSS_DHPublicKeyX509Template, - encodedKey); - if(perr) { - logAsnErr("encode(DHPublicKeyX509)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - -CSSM_RETURN DHPrivateKeyDecode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - unsigned char *p, - unsigned length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: - return DHPrivateKeyDecodePKCS3(coder, openKey, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return DHPrivateKeyDecodePKCS8(coder, openKey, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DHPrivateKeyEncode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: - return DHPrivateKeyEncodePKCS3(coder, openKey, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - return DHPrivateKeyEncodePKCS8(coder, openKey, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DHPublicKeyDecode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - unsigned char *p, - unsigned length) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: - return DHPublicKeyDecodePKCS3(openKey, coder, p, length); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return DHPublicKeyDecodeX509(openKey, coder, p, length); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -CSSM_RETURN DHPublicKeyEncode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey) -{ - SecNssCoder coder; - - switch(format) { - case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: - return DHPublicKeyEncodePKCS3(openKey, coder, encodedKey); - case CSSM_KEYBLOB_RAW_FORMAT_X509: - return DHPublicKeyEncodeX509(openKey, coder, encodedKey); - default: - assert(0); - return CSSMERR_CSP_INTERNAL_ERROR; - } -} - -/* - * Encode/decode a NSS_DHParameterBlock. - */ -CSSM_RETURN DHParamBlockDecode( - const CSSM_DATA &encParam, - NSS_DHParameterBlock ¶mBlock, - SecNssCoder &coder) -{ - PRErrorCode perr; - - memset(¶mBlock, 0, sizeof(paramBlock)); - perr = coder.decodeItem(encParam, NSS_DHParameterBlockTemplate, - ¶mBlock); - if(perr == 0) { - return CSSM_OK; - } - - /* - * CDSA Extension: the CDSA Algorithm Guide says that the D-H - * parameter block is supposed to be wrapped with its accompanying - * OID. However Openssl does not do this; it just exports - * an encoded DHParameter rather than a DHParameterBlock. - * For compatibility we'll try decoding the parameters as one - * of these. - */ - memset(¶mBlock, 0, sizeof(paramBlock)); - perr = coder.decodeItem(encParam, NSS_DHParameterTemplate, - ¶mBlock.params); - if(perr == 0) { - return CSSM_OK; - } - return CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS; -} - -#pragma mark - -#pragma mark *** Message Digest *** - -/* - * Given a message digest and associated algorithm, cook up a PKCS1-style - * DigestInfo and return its DER encoding. This is a necessary step for - * RSA signature (both generating and verifying) - the output of this - * routine is what gets encrypted during signing, and what is expected when - * verifying (i.e., decrypting the signature). - * - * A good guess for the length of the output digestInfo is the size of the - * key being used to sign/verify. The digest can never be larger than that. - */ -CSSM_RETURN generateDigestInfo( - const void *msgDigest, - size_t digestLen, - CSSM_ALGORITHMS digestAlg, // CSSM_ALGID_SHA1, etc. - CssmOwnedData &encodedInfo, - size_t maxEncodedSize) -{ - if(digestAlg == CSSM_ALGID_NONE) { - /* special case, no encode, just copy */ - encodedInfo.copy(msgDigest, digestLen); - return 0; - } - - NSS_DigestInfo digestInfo; - CSSM_X509_ALGORITHM_IDENTIFIER &algId = digestInfo.digestAlgorithm; - - memset(&digestInfo, 0, sizeof(digestInfo)); - switch(digestAlg) { - case CSSM_ALGID_MD5: - algId.algorithm = CSSMOID_MD5; - break; - case CSSM_ALGID_MD2: - algId.algorithm = CSSMOID_MD2; - break; - case CSSM_ALGID_SHA1: - algId.algorithm = CSSMOID_SHA1; - break; - default: - return CSSMERR_CSP_INVALID_ALGORITHM; - } - nullAlgParams(algId); - digestInfo.digest.Data = (uint8 *)msgDigest; - digestInfo.digest.Length = digestLen; - - /* DER encode */ - PRErrorCode perr; - perr = SecNssEncodeItemOdata(&digestInfo, NSS_DigestInfoTemplate, - encodedInfo); - if(perr) { - logAsnErr("encode(digestInfo)", perr); - return CSSMERR_CSP_MEMORY_ERROR; - } - return CSSM_OK; -} - diff --git a/AppleCSP/open_ssl/opensslUtils/opensslAsn1.h b/AppleCSP/open_ssl/opensslUtils/opensslAsn1.h deleted file mode 100644 index fd90ace0..00000000 --- a/AppleCSP/open_ssl/opensslUtils/opensslAsn1.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * opensslAsn1.h - ANS1 encode/decode of openssl object, libssnasn1 version - */ - -#ifndef _OPENSSL_ASN1_H_ -#define _OPENSSL_ASN1_H_ - - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* CSSM_DATA --> BIGNUM */ -BIGNUM *cssmDataToBn( - const CSSM_DATA &cdata); - -/* BIGNUM --> CSSM_DATA, mallocing from a SecNssCoder's PL_ArenaPool */ -void bnToCssmData( - const BIGNUM *bn, - CSSM_DATA &cdata, - SecNssCoder &coder); - -/* CSSM_DATA --> unsigned int */ -unsigned cssmDataToInt( - const CSSM_DATA &cdata); - -/* unsigned int --> CSSM_DATA, mallocing from an SecNssCoder */ -void intToCssmData( - unsigned num, - CSSM_DATA &cdata, - SecNssCoder &coder); - -/* - * DER encode/decode RSA keys in various formats. - */ -CSSM_RETURN RSAPublicKeyDecode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length); -CSSM_RETURN RSAPublicKeyEncode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); -CSSM_RETURN RSAPrivateKeyDecode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length); -CSSM_RETURN RSAPrivateKeyEncode( - RSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); -CSSM_RETURN generateDigestInfo( - const void *messageDigest, - size_t digestLen, - CSSM_ALGORITHMS digestAlg, // CSSM_ALGID_SHA1, etc. - CssmOwnedData &encodedInfo, - size_t maxEncodedSize); -CSSM_RETURN DSAPublicKeyDecode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length); -CSSM_RETURN DSAPublicKeyEncode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); -CSSM_RETURN DSAPrivateKeyDecode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - void *p, - size_t length); -CSSM_RETURN DSAPrivateKeyEncode( - DSA *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); - -CSSM_RETURN DSASigEncode( - DSA_SIG *openSig, - CssmOwnedData &encodedSig); -CSSM_RETURN DSASigDecode( - DSA_SIG *openSig, - const void *p, - unsigned length); - -CSSM_RETURN DSAEncodeAlgParams( - NSS_DSAAlgParams &algParams, - CssmOwnedData &encodedParams); -CSSM_RETURN DSADecodeAlgParams( - NSS_DSAAlgParams &algParams, - const void *p, - unsigned len, - SecNssCoder &coder); - -CSSM_RETURN DHPrivateKeyDecode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - unsigned char *p, - unsigned length); -CSSM_RETURN DHPrivateKeyEncode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); -CSSM_RETURN DHPublicKeyDecode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - unsigned char *p, - unsigned length); -CSSM_RETURN DHPublicKeyEncode( - DH *openKey, - CSSM_KEYBLOB_FORMAT format, - CssmOwnedData &encodedKey); -CSSM_RETURN DHParamBlockDecode( - const CSSM_DATA &encParam, - NSS_DHParameterBlock ¶mBlock, - SecNssCoder &coder); - -CSSM_RETURN generateDigestInfo( - const void *msgDigest, - size_t digestLen, - CSSM_ALGORITHMS digestAlg, // CSSM_ALGID_SHA1, etc. - CssmOwnedData &encodedInfo, - size_t maxEncodedSize); - -#ifdef __cplusplus -} -#endif - -#endif /* _OPENSSL_ASN1_H_ */ diff --git a/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp b/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp deleted file mode 100644 index 14eedbcc..00000000 --- a/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * opensslUtils.h - Support for ssleay-derived crypto modules - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "opensslUtils.h" -#include -#include -#include - -#define sslUtilsDebug(args...) secdebug("sslUtils", ## args) - -openSslException::openSslException( - int irtn, - const char *op) - : mIrtn(irtn) -{ - if(op) { - char buf[300]; - ERR_error_string(irtn, buf); - sslUtilsDebug("%s: %s\n", op, buf); - } -} - -/* these are replacements for the ones in ssleay */ -#define DUMP_RAND_BYTES 0 - -static int randDex = 1; - -int RAND_bytes(unsigned char *buf,int num) -{ - try { - cspGetRandomBytes(buf, (unsigned)num); - } - catch(...) { - /* that can only mean Yarrow failure, which we really need to - * cut some slack for */ - Security::Syslog::error("Apple CSP: yarrow failure"); - for(int i=0; i - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Trivial exception class associated with an openssl error. - */ -class openSslException -{ -public: - openSslException( - int irtn, - const char *op = NULL); - ~openSslException() { } - int irtn() { return mIrtn; } -private: - int mIrtn; -}; - -unsigned long logSslErrInfo(const char *op); - -void throwRsaDsa( - const char *op); - -/* - * given an openssl-style error, throw appropriate CssmError. - */ -void throwOpensslErr( - int irtn); - - -#ifdef __cplusplus -} -#endif - -#endif /* _OPENSSL_UTILS_H_ */ diff --git a/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.cpp b/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.cpp deleted file mode 100644 index 738478fc..00000000 --- a/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.cpp +++ /dev/null @@ -1,140 +0,0 @@ -/* - * osKeyTemplate.h - ASN1 templates for openssl asymmetric keys - */ - -#include "osKeyTemplates.h" - -/**** - **** DSA support - ****/ - -/* X509 style DSA algorithm parameters */ -const SEC_ASN1Template NSS_DSAAlgParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAAlgParams) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParams,p) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParams,q) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParams,g) }, - { 0, } -}; - -/* BSAFE style DSA algorithm parameters */ -const SEC_ASN1Template NSS_DSAAlgParamsBSAFETemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAAlgParamsBSAFE) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParamsBSAFE,keySizeInBits) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParamsBSAFE,p) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParamsBSAFE,q) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAAlgParamsBSAFE,g) }, - { 0, } -}; - -/* DSA X509-style AlgorithmID */ -const SEC_ASN1Template NSS_DSAAlgorithmIdX509Template[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAAlgorithmIdX509) }, - { SEC_ASN1_OBJECT_ID, offsetof(NSS_DSAAlgorithmIdX509, algorithm) }, - /* per CMS, this is optional */ - { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL, - offsetof(NSS_DSAAlgorithmIdX509,params), - NSS_DSAAlgParamsTemplate }, - { 0, } -}; - -/* DSA BSAFE-style AlgorithmID */ -const SEC_ASN1Template NSS_DSAAlgorithmIdBSAFETemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAAlgorithmIdBSAFE) }, - { SEC_ASN1_OBJECT_ID, offsetof(NSS_DSAAlgorithmIdBSAFE, algorithm) }, - { SEC_ASN1_INLINE, - offsetof(NSS_DSAAlgorithmIdBSAFE,params), - NSS_DSAAlgParamsBSAFETemplate }, - { 0, } -}; - -/**** - **** DSA public keys - ****/ - -/* DSA public key, openssl/X509 format */ -const SEC_ASN1Template NSS_DSAPublicKeyX509Template[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPublicKeyX509) }, - { SEC_ASN1_INLINE, - offsetof(NSS_DSAPublicKeyX509, dsaAlg), - NSS_DSAAlgorithmIdX509Template }, - { SEC_ASN1_BIT_STRING, - offsetof(NSS_DSAPublicKeyX509, publicKey), }, - { 0, } -}; - -/* DSA public key, BSAFE/FIPS186 format */ -const SEC_ASN1Template NSS_DSAPublicKeyBSAFETemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPublicKeyBSAFE) }, - { SEC_ASN1_INLINE, - offsetof(NSS_DSAPublicKeyBSAFE, dsaAlg), - NSS_DSAAlgorithmIdBSAFETemplate }, - { SEC_ASN1_BIT_STRING, - offsetof(NSS_DSAPublicKeyBSAFE, publicKey), }, - { 0, } -}; - -/**** - **** DSA private keys - ****/ - -/* DSA Private key, openssl custom format */ -const SEC_ASN1Template NSS_DSAPrivateKeyOpensslTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPrivateKeyOpenssl) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,version) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,p) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,q) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,g) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,pub) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOpenssl,priv) }, - { 0, } -}; - -/* - * DSA private key, BSAFE/FIPS186 style. - * This is basically a DSA-specific NSS_PrivateKeyInfo. - * - * NSS_DSAPrivateKeyBSAFE.privateKey is an octet string containing - * the DER encoding of this. - */ -const SEC_ASN1Template NSS_DSAPrivateKeyOctsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPrivateKeyOcts) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyOcts,privateKey) }, - { 0, } -}; - -const SEC_ASN1Template NSS_DSAPrivateKeyBSAFETemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPrivateKeyBSAFE) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyBSAFE,version) }, - { SEC_ASN1_INLINE, - offsetof(NSS_DSAPrivateKeyBSAFE, dsaAlg), - NSS_DSAAlgorithmIdBSAFETemplate }, - { SEC_ASN1_OCTET_STRING, offsetof(NSS_DSAPrivateKeyBSAFE,privateKey) }, - { 0, } -}; - -/* - * DSA Private Key, PKCS8/SMIME style. - */ -const SEC_ASN1Template NSS_DSAPrivateKeyPKCS8Template[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSAPrivateKeyPKCS8) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSAPrivateKeyPKCS8,version) }, - { SEC_ASN1_INLINE, - offsetof(NSS_DSAPrivateKeyPKCS8, dsaAlg), - NSS_DSAAlgorithmIdX509Template }, - { SEC_ASN1_OCTET_STRING, offsetof(NSS_DSAPrivateKeyPKCS8,privateKey) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(NSS_DSAPrivateKeyPKCS8,attributes), - NSS_SetOfAttributeTemplate }, - { 0, } -}; - -const SEC_ASN1Template NSS_DSASignatureTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSS_DSASignature) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSASignature,r) }, - { SEC_ASN1_INTEGER, offsetof(NSS_DSASignature,s) }, - { 0, } -}; - - diff --git a/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.h b/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.h deleted file mode 100644 index 8adfca16..00000000 --- a/AppleCSP/open_ssl/opensslUtils/osKeyTemplates.h +++ /dev/null @@ -1,187 +0,0 @@ -/* - * osKeyTemplate.h - ASN1 templates for openssl asymmetric keys - */ - -#ifndef _OS_KEY_TEMPLATES_H_ -#define _OS_KEY_TEMPLATES_H_ - -#include -#include - -/* - * Arrays of SEC_ASN1Templates are always associated with a specific - * C struct. We attempt to use C structs which are defined in CDSA - * if at all possible; these always start with the CSSM_ prefix. - * Otherwise we define the struct here, with an NSS_ prefix. - * In either case, the name of the C struct is listed in comments - * along with the extern declaration of the SEC_ASN1Template array. - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/*** - *** Note: RSA and Diffie-Hellman keys and structs are in - *** SecurityNssAsn1/keyTemplates.h. - ***/ - -#pragma mark *** DSA *** - -/* - * Note that most of the DSA structs are hand rolled and are not - * expressed in ASN1 in any doc that I'm aware of. - */ - -/**** - **** DSA support - ****/ - -/* - * DSA algorithm parameters. Used in CDSA key generation context as - * well as the parameters in an X509-formatted DSA public key. - */ -typedef struct { - CSSM_DATA p; - CSSM_DATA q; - CSSM_DATA g; -} NSS_DSAAlgParams; - -extern const SEC_ASN1Template NSS_DSAAlgParamsTemplate[]; - -/* - * DSA algorithm parameters, BSAFE style. Only used in FIPS186 format - * public and private keys. - */ -typedef struct { - CSSM_DATA keySizeInBits; - CSSM_DATA p; - CSSM_DATA q; - CSSM_DATA g; -} NSS_DSAAlgParamsBSAFE; - -extern const SEC_ASN1Template NSS_DSAAlgParamsBSAFETemplate[]; - -/* - * DSA X509-style AlgorithmID. Avoids ASN_ANY processing via direct - * insertion of the appropriate parameters. - */ -typedef struct { - CSSM_OID algorithm; - NSS_DSAAlgParams *params; // optional -} NSS_DSAAlgorithmIdX509; - -extern const SEC_ASN1Template NSS_DSAAlgorithmIdX509Template[]; - -/* - * DSA AlgorithmID, BSAFE style. Avoids ASN_ANY - * processing via direct insertion of the appropriate parameters. - */ -typedef struct { - CSSM_OID algorithm; - NSS_DSAAlgParamsBSAFE params; -} NSS_DSAAlgorithmIdBSAFE; - -extern const SEC_ASN1Template NSS_DSAAlgorithmIdBSAFETemplate[]; - -/**** - **** DSA public keys - ****/ - -/* - * DSA public key, openssl/X509 format. - * - * The publicKey is actually the DER encoding of an ASN - * integer, wrapped in a BIT STRING. - */ -typedef struct { - NSS_DSAAlgorithmIdX509 dsaAlg; - CSSM_DATA publicKey; // BIT string - Length in bits -} NSS_DSAPublicKeyX509; - -extern const SEC_ASN1Template NSS_DSAPublicKeyX509Template[]; - -/* - * DSA public key, BSAFE/FIPS186 format. - * The public key is the DER encoding of an ASN integer, wrapped - * in a bit string. - */ -typedef struct { - NSS_DSAAlgorithmIdBSAFE dsaAlg; - CSSM_DATA publicKey; // BIT string - Length in bits -} NSS_DSAPublicKeyBSAFE; - -extern const SEC_ASN1Template NSS_DSAPublicKeyBSAFETemplate[]; - -/**** - **** DSA private keys - ****/ - -/* - * DSA Private key, openssl custom format. - */ -typedef struct { - CSSM_DATA version; - CSSM_DATA p; - CSSM_DATA q; - CSSM_DATA g; - CSSM_DATA pub; - CSSM_DATA priv; -} NSS_DSAPrivateKeyOpenssl; - -extern const SEC_ASN1Template NSS_DSAPrivateKeyOpensslTemplate[]; - -/* - * DSA private key, BSAFE/FIPS186 style. - * This is basically a DSA-specific NSS_PrivateKeyInfo. - * - * NSS_DSAPrivateKeyBSAFE.privateKey is an octet string containing - * the DER encoding of this. - */ -typedef struct { - CSSM_DATA privateKey; -} NSS_DSAPrivateKeyOcts; - -extern const SEC_ASN1Template NSS_DSAPrivateKeyOctsTemplate[]; - -typedef struct { - CSSM_DATA version; - NSS_DSAAlgorithmIdBSAFE dsaAlg; - /* octet string containing a DER-encoded NSS_DSAPrivateKeyOcts */ - CSSM_DATA privateKey; -} NSS_DSAPrivateKeyBSAFE; - -extern const SEC_ASN1Template NSS_DSAPrivateKeyBSAFETemplate[]; - -/* - * DSA Private Key, PKCS8/SMIME style. Doesn't have keySizeInBits - * in the alg params; has version in the top-level struct; the - * private key itself is a DER-encoded integer wrapped in an - * octet string. - */ -typedef struct { - CSSM_DATA version; - NSS_DSAAlgorithmIdX509 dsaAlg; - /* octet string containing DER-encoded integer */ - CSSM_DATA privateKey; - NSS_Attribute **attributes; // optional -} NSS_DSAPrivateKeyPKCS8; - -extern const SEC_ASN1Template NSS_DSAPrivateKeyPKCS8Template[]; - -/* - * DSA Signature. - */ -typedef struct { - CSSM_DATA r; - CSSM_DATA s; -} NSS_DSASignature; - -extern const SEC_ASN1Template NSS_DSASignatureTemplate[]; - -#ifdef __cplusplus -} -#endif - - -#endif /* _OS_KEY_TEMPLATES_H_ */ diff --git a/AppleCSP/open_ssl/rsa/rsa_chk.c b/AppleCSP/open_ssl/rsa/rsa_chk.c deleted file mode 100644 index a68408ba..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_chk.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include - - -int RSA_check_key(RSA *key) - { - BIGNUM *i, *j, *k, *l, *m; - BN_CTX *ctx; - int r; - int ret=1; - - i = BN_new(); - j = BN_new(); - k = BN_new(); - l = BN_new(); - m = BN_new(); - ctx = BN_CTX_new(); - if (i == NULL || j == NULL || k == NULL || l == NULL || - m == NULL || ctx == NULL) - { - ret = -1; - RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* p prime? */ - r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); - if (r != 1) - { - ret = r; - if (r != 0) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); - } - - /* q prime? */ - r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); - if (r != 1) - { - ret = r; - if (r != 0) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); - } - - /* n = p*q? */ - r = BN_mul(i, key->p, key->q, ctx); - if (!r) { ret = -1; goto err; } - - if (BN_cmp(i, key->n) != 0) - { - ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); - } - - /* d*e = 1 mod lcm(p-1,q-1)? */ - - r = BN_sub(i, key->p, BN_value_one()); - if (!r) { ret = -1; goto err; } - r = BN_sub(j, key->q, BN_value_one()); - if (!r) { ret = -1; goto err; } - - /* now compute k = lcm(i,j) */ - r = BN_mul(l, i, j, ctx); - if (!r) { ret = -1; goto err; } - r = BN_gcd(m, i, j, ctx); - if (!r) { ret = -1; goto err; } - r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ - if (!r) { ret = -1; goto err; } - - r = BN_mod_mul(i, key->d, key->e, k, ctx); - if (!r) { ret = -1; goto err; } - - if (!BN_is_one(i)) - { - ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); - } - - if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) - { - /* dmp1 = d mod (p-1)? */ - r = BN_sub(i, key->p, BN_value_one()); - if (!r) { ret = -1; goto err; } - - r = BN_mod(j, key->d, i, ctx); - if (!r) { ret = -1; goto err; } - - if (BN_cmp(j, key->dmp1) != 0) - { - ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_DMP1_NOT_CONGRUENT_TO_D); - } - - /* dmq1 = d mod (q-1)? */ - r = BN_sub(i, key->q, BN_value_one()); - if (!r) { ret = -1; goto err; } - - r = BN_mod(j, key->d, i, ctx); - if (!r) { ret = -1; goto err; } - - if (BN_cmp(j, key->dmq1) != 0) - { - ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_DMQ1_NOT_CONGRUENT_TO_D); - } - - /* iqmp = q^-1 mod p? */ - if(!BN_mod_inverse(i, key->q, key->p, ctx)) - { - ret = -1; - goto err; - } - - if (BN_cmp(i, key->iqmp) != 0) - { - ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_IQMP_NOT_INVERSE_OF_Q); - } - } - - err: - if (i != NULL) BN_free(i); - if (j != NULL) BN_free(j); - if (k != NULL) BN_free(k); - if (l != NULL) BN_free(l); - if (m != NULL) BN_free(m); - if (ctx != NULL) BN_CTX_free(ctx); - return (ret); - } diff --git a/AppleCSP/open_ssl/rsa/rsa_eay.c b/AppleCSP/open_ssl/rsa/rsa_eay.c deleted file mode 100644 index b3a47d1c..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_eay.c +++ /dev/null @@ -1,513 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_eay.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -#ifndef RSA_NULL - -static int RSA_eay_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); -static int RSA_eay_init(RSA *rsa); -static int RSA_eay_finish(RSA *rsa); -static const RSA_METHOD rsa_pkcs1_eay_meth={ - "Eric Young's PKCS#1 RSA", - RSA_eay_public_encrypt, - RSA_eay_public_decrypt, - RSA_eay_private_encrypt, - RSA_eay_private_decrypt, - RSA_eay_mod_exp, - BN_mod_exp_mont, - RSA_eay_init, - RSA_eay_finish, - 0, - NULL, - }; - -const RSA_METHOD *RSA_PKCS1_SSLeay(void) - { - return(&rsa_pkcs1_eay_meth); - } - -static int RSA_eay_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,j,k,num=0,r= -1; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - if ((ctx=BN_CTX_new()) == NULL) goto err; - num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)Malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - switch (padding) - { - case RSA_PKCS1_PADDING: - i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); - break; -#ifndef _OPENSSL_APPLE_CDSA_ -#ifndef NO_SHA - case RSA_PKCS1_OAEP_PADDING: - i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); - break; -#endif -#endif - case RSA_SSLV23_PADDING: - i=RSA_padding_add_SSLv23(buf,num,from,flen); - break; - case RSA_NO_PADDING: - i=RSA_padding_add_none(buf,num,from,flen); - break; - default: - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (i <= 0) goto err; - - if (BN_bin2bn(buf,num,&f) == NULL) goto err; - - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, - rsa->_method_mod_n)) goto err; - - /* put in leading 0 bytes if the number is less than the - * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); - for (k=0; k<(num-i); k++) - to[k]=0; - - r=num; -err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - Free(buf); - } - return(r); - } - -static int RSA_eay_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,j,k,num=0,r= -1; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - - if ((ctx=BN_CTX_new()) == NULL) goto err; - num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)Malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - switch (padding) - { - case RSA_PKCS1_PADDING: - i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); - break; - case RSA_NO_PADDING: - i=RSA_padding_add_none(buf,num,from,flen); - break; - case RSA_SSLV23_PADDING: - default: - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (i <= 0) goto err; - - if (BN_bin2bn(buf,num,&f) == NULL) goto err; - - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - - if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && - (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } - else - { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; - } - - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; - - /* put in leading 0 bytes if the number is less than the - * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); - for (k=0; k<(num-i); k++) - to[k]=0; - - r=num; -err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&ret); - BN_clear_free(&f); - if (buf != NULL) - { - memset(buf,0,num); - Free(buf); - } - return(r); - } - -static int RSA_eay_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int j,num=0,r= -1; - unsigned char *p; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - num=BN_num_bytes(rsa->n); - - if ((buf=(unsigned char *)Malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* This check was for equality but PGP does evil things - * and chops off the top '0' bytes */ - if (flen > num) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); - goto err; - } - - /* make data into a big number */ - if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; - - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - - /* do the decrypt */ - if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && - (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } - else - { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) - goto err; - } - - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; - - p=buf; - j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ - - switch (padding) - { - case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); - break; -#ifndef _OPENSSL_APPLE_CDSA_ -#ifndef NO_SHA - case RSA_PKCS1_OAEP_PADDING: - r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); - break; -#endif -#endif - case RSA_SSLV23_PADDING: - r=RSA_padding_check_SSLv23(to,num,buf,j,num); - break; - case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,j,num); - break; - default: - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (r < 0) - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); - -err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - Free(buf); - } - return(r); - } - -static int RSA_eay_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,num=0,r= -1; - unsigned char *p; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - num=BN_num_bytes(rsa->n); - buf=(unsigned char *)Malloc(num); - if (buf == NULL) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* This check was for equality but PGP does evil things - * and chops off the top '0' bytes */ - if (flen > num) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); - goto err; - } - - if (BN_bin2bn(from,flen,&f) == NULL) goto err; - /* do the decrypt */ - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, - rsa->_method_mod_n)) goto err; - - p=buf; - i=BN_bn2bin(&ret,p); - - switch (padding) - { - case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); - break; - case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,i,num); - break; - default: - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (r < 0) - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); - -err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - Free(buf); - } - return(r); - } - -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) - { - BIGNUM r1,m1; - int ret=0; - BN_CTX *ctx; - - if ((ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&m1); - BN_init(&r1); - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) - { - if (rsa->_method_mod_p == NULL) - { - if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, - ctx)) - goto err; - } - if (rsa->_method_mod_q == NULL) - { - if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, - ctx)) - goto err; - } - } - - if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, - rsa->_method_mod_q)) goto err; - - if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, - rsa->_method_mod_p)) goto err; - - if (!BN_sub(r0,r0,&m1)) goto err; - /* This will help stop the size of r0 increasing, which does - * affect the multiply if it optimised for a power of 2 size */ - if (r0->neg) - if (!BN_add(r0,r0,rsa->p)) goto err; - - if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; - if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r0 is negative above to leave the result still - * negative. This can break the private key operations: the following - * second correction should *always* correct this rare occurrence. - * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ - if (r0->neg) - if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; - if (!BN_add(r0,&r1,&m1)) goto err; - - ret=1; -err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_CTX_free(ctx); - return(ret); - } - -static int RSA_eay_init(RSA *rsa) - { - rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; - return(1); - } - -static int RSA_eay_finish(RSA *rsa) - { - if (rsa->_method_mod_n != NULL) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p != NULL) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q != NULL) - BN_MONT_CTX_free(rsa->_method_mod_q); - return(1); - } - -#endif diff --git a/AppleCSP/open_ssl/rsa/rsa_err.c b/AppleCSP/open_ssl/rsa/rsa_err.c deleted file mode 100644 index 17db7db3..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_err.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef NO_ERR -static ERR_STRING_DATA RSA_str_functs[]= - { -{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, -{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, -{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, -{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, -{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, -{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, -{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, -{0,NULL} - }; - -static ERR_STRING_DATA RSA_str_reasons[]= - { -{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, -{RSA_R_BAD_E_VALUE ,"bad e value"}, -{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, -{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, -{RSA_R_BAD_SIGNATURE ,"bad signature"}, -{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, -{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, -{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, -{RSA_R_DATA_TOO_LARGE ,"data too large"}, -{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{RSA_R_DATA_TOO_SMALL ,"data too small"}, -{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, -{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, -{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, -{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, -{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, -{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, -{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, -{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, -{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, -{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, -{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, -{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, -{RSA_R_P_NOT_PRIME ,"p not prime"}, -{RSA_R_Q_NOT_PRIME ,"q not prime"}, -{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, -{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, -{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, -{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, -{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, -{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, -{0,NULL} - }; - -#endif - -void ERR_load_RSA_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef NO_ERR - ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); - ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); -#endif - - } - } diff --git a/AppleCSP/open_ssl/rsa/rsa_gen.c b/AppleCSP/open_ssl/rsa/rsa_gen.c deleted file mode 100644 index 6095dfcf..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_gen.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_gen.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) - { - RSA *rsa=NULL; - BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0; - unsigned i; - BN_CTX *ctx=NULL,*ctx2=NULL; - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - ctx2=BN_CTX_new(); - if (ctx2 == NULL) goto err; - BN_CTX_start(ctx); - r0 = BN_CTX_get(ctx); - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - r3 = BN_CTX_get(ctx); - if (r3 == NULL) goto err; - - bitsp=(bits+1)/2; - bitsq=bits-bitsp; - rsa=RSA_new(); - if (rsa == NULL) goto err; - - /* set e */ - rsa->e=BN_new(); - if (rsa->e == NULL) goto err; - -#if 1 - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; ie,i); - } -#else - if (!BN_set_word(rsa->e,e_value)) goto err; -#endif - - /* generate p and q */ - for (;;) - { - rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); - if (rsa->p == NULL) goto err; - if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->p); - } - if (callback != NULL) callback(3,0,cb_arg); - for (;;) - { - rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); - if (rsa->q == NULL) goto err; - if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) - break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->q); - } - if (callback != NULL) callback(3,1,cb_arg); - if (BN_cmp(rsa->p,rsa->q) < 0) - { - tmp=rsa->p; - rsa->p=rsa->q; - rsa->q=tmp; - } - - /* calculate n */ - rsa->n=BN_new(); - if (rsa->n == NULL) goto err; - if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; - - /* calculate d */ - if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ - if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ - if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ - -/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ -/* for (;;) - { - if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; - if (BN_is_one(r3)) break; - - if (1) - { - if (!BN_add_word(rsa->e,2L)) goto err; - continue; - } - RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); - goto err; - } -*/ - rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ - if (rsa->d == NULL) goto err; - - /* calculate d mod (p-1) */ - rsa->dmp1=BN_new(); - if (rsa->dmp1 == NULL) goto err; - if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; - - /* calculate d mod (q-1) */ - rsa->dmq1=BN_new(); - if (rsa->dmq1 == NULL) goto err; - if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; - - /* calculate inverse of q mod p */ - rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); - if (rsa->iqmp == NULL) goto err; - - ok=1; -err: - if (ok == -1) - { - RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); - ok=0; - } - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - - if (!ok) - { - if (rsa != NULL) RSA_free(rsa); - return(NULL); - } - else - return(rsa); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_lib.c b/AppleCSP/open_ssl/rsa/rsa_lib.c deleted file mode 100644 index 45ef7f33..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_lib.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include -#include -#include - -const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; - -static const RSA_METHOD *default_RSA_meth=NULL; -static int rsa_meth_num=0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; - -RSA *RSA_new(void) - { - return(RSA_new_method(NULL)); - } - -void RSA_set_default_method(const RSA_METHOD *meth) - { - default_RSA_meth=meth; - } - -const RSA_METHOD *RSA_get_default_method(void) -{ - return default_RSA_meth; -} - -const RSA_METHOD *RSA_get_method(RSA *rsa) -{ - return rsa->meth; -} - -const RSA_METHOD *RSA_set_method(RSA *rsa, const RSA_METHOD *meth) -{ - const RSA_METHOD *mtmp; - mtmp = rsa->meth; - if (mtmp->finish) mtmp->finish(rsa); - rsa->meth = meth; - if (meth->init) meth->init(rsa); - return mtmp; -} - -RSA *RSA_new_method(const RSA_METHOD *meth) - { - RSA *ret; - - if (default_RSA_meth == NULL) - { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else -#ifdef RSAref - default_RSA_meth=RSA_PKCS1_RSAref(); -#else - default_RSA_meth=RSA_PKCS1_SSLeay(); -#endif -#endif - } - ret=(RSA *)Malloc(sizeof(RSA)); - if (ret == NULL) - { - RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } - - if (meth == NULL) - ret->meth=default_RSA_meth; - else - ret->meth=meth; - - ret->pad=0; - ret->version=0; - ret->n=NULL; - ret->e=NULL; - ret->d=NULL; - ret->p=NULL; - ret->q=NULL; - ret->dmp1=NULL; - ret->dmq1=NULL; - ret->iqmp=NULL; - ret->references=1; - ret->_method_mod_n=NULL; - ret->_method_mod_p=NULL; - ret->_method_mod_q=NULL; - ret->blinding=NULL; - ret->bignum_data=NULL; - ret->flags=ret->meth->flags; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - Free(ret); - ret=NULL; - } - else - CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); - return(ret); - } - -void RSA_free(RSA *r) - { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"RSA_free, bad reference count\n"); - abort(); - } -#endif - - CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); - - if (r->meth->finish != NULL) - r->meth->finish(r); - - if (r->n != NULL) BN_clear_free(r->n); - if (r->e != NULL) BN_clear_free(r->e); - if (r->d != NULL) BN_clear_free(r->d); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->dmp1 != NULL) BN_clear_free(r->dmp1); - if (r->dmq1 != NULL) BN_clear_free(r->dmq1); - if (r->iqmp != NULL) BN_clear_free(r->iqmp); - if (r->blinding != NULL) BN_BLINDING_free(r->blinding); - if (r->bignum_data != NULL) Free_locked(r->bignum_data); - Free(r); - } - -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - rsa_meth_num++; - return(CRYPTO_get_ex_new_index(rsa_meth_num-1, - &rsa_meth,argl,argp,new_func,dup_func,free_func)); - } - -int RSA_set_ex_data(RSA *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); - } - -void *RSA_get_ex_data(RSA *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); - } - -int RSA_size(RSA *r) - { - return(BN_num_bytes(r->n)); - } - -int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); - } - -int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); - } - -int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); - } - -int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); - } - -int RSA_flags(RSA *r) - { - return((r == NULL)?0:r->meth->flags); - } - -void RSA_blinding_off(RSA *rsa) - { - if (rsa->blinding != NULL) - { - BN_BLINDING_free(rsa->blinding); - rsa->blinding=NULL; - } - rsa->flags&= ~RSA_FLAG_BLINDING; - } - -int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) - { - BIGNUM *A,*Ai; - BN_CTX *ctx; - int ret=0; - - if (p_ctx == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=p_ctx; - - if (rsa->blinding != NULL) - BN_BLINDING_free(rsa->blinding); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; - if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - - if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; - BN_free(Ai); - ret=1; -err: - BN_CTX_end(ctx); - if (ctx != p_ctx) BN_CTX_free(ctx); - return(ret); - } - -int RSA_memory_lock(RSA *r) - { - int i,j,k,off; - char *p; - BIGNUM *bn,**t[6],*b; - BN_ULONG *ul; - - if (r->d == NULL) return(1); - t[0]= &r->d; - t[1]= &r->p; - t[2]= &r->q; - t[3]= &r->dmp1; - t[4]= &r->dmq1; - t[5]= &r->iqmp; - k=sizeof(BIGNUM)*6; - off=k/sizeof(BN_ULONG)+1; - j=1; - for (i=0; i<6; i++) - j+= (*t[i])->top; - if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) - { - RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); - return(0); - } - bn=(BIGNUM *)p; - ul=(BN_ULONG *)&(p[off]); - for (i=0; i<6; i++) - { - b= *(t[i]); - *(t[i])= &(bn[i]); - memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); - bn[i].flags=BN_FLG_STATIC_DATA; - bn[i].d=ul; - memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); - ul+=b->top; - BN_clear_free(b); - } - - /* I should fix this so it can still be done */ - r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); - - r->bignum_data=p; - return(1); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_none.c b/AppleCSP/open_ssl/rsa/rsa_none.c deleted file mode 100644 index d340c8f3..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_none.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_none.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, - int flen) - { - if (flen > tlen) - { - RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - if (flen < tlen) - { - RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); - return(0); - } - - memcpy(to,from,(unsigned int)flen); - return(1); - } - -int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from, - int flen, int num) - { - - if (flen > tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); - return(-1); - } - - memset(to,0,tlen-flen); - memcpy(to+tlen-flen,from,flen); - return(tlen); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_null.c b/AppleCSP/open_ssl/rsa/rsa_null.c deleted file mode 100644 index f3268fa8..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_null.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* rsa_null.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -/* This is a dummy RSA implementation that just returns errors when called. - * It is designed to allow some RSA functions to work while stopping those - * covered by the RSA patent. That is RSA, encryption, decryption, signing - * and verify is not allowed but RSA key generation, key checking and other - * operations (like storing RSA keys) are permitted. - */ - -static int RSA_null_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -#if 0 /* not currently used */ -static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); -#endif -static int RSA_null_init(RSA *rsa); -static int RSA_null_finish(RSA *rsa); -static const RSA_METHOD rsa_null_meth={ - "Null RSA", - RSA_null_public_encrypt, - RSA_null_public_decrypt, - RSA_null_private_encrypt, - RSA_null_private_decrypt, - NULL, NULL, - RSA_null_init, - RSA_null_finish, - 0, - NULL, - }; - -const RSA_METHOD *RSA_null_method(void) - { - return(&rsa_null_meth); - } - -static int RSA_null_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -#if 0 /* not currently used */ -static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } -#endif - -static int RSA_null_init(RSA *rsa) - { - return(1); - } - -static int RSA_null_finish(RSA *rsa) - { - return(1); - } - - diff --git a/AppleCSP/open_ssl/rsa/rsa_pk1.c b/AppleCSP/open_ssl/rsa/rsa_pk1.c deleted file mode 100644 index 98fc3c88..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_pk1.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_pk1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *from, int flen) - { - int j; - unsigned char *p; - - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; - - *(p++)=0; - *(p++)=1; /* Private Key BT (Block Type) */ - - /* pad out with 0xff data */ - j=tlen-3-flen; - memset(p,0xff,j); - p+=j; - *(p++)='\0'; - memcpy(p,from,(unsigned int)flen); - return(1); - } - -int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *from, int flen, int num) - { - int i,j; - unsigned char *p; - - p=from; - if ((num != (flen+1)) || (*(p++) != 01)) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); - return(-1); - } - - /* scan over padding data */ - j=flen-1; /* one for type. */ - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); - } - -int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *from, int flen) - { - int i,j; - unsigned char *p; - - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; - - *(p++)=0; - *(p++)=2; /* Public Key BT (Block Type) */ - - /* pad out with non-zero random data */ - j=tlen-3-flen; - - if (RAND_bytes(p,j) <= 0) - return(0); - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_saos.c b/AppleCSP/open_ssl/rsa/rsa_saos.c deleted file mode 100644 index 82d4c617..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_saos.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_saos.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) - { - ASN1_OCTET_STRING sig; - int i,j,ret=1; - unsigned char *p,*s; - - sig.type=V_ASN1_OCTET_STRING; - sig.length=m_len; - sig.data=m; - - i=i2d_ASN1_OCTET_STRING(&sig,NULL); - j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) - { - RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return(0); - } - s=(unsigned char *)Malloc((unsigned int)j+1); - if (s == NULL) - { - RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); - return(0); - } - p=s; - i2d_ASN1_OCTET_STRING(&sig,&p); - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); - if (i <= 0) - ret=0; - else - *siglen=i; - - memset(s,0,(unsigned int)j+1); - Free(s); - return(ret); - } - -int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa) - { - int i,ret=0; - unsigned char *p,*s; - ASN1_OCTET_STRING *sig=NULL; - - if (siglen != (unsigned int)RSA_size(rsa)) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); - return(0); - } - - s=(unsigned char *)Malloc((unsigned int)siglen); - if (s == NULL) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); - goto err; - } - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); - - if (i <= 0) goto err; - - p=s; - sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); - if (sig == NULL) goto err; - - if ( ((unsigned int)sig->length != m_len) || - (memcmp(m,sig->data,m_len) != 0)) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); - } - else - ret=1; -err: - if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); - memset(s,0,(unsigned int)siglen); - Free(s); - return(ret); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_sign.c b/AppleCSP/open_ssl/rsa/rsa_sign.c deleted file mode 100644 index ebfd14f5..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_sign.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_sign.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -/* Size of an SSL signature: MD5+SHA1 */ -#define SSL_SIG_LENGTH 36 - -int RSA_sign(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) - { - X509_SIG sig; - ASN1_TYPE parameter; - int i,j,ret=1; - unsigned char *p,*s = NULL; - X509_ALGOR algor; - ASN1_OCTET_STRING digest; - if(rsa->flags & RSA_FLAG_SIGN_VER) - return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); - /* Special case: SSL signature, just check the length */ - if(type == NID_md5_sha1) { - if(m_len != SSL_SIG_LENGTH) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); - return(0); - } - i = SSL_SIG_LENGTH; - s = m; - } else { - sig.algor= &algor; - sig.algor->algorithm=OBJ_nid2obj(type); - if (sig.algor->algorithm == NULL) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); - return(0); - } - if (sig.algor->algorithm->length == 0) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - return(0); - } - parameter.type=V_ASN1_NULL; - parameter.value.ptr=NULL; - sig.algor->parameter= ¶meter; - - sig.digest= &digest; - sig.digest->data=m; - sig.digest->length=m_len; - - i=i2d_X509_SIG(&sig,NULL); - } - j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return(0); - } - if(type != NID_md5_sha1) { - s=(unsigned char *)Malloc((unsigned int)j+1); - if (s == NULL) - { - RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); - return(0); - } - p=s; - i2d_X509_SIG(&sig,&p); - } - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); - if (i <= 0) - ret=0; - else - *siglen=i; - - if(type != NID_md5_sha1) { - memset(s,0,(unsigned int)j+1); - Free(s); - } - return(ret); - } - -int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) - { - int i,ret=0,sigtype; - unsigned char *p,*s; - X509_SIG *sig=NULL; - - if (siglen != (unsigned int)RSA_size(rsa)) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); - return(0); - } - - if(rsa->flags & RSA_FLAG_SIGN_VER) - return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); - - s=(unsigned char *)Malloc((unsigned int)siglen); - if (s == NULL) - { - RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); - return(0); - } - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); - - if (i <= 0) goto err; - - /* Special case: SSL signature */ - if(dtype == NID_md5_sha1) { - if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); - else ret = 1; - } else { - p=s; - sig=d2i_X509_SIG(NULL,&p,(long)i); - - if (sig == NULL) goto err; - sigtype=OBJ_obj2nid(sig->algor->algorithm); - - - #ifdef RSA_DEBUG - /* put a backward compatibility flag in EAY */ - fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), - OBJ_nid2ln(dtype)); - #endif - if (sigtype != dtype) - { - if (((dtype == NID_md5) && - (sigtype == NID_md5WithRSAEncryption)) || - ((dtype == NID_md2) && - (sigtype == NID_md2WithRSAEncryption))) - { - /* ok, we will let it through */ - #if !defined(NO_STDIO) && !defined(WIN16) - fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); - #endif - } - else - { - RSAerr(RSA_F_RSA_VERIFY, - RSA_R_ALGORITHM_MISMATCH); - goto err; - } - } - if ( ((unsigned int)sig->digest->length != m_len) || - (memcmp(m,sig->digest->data,m_len) != 0)) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); - } - else - ret=1; - } -err: - if (sig != NULL) X509_SIG_free(sig); - memset(s,0,(unsigned int)siglen); - Free(s); - return(ret); - } - diff --git a/AppleCSP/open_ssl/rsa/rsa_ssl.c b/AppleCSP/open_ssl/rsa/rsa_ssl.c deleted file mode 100644 index f9a6a852..00000000 --- a/AppleCSP/open_ssl/rsa/rsa_ssl.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/rsa/rsa_ssl.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, - int flen) - { - int i,j; - unsigned char *p; - - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; - - *(p++)=0; - *(p++)=2; /* Public Key BT (Block Type) */ - - /* pad out with non-zero random data */ - j=tlen-3-8-flen; - - if (RAND_bytes(p,j) <= 0) - return(0); - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); - } - diff --git a/AppleCSP/open_ssl/stack/stack.c b/AppleCSP/open_ssl/stack/stack.c deleted file mode 100644 index d62120c7..00000000 --- a/AppleCSP/open_ssl/stack/stack.c +++ /dev/null @@ -1,329 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* crypto/stack/stack.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Code for stacks - * Author - Eric Young v 1.0 - * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the - * lowest index for the searched item. - * - * 1.1 eay - Take from netdb and added to SSLeay - * - * 1.0 eay - First version 29/07/92 - */ -#include -#include "cryptlib.h" -#include - -#undef MIN_NODES -#define MIN_NODES 4 - -const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT; - -#define FP_ICC (int (*)(const void *,const void *)) -#include - -int (*sk_set_cmp_func(STACK *sk, int (*c)()))(void) - { - int (*old)()=sk->comp; - - if (sk->comp != c) - sk->sorted=0; - sk->comp=c; - - return old; - } - -STACK *sk_dup(STACK *sk) - { - STACK *ret; - char **s; - - if ((ret=sk_new(sk->comp)) == NULL) goto err; - s=(char **)Realloc((char *)ret->data, - (unsigned int)sizeof(char *)*sk->num_alloc); - if (s == NULL) goto err; - ret->data=s; - - ret->num=sk->num; - memcpy(ret->data,sk->data,sizeof(char *)*sk->num); - ret->sorted=sk->sorted; - ret->num_alloc=sk->num_alloc; - ret->comp=sk->comp; - return(ret); -err: - return(NULL); - } - -STACK *sk_new(int (*c)()) - { - STACK *ret; - int i; - - if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL) - goto err0; - if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL) - goto err1; - for (i=0; idata[i]=NULL; - ret->comp=c; - ret->num_alloc=MIN_NODES; - ret->num=0; - ret->sorted=0; - return(ret); -err1: - Free(ret); -err0: - return(NULL); - } - -int sk_insert(STACK *st, char *data, int loc) - { - char **s; - - if(st == NULL) return 0; - if (st->num_alloc <= st->num+1) - { - s=(char **)Realloc((char *)st->data, - (unsigned int)sizeof(char *)*st->num_alloc*2); - if (s == NULL) - return(0); - st->data=s; - st->num_alloc*=2; - } - if ((loc >= (int)st->num) || (loc < 0)) - st->data[st->num]=data; - else - { - int i; - char **f,**t; - - f=(char **)st->data; - t=(char **)&(st->data[1]); - for (i=st->num; i>=loc; i--) - t[i]=f[i]; - -#ifdef undef /* no memmove on sunos :-( */ - memmove( (char *)&(st->data[loc+1]), - (char *)&(st->data[loc]), - sizeof(char *)*(st->num-loc)); -#endif - st->data[loc]=data; - } - st->num++; - st->sorted=0; - return(st->num); - } - -char *sk_delete_ptr(STACK *st, char *p) - { - int i; - - for (i=0; inum; i++) - if (st->data[i] == p) - return(sk_delete(st,i)); - return(NULL); - } - -char *sk_delete(STACK *st, int loc) - { - char *ret; - int i,j; - - if ((st == NULL) || (st->num == 0) || (loc < 0) - || (loc >= st->num)) return(NULL); - - ret=st->data[loc]; - if (loc != st->num-1) - { - j=st->num-1; - for (i=loc; idata[i]=st->data[i+1]; - /* In theory memcpy is not safe for this - * memcpy( &(st->data[loc]), - * &(st->data[loc+1]), - * sizeof(char *)*(st->num-loc-1)); - */ - } - st->num--; - return(ret); - } - -int sk_find(STACK *st, char *data) - { - char **r; - int i; - int (*comp_func)(); - if(st == NULL) return -1; - - if (st->comp == NULL) - { - for (i=0; inum; i++) - if (st->data[i] == data) - return(i); - return(-1); - } - sk_sort(st); - if (data == NULL) return(-1); - comp_func=(int (*)())st->comp; - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *),FP_ICC comp_func); - if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - if ((*st->comp)(&(st->data[i-1]),&data) < 0) - break; - return(i); - } - -int sk_push(STACK *st, char *data) - { - return(sk_insert(st,data,st->num)); - } - -int sk_unshift(STACK *st, char *data) - { - return(sk_insert(st,data,0)); - } - -char *sk_shift(STACK *st) - { - if (st == NULL) return(NULL); - if (st->num <= 0) return(NULL); - return(sk_delete(st,0)); - } - -char *sk_pop(STACK *st) - { - if (st == NULL) return(NULL); - if (st->num <= 0) return(NULL); - return(sk_delete(st,st->num-1)); - } - -void sk_zero(STACK *st) - { - if (st == NULL) return; - if (st->num <= 0) return; - memset((char *)st->data,0,sizeof(st->data)*st->num); - st->num=0; - } - -void sk_pop_free(STACK *st, void (*func)()) - { - int i; - - if (st == NULL) return; - for (i=0; inum; i++) - if (st->data[i] != NULL) - func(st->data[i]); - sk_free(st); - } - -void sk_free(STACK *st) - { - if (st == NULL) return; - if (st->data != NULL) Free(st->data); - Free(st); - } - -int sk_num(STACK *st) -{ - if(st == NULL) return -1; - return st->num; -} - -char *sk_value(STACK *st, int i) -{ - if(st == NULL) return NULL; - return st->data[i]; -} - -char *sk_set(STACK *st, int i, char *value) -{ - if(st == NULL) return NULL; - return (st->data[i] = value); -} - -void sk_sort(STACK *st) - { - if (!st->sorted) - { - int (*comp_func)(); - - comp_func=(int (*)())st->comp; - qsort(st->data,st->num,sizeof(char *),FP_ICC comp_func); - st->sorted=1; - } - } diff --git a/AppleCSPDL/AppleCSPDLPlugin.cpp b/AppleCSPDL/AppleCSPDLPlugin.cpp deleted file mode 100644 index 0b68310f..00000000 --- a/AppleCSPDL/AppleCSPDLPlugin.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtai -n - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Produce the "genuine plugin version" of the Apple "file DL" -// -#include - - -// -// Create the plugin object and generate the C layer hookup -// -ModuleNexus plugin; - -#include diff --git a/AppleCSPDL/CSPDLDatabase.cpp b/AppleCSPDL/CSPDLDatabase.cpp deleted file mode 100644 index d3ede0f2..00000000 --- a/AppleCSPDL/CSPDLDatabase.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPDLDatabase.cpp - Description t.b.d. -// -#include "CSPDLDatabase.h" -#include -#include -#include -#include -#include - -// -// CSPDLDatabaseManager implementation -// -Database * -CSPDLDatabaseManager::make(const DbName &inDbName) -{ - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); -} diff --git a/AppleCSPDL/CSPDLDatabase.h b/AppleCSPDL/CSPDLDatabase.h deleted file mode 100644 index 000b2af5..00000000 --- a/AppleCSPDL/CSPDLDatabase.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPDLDatabase.h - Description t.b.d. -// -#ifndef _H_CSPDLDATABASE -#define _H_CSPDLDATABASE - -#include -#include -#include -#include -#include - -// -// CSPDLDatabaseManager -// -class CSPDLDatabaseManager : public DatabaseManager -{ -public: - Database *make(const DbName &inDbName); -}; - -#endif //_H_CSPDLDATABASE diff --git a/AppleCSPDL/CSPDLPlugin.cpp b/AppleCSPDL/CSPDLPlugin.cpp deleted file mode 100644 index f101211d..00000000 --- a/AppleCSPDL/CSPDLPlugin.cpp +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPDLPlugin.cpp - File Based CSP/DL plug-in module. -// -#include "CSPDLPlugin.h" - -#include "SSCSPSession.h" -#include "SSDLSession.h" - - -// -// Make and break the plugin object -// -CSPDLPlugin::CSPDLPlugin() - : mRawCsp(gGuidAppleCSP) -{ -} - -CSPDLPlugin::~CSPDLPlugin() -{ -} - - -// -// Create a new plugin session, our way -// -PluginSession * -CSPDLPlugin::makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) -{ - switch (subserviceType) - { - case CSSM_SERVICE_CSP: - return new SSCSPSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls, - mSSCSPDLSession, - mRawCsp); - case CSSM_SERVICE_DL: - return new SSDLSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls, - mDatabaseManager, - mSSCSPDLSession); - default: - CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo - } -} diff --git a/AppleCSPDL/CSPDLPlugin.h b/AppleCSPDL/CSPDLPlugin.h deleted file mode 100644 index edb4111a..00000000 --- a/AppleCSPDL/CSPDLPlugin.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPDLCSPDL.h - File Based CSP/DL plug-in module. -// -#ifndef _H_CSPDLPLUGIN -#define _H_CSPDLPLUGIN - -#include "SSCSPDLSession.h" -#include "CSPDLDatabase.h" -#include "SSFactory.h" -#include -#include - -class SSCSPSession; - -class CSPDLPlugin : public CssmPlugin -{ - NOCOPY(CSPDLPlugin) -public: - CSPDLPlugin(); - ~CSPDLPlugin(); - - PluginSession *makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); -private: - friend class SSCSPSession; - friend class SSCSPDLSession; - SSCSPDLSession mSSCSPDLSession; - CSPDLDatabaseManager mDatabaseManager; - SSFactory mSSFactory; - CssmClient::CSP mRawCsp; // raw (nonsecure) CSP connection -}; - - -#endif //_H_CSPDLPLUGIN diff --git a/AppleCSPDL/CVSVersionInfo.txt b/AppleCSPDL/CVSVersionInfo.txt deleted file mode 100644 index 2bc0c2db..00000000 --- a/AppleCSPDL/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:51 mb Exp $ -# $Name: $ -ProjectName: AppleCSPDL -ProjectVersion: 15 diff --git a/AppleCSPDL/KeySchema.h b/AppleCSPDL/KeySchema.h deleted file mode 100644 index a76ea150..00000000 --- a/AppleCSPDL/KeySchema.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// KeySchema.h -// -#ifndef _H_KEYSCHEMA -#define _H_KEYSCHEMA - -#include - -namespace KeySchema -{ - extern const CSSM_DB_ATTRIBUTE_INFO KeyClass; - extern const CSSM_DB_ATTRIBUTE_INFO PrintName; - extern const CSSM_DB_ATTRIBUTE_INFO Alias; - extern const CSSM_DB_ATTRIBUTE_INFO Permanent; - extern const CSSM_DB_ATTRIBUTE_INFO Private; - extern const CSSM_DB_ATTRIBUTE_INFO Modifiable; - extern const CSSM_DB_ATTRIBUTE_INFO Label; - extern const CSSM_DB_ATTRIBUTE_INFO ApplicationTag; - extern const CSSM_DB_ATTRIBUTE_INFO KeyCreator; - extern const CSSM_DB_ATTRIBUTE_INFO KeyType; - extern const CSSM_DB_ATTRIBUTE_INFO KeySizeInBits; - extern const CSSM_DB_ATTRIBUTE_INFO EffectiveKeySize; - extern const CSSM_DB_ATTRIBUTE_INFO StartDate; - extern const CSSM_DB_ATTRIBUTE_INFO EndDate; - extern const CSSM_DB_ATTRIBUTE_INFO Sensitive; - extern const CSSM_DB_ATTRIBUTE_INFO AlwaysSensitive; - extern const CSSM_DB_ATTRIBUTE_INFO Extractable; - extern const CSSM_DB_ATTRIBUTE_INFO NeverExtractable; - extern const CSSM_DB_ATTRIBUTE_INFO Encrypt; - extern const CSSM_DB_ATTRIBUTE_INFO Decrypt; - extern const CSSM_DB_ATTRIBUTE_INFO Derive; - extern const CSSM_DB_ATTRIBUTE_INFO Sign; - extern const CSSM_DB_ATTRIBUTE_INFO Verify; - extern const CSSM_DB_ATTRIBUTE_INFO SignRecover; - extern const CSSM_DB_ATTRIBUTE_INFO VerifyRecover; - extern const CSSM_DB_ATTRIBUTE_INFO Wrap; - extern const CSSM_DB_ATTRIBUTE_INFO Unwrap; - - extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO KeySchemaAttributeList[]; - extern const CSSM_DB_SCHEMA_INDEX_INFO KeySchemaIndexList[]; - extern const uint32 KeySchemaAttributeCount; - extern const uint32 KeySchemaIndexCount; -}; - - -#endif // _H_KEYSCHEMA diff --git a/AppleCSPDL/KeySchema.m4 b/AppleCSPDL/KeySchema.m4 deleted file mode 100644 index 321d6dc8..00000000 --- a/AppleCSPDL/KeySchema.m4 +++ /dev/null @@ -1,137 +0,0 @@ -divert(-1) -changecom(/*, */) -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -define(`startClass', -`define(`indexIndex', 0)dnl -define(`class', $1)dnl -divert(1)dnl -// $1 `attribute numbers -enum -{' -divert(2)dnl -// $1 attributes -const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] = -{ -divert(3)dnl -// $1 indices -const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] = -{') - -define(`endClass', -`divert(1)dnl -}; - -divert(2)dnl -}; - -const uint32 class()SchemaAttributeCount = sizeof(class()SchemaAttributeList) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO); - -divert(3)dnl -` // Unique (primary) index' -undivert(5) -` // Secondary indices' -undivert(6)dnl -}; - -const uint32 class()SchemaIndexCount = sizeof(class()SchemaIndexList) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO); - -undivert(4)dnl -divert(0)dnl -undivert(1)dnl -undivert(2)dnl -undivert(3)dnl') - -define(`attributeBody', -`{ -ifelse(index(`$1',`s'),-1, -` CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - {(char *)$3},', -` CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {$4},') - CSSM_DB_ATTRIBUTE_FORMAT_$7 -}') - -define(`simpleAttribute', -`const CSSM_DB_ATTRIBUTE_INFO $2 = -attributeBody($*); -') - -define(`attribute', -`divert(1)dnl - $3, -divert(2)dnl - { $3, $4, { $5, $6 }, CSSM_DB_ATTRIBUTE_FORMAT_$7 }, -divert(-1) -ifelse(index(`$1',`S'),-1,`', -`divert(4)dnl -simpleAttribute($*) -divert(-1)')dnl - -ifelse(index(`$1',`U'),-1,`', -`divert(5)dnl - { $3, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, -divert(-1)')dnl -ifelse(index(`$1',`I'),-1,`', -`define(`indexIndex', incr(indexIndex))dnl -divert(6)dnl - { $3, indexIndex(), CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, -divert(-1)')') - -/* Start of actual output */ -divert(0)dnl -/* - * Generated by m4 from KeySchema.m4 please do not edit this file. - */ - -`#include "KeySchema.h"' - -namespace KeySchema { - -divert(-1) -startClass(Key) -attribute(` Ss', KeyClass, kKeyClass, "KeyClass", 0, NULL, UINT32) -attribute(` Ss', PrintName, kPrintName, "PrintName", 0, NULL, BLOB) -attribute(` Ss', Alias, kAlias, "Alias", 0, NULL, BLOB) -attribute(` Ss', Permanent, kPermanent, "Permanent", 0, NULL, UINT32) -attribute(` Ss', Private, kPrivate, "Private", 0, NULL, UINT32) -attribute(` Ss', Modifiable, kModifiable, "Modifiable", 0, NULL, UINT32) -attribute(`UISs', Label, kLabel, "Label", 0, NULL, BLOB) -attribute(`U Ss', ApplicationTag, kApplicationTag, "ApplicationTag", 0, NULL, BLOB) -attribute(`U Ss', KeyCreator, kKeyCreator, "KeyCreator", 0, NULL, BLOB) -attribute(`U Ss', KeyType, kKeyType, "KeyType", 0, NULL, UINT32) -attribute(`U Ss', KeySizeInBits, kKeySizeInBits, "KeySizeInBits", 0, NULL, UINT32) -attribute(`U Ss', EffectiveKeySize, kEffectiveKeySize, "EffectiveKeySize", 0, NULL, UINT32) -attribute(`U Ss', StartDate, kStartDate, "StartDate", 0, NULL, BLOB) -attribute(`U Ss', EndDate, kEndDate, "EndDate", 0, NULL, BLOB) -attribute(` Ss', Sensitive, kSensitive, "Sensitive", 0, NULL, UINT32) -attribute(` Ss', AlwaysSensitive, kAlwaysSensitive, "AlwaysSensitive", 0, NULL, UINT32) -attribute(` Ss', Extractable, kExtractable, "Extractable", 0, NULL, UINT32) -attribute(` Ss', NeverExtractable, kNeverExtractable, "NeverExtractable", 0, NULL, UINT32) -attribute(` ISs', Encrypt, kEncrypt, "Encrypt", 0, NULL, UINT32) -attribute(` ISs', Decrypt, kDecrypt, "Decrypt", 0, NULL, UINT32) -attribute(` ISs', Derive, kDerive, "Derive", 0, NULL, UINT32) -attribute(` ISs', Sign, kSign, "Sign", 0, NULL, UINT32) -attribute(` ISs', Verify, kVerify, "Verify", 0, NULL, UINT32) -attribute(` ISs', SignRecover, kSignRecover, "SignRecover", 0, NULL, UINT32) -attribute(` ISs', VerifyRecover, kVerifyRecover, "VerifyRecover", 0, NULL, UINT32) -attribute(` ISs', Wrap, kWrap, "Wrap", 0, NULL, UINT32) -attribute(` ISs', Unwrap, kUnwrap, "Unwrap", 0, NULL, UINT32) -endClass() - -} // end namespace KeySchema diff --git a/AppleCSPDL/SSCSPDLSession.cpp b/AppleCSPDL/SSCSPDLSession.cpp deleted file mode 100644 index 23d66f76..00000000 --- a/AppleCSPDL/SSCSPDLSession.cpp +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSCSPDLSession.cpp - Security Server CSP/DL session. -// -#include "SSCSPDLSession.h" - -#include "CSPDLPlugin.h" -#include "SSKey.h" - - -#ifndef SECURITYSERVER_ACL_EDITS - -#include -#include -#include - -// -// ClientSessionKey - Lightweight wrapper for a KeyHandle that is also an CssmClient::AclBearer -// -class ClientSessionKey: public CssmClient::AclBearer -{ -public: - ClientSessionKey(SecurityServer::ClientSession &clientSession, SecurityServer::KeyHandle keyHandle); - ~ClientSessionKey(); - - // Acl manipulation - virtual void getAcl(AutoAclEntryInfoList &aclInfos, - const char *selectionTag = NULL) const; - virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *cred = NULL); - - // Acl owner manipulation - virtual void getOwner(AutoAclOwnerPrototype &owner) const; - virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *cred = NULL); - - -private: - SecurityServer::ClientSession &mClientSession; - SecurityServer::KeyHandle mKeyHandle; -}; - -#endif //!SECURITYSERVER_ACL_EDITS - - -using namespace SecurityServer; - -// -// SSCSPDLSession -- Security Server CSP session -// -SSCSPDLSession::SSCSPDLSession() -{ -} - - -// -// Reference Key management -// -void -SSCSPDLSession::makeReferenceKey(SSCSPSession &session, KeyHandle inKeyHandle, - CssmKey &outKey, SSDatabase &inSSDatabase, - uint32 inKeyAttr, const CssmData *inKeyLabel) -{ - new SSKey(session, inKeyHandle, outKey, inSSDatabase, inKeyAttr, - inKeyLabel); -} - -SSKey & -SSCSPDLSession::lookupKey(const CssmKey &inKey) -{ - /* for now we only allow ref keys */ - if(inKey.blobType() != CSSM_KEYBLOB_REFERENCE) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - /* fetch key (this is just mapping the value in inKey.KeyData to an SSKey) */ - SSKey &theKey = find(inKey); - - #ifdef someday - /* - * Make sure caller hasn't changed any crucial header fields. - * Some fields were changed by makeReferenceKey, so make a local copy.... - */ - CSSM_KEYHEADER localHdr = cssmKey.KeyHeader; - get binKey-like thing from SSKey, maybe SSKey should keep a copy of - hdr...but that's' not supersecure....; - - localHdr.BlobType = binKey->mKeyHeader.BlobType; - localHdr.Format = binKey->mKeyHeader.Format; - if(memcmp(&localHdr, &binKey->mKeyHeader, sizeof(CSSM_KEYHEADER))) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - #endif - return theKey; -} - -// Notification we receive when the acl on a key has changed. We should write it back to disk if it's persistant. -void -SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession, - KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag) -{ -#ifndef SECURITYSERVER_ACL_EDITS - { - // The user checked to don't ask again checkbox in the rogue app alert. Let's edit the ACL for this key and add the calling application (ourself) to it. - secdebug("keyacl", "SSCSPDLSession::didChangeKeyAcl(keyHandle: %lu tag: %lu)", keyHandle, tag); - ClientSessionKey csKey(clientSession, keyHandle); // the underlying key - KeychainCore::SecPointer access = new KeychainCore::Access(csKey); // extract access rights - KeychainCore::SecPointer thisApp = new KeychainCore::TrustedApplication; - access->addApplicationToRight(tag, thisApp.get()); // add this app - access->setAccess(csKey, true); // commit - } -#endif // !SECURITYSERVER_ACL_EDITS - - SSKey *theKey = NULL; - - { - // Lookup the SSKey for the KeyHandle - StLock _(mKeyMapLock); - KeyMap::const_iterator it; - KeyMap::const_iterator end = mKeyMap.end(); - for (it = mKeyMap.begin(); it != end; ++it) - { - SSKey *aKey = dynamic_cast(it->second); - if (aKey->optionalKeyHandle() == keyHandle) - { - // Write the key to disk if it's persistant. - theKey = aKey; - break; - } - } - } - - if (theKey) - { - theKey->didChangeAcl(); - } - else - { - // @@@ Should we really throw here or just continue without updating the ACL? In reality this should never happen, so let's at least log it and throw. - secdebug("keyacl", "SSCSPDLSession::didChangeKeyAcl() keyHandle: %lu not found in map", keyHandle); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } -} - -void -SSCSPDLSession::didChangeKeyAclCallback(void *context, SecurityServer::ClientSession &clientSession, - SecurityServer::KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag) -{ - reinterpret_cast(context)->didChangeKeyAcl(clientSession, key, tag); -} - -#ifndef SECURITYSERVER_ACL_EDITS -// -// ClientSessionKey - Lightweight wrapper for a KeyHandle that is also an CssmClient::AclBearer -// -ClientSessionKey::ClientSessionKey(ClientSession &clientSession, SecurityServer::KeyHandle keyHandle) : - mClientSession(clientSession), - mKeyHandle(keyHandle) -{ -} - -ClientSessionKey::~ClientSessionKey() -{ -} - -void -ClientSessionKey::getAcl(AutoAclEntryInfoList &aclInfos, - const char *selectionTag) const -{ - secdebug("keyacl", "ClientSessionKey::getAcl() keyHandle: %lu", mKeyHandle); - aclInfos.allocator(mClientSession.returnAllocator); - mClientSession.getKeyAcl(mKeyHandle, selectionTag, - *static_cast(aclInfos), - *reinterpret_cast(static_cast(aclInfos))); -} - -void -ClientSessionKey::changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - secdebug("keyacl", "ClientSessionKey::changeAcl() keyHandle: %lu", mKeyHandle); - mClientSession.changeKeyAcl(mKeyHandle, AccessCredentials::overlay(*cred), AclEdit::overlay(aclEdit)); -} - -void -ClientSessionKey::getOwner(AutoAclOwnerPrototype &owner) const -{ - secdebug("keyacl", "ClientSessionKey::getOwner() keyHandle: %lu", mKeyHandle); - owner.allocator(mClientSession.returnAllocator); - mClientSession.getKeyOwner(mKeyHandle, - *reinterpret_cast(static_cast(owner))); -} - -void -ClientSessionKey::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - secdebug("keyacl", "ClientSessionKey::changeOwner() keyHandle: %lu", mKeyHandle); - mClientSession.changeKeyOwner(mKeyHandle, AccessCredentials::overlay(*cred), AclOwnerPrototype::overlay(newOwner)); -} - -#endif // !SECURITYSERVER_ACL_EDITS diff --git a/AppleCSPDL/SSCSPDLSession.h b/AppleCSPDL/SSCSPDLSession.h deleted file mode 100644 index 6e14163b..00000000 --- a/AppleCSPDL/SSCSPDLSession.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSCSPDLSession.h - File Based CSP/DL plug-in module. -// -#ifndef _H_SSCSPDLSESSION -#define _H_SSCSPDLSESSION - -#include -#include - - -class CSPDLPlugin; -class SSFactory; -class SSCSPSession; -class SSDatabase; -class SSKey; - -class SSCSPDLSession: public KeyPool -{ -public: - SSCSPDLSession(); - - void makeReferenceKey(SSCSPSession &session, - SecurityServer::KeyHandle inKeyHandle, - CssmKey &outKey, SSDatabase &inSSDatabase, - uint32 inKeyAttr, const CssmData *inKeyLabel); - SSKey &lookupKey(const CssmKey &inKey); - - /* Notification we receive when a key's acl has been modified. */ - void didChangeKeyAcl(SecurityServer::ClientSession &clientSession, - SecurityServer::KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag); - - static void didChangeKeyAclCallback(void *context, SecurityServer::ClientSession &clientSession, - SecurityServer::KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag); -}; - - -#endif // _H_SSCSPDLSESSION diff --git a/AppleCSPDL/SSCSPSession.cpp b/AppleCSPDL/SSCSPSession.cpp deleted file mode 100644 index 4b05550b..00000000 --- a/AppleCSPDL/SSCSPSession.cpp +++ /dev/null @@ -1,610 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSCSPSession.cpp - Security Server CSP session. -// -#include "SSCSPSession.h" - -#include "CSPDLPlugin.h" -#include "SSDatabase.h" -#include "SSDLSession.h" -#include "SSKey.h" - -#include - -using namespace std; -using namespace SecurityServer; - -// -// SSCSPSession -- Security Server CSP session -// -SSCSPSession::SSCSPSession(CSSM_MODULE_HANDLE handle, - CSPDLPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - SSCSPDLSession &ssCSPDLSession, - CssmClient::CSP &rawCsp) -: CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType, - attachFlags, upcalls), - mSSCSPDLSession(ssCSPDLSession), - mSSFactory(plug.mSSFactory), - mRawCsp(rawCsp), - mClientSession(CssmAllocator::standard(), *this) -{ - mClientSession.registerForAclEdits(SSCSPDLSession::didChangeKeyAclCallback, &mSSCSPDLSession); -} - -// -// Called at (CSSM) context create time. This is ignored; we do a full -// context setup later, at setupContext time. -// -CSPFullPluginSession::CSPContext * -SSCSPSession::contextCreate(CSSM_CC_HANDLE handle, const Context &context) -{ - return NULL; -} - - -// -// Called by CSPFullPluginSession when an op is actually commencing. -// Context can safely assumed to be fully formed and stable for the -// duration of the op; thus we wait until now to set up our -// CSPContext as appropriate to the op. -// -void -SSCSPSession::setupContext(CSPContext * &cspCtx, - const Context &context, - bool encoding) -{ - // note we skip this if this CSPContext is being reused - if (cspCtx == NULL) - { - - if (mSSFactory.setup(*this, cspCtx, context, encoding)) - return; - -#if 0 - if (mBSafe4Factory.setup(*this, cspCtx, context)) - return; - - if (mCryptKitFactory.setup(*this, cspCtx, context)) - return; -#endif - - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } -} - - -// -// DL interaction -// -SSDatabase -SSCSPSession::getDatabase(const Context &context) -{ - return getDatabase(context.get(CSSM_ATTRIBUTE_DL_DB_HANDLE)); -} - -SSDatabase -SSCSPSession::getDatabase(CSSM_DL_DB_HANDLE *aDLDbHandle) -{ - if (aDLDbHandle) - return findSession(aDLDbHandle->DLHandle).findDbHandle(aDLDbHandle->DBHandle); - else - return SSDatabase(); -} - - -// -// Reference Key management -// -void -SSCSPSession::makeReferenceKey(KeyHandle inKeyHandle, CssmKey &ioKey, SSDatabase &inSSDatabase, - uint32 inKeyAttr, const CssmData *inKeyLabel) -{ - return mSSCSPDLSession.makeReferenceKey(*this, inKeyHandle, ioKey, inSSDatabase, inKeyAttr, inKeyLabel); -} - -SSKey & -SSCSPSession::lookupKey(const CssmKey &inKey) -{ - return mSSCSPDLSession.lookupKey(inKey); -} - - -// -// Key creating and handeling members -// -void -SSCSPSession::WrapKey(CSSM_CC_HANDLE CCHandle, - const Context &context, - const AccessCredentials &AccessCred, - const CssmKey &Key, - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege) -{ - // @@@ Deal with permanent keys - const CssmKey *keyInContext = - context.get(CSSM_ATTRIBUTE_KEY); - - KeyHandle contextKeyHandle = (keyInContext - ? lookupKey(*keyInContext).keyHandle() - : noKey); - clientSession().wrapKey(context, contextKeyHandle, - lookupKey(Key).keyHandle(), &AccessCred, - DescriptiveData, WrappedKey, *this); -} - -void -SSCSPSession::UnwrapKey(CSSM_CC_HANDLE CCHandle, - const Context &context, - const CssmKey *PublicKey, - const CssmWrappedKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege) -{ - SSDatabase database = getDatabase(context); - validateKeyAttr(KeyAttr); - const AccessCredentials *cred = NULL; - const AclEntryInput *owner = NULL; - if (CredAndAclEntry) - { - cred = AccessCredentials::overlay(CredAndAclEntry->AccessCred); - owner = &AclEntryInput::overlay(CredAndAclEntry->InitialAclEntry); - } - - KeyHandle publicKey = noKey; - if (PublicKey) - { - if (PublicKey->blobType() == CSSM_KEYBLOB_RAW) - { - // @@@ We need to unwrap the publicKey into the SecurityServer - // before continuing - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - else - publicKey = lookupKey(*PublicKey).keyHandle(); - } - - // @@@ Deal with permanent keys - const CssmKey *keyInContext = - context.get(CSSM_ATTRIBUTE_KEY); - - KeyHandle contextKeyHandle = - keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey; - - KeyHandle unwrappedKeyHandle; - clientSession().unwrapKey(database.dbHandle(), context, contextKeyHandle, - publicKey, WrappedKey, KeyUsage, KeyAttr, - cred, owner, DescriptiveData, unwrappedKeyHandle, - UnwrappedKey.header(), *this); - makeReferenceKey(unwrappedKeyHandle, UnwrappedKey, database, KeyAttr, - KeyLabel); -} - -void -SSCSPSession::DeriveKey(CSSM_CC_HANDLE ccHandle, - const Context &context, - CssmData ¶m, - uint32 keyUsage, - uint32 keyAttr, - const CssmData *keyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &derivedKey) -{ - SSDatabase database = getDatabase(context); - validateKeyAttr(keyAttr); - const AccessCredentials *cred = NULL; - const AclEntryInput *owner = NULL; - if (credAndAclEntry) - { - cred = AccessCredentials::overlay(credAndAclEntry->AccessCred); - owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry); - } - - /* optional BaseKey */ - const CssmKey *keyInContext = - context.get(CSSM_ATTRIBUTE_KEY); - KeyHandle contextKeyHandle = - keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey; - KeyHandle keyHandle; - switch(context.algorithm()) { - case CSSM_ALGID_KEYCHAIN_KEY: - { - // special interpretation: take DLDBHandle -> DbHandle from params - clientSession().extractMasterKey(database.dbHandle(), context, - getDatabase(param.interpretedAs(CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE)).dbHandle(), - keyUsage, keyAttr, cred, owner, keyHandle, derivedKey.header()); - } - break; - default: - clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage, - keyAttr, param, cred, owner, keyHandle, derivedKey.header()); - break; - } - makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel); -} - -void -SSCSPSession::GenerateKey(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 keyUsage, - uint32 keyAttr, - const CssmData *keyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &key, - CSSM_PRIVILEGE privilege) -{ - SSDatabase database = getDatabase(context); - validateKeyAttr(keyAttr); - const AccessCredentials *cred = NULL; - const AclEntryInput *owner = NULL; - if (credAndAclEntry) - { - cred = AccessCredentials::overlay(credAndAclEntry->AccessCred); - owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry); - } - - KeyHandle keyHandle; - clientSession().generateKey(database.dbHandle(), context, keyUsage, - keyAttr, cred, owner, keyHandle, key.header()); - makeReferenceKey(keyHandle, key, database, keyAttr, keyLabel); -} - -void -SSCSPSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 publicKeyUsage, - uint32 publicKeyAttr, - const CssmData *publicKeyLabel, - CssmKey &publicKey, - uint32 privateKeyUsage, - uint32 privateKeyAttr, - const CssmData *privateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &privateKey, - CSSM_PRIVILEGE privilege) -{ - SSDatabase database = getDatabase(context); - validateKeyAttr(publicKeyAttr); - validateKeyAttr(privateKeyAttr); - const AccessCredentials *cred = NULL; - const AclEntryInput *owner = NULL; - if (credAndAclEntry) - { - cred = AccessCredentials::overlay(credAndAclEntry->AccessCred); - owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry); - } - - /* - * Public keys must be extractable in the clear - that's the Apple - * policy. The raw CSP is unable to enforce the extractable - * bit since it always sees that as true (it's managed and forced - * true by the SecurityServer). So... - */ - if(!(publicKeyAttr & CSSM_KEYATTR_EXTRACTABLE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - KeyHandle pubKeyHandle, privKeyHandle; - clientSession().generateKey(database.dbHandle(), context, - publicKeyUsage, publicKeyAttr, - privateKeyUsage, privateKeyAttr, - cred, owner, - pubKeyHandle, publicKey.header(), - privKeyHandle, privateKey.header()); - makeReferenceKey(privKeyHandle, privateKey, database, privateKeyAttr, - privateKeyLabel); - // @@@ What if this throws, we need to free privateKey. - makeReferenceKey(pubKeyHandle, publicKey, database, publicKeyAttr, - publicKeyLabel); -} - -void -SSCSPSession::ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey, - CssmKey &PrivateKey) -{ - unimplemented(); -} - -void -SSCSPSession::QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey &Key, - CSSM_KEY_SIZE &KeySize) -{ - unimplemented(); -} - -void -SSCSPSession::FreeKey(const AccessCredentials *accessCred, - CssmKey &ioKey, CSSM_BOOL deleteKey) -{ - if (ioKey.blobType() == CSSM_KEYBLOB_REFERENCE) - { - // @@@ Note that this means that detaching a session should free - // all keys ascociated with it or else... - // -- or else what? - // exactly! - - // @@@ There are thread safety issues when deleting a key that is - // in use by another thread, but the answer to that is: Don't do - // that! - - // Find the key in the map. Tell tell the key to free itself - // (when the auto_ptr deletes the key it removes itself from the map). - secdebug("freeKey", "CSPDL FreeKey"); - auto_ptr ssKey(&mSSCSPDLSession.find(ioKey)); - ssKey->free(accessCred, ioKey, deleteKey); - } - else - { - CSPFullPluginSession::FreeKey(accessCred, ioKey, deleteKey); - } -} - - -// -// Generation stuff. -// -void -SSCSPSession::GenerateRandom(CSSM_CC_HANDLE ccHandle, - const Context &context, - CssmData &randomNumber) -{ - checkOperation(context.type(), CSSM_ALGCLASS_RANDOMGEN); - // if (context.algorithm() != @@@) CssmError::throwMe(ALGORITHM_NOT_SUPPORTED); - uint32 needed = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE); - - // @@@ What about the seed? - if (randomNumber.length()) - { - if (randomNumber.length() < needed) - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - randomNumber.Length = needed; - clientSession().generateRandom(randomNumber); - } - else - { - randomNumber.Data = alloc(needed); - try - { - randomNumber.Length = needed; - clientSession().generateRandom(randomNumber); - } - catch(...) - { - free(randomNumber.Data); - randomNumber.Data = NULL; - throw; - } - } -} - -// -// Login/Logout and token operational maintainance. These mean little -// without support by the actual implementation, but we can help... -// @@@ Should this be in CSP[non-Full]PluginSession? -// -void -SSCSPSession::Login(const AccessCredentials &AccessCred, - const CssmData *LoginName, - const void *Reserved) -{ - // @@@ Do a login to the securityServer making keys persistant until it - // goes away - unimplemented(); -} - -void -SSCSPSession::Logout() -{ - unimplemented(); -} - -void -SSCSPSession::VerifyDevice(const CssmData &DeviceCert) -{ - CssmError::throwMe(CSSMERR_CSP_DEVICE_VERIFY_FAILED); -} - -void -SSCSPSession::GetOperationalStatistics(CSPOperationalStatistics &statistics) -{ - unimplemented(); -} - - -// -// Utterly miscellaneous, rarely used, strange functions -// -void -SSCSPSession::RetrieveCounter(CssmData &Counter) -{ - unimplemented(); -} - -void -SSCSPSession::RetrieveUniqueId(CssmData &UniqueID) -{ - unimplemented(); -} - -void -SSCSPSession::GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData) -{ - unimplemented(); -} - - -// -// ACL retrieval and change operations -// -void -SSCSPSession::GetKeyOwner(const CssmKey &Key, - CSSM_ACL_OWNER_PROTOTYPE &Owner) -{ - lookupKey(Key).getOwner(Owner, *this); -} - -void -SSCSPSession::ChangeKeyOwner(const AccessCredentials &AccessCred, - const CssmKey &Key, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner) -{ - lookupKey(Key).changeOwner(AccessCred, - AclOwnerPrototype::overlay(NewOwner)); -} - -void -SSCSPSession::GetKeyAcl(const CssmKey &Key, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos) -{ - lookupKey(Key).getAcl(reinterpret_cast(SelectionTag), - NumberOfAclInfos, - reinterpret_cast(AclInfos), *this); -} - -void -SSCSPSession::ChangeKeyAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit, - const CssmKey &Key) -{ - lookupKey(Key).changeAcl(AccessCred, AclEdit::overlay(AclEdit)); -} - -void -SSCSPSession::GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner) -{ - unimplemented(); -} - -void -SSCSPSession::ChangeLoginOwner(const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner) -{ - unimplemented(); -} - -void -SSCSPSession::GetLoginAcl(const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos) -{ - unimplemented(); -} - -void -SSCSPSession::ChangeLoginAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit) -{ - unimplemented(); -} - - - -// -// Passthroughs -// -void -SSCSPSession::PassThrough(CSSM_CC_HANDLE CCHandle, - const Context &context, - uint32 passThroughId, - const void *inData, - void **outData) -{ - checkOperation(context.type(), CSSM_ALGCLASS_NONE); - switch (passThroughId) { - case CSSM_APPLESCPDL_CSP_GET_KEYHANDLE: - { - // inData unused, must be NULL - if (inData) - CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER); - - // outData required, must be pointer-to-pointer-to-KeyHandle - KeyHandle &result = Required(reinterpret_cast(outData)); - - // we'll take the key from the context - const CssmKey &key = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - - // all ready - result = lookupKey(key).keyHandle(); - break; - } - case CSSM_APPLECSP_KEYDIGEST: - { - // inData unused, must be NULL - if (inData) - CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER); - - // outData required - Required(outData); - - // take the key from the context, convert to KeyHandle - const CssmKey &key = - context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - KeyHandle keyHandle = lookupKey(key).keyHandle(); - - // allocate digest holder on app's behalf - CSSM_DATA *digest = alloc(sizeof(CSSM_DATA)); - digest->Data = NULL; - digest->Length = 0; - - // go - try { - clientSession().getKeyDigest(keyHandle, CssmData::overlay(*digest)); - } - catch(...) { - free(digest); - throw; - } - *outData = digest; - break; - } - - default: - CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID); - } -} - -/* Validate requested key attr flags for newly generated keys */ -void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr) -{ - if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) { - /* CSPDL only supports reference keys */ - CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK); - } - if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE | - CSSM_KEYATTR_NEVER_EXTRACTABLE)) { - /* invalid for any CSP */ - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - /* There may be more, but we'll leave it to SS and CSP to decide */ -} diff --git a/AppleCSPDL/SSCSPSession.h b/AppleCSPDL/SSCSPSession.h deleted file mode 100644 index 3fce1919..00000000 --- a/AppleCSPDL/SSCSPSession.h +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSDLSession.h - CSP session for security server CSP/DL. -// -#ifndef _H_SSCSPSESSION -#define _H_SSCSPSESSION - -#include "SSCSPDLSession.h" - -#include - - -class CSPDLPlugin; -class SSFactory; -class SSDatabase; -class SSKey; - -class SSCSPSession : public CSPFullPluginSession -{ -public: - SSCSPDLSession &mSSCSPDLSession; - SSFactory &mSSFactory; - CssmClient::CSP &mRawCsp; - - SSCSPSession(CSSM_MODULE_HANDLE handle, - CSPDLPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - SSCSPDLSession &ssCSPDLSession, - CssmClient::CSP &rawCsp); - - SecurityServer::ClientSession &clientSession() - { return mClientSession; } - - CSPContext *contextCreate(CSSM_CC_HANDLE handle, const Context &context); -#if 0 - void contextUpdate(CSSM_CC_HANDLE handle, const Context &context, - PluginContext *ctx); - void contextDelete(CSSM_CC_HANDLE handle, const Context &context, - PluginContext *ctx); -#endif - - void setupContext(CSPContext * &ctx, const Context &context, - bool encoding); - - SSDatabase getDatabase(CSSM_DL_DB_HANDLE *aDLDbHandle); - SSDatabase getDatabase(const Context &context); - - void makeReferenceKey(SecurityServer::KeyHandle inKeyHandle, - CssmKey &outKey, SSDatabase &inSSDatabase, - uint32 inKeyAttr, const CssmData *inKeyLabel); - SSKey &lookupKey(const CssmKey &inKey); - - void WrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const AccessCredentials &AccessCred, - const CssmKey &Key, - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege); - void UnwrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey *PublicKey, - const CssmKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege); - void DeriveKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CssmData &Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &DerivedKey); - void GenerateKey(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 keyUsage, - uint32 keyAttr, - const CssmData *keyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &key, - CSSM_PRIVILEGE privilege); - void GenerateKeyPair(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 publicKeyUsage, - uint32 publicKeyAttr, - const CssmData *publicKeyLabel, - CssmKey &publicKey, - uint32 privateKeyUsage, - uint32 privateKeyAttr, - const CssmData *privateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &privateKey, - CSSM_PRIVILEGE privilege); - void ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey, - CssmKey &PrivateKey); - void QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey &Key, - CSSM_KEY_SIZE &KeySize); - void FreeKey(const AccessCredentials *AccessCred, - CssmKey &key, CSSM_BOOL Delete); - void GenerateRandom(CSSM_CC_HANDLE ccHandle, - const Context &context, - CssmData &randomNumber); - void Login(const AccessCredentials &AccessCred, - const CssmData *LoginName, - const void *Reserved); - void Logout(); - void VerifyDevice(const CssmData &DeviceCert); - void GetOperationalStatistics(CSPOperationalStatistics &statistics); - void RetrieveCounter(CssmData &Counter); - void RetrieveUniqueId(CssmData &UniqueID); - void GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData); - void GetKeyOwner(const CssmKey &Key, - CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeKeyOwner(const AccessCredentials &AccessCred, - const CssmKey &Key, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetKeyAcl(const CssmKey &Key, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeKeyAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit, - const CssmKey &Key); - void GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeLoginOwner(const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetLoginAcl(const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeLoginAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit); - void PassThrough(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PassThroughId, - const void *InData, - void **OutData); -private: - /* Validate requested key attr flags for newly generated keys */ - void validateKeyAttr(uint32 reqKeyAttr); - - SecurityServer::ClientSession mClientSession; -}; - - -#endif // _H_SSCSPSESSION diff --git a/AppleCSPDL/SSContext.cpp b/AppleCSPDL/SSContext.cpp deleted file mode 100644 index 25495bbd..00000000 --- a/AppleCSPDL/SSContext.cpp +++ /dev/null @@ -1,582 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSContext - cryptographic contexts for the security server -// -#include "SSContext.h" - -#include "SSCSPSession.h" -#include "SSKey.h" -#include - -#define ssCryptDebug(args...) secdebug("ssCrypt", ## args) - -using namespace SecurityServer; - -// -// SSContext -// -SSContext::SSContext(SSCSPSession &session) -: mSession(session), mContext(NULL) -{ -} - -void SSContext::clearOutBuf() -{ - if(mOutBuf.Data) { - mSession.free(mOutBuf.Data); - mOutBuf.clear(); - } -} - -void SSContext::copyOutBuf(CssmData &out) -{ - if(out.length() < mOutBuf.length()) { - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } - memmove(out.Data, mOutBuf.Data, mOutBuf.Length); - out.Length = mOutBuf.Length; - clearOutBuf(); -} - -void -SSContext::init(const Context &context, - bool /* encoding */) // @@@ should be removed from API since it's already in mDirection -{ - mContext = &context; - clearOutBuf(); -} - -SecurityServer::ClientSession & -SSContext::clientSession() -{ - return mSession.clientSession(); -} - - -// -// SSRandomContext -- Context for GenerateRandom operations -// -SSRandomContext::SSRandomContext(SSCSPSession &session) : SSContext(session) {} - -void -SSRandomContext::init(const Context &context, bool encoding) -{ - SSContext::init(context, encoding); - - // set/freeze output size - mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE); - -#if 0 - // seed the PRNG (if specified) - if (const CssmCryptoData *seed = context.get(CSSM_ATTRIBUTE_SEED)) { - const CssmData &seedValue = (*seed)(); - clientSession().seedRandom(seedValue); - } -#endif -} - -size_t -SSRandomContext::outputSize(bool final, size_t inSize) -{ - return mOutSize; -} - -void -SSRandomContext::final(CssmData &out) -{ - clientSession().generateRandom(out); -} - - -// signature contexts -SSSignatureContext::SSSignatureContext(SSCSPSession &session) - : SSContext(session), - mKeyHandle(noKey), - mNullDigest(NULL), - mDigest(NULL) -{ - /* nothing else for now */ -} - -SSSignatureContext::~SSSignatureContext() -{ - delete mNullDigest; - delete mDigest; -} - -void SSSignatureContext::init(const Context &context, bool signing) -{ - SSContext::init(context, signing); - - /* reusable: skip everything except resetting digest state */ - if((mNullDigest != NULL) || (mDigest != NULL)) { - if(mNullDigest != NULL) { - mNullDigest->digestInit(); - } - return; - } - - /* snag key from context */ - const CssmKey &keyInContext = - context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); - - /* get digest alg and sig alg from Context.algorithm */ - switch(context.algorithm()) { - /*** DSA ***/ - case CSSM_ALGID_SHA1WithDSA: - mDigestAlg = CSSM_ALGID_SHA1; - mSigAlg = CSSM_ALGID_DSA; - break; - case CSSM_ALGID_DSA: // Raw - mDigestAlg = CSSM_ALGID_NONE; - mSigAlg = CSSM_ALGID_DSA; - break; - /*** RSA ***/ - case CSSM_ALGID_SHA1WithRSA: - mDigestAlg = CSSM_ALGID_SHA1; - mSigAlg = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_MD5WithRSA: - mDigestAlg = CSSM_ALGID_MD5; - mSigAlg = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_MD2WithRSA: - mDigestAlg = CSSM_ALGID_MD2; - mSigAlg = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_RSA: // Raw - mDigestAlg = CSSM_ALGID_NONE; - mSigAlg = CSSM_ALGID_RSA; - break; - /*** FEE ***/ - case CSSM_ALGID_FEE_SHA1: - mDigestAlg = CSSM_ALGID_SHA1; - mSigAlg = CSSM_ALGID_FEE; - break; - case CSSM_ALGID_FEE_MD5: - mDigestAlg = CSSM_ALGID_MD5; - mSigAlg = CSSM_ALGID_FEE; - break; - case CSSM_ALGID_FEE: // Raw - mDigestAlg = CSSM_ALGID_NONE; - mSigAlg = CSSM_ALGID_FEE; - break; - /*** ECDSA ***/ - case CSSM_ALGID_SHA1WithECDSA: - mDigestAlg = CSSM_ALGID_SHA1; - mSigAlg = CSSM_ALGID_ECDSA; - break; - case CSSM_ALGID_ECDSA: // Raw - mDigestAlg = CSSM_ALGID_NONE; - mSigAlg = CSSM_ALGID_ECDSA; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - - /* set up mNullDigest or mDigest */ - if(mDigestAlg == CSSM_ALGID_NONE) { - mNullDigest = new NullDigest(); - } - else { - mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg); - } -} - -/* - * for raw sign/verify - optionally called after init. - * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up - * a NullDigest. We now overwrite mDigestAlg, and we'll useÊthis - * new value when we do the actual sign/vfy. - */ -void SSSignatureContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg) -{ - mDigestAlg = digestAlg; -} - -void SSSignatureContext::update(const CssmData &data) -{ - /* Note that for this context, we really can not deal with an out-of-sequence - * update --> final(true, 0) --> update since we lose the pending digest state - * when we perform the implied final() during outputSize(true, 0). */ - assert(mOutBuf.Data == NULL); - - /* add incoming data to digest or accumulator */ - if(mNullDigest) { - mNullDigest->digestUpdate(data.data(), data.length()); - } - else { - mDigest->digest(data); - } -} - -size_t SSSignatureContext::outputSize(bool final, size_t inSize) -{ - if(!final) { - ssCryptDebug("===sig outputSize !final\n"); - return 0; - } - if(!encoding()) { - ssCryptDebug("===sig outputSize final, !encoding\n"); - /* don't see why this is even called... */ - return 0; - } - if(inSize == 0) { - /* - * This is the implied signal to go for it. Note that in this case, - * we can not go back and re-do the op in case of an unexpected - * sequence of update/outputSize(final, 0)/final - we lose the digest - * state. Perhaps we should save the digest...? But still it would - * be impossible to do another update. - */ - clearOutBuf(); - sign(mOutBuf); - ssCryptDebug("===sig outputSize(pre-op) %u", (unsigned)mOutBuf.Length); - return (size_t)mOutBuf.Length; - } - else { - /* out-of-band case, ask CSP via SS */ - uint32 outSize = clientSession().getOutputSize(*mContext, - mKeyHandle, - /* FIXME - what to use for inSize here - we don't want to - * interrogate mDigest, as that would result in another RPC... - * and signature size is not related to input size...right? */ - inSize, - true); - ssCryptDebug("===sig outputSize(RPC) %u", (unsigned)outSize); - return (size_t)outSize; - } -} - -/* sign */ - -/* first the common routine shared by final and outputSize */ -void SSSignatureContext::sign(CssmData &sig) -{ - /* we have to pass down a modified Context, thus.... */ - Context tempContext = *mContext; - tempContext.AlgorithmType = mSigAlg; - - if(mNullDigest) { - CssmData dData(const_cast(mNullDigest->digestPtr()), - mNullDigest->digestSizeInBytes()); - clientSession().generateSignature(tempContext, - mKeyHandle, - dData, - sig, - mDigestAlg); - } - else { - CssmAutoData d (mDigest->allocator ()); - d.set((*mDigest) ()); - - clientSession().generateSignature(tempContext, - mKeyHandle, - d, - sig, - mDigestAlg); - } -} - -/* this is the one called by CSPFullPluginSession */ -void SSSignatureContext::final(CssmData &sig) -{ - if(mOutBuf.Data) { - /* normal final case in which the actual RPC via SS was done in the - * previous outputSize() call. */ - ssCryptDebug("===final via pre-op and copy"); - copyOutBuf(sig); - return; - } - - ssCryptDebug("===final via RPC"); - sign(sig); -} - -/* verify */ -void -SSSignatureContext::final(const CssmData &sig) -{ - /* we have to pass down a modified Context, thus.... */ - Context tempContext = *mContext; - tempContext.AlgorithmType = mSigAlg; - - if(mNullDigest) { - CssmData dData(const_cast(mNullDigest->digestPtr()), - mNullDigest->digestSizeInBytes()); - clientSession().verifySignature(tempContext, - mKeyHandle, - dData, - sig, - mDigestAlg); - } - else { - clientSession().verifySignature(tempContext, - mKeyHandle, - (*mDigest)(), - sig, - mDigestAlg); - } -} - - -// -// SSCryptContext -- Context for Encrypt and Decrypt operations -// -SSCryptContext::SSCryptContext(SSCSPSession &session) - : SSContext(session), mKeyHandle(noKey) -{ - /* nothing for now */ -} - - -SSCryptContext::~SSCryptContext() -{ - /* nothing for now */ -} - -void -SSCryptContext::init(const Context &context, bool encoding) -{ - ssCryptDebug("===init"); - SSContext::init(context, encoding); - - /* reusable; reset accumulator */ - mNullDigest.digestInit(); - - const CssmKey &keyInContext = - context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); -} - -size_t -SSCryptContext::inputSize(size_t outSize) -{ - ssCryptDebug("===inputSize outSize=%u", (unsigned)outSize); - return UINT_MAX; -} - -size_t -SSCryptContext::outputSize(bool final, size_t inSize) -{ - ssCryptDebug("===outputSize final %d inSize=%u", final, (unsigned)inSize); - if(!final) { - /* we buffer until final; no intermediate output */ - return 0; - } - size_t inBufSize = mNullDigest.digestSizeInBytes(); - if(inSize == 0) { - /* This is the implied signal to go for it */ - clearOutBuf(); - if(inBufSize == 0) { - return 0; - } - const CssmData in(const_cast(mNullDigest.digestPtr()), inBufSize); - if (encoding()) { - clientSession().encrypt(*mContext, mKeyHandle, in, mOutBuf); - } - else { - clientSession().decrypt(*mContext, mKeyHandle, in, mOutBuf); - } - /* leave the accumulator as is in case of unexpected sequence */ - ssCryptDebug(" ===outSize(pre-op) %u", (unsigned)mOutBuf.Length); - return mOutBuf.Length; - } - else { - /* out-of-band case, ask CSP via SS */ - uint32 outSize = clientSession().getOutputSize(*mContext, - mKeyHandle, - inBufSize + inSize, - encoding()); - ssCryptDebug(" ===outSize(RPC) %u", (unsigned)outSize); - return (size_t)outSize; - } -} - -void -SSCryptContext::minimumProgress(size_t &in, size_t &out) -{ - in = 1; - out = 0; -} - -void -SSCryptContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize) -{ - ssCryptDebug("===update inSize=%u", (unsigned)inSize); - /* add incoming data to accumulator */ - mNullDigest.digestUpdate(inp, inSize); - outSize = 0; - clearOutBuf(); -} - -void -SSCryptContext::final(CssmData &out) -{ - if(mOutBuf.Data != NULL) { - /* normal final case in which the actual RPC via SS was done in the - * previous outputSize() call. A memcpy is needed here because - * CSPFullPluginSession has just allocated the buf size we need. */ - ssCryptDebug("===final via pre-op and copy"); - copyOutBuf(out); - return; - } - - /* when is this path taken...? */ - ssCryptDebug("===final via RPC"); - size_t inSize = mNullDigest.digestSizeInBytes(); - if(!inSize) return; - - const CssmData in(const_cast(mNullDigest.digestPtr()), inSize); - IFDEBUG(unsigned origOutSize = out.length()); - if (encoding()) { - clientSession().encrypt(*mContext, mKeyHandle, in, out); - } - else { - clientSession().decrypt(*mContext, mKeyHandle, in, out); - } - assert(out.length() <= origOutSize); - mNullDigest.digestInit(); -} - -// Digest, using raw CSP -SSDigestContext::SSDigestContext(SSCSPSession &session) - : SSContext(session), mDigest(NULL) -{ - -} - -SSDigestContext::~SSDigestContext() -{ - delete mDigest; -} - -void SSDigestContext::init(const Context &context, bool encoding) -{ - CSSM_ALGORITHMS alg; - - SSContext::init(context, encoding); - alg = context.algorithm(); - mDigest = new CssmClient::Digest(mSession.mRawCsp, alg); -} - -void SSDigestContext::update(const CssmData &data) -{ - mDigest->digest(data); -} - -void SSDigestContext::final(CssmData &out) -{ - (*mDigest)(out); -} - -size_t SSDigestContext::outputSize(bool final, size_t inSize) -{ - if(!final) { - return 0; - } - else { - return (size_t)mDigest->getOutputSize(inSize); - } -} - -// MACContext - common class for MAC generate, verify -SSMACContext::SSMACContext(SSCSPSession &session) - : SSContext(session), mKeyHandle(noKey) -{ - -} - -void SSMACContext::init(const Context &context, bool encoding) -{ - SSContext::init(context, encoding); - - /* reusable; reset accumulator */ - mNullDigest.digestInit(); - - /* snag key from context */ - const CssmKey &keyInContext = - context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); -} - -void SSMACContext::update(const CssmData &data) -{ - /* add incoming data to accumulator */ - mNullDigest.digestUpdate(data.data(), data.length()); -} - -size_t SSMACContext::outputSize(bool final, size_t inSize) -{ - if(!final) { - ssCryptDebug("===mac outputSize !final\n"); - return 0; - } - if(!encoding()) { - ssCryptDebug("===mac outputSize final, !encoding\n"); - /* don't see why this is even called... */ - return 0; - } - if(inSize == 0) { - /* - * This is the implied signal to go for it. - */ - clearOutBuf(); - genMac(mOutBuf); - ssCryptDebug("===mac outputSize(pre-op) %u", (unsigned)mOutBuf.Length); - return (size_t)mOutBuf.Length; - } - else { - /* out-of-band case, ask CSP via SS */ - uint32 outSize = clientSession().getOutputSize(*mContext, - mKeyHandle, - inSize + mNullDigest.digestSizeInBytes(), - true); - ssCryptDebug("===mac outputSize(RPC) %u", (unsigned)outSize); - return (size_t)outSize; - } -} - -/* generate */ - -/* first the common routine used by final() and outputSize() */ -void SSMACContext::genMac(CssmData &mac) -{ - CssmData allData(const_cast(mNullDigest.digestPtr()), - mNullDigest.digestSizeInBytes()); - clientSession().generateMac(*mContext, mKeyHandle, allData, mac); -} - -void SSMACContext::final(CssmData &mac) -{ - genMac(mac); -} - -/* verify */ -void SSMACContext::final(const CssmData &mac) -{ - CssmData allData(const_cast(mNullDigest.digestPtr()), - mNullDigest.digestSizeInBytes()); - clientSession().verifyMac(*mContext, mKeyHandle, allData, mac); -} diff --git a/AppleCSPDL/SSContext.h b/AppleCSPDL/SSContext.h deleted file mode 100644 index e403858d..00000000 --- a/AppleCSPDL/SSContext.h +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSContext.h - Security Server contexts -// -#ifndef _H_SS_CONTEXT -#define _H_SS_CONTEXT - -#include -#include -#include -#include - -// -// Parent class for all CSPContexts implemented in this CSP. Currently the -// only thing we add is a reference to our creator's session. -// -class SSCSPSession; -class SSKey; - -class SSContext : public CSPFullPluginSession::CSPContext -{ -public: - SSContext(SSCSPSession &session); - ~SSContext() { clearOutBuf(); } - virtual void init(const Context &context, bool encoding); - -protected: - SecurityServer::ClientSession &clientSession(); - SSCSPSession &mSession; - - // mOutBuf provides a holding tank for implied final() operations - // resulting from an outputSize(true, 0). This form of outputSize() - // is understood to only occur just prior to the final() call. To avoid - // an extra RPC (just to perform the outputSize(), most subclasses of - // SSContext actually perform the final() operation at this time, - // storing the result in mOutBuf. At final(), mOutBuf() is just copied - // to the caller's supplied output buffer. - CssmData mOutBuf; - - // We remember a pointer to the passed in context and assume it will - // remain a valid from init(), update() all the way though the call to - // final(). - const Context *mContext; - - void clearOutBuf(); - void copyOutBuf(CssmData &out); -}; - -// context for signature (sign and verify) -class SSSignatureContext : public SSContext -{ -public: - SSSignatureContext(SSCSPSession &session); - ~SSSignatureContext(); - virtual void init(const Context &context, bool signing); - virtual void update(const CssmData &data); - virtual size_t outputSize(bool final, size_t inSize); - - /* sign */ - void sign(CssmData &sig); - virtual void final(CssmData &out); - - /* verify */ - virtual void final(const CssmData &in); - - /* for raw sign/verify - optionally called after init */ - virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg); - -private: - /* stash the context's key for final sign/verify */ - SecurityServer::KeyHandle mKeyHandle; - - /* alg-dependent, calculated at init time */ - CSSM_ALGORITHMS mSigAlg; // raw signature alg - CSSM_ALGORITHMS mDigestAlg; // digest - CSSM_ALGORITHMS mOrigAlg; // caller's context alg - - /* exactly one of these is used to collect updates */ - NullDigest *mNullDigest; - CssmClient::Digest *mDigest; -}; - -// Context for GenerateRandom operations -class SSRandomContext : public SSContext -{ -public: - SSRandomContext(SSCSPSession &session); - virtual void init(const Context &context, bool); - virtual size_t outputSize(bool final, size_t inSize); - virtual void final(CssmData &out); - -private: - uint32 mOutSize; // spec'd in context at init() time -}; - -// Context for Encrypt and Decrypt operations -class SSCryptContext : public SSContext -{ -public: - SSCryptContext(SSCSPSession &session); - ~SSCryptContext(); - virtual void init(const Context &context, bool encoding); - virtual size_t inputSize(size_t outSize); - virtual size_t outputSize(bool final, size_t inSize); - virtual void minimumProgress(size_t &in, size_t &out); - virtual void update(void *inp, size_t &inSize, void *outp, - size_t &outSize); - virtual void final(CssmData &out); - -private: - SecurityServer::KeyHandle mKeyHandle; - NullDigest mNullDigest; // accumulator -}; - -// Digest, using raw CSP -class SSDigestContext : public SSContext -{ -public: - SSDigestContext(SSCSPSession &session); - ~SSDigestContext(); - virtual void init(const Context &context, bool); - virtual void update(const CssmData &data); - virtual void final(CssmData &out); - virtual size_t outputSize(bool final, size_t inSize); - -private: - CssmClient::Digest *mDigest; -}; - -// common class for MAC generate, verify -class SSMACContext : public SSContext -{ -public: - SSMACContext(SSCSPSession &session); - virtual void init(const Context &context, bool); - virtual void update(const CssmData &data); - virtual size_t outputSize(bool final, size_t inSize); - - /* sign */ - void genMac(CssmData &mac); - virtual void final(CssmData &out); - /* verify */ - virtual void final(const CssmData &in); - -private: - SecurityServer::KeyHandle mKeyHandle; - NullDigest mNullDigest; // accumulator -}; - - -#endif // _H_SS_CONTEXT diff --git a/AppleCSPDL/SSDLSession.cpp b/AppleCSPDL/SSDLSession.cpp deleted file mode 100644 index b6839739..00000000 --- a/AppleCSPDL/SSDLSession.cpp +++ /dev/null @@ -1,662 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSDLSession.h - DL session for security server CSP/DL. -// -#include "SSDLSession.h" - -#include "CSPDLPlugin.h" -#include "SSKey.h" - -using namespace CssmClient; -using namespace SecurityServer; -using namespace std; - -// -// SSDLSession -- Security Server DL session -// -SSDLSession::SSDLSession(CSSM_MODULE_HANDLE handle, - CSPDLPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - DatabaseManager &databaseManager, - SSCSPDLSession &ssCSPDLSession) -: DLPluginSession(handle, plug, version, subserviceId, subserviceType, - attachFlags, upcalls, databaseManager), - mSSCSPDLSession(ssCSPDLSession), - mDL(Module(gGuidAppleFileDL, Cssm::standard())), - mClientSession(CssmAllocator::standard(), static_cast(*this)) -{ - mClientSession.registerForAclEdits(SSCSPDLSession::didChangeKeyAclCallback, &mSSCSPDLSession); - // @@@ mDL.allocator(*static_cast(this)); - mDL->allocator(allocator()); - mDL->version(version); - mDL->subserviceId(subserviceId); - mDL->flags(attachFlags); -} - -SSDLSession::~SSDLSession() -{ - // @@@ What about a catch? - StLock _1(mSSUniqueRecordLock); - mSSUniqueRecordMap.clear(); - - StLock _2(mDbHandleLock); - DbHandleMap::iterator end = mDbHandleMap.end(); - for (DbHandleMap::iterator it = mDbHandleMap.begin(); it != end; ++it) - it->second->close(); - - mDbHandleMap.clear(); - mDL->detach(); -} - -// Utility functions -void -SSDLSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList) -{ - // @@@ Fix client lib - CSSM_DL_GetDbNames(mDL->handle(), &outNameList); -} - - -void -SSDLSession::FreeNameList(CSSM_NAME_LIST &inNameList) -{ - // @@@ Fix client lib - CSSM_DL_FreeNameList(mDL->handle(), &inNameList); -} - - -void -SSDLSession::DbDelete(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - const AccessCredentials *inAccessCred) -{ - SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); - db->accessCredentials(inAccessCred); - db->deleteDb(); -} - -// DbContext creation and destruction. -void -SSDLSession::DbCreate(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters, - CSSM_DB_HANDLE &outDbHandle) -{ - SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); - db->dbInfo(&inDBInfo); - db->accessRequest(inAccessRequest); - db->resourceControlContext(inCredAndAclEntry); - db->openParameters(inOpenParameters); - db->create(DLDbIdentifier(CssmSubserviceUid(plugin.myGuid(), &version(), subserviceId(), - CSSM_SERVICE_DL | CSSM_SERVICE_CSP), - inDbName, inDbLocation)); - db->dbInfo(NULL); - outDbHandle = makeDbHandle(db); -} - -void -SSDLSession::DbOpen(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters, - CSSM_DB_HANDLE &outDbHandle) -{ - SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); - db->accessRequest(inAccessRequest); - db->accessCredentials(inAccessCred); - db->openParameters(inOpenParameters); - db->open(DLDbIdentifier(CssmSubserviceUid(plugin.myGuid(), &version(), subserviceId(), - CSSM_SERVICE_DL | CSSM_SERVICE_CSP), - inDbName, inDbLocation)); - outDbHandle = makeDbHandle(db); -} - -// Operations using DbContext instances. -void -SSDLSession::DbClose(CSSM_DB_HANDLE inDbHandle) -{ - killDbHandle(inDbHandle)->close(); -} - -void -SSDLSession::CreateRelation(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &inIndexInfo) -{ - SSDatabase db = findDbHandle(inDbHandle); - // @@@ Fix inAttributeInfo and inIndexInfo arguments (might be NULL if NumberOf = 0) - db->createRelation(inRelationID, inRelationName, - inNumberOfAttributes, &inAttributeInfo, - inNumberOfIndexes, &inIndexInfo); -} - -void -SSDLSession::DestroyRelation(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRelationID) -{ - // @@@ Check credentials. - SSDatabase db = findDbHandle(inDbHandle); - db->destroyRelation(inRelationID); -} - -void -SSDLSession::Authenticate(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials &inAccessCred) -{ - SSDatabase db = findDbHandle(inDbHandle); - db->authenticate(inAccessRequest, &inAccessCred); -} - - -void -SSDLSession::GetDbAcl(CSSM_DB_HANDLE inDbHandle, - const CSSM_STRING *inSelectionTag, - uint32 &outNumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &outAclInfos) -{ - SSDatabase db = findDbHandle(inDbHandle); - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -SSDLSession::ChangeDbAcl(CSSM_DB_HANDLE inDbHandle, - const AccessCredentials &inAccessCred, - const CSSM_ACL_EDIT &inAclEdit) -{ - SSDatabase db = findDbHandle(inDbHandle); - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -SSDLSession::GetDbOwner(CSSM_DB_HANDLE inDbHandle, - CSSM_ACL_OWNER_PROTOTYPE &outOwner) -{ - SSDatabase db = findDbHandle(inDbHandle); - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -SSDLSession::ChangeDbOwner(CSSM_DB_HANDLE inDbHandle, - const AccessCredentials &inAccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &inNewOwner) -{ - SSDatabase db = findDbHandle(inDbHandle); - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -SSDLSession::GetDbNameFromHandle(CSSM_DB_HANDLE inDbHandle, - char **outDbName) -{ - SSDatabase db = findDbHandle(inDbHandle); - // @@@ Fix this functions signature. - db->name(*outDbName); -} - -void -SSDLSession::DataInsert(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueId) -{ - SSDatabase db = findDbHandle(inDbHandle); - // @@@ Fix client lib. - SSUniqueRecord uniqueId = db->insert(inRecordType, inAttributes, inData, true); // @@@ Fix me - outUniqueId = makeSSUniqueRecord(uniqueId); - // @@@ If this is a key do the right thing. -} - -void -SSDLSession::DataDelete(CSSM_DB_HANDLE inDbHandle, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier) -{ - SSDatabase db = findDbHandle(inDbHandle); - SSUniqueRecord uniqueId = findSSUniqueRecord(inUniqueRecordIdentifier); - uniqueId->deleteRecord(); - // @@@ If this is a key do the right thing. -} - - -void -SSDLSession::DataModify(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRecordType, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributesToBeModified, - const CssmData *inDataToBeModified, - CSSM_DB_MODIFY_MODE inModifyMode) -{ - SSDatabase db = findDbHandle(inDbHandle); - SSUniqueRecord uniqueId = findSSUniqueRecord(inoutUniqueRecordIdentifier); - uniqueId->modify(inRecordType, inAttributesToBeModified, inDataToBeModified, inModifyMode); - // @@@ If this is a key do the right thing. -} - -CSSM_HANDLE -SSDLSession::DataGetFirst(CSSM_DB_HANDLE inDbHandle, - const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) -{ - SSDatabase db = findDbHandle(inDbHandle); - CSSM_HANDLE resultsHandle = CSSM_INVALID_HANDLE; - SSUniqueRecord uniqueId(db); - - // Setup so we always retrive the attributes even if the client - // doesn't want them so we can figure out if we just retrived a key. - CSSM_DB_RECORD_ATTRIBUTE_DATA attributes; - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR pAttributes; - if (inoutAttributes) - pAttributes = inoutAttributes; - else - { - pAttributes = &attributes; - memset(pAttributes, 0, sizeof(attributes)); - } - - // Retrive the record. - CSSM_RETURN result = CSSM_DL_DataGetFirst(db->handle(), inQuery, &resultsHandle, - pAttributes, inoutData, uniqueId); - if (result) - { - if (result == CSSMERR_DL_ENDOFDATA) - return CSSM_INVALID_HANDLE; - - CssmError::throwMe(result); - } - - uniqueId->activate(); - - // If we the client didn't ask for data then it doesn't matter - // if this record is a key or not, just return it. - if (inoutData) - { - if (pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PUBLIC_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PRIVATE_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - { - // This record is a key, do the right thing (tm). - // Allocate storage for the key. - CssmKey *outKey = allocator().alloc(); - new SSKey(*this, *outKey, db, uniqueId, pAttributes->DataRecordType, *inoutData); - - // Free the data we retrived (keyblob) - allocator().free(inoutData->Data); - - // Set the length and data on the data we return to the client - inoutData->Length = sizeof(*outKey); - inoutData->Data = reinterpret_cast(outKey); - } - } - - outUniqueRecord = makeSSUniqueRecord(uniqueId); - return resultsHandle; -} - -bool -SSDLSession::DataGetNext(CSSM_DB_HANDLE inDbHandle, - CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) -{ - // @@@ If this is a key do the right thing. - SSDatabase db = findDbHandle(inDbHandle); - SSUniqueRecord uniqueId(db); - - // Setup so we always retrive the attributes even if the client - // doesn't want them so we can figure out if we just retrived a key. - CSSM_DB_RECORD_ATTRIBUTE_DATA attributes; - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR pAttributes; - if (inoutAttributes) - pAttributes = inoutAttributes; - else - { - pAttributes = &attributes; - memset(pAttributes, 0, sizeof(attributes)); - } - - CSSM_RETURN result = CSSM_DL_DataGetNext(db->handle(), inResultsHandle, - inoutAttributes, inoutData, uniqueId); - if (result) - { - if (result == CSSMERR_DL_ENDOFDATA) - return false; - - CssmError::throwMe(result); - } - - uniqueId->activate(); - - // If we the client didn't ask for data then it doesn't matter - // if this record is a key or not, just return it. - if (inoutData) - { - if (pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PUBLIC_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PRIVATE_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - { - // This record is a key, do the right thing (tm). - // Allocate storage for the key. - CssmKey *outKey = allocator().alloc(); - new SSKey(*this, *outKey, db, uniqueId, pAttributes->DataRecordType, *inoutData); - - // Free the data we retrived (keyblob) - allocator().free(inoutData->Data); - - // Set the length and data on the data we return to the client - inoutData->Length = sizeof(*outKey); - inoutData->Data = reinterpret_cast(outKey); - } - } - - outUniqueRecord = makeSSUniqueRecord(uniqueId); - - return true; -} - -void -SSDLSession::DataAbortQuery(CSSM_DB_HANDLE inDbHandle, - CSSM_HANDLE inResultsHandle) -{ - // @@@ If this is a key do the right thing. - SSDatabase db = findDbHandle(inDbHandle); - CSSM_RETURN result = CSSM_DL_DataAbortQuery(db->handle(), inResultsHandle); - if (result) - CssmError::throwMe(result); -} - -void -SSDLSession::DataGetFromUniqueRecordId(CSSM_DB_HANDLE inDbHandle, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData) -{ - SSDatabase db = findDbHandle(inDbHandle); - const SSUniqueRecord uniqueId = findSSUniqueRecord(inUniqueRecord); - - // Setup so we always retrive the attributes even if the client - // doesn't want them so we can figure out if we just retrived a key. - CSSM_DB_RECORD_ATTRIBUTE_DATA attributes; - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR pAttributes; - if (inoutAttributes) - pAttributes = inoutAttributes; - else - { - pAttributes = &attributes; - memset(pAttributes, 0, sizeof(attributes)); - } - - CSSM_RETURN result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(), - uniqueId, pAttributes, inoutData); - if (result) - CssmError::throwMe(result); - - if (inoutData) - { - if (pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PUBLIC_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PRIVATE_KEY - || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - { - // This record is a key, do the right thing (tm). - // Allocate storage for the key. - CssmKey *outKey = allocator().alloc(); - new SSKey(*this, *outKey, db, uniqueId, pAttributes->DataRecordType, *inoutData); - - // Free the data we retrived (keyblob) - allocator().free(inoutData->Data); - - // Set the length and data on the data we return to the client - inoutData->Length = sizeof(*outKey); - inoutData->Data = reinterpret_cast(outKey); - } - } -} - -void -SSDLSession::FreeUniqueRecord(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier) -{ - killSSUniqueRecord(inUniqueRecordIdentifier); -} - -void -SSDLSession::PassThrough(CSSM_DB_HANDLE inDbHandle, - uint32 inPassThroughId, - const void *inInputParams, - void **outOutputParams) -{ - SSDatabase db = findDbHandle(inDbHandle); - switch (inPassThroughId) - { - case CSSM_APPLECSPDL_DB_LOCK: - db->lock(); - break; - case CSSM_APPLECSPDL_DB_UNLOCK: - if (inInputParams) - db->unlock(*reinterpret_cast(inInputParams)); - else - db->unlock(); - break; - case CSSM_APPLECSPDL_DB_GET_SETTINGS: - { - if (!outOutputParams) - CssmError::throwMe(CSSM_ERRCODE_INVALID_OUTPUT_POINTER); - - CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR params = - allocator().alloc(); - try - { - uint32 idleTimeout; - bool lockOnSleep; - db->getSettings(idleTimeout, lockOnSleep); - params->idleTimeout = idleTimeout; - params->lockOnSleep = lockOnSleep; - } - catch(...) - { - allocator().free(params); - throw; - } - *reinterpret_cast(outOutputParams) = params; - break; - } - case CSSM_APPLECSPDL_DB_SET_SETTINGS: - { - if (!inInputParams) - CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER); - - const CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS *params = - reinterpret_cast(inInputParams); - db->setSettings(params->idleTimeout, params->lockOnSleep); - break; - } - case CSSM_APPLECSPDL_DB_IS_LOCKED: - { - if (!outOutputParams) - CssmError::throwMe(CSSM_ERRCODE_INVALID_OUTPUT_POINTER); - - CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR params = - allocator().alloc(); - try - { - params->isLocked = db->isLocked(); - } - catch(...) - { - allocator().free(params); - throw; - } - *reinterpret_cast(outOutputParams) = params; - break; - } - case CSSM_APPLECSPDL_DB_CHANGE_PASSWORD: - { - if (!inInputParams) - CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER); - - const CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS *params = - reinterpret_cast(inInputParams); - db->changePassphrase(params->accessCredentials); - break; - } - case CSSM_APPLECSPDL_DB_GET_HANDLE: - { - using SecurityServer::DbHandle; - Required(outOutputParams, CSSM_ERRCODE_INVALID_OUTPUT_POINTER); - DbHandle &dbHandle = *(DbHandle *)outOutputParams; - dbHandle = db->dbHandle(); - break; - } - default: - { - CSSM_RETURN result = CSSM_DL_PassThrough(db->handle(), inPassThroughId, inInputParams, outOutputParams); - if (result) - CssmError::throwMe(result); - break; - } - } -} - -CSSM_DB_HANDLE -SSDLSession::makeDbHandle(SSDatabase &inDb) -{ - StLock _(mDbHandleLock); - CSSM_DB_HANDLE aDbHandle = inDb->handle().DBHandle; - IFDEBUG(bool inserted =) mDbHandleMap.insert(DbHandleMap::value_type(aDbHandle, inDb)).second; - assert(inserted); - return aDbHandle; -} - -SSDatabase -SSDLSession::killDbHandle(CSSM_DB_HANDLE inDbHandle) -{ - StLock _(mDbHandleLock); - DbHandleMap::iterator it = mDbHandleMap.find(inDbHandle); - if (it == mDbHandleMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_DB_HANDLE); - - SSDatabase db = it->second; - mDbHandleMap.erase(it); - return db; -} - -SSDatabase -SSDLSession::findDbHandle(CSSM_DB_HANDLE inDbHandle) -{ - StLock _(mDbHandleLock); - DbHandleMap::iterator it = mDbHandleMap.find(inDbHandle); - if (it == mDbHandleMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_DB_HANDLE); - - return it->second; -} - -CSSM_DB_UNIQUE_RECORD_PTR -SSDLSession::makeSSUniqueRecord(SSUniqueRecord &uniqueId) -{ - StLock _(mSSUniqueRecordLock); - CSSM_HANDLE ref = CSSM_HANDLE(static_cast(uniqueId)); - IFDEBUG(bool inserted =) mSSUniqueRecordMap.insert(SSUniqueRecordMap::value_type(ref, uniqueId)).second; - assert(inserted); - return createUniqueRecord(ref); -} - -SSUniqueRecord -SSDLSession::killSSUniqueRecord(CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - CSSM_HANDLE ref = parseUniqueRecord(inUniqueRecord); - StLock _(mSSUniqueRecordLock); - SSUniqueRecordMap::iterator it = mSSUniqueRecordMap.find(ref); - if (it == mSSUniqueRecordMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - SSUniqueRecord uniqueRecord = it->second; - mSSUniqueRecordMap.erase(it); - freeUniqueRecord(inUniqueRecord); - return uniqueRecord; -} - -SSUniqueRecord -SSDLSession::findSSUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - CSSM_HANDLE ref = parseUniqueRecord(inUniqueRecord); - StLock _(mSSUniqueRecordLock); - SSUniqueRecordMap::iterator it = mSSUniqueRecordMap.find(ref); - if (it == mSSUniqueRecordMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - return it->second; -} - -CSSM_DB_UNIQUE_RECORD_PTR -SSDLSession::createUniqueRecord(CSSM_HANDLE ref) -{ - CSSM_DB_UNIQUE_RECORD *aUniqueRecord = allocator().alloc(); - memset(aUniqueRecord, 0, sizeof(CSSM_DB_UNIQUE_RECORD)); - aUniqueRecord->RecordIdentifier.Length = sizeof(CSSM_HANDLE); - try - { - aUniqueRecord->RecordIdentifier.Data = allocator().alloc(sizeof(CSSM_HANDLE)); - *reinterpret_cast(aUniqueRecord->RecordIdentifier.Data) = ref; - } - catch(...) - { - free(aUniqueRecord); - throw; - } - - return aUniqueRecord; -} - -CSSM_HANDLE -SSDLSession::parseUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - if (inUniqueRecord.RecordIdentifier.Length != sizeof(CSSM_HANDLE)) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - return *reinterpret_cast(inUniqueRecord.RecordIdentifier.Data); -} - -void -SSDLSession::freeUniqueRecord(CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - if (inUniqueRecord.RecordIdentifier.Length != 0 - && inUniqueRecord.RecordIdentifier.Data != NULL) - { - inUniqueRecord.RecordIdentifier.Length = 0; - allocator().free(inUniqueRecord.RecordIdentifier.Data); - } - allocator().free(&inUniqueRecord); -} diff --git a/AppleCSPDL/SSDLSession.h b/AppleCSPDL/SSDLSession.h deleted file mode 100644 index b03a44d8..00000000 --- a/AppleCSPDL/SSDLSession.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSDLSession.h - DL session for security server CSP/DL. -// -#ifndef _H_SSDLSESSION -#define _H_SSDLSESSION - -#include - -#include "SSDatabase.h" - -class CSPDLPlugin; -class SSCSPDLSession; - -class SSDLSession : public DLPluginSession -{ -public: - SSCSPDLSession &mSSCSPDLSession; - - SSDLSession(CSSM_MODULE_HANDLE handle, - CSPDLPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - DatabaseManager &databaseManager, - SSCSPDLSession &ssCSPDLSession); - ~SSDLSession(); - - SecurityServer::ClientSession &clientSession() - { return mClientSession; } - void GetDbNames(CSSM_NAME_LIST_PTR &NameList); - void FreeNameList(CSSM_NAME_LIST &NameList); - void DbDelete(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const AccessCredentials *AccessCred); - void DbCreate(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_DBINFO &DBInfo, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - const void *OpenParameters, - CSSM_DB_HANDLE &DbHandle); - void DbOpen(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - CSSM_DB_ACCESS_TYPE AccessRequest, - const AccessCredentials *AccessCred, - const void *OpenParameters, - CSSM_DB_HANDLE &DbHandle); - void DbClose(CSSM_DB_HANDLE DBHandle); - void CreateRelation(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RelationID, - const char *RelationName, - uint32 NumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &pAttributeInfo, - uint32 NumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &pIndexInfo); - void DestroyRelation(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RelationID); - - void Authenticate(CSSM_DB_HANDLE DBHandle, - CSSM_DB_ACCESS_TYPE AccessRequest, - const AccessCredentials &AccessCred); - void GetDbAcl(CSSM_DB_HANDLE DBHandle, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeDbAcl(CSSM_DB_HANDLE DBHandle, - const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit); - void GetDbOwner(CSSM_DB_HANDLE DBHandle, - CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeDbOwner(CSSM_DB_HANDLE DBHandle, - const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle, - char **DbName); - void DataInsert(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *Attributes, - const CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - void DataDelete(CSSM_DB_HANDLE DBHandle, - const CSSM_DB_UNIQUE_RECORD &UniqueRecordIdentifier); - void DataModify(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD &UniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *AttributesToBeModified, - const CssmData *DataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode); - CSSM_HANDLE DataGetFirst(CSSM_DB_HANDLE DBHandle, - const DLQuery *Query, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - bool DataGetNext(CSSM_DB_HANDLE DBHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - void DataAbortQuery(CSSM_DB_HANDLE DBHandle, - CSSM_HANDLE ResultsHandle); - void DataGetFromUniqueRecordId(CSSM_DB_HANDLE DBHandle, - const CSSM_DB_UNIQUE_RECORD &UniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data); - void FreeUniqueRecord(CSSM_DB_HANDLE DBHandle, - CSSM_DB_UNIQUE_RECORD &UniqueRecord); - void PassThrough(CSSM_DB_HANDLE DBHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - - CssmAllocator &allocator() { return *static_cast(this); } - - SSDatabase findDbHandle(CSSM_DB_HANDLE inDbHandle); -protected: - CSSM_DB_HANDLE makeDbHandle(SSDatabase &inDb); - SSDatabase killDbHandle(CSSM_DB_HANDLE inDbHandle); - - Mutex mDbHandleLock; - typedef map DbHandleMap; - DbHandleMap mDbHandleMap; - - CSSM_DB_UNIQUE_RECORD_PTR makeSSUniqueRecord(SSUniqueRecord &uniqueId); - SSUniqueRecord killSSUniqueRecord(CSSM_DB_UNIQUE_RECORD &inUniqueRecord); - SSUniqueRecord findSSUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord); - - CSSM_DB_UNIQUE_RECORD_PTR createUniqueRecord(CSSM_HANDLE ref); - CSSM_HANDLE parseUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord); - void freeUniqueRecord(CSSM_DB_UNIQUE_RECORD &inUniqueRecord); - - Mutex mSSUniqueRecordLock; - typedef map SSUniqueRecordMap; - SSUniqueRecordMap mSSUniqueRecordMap; - - CssmClient::DL mDL; - SecurityServer::ClientSession mClientSession; -}; - - -#endif // _H_SSDLSESSION diff --git a/AppleCSPDL/SSDatabase.cpp b/AppleCSPDL/SSDatabase.cpp deleted file mode 100644 index 31cffa8a..00000000 --- a/AppleCSPDL/SSDatabase.cpp +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSDatabase.cpp - Security Server database object -// -#include "SSDatabase.h" - -#include "KeySchema.h" - -using namespace CssmClient; -using namespace SecurityServer; - -const char *const SSDatabaseImpl::DBBlobRelationName = "DBBlob"; - - -SSDatabaseImpl::SSDatabaseImpl(ClientSession &inClientSession, const CssmClient::DL &dl, - const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) - : Db::Impl(dl, inDbName, inDbLocation), mClientSession(inClientSession), mSSDbHandle(noDb) -{ -} - -SSDatabaseImpl::~SSDatabaseImpl() -{ - if (mSSDbHandle != noDb) - mClientSession.releaseDb(mSSDbHandle); -} - -SSUniqueRecord -SSDatabaseImpl::insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, bool) -{ - SSUniqueRecord uniqueId(SSDatabase(this)); - check(CSSM_DL_DataInsert(handle(), recordType, - attributes, - data, uniqueId)); - // Activate uniqueId so CSSM_DL_FreeUniqueRecord() gets called when it goes out of scope. - uniqueId->activate(); - return uniqueId; -} - -void -SSDatabaseImpl::authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCredentials) -{ - mClientSession.authenticateDb(dbHandle(), inAccessRequest, - AccessCredentials::overlay(inAccessCredentials)); -} - -void -SSDatabaseImpl::lock() -{ - mClientSession.lock(dbHandle()); - -} - -void -SSDatabaseImpl::unlock() -{ - mClientSession.unlock(dbHandle()); -} - -void -SSDatabaseImpl::unlock(const CSSM_DATA &password) -{ - mClientSession.unlock(dbHandle(), CssmData::overlay(password)); -} - -void -SSDatabaseImpl::getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep) -{ - DBParameters parameters; - mClientSession.getDbParameters(dbHandle(), parameters); - outIdleTimeout = parameters.idleTimeout; - outLockOnSleep = parameters.lockOnSleep; -} - -void -SSDatabaseImpl::setSettings(uint32 inIdleTimeout, bool inLockOnSleep) -{ - DBParameters parameters; - parameters.idleTimeout = inIdleTimeout; - parameters.lockOnSleep = inLockOnSleep; - mClientSession.setDbParameters(dbHandle(), parameters); - - // Reencode the db blob. - CssmDataContainer dbb(allocator()); - mClientSession.encodeDb(mSSDbHandle, dbb, allocator()); - getDbBlobId(NULL)->modify(DBBlobRelationID, NULL, &dbb, CSSM_DB_MODIFY_ATTRIBUTE_NONE); -} - -bool -SSDatabaseImpl::isLocked() -{ - return mClientSession.isLocked(dbHandle()); -} - -void -SSDatabaseImpl::changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred) -{ - mClientSession.changePassphrase(dbHandle(), AccessCredentials::overlay(cred)); - - // Reencode the db blob. - CssmDataContainer dbb(allocator()); - mClientSession.encodeDb(mSSDbHandle, dbb, allocator()); - getDbBlobId(NULL)->modify(DBBlobRelationID, NULL, &dbb, CSSM_DB_MODIFY_ATTRIBUTE_NONE); -} - -DbHandle -SSDatabaseImpl::dbHandle() -{ - activate(); - if (mForked()) { - // re-establish the dbHandle with the SecurityServer - CssmDataContainer dbb(allocator()); - getDbBlobId(&dbb); - mSSDbHandle = mClientSession.decodeDb(mIdentifier, - AccessCredentials::overlay(accessCredentials()), dbb); - } - return mSSDbHandle; -} - -void -SSDatabaseImpl::create(const DLDbIdentifier &dlDbIdentifier) -{ - mIdentifier = dlDbIdentifier; - DbImpl::create(); - - try - { - // @@@ The CSSM_DB_SCHEMA_ATTRIBUTE_INFO and CSSM_DB_SCHEMA_INDEX_INFO - // arguments should be optional. - createRelation(DBBlobRelationID, DBBlobRelationName, - 0, (CSSM_DB_SCHEMA_ATTRIBUTE_INFO *)42, - 0, (CSSM_DB_SCHEMA_INDEX_INFO *)42); - - // @@@ Only iff not already in mDbInfo - createRelation(CSSM_DL_DB_RECORD_PUBLIC_KEY, "CSSM_DL_DB_RECORD_PUBLIC_KEY", - KeySchema::KeySchemaAttributeCount, KeySchema::KeySchemaAttributeList, - KeySchema::KeySchemaIndexCount, KeySchema::KeySchemaIndexList); - - // @@@ Only iff not already in mDbInfo - createRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY, "CSSM_DL_DB_RECORD_PRIVATE_KEY", - KeySchema::KeySchemaAttributeCount, KeySchema::KeySchemaAttributeList, - KeySchema::KeySchemaIndexCount, KeySchema::KeySchemaIndexList); - - // @@@ Only iff not already in mDbInfo - createRelation(CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "CSSM_DL_DB_RECORD_SYMMETRIC_KEY", - KeySchema::KeySchemaAttributeCount, KeySchema::KeySchemaAttributeList, - KeySchema::KeySchemaIndexCount, KeySchema::KeySchemaIndexList); - - DBParameters dbParameters; - memset(&dbParameters, 0, sizeof(DBParameters)); - dbParameters.idleTimeout = kDefaultIdleTimeout; - dbParameters.lockOnSleep = kDefaultLockOnSleep; - - const AccessCredentials *cred = NULL; - const AclEntryInput *owner = NULL; - if (resourceControlContext()) - { - cred = AccessCredentials::overlay(resourceControlContext()->AccessCred); - owner = &AclEntryInput::overlay(resourceControlContext()->InitialAclEntry); - } - mSSDbHandle = mClientSession.createDb(dlDbIdentifier, cred, owner, dbParameters); - CssmDataContainer dbb(allocator()); - mClientSession.encodeDb(mSSDbHandle, dbb, allocator()); - Db::Impl::insert(DBBlobRelationID, NULL, &dbb); - } - catch(...) - { - DbImpl::deleteDb(); - throw; - } -} - -void -SSDatabaseImpl::open(const DLDbIdentifier &dlDbIdentifier) -{ - mIdentifier = dlDbIdentifier; - Db::Impl::open(); - - CssmDataContainer dbb(allocator()); - getDbBlobId(&dbb); - - mSSDbHandle = mClientSession.decodeDb(dlDbIdentifier, AccessCredentials::overlay(accessCredentials()), dbb); -} - -DbUniqueRecordImpl * -SSDatabaseImpl::newDbUniqueRecord() -{ - return new SSUniqueRecordImpl(SSDatabase(this)); -} - -CssmClient::DbUniqueRecord -SSDatabaseImpl::getDbBlobId(CssmDataContainer *dbb) -{ - CssmClient::DbUniqueRecord dbBlobId; - - DbCursor cursor(SSDatabase(this)); - cursor->recordType(DBBlobRelationID); - if (!cursor->next(NULL, dbb, dbBlobId)) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - return dbBlobId; -} - - - -SSUniqueRecordImpl::SSUniqueRecordImpl(const SSDatabase &db) -: DbUniqueRecord::Impl(db) -{ -} - -SSUniqueRecordImpl::~SSUniqueRecordImpl() -{ -} - -SSDatabase -SSUniqueRecordImpl::database() const -{ - return parent(); -} diff --git a/AppleCSPDL/SSDatabase.h b/AppleCSPDL/SSDatabase.h deleted file mode 100644 index 7f4e9c0e..00000000 --- a/AppleCSPDL/SSDatabase.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSDatabase.h - Security Server database object -// -#ifndef _H_SSDATABASE_ -#define _H_SSDATABASE_ - -#include -#include -#include - -class SSCSPDLSession; -class SSUniqueRecord; - -// -// Protected please ignore this class unless subclassing SSDatabase. -// -class SSDatabaseImpl : public CssmClient::DbImpl -{ - static const char *const DBBlobRelationName; - enum { - DBBlobRelationID = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000 - }; - -public: - SSDatabaseImpl(SecurityServer::ClientSession &inClientSession, - const CssmClient::DL &dl, - const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); - virtual ~SSDatabaseImpl(); - - void create(const DLDbIdentifier &dlDbIdentifier); - void open(const DLDbIdentifier &dlDbIdentifier); - SSUniqueRecord insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, bool); - void authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCredentials); - - // Passthrough functions (only implemented by AppleCSPDL). - void lock(); - void unlock(); - void unlock(const CSSM_DATA &password); - void getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep); - void setSettings(uint32 inIdleTimeout, bool inLockOnSleep); - bool isLocked(); - void changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred); - - // DbUniqueRecordMaker - CssmClient::DbUniqueRecordImpl *newDbUniqueRecord(); - - // New methods not inherited from DbImpl - SecurityServer::DbHandle dbHandle(); - -protected: - CssmClient::DbUniqueRecord getDbBlobId(CssmDataContainer *dbb); - -private: - enum - { - kDefaultIdleTimeout = 5 * 60, // 5 minute default autolock time - kDefaultLockOnSleep = true - }; - - DLDbIdentifier mIdentifier; - UnixPlusPlus::ForkMonitor mForked; - - SecurityServer::ClientSession &mClientSession; - SecurityServer::DbHandle mSSDbHandle; -}; - - -// -// SSDatabase -- A Security Server aware Db object. -// -class SSDatabase : public CssmClient::Db -{ -public: - typedef SSDatabaseImpl Impl; - - explicit SSDatabase(SSDatabaseImpl *impl) : CssmClient::Db(impl) {} - SSDatabase() : CssmClient::Db(NULL) {} - SSDatabase(SecurityServer::ClientSession &inClientSession, - const CssmClient::DL &dl, - const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) - : CssmClient::Db(new SSDatabaseImpl(inClientSession, dl, inDbName, inDbLocation)) {} - - SSDatabaseImpl *operator ->() const { return &impl(); } - SSDatabaseImpl &operator *() const { return impl(); } - - // For convinience only - SecurityServer::DbHandle dbHandle() { return (*this) ? (*this)->dbHandle() : SecurityServer::noDb; } -}; - - -class SSUniqueRecordImpl : public CssmClient::DbUniqueRecordImpl -{ -public: - SSUniqueRecordImpl(const SSDatabase &db); - virtual ~SSUniqueRecordImpl(); - - SSDatabase database() const; -}; - - -class SSUniqueRecord : public CssmClient::DbUniqueRecord -{ -public: - typedef SSUniqueRecordImpl Impl; - - explicit SSUniqueRecord(SSUniqueRecordImpl *impl) : CssmClient::DbUniqueRecord(impl) {} - SSUniqueRecord() : CssmClient::DbUniqueRecord(NULL) {} - SSUniqueRecord(const SSDatabase &db) : CssmClient::DbUniqueRecord(new SSUniqueRecordImpl(db)) {} - - SSUniqueRecordImpl *operator ->() const { return &impl(); } - SSUniqueRecordImpl &operator *() const { return impl(); } -}; - - -#endif // _H_SSDATABASE_ diff --git a/AppleCSPDL/SSFactory.cpp b/AppleCSPDL/SSFactory.cpp deleted file mode 100644 index 93f0dcaa..00000000 --- a/AppleCSPDL/SSFactory.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSFactory -- The factory for Security Server context objects -// -#include "SSFactory.h" - -#include "SSContext.h" - - -// -// SSFactory -- The factory for Security Server context objects -// -bool SSFactory::setup(SSCSPSession &session, CSPFullPluginSession::CSPContext * &cspCtx, - const Context &context, bool encoding) -{ - if (cspCtx) - return false; // not ours or already set - - switch (context.type()) - { - case CSSM_ALGCLASS_SIGNATURE: - cspCtx = new SSSignatureContext(session); - return true; - case CSSM_ALGCLASS_MAC: - cspCtx = new SSMACContext(session); - return true; - case CSSM_ALGCLASS_DIGEST: - cspCtx = new SSDigestContext(session); - return true; - case CSSM_ALGCLASS_SYMMETRIC: - case CSSM_ALGCLASS_ASYMMETRIC: - cspCtx = new SSCryptContext(session); // @@@ Could also be wrap/unwrap - return true; - case CSSM_ALGCLASS_RANDOMGEN: - cspCtx = new SSRandomContext(session); // @@@ Should go. - return true; - } - - return false; - -#if 0 - /* FIXME - qualify by ALGCLASS as well to avoid MAC */ - switch (context.algorithm()) { - case CSSM_ALGID_MD5: - cspCtx = new MD5Context(session); - return true; - case CSSM_ALGID_SHA1: - cspCtx = new SHA1Context(session); - return true; - } - return false; - - if (ctx) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); // won't support re-definition - switch (context.algorithm()) { - case CSSM_ALGID_ROTTY_ROT_16: - ctx = new SSContext(16); - return true; - case CSSM_ALGID_ROTTY_ROT_37: - ctx = new SSContext(37); - return true; - } -#endif - return false; -} diff --git a/AppleCSPDL/SSFactory.h b/AppleCSPDL/SSFactory.h deleted file mode 100644 index 66d0ea3b..00000000 --- a/AppleCSPDL/SSFactory.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSAlgorithms.h - Description t.b.d. -// -#ifndef _H_SS_ALGORITHMS -#define _H_SS_ALGORITHMS - -#include - -/* Can't include CSPDLPlugin.h due to circular dependency */ -class SSCSPSession; - -// no longer a subclass of AlgorithmFactory due to -// differing setup() methods -class SSFactory -{ -public: - bool setup(SSCSPSession &session, CSPFullPluginSession::CSPContext * &ctx, - const Context &context, bool encoding); -}; - -#endif // _H_SS_ALGORITHMS diff --git a/AppleCSPDL/SSKey.cpp b/AppleCSPDL/SSKey.cpp deleted file mode 100644 index 0170b34c..00000000 --- a/AppleCSPDL/SSKey.cpp +++ /dev/null @@ -1,347 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSKey - reference keys for the security server -// -#include "SSKey.h" - -#include "SSCSPSession.h" -#include "SSCSPDLSession.h" -#include "SSDatabase.h" -#include "SSDLSession.h" -#include "KeySchema.h" -#include - -using namespace CssmClient; -using namespace SecurityServer; - -// Constructor for a Security Server generated key. -SSKey::SSKey(SSCSPSession &session, KeyHandle keyHandle, CssmKey &ioKey, - SSDatabase &inSSDatabase, uint32 inKeyAttr, - const CssmData *inKeyLabel) -: ReferencedKey(session.mSSCSPDLSession), -mAllocator(session), mKeyHandle(keyHandle), -mClientSession(session.clientSession()) -{ - CssmKey::Header &header = ioKey.header(); - if (inKeyAttr & CSSM_KEYATTR_PERMANENT) - { - if (!inSSDatabase) - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE); - - // EncodeKey and store it in the db. - CssmDataContainer blob(mAllocator); - clientSession().encodeKey(keyHandle, blob); - - assert(header.HeaderVersion == CSSM_KEYHEADER_VERSION); - switch (header.KeyClass) - { - case CSSM_KEYCLASS_PUBLIC_KEY: - mRecordType = CSSM_DL_DB_RECORD_PUBLIC_KEY; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - mRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - break; - case CSSM_KEYCLASS_SESSION_KEY: - mRecordType = CSSM_DL_DB_RECORD_SYMMETRIC_KEY; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - CssmData label; - if (inKeyLabel) - label = *inKeyLabel; - - CssmData none; - // We store the keys real CSP guid on disk - CssmGuidData creatorGuid(header.CspId); - CssmDateData startDate(header.StartDate); - CssmDateData endDate(header.EndDate); - - DbAttributes attributes(inSSDatabase); - attributes.recordType(mRecordType); - attributes.add(KeySchema::KeyClass, mRecordType); - attributes.add(KeySchema::PrintName, label); - attributes.add(KeySchema::Alias, none); - attributes.add(KeySchema::Permanent, - header.attribute(CSSM_KEYATTR_PERMANENT)); - attributes.add(KeySchema::Private, - header.attribute(CSSM_KEYATTR_PRIVATE)); - attributes.add(KeySchema::Modifiable, - header.attribute(CSSM_KEYATTR_MODIFIABLE)); - attributes.add(KeySchema::Label, label); - attributes.add(KeySchema::ApplicationTag, none); - attributes.add(KeySchema::KeyCreator, creatorGuid); - attributes.add(KeySchema::KeyType, header.AlgorithmId); - attributes.add(KeySchema::KeySizeInBits, header.LogicalKeySizeInBits); - // @@@ Get the real effective key size. - attributes.add(KeySchema::EffectiveKeySize, header.LogicalKeySizeInBits); - attributes.add(KeySchema::StartDate, startDate); - attributes.add(KeySchema::EndDate, endDate); - attributes.add(KeySchema::Sensitive, - header.attribute(CSSM_KEYATTR_SENSITIVE)); - attributes.add(KeySchema::AlwaysSensitive, - header.attribute(CSSM_KEYATTR_ALWAYS_SENSITIVE)); - attributes.add(KeySchema::Extractable, - header.attribute(CSSM_KEYATTR_EXTRACTABLE)); - attributes.add(KeySchema::NeverExtractable, - header.attribute(CSSM_KEYATTR_NEVER_EXTRACTABLE)); - attributes.add(KeySchema::Encrypt, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_ENCRYPT)); - attributes.add(KeySchema::Decrypt, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_DECRYPT)); - attributes.add(KeySchema::Derive, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_DERIVE)); - attributes.add(KeySchema::Sign, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_SIGN)); - attributes.add(KeySchema::Verify, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_VERIFY)); - attributes.add(KeySchema::SignRecover, - header.useFor(CSSM_KEYUSE_ANY - | CSSM_KEYUSE_SIGN_RECOVER)); - attributes.add(KeySchema::VerifyRecover, - header.useFor(CSSM_KEYUSE_ANY - | CSSM_KEYUSE_VERIFY_RECOVER)); - attributes.add(KeySchema::Wrap, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_WRAP)); - attributes.add(KeySchema::Unwrap, - header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_UNWRAP)); - - // @@@ Fixme - mUniqueId = inSSDatabase->insert(mRecordType, &attributes, &blob, - true); - } - - header.cspGuid(session.plugin.myGuid()); // Set the csp guid to me. - makeReferenceKey(mAllocator, keyReference(), ioKey); -} - -// Constructor for a key retrived from a Db. -SSKey::SSKey(SSDLSession &session, CssmKey &ioKey, SSDatabase &inSSDatabase, - const SSUniqueRecord &uniqueId, CSSM_DB_RECORDTYPE recordType, - CssmData &keyBlob) -: ReferencedKey(session.mSSCSPDLSession), -mAllocator(session.allocator()), mKeyHandle(noKey), mUniqueId(uniqueId), -mRecordType(recordType), -mClientSession(session.clientSession()) -{ - CssmKey::Header &header = ioKey.header(); - memset(&header, 0, sizeof(header)); // Clear key header - - if (!mUniqueId || !mUniqueId->database()) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - - header.HeaderVersion = CSSM_KEYHEADER_VERSION; - switch (mRecordType) - { - case CSSM_DL_DB_RECORD_PUBLIC_KEY: - header.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - break; - case CSSM_DL_DB_RECORD_PRIVATE_KEY: - header.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; - break; - case CSSM_DL_DB_RECORD_SYMMETRIC_KEY: - header.KeyClass = CSSM_KEYCLASS_SESSION_KEY; - break; - default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - } - - DbAttributes attributes(mUniqueId->database()); - attributes.recordType(mRecordType); - attributes.add(KeySchema::KeyClass); // 0 - attributes.add(KeySchema::Permanent); // 1 - attributes.add(KeySchema::Private); // 2 - attributes.add(KeySchema::Modifiable); // 3 - attributes.add(KeySchema::KeyCreator); // 4 - attributes.add(KeySchema::KeyType); // 5 - attributes.add(KeySchema::KeySizeInBits); // 6 - attributes.add(KeySchema::StartDate); // 7 - attributes.add(KeySchema::EndDate); // 8 - attributes.add(KeySchema::Sensitive); // 9 - attributes.add(KeySchema::AlwaysSensitive); // 10 - attributes.add(KeySchema::Extractable); // 11 - attributes.add(KeySchema::NeverExtractable); // 12 - attributes.add(KeySchema::Encrypt); // 13 - attributes.add(KeySchema::Decrypt); // 14 - attributes.add(KeySchema::Derive); // 15 - attributes.add(KeySchema::Sign); // 16 - attributes.add(KeySchema::Verify); // 17 - attributes.add(KeySchema::SignRecover); // 18 - attributes.add(KeySchema::VerifyRecover); // 19 - attributes.add(KeySchema::Wrap); // 20 - attributes.add(KeySchema::Unwrap); // 21 - - mUniqueId->get(&attributes, NULL); - - // Assert that the mRecordType matches the KeyClass attribute. - if (mRecordType != uint32(attributes[0])) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - - header.AlgorithmId = attributes[5]; // KeyType - header.LogicalKeySizeInBits = attributes[6]; // KeySizeInBits - - if (attributes[1]) header.setAttribute(CSSM_KEYATTR_PERMANENT); - if (attributes[2]) header.setAttribute(CSSM_KEYATTR_PRIVATE); - if (attributes[3]) header.setAttribute(CSSM_KEYATTR_MODIFIABLE); - if (attributes[9]) header.setAttribute(CSSM_KEYATTR_SENSITIVE); - if (attributes[11]) header.setAttribute(CSSM_KEYATTR_EXTRACTABLE); - if (attributes[10]) header.setAttribute(CSSM_KEYATTR_ALWAYS_SENSITIVE); - if (attributes[12]) header.setAttribute(CSSM_KEYATTR_NEVER_EXTRACTABLE); - - if (attributes[13]) header.usage(CSSM_KEYUSE_ENCRYPT); - if (attributes[14]) header.usage(CSSM_KEYUSE_DECRYPT); - if (attributes[15]) header.usage(CSSM_KEYUSE_DERIVE); - if (attributes[16]) header.usage(CSSM_KEYUSE_SIGN); - if (attributes[17]) header.usage(CSSM_KEYUSE_VERIFY); - if (attributes[18]) header.usage(CSSM_KEYUSE_SIGN_RECOVER); - if (attributes[19]) header.usage(CSSM_KEYUSE_VERIFY_RECOVER); - if (attributes[20]) header.usage(CSSM_KEYUSE_WRAP); - if (attributes[21]) header.usage(CSSM_KEYUSE_UNWRAP); - - // If all usages are allowed set usage to CSSM_KEYUSE_ANY - if (header.usage() == (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT - | CSSM_KEYUSE_DERIVE | CSSM_KEYUSE_SIGN - | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_SIGN_RECOVER - | CSSM_KEYUSE_VERIFY_RECOVER | CSSM_KEYUSE_WRAP - | CSSM_KEYUSE_UNWRAP)) - header.usage(CSSM_KEYUSE_ANY); - - if (!attributes[7].size() || !attributes[8].size()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - - header.StartDate = attributes[7].at(0); - header.EndDate = attributes[8].at(0); - - makeReferenceKey(mAllocator, keyReference(), ioKey); - header.cspGuid(session.plugin.myGuid()); // Set the csp guid to me. -} - -SSKey::~SSKey() -{ - if (mKeyHandle != noKey) - clientSession().releaseKey(mKeyHandle); -} - -void -SSKey::free(const AccessCredentials *accessCred, CssmKey &ioKey, - CSSM_BOOL deleteKey) -{ - freeReferenceKey(mAllocator, ioKey); - if (deleteKey) - { - if (!mUniqueId || !mUniqueId->database()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - - // @@@ Evaluate accessCred against Db acl. - // What should we do with accessCred? Reauthenticate - // mUniqueId->database()? - mUniqueId->deleteRecord(); - } - - if (mKeyHandle != noKey) - { - clientSession().releaseKey(mKeyHandle); - mKeyHandle = noKey; - } -} - -SecurityServer::ClientSession & -SSKey::clientSession() -{ - return mClientSession; -} - -KeyHandle SSKey::optionalKeyHandle() const -{ - return mKeyHandle; -} - -KeyHandle -SSKey::keyHandle() -{ - if (mKeyHandle == noKey) - { - // Deal with uninstantiated keys. - if (!mUniqueId || !mUniqueId->database()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - - CssmDataContainer blob(mAllocator); - mUniqueId->get(NULL, &blob); - CssmKey::Header dummyHeader; // @@@ Unused - mKeyHandle = - clientSession().decodeKey(mUniqueId->database().dbHandle(), blob, - dummyHeader); - - // @@@ Check decoded header against returned header - } - - return mKeyHandle; -} - -// -// ACL retrieval and change operations -// -void -SSKey::getOwner(CSSM_ACL_OWNER_PROTOTYPE &owner, CssmAllocator &allocator) -{ - clientSession().getKeyOwner(keyHandle(), AclOwnerPrototype::overlay(owner), - allocator); -} - -void -SSKey::changeOwner(const AccessCredentials &accessCred, - const AclOwnerPrototype &newOwner) -{ - clientSession().changeKeyOwner(keyHandle(), accessCred, newOwner); - didChangeAcl(); -} - -void -SSKey::getAcl(const char *selectionTag, uint32 &numberOfAclInfos, - AclEntryInfo *&aclInfos, CssmAllocator &allocator) -{ - clientSession().getKeyAcl(keyHandle(), selectionTag, numberOfAclInfos, - aclInfos, allocator); -} - -void -SSKey::changeAcl(const AccessCredentials &accessCred, const AclEdit &aclEdit) -{ - clientSession().changeKeyAcl(keyHandle(), accessCred, aclEdit); - didChangeAcl(); -} - -void -SSKey::didChangeAcl() -{ - if (mUniqueId == true) - { - secdebug("keyacl", "SSKey::didChangeAcl() keyHandle: %lu updating DL entry", mKeyHandle); - // The key is persistant, make the change on disk. - CssmDataContainer keyBlob(mAllocator); - clientSession().encodeKey(keyHandle(), keyBlob); - mUniqueId->modify(mRecordType, NULL, &keyBlob, CSSM_DB_MODIFY_ATTRIBUTE_NONE); - } - else - { - secdebug("keyacl", "SSKey::didChangeAcl() keyHandle: %lu transient key no update done", mKeyHandle); - } -} diff --git a/AppleCSPDL/SSKey.h b/AppleCSPDL/SSKey.h deleted file mode 100644 index d6969a3a..00000000 --- a/AppleCSPDL/SSKey.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SSKey.h - CSP-wide SSKey base class -// -#ifndef _H_SSKEY_ -#define _H_SSKEY_ - -#include - -#include "SSDatabase.h" - -#include -#include - -namespace Security -{ - -class CssmKey; - -} // end namespace Security - -class SSCSPSession; -class SSCSPDLSession; -class SSDLSession; - -class SSKey : public ReferencedKey -{ -public: - SSKey(SSCSPSession &session, SecurityServer::KeyHandle keyHandle, - CssmKey &ioKey, SSDatabase &inSSDatabase, uint32 inKeyAttr, - const CssmData *inKeyLabel); - SSKey(SSDLSession &session, CssmKey &ioKey, SSDatabase &inSSDatabase, - const SSUniqueRecord &uniqueId, CSSM_DB_RECORDTYPE recordType, - CssmData &keyBlob); - - virtual ~SSKey(); - void free(const AccessCredentials *accessCred, CssmKey &ioKey, - CSSM_BOOL deleteKey); - - SecurityServer::ClientSession &clientSession(); - - /* Might return SecurityServer::noKey if the key has not yet been instantiated. */ - SecurityServer::KeyHandle optionalKeyHandle() const; - - /* Will instantiate the key if needed. */ - SecurityServer::KeyHandle keyHandle(); - - // ACL retrieval and change operations - void getOwner(CSSM_ACL_OWNER_PROTOTYPE &owner, CssmAllocator &allocator); - void changeOwner(const AccessCredentials &accessCred, - const AclOwnerPrototype &newOwner); - void getAcl(const char *selectionTag, uint32 &numberOfAclInfos, - AclEntryInfo *&aclInfos, CssmAllocator &allocator); - void changeAcl(const AccessCredentials &accessCred, - const AclEdit &aclEdit); - - // Reencode and write to disk if we are a persistant key. - void didChangeAcl(); - -private: - CssmAllocator &mAllocator; - SecurityServer::KeyHandle mKeyHandle; - SSDatabase mSSDatabase; - SSUniqueRecord mUniqueId; - CSSM_DB_RECORDTYPE mRecordType; - SecurityServer::ClientSession &mClientSession; -}; - - -#endif // _H_SSKEY_ diff --git a/AppleCSPDL/cspdl_common.mdsinfo b/AppleCSPDL/cspdl_common.mdsinfo deleted file mode 100644 index a402a535..00000000 --- a/AppleCSPDL/cspdl_common.mdsinfo +++ /dev/null @@ -1,28 +0,0 @@ - - - - - BuiltIn - - CDSAVersion - 2.0 - Desc - Apple built-in CSPDL - DynamicFlag - - MdsFileDescription - Built-in CSPDL Common info - MdsFileType - PluginCommon - ModuleID - {87191ca3-0fc9-11d4-849a000502b52122} - ModuleName - AppleCSPDL - MultiThreadFlag - - ProductVersion - 1.0 - ServiceMask - CSSM_SERVICE_CSP | CSSM_SERVICE_DL - - diff --git a/AppleCSPDL/cspdl_csp_capabilities.mdsinfo b/AppleCSPDL/cspdl_csp_capabilities.mdsinfo deleted file mode 100644 index 0cfb82ae..00000000 --- a/AppleCSPDL/cspdl_csp_capabilities.mdsinfo +++ /dev/null @@ -1,18 +0,0 @@ - - - - - Capabilities - file:csp_capabilities_common.mds - MdsFileDescription - Built-in CSPDL CSP Capabilities - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE - ModuleID - {87191ca3-0fc9-11d4-849a000502b52122} - SSID - 0 - - diff --git a/AppleCSPDL/cspdl_csp_primary.mdsinfo b/AppleCSPDL/cspdl_csp_primary.mdsinfo deleted file mode 100644 index 9bb65f8e..00000000 --- a/AppleCSPDL/cspdl_csp_primary.mdsinfo +++ /dev/null @@ -1,61 +0,0 @@ - - - - - AclSubjectTypes - - CSSM_ACL_SUBJECT_TYPE_PASSWORD - CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD - CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY - CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE - CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT - - AuthTags - - CSSM_ACL_AUTHORIZATION_ANY - - CspCustomFlags - 0 - CspFlags - CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_SESSION_KEYS - CspType - CSSM_CSP_SOFTWARE - MdsFileDescription - Built-in CSPDL CSP Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE - ModuleID - {87191ca3-0fc9-11d4-849a000502b52122} - ModuleName - AppleCSPDL - ProductVersion - 1.0 - SSID - 0 - SampleTypes - - CSSM_SAMPLE_TYPE_PASSWORD - CSSM_SAMPLE_TYPE_HASHED_PASSWORD - CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD - CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD - CSSM_SAMPLE_TYPE_SIGNED_NONCE - CSSM_SAMPLE_TYPE_SIGNED_SECRET - CSSM_SAMPLE_TYPE_BIOMETRIC - CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC - CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC - CSSM_SAMPLE_TYPE_THRESHOLD - CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT - CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK - CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK - CSSM_SAMPLE_TYPE_PROCESS - CSSM_SAMPLE_TYPE_COMMENT - CSSM_SAMPLE_TYPE_RETRY_ID - - UseeTags - - Vendor - Apple Computer, Inc. - - diff --git a/AppleCSPDL/cspdl_dl_primary.mdsinfo b/AppleCSPDL/cspdl_dl_primary.mdsinfo deleted file mode 100644 index e90fa265..00000000 --- a/AppleCSPDL/cspdl_dl_primary.mdsinfo +++ /dev/null @@ -1,73 +0,0 @@ - - - - - AclSubjectTypes - - CSSM_ACL_SUBJECT_TYPE_PASSWORD - CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD - CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY - CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE - CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT - - AuthTags - - CSSM_ACL_AUTHORIZATION_ANY - - ConjunctiveOps - - CSSM_DB_NONE - CSSM_DB_AND - CSSM_DB_OR - - DLType - CSSM_DL_FFS - MdsFileDescription - Built-in CSPDL DL Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_DL_PRIMARY_RECORDTYPE - ModuleID - {87191ca3-0fc9-11d4-849a000502b52122} - ModuleName - AppleCSPDL - ProductVersion - 1.0 - QueryLimitsFlag - 0 - RelationalOps - - CSSM_DB_EQUAL - CSSM_DB_LESS_THAN - CSSM_DB_GREATER_THAN - CSSM_DB_CONTAINS_FINAL_SUBSTRING - CSSM_DB_CONTAINS_INITIAL_SUBSTRING - CSSM_DB_CONTAINS - - - SSID - 1 - SampleTypes - - CSSM_SAMPLE_TYPE_PASSWORD - CSSM_SAMPLE_TYPE_HASHED_PASSWORD - CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD - CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD - CSSM_SAMPLE_TYPE_SIGNED_NONCE - CSSM_SAMPLE_TYPE_SIGNED_SECRET - CSSM_SAMPLE_TYPE_BIOMETRIC - CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC - CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC - CSSM_SAMPLE_TYPE_THRESHOLD - CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT - CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK - CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK - CSSM_SAMPLE_TYPE_PROCESS - CSSM_SAMPLE_TYPE_COMMENT - CSSM_SAMPLE_TYPE_RETRY_ID - - Vendor - Apple Computer, Inc. - - diff --git a/AppleCSPDL/cssmplugin.exp b/AppleCSPDL/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/AppleCSPDL/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/AppleDL/AppleCSPDL.mcp b/AppleDL/AppleCSPDL.mcp deleted file mode 100644 index a4eb36faef46da5048dca34bfc82b62b497ed480..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28375 zcmeHQYm8gRb)I|q(qkn{isM&onX(=$OY4;r#g5Fx&aSw-(t1fPC9a}PUtBJEwM&by zkX&0zkY?K?ZPPZefx0kI#7>RYNtysf(z*!H2kf*cYQ!y?)&YXLO_Krvn$~UFA4!3r zaMkadIV3N+9Q$@=IeKTjyoI8&*XNEI(@4d>DN_nM}Pbur5Qn{2;kNu)j{sd&B zmTe(26fI?)bLmPYSE_^)mC|EQrdH3|5OE<}9f?F&sC|eu;*toba(O2lPnXM0(eagBJ{z9ASgWK(X~J1tSz2-`VN-;u zpdmc7Qmo|)j*&iiY$nV>IpGwWf{9!;U9CEW#k^B#N>AiVi|KrLwv4NDA9Ux$a>Wbo zbbVw^Z;wO|A4VO8GMX;MMYRl$P;7Q1Iu%D_Om*>eW;Pj)J1_t&Qgrf0oJdzQXhCaP zB5W-zk%+c-i-NV?qO^0jnB(pi(}~F`X$KSHy}FOc9j_MLO+Dj$u-Q)04eP;+<*GFn z)5#4Y?OqV+-~^F1J`iblfk=H4<>>e%= zxd$uK9Qa7bagTHu_PVU4AdZpCmm^HC=?jG&`@#%YUzn5u*9E!zg}j#Gj{grfzzz9@b5(#p}8$H9WEI zbv+fuWxMIQJ=RO7W#qjS*LZ`MvUrG>O5Ibs>9oxXZ?%SlcU3dXX1DCMGpd^=<@MR) zrPG&PSwP=*rE(9uQiZe8t6{zDj%%BC`2e!+LBO>MWO1%? zjRIMmzw|?pl|jHY3uN)o$F&P&{W1df6J-510+tK1UPQn(4P<=<0oOK=^|uJP#(}Kw zAdq#z`Y-TY%Rn~!DmJzmbBzMo_aWdK2eQWza4iJcNd#eX;Ijz!Xja)55wmX~`;!Rv zYF62_;XdJi5AlBCUq#Gy7G%GUU|6%t{#V2Yg?|$<*Ikg0HanzQ`KSgM5FAfa^EN_ZkAO z;~*dH`JiT%?+1vvUW5F!G1qgD|2P7UG04A!Afj32e-bg*dyxMR5YR_Ke%j$-&8h(X zm%kOD0Q<_{3{ZeRJVp*YZO*X)1zteF`apqK5JWYr0{@11!tg=*6m0|wvMp1ZRYBV7 zgzz6ld{X$&BIa)mDEKu5k7`y0IW9AX4}}rOgdam37oNUBp9Y0Kfq?D4p@^qhHI=JW zdEa5F;1p{rk{&Is)Ko0D7@jVaOO;xf$MksOoI80uozIs_#qdcdUsmyRVYA28isx`F z*2i|Hu)R{)$GI;xJ5=uKWe?bX;%PbAw4Y#FPbw`ZlE%qH4iv1SzQHBmvXP}=&4$(0 zD6;hpX4?kdBpVxbInK5pTH9|^v}`md(zWzry6TKBtBJ*EsaSI^)u zV$D)EyU3epB9#Q?r&pZHB@r8*(qv}YDWpX#iDll6NSAY38lOnI>vtuW6%vhxvT^RT z&W)F{D|ypGVL%5V>Z{FhNipA^=x-Pn%%DFHmne7=rPMRop2OsP8msvw=f0Z*rMj6vr~)W-1Lha&lT(ZD6SqwK1|r_!scbJi*)ajD`hS~5mQgjsYc|cLOl+n z7G0yr>y@_Lj%ln5J?==T$k}4yE=Up`>Yb%S*`s27=YkHN8rF7LPy`J#`-Zs*W zNlwq6op1C-jMJKKNwqb;wGNmSC3L6-25*$2Rk}4N+Eiu`IV(yF;5pAFPHO9G?|!)={3=vMwjckN!+i`m5MHv ziI|tH!=-gm%hF&fXo!~oA2t}4)EPi*3(tKP_irTb2mP8eds*s{xJL|X&g{uT!k1kMK>8t2KYy^i`uXE_@b&Y@e(?442lvXi0U(QeQ0jp!?j30hko6M? zU-IBpF}XBS#u7X6rN|7Dd9hk_=NE6<4NIv12OFg@_hjTeF)_HLj*ILRlZjd%lX6i z4e)aQ@X?3a4v_Cn1akiHZvvm76w`7Cg43E+e)=Hi9>{+$f~01ZpW`(r{4uV0to1@pwL?pl?2k{tdBHXF zEx^qHZ9%)+0BuDZ(KhTm`^>)5KC}z%%5jMTZwEN{j{={zi(>%iCdZ$Codh_pv_E}`e#tSXKhR%?0FLWTz%9V7z-_=* zU=-l|xC__~+zo_*J-|Hx$9*5LA2pLiDA z2kxH+v=J?UKN!2bVk25W_j#LaaC#d++lzCjIhWilwtC#|G36*TvR!TP4AW0SaGzr@25A9ktRp_5KJi+jN?{R5(RNa7KfzJGJ$Rwb_Ri^gt= z_es20;&2#u>Wj5>u2_wLO(u1Fwo2}HiFZi6t7|>=p497Ulpp&1bHB;63ur9#`A^*+ zE2Xn|@;1DPTlh>PfAtIIxEH>B`M>`dKY$hvPCTjv$9NQhGxLl#pn(Nwfy*F7e3ZqC zwBGQ?AA@SSOvC#JUbB%rM*PC(@{8z4y zJ}?HC5U#)L23i}$0(dAdVBUwj;tszTG@eM{aXxEx{^ct!rg0(5Yb4HEPg$Go4>i)7 zu~u8tSDnJ-*la$|GmAF^uZS8};2((n6R{KXnG3lrUo|?H#7j>h^LJw_mC6XJ*jFfUAe+GqQX=Pub&ih#dPh;s_)X~wH@xFcn!oZt8O>Tnz8Mcvx(`^a>Y5H zyV$uFy#(r|&{qCarJ}b5tavIJ_wOLL) z9y`7^r&WSKh`L{TZOxQaJQ3pqz@F4sIp?Aio`v+0xd5HnI7;!`xboF1(~zg(}qcW#|22OsV8 zp#ICrc=oK9ombHY)1J(-mnZgLPI<+nTeP#MeH!iQ@teXA3iKk~ud1`uORracwv_Sg zQ?KipzW`LK74Jz(#U8YP{OWSP=epYVv4xJMR`F0q#|)RSpK_=^3M08LTQ{4KD@OTx zkq7njyTi*z@y2-1&Uw_cAbF!#IcO}$>}>SLSxRk-Lf6~Q=DPgFy#_17RSu>ewgrU! z%)quW?wIU(4|@0Y<{9hU^Wr9B$ByGWGV9v&b}#1|?Rl?DkMFUfHhz=4T1S4{GhV;! zu037Pa=aVVe|x+)QR^tjv!K4q`BCpNyV!XLrpo&Em|Y5Ll+*7XvsXEN?lHR*v)X7+ zpL@)n<@CG9>|9WzJ=fqD#q2TBK@UPJ_$41t;%9z56_B~+Q$QUq_%YwBb{;VFbDewD zuI12VKdQZIKjWp_a~>A zIpDi+EoA;Y(jpop)@gy%RsMNyoz-+)mqz` zZre#bX0Qr*+h2S)L*JsDpRaP!&R3e{=+CZ6-tCYFSw6~f%kPHVrX1zC<$E9xs6tKu zrP=k9vE_3pa20Z{GA{YHgGh%9wJO``l5eGa2lR7oa(+tdV4;@h{c@N75I;3_5bc4! zyFCZc9($xvuC~b!ejoBX3$>-Ter;W7mIJOqTYm}crUE|u+z@GI>r;rHE~MN4vOe-8 z;_`i?rCqE9JpQ{4Rynx^sA45>~Ggl;SH^yBHYxx4#6Q{Q(W_L$J9}V!zxp z#4Tt`wlI)&hztN4{NcSdX;uI z@_Fh$V&p@gMQrM|KJ!uV@=VXrAA#Ru^gqE*kBtGKp+9F}etefTc$tb@@k zg0GtL|L%w2XDG!NkzgO|HZ8YLu&IU3wM_Qwl#wrg Q2;(C4e(`@GV}0s>0o04ocmMzZ diff --git a/AppleDL/AppleDLPlugin.cpp b/AppleDL/AppleDLPlugin.cpp deleted file mode 100644 index fe86ad96..00000000 --- a/AppleDL/AppleDLPlugin.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtai -n - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Produce the "genuine plugin version" of the Apple "file DL" -// -#include - - -// -// Create the plugin object and generate the C layer hookup -// -ModuleNexus plugin; - -#include diff --git a/AppleDL/AppleFileDL.cpp b/AppleDL/AppleFileDL.cpp deleted file mode 100644 index 11ac1847..00000000 --- a/AppleDL/AppleFileDL.cpp +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleFileDL.cpp - File Based DL plug-in module. -// -#include "AppleFileDL.h" - -#include - - -// Names and IDs of tables used in a DL database - -static const AppleDatabaseTableName kTableNames[] = { - { CSSM_DL_DB_SCHEMA_INFO, "CSSM_DL_DB_SCHEMA_INFO" }, - { CSSM_DL_DB_SCHEMA_ATTRIBUTES, "CSSM_DL_DB_SCHEMA_ATTRIBUTES" }, - { CSSM_DL_DB_SCHEMA_INDEXES, "CSSM_DL_DB_SCHEMA_INDEXES" }, - { CSSM_DL_DB_SCHEMA_PARSING_MODULE, "CSSM_DL_DB_SCHEMA_PARSING_MODULE" }, - { CSSM_DL_DB_RECORD_CERT, "CSSM_DL_DB_RECORD_CERT" }, - { CSSM_DL_DB_RECORD_CRL, "CSSM_DL_DB_RECORD_CRL" }, - { CSSM_DL_DB_RECORD_POLICY, "CSSM_DL_DB_RECORD_POLICY" }, - { CSSM_DL_DB_RECORD_GENERIC, "CSSM_DL_DB_RECORD_GENERIC" }, - { CSSM_DL_DB_RECORD_PUBLIC_KEY, "CSSM_DL_DB_RECORD_PUBLIC_KEY" }, - { CSSM_DL_DB_RECORD_PRIVATE_KEY, "CSSM_DL_DB_RECORD_PRIVATE_KEY" }, - { CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "CSSM_DL_DB_RECORD_SYMMETRIC_KEY" }, - { ~0UL, NULL } -}; - -// -// Make and break the plugin object -// -AppleFileDL::AppleFileDL() - : mDatabaseManager(kTableNames) -{ -} - -AppleFileDL::~AppleFileDL() -{ -} - - -// -// Create a new plugin session, our way -// -PluginSession *AppleFileDL::makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) -{ - switch (subserviceType) { - case CSSM_SERVICE_DL: - return new DLPluginSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls, - mDatabaseManager); - default: - CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo - } -} diff --git a/AppleDL/AppleFileDL.h b/AppleDL/AppleFileDL.h deleted file mode 100644 index 498ae8b2..00000000 --- a/AppleDL/AppleFileDL.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleFileDL.h - File Based DL plug-in module. -// -#ifndef _H_APPLEFILEDL -#define _H_APPLEFILEDL - -#include -#include - -class AppleFileDL : public CssmPlugin -{ - NOCOPY(AppleFileDL) -public: - AppleFileDL(); - ~AppleFileDL(); - - PluginSession *makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); -private: - AppleDatabaseManager mDatabaseManager; -}; - - -#endif //_H_APPLEFILEDL diff --git a/AppleDL/CVSVersionInfo.txt b/AppleDL/CVSVersionInfo.txt deleted file mode 100644 index 60b80956..00000000 --- a/AppleDL/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: $ -ProjectName: AppleDL -ProjectVersion: 13 diff --git a/AppleDL/FORMAT b/AppleDL/FORMAT deleted file mode 100644 index bae9292f..00000000 --- a/AppleDL/FORMAT +++ /dev/null @@ -1,153 +0,0 @@ -Some notes of the format of DL files: - - - -DL file format: - -All offsets are relative to the start of the section they are in. -All fileds are uint32 (4 bytes) unless otherwise specified. All other fields are aligned on 4 bytes boundries. - -Header Section - Magic - File Format Version Number - Auth Section Offset - Schema Section Offset - -Auth Section - Auth Info Size - Auth Info Data - -Schema Section # This section is always read entirely into memory - Schema Section Size (uint32) - Tables - Table Count (uint32) - Table Offset 0 # Relative to start of Schema Section - Table Offset 1 - ... - Table Offset N - -# Information about parsing modules is read directly from the meta tables -Table Section - Table Section Size - Table ID (uint32) - Records Count # Number of Records in record section. - Record 0 Offset # Relative to start of Table Section. - Index SubSection Offset # Relative to start of Table Section - Head of Free List # Table Section relative first free - # recordNumber slot (with bit 0 set) - # Or 0 if there are no free records - Record Number Count # Start of range of unused record numbers - Record 0 offset # Relative to start of Table Section. - Record 1 offset - Record 2 freelist # If Bit zero is set this is Table Section - # relative offset to next free recordNumber - # 0 indicates the last free record slot. - ... - Record n offset - Record - Record Size # Rounded up to nearest mulitple of 4 - Record Number - Creation File Version - Record Version - Data Size - SemanticInformation - Attribute 0 Offset - Attribute 1 Offset - Attribute 2 Offset - ... - Attribute m Offset - Data - Data - Attribute 0 - Size - Data - Attribute 1 - Value - ... - Attribute m - Value Count - Value 0 - Value 1 - ... - Value p - Record - ... - Record - Index SubSection - Index SubSection Size - Index TOC # This is part of the Schema - Record Type - Attribute Type - Index Offset - Index 1 - Index Size - Index Offsets - Index Offset Count - Index Data 1 Offset - Index Data 2 Offset - ... - Index Data m OFFSET - Index Data - Index Data 1 - Record Offset - Attribute Size - Attribute Data - Index Data 2 - ... - Index Data N - Index 2 - ... - Index n - -Version Section # Maintained by AtomicFile code - 4 byte version number - -old Schema Section # This section is always read entirely into memory - Schema Section Size (uint32) - Releations - Relation Count (uint32) - Relation - Relation ID (uint32) - Record Section Offset - Relation Name Size - Relation Name Data - Attributes - Attribute Count (uint32) - Attribute - Releation ID (uint32) - Attribute ID (uint32) - Attribute Format (uint32) - Attribute Name Format (uint32) - Attribute Name Size - Attribute Name Data - Attribute Name ID Size - Attribute Name ID Data - ParsingModule - Parsion Module Present (bool) - Module ID (GUID) - SSID (uint32) - SubService Type (uint32) - Addin Version Major (uint32) - Addin Version Minor (uint32) - Attribute - ... - Attribute - Indexes - Index Count (uint32) - Index - Relation ID (uint32) - Index ID (uint32) - Index Type (uint32) - Indexed Data Location (uint32) - Index Attribute Count (uint32) - Attribute ID (uint32) - Attribute ID (uint32) - ... - Attribute ID (uint32) - Index - ... - Index - Relation - ... - Relation - diff --git a/AppleDL/ISSUES b/AppleDL/ISSUES deleted file mode 100644 index 4dd01a31..00000000 --- a/AppleDL/ISSUES +++ /dev/null @@ -1,61 +0,0 @@ -ISSUES with cdsa verson 2 Datastore Library - -DL_DataGetFromUniqueRecordId - -* Which value of CSSM_QUERYFLAGS should this call assume? In other words if fetching the Data of a Key item should this call return a reference key or a raw key. - -* What if the record has been modified by another caller since it was last retrieved. This call should be able to update the CSSM_UNIQUE_RECORD_PTR passed in. Or otherwise indicate that the record that a particular attribute is being requested for has changed. - -DL_DbCreate v/s DL_CreateRelation - -* Why not change CSSM_DBINFO to use the same data structures as DL_CreateRelation does. Currently CSSM_DBINFO uses CSSM_DB_RECORD_ATTRIBUTE_INFO, CSSM_DB_RECORD_INDEX_INFO and CSSM_DB_PARSING_MODULE_INFO the first 2 contains less information than the CSSM_DB_SCHEMA_ATTRIBUTE_INFO and CSSM_DB_SCHEMA_INDEX_INFO fields used by DL_CreateRelation. There is no equivalent for the information provided at Database creation time containd in the CSSM_DB_PARSING_MODULE_INFO inside the CSSM_DBINFO. - -I purpose we change everything to using the same data structures (CSSM_DB_SCHEMA_ATTRIBUTE_INFO and CSSM_DB_SCHEMA_INDEX_INFO since they are richer). This would make the CSSM_DB_RECORD_ATTRIBUTE_INFO structure obsolete. - -Also note that CSSM_DB_SCHEMA_ATTRIBUTE_INFO does not contain an CSSM_DB_ATTRIBUTE_NAME_FORMAT field and neither should the CSSM_DB_SCHEMA_ATTRIBUTE_INFO relation since each attribute will have the 3 types of names given at creation time. The CSSM_DB_ATTRIBUTE_NAME_FORMAT need only be used to retrieve an attribute using a particular name format. - -DL_DataGetFirst - -* CSSM_SELECTION_PREDICATE (which is part of CSSM_QUERY) contains a CSSM_DB_ATTRIBUTE_DATA. What are the intended semantics for a CSSM_SELECTION_PREDICATE containing a CSSM_DB_ATTRIBUTE_DATA with NumberOfValues not equal to 1? - -DL_DataGetFirst, DL_DataGetNext and DL_DataGetFromUniqueRecordId - -* The AttributeFormat specified when retrieving an attribute must match that in the schema. - -or- -* When retrieving an attribute the AttributeFormat for that attribute is returned. - -From the description of these calls it is not clear which of the two options above is the intended one. I vote for the second option. - -DL_DataInsert and DL_DataModify - -* The AttributeFormat specified when specifying an attribute must match that in the schema otherwise CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT is returned. - -This should be a added to the description of these calls. - -DL_DataDelete - -* From the description of this function it would seem that is does an implicit CSSM_DL_FreeUniqueRecord(). Is this correct? - - -General - -* What is the difference between a single valued and multi-valued attribute? How do you indicate that an attribute is to be multi-valued? - -These terms are used in the description of DL_DataModify and in other places. However there is nothing in the schema to indicate whether an attribute is single valued or multi valued. If an attribute has one value and DL_DataModify is called with the CSSM_DB_MODIFY_ATTRIBUTE_ADD ModifyMode it is unclear whether the current value should be replaced with a new one or the passed in value should be added to the values of the attribute (bring the NumberOfValues for that attribute up to 2). - -How is this supposed to (or intended to) work? - -Error codes - -* When for example passing a value for a CSSM_DB_ATTRIBUTE_FORMAT or CSSM_DB_ATTRIBUTE_FORMAT_UINT32 with a length other than 1 2 or 4 we need an error code to indicate this. I suggest something like: - - #define CSSMERR_DL_INVALID_VALUE (CSSM_DL_BASE_DL_ERROR + 47) - - A value specified for an attribute was not of the correct form. - - -New Issues: - -Page 471: -CSSM_DB_CONJUNCTIVE -What is the intented semantic of CSSM_DB_NONE? It only makes sense when a single SelectionPredicate is specified in which case using either CSSM_DB_AND or CSSM_DB_OR would do just fine instead. diff --git a/AppleDL/TODO b/AppleDL/TODO deleted file mode 100644 index cdbf0a15..00000000 --- a/AppleDL/TODO +++ /dev/null @@ -1,49 +0,0 @@ -* Make the pAttributeInfo and pIndexInfo arguments to CSSM_DL_CreateRelation optional. - -* Enhance POD wrappers and use them everywhere (DONE for insert still needs work for get). - -* Implement Indexes - -* Implement unique index checks for dataInsert and dataModify - -* Add unique index info to UNIQUE_RECORD structures. - -* Implement KEY items (AppleCSPDL). - -* Clean up usage of ReadSection::at(uint32) vs. ReadSection::operator[](uint32) - -* Fix AtomicFile for NFS and ASIP (Use alternative locking mechanism). - -* Implement ACL evaluation for Db access. - -* Implement ACL APIs. - -* Make DbModifier thread safe again. - -* Cleanup Query objects when DbContext is destroyed (register them with the context). - -* What if we open a DB that is being created? Currently we get back DL_DATABASE_CORRUPT - should this become DL_DATABASE_DOES_NOT_EXIST? - -* When using CssmOid attribute names make sure to deep copy the CssmOids data (DONE). - -* Implement SelectionPredicates completely - To make DataGetFirst and DataGetNext actually work (DONE). - -* Implement CreateRelation (DONE) - -* Implement DataModify (DONE, now with correct semantics -- CB) - -* In DataModify, check that RecordType matches that in the UniqueRecordId. - -* Store index data when creating tables and databases. - -* Add write buffering in AtomicFile to increase performance; flush buffer before seek. - -* Make sure that automatically-assigned attribute ids don't shadow ones passed in explicitly. - -* Performance: Avoid reconstructing DbVersion after a write (w/o a schema change) when we - could derive it from the DbModifier. Only if version is as expected (i.e. no other writes - in the meantime) - -* Add fsync() to make sure AtomicFile is written before rename. diff --git a/AppleDL/cssmplugin.exp b/AppleDL/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/AppleDL/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/AppleDL/dl_common.mdsinfo b/AppleDL/dl_common.mdsinfo deleted file mode 100644 index 8e5c7bdd..00000000 --- a/AppleDL/dl_common.mdsinfo +++ /dev/null @@ -1,28 +0,0 @@ - - - - - BuiltIn - - CDSAVersion - 2.0 - Desc - Apple built-in DL - DynamicFlag - - MdsFileDescription - Built-in DL Common info - MdsFileType - PluginCommon - ModuleID - {87191ca1-0fc9-11d4-849a000502b52122} - ModuleName - AppleDL - MultiThreadFlag - - ProductVersion - 1.0 - ServiceMask - CSSM_SERVICE_DL - - diff --git a/AppleDL/dl_primary.mdsinfo b/AppleDL/dl_primary.mdsinfo deleted file mode 100644 index 8af187b4..00000000 --- a/AppleDL/dl_primary.mdsinfo +++ /dev/null @@ -1,48 +0,0 @@ - - - - - AclSubjectTypes - - AuthTags - - ConjunctiveOps - - CSSM_DB_NONE - CSSM_DB_AND - CSSM_DB_OR - - DLType - CSSM_DL_FFS - MdsFileDescription - Built-in DL Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_DL_PRIMARY_RECORDTYPE - ModuleID - {87191ca1-0fc9-11d4-849a000502b52122} - ModuleName - AppleDL - ProductVersion - 1.0 - QueryLimitsFlag - 0 - RelationalOps - - CSSM_DB_EQUAL - CSSM_DB_LESS_THAN - CSSM_DB_GREATER_THAN - CSSM_DB_NOT_EQUAL - CSSM_DB_CONTAINS - CSSM_DB_CONTAINS_INITIAL_SUBSTRING - CSSM_DB_CONTAINS_FINAL_SUBSTRING - - SSID - 0 - SampleTypes - - Vendor - Apple Computer, Inc. - - diff --git a/AppleX509CL/AppleX509CL.cpp b/AppleX509CL/AppleX509CL.cpp deleted file mode 100644 index 15a693b9..00000000 --- a/AppleX509CL/AppleX509CL.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleX509CL.cpp - File Based X.509 Certificate Library plug-in module. -// -#include "AppleX509CL.h" - -#include "AppleX509CLSession.h" - - -// -// Make and break the plugin object -// -AppleX509CL::AppleX509CL() -{ -} - -AppleX509CL::~AppleX509CL() -{ -} - - -// -// Create a new plugin session, our way -// -PluginSession *AppleX509CL::makeSession( - CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) -{ - switch (subserviceType) { - case CSSM_SERVICE_CL: - return new AppleX509CLSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls); - default: - CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo - } -} diff --git a/AppleX509CL/AppleX509CL.h b/AppleX509CL/AppleX509CL.h deleted file mode 100644 index 09ed0ae5..00000000 --- a/AppleX509CL/AppleX509CL.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleX509CL.h - File Based CSP/DL plug-in module. -// -#ifndef _H_APPLEX509CL -#define _H_APPLEX509CL - -#include -#include - -class AppleX509CL : public CssmPlugin -{ -public: - AppleX509CL(); - ~AppleX509CL(); - - PluginSession *makeSession( - CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); -private: - // Don't copy AppleX509CL - AppleX509CL(const AppleX509CL&); - void operator=(const AppleX509CL&); -}; - - -#endif //_H_APPLEX509CL diff --git a/AppleX509CL/AppleX509CLPlugin.cpp b/AppleX509CL/AppleX509CLPlugin.cpp deleted file mode 100644 index ad2990cc..00000000 --- a/AppleX509CL/AppleX509CLPlugin.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtai -n - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Produce the "genuine plugin version" of the Apple X509 CL -// -#include - - -// -// Create the plugin object and generate the C layer hookup -// -ModuleNexus plugin; - -#include diff --git a/AppleX509CL/AppleX509CLSession.cpp b/AppleX509CL/AppleX509CLSession.cpp deleted file mode 100644 index cd005f75..00000000 --- a/AppleX509CL/AppleX509CLSession.cpp +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AppleX509CLSession.cpp - general CL session support - */ - -#include "AppleX509CLSession.h" -#include - -AppleX509CLSession::AppleX509CLSession( - CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : CLPluginSession(theHandle, plug, version, subserviceId, - subserviceType,attachFlags, upcalls) -{ -} - -AppleX509CLSession::~AppleX509CLSession() -{ - /* free leftover contents of cache and query maps */ - CLCachedEntry *cachedCert = cacheMap.removeFirstEntry(); - while(cachedCert != NULL) { - secdebug("clDetach", "CL detach: deleting a cached Cert\n"); - delete cachedCert; - cachedCert = cacheMap.removeFirstEntry(); - } - CLQuery *query = queryMap.removeFirstEntry(); - while(query != NULL) { - secdebug("clDetach", "CL detach: deleting a cached query\n"); - delete query; - query = queryMap.removeFirstEntry(); - } -} - -CLCachedCert * -AppleX509CLSession::lookupCachedCert(CSSM_HANDLE handle) -{ - CLCachedEntry *entry = cacheMap.lookupEntry(handle); - if(entry != NULL) { - /* - * we rely on this dynamic cast to detect a bogus lookup - * of a cert via a CRL's handle - */ - return dynamic_cast(entry); - } - else { - return NULL; - } -} - -CLCachedCRL * -AppleX509CLSession::lookupCachedCRL(CSSM_HANDLE handle) -{ - CLCachedEntry *entry = cacheMap.lookupEntry(handle); - if(entry != NULL) { - /* - * we rely on this dynamic cast to detect a bogus lookup - * of a CRL via a cert's handle - */ - return dynamic_cast(entry); - } - else { - return NULL; - } -} - diff --git a/AppleX509CL/AppleX509CLSession.h b/AppleX509CL/AppleX509CLSession.h deleted file mode 100644 index d7a18949..00000000 --- a/AppleX509CL/AppleX509CLSession.h +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleX509CLSession.h - general CL session functions. -// -#ifndef _H_APPLEX509CLSESSION -#define _H_APPLEX509CLSESSION - -#include -#include "CLCachedEntry.h" -#include "DecodedCert.h" -#include "LockedMap.h" -#include -#include - -class AppleX509CLSession : public CLPluginSession { - -public: - - AppleX509CLSession( - CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); - - ~AppleX509CLSession(); - -// ==================================================================== -// Cert Interpretation -// ==================================================================== - - void CertDescribeFormat( - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList); - -// Non-cached - - void CertGetAllFields( - const CssmData &Cert, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CertFields); - - CSSM_HANDLE CertGetFirstFieldValue( - const CssmData &Cert, - const CssmData &CertField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value); - - bool CertGetNextFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value); - - -// Cached - - void CertCache( - const CssmData &Cert, - CSSM_HANDLE &CertHandle); - - CSSM_HANDLE CertGetFirstCachedFieldValue( - CSSM_HANDLE CertHandle, - const CssmData &CertField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value); - - bool CertGetNextCachedFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value); - - void CertAbortCache( - CSSM_HANDLE CertHandle); - - void CertAbortQuery( - CSSM_HANDLE ResultsHandle); - - - -// Templates - - void CertCreateTemplate( - uint32 NumberOfFields, - const CSSM_FIELD CertFields[], - CssmData &CertTemplate); - - void CertGetAllTemplateFields( - const CssmData &CertTemplate, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CertFields); - - -// Memory - - void FreeFields( - uint32 NumberOfFields, - CSSM_FIELD_PTR &FieldArray); - void FreeFieldValue( - const CssmData &CertOrCrlOid, - CssmData &Value); - -// Key - - void CertGetKeyInfo( - const CssmData &Cert, - CSSM_KEY_PTR &Key); - -// ==================================================================== -// CRL Interpretation -// ==================================================================== - -// Non-cached - - void CrlDescribeFormat( - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList); - - void CrlGetAllFields( - const CssmData &Crl, - uint32 &NumberOfCrlFields, - CSSM_FIELD_PTR &CrlFields); - - CSSM_HANDLE CrlGetFirstFieldValue( - const CssmData &Crl, - const CssmData &CrlField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value); - - bool CrlGetNextFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value); - - void IsCertInCrl( - const CssmData &Cert, - const CssmData &Crl, - CSSM_BOOL &CertFound); - - -// Cached - - void CrlCache( - const CssmData &Crl, - CSSM_HANDLE &CrlHandle); - - void CrlGetAllCachedRecordFields(CSSM_HANDLE CrlHandle, - const CssmData &CrlRecordIndex, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CrlFields); - - CSSM_HANDLE CrlGetFirstCachedFieldValue( - CSSM_HANDLE CrlHandle, - const CssmData *CrlRecordIndex, - const CssmData &CrlField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value); - - bool CrlGetNextCachedFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value); - - void IsCertInCachedCrl( - const CssmData &Cert, - CSSM_HANDLE CrlHandle, - CSSM_BOOL &CertFound, - CssmData &CrlRecordIndex); - - void CrlAbortCache( - CSSM_HANDLE CrlHandle); - - void CrlAbortQuery( - CSSM_HANDLE ResultsHandle); - - -// Template - - void CrlCreateTemplate( - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - CssmData &NewCrl); - - void CrlSetFields( - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - const CssmData &OldCrl, - CssmData &ModifiedCrl); - - void CrlAddCert( - CSSM_CC_HANDLE CCHandle, - const CssmData &Cert, - uint32 NumberOfFields, - const CSSM_FIELD CrlEntryFields[], - const CssmData &OldCrl, - CssmData &NewCrl); - - void CrlRemoveCert( - const CssmData &Cert, - const CssmData &OldCrl, - CssmData &NewCrl); - -// ==================================================================== -// Verify/Sign -// ==================================================================== - -// Certs - - void CertVerifyWithKey( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertToBeVerified); - - void CertVerify( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertToBeVerified, - const CssmData *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - - void CertSign( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertTemplate, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CssmData &SignedCert); - -// Cert Groups - - void CertGroupFromVerifiedBundle( - CSSM_CC_HANDLE CCHandle, - const CSSM_CERT_BUNDLE &CertBundle, - const CssmData *SignerCert, - CSSM_CERTGROUP_PTR &CertGroup); - - void CertGroupToSignedBundle( - CSSM_CC_HANDLE CCHandle, - const CSSM_CERTGROUP &CertGroupToBundle, - const CSSM_CERT_BUNDLE_HEADER *BundleInfo, - CssmData &SignedBundle); - -// CRLs - - void CrlVerifyWithKey( - CSSM_CC_HANDLE CCHandle, - const CssmData &CrlToBeVerified); - - void CrlVerify( - CSSM_CC_HANDLE CCHandle, - const CssmData &CrlToBeVerified, - const CssmData *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - - void CrlSign( - CSSM_CC_HANDLE CCHandle, - const CssmData &UnsignedCrl, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CssmData &SignedCrl); - -// ==================================================================== -// Module Specific Pass-Through -// ==================================================================== - - void PassThrough( - CSSM_CC_HANDLE CCHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - -private: - /* routines in Session_Cert.cpp */ - void getAllParsedCertFields( - const DecodedCert &cert, - uint32 &NumberOfFields, // RETURNED - CSSM_FIELD_PTR &CertFields); // RETURNED - - /* routines in Session_Crypto.cpp */ - void signData( - CSSM_CC_HANDLE ccHand, - const CssmData &tbs, - CssmOwnedData &sig); // mallocd and returned - void verifyData( - CSSM_CC_HANDLE ccHand, - const CssmData &tbs, - const CssmData &sig); - - /* routines in Session_CSR.cpp */ - void generateCsr( - CSSM_CC_HANDLE CCHandle, - const CSSM_APPLE_CL_CSR_REQUEST *csrReq, - CSSM_DATA_PTR &csrPtr); - void verifyCsr( - const CSSM_DATA *csrPtr); - - /* - * Maps of cached certs, CRLs, and active queries - * This one holds cached certs and CRLs. - */ - LockedMap cacheMap; - LockedMap queryMap; - - CLCachedCert *lookupCachedCert(CSSM_HANDLE handle); - CLCachedCRL *lookupCachedCRL(CSSM_HANDLE handle); -}; - -#endif //_H_APPLEX509CLSESSION diff --git a/AppleX509CL/CLCachedEntry.cpp b/AppleX509CL/CLCachedEntry.cpp deleted file mode 100644 index d06b8bd1..00000000 --- a/AppleX509CL/CLCachedEntry.cpp +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCachedEntry.cpp - classes representing cached certs and CRLs. - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#include "CLCachedEntry.h" - -/* - * CLCachedEntry base class constructor. Only job here is to cook up - * a handle. - */ -CLCachedEntry::CLCachedEntry() -{ - mHandle = reinterpret_cast(this); -} - -CLCachedCert::~CLCachedCert() -{ - delete &mCert; -} - -CLCachedCRL::~CLCachedCRL() -{ - delete &mCrl; -} - -CLQuery::CLQuery( - CLQueryType type, - const CssmOid &oid, - unsigned numFields, - bool isFromCache, - CSSM_HANDLE cachedObj) : - mQueryType(type), - mFieldId(CssmAllocator::standard()), - mNextIndex(1), - mNumFields(numFields), - mFromCache(isFromCache), - mCachedObject(cachedObj) -{ - mFieldId.copy(oid); - mHandle = reinterpret_cast(this); -} - -CLQuery::~CLQuery() -{ - /* mFieldId auto frees */ -} diff --git a/AppleX509CL/CLCachedEntry.h b/AppleX509CL/CLCachedEntry.h deleted file mode 100644 index c93f85db..00000000 --- a/AppleX509CL/CLCachedEntry.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCachedEntry.h - classes representing cached certs and CRLs. - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#ifndef _APPLE_X509_CL_CACHED_ENTRY_H_ -#define _APPLE_X509_CL_CACHED_ENTRY_H_ - -#include -#include -#include -#include "DecodedCert.h" -#include "DecodedCrl.h" - -/* - * There is one of these per active cached object (cert or CRL). - * AppleX509CLSession keeps a map of these in cacheMap. - */ -class CLCachedEntry -{ -public: - CLCachedEntry(); - virtual ~CLCachedEntry() { } - CSSM_HANDLE handle() { return mHandle; } -private: - CSSM_HANDLE mHandle; -}; - -class CLCachedCert : public CLCachedEntry -{ -public: - CLCachedCert( - DecodedCert &c) : mCert(c) { } - ~CLCachedCert(); - DecodedCert &cert() { return mCert; } -private: - /* decoded NSS format */ - DecodedCert &mCert; -}; - -class CLCachedCRL : public CLCachedEntry -{ -public: - CLCachedCRL( - DecodedCrl &c) : mCrl(c) { } - ~CLCachedCRL(); - DecodedCrl &crl() { return mCrl; } -private: - /* decoded NSS format */ - DecodedCrl &mCrl; -}; - -/* - * An active query, always associated with a CLCachedEntry. - * AppleX509CLSession keeps a map of these in queryMap. - * - * In the case of a CLCachedEntry created by an explicit {Cert,CRL}Cache op, - * there can be multiple queries active for a given cached cert. In - * the *GetFirst*FieldValue case, there is a one-to-one relationship between - * the CLQUery and its associated cached object. - * - * Out of paranoia in the {Cert,CRL}Cache case, we store the handle of - * the associated cached object, not a ref to the object, in case the - * cached object has been deleted via *AbortCache. We could ref count, - * but that would require a lock in CLCachedEntry...looking up an object - * in the session's cache map should not be too expensive. - */ - -typedef enum { - CLQ_Cert = 1, - CLQ_CRL -} CLQueryType; - -class CLQuery -{ -public: - CLQuery( - CLQueryType type, - const CssmOid &oid, - unsigned numFields, - bool isFromCache, - CSSM_HANDLE cachedObj); - - ~CLQuery(); - - /* - * Accessors - all member variables are invariant after creation, except - * for nextIndex which can only increment - */ - CLQueryType queryType() { return mQueryType; } - const CssmOid &fieldId() { return mFieldId; } - unsigned nextIndex() { return mNextIndex; } - void incrementIndex(){ mNextIndex++; } - unsigned numFields() { return mNumFields; } - bool fromCache() { return mFromCache; } - CSSM_HANDLE cachedObject() { return mCachedObject; } - CSSM_HANDLE handle() { return mHandle;} - -private: - CLQueryType mQueryType; - CssmAutoData mFieldId; // thing we're searching for - may be empty - unsigned mNextIndex; // index of next find op - unsigned mNumFields; // total available - bool mFromCache; // true : via CertGetFirstCachedFieldValue - // false : via CertGetFirstFieldValue - CSSM_HANDLE mCachedObject; // of our associated cached cert/CRL - CSSM_HANDLE mHandle; // ours -}; - -#endif /* _APPLE_X509_CL_CACHED_ENTRY_H_ */ diff --git a/AppleX509CL/CLCertExtensions.cpp b/AppleX509CL/CLCertExtensions.cpp deleted file mode 100644 index 7cc7d90a..00000000 --- a/AppleX509CL/CLCertExtensions.cpp +++ /dev/null @@ -1,853 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCertExtensions.cpp - extensions support. A major component of DecodedCert. - * - * Created 9/8/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - * - */ - -#include "DecodedCert.h" -#include "cldebugging.h" -#include "CLCertExtensions.h" -#include "CLFieldsCommon.h" -#include "clNssUtils.h" -#include "clNameUtils.h" -#include -#include -#include -#include -#include -#include -#include -#include - - -/*** - *** get/set/free functions called out from CertFields.cpp - ***/ - -/*** - *** KeyUsage - *** CDSA format CE_KeyUsage - *** NSS format CSSM_DATA, length 2 - *** OID CSSMOID_KeyUsage - ***/ - -void setFieldKeyUsage( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_KeyUsage *cdsaObj = (CE_KeyUsage *)cssmExt->value.parsedValue; - - /* Alloc an NSS-style key usage in cert.coder's memory */ - SecNssCoder &coder = cert.coder(); - CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - coder.allocItem(*nssObj, 2); - - /* cdsaObj --> nssObj */ - nssObj->Data[0] = (*cdsaObj) >> 8; - nssObj->Data[1] = *cdsaObj; - - /* Adjust length for BIT STRING encoding */ - clCssmBitStringToNss(*nssObj); - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_KeyUsageTemplate); -} - - -bool getFieldKeyUsage( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - CSSM_DATA *nssObj; - CE_KeyUsage *cdsaObj; - bool brtn; - - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_KeyUsage, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - - /* make a copy - can't modify length in place */ - CSSM_DATA bitString = *nssObj; - clNssBitStringToCssm(bitString); - unsigned toCopy = bitString.Length; - if(toCopy > 2) { - /* I hope I never see this... */ - clErrorLog("getFieldKeyUsage: KeyUsage larger than 2 bytes!"); - toCopy = 2; - } - unsigned char bits[2] = {0, 0}; - memmove(bits, bitString.Data, toCopy); - *cdsaObj = (((unsigned)bits[0]) << 8) | bits[1]; - - /* pass back to caller */ - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -/*** - *** Basic Constraints - *** CDSA format: CE_BasicConstraints - *** NSS format CE_BasicConstraints - *** OID CSSMOID_BasicConstraints - ***/ - -void setFieldBasicConstraints( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = - verifySetFreeExtension(fieldValue, false); - CE_BasicConstraints *cdsaObj = - (CE_BasicConstraints *)cssmExt->value.parsedValue; - - /* Alloc an NSS-style BasicConstraints in cert.coder's memory */ - SecNssCoder &coder = cert.coder(); - NSS_BasicConstraints *nssObj = - (NSS_BasicConstraints *)coder.malloc(sizeof(NSS_BasicConstraints)); - memset(nssObj, 0, sizeof(*nssObj)); - - /* cdsaObj --> nssObj */ - ArenaAllocator arenaAlloc(coder); - clCssmBoolToNss(cdsaObj->cA, nssObj->cA, arenaAlloc); - if(cdsaObj->pathLenConstraintPresent) { - clIntToData(cdsaObj->pathLenConstraint, - nssObj->pathLenConstraint, arenaAlloc); - } - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_BasicConstraintsTemplate); -} - - -bool getFieldBasicConstraints( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_BasicConstraints *nssObj; - CE_BasicConstraints *cdsaObj; - bool brtn; - - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_BasicConstraints, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - - if(nssObj->cA.Data == NULL) { - /* default */ - cdsaObj->cA = CSSM_FALSE; - } - else { - cdsaObj->cA = clNssBoolToCssm(nssObj->cA); - } - if(nssObj->pathLenConstraint.Data == NULL) { - /* optional */ - cdsaObj->pathLenConstraintPresent = CSSM_FALSE; - cdsaObj->pathLenConstraint = 0; - } - else { - cdsaObj->pathLenConstraintPresent = CSSM_TRUE; - cdsaObj->pathLenConstraint = clDataToInt(nssObj->pathLenConstraint); - } - - /* pass back to caller */ - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -/*** - *** Extended Key Usage - *** CDSA format: CE_ExtendedKeyUsage - *** NSS format: NSS_ExtKeyUsage - *** OID CSSMOID_ExtendedKeyUsage - ***/ -void setFieldExtKeyUsage( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_ExtendedKeyUsage *cdsaObj = - (CE_ExtendedKeyUsage *)cssmExt->value.parsedValue; - - SecNssCoder &coder = cert.coder(); - NSS_ExtKeyUsage *nssObj = - (NSS_ExtKeyUsage *)coder.malloc(sizeof(NSS_ExtKeyUsage)); - memset(nssObj, 0, sizeof(*nssObj)); - if(cdsaObj->numPurposes != 0) { - nssObj->purposes = - (CSSM_OID **)clNssNullArray(cdsaObj->numPurposes, coder); - } - - /* cdsaObj --> nssObj, one 'purpose' (OID) at a time */ - for(unsigned dex=0; dexnumPurposes; dex++) { - nssObj->purposes[dex] = (CSSM_OID *)coder.malloc(sizeof(CSSM_OID)); - coder.allocCopyItem(cdsaObj->purposes[dex], - *nssObj->purposes[dex]); - } - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_ExtKeyUsageTemplate); -} - -bool getFieldExtKeyUsage( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_ExtKeyUsage *nssObj; - CE_ExtendedKeyUsage *cdsaObj; - bool brtn; - CssmAllocator &alloc = fieldValue.allocator; - - brtn = cert.GetExtenTop( - index, - numFields, - alloc, - CSSMOID_ExtendedKeyUsage, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - - /* nssObj --> cdsaObj, one purpose at a time */ - unsigned numPurposes = clNssArraySize((const void **)nssObj->purposes); - cdsaObj->numPurposes = numPurposes; - if(numPurposes) { - unsigned len = numPurposes * sizeof(CSSM_OID); - cdsaObj->purposes = (CSSM_OID_PTR)alloc.malloc(len); - memset(cdsaObj->purposes, 0, len); - } - for(unsigned dex=0; dexpurposes[dex], cdsaObj->purposes[dex]); - } - - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldExtKeyUsage( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_ExtendedKeyUsage *cdsaObj = - (CE_ExtendedKeyUsage *)cssmExt->value.parsedValue; - unsigned oidDex; - for(oidDex=0; oidDexnumPurposes; oidDex++) { - alloc.free(cdsaObj->purposes[oidDex].Data); - } - alloc.free(cdsaObj->purposes); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/*** - *** Subject Key Identifier - *** CDSA format: CE_SubjectKeyID, which is just a CSSM_DATA - *** OID CSSMOID_SubjectKeyIdentifier - ***/ - -void setFieldSubjectKeyId( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_SubjectKeyID *cdsaObj = (CE_SubjectKeyID *)cssmExt->value.parsedValue; - SecNssCoder &coder = cert.coder(); - CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - coder.allocCopyItem(*cdsaObj, *nssObj); - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_SubjectKeyIdTemplate); -} - -bool getFieldSubjectKeyId( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - CSSM_DATA *nssObj; - CE_SubjectKeyID *cdsaObj; - bool brtn; - CssmAllocator &alloc = fieldValue.allocator; - - brtn = cert.GetExtenTop( - index, - numFields, - alloc, - CSSMOID_SubjectKeyIdentifier, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - - /* if this fails, we're out of sync with nssExtenInfo[] in - * CLFieldsCommon.cpp */ - assert(nssObj != NULL); - clAllocCopyData(alloc, *nssObj, *cdsaObj); - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldSubjectKeyId ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_SubjectKeyID *cdsaObj = (CE_SubjectKeyID *)cssmExt->value.parsedValue; - alloc.free(cdsaObj->Data); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/*** - *** Authority Key Identifier - *** CDSA format: CE_AuthorityKeyID - *** NSS format: NSS_AuthorityKeyId - *** OID CSSMOID_AuthorityKeyIdentifier - ***/ - -void setFieldAuthorityKeyId( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_AuthorityKeyID *cdsaObj = - (CE_AuthorityKeyID *)cssmExt->value.parsedValue; - - /* Alloc an NSS-style AuthorityKeyId in cert.coder's memory */ - SecNssCoder &coder = cert.coder(); - NSS_AuthorityKeyId *nssObj = - (NSS_AuthorityKeyId *)coder.malloc(sizeof(NSS_AuthorityKeyId)); - memset(nssObj, 0, sizeof(*nssObj)); - - /* convert caller's CDSA-style CE_AuthorityKeyID to NSS */ - CL_cssmAuthorityKeyIdToNss(*cdsaObj, *nssObj, coder); - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_AuthorityKeyIdTemplate); -} - -bool getFieldAuthorityKeyId( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_AuthorityKeyId *nssObj; - CE_AuthorityKeyID *cdsaObj; - bool brtn; - CssmAllocator &alloc = fieldValue.allocator; - - brtn = cert.GetExtenTop( - index, - numFields, - alloc, - CSSMOID_AuthorityKeyIdentifier, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - assert(nssObj != NULL); - - /* nssObj --> cdsaObj */ - CL_nssAuthorityKeyIdToCssm(*nssObj, *cdsaObj, cert.coder(), alloc); - - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldAuthorityKeyId ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_AuthorityKeyID *cdsaObj = (CE_AuthorityKeyID *)cssmExt->value.parsedValue; - CL_freeAuthorityKeyId(*cdsaObj, alloc); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/*** - *** Subject/Issuer alternate name - *** CDSA Format: CE_GeneralNames - *** NSS format: NSS_GeneralNames - *** OID: CSSMOID_SubjectAltName, CSSMOID_IssuerAltName - ***/ -void setFieldSubjIssuerAltName( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = - verifySetFreeExtension(fieldValue, false); - CE_GeneralNames *cdsaObj = (CE_GeneralNames *)cssmExt->value.parsedValue; - - /* Alloc an NSS-style GeneralNames in cert.coder's memory */ - SecNssCoder &coder = cert.coder(); - NSS_GeneralNames *nssObj = - (NSS_GeneralNames *)coder.malloc(sizeof(NSS_GeneralNames)); - memset(nssObj, 0, sizeof(*nssObj)); - - /* cdsaObj --> nssObj */ - CL_cssmGeneralNamesToNss(*cdsaObj, *nssObj, coder); - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_GeneralNamesTemplate); -} - -bool getFieldSubjAltName( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_GeneralNames *nssObj; - CE_GeneralNames *cdsaObj; - bool brtn; - - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_SubjectAltName, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - CL_nssGeneralNamesToCssm(*nssObj, *cdsaObj, - cert.coder(), fieldValue.allocator); - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -bool getFieldIssuerAltName( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_GeneralNames *nssObj; - CE_GeneralNames *cdsaObj; - bool brtn; - - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_IssuerAltName, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - CL_nssGeneralNamesToCssm(*nssObj, *cdsaObj, - cert.coder(), fieldValue.allocator); - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldSubjIssuerAltName ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_GeneralNames *cdsaObj = (CE_GeneralNames *)cssmExt->value.parsedValue; - CL_freeCssmGeneralNames(cdsaObj, alloc); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/*** - *** Certificate Policies - *** CDSA Format: CE_CertPolicies - *** NSS format : NSS_CertPolicies - *** OID: CSSMOID_CertificatePolicies - ***/ - -#define MAX_IA5_NAME_SIZE 1024 - -void setFieldCertPolicies( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = - verifySetFreeExtension(fieldValue, false); - SecNssCoder &coder = cert.coder(); - NSS_CertPolicies *nssObj = - (NSS_CertPolicies *)coder.malloc(sizeof(NSS_CertPolicies)); - memset(nssObj, 0, sizeof(NSS_CertPolicies)); - CE_CertPolicies *cdsaObj = - (CE_CertPolicies *)cssmExt->value.parsedValue; - - if(cdsaObj->numPolicies) { - nssObj->policies = - (NSS_PolicyInformation **)clNssNullArray( - cdsaObj->numPolicies, coder); - } - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex]; - NSS_PolicyInformation *nPolInfo = (NSS_PolicyInformation *) - coder.malloc(sizeof(NSS_PolicyInformation)); - memset(nPolInfo, 0, sizeof(*nPolInfo)); - nssObj->policies[polDex] = nPolInfo; - - coder.allocCopyItem(cPolInfo->certPolicyId, nPolInfo->certPolicyId); - - unsigned numQual = cPolInfo->numPolicyQualifiers; - if(numQual != 0) { - nPolInfo->policyQualifiers = - (NSS_PolicyQualifierInfo **)clNssNullArray(numQual, - coder); - } - for(unsigned qualDex=0; qualDexpolicyQualifiers[qualDex]; - NSS_PolicyQualifierInfo *nQualInfo = - (NSS_PolicyQualifierInfo *)coder.malloc( - sizeof(NSS_PolicyQualifierInfo)); - memset(nQualInfo, 0, sizeof(NSS_PolicyQualifierInfo)); - nPolInfo->policyQualifiers[qualDex] = nQualInfo; - - /* - * OK we're at the lowest level. - * policyQualifierId == id_qt_cps: qualifier is - * an IA5 string, incoming data is its contents. - * Else incoming data is an encoded blob we pass on directly. - */ - coder.allocCopyItem(cQualInfo->policyQualifierId, - nQualInfo->policyQualifierId); - - if(clCompareCssmData(&cQualInfo->policyQualifierId, - &CSSMOID_QT_CPS)) { - if(coder.encodeItem(&cQualInfo->qualifier, - SEC_IA5StringTemplate, - nQualInfo->qualifier)) { - clErrorLog("setFieldCertPOlicies: IA5 encode error\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - } - else { - /* uninterpreted, copy over directly */ - coder.allocCopyItem(cQualInfo->qualifier, - nQualInfo->qualifier); - } - } /* for each qualifier */ - } /* for each policy */ - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_CertPoliciesTemplate); -} - -bool getFieldCertPolicies( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_CertPolicies *nssObj; - CE_CertPolicies *cdsaObj; - bool brtn; - CssmAllocator &alloc = fieldValue.allocator; - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_CertificatePolicies, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - assert(nssObj != NULL); - - memset(cdsaObj, 0, sizeof(*cdsaObj)); - cdsaObj->numPolicies = - clNssArraySize((const void **)nssObj->policies); - unsigned sz = cdsaObj->numPolicies * sizeof(CE_PolicyInformation); - if(sz) { - cdsaObj->policies = (CE_PolicyInformation *)alloc.malloc(sz); - memset(cdsaObj->policies, 0, sz); - } - - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex]; - NSS_PolicyInformation *nPolInfo = nssObj->policies[polDex]; - clAllocCopyData(alloc, nPolInfo->certPolicyId, - cPolInfo->certPolicyId); - if(nPolInfo->policyQualifiers == NULL) { - continue; - } - - cPolInfo->numPolicyQualifiers = - clNssArraySize((const void **)nPolInfo->policyQualifiers); - sz = cPolInfo->numPolicyQualifiers * - sizeof(CE_PolicyQualifierInfo); - cPolInfo->policyQualifiers = (CE_PolicyQualifierInfo *) - alloc.malloc(sz); - memset(cPolInfo->policyQualifiers, 0, sz); - - for(unsigned qualDex=0; qualDexnumPolicyQualifiers; - qualDex++) { - NSS_PolicyQualifierInfo *nQualInfo = - nPolInfo->policyQualifiers[qualDex]; - CE_PolicyQualifierInfo *cQualInfo = - &cPolInfo->policyQualifiers[qualDex]; - - /* - * leaf. - * policyQualifierId == CSSMOID_QT_CPS : - * IA5String - decode and return contents. - * Else return whole thing. - */ - clAllocCopyData(alloc, nQualInfo->policyQualifierId, - cQualInfo->policyQualifierId); - CSSM_DATA toCopy = nQualInfo->qualifier; - if(clCompareCssmData(&nQualInfo->policyQualifierId, - &CSSMOID_QT_CPS)) { - /* decode as IA5String to temp memory */ - toCopy.Data = NULL; - toCopy.Length = 0; - if(cert.coder().decodeItem(nQualInfo->qualifier, - SEC_IA5StringTemplate, - &toCopy)) { - clErrorLog("***getCertPolicies: bad IA5String!\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - } - /* else copy out nQualInfo->qualifier */ - clAllocCopyData(alloc, toCopy, cQualInfo->qualifier); - } /* for each qualifier */ - } /* for each policy info */ - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldCertPolicies ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_CertPolicies *cdsaObj = (CE_CertPolicies *)cssmExt->value.parsedValue; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex]; - alloc.free(cPolInfo->certPolicyId.Data); - for(unsigned qualDex=0; - qualDexnumPolicyQualifiers; - qualDex++) { - CE_PolicyQualifierInfo *cQualInfo = - &cPolInfo->policyQualifiers[qualDex]; - alloc.free(cQualInfo->policyQualifierId.Data); - alloc.free(cQualInfo->qualifier.Data); - } - alloc.free(cPolInfo->policyQualifiers); - } - alloc.free(cdsaObj->policies); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, - // BERvalue -} - -/*** - *** Netscape cert type - *** CDSA Format: CE_NetscapeCertType (a uint16) - *** NSS format CSSM_DATA, length 2 - *** OID: CSSMOID_NetscapeCertType - ***/ -void setFieldNetscapeCertType( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_NetscapeCertType *cdsaObj = - (CE_NetscapeCertType *)cssmExt->value.parsedValue; - - /* Alloc an NSS-style key usage in cert.coder's memory */ - SecNssCoder &coder = cert.coder(); - CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - coder.allocItem(*nssObj, 2); - - /* cdsaObj --> nssObj */ - nssObj->Data[0] = (*cdsaObj) >> 8; - nssObj->Data[1] = *cdsaObj; - - /* Adjust length for BIT STRING encoding */ - clCssmBitStringToNss(*nssObj); - - /* add to mExtensions */ - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_NetscapeCertTypeTemplate); -} - -bool getFieldNetscapeCertType( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - CSSM_DATA *nssObj; - CE_NetscapeCertType *cdsaObj; - bool brtn; - - brtn = cert.GetExtenTop( - index, - numFields, - fieldValue.allocator, - CSSMOID_NetscapeCertType, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - - /* make a copy - can't modify length in place */ - CSSM_DATA bitString = *nssObj; - clNssBitStringToCssm(bitString); - unsigned toCopy = bitString.Length; - if(toCopy > 2) { - /* I hope I never see this... */ - clErrorLog("getFieldKeyUsage: CertType larger than 2 bytes!"); - toCopy = 2; - } - unsigned char bits[2] = {0, 0}; - memmove(bits, bitString.Data, toCopy); - *cdsaObj = (((unsigned)bits[0]) << 8) | bits[1]; - - /* pass back to caller */ - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -/*** - *** CRL Distribution points - *** CDSA Format: CE_CRLDistPointsSyntax - *** NSS format: NSS_CRLDistributionPoints - *** OID: CSSMOID_CrlDistributionPoints - ***/ -void setFieldCrlDistPoints( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = - verifySetFreeExtension(fieldValue, false); - CE_CRLDistPointsSyntax *cdsaObj = - (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue; - SecNssCoder &coder = cert.coder(); - NSS_CRLDistributionPoints *nssObj = - (NSS_CRLDistributionPoints *)coder.malloc( - sizeof(NSS_CRLDistributionPoints)); - - CL_cssmDistPointsToNss(*cdsaObj, *nssObj, coder); - cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false, - NSS_CRLDistributionPointsTemplate); -} - -bool getFieldCrlDistPoints( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - NSS_CRLDistributionPoints *nssObj; - CE_CRLDistPointsSyntax *cdsaObj; - bool brtn; - CssmAllocator &alloc = fieldValue.allocator; - - brtn = cert.GetExtenTop( - index, - numFields, - alloc, - CSSMOID_CrlDistributionPoints, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - assert(nssObj != NULL); - CL_nssDistPointsToCssm(*nssObj, *cdsaObj, cert.coder(), alloc); - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -void freeFieldCrlDistPoints ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_CRLDistPointsSyntax *cdsaObj = - (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue; - CL_freeCssmDistPoints(cdsaObj, alloc); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - - diff --git a/AppleX509CL/CLCertExtensions.h b/AppleX509CL/CLCertExtensions.h deleted file mode 100644 index 31d1b957..00000000 --- a/AppleX509CL/CLCertExtensions.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCertExtensions.h - extern declarations of get/set/free functions implemented in - * CertExtensions,cpp and used only in CertFields.cpp. - * - * Created 9/8/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#ifndef _CL_CERT_EXTENSIONS_H_ -#define _CL_CERT_EXTENSIONS_H_ - -#include "DecodedCert.h" -#include "CLFieldsCommon.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Functions to map OID --> {get,set,free}field - */ -getItemFieldFcn getFieldKeyUsage, getFieldBasicConstraints, - getFieldExtKeyUsage, - getFieldSubjectKeyId, getFieldAuthorityKeyId, getFieldSubjAltName, - getFieldIssuerAltName, - getFieldCertPolicies, getFieldNetscapeCertType, getFieldCrlDistPoints, - getFieldUnknownExt; -setItemFieldFcn setFieldKeyUsage, setFieldBasicConstraints, - setFieldExtKeyUsage, - setFieldSubjectKeyId, setFieldAuthorityKeyId, setFieldSubjIssuerAltName, - setFieldCertPolicies, setFieldNetscapeCertType, setFieldCrlDistPoints, - setFieldUnknownExt; -freeFieldFcn freeFieldExtKeyUsage, freeFieldSubjectKeyId, - freeFieldAuthorityKeyId, freeFieldSubjIssuerAltName, - freeFieldCertPolicies, - freeFieldCrlDistPoints, freeFieldUnknownExt; - -#ifdef __cplusplus -} -#endif - -#endif /* _CERT_EXTENSIONS_H_*/ diff --git a/AppleX509CL/CLCrlExtensions.cpp b/AppleX509CL/CLCrlExtensions.cpp deleted file mode 100644 index aa771b8a..00000000 --- a/AppleX509CL/CLCrlExtensions.cpp +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCrlExtensions.cpp - CRL extensions support. - */ - -#include "DecodedCrl.h" -#include "CLCrlExtensions.h" -#include "CLCertExtensions.h" -#include "clNssUtils.h" -#include "clNameUtils.h" -#include "CLFieldsCommon.h" -#include -#include -#include -#include -#include - -#include - -/*** - *** get/set/free functions called out from CrlFields.cpp - ***/ -/*** - *** CrlNumber , DeltaCRL - *** CDSA format CE_CrlNumber (a uint32) - *** NSS format CSSM_DATA, length 4 - *** OID CSSMOID_CrlNumber, CSSMOID_DeltaCrlIndicator - ***/ - -/* set function for both */ -void setFieldCrlNumber( - DecodedItem &crl, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - CE_CrlNumber *cdsaObj = (CE_CrlNumber *)cssmExt->value.parsedValue; - - /* CSSM_DATA and its contents in crl.coder's memory */ - ArenaAllocator alloc(crl.coder()); - CSSM_DATA_PTR nssVal = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA)); - clIntToData(*cdsaObj, *nssVal, alloc); - - /* add to mExtensions */ - crl.addExtension(nssVal, cssmExt->extnId, cssmExt->critical, false, - SEC_IntegerTemplate); -} - - -bool getFieldCrlCommon( - DecodedItem &crl, - const CSSM_OID &fieldId, // identifies extension we seek - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - const DecodedExten *decodedExt; - CSSM_DATA *nssObj; - CE_CrlNumber *cdsaObj; - bool brtn; - - brtn = crl.GetExtenTop( - index, - numFields, - fieldValue.allocator, - fieldId, - nssObj, - cdsaObj, - decodedExt); - if(!brtn) { - return false; - } - *cdsaObj = clDataToInt(*nssObj, CSSMERR_CL_INVALID_CRL_POINTER); - - /* pass back to caller */ - getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue); - return true; -} - -bool getFieldCrlNumber( - DecodedItem &crl, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - return getFieldCrlCommon(crl, CSSMOID_CrlNumber, index, numFields, - fieldValue); -} - -bool getFieldDeltaCrl( - DecodedItem &crl, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - return getFieldCrlCommon(crl, CSSMOID_DeltaCrlIndicator, index, - numFields, fieldValue); -} - -void freeFieldIssuingDistPoint ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CE_IssuingDistributionPoint *cdsaObj = - (CE_IssuingDistributionPoint *)cssmExt->value.parsedValue; - CL_freeCssmIssuingDistPoint(cdsaObj, alloc); - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/* HoldInstructionCode - CSSM_OID */ -/* InvalidityDate - CSSM_DATA */ -void freeFieldOidOrData ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false); - CssmAllocator &alloc = fieldValue.allocator; - CSSM_DATA *cdsaObj = - (CSSM_DATA *)cssmExt->value.parsedValue; - if(cdsaObj) { - alloc.free(cdsaObj->Data); - alloc.free(cdsaObj); - } - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - diff --git a/AppleX509CL/CLCrlExtensions.h b/AppleX509CL/CLCrlExtensions.h deleted file mode 100644 index fe2772ac..00000000 --- a/AppleX509CL/CLCrlExtensions.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLCrlExtensions.h - extern declarations of get/set/free functions - * implemented in CLCrlExtensions.cpp and used - * only in CrlFields.cpp. - * - * Created 9/8/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#ifndef _CL_CRL_EXTENSIONS_H_ -#define _CL_CRL_EXTENSIONS_H_ - -#include "DecodedCrl.h" -#include "CLCertExtensions.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Functions to map OID --> {get,set,free}field - */ -getItemFieldFcn getFieldCrlNumber, getFieldDeltaCrl; -setItemFieldFcn setFieldCrlNumber; -freeFieldFcn freeFieldIssuingDistPoint, freeFieldOidOrData; - -#ifdef __cplusplus -} -#endif - -#endif /* _CL_CRL_EXTENSIONS_H_*/ diff --git a/AppleX509CL/CLFieldsCommon.cpp b/AppleX509CL/CLFieldsCommon.cpp deleted file mode 100644 index 8764a486..00000000 --- a/AppleX509CL/CLFieldsCommon.cpp +++ /dev/null @@ -1,479 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLFieldsCommon.h - get/set/free routines common to certs and CRLs - */ - -#include "CLFieldsCommon.h" -#include "clNameUtils.h" -#include "clNssUtils.h" -#include "AppleX509CLSession.h" -#include -#include -#include -#include - -/* - * Table to map an OID to the info needed to decode the - * associated extension - */ -typedef struct { - const CSSM_OID &oid; - unsigned nssObjLen; - const SEC_ASN1Template *templ; -} NssExtenInfo; - -static const NssExtenInfo nssExtenInfo[] = { - { CSSMOID_KeyUsage, - sizeof(CSSM_DATA), - NSS_KeyUsageTemplate }, - { CSSMOID_BasicConstraints, - sizeof(NSS_BasicConstraints), - NSS_BasicConstraintsTemplate }, - { CSSMOID_ExtendedKeyUsage, - sizeof(NSS_ExtKeyUsage), - NSS_ExtKeyUsageTemplate }, - { CSSMOID_SubjectKeyIdentifier, - sizeof(CSSM_DATA), - NSS_SubjectKeyIdTemplate }, - { CSSMOID_AuthorityKeyIdentifier, - sizeof(NSS_AuthorityKeyId), - NSS_AuthorityKeyIdTemplate }, - { CSSMOID_SubjectAltName, - sizeof(NSS_GeneralNames), - NSS_GeneralNamesTemplate }, - { CSSMOID_IssuerAltName, - sizeof(NSS_GeneralNames), - NSS_GeneralNamesTemplate }, - { CSSMOID_CertificatePolicies, - sizeof(NSS_CertPolicies), - NSS_CertPoliciesTemplate }, - { CSSMOID_NetscapeCertType, - sizeof(CSSM_DATA), - NSS_NetscapeCertTypeTemplate }, - { CSSMOID_CrlDistributionPoints, - sizeof(NSS_CRLDistributionPoints), - NSS_CRLDistributionPointsTemplate }, - { CSSMOID_CertIssuer, - sizeof(NSS_GeneralNames), - NSS_GeneralNamesTemplate }, - /* CRL extensions */ - { CSSMOID_CrlNumber, - sizeof(CSSM_DATA), - SEC_IntegerTemplate }, - { CSSMOID_IssuingDistributionPoint, - sizeof(NSS_IssuingDistributionPoint), - NSS_IssuingDistributionPointTemplate }, - { CSSMOID_HoldInstructionCode, - sizeof(CSSM_OID), - SEC_ObjectIDTemplate }, - { CSSMOID_CrlReason, - sizeof(CSSM_DATA), - SEC_EnumeratedTemplate }, - { CSSMOID_DeltaCrlIndicator, - sizeof(CSSM_DATA), - SEC_IntegerTemplate }, - { CSSMOID_InvalidityDate, - sizeof(CSSM_DATA), - SEC_GeneralizedTimeTemplate } -}; - -#define NUM_NSS_EXTEN_INFOS (sizeof(nssExtenInfo) / sizeof(nssExtenInfo[0])) - -/* - * Returns true if we find the OID. - */ -bool clOidToNssInfo( - const CSSM_OID &oid, - unsigned &nssObjLen, // RETURNED - const SEC_ASN1Template *&templ) // RETURNED -{ - for(unsigned dex=0; dex(fieldValue.data()); - if(berEncoded) { - if((cssmExt->value.parsedValue != NULL) || - (cssmExt->BERvalue.Data == NULL)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - } - else { - if(cssmExt->value.parsedValue == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - } - return cssmExt; -} - -/* - * Common free code for all extensions. Extension-specific code must - * free anything beyond cdsaExt->Value.parsedValue, then we free everything - * else (except the extension struct itself, which is freed by - * DecodedCert::freeCertFieldData()). - */ -void freeFieldExtenCommon( - CSSM_X509_EXTENSION_PTR exten, - CssmAllocator &alloc) -{ - alloc.free(exten->extnId.Data); - alloc.free(exten->BERvalue.Data); // may be NULL - alloc.free(exten->value.parsedValue); // may be NULL -} - -/* - * One common free for extensions whose parsed value doesn't go any deeper - * than cssmExt->value.parsedValue. - */ -void freeFieldSimpleExtension ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, - false); - freeFieldExtenCommon(cssmExt, fieldValue.allocator); -} - - -/*** - *** Common code for get/set subject/issuer name (C struct version) - *** Format = CSSM_X509_NAME - *** class Name from sm_x501if - ***/ -bool getField_RDN_NSS ( - const NSS_Name &nssName, - CssmOwnedData &fieldValue) // RETURNED -{ - /* alloc top-level CSSM_X509_NAME */ - CssmAllocator &alloc = fieldValue.allocator; - fieldValue.malloc(sizeof(CSSM_X509_NAME)); - CSSM_X509_NAME_PTR cssmName = (CSSM_X509_NAME_PTR)fieldValue.data(); - - CL_nssNameToCssm(nssName, *cssmName, alloc); - return true; -} - -void freeField_RDN ( - CssmOwnedData &fieldValue) -{ - if(fieldValue.data() == NULL) { - return; - } - if(fieldValue.length() != sizeof(CSSM_X509_NAME)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - CssmAllocator &alloc = fieldValue.allocator; - CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue.data(); - CL_freeX509Name(x509Name, alloc); - - /* top-level x509Name pointer freed by freeCertFieldData() */ -} - -/*** - *** Common code for Issuer Name, Subject Name (normalized and encoded - *** version) - *** Format = CSSM_DATA containing the DER encoding of the normalized name - ***/ -bool getField_normRDN_NSS ( - const CSSM_DATA &derName, - uint32 &numFields, // RETURNED (if successful, 0 or 1) - CssmOwnedData &fieldValue) // RETURNED -{ - if(derName.Data == NULL) { - /* This can happen during CertGetAllTemplateFields() because - * the normalized fields are only set up during cert/CRL decode */ - return false; - } - - /* - * First make a temp decoded copy which we'll be manipulating. - */ - SecNssCoder coder; - NSS_Name decodedName; - - memset(&decodedName, 0, sizeof(decodedName)); - PRErrorCode prtn = coder.decodeItem(derName, NSS_NameTemplate, &decodedName); - if(prtn) { - /* - * Actually should never happen since this same bag of bits successfully - * decoded when the cert as a whole was decoded... - */ - clErrorLog("getField_normRDN decode error\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - - } - - /* normalize */ - CL_normalizeX509NameNSS(decodedName, coder); - - /* encode result */ - prtn = SecNssEncodeItemOdata(&decodedName, NSS_NameTemplate, fieldValue); - if(prtn) { - clErrorLog("getField_normRDN encode error\n"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - numFields = 1; - return true; -} - -/*** - *** Common code for Time fields - Validity not before, Not After, - *** This Update, Next Update - *** Format: CSSM_X509_TIME - ***/ -bool getField_TimeNSS ( - const NSS_Time &nssTime, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(!tbsGetCheck(nssTime.item.Data, index)) { - return false; - } - CssmAllocator &alloc = fieldValue.allocator; - fieldValue.malloc(sizeof(CSSM_X509_TIME)); - CSSM_X509_TIME *cssmTime = - (CSSM_X509_TIME *)fieldValue.data(); - if(CL_nssTimeToCssm(nssTime, *cssmTime, alloc)) { - numFields = 1; - return true; - } - else { - return false; - } -} - -void setField_TimeNSS ( - const CssmData &fieldValue, - NSS_Time &nssTime, - SecNssCoder &coder) -{ - CSSM_X509_TIME *cssmTime = - (CSSM_X509_TIME *)fieldValue.data(); - CL_cssmTimeToNss(*cssmTime, nssTime, coder); -} - -void freeField_Time ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)fieldValue.data(); - if(cssmTime == NULL) { - return; - } - if(fieldValue.length() != sizeof(CSSM_X509_TIME)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - CL_freeCssmTime(cssmTime, fieldValue.allocator); -} - -/*** - *** TBS AlgId, Signature AlgId - *** Format = CSSM_X509_ALGORITHM_IDENTIFIER - ***/ -void getField_AlgIdNSS ( - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId, - CssmOwnedData &fieldValue) // RETURNED -{ - CssmAllocator &alloc = fieldValue.allocator; - fieldValue.malloc(sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)); - CSSM_X509_ALGORITHM_IDENTIFIER *destAlgId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)fieldValue.data(); - CL_copyAlgId(srcAlgId, *destAlgId, alloc); -} - -void setField_AlgIdNSS ( - const CssmData &fieldValue, - CSSM_X509_ALGORITHM_IDENTIFIER &dstAlgId, - SecNssCoder &coder) -{ - CSSM_X509_ALGORITHM_IDENTIFIER *srcAlgId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)fieldValue.data(); - /* allocator for this coder */ - ArenaAllocator areanAlloc(coder); - CL_copyAlgId(*srcAlgId, dstAlgId, areanAlloc); -} - -void freeField_AlgId ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_ALGORITHM_IDENTIFIER *cssmAlgId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)fieldValue.data(); - if(cssmAlgId == NULL) { - return; - } - if(fieldValue.length() != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - CssmAllocator &alloc = fieldValue.allocator; - alloc.free(cssmAlgId->algorithm.Data); - alloc.free(cssmAlgId->parameters.Data); - memset(cssmAlgId, 0, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)); -} - -/* - * Routines for common validity checking for certificateToSign fields. - * - * Call from setField*: verify field isn't already set, optionally validate - * input length - */ -void tbsSetCheck( - void *fieldToSet, - const CssmData &fieldValue, - uint32 expLength, - const char *op) -{ - if(fieldToSet != NULL) { - /* can't add another */ - clErrorLog("setField(%s): field already set", op); - CssmError::throwMe(CSSMERR_CL_INVALID_NUMBER_OF_FIELDS); - } - if((expLength != 0) && (fieldValue.length() != expLength)) { - clErrorLog("setField(%s): bad length : exp %d got %d", - op, (int)expLength, (int)fieldValue.length()); - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } -} - -/* - * Call from getField* for unique fields - detect missing field or - * index out of bounds. - */ -bool tbsGetCheck( - const void *requiredField, - uint32 reqIndex) -{ - if((requiredField == NULL) || (reqIndex != 0)) { - return false; - } - else { - return true; - } -} - -/*** - *** unknown extensions - *** CDSA format: raw bytes in a CSSM_DATA. This data is the BER-encoding of - *** some extension struct we don't know about. - *** NSS format CSSM_DATA - *** OID CSSMOID_X509V3CertificateExtensionCStruct - ***/ - -void setFieldUnknownExt( - DecodedItem &cert, - const CssmData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, true); - SecNssCoder &coder = cert.coder(); - CSSM_DATA *rawExtn = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - coder.allocCopyItem(cssmExt->BERvalue, *rawExtn); - cert.addExtension(NULL, cssmExt->extnId, cssmExt->critical, - true, NULL /* no template */, rawExtn); -} - -bool getFieldUnknownExt( - DecodedItem &cert, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) -{ - uint8 noOidDataLikeThis[2] = {1, 2}; // a dummy argument - CSSM_OID noOidLikeThis = {2, noOidDataLikeThis}; - const DecodedExten *decodedExt = - cert.DecodedItem::findDecodedExt(noOidLikeThis, - true, index, numFields); - if(decodedExt == NULL) { - return false; - } - getFieldExtenCommon(NULL, *decodedExt, fieldValue); - return true; -} - -void freeFieldUnknownExt ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, true); - CssmAllocator &alloc = fieldValue.allocator; - freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue -} - -/* setField for read-only OIDs (i.e., the ones in cert/CRL, not TBS) */ -void setField_ReadOnly ( - DecodedItem &item, - const CssmData &fieldValue) -{ - clErrorLog("Attempt to set a read-only field"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG); -} - -bool getField_Unimplemented ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - clErrorLog("Attempt to get an unimplemented field"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG); -} - - - diff --git a/AppleX509CL/CLFieldsCommon.h b/AppleX509CL/CLFieldsCommon.h deleted file mode 100644 index a31c849d..00000000 --- a/AppleX509CL/CLFieldsCommon.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CLFieldsCommon.h - get/set/free routines common to certs and CRLs - */ - -#ifndef _CL_FIELDS_COMMON_H_ -#define _CL_FIELDS_COMMON_H_ - -#include -#include - -#include "DecodedItem.h" - -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * As of the NSS conversion, getField ops do NOT take a const - * DecodedItem argument since many of them use the DecodedItem's - * SecNssCoder for intermediate ops. - */ -typedef bool (getItemFieldFcn) ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue); // RETURNED -typedef void (setItemFieldFcn) ( - DecodedItem &item, - const CssmData &fieldValue); -typedef void (freeFieldFcn) ( - CssmOwnedData &fieldValue); - -bool clOidToNssInfo( - const CSSM_OID &oid, - unsigned &nssObjLen, // RETURNED - const SEC_ASN1Template *&templ); // RETURNED - -/* - * Routines for common validity checking for certificateToSign fields. - * - * Call from setField*: verify field isn't already set, optionally validate - * input length - */ -void tbsSetCheck( - void *fieldToSet, - const CssmData &fieldValue, - uint32 expLength, - const char *op); - -/* - * Call from getField* for unique fields - detect missing field or - * index out of bounds. - */ -bool tbsGetCheck( - const void *requiredField, - uint32 reqIndex); - -/* common extension get/set/free */ -void getFieldExtenCommon( - void *cdsaObj, // e.g. CE_KeyUsage - // CSSM_DATA_PTR for berEncoded - const DecodedExten &decodedExt, - CssmOwnedData &fieldValue); - -CSSM_X509_EXTENSION_PTR verifySetFreeExtension( - const CssmData &fieldValue, - bool berEncoded); // false: value in value.parsedValue - // true : value in BERValue -void freeFieldExtenCommon( - CSSM_X509_EXTENSION_PTR exten, - CssmAllocator &alloc); - -/* - * Common code for get/set subject/issuer name (C struct version) - */ -bool getField_RDN_NSS ( - const NSS_Name &nssName, - CssmOwnedData &fieldValue); // RETURNED - -void freeField_RDN ( - CssmOwnedData &fieldValue); - -/* get normalized RDN */ -bool getField_normRDN_NSS ( - const CSSM_DATA &derName, - uint32 &numFields, // RETURNED (if successful, 0 or 1) - CssmOwnedData &fieldValue); // RETURNED - -/* - * Common code for Time fields - Validity not before/after, this/next update - * Format: CSSM_X509_TIME - */ -void freeField_Time ( - CssmOwnedData &fieldValue); - -bool getField_TimeNSS ( - const NSS_Time &derTime, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue); // RETURNED -void setField_TimeNSS ( - const CssmData &fieldValue, - NSS_Time &nssTime, - SecNssCoder &coder); - -void getField_AlgIdNSS ( - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId, - CssmOwnedData &fieldValue); // RETURNED -void setField_AlgIdNSS ( - const CssmData &fieldValue, - CSSM_X509_ALGORITHM_IDENTIFIER &dstAlgId, - SecNssCoder &coder); - -void freeField_AlgId ( - CssmOwnedData &fieldValue); - -getItemFieldFcn getFieldUnknownExt, getField_Unimplemented; -setItemFieldFcn setFieldUnknownExt, setField_ReadOnly; -freeFieldFcn freeFieldUnknownExt, freeFieldSimpleExtension; - -#ifdef __cplusplus -} -#endif - -#endif /* _CL_FIELDS_COMMON_H_ */ diff --git a/AppleX509CL/CSPAttacher.cpp b/AppleX509CL/CSPAttacher.cpp deleted file mode 100644 index d83c02c4..00000000 --- a/AppleX509CL/CSPAttacher.cpp +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CSPAttacher.cpp - process-wide class which loads and attaches to CSP at most - * once, and detaches and unloads the CSP when this code is - * unloaded. - */ - -#include "CSPAttacher.h" -#include "cldebugging.h" -#include -#include -#include -#include -#include -#include - -class CSPAttacher -{ -public: - CSPAttacher() : - mCspHand(CSSM_INVALID_HANDLE), - mCspDlHand(CSSM_INVALID_HANDLE) - { } - ~CSPAttacher(); - CSSM_CSP_HANDLE getCspHand(bool bareCsp); - -private: - /* connection to CSP and CSPDL, evaluated lazily */ - CSSM_HANDLE mCspHand; - CSSM_HANDLE mCspDlHand; - Mutex mLock; -}; - -/* the single global thing */ -static ModuleNexus cspAttacher; - -static void *CL_malloc( - uint32 size, - void *allocref) -{ - return CssmAllocator::standard().malloc(size); -} - -static void CL_free( - void *memblock, - void *allocref) -{ - CssmAllocator::standard().free(memblock); -} - -static void *CL_realloc( - void *memblock, - uint32 size, - void *allocref) -{ - return CssmAllocator::standard().realloc(memblock, size); -} - -static void *CL_calloc( - uint32 num, - uint32 size, - void *allocref) -{ - return CssmAllocator::standard().calloc(num, size); -} - -static const CSSM_API_MEMORY_FUNCS CL_memFuncs = { - CL_malloc, - CL_free, - CL_realloc, - CL_calloc, - NULL - }; - - -/* - * This only gets called when cspAttacher get deleted, i.e., when this code - * is actually unloaded from the process's address space. - */ -CSPAttacher::~CSPAttacher() -{ - StLock _(mLock); - - if(mCspHand != CSSM_INVALID_HANDLE) { - CSSM_ModuleDetach(mCspHand); - CSSM_ModuleUnload(&gGuidAppleCSP, NULL, NULL); - } - if(mCspDlHand != CSSM_INVALID_HANDLE) { - CSSM_ModuleDetach(mCspDlHand); - CSSM_ModuleUnload(&gGuidAppleCSPDL, NULL, NULL); - } -} - -CSSM_CSP_HANDLE CSPAttacher::getCspHand(bool bareCsp) -{ - const char *modName; - CSSM_RETURN crtn; - const CSSM_GUID *guid; - CSSM_VERSION vers = {2, 0}; - StLock _(mLock); - CSSM_CSP_HANDLE cspHand; - - if(bareCsp) { - if(mCspHand != CSSM_INVALID_HANDLE) { - /* already connected */ - return mCspHand; - } - guid = &gGuidAppleCSP; - modName = "AppleCSP"; - } - else { - if(mCspDlHand != CSSM_INVALID_HANDLE) { - /* already connected */ - return mCspDlHand; - } - guid = &gGuidAppleCSPDL; - modName = "AppleCSPDL"; - } - crtn = CSSM_ModuleLoad(guid, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - clErrorLog("AppleX509CLSession::cspAttach: error (%d) loading %s", - (int)crtn, modName); - CssmError::throwMe(crtn); - } - crtn = CSSM_ModuleAttach (guid, - &vers, - &CL_memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CSP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &cspHand); - if(crtn) { - clErrorLog("AppleX509CLSession::cspAttach: error (%d) attaching to %s", - (int)crtn, modName); - CssmError::throwMe(crtn); - } - if(bareCsp) { - mCspHand = cspHand; - } - else { - mCspDlHand = cspHand; - } - return cspHand; -} - -/* - * Just one public function - "give me a CSP handle". - * bareCsp true: AppleCSP - * bareCsp false: AppleCSPDL - */ -CSSM_CSP_HANDLE getGlobalCspHand(bool bareCsp) -{ - return cspAttacher().getCspHand(bareCsp); -} - diff --git a/AppleX509CL/CSPAttacher.h b/AppleX509CL/CSPAttacher.h deleted file mode 100644 index 6b08ca48..00000000 --- a/AppleX509CL/CSPAttacher.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CSPAttacher.h - process-wide class which loads and attaches to CSP at most - * once, and detaches and unloads the CSP when this code is - * unloaded. - */ - -#ifndef _CSP_ATTACHER_H_ -#define _CSP_ATTACHER_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Just one public function - "give me a CSP handle". - * bareCsp true : AppleCSP - * bareCsp false: AppleCSPDL - * - * Throws a CssmError on failure. - */ -extern CSSM_CSP_HANDLE getGlobalCspHand(bool bareCsp); - -#ifdef __cplusplus -} -#endif - -#endif /* _CSP_ATTACHER_H_ */ \ No newline at end of file diff --git a/AppleX509CL/CVSVersionInfo.txt b/AppleX509CL/CVSVersionInfo.txt deleted file mode 100644 index 2f45cd47..00000000 --- a/AppleX509CL/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: $ -ProjectName: AppleX509CL -ProjectVersion: 3 diff --git a/AppleX509CL/CertFields.cpp b/AppleX509CL/CertFields.cpp deleted file mode 100644 index c875e819..00000000 --- a/AppleX509CL/CertFields.cpp +++ /dev/null @@ -1,845 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CertFields.cpp - convert between NSS-based Certificate components and CDSA-style - * fields. A major component of DecodedCert. - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#include "DecodedCert.h" -#include "cldebugging.h" -#include "CLCertExtensions.h" -#include "clNssUtils.h" -#include "clNameUtils.h" -#include "CLFieldsCommon.h" -#include -#include -#include -#include - -/*** - *** Version - *** Format = DER-encoded int (max of four bytes in this case) - ***/ -static bool getField_Version ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_DATA &vers = cert.mCert.tbs.version; - if(!tbsGetCheck(vers.Data, index)) { - /* not present, optional */ - return false; - } - fieldValue.copy(vers.Data, vers.Length); - numFields = 1; - return true; -} - -static void setField_Version ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_DATA &vers = cert.mCert.tbs.version; - tbsSetCheck(vers.Data, fieldValue, 0, "version"); - cert.coder().allocCopyItem(fieldValue, vers); -} - - -#if this_is_a_template -/*** - *** Version - *** Format = DER-encoded int (always four bytes in this case) - ***/ -static bool getField_Version ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - tbsGetCheck(cert.certificateToSign->version, index); -} -static void setField_Version ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - tbsSetCheck(cert.certificateToSign->version, fieldValue, sizeof(uint32), - "version"); - -} -static void freeField_Version ( - CssmOwnedData &fieldValue) -{ -} -#endif - -/*** - *** Serial Number - *** Format = DER-encoded int, variable length - ***/ -static bool getField_SerialNumber ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_DATA &sn = cert.mCert.tbs.serialNumber; - if(!tbsGetCheck(sn.Data, index)) { - return false; - } - fieldValue.copy(sn.Data, sn.Length); - numFields = 1; - return true; -} - -static void setField_SerialNumber ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_DATA &sn = cert.mCert.tbs.serialNumber; - tbsSetCheck(sn.Data, fieldValue, 0, "SerialNumber"); - cert.coder().allocCopyItem(fieldValue, sn); -} - -/*** issuer/subject - *** Format = CSSM_X509_NAME - *** class Name from sm_x501if - ***/ -static bool getField_Issuer ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - - bool brtn; - - const DecodedCert &cert = dynamic_cast(item); - try { - brtn = getField_RDN_NSS(cert.mCert.tbs.issuer, fieldValue); - if(brtn) { - numFields = 1; - } - } - catch (...) { - freeField_RDN(fieldValue); - throw; - } - return brtn; -} - -static void setField_Issuer ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - const CSSM_X509_NAME *cssmName = (const CSSM_X509_NAME *)fieldValue.Data; - NSS_Name &nssName = cert.mCert.tbs.issuer; - tbsSetCheck(nssName.rdns, fieldValue, sizeof(CSSM_X509_NAME), - "IssuerName"); - CL_cssmNameToNss(*cssmName, nssName, cert.coder()); -} - -/*** subject ***/ -static bool getField_Subject ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - - bool brtn; - - const DecodedCert &cert = dynamic_cast(item); - try { - brtn = getField_RDN_NSS(cert.mCert.tbs.subject, fieldValue); - if(brtn) { - numFields = 1; - } - } - catch (...) { - freeField_RDN(fieldValue); - throw; - } - return brtn; -} - -static void setField_Subject ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - const CSSM_X509_NAME *cssmName = (const CSSM_X509_NAME *)fieldValue.Data; - NSS_Name &nssName = cert.mCert.tbs.subject; - tbsSetCheck(nssName.rdns, fieldValue, sizeof(CSSM_X509_NAME), - "SubjectName"); - CL_cssmNameToNss(*cssmName, nssName, cert.coder()); -} - -/*** - *** Issuer Name, Subject Name (normalized and encoded version) - *** Format = CSSM_DATA containing the DER encoding of the normalized name - ***/ -static bool getFieldSubjectNorm( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - const DecodedCert &cert = dynamic_cast(item); - return getField_normRDN_NSS(cert.mCert.tbs.derSubject, numFields, - fieldValue); -} - -static bool getFieldIssuerNorm( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - const DecodedCert &cert = dynamic_cast(item); - return getField_normRDN_NSS(cert.mCert.tbs.derIssuer, numFields, fieldValue); -} - -/*** - *** Issuer Name, Subject Name (encoded, NON-normalized version) - *** Format = CSSM_DATA containing the DER encoding of the name - ***/ -static bool getFieldSubjectStd( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - const DecodedCert &cert = dynamic_cast(item); - fieldValue.copy(cert.mCert.tbs.derSubject); - numFields = 1; - return true; -} - -static bool getFieldIssuerStd( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - const DecodedCert &cert = dynamic_cast(item); - fieldValue.copy(cert.mCert.tbs.derIssuer); - numFields = 1; - return true; -} - -/*** - *** TBS AlgId, Signature AlgId - *** Format = CSSM_X509_ALGORITHM_IDENTIFIER - ***/ -/* TBS AlgId */ -static bool getField_TbsAlgId ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId = cert.mCert.tbs.signature; - if(!tbsGetCheck(srcAlgId.algorithm.Data, index)) { - return false; - } - getField_AlgIdNSS(srcAlgId, fieldValue); - numFields = 1; - return true; -} - -static void setField_TbsAlgId ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_X509_ALGORITHM_IDENTIFIER &dstAlgId = cert.mCert.tbs.signature; - tbsSetCheck(dstAlgId.algorithm.Data, fieldValue, - sizeof(CSSM_X509_ALGORITHM_IDENTIFIER), "TBS_AlgId"); - setField_AlgIdNSS(fieldValue, dstAlgId, cert.coder()); -} - -/* Cert AlgId - read only */ -static bool getField_CertAlgId ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId = cert.mCert.signatureAlgorithm; - if(!tbsGetCheck(srcAlgId.algorithm.Data, index)) { - return false; - } - getField_AlgIdNSS(srcAlgId, fieldValue); - numFields = 1; - return true; -} - -/*** - *** Validity not before, not after - *** Format: CSSM_X509_TIME - ***/ - -/*** not before ***/ -static bool getField_NotBefore ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const NSS_Time &srcTime = cert.mCert.tbs.validity.notBefore; - return getField_TimeNSS(srcTime, index, numFields, fieldValue); -} - -static void setField_NotBefore ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - NSS_Time &dstTime = cert.mCert.tbs.validity.notBefore; - tbsSetCheck(dstTime.item.Data, fieldValue, - sizeof(CSSM_X509_TIME), "NotBefore"); - setField_TimeNSS(fieldValue, dstTime, cert.coder()); -} - -/*** not after ***/ -static bool getField_NotAfter ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const NSS_Time &srcTime = cert.mCert.tbs.validity.notAfter; - return getField_TimeNSS(srcTime, index, numFields, fieldValue); -} - -static void setField_NotAfter ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - NSS_Time &dstTime = cert.mCert.tbs.validity.notAfter; - tbsSetCheck(dstTime.item.Data, fieldValue, - sizeof(CSSM_X509_TIME), "NotAfter"); - setField_TimeNSS(fieldValue, dstTime, cert.coder()); -} - -/*** - *** Subject/issuer unique ID - *** Format: Raw bytes. It's stored in the cert as an ASN bit string; the decoded - *** bytes are present at this level (i.e., not tag and length in the bytes). - *** NOTE: this is not quite accurate in that we only provide byte-aligned size, - *** not bit-aligned. This field is rarely if ever used so I think it's O, but - *** beware. - ***/ -static bool getField_SubjectUniqueId ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_DATA &srcBits = cert.mCert.tbs.subjectID; - if(!tbsGetCheck(srcBits.Data, index)) { - return false; - } - - /* That CSSM_DATA is a decoded BITSTRING; its length is in bits */ - CSSM_DATA tmp = srcBits; - tmp.Length = (tmp.Length + 7) / 8; - fieldValue.copy(tmp.Data, tmp.Length); - numFields = 1; - return true; -} - -static void setField_SubjectUniqueId ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_DATA &dstBits = cert.mCert.tbs.subjectID; - tbsSetCheck(dstBits.Data, fieldValue, 0, "SubjectUniqueID"); - cert.coder().allocCopyItem(fieldValue, dstBits); - dstBits.Length *= 8; -} - -static bool getField_IssuerUniqueId ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_DATA &srcBits = cert.mCert.tbs.issuerID; - if(!tbsGetCheck(srcBits.Data, index)) { - return false; - } - - /* That CSSM_DATA is a decoded BITSTRING; its length is in bits */ - CSSM_DATA tmp = srcBits; - tmp.Length = (tmp.Length + 7) / 8; - fieldValue.copy(tmp.Data, tmp.Length); - numFields = 1; - return true; -} - -static void setField_IssuerUniqueId ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_DATA &dstBits = cert.mCert.tbs.issuerID; - tbsSetCheck(dstBits.Data, fieldValue, 0, "IssuerUniqueID"); - cert.coder().allocCopyItem(fieldValue, dstBits); - dstBits.Length *= 8; -} - -/*** - *** Public key info - *** Format = CSSM_X509_SUBJECT_PUBLIC_KEY_INFO - ***/ -static bool getField_PublicKeyInfo ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &srcInfo = - cert.mCert.tbs.subjectPublicKeyInfo; - if(!tbsGetCheck(srcInfo.subjectPublicKey.Data, index)) { - return false; - } - - CssmAllocator &alloc = fieldValue.allocator; - fieldValue.malloc(sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO)); - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *dstInfo = - (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)fieldValue.data(); - - CL_copySubjPubKeyInfo(srcInfo, true, // length in bits here - *dstInfo, false, // length in bytes - alloc); - - numFields = 1; - return true; -} - -static void setField_PublicKeyInfo ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &dstKeyInfo = - cert.mCert.tbs.subjectPublicKeyInfo; - tbsSetCheck(dstKeyInfo.subjectPublicKey.Data, fieldValue, - sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO), "PubKeyInfo"); - - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *srcKeyInfo = - (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)fieldValue.Data; - if((srcKeyInfo->subjectPublicKey.Data == NULL) || - (srcKeyInfo->subjectPublicKey.Length == 0)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - - ArenaAllocator arenaAlloc(cert.coder()); - CL_copySubjPubKeyInfo(*srcKeyInfo, false, // length in bytes here - dstKeyInfo, true, // length in bits - arenaAlloc); -} - -static void freeField_PublicKeyInfo ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *cssmKeyInfo = - (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)fieldValue.data(); - if(cssmKeyInfo == NULL) { - return; - } - CssmAllocator &alloc = fieldValue.allocator; - CL_freeCssmAlgId(&cssmKeyInfo->algorithm, alloc); - alloc.free(cssmKeyInfo->subjectPublicKey.Data); - memset(cssmKeyInfo, 0, sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO));} - -/*** - *** key info from CSSM_KEY - *** Format = CSSM_KEY - ***/ -static bool getField_PublicKeyStruct ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - if(!tbsGetCheck(cert.mCert.tbs.subjectPublicKeyInfo.subjectPublicKey.Data, - index)) { - return false; - } - CSSM_KEY_PTR cssmKey = cert.extractCSSMKey(fieldValue.allocator); - fieldValue.set(reinterpret_cast(cssmKey), sizeof(CSSM_KEY)); - numFields = 1; - return true; -} - -static void setField_PublicKeyStruct ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCert &cert = dynamic_cast(item); - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &dstKeyInfo = - cert.mCert.tbs.subjectPublicKeyInfo; - tbsSetCheck(dstKeyInfo.subjectPublicKey.Data, fieldValue, - sizeof(CSSM_KEY), "PubKeyStruct"); - - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)fieldValue.data(); - if((cssmKey->KeyData.Data == NULL) || - (cssmKey->KeyData.Data == 0)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - CL_CSSMKeyToSubjPubKeyInfoNSS(*cssmKey, dstKeyInfo, cert.coder()); -} - -static void freeField_PublicKeyStruct ( - CssmOwnedData &fieldValue) -{ - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)fieldValue.data(); - CL_freeCSSMKey(cssmKey, fieldValue.allocator, false); -} - -/*** - *** Signature - *** Format = raw bytes - *** read-only - ***/ -static bool getField_Signature ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCert &cert = dynamic_cast(item); - const CSSM_DATA &sigBits = cert.mCert.signature; - if(!tbsGetCheck(sigBits.Data, index)) { - return false; - } - fieldValue.copy(sigBits.Data, (sigBits.Length + 7) / 8); - numFields = 1; - return true; -} - -/*** - *** end of field-specific triplets - ***/ - -/* - * Table to map OID to {get,set,free}field - */ -typedef struct { - const CSSM_OID *fieldId; - getItemFieldFcn *getFcn; - setItemFieldFcn *setFcn; - freeFieldFcn *freeFcn; // OPTIONAL - NULL means just free the - // top-level data -} oidToFieldFuncs; - -static const oidToFieldFuncs fieldFuncTable[] = { - { &CSSMOID_X509V1Version, - &getField_Version, &setField_Version, NULL }, - { &CSSMOID_X509V1SerialNumber, - &getField_SerialNumber, &setField_SerialNumber, NULL }, - { &CSSMOID_X509V1IssuerNameCStruct, - &getField_Issuer, &setField_Issuer, &freeField_RDN }, - { &CSSMOID_X509V1SubjectNameCStruct, - &getField_Subject, &setField_Subject, &freeField_RDN }, - { &CSSMOID_X509V1SignatureAlgorithmTBS, - &getField_TbsAlgId, &setField_TbsAlgId, &freeField_AlgId }, - { &CSSMOID_X509V1SignatureAlgorithm, - &getField_CertAlgId, &setField_ReadOnly, &freeField_AlgId }, - { &CSSMOID_X509V1ValidityNotBefore, - &getField_NotBefore, &setField_NotBefore, &freeField_Time }, - { &CSSMOID_X509V1ValidityNotAfter, - &getField_NotAfter, &setField_NotAfter, &freeField_Time }, - { &CSSMOID_X509V1CertificateIssuerUniqueId, - &getField_IssuerUniqueId, &setField_IssuerUniqueId, NULL }, - { &CSSMOID_X509V1CertificateSubjectUniqueId, - &getField_SubjectUniqueId, &setField_SubjectUniqueId, NULL }, - { &CSSMOID_X509V1SubjectPublicKeyCStruct, - &getField_PublicKeyInfo, &setField_PublicKeyInfo, &freeField_PublicKeyInfo }, - { &CSSMOID_CSSMKeyStruct, - &getField_PublicKeyStruct, &setField_PublicKeyStruct, - &freeField_PublicKeyStruct }, - { &CSSMOID_X509V1Signature, - &getField_Signature, &setField_ReadOnly, NULL }, - { &CSSMOID_X509V1IssuerName, - getFieldIssuerNorm, &setField_ReadOnly, NULL }, - { &CSSMOID_X509V1SubjectName, - getFieldSubjectNorm, &setField_ReadOnly, NULL }, - { &CSSMOID_X509V1IssuerNameStd, - getFieldIssuerStd, &setField_ReadOnly, NULL }, - { &CSSMOID_X509V1SubjectNameStd, - getFieldSubjectStd, &setField_ReadOnly, NULL }, - - /* - * Extensions, implemented in CertExtensions.cpp - * When adding new ones, also add to: - * -- clOidToNssInfo() in CLFieldsCommon.cpp - * -- get/set/free functions in CertExtensions.{cpp,h} - */ - { &CSSMOID_KeyUsage, &getFieldKeyUsage, &setFieldKeyUsage, - &freeFieldSimpleExtension }, - { &CSSMOID_BasicConstraints, &getFieldBasicConstraints, - &setFieldBasicConstraints, &freeFieldSimpleExtension }, - { &CSSMOID_ExtendedKeyUsage, &getFieldExtKeyUsage, - &setFieldExtKeyUsage, &freeFieldExtKeyUsage } , - { &CSSMOID_SubjectKeyIdentifier, &getFieldSubjectKeyId, - &setFieldSubjectKeyId, &freeFieldSubjectKeyId } , - { &CSSMOID_AuthorityKeyIdentifier, &getFieldAuthorityKeyId, - &setFieldAuthorityKeyId, &freeFieldAuthorityKeyId } , - { &CSSMOID_SubjectAltName, &getFieldSubjAltName, - &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } , - { &CSSMOID_IssuerAltName, &getFieldIssuerAltName, - &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } , - { &CSSMOID_CertificatePolicies, &getFieldCertPolicies, - &setFieldCertPolicies, &freeFieldCertPolicies } , - { &CSSMOID_NetscapeCertType, &getFieldNetscapeCertType, - &setFieldNetscapeCertType, &freeFieldSimpleExtension } , - { &CSSMOID_CrlDistributionPoints, &getFieldCrlDistPoints, - &setFieldCrlDistPoints, &freeFieldCrlDistPoints }, - { &CSSMOID_X509V3CertificateExtensionCStruct, &getFieldUnknownExt, - &setFieldUnknownExt, &freeFieldUnknownExt }, -}; - -#define NUM_KNOWN_FIELDS (sizeof(fieldFuncTable) / sizeof(oidToFieldFuncs)) -#define NUM_STD_CERT_FIELDS 17 /* not including extensions */ - -/* map an OID to an oidToFieldFuncs */ -static const oidToFieldFuncs *oidToFields( - const CssmOid &fieldId) -{ - const oidToFieldFuncs *fieldTable = fieldFuncTable; - for(unsigned i=0; ifieldId)) { - return fieldTable; - } - fieldTable++; - } - CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG); -} - - -/*** - *** Public functions - ***/ - -/* - * Obtain the index'th occurrence of field specified by fieldId in specified cert. - * Format of the returned field depends on fieldId. - * Returns total number of fieldId fields in the cert if index is 0. - * FieldValue assumed to be empty on entry. - * Returns true if specified field was found, else returns false. - */ -bool DecodedCert::getCertFieldData( - const CssmOid &fieldId, // which field - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - switch(mState) { - case IS_Empty: - case IS_Building: - clErrorLog("DecodedCert::getCertField: can't parse undecoded cert!"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - case IS_DecodedAll: - case IS_DecodedTBS: - break; - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - return fieldFuncs->getFcn(*this, index, numFields, fieldValue); -} - -/* - * Set the field specified by fieldId in the specified Cert. - * Note no index - individual field routines either append (for extensions) - * or if field already set ::throwMe(for all others) - */ -void DecodedCert::setCertField( - const CssmOid &fieldId, // which field - const CssmData &fieldValue) -{ - switch(mState) { - case IS_Empty: // first time thru - mState = IS_Building; - break; - case IS_Building: // subsequent passes - break; - case IS_DecodedAll: - case IS_DecodedTBS: - clErrorLog("DecodedCert::setCertField: can't build on a decoded cert!"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - const CssmData &value = CssmData::overlay(fieldValue); - fieldFuncs->setFcn(*this, value); -} - -/* - * Free the fieldId-specific data referred to by fieldValue->Data. - */ -void DecodedCert::freeCertFieldData( - const CssmOid &fieldId, - CssmOwnedData &fieldValue) -{ - if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) { - CssmError::throwMe(CSSM_ERRCODE_INVALID_FIELD_POINTER); - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - if(fieldFuncs->freeFcn != NULL) { - /* optional - simple cases handled below */ - fieldFuncs->freeFcn(fieldValue); - } - fieldValue.reset(); - fieldValue.release(); - -} - - -/* - * Common means to get all fields from a decoded cert. Used in - * CertGetAllTemplateFields and CertGetAllFields. - */ -void DecodedCert::getAllParsedCertFields( - uint32 &NumberOfFields, // RETURNED - CSSM_FIELD_PTR &CertFields) // RETURNED -{ - /* this is the max - some might be missing */ - uint32 maxFields = NUM_STD_CERT_FIELDS + mDecodedExtensions.numExtensions(); - CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)mAlloc.malloc(maxFields * sizeof(CSSM_FIELD)); - - /* - * We'll be copying oids and values for fields we find into - * outFields; current number of valid fields found in numOutFields. - */ - memset(outFields, 0, maxFields * sizeof(CSSM_FIELD)); - uint32 numOutFields = 0; - CSSM_FIELD_PTR currOutField; - uint32 currOidDex; - const CSSM_OID *currOid; - CssmAutoData aData(mAlloc); // for malloc/copy of outgoing data - - /* query for each OID we know about */ - for(currOidDex=0; currOidDexfieldId; - uint32 numFields; // for THIS oid - - /* - * Return false if field not there, which is not an error here. - * Actual exceptions are fatal. - */ - if(!fieldFuncs->getFcn(*this, - 0, // index - looking for first one - numFields, - aData)) { - continue; - } - - /* got some data for this oid - copy it and oid to outgoing CertFields */ - assert(numOutFields < maxFields); - currOutField = &outFields[numOutFields]; - currOutField->FieldValue = aData.release(); - aData.copy(*currOid); - currOutField->FieldOid = aData.release(); - numOutFields++; - - /* if more fields are available for this OID, snag them too */ - for(uint32 fieldDex=1; fieldDexgetFcn(*this, - fieldDex, - numFields, // shouldn't change - aData); - if(!brtn) { - clErrorLog("getAllParsedCertFields: index screwup"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - assert(numOutFields < maxFields); - currOutField = &outFields[numOutFields]; - currOutField->FieldValue = aData.release(); - aData.copy(*currOid); - currOutField->FieldOid = aData.release(); - numOutFields++; - } /* multiple fields for currOid */ - } /* for each known OID */ - - NumberOfFields = numOutFields; - CertFields = outFields; -} - -void -DecodedCert::describeFormat( - CssmAllocator &alloc, - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList) -{ - /* malloc in app's space, do deep copy (including ->Data) */ - CSSM_OID_PTR oidList = (CSSM_OID_PTR)alloc.malloc( - NUM_KNOWN_FIELDS * sizeof(CSSM_OID)); - memset(oidList, 0, NUM_KNOWN_FIELDS * sizeof(CSSM_OID)); - for(unsigned i=0; i -#include "cldebugging.h" -#include "CLCrlExtensions.h" -#include "CLCertExtensions.h" -#include "CLFieldsCommon.h" -#include "clNssUtils.h" -#include "clNameUtils.h" -#include -#include -#include -#include -#include - -static void CL_freeCssmExtensions( - CSSM_X509_EXTENSIONS &extens, - CssmAllocator &alloc); - -/*** - *** Version - *** Format = DER-encoded int (max of four bytes in this case) - ***/ -static bool getField_Version ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCrl &crl = dynamic_cast(item); - const CSSM_DATA &vers = crl.mCrl.tbs.version; - if(!tbsGetCheck(vers.Data, index)) { - /* not present, optional */ - return false; - } - fieldValue.copy(vers.Data, vers.Length); - numFields = 1; - return true; -} - -static void setField_Version ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCrl &crl = dynamic_cast(item); - CSSM_DATA &vers = crl.mCrl.tbs.version; - tbsSetCheck(vers.Data, fieldValue, 0, "version"); - crl.coder().allocCopyItem(fieldValue, vers); -} - -/*** issuer - *** Format = CSSM_X509_NAME - *** class Name from sm_x501if - ***/ -static bool getField_Issuer ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - - bool brtn; - - const DecodedCrl &crl = dynamic_cast(item); - try { - brtn = getField_RDN_NSS(crl.mCrl.tbs.issuer, fieldValue); - if(brtn) { - numFields = 1; - } - } - catch (...) { - freeField_RDN(fieldValue); - throw; - } - return brtn; -} - -static void setField_Issuer ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCrl &crl = dynamic_cast(item); - const CSSM_X509_NAME *cssmName = (const CSSM_X509_NAME *)fieldValue.Data; - NSS_Name &nssName = crl.mCrl.tbs.issuer; - tbsSetCheck(nssName.rdns, fieldValue, sizeof(CSSM_X509_NAME), - "IssuerName"); - CL_cssmNameToNss(*cssmName, nssName, crl.coder()); -} - -/*** - *** This/Next update - *** Format: CSSM_X509_TIME - ***/ -static bool getField_ThisUpdate ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCrl &crl = dynamic_cast(item); - const NSS_Time &srcTime = crl.mCrl.tbs.thisUpdate; - return getField_TimeNSS(srcTime, index, numFields, fieldValue); -} - -static void setField_ThisUpdate ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCrl &crl = dynamic_cast(item); - NSS_Time &dstTime = crl.mCrl.tbs.thisUpdate; - tbsSetCheck(dstTime.item.Data, fieldValue, - sizeof(CSSM_X509_TIME), "NotBefore"); - setField_TimeNSS(fieldValue, dstTime, crl.coder()); -} - -static bool getField_NextUpdate ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCrl &crl = dynamic_cast(item); - const NSS_Time &srcTime = crl.mCrl.tbs.nextUpdate; - return getField_TimeNSS(srcTime, index, numFields, fieldValue); -} - -static void setField_NextUpdate ( - DecodedItem &item, - const CssmData &fieldValue) -{ - DecodedCrl &crl = dynamic_cast(item); - NSS_Time &dstTime = crl.mCrl.tbs.nextUpdate; - tbsSetCheck(dstTime.item.Data, fieldValue, - sizeof(CSSM_X509_TIME), "NotBefore"); - setField_TimeNSS(fieldValue, dstTime, crl.coder()); -} - -/*** - *** Issuer Name (normalized and encoded version) - *** Format = CSSM_DATA containing the DER encoding of the normalized name - ***/ -static bool getFieldIssuerNorm( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - if(index != 0) { - return false; - } - const DecodedCrl &crl = dynamic_cast(item); - return getField_normRDN_NSS(crl.mCrl.tbs.derIssuer, numFields, - fieldValue); -} - -/*** - *** TBS AlgId - *** Format = CSSM_X509_ALGORITHM_IDENTIFIER - ***/ -static bool getField_CrlTbsAlgId ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - const DecodedCrl &crl = dynamic_cast(item); - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId = - crl.mCrl.signatureAlgorithm; - if(!tbsGetCheck(srcAlgId.algorithm.Data, index)) { - return false; - } - getField_AlgIdNSS(srcAlgId, fieldValue); - numFields = 1; - return true; -} - -/* - * Support for entries in revocation list - */ -static void nssRevokedEntryToCssm( - NSS_RevokedCert &nssEntry, - CSSM_X509_REVOKED_CERT_ENTRY &cssmEntry, - CssmAllocator &alloc) -{ - clAllocCopyData(alloc, nssEntry.userCertificate, cssmEntry.certificateSerialNumber); - CL_nssTimeToCssm(nssEntry.revocationDate, cssmEntry.revocationDate, alloc); - - /* CSSM_X509_EXTENSIONS extensions */ - NSS_CertExtension **nssExtens = nssEntry.extensions; - if(nssExtens == NULL) { - /* done */ - return; - } - - /* - * First we have to decode the NSS-style Extensions into a - * DecodedExtensions object. For cert- and CRL-wide extensions, this - * is done at the construction of Decoded{Cert,Crl}. However for - * per-CRL-entry entensions, this is (currently) the only place - * this decoding is done. - */ - SecNssCoder coder; - DecodedExtensions decodedExtens(coder, alloc); - decodedExtens.decodeFromNss(nssExtens); - - /* convert to CDSA style */ - decodedExtens.convertToCdsa(cssmEntry.extensions, alloc); -} - -static void freeCssmEntry( - CSSM_X509_REVOKED_CERT_ENTRY_PTR cssmEntry, - CssmAllocator &alloc) -{ - if(cssmEntry == NULL) { - return; - } - if(cssmEntry->certificateSerialNumber.Data) { - alloc.free(cssmEntry->certificateSerialNumber.Data); - cssmEntry->certificateSerialNumber.Data = NULL; - cssmEntry->certificateSerialNumber.Length = 0; - } - CL_freeCssmTime(&cssmEntry->revocationDate, alloc); - - /* CSSM_X509_EXTENSIONS extensions */ - CL_freeCssmExtensions(cssmEntry->extensions, alloc); - - memset(cssmEntry, 0, sizeof(CSSM_X509_REVOKED_CERT_ENTRY)); -} - -static void nssRevokedListToCssm( - NSS_RevokedCert **nssList, // may be NULL - CSSM_X509_REVOKED_CERT_LIST_PTR cssmList, - CssmAllocator &alloc) -{ - unsigned numEntries = clNssArraySize((const void **)nssList); - cssmList->numberOfRevokedCertEntries = numEntries; - if(numEntries == 0) { - cssmList->revokedCertEntry = NULL; - return; - } - cssmList->revokedCertEntry = (CSSM_X509_REVOKED_CERT_ENTRY_PTR)alloc.malloc( - sizeof(CSSM_X509_REVOKED_CERT_ENTRY) * numEntries); - memset(cssmList->revokedCertEntry, 0, - sizeof(CSSM_X509_REVOKED_CERT_ENTRY) * numEntries); - for(unsigned dex=0; dexrevokedCertEntry[dex]; - nssRevokedEntryToCssm(*nssEntry, *cssmEntry, alloc); - } -} - - -static void freeCssmRevokedList( - CSSM_X509_REVOKED_CERT_LIST_PTR cssmList, - CssmAllocator &alloc) -{ - if(cssmList == NULL) { - return; - } - for(unsigned dex=0; dexnumberOfRevokedCertEntries; dex++) { - CSSM_X509_REVOKED_CERT_ENTRY_PTR cssmEntry = - &cssmList->revokedCertEntry[dex]; - freeCssmEntry(cssmEntry, alloc); - } - if(cssmList->revokedCertEntry) { - alloc.free(cssmList->revokedCertEntry); - } - memset(cssmList, 0, sizeof(CSSM_X509_REVOKED_CERT_LIST)); -} - -/*** - *** SignedCRL - *** Format: CSSM_X509_SIGNED_CRL (the whole enchilada, parsed) - ***/ -static bool getField_SignedCrl ( - DecodedItem &item, - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - CssmAllocator &alloc = fieldValue.allocator; - - const DecodedCrl &nssCrl = dynamic_cast(item); - const NSS_TBSCrl &nssTbs = nssCrl.mCrl.tbs; - fieldValue.malloc(sizeof(CSSM_X509_SIGNED_CRL)); - CSSM_X509_SIGNED_CRL &cssmCrl = *((CSSM_X509_SIGNED_CRL *)fieldValue.data()); - - memset(&cssmCrl, 0, sizeof(CSSM_X509_SIGNED_CRL)); - CSSM_X509_TBS_CERTLIST &cssmTbs = cssmCrl.tbsCertList; - - /* version */ - clAllocCopyData(alloc, nssTbs.version, cssmTbs.version); - - /* CSSM_X509_ALGORITHM_IDENTIFIER signature - in TBS and CRL */ - CL_copyAlgId(nssTbs.signature, cssmTbs.signature, alloc); - CL_copyAlgId(nssCrl.mCrl.signatureAlgorithm, - cssmCrl.signature.algorithmIdentifier, alloc); - - /* CSSM_X509_NAME issuer */ - CL_nssNameToCssm(nssTbs.issuer, cssmTbs.issuer, alloc); - - /* CSSM_X509_TIME thisUpdate, nextUpdate */ - CL_nssTimeToCssm(nssTbs.thisUpdate, cssmTbs.thisUpdate, alloc); - CL_nssTimeToCssm(nssTbs.nextUpdate, cssmTbs.nextUpdate, alloc); - - /* CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates */ - if(nssTbs.revokedCerts != NULL) { - cssmTbs.revokedCertificates = (CSSM_X509_REVOKED_CERT_LIST_PTR) - alloc.malloc(sizeof(CSSM_X509_REVOKED_CERT_LIST)); - memset(cssmTbs.revokedCertificates, 0, sizeof(CSSM_X509_REVOKED_CERT_LIST)); - nssRevokedListToCssm(nssTbs.revokedCerts, - cssmTbs.revokedCertificates, alloc); - } - - /* CSSM_X509_EXTENSIONS extensions */ - const DecodedExtensions &decodedExtens = nssCrl.decodedExtens(); - decodedExtens.convertToCdsa(cssmTbs.extensions, alloc); - - /* raw signature - stored in bits - note signature.algId set above */ - CSSM_DATA nssSig = nssCrl.mCrl.signature; - nssSig.Length = (nssSig.Length + 7) / 8; - clAllocCopyData(alloc, nssSig, cssmCrl.signature.encrypted); - numFields = 1; - return true; -} - -static void setField_SignedCrl ( - DecodedItem &item, - const CssmData &fieldValue) -{ - /* TBD - writing CRLs not supported now */ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void freeField_SignedCrl ( - CssmOwnedData &fieldValue) -{ - CSSM_X509_SIGNED_CRL *cssmCrl = - (CSSM_X509_SIGNED_CRL *)fieldValue.data(); - - if(cssmCrl == NULL) { - return; - } - if(fieldValue.length() != sizeof(CSSM_X509_SIGNED_CRL)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - CssmAllocator &alloc = fieldValue.allocator; - CSSM_X509_TBS_CERTLIST_PTR cssmTbs = &cssmCrl->tbsCertList; - if(cssmTbs == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - - /* run down the fields */ - if(cssmTbs->version.Data) { - alloc.free(cssmTbs->version.Data); - } - - /* CSSM_X509_ALGORITHM_IDENTIFIER signature - in TBS and CRL */ - CL_freeCssmAlgId(&cssmTbs->signature, alloc); - CL_freeCssmAlgId(&cssmCrl->signature.algorithmIdentifier, alloc); - - /* issuer, thisUpdate, nextUpdate */ - CL_freeX509Name(&cssmTbs->issuer, alloc); - CL_freeCssmTime(&cssmTbs->thisUpdate, alloc); - CL_freeCssmTime(&cssmTbs->nextUpdate, alloc); - - /* CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates */ - freeCssmRevokedList(cssmTbs->revokedCertificates, alloc); - alloc.free(cssmTbs->revokedCertificates); - - /* CSSM_X509_EXTENSIONS extensions */ - CL_freeCssmExtensions(cssmTbs->extensions, alloc); - - /* raw signature - note signature.algId freed above */ - alloc.free(cssmCrl->signature.encrypted.Data); - - memset(cssmCrl, 0, sizeof(CSSM_X509_SIGNED_CRL)); -} - -/* - * Table to map OID to {get,set,free}field - */ -typedef struct { - const CSSM_OID *fieldId; - getItemFieldFcn *getFcn; - setItemFieldFcn *setFcn; - freeFieldFcn *freeFcn; // OPTIONAL - NULL means just free the - // top-level data -} oidToFieldFuncs; - - -static const oidToFieldFuncs crlFieldTable[] = { - /* this first one, which returns everything in a parsed format, - * is intended to be normally the only field used */ - { &CSSMOID_X509V2CRLSignedCrlCStruct, - &getField_SignedCrl, &setField_SignedCrl, &freeField_SignedCrl }, - { &CSSMOID_X509V2CRLVersion, - &getField_Version, &setField_Version, NULL }, - { &CSSMOID_X509V1CRLIssuerNameCStruct, - &getField_Issuer, &setField_Issuer, &freeField_RDN }, - { &CSSMOID_X509V1CRLThisUpdate, - &getField_ThisUpdate, &setField_ThisUpdate, &freeField_Time }, - { &CSSMOID_X509V1CRLNextUpdate, - &getField_NextUpdate, &setField_NextUpdate, &freeField_Time }, - { &CSSMOID_X509V1IssuerName, - getFieldIssuerNorm, &setField_ReadOnly, NULL }, - { &CSSMOID_X509V1SignatureAlgorithmTBS, - &getField_CrlTbsAlgId, &setField_ReadOnly, &freeField_AlgId }, - // ...etc.. - /* - * Extensions, implemented in CrlExtensions.cpp - * When adding new ones, also add to: - * -- clOidToNssInfo() in CLFieldsCommon.cpp - * -- get/set/free functions in CrlExtensions.{cpp,h} - * -- DecodedExten::parse in DecodedExtensions.cpp - */ - { &CSSMOID_CrlNumber, - &getFieldCrlNumber, &setFieldCrlNumber, freeFieldSimpleExtension }, - { &CSSMOID_DeltaCrlIndicator, - &getFieldDeltaCrl, &setFieldCrlNumber, freeFieldSimpleExtension }, - { &CSSMOID_CertIssuer, // get/set not implemented - &getField_Unimplemented, &setField_ReadOnly, - &freeFieldSubjIssuerAltName}, - { &CSSMOID_CrlReason, // get/set not implemented - &getField_Unimplemented, &setField_ReadOnly, - freeFieldSimpleExtension}, - { &CSSMOID_IssuingDistributionPoint, // get/set not implemented - &getField_Unimplemented, &setField_ReadOnly, - &freeFieldIssuingDistPoint}, - { &CSSMOID_HoldInstructionCode, // get/set not implemented - &getField_Unimplemented, &setField_ReadOnly, - &freeFieldOidOrData}, - { &CSSMOID_InvalidityDate, // get/set not implemented - &getField_Unimplemented, &setField_ReadOnly, - &freeFieldOidOrData}, - - /* in common with CertExtensions */ - { &CSSMOID_AuthorityKeyIdentifier, &getFieldAuthorityKeyId, - &setFieldAuthorityKeyId, &freeFieldAuthorityKeyId } , - { &CSSMOID_X509V3CertificateExtensionCStruct, &getFieldUnknownExt, - &setFieldUnknownExt, &freeFieldUnknownExt }, - { &CSSMOID_SubjectAltName, &getFieldSubjAltName, - &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } , - { &CSSMOID_IssuerAltName, &getFieldIssuerAltName, - &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } , - // etc.. -}; - -#define NUM_KNOWN_FIELDS (sizeof(crlFieldTable) / sizeof(oidToFieldFuncs)) -#define NUM_STD_CRL_FIELDS 2 /* TBD not including extensions */ - -/* map an OID to an oidToFieldFuncs */ -static const oidToFieldFuncs *oidToFields( - const CssmOid &fieldId) -{ - const oidToFieldFuncs *fieldTable = crlFieldTable; - for(unsigned i=0; ifieldId)) { - return fieldTable; - } - fieldTable++; - } - CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG); -} - -/* - * Common routine to free OID-specific field data. Used in the - * public DecodedCrl::freeCrlFieldData and when freeing - * extensions in a CSSM_X509_TBS_CERTLIST. - */ -static void CL_freeCrlFieldData( - const CssmOid &fieldId, - CssmOwnedData &fieldValue, - bool reset = true) -{ - if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) { - CssmError::throwMe(CSSM_ERRCODE_INVALID_FIELD_POINTER); - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - if(fieldFuncs->freeFcn != NULL) { - /* optional - simple cases handled below */ - fieldFuncs->freeFcn(fieldValue); - } - if(reset) { - fieldValue.reset(); - fieldValue.release(); - } -} - -/* - * Common routime to free a CSSM_X509_EXTENSIONS. Used to free - * CSSM_X509_TBS_CERTLIST.extensions and - * CSSM_X509_REVOKED_CERT_ENTRY.extensions. - * We just cook up a CssmOid and a CssmOwnedData for each extension - * and pass to CL_freeCrlFieldData(). - */ -static void CL_freeCssmExtensions( - CSSM_X509_EXTENSIONS &extens, - CssmAllocator &alloc) -{ - for(uint32 dex=0; dexformat) { - case CSSM_X509_DATAFORMAT_ENCODED: - fieldOid = &CSSMOID_X509V3CertificateExtensionCStruct; - break; - case CSSM_X509_DATAFORMAT_PARSED: - case CSSM_X509_DATAFORMAT_PAIR: - fieldOid = &exten->extnId; - break; - default: - clErrorLog("CL_freeCssmExtensions: bad exten->format (%d)", - (int)exten->format); - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - - const CssmOid &fieldId = CssmOid::overlay(*fieldOid); - CssmData cData((uint8 *)exten, sizeof(CSSM_X509_EXTENSION)); - CssmRemoteData fieldValue(alloc, cData); - CL_freeCrlFieldData(fieldId, fieldValue, false); - fieldValue.release(); // but no free (via reset() */ - } - alloc.free(extens.extensions); - memset(&extens, 0, sizeof(CSSM_X509_EXTENSIONS)); -} - - - -/*** - *** Public functions - ***/ - -/* - * Obtain the index'th occurrence of field specified by fieldId in specified cert. - * Format of the returned field depends on fieldId. - * Returns total number of fieldId fields in the cert if index is 0. - * FieldValue assumed to be empty on entry. - * Returns true if specified field was found, else returns false. - */ -bool DecodedCrl::getCrlFieldData( - const CssmOid &fieldId, // which field - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue) // RETURNED -{ - switch(mState) { - case IS_Empty: - case IS_Building: - clErrorLog("DecodedCrl::getCrlField: can't parse undecoded CRL!"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - case IS_DecodedAll: - case IS_DecodedTBS: - break; - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - return fieldFuncs->getFcn(*this, index, numFields, fieldValue); -} - -/* - * Set the field specified by fieldId in the specified Cert. - * Note no index - individual field routines either append (for extensions) - * or if field already set ::throwMe(for all others) - */ -void DecodedCrl::setCrlField( - const CssmOid &fieldId, // which field - const CssmData &fieldValue) -{ - switch(mState) { - case IS_Empty: // first time thru - mState = IS_Building; - break; - case IS_Building: // subsequent passes - break; - case IS_DecodedAll: - case IS_DecodedTBS: - clErrorLog("DecodedCrl::setCrlField: can't build on a decoded CRL!"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) { - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId); - const CssmData &value = CssmData::overlay(fieldValue); - fieldFuncs->setFcn(*this, value); -} - -/* - * Free the fieldId-specific data referred to by fieldValue->Data. - * No state from DecodedCrl needed; use the routine shared with - * CL_freeCssmExtensions(). - */ -void DecodedCrl::freeCrlFieldData( - const CssmOid &fieldId, - CssmOwnedData &fieldValue) -{ - CL_freeCrlFieldData(fieldId, fieldValue); -} - - -/* - * Common means to get all fields from a decoded CRL. Used in - * CrlGetAllTemplateFields and CrlGetAllFields. - */ -void DecodedCrl::getAllParsedCrlFields( - uint32 &NumberOfFields, // RETURNED - CSSM_FIELD_PTR &CrlFields) // RETURNED -{ - /* this is the max - some might be missing */ - uint32 maxFields = NUM_STD_CRL_FIELDS + mDecodedExtensions.numExtensions(); - CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)mAlloc.malloc( - maxFields * sizeof(CSSM_FIELD)); - - /* - * We'll be copying oids and values for fields we find into - * outFields; current number of valid fields found in numOutFields. - */ - memset(outFields, 0, maxFields * sizeof(CSSM_FIELD)); - uint32 numOutFields = 0; - CSSM_FIELD_PTR currOutField; - uint32 currOidDex; - const CSSM_OID *currOid; - CssmAutoData aData(mAlloc); // for malloc/copy of outgoing data - - /* query for each OID we know about */ - for(currOidDex=0; currOidDexfieldId; - uint32 numFields; // for THIS oid - - /* - * Return false if field not there, which is not an error here. - * Actual exceptions are fatal. - */ - if(!fieldFuncs->getFcn(*this, - 0, // index - looking for first one - numFields, - aData)) { - continue; - } - - /* got some data for this oid - copy it and oid to outgoing CrlFields */ - assert(numOutFields < maxFields); - currOutField = &outFields[numOutFields]; - currOutField->FieldValue = aData.release(); - aData.copy(*currOid); - currOutField->FieldOid = aData.release(); - numOutFields++; - - /* if more fields are available for this OID, snag them too */ - for(uint32 fieldDex=1; fieldDexgetFcn(*this, - fieldDex, - numFields, // shouldn't change - aData); - if(!brtn) { - clErrorLog("getAllParsedCrlFields: index screwup"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - assert(numOutFields < maxFields); - currOutField = &outFields[numOutFields]; - currOutField->FieldValue = aData.release(); - aData.copy(*currOid); - currOutField->FieldOid = aData.release(); - numOutFields++; - } /* multiple fields for currOid */ - } /* for each known OID */ - - NumberOfFields = numOutFields; - CrlFields = outFields; -} - -void -DecodedCrl::describeFormat( - CssmAllocator &alloc, - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList) -{ - /* malloc in app's space, do deep copy (including ->Data) */ - CSSM_OID_PTR oidList = (CSSM_OID_PTR)alloc.malloc( - NUM_KNOWN_FIELDS * sizeof(CSSM_OID)); - memset(oidList, 0, NUM_KNOWN_FIELDS * sizeof(CSSM_OID)); - for(unsigned i=0; i -#include -// ??? #include "clExtensionTemplates.h" - -DecodedCert::DecodedCert( - AppleX509CLSession &session) - : DecodedItem(session) -{ - memset(&mCert, 0, sizeof(mCert)); -} - -/* one-shot constructor, decoding from DER-encoded data */ -DecodedCert::DecodedCert( - AppleX509CLSession &session, - const CssmData &encodedCert) - : DecodedItem(session) -{ - memset(&mCert, 0, sizeof(mCert)); - PRErrorCode prtn = mCoder.decode(encodedCert.data(), encodedCert.length(), - NSS_SignedCertTemplate, &mCert); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - mDecodedExtensions.decodeFromNss(mCert.tbs.extensions); - mState = IS_DecodedAll; -} - -DecodedCert::~DecodedCert() -{ -} - -/* decode TBSCert and its extensions */ -void DecodedCert::decodeTbs( - const CssmData &encodedTbs) -{ - assert(mState == IS_Empty); - - memset(&mCert, 0, sizeof(mCert)); - PRErrorCode prtn = mCoder.decode(encodedTbs.data(), encodedTbs.length(), - NSS_TBSCertificateTemplate, &mCert.tbs); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - mDecodedExtensions.decodeFromNss(mCert.tbs.extensions); - mState = IS_DecodedTBS; -} - -void DecodedCert::encodeExtensions() -{ - NSS_TBSCertificate &tbs = mCert.tbs; - assert(mState == IS_Building); - assert(tbs.extensions == NULL); - - if(mDecodedExtensions.numExtensions() == 0) { - /* no extensions, no error */ - return; - } - mDecodedExtensions.encodeToNss(tbs.extensions); -} - -/* - * FIXME : how to determine max encoding size at run time!? - */ -#define MAX_TEMPLATE_SIZE (8 * 1024) - -/* encode TBS component; only called from CertCreateTemplate */ -void DecodedCert::encodeTbs( - CssmOwnedData &encodedTbs) -{ - encodeExtensions(); - assert(mState == IS_Building); - - /* enforce required fields - could go deeper, maybe we should */ - NSS_TBSCertificate &tbs = mCert.tbs; - if((tbs.signature.algorithm.Data == NULL) || - (tbs.issuer.rdns == NULL) || - (tbs.subject.rdns == NULL) || - (tbs.subjectPublicKeyInfo.subjectPublicKey.Data == NULL)) { - clErrorLog("DecodedCert::encodeTbs: incomplete TBS"); - /* an odd, undocumented error return */ - CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES); - } - - PRErrorCode prtn; - prtn = SecNssEncodeItemOdata(&tbs, NSS_TBSCertificateTemplate, - encodedTbs); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } -} - -/* - * Cook up CSSM_KEYUSE, gleaning as much as possible from - * (optional) extensions. If no applicable extensions available, - * we'll just return CSSM_KEYUSE_ANY. - * - * Note that the standard KeyUsage flags involving 'signing' translate - * to verify since we're only dealing with public keys. - */ -CSSM_KEYUSE DecodedCert::inferKeyUsage() const -{ - CSSM_KEYUSE keyUse = 0; - const DecodedExten *decodedExten; - uint32 numFields; - - /* Basic KeyUsage */ - decodedExten = DecodedItem::findDecodedExt(CSSMOID_KeyUsage, false, - 0, numFields); - if(decodedExten) { - CSSM_DATA *ku = (CSSM_DATA *)decodedExten->nssObj(); - assert(ku != NULL); - CE_KeyUsage kuse = clBitStringToKeyUsage(*ku); - if(kuse & CE_KU_DigitalSignature) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - if(kuse & CE_KU_NonRepudiation) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - if(kuse & CE_KU_KeyEncipherment) { - keyUse |= CSSM_KEYUSE_WRAP; - } - if(kuse & CE_KU_KeyAgreement) { - keyUse |= CSSM_KEYUSE_DERIVE; - } - if(kuse & CE_KU_KeyCertSign) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - if(kuse & CE_KU_CRLSign) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - if(kuse & CE_KU_DataEncipherment) { - keyUse |= CSSM_KEYUSE_ENCRYPT; - } - } - - /* Extended key usage */ - decodedExten = DecodedItem::findDecodedExt(CSSMOID_ExtendedKeyUsage, - false, 0, numFields); - if(decodedExten) { - NSS_ExtKeyUsage *euse = (NSS_ExtKeyUsage *)decodedExten->nssObj(); - assert(euse != NULL); - unsigned numUses = clNssArraySize((const void **)euse->purposes); - for(unsigned dex=0; dexpurposes[dex]; - if(clCompareCssmData(thisUse, &CSSMOID_ExtendedKeyUsageAny)) { - /* we're done */ - keyUse = CSSM_KEYUSE_ANY; - break; - } - else if(clCompareCssmData(thisUse, &CSSMOID_ServerAuth)) { - keyUse |= (CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_ENCRYPT); - } - else if(clCompareCssmData(thisUse, &CSSMOID_ClientAuth)) { - keyUse |= (CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_ENCRYPT); - } - else if(clCompareCssmData(thisUse, &CSSMOID_ExtendedUseCodeSigning)) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - else if(clCompareCssmData(thisUse, &CSSMOID_EmailProtection)) { - keyUse |= - (CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP | CSSM_KEYUSE_DERIVE); - } - else if(clCompareCssmData(thisUse, &CSSMOID_TimeStamping)) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - else if(clCompareCssmData(thisUse, &CSSMOID_OCSPSigning)) { - keyUse |= CSSM_KEYUSE_VERIFY; - } - } - } - if(keyUse == 0) { - /* Nothing found; take the default. */ - keyUse = CSSM_KEYUSE_ANY; - } - return keyUse; -} - -/* - * Obtain a CSSM_KEY from a decoded cert, inferring as much as we can - * from required fields (subjectPublicKeyInfo) and extensions (for - * KeyUse). - */ -CSSM_KEY_PTR DecodedCert::extractCSSMKey( - CssmAllocator &alloc) const -{ - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &keyInfo = - mCert.tbs.subjectPublicKeyInfo; - return CL_extractCSSMKeyNSS(keyInfo, alloc, this); -} - diff --git a/AppleX509CL/DecodedCert.h b/AppleX509CL/DecodedCert.h deleted file mode 100644 index 484e6064..00000000 --- a/AppleX509CL/DecodedCert.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedCert.h - object representing an NSS-decoded cert, with extensions - * parsed and decoded (still in NSS format). - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - * - * See DecodedItem.h for details on the care and feeding of this - * module. - */ - -#ifndef _DECODED_CERT_H_ -#define _DECODED_CERT_H_ - -#include -#include - -#include "DecodedItem.h" -#include -#include - -class DecodedCert : public DecodedItem -{ - NOCOPY(DecodedCert) -public: - /* construct empty cert, no decoded extensions */ - DecodedCert( - AppleX509CLSession &session); - - /* one-shot constructor, decoding from DER-encoded data */ - DecodedCert( - AppleX509CLSession &session, - const CssmData &encodedCert); - - ~DecodedCert(); - - void encodeExtensions(); - - /* decode TBSCert and its extensions */ - void decodeTbs( - const CssmData &encodedTbs); - - /* encode TBSCert and its extensions */ - void encodeTbs( - CssmOwnedData &encodedTbs); - - /*** - *** field accessors (in CertFields.cpp) - ***/ - - /* - * Obtain the index'th occurrence of field specified by fieldId. - * Format of the returned field depends on fieldId. - * Returns total number of fieldId fields in the cert if index is 0. - * Returns true if specified field was found, else returns false. - */ - bool getCertFieldData( - const CssmOid &fieldId, // which field - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue); // RETURNED - - /* - * Set the field specified by fieldId in TBS. - * Note no index - individual field routines either append (for extensions) - * or throw if field already set (for all others) - */ - void setCertField( - const CssmOid &fieldId, // which field - const CssmData &fieldValue); - - /* - * Free the fieldId-specific data referred to by fieldValue.get().data(). - */ - static void freeCertFieldData( - const CssmOid &fieldId, - CssmOwnedData &fieldValue); - - void getAllParsedCertFields( - uint32 &NumberOfFields, // RETURNED - CSSM_FIELD_PTR &CertFields); // RETURNED - - static void describeFormat( - CssmAllocator &alloc, - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList); - - /* - * Obtain a CSSM_KEY from a decoded cert, inferring as much as we can - * from required fields (subjectPublicKeyInfo) and extensions (for - * KeyUse). - */ - CSSM_KEY_PTR extractCSSMKey( - CssmAllocator &alloc) const; - - CSSM_KEYUSE inferKeyUsage() const; - - NSS_Certificate mCert; -}; - -#endif /* _DECODED_CERT_H_ */ diff --git a/AppleX509CL/DecodedCrl.cpp b/AppleX509CL/DecodedCrl.cpp deleted file mode 100644 index 71a33122..00000000 --- a/AppleX509CL/DecodedCrl.cpp +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedCrl.cpp - object representing a decoded CRL, in NSS format, - * with extensions parsed and decoded (still in NSS format). - * - * Created 8/28/2002 by Doug Mitchell. - */ - -#include "DecodedCrl.h" -#include "cldebugging.h" -#include "AppleX509CLSession.h" -#include "CSPAttacher.h" -#include - -DecodedCrl::DecodedCrl( - AppleX509CLSession &session) - : DecodedItem(session) -{ - memset(&mCrl, 0, sizeof(mCrl)); -} - -/* one-shot constructor, decoding from DER-encoded data */ -DecodedCrl::DecodedCrl( - AppleX509CLSession &session, - const CssmData &encodedCrl) - : DecodedItem(session) -{ - memset(&mCrl, 0, sizeof(mCrl)); - PRErrorCode prtn = mCoder.decode(encodedCrl.data(), encodedCrl.length(), - NSS_SignedCrlTemplate, &mCrl); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions); - mState = IS_DecodedAll; -} - -DecodedCrl::~DecodedCrl() -{ -} - -/* decode mCrl.tbs and its extensions */ -void DecodedCrl::decodeCts( - const CssmData &encodedCts) -{ - assert(mState == IS_Empty); - memset(&mCrl, 0, sizeof(mCrl)); - PRErrorCode prtn = mCoder.decode(encodedCts.data(), encodedCts.length(), - NSS_TBSCrlTemplate, &mCrl.tbs); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions); - mState = IS_DecodedTBS; -} - -void DecodedCrl::encodeExtensions() -{ - NSS_TBSCrl &tbs = mCrl.tbs; - assert(mState == IS_Building); - assert(tbs.extensions == NULL); - - if(mDecodedExtensions.numExtensions() == 0) { - /* no extensions, no error */ - return; - } - mDecodedExtensions.encodeToNss(tbs.extensions); -} - -/* - * FIXME : how to determine max encoding size at run time!? - */ -#define MAX_TEMPLATE_SIZE (16 * 1024) - -/* encode TBS component; only called from CrlCreateTemplate */ -void DecodedCrl::encodeCts( - CssmOwnedData &encodedCts) -{ - encodeExtensions(); - assert(mState == IS_Building); - - /* enforce required fields - could go deeper, maybe we should */ - NSS_TBSCrl &tbs = mCrl.tbs; - if((tbs.signature.algorithm.Data == NULL) || - (tbs.issuer.rdns == NULL)) { - clErrorLog("DecodedCrl::encodeTbs: incomplete TBS"); - /* an odd, undocumented error return */ - CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES); - } - - PRErrorCode prtn; - prtn = SecNssEncodeItemOdata(&tbs, NSS_TBSCrlTemplate, - encodedCts); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } -} - diff --git a/AppleX509CL/DecodedCrl.h b/AppleX509CL/DecodedCrl.h deleted file mode 100644 index 7f428089..00000000 --- a/AppleX509CL/DecodedCrl.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedCrl.h - object representing a decoded cert in NSS form, with - * extensions parsed and decoded (still in NSS format). - * - * Created 8/28/2002 by Doug Mitchell. - * - * See DecodedItem.h for details on the care and feeding of this - * module. - */ - -#ifndef _DECODED_CRL_H_ -#define _DECODED_CRL_H_ - -#include -#include - -#include "DecodedItem.h" -#include - -class DecodedCrl : /* for now public CertificateList, */ public DecodedItem -{ - NOCOPY(DecodedCrl) -public: - /* construct empty CRL, no decoded extensions */ - DecodedCrl( - AppleX509CLSession &session); - - /* one-shot constructor, decoding from DER-encoded data */ - DecodedCrl( - AppleX509CLSession &session, - const CssmData &encodedCrl); - - ~DecodedCrl(); - - /* decode CRLToSign and its extensions */ - void decodeCts( - const CssmData &encodedCTS); - - /* encode TBSCert and its extensions */ - void encodeExtensions(); - void encodeCts( - CssmOwnedData &encodedTbs); - - /*** - *** field accessors (in CrlFields.cpp) - ***/ - - /* - * Obtain the index'th occurrence of field specified by fieldId. - * Format of the returned field depends on fieldId. - * Returns total number of fieldId fields in the cert if index is 0. - * Returns true if specified field was found, else returns false. - */ - bool getCrlFieldData( - const CssmOid &fieldId, // which field - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmOwnedData &fieldValue); // RETURNED - - /* - * Set the field specified by fieldId in TBS. - * Note no index - individual field routines either append (for extensions) - * or throw if field already set (for all others) - */ - void setCrlField( - const CssmOid &fieldId, // which field - const CssmData &fieldValue); - - /* - * Free the fieldId-specific data referred to by fieldValue.get().data(). - */ - static void freeCrlFieldData( - const CssmOid &fieldId, - CssmOwnedData &fieldValue); - - void getAllParsedCrlFields( - uint32 &NumberOfFields, // RETURNED - CSSM_FIELD_PTR &CertFields); // RETURNED - - static void describeFormat( - CssmAllocator &alloc, - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList); - - NSS_Crl mCrl; - -}; - -#endif /* _DECODED_CRL_H_ */ diff --git a/AppleX509CL/DecodedExtensions.cpp b/AppleX509CL/DecodedExtensions.cpp deleted file mode 100644 index b2709b1e..00000000 --- a/AppleX509CL/DecodedExtensions.cpp +++ /dev/null @@ -1,462 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedItem.cpp - class representing the common portions of - * NSS-format decoded certs and CRLs, with extensions parsed and - * decoded (still in NSS format). - */ - -#include "DecodedItem.h" -#include "cldebugging.h" -#include "AppleX509CLSession.h" -#include "CSPAttacher.h" -#include "CLFieldsCommon.h" -#include "clNssUtils.h" -#include "clNameUtils.h" -#include -#include - -#define MIN_EXTENSIONS 4 // initial size of *mExtensions - -DecodedExten::DecodedExten( - const CSSM_OID &extnId, // copied - bool critical, - void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints, - // etc. NOT COPIED, exists in same - // memory space as coder - bool berEncoded, // indicates unknown extension which we - // do not BER-decode when parsing a cert - const SEC_ASN1Template *templ, // to decode/encode if !berEncoded - SecNssCoder &coder, // all local allocs from here - const CSSM_DATA *rawExtn) // NSS_CertExtension.value, copied to - // mRawExtn - : mCritical(critical), - mNssObj(nssObj), - mBerEncoded(berEncoded), - mTempl(templ), - mCoder(coder), - mRawExtn(NULL) -{ - coder.allocCopyItem(extnId, mExtnId); - if(rawExtn) { - mRawExtn = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - coder.allocCopyItem(*rawExtn, *mRawExtn); - } -} - -DecodedExten::~DecodedExten() -{ - /* the only stuff we allocated was in the coder pool and will be freed - * when coder is freed */ -} - -/* - * Convert this extension to a CSSM_X509_EXTENSION, in the specified - * (app-level) alloc space, after its contents have - * been converted to a native CDSA object (CE_KeyUsage, etc.). - */ -void DecodedExten::convertToCdsa( - void *cdsaObj, // e.g. CE_KeyUsage - // CSSM_DATA_PTR for berEncoded - CSSM_X509_EXTENSION_PTR cssmExt, // contents RETURNED - CssmAllocator &alloc) const -{ - clAllocCopyData(alloc, mExtnId, cssmExt->extnId); - cssmExt->critical = mCritical ? CSSM_TRUE : CSSM_FALSE; - - /* - * in either case copy the raw extension data if we have it (we may not - * have it if this was created via setField). - */ - if(mRawExtn) { - clAllocCopyData(alloc, *mRawExtn, cssmExt->BERvalue); - } - else { - cssmExt->BERvalue.Data = NULL; - cssmExt->BERvalue.Length = 0; - } - if(mBerEncoded) { - /* an extension we never parsed or understood */ - assert(cdsaObj == NULL); - cssmExt->format = CSSM_X509_DATAFORMAT_ENCODED; - cssmExt->value.parsedValue = NULL; - } - else { - /* caller sees parsed version plus raw BER-encoded bytes */ - assert(cdsaObj != NULL); - if(mRawExtn) { - /* normal decode & parse case */ - cssmExt->format = CSSM_X509_DATAFORMAT_PAIR; - } - else { - /* setField */ - cssmExt->format = CSSM_X509_DATAFORMAT_PARSED; - } - /* in app alloc's space, mallocd by getField*() */ - cssmExt->value.parsedValue = cdsaObj; - } -} - -/* - * Convert a DecodedExten to a CSSM_X509_EXTENSION. This includes - * the mapping of the extnId to a known CDSA type and type and doing the - * actual NSS-to-CDSA conversion. At the time this function is - * called, the DecodedExten either has a valid mNssObj, or it's an - * unknown extension type in which case mNssObj is an AsnOcts containing - * the opaquely DER-encoded extension value. - * - * Currently only used when decoding a CRL and converting it en masse - * to CDSA. - */ -template -void nssToCssm( - const DecodedExten &decodedExt, - NssType *&nssObj, // RETURNED - CdsaType *&cdsaObj, // mallocd and RETURNED - CssmAllocator &alloc) -{ - nssObj = (NssType *)(decodedExt.nssObj()); - assert(nssObj != NULL); - cdsaObj = (CdsaType *)alloc.malloc(sizeof(CdsaType)); - memset(cdsaObj, 0, sizeof(CdsaType)); -} - -void DecodedExten::parse( - CSSM_X509_EXTENSION_PTR cssmExt, // mallocd by caller, RETURNED - CssmAllocator &alloc) const -{ - void *vCdsaObj = NULL; - if(mBerEncoded) { - /* non-understood extension */ - convertToCdsa(NULL, cssmExt, alloc); - return; - } - if(clCompareCssmData(&mExtnId, &CSSMOID_AuthorityKeyIdentifier)) { - CE_AuthorityKeyID *cdsaObj; - NSS_AuthorityKeyId *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - CL_nssAuthorityKeyIdToCssm(*nssObj, *cdsaObj, mCoder, alloc); - vCdsaObj = cdsaObj; - } - /* same encoding (uint32) for all of these: */ - else if(clCompareCssmData(&mExtnId, &CSSMOID_CrlNumber) || - clCompareCssmData(&mExtnId, &CSSMOID_DeltaCrlIndicator) || - clCompareCssmData(&mExtnId, &CSSMOID_CrlReason)) { - CE_CrlNumber *cdsaObj; - CSSM_DATA *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - *cdsaObj = clDataToInt(*nssObj); - vCdsaObj = cdsaObj; - } - /* same encoding (GeneralNames) for all of these: */ - else if(clCompareCssmData(&mExtnId, &CSSMOID_IssuerAltName) || - clCompareCssmData(&mExtnId, &CSSMOID_SubjectAltName) || - clCompareCssmData(&mExtnId, &CSSMOID_CertIssuer)) { - CE_GeneralNames *cdsaObj; - NSS_GeneralNames *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - CL_nssGeneralNamesToCssm(*nssObj, *cdsaObj, mCoder, alloc); - vCdsaObj = cdsaObj; - } - else if(clCompareCssmData(&mExtnId, &CSSMOID_IssuingDistributionPoint)) { - CE_IssuingDistributionPoint *cdsaObj; - NSS_IssuingDistributionPoint *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - CL_nssIssuingDistPointToCssm(nssObj, cdsaObj, mCoder, alloc); - vCdsaObj = cdsaObj; - } - - /* - * cert entry extensions - */ - else if(clCompareCssmData(&mExtnId, &CSSMOID_HoldInstructionCode)) { - /* value is just an OID */ - CSSM_OID *cdsaObj; - CSSM_DATA *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - clAllocCopyData(alloc, *nssObj, *cdsaObj); - vCdsaObj = cdsaObj; - } - else if(clCompareCssmData(&mExtnId, &CSSMOID_InvalidityDate)) { - /* GeneralizedTime */ - CSSM_DATA *cdsaObj; - CSSM_DATA *nssObj; - nssToCssm( - *this, - nssObj, - cdsaObj, - alloc); - clAllocCopyData(alloc, *nssObj, *cdsaObj); - vCdsaObj = cdsaObj; - } - else { - /* if we get here, this routine is not keeping up with - * clOidToNssInfo() */ - assert(0); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - convertToCdsa(vCdsaObj, cssmExt, alloc); -} - - -#pragma mark ------ DecodedExtensions ------ - -/* - * A variable-size array of DecodedExtens. - * Used for storing cert and CRL extensions as well as per-CRL-entry - * extensions. - */ -DecodedExtensions::DecodedExtensions( - SecNssCoder &coder, - CssmAllocator &alloc) - : mCoder(coder), - mAlloc(alloc), - mExtensions(NULL), - mNumExtensions(0), - mSizeofExtensions(0) -{ - -} - -DecodedExtensions::~DecodedExtensions() -{ - for(unsigned i=0; iextnId, cook up an approppriate - * NSS-specific type (NSS_KeyUsage, etc.); - */ - CSSM_DATA &rawExtn = nssExten->value; - bool berEncoded = false; - bool found; // we understand this OID - unsigned nssObjLen; // size of associated NSS object - const SEC_ASN1Template *templ = NULL; // template for decoding - void *nssObj = NULL; // decode destination - found = clOidToNssInfo(nssExten->extnId, nssObjLen, templ); - if(!found) { - /* - * We don't know how to deal with this. - */ - berEncoded = true; - } - else { - /* - * Create NSS-style object specific to this extension, just - * by knowing its length and ASN template. - * Decode the extensions's extnValue into that object. We don't - * have to know what kind of object it is anymore. - */ - assert(templ != NULL); - nssObj = mCoder.malloc(nssObjLen); - memset(nssObj, 0, nssObjLen); - PRErrorCode prtn; - prtn = mCoder.decodeItem(rawExtn, templ, nssObj); - if(prtn) { - /* - * FIXME - what do we do here? For now flag it - * as an non-understood extension... - */ - clErrorLog("decodeExtensions: extension decode error\n"); - nssObj = NULL; - berEncoded = true; - } - } - if((nssObj != NULL) || berEncoded) { - /* append if the decode was successful */ - addExtension(nssExten->extnId, - clNssBoolToCssm(nssExten->critical), - nssObj, - berEncoded, - templ, - &rawExtn); - } - } -} - -/* - * Encode into a NSS-style Extensions. - * - * Each extension object, currently stored as some AsnType subclass, - * is BER-encoded and the result is stored as an octet string - * (AsnOcts) in a new Extension object in the TBS. - * - * Called from {Crl,Cert}CreateTemplate via encode{Tbs,Cts}(). - */ -void DecodedExtensions::encodeToNss( - NSS_CertExtension **&extensions) -{ - assert(extensions == NULL); - - if(mNumExtensions == 0) { - /* no extensions, no error */ - return; - } - - /* malloc a NULL_terminated array of NSS_CertExtension pointers */ - unsigned len = (mNumExtensions + 1) * sizeof(NSS_CertExtension *); - extensions = (NSS_CertExtension **)mCoder.malloc(len); - memset(extensions, 0, len); - - /* grind thru our DecodedExtens, creating an NSS_CertExtension for - * each one */ - for(unsigned extenDex=0; extenDexberEncoded()) { - /* unknown extension type, it's already encoded */ - const CSSM_DATA *srcBer = (const CSSM_DATA *)decodedExt->rawExtn(); - assert(srcBer != NULL); - mCoder.allocCopyItem(*srcBer, thisNssExten->value); - } - else { - PRErrorCode prtn; - prtn = mCoder.encodeItem(decodedExt->nssObj(), - decodedExt->templ(), thisNssExten->value); - if(prtn) { - clErrorLog("encodeToNss: extension encode error"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - } - ArenaAllocator arenaAlloc(mCoder); - if(decodedExt->critical()) { - /* optional, default false */ - clCssmBoolToNss(CSSM_TRUE, thisNssExten->critical, arenaAlloc); - } - mCoder.allocCopyItem(decodedExt->extnId(), thisNssExten->extnId); - } -} - -/* add/retrieve entries */ -void DecodedExtensions::addExtension( - const CSSM_OID &extnId, // copied - bool critical, - void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints, - // etc. NOT COPIED, exists in same - // memory space as coder - bool berEncoded, // indicates unknown extension which we - // do not BER-decode when parsing a cert - const SEC_ASN1Template *templ, // required if !berEncoded - const CSSM_DATA *rawExtn) // NSS_CertExtension.value, copied, - // optional (not present during a - // SetField op) -{ - if(mNumExtensions == mSizeofExtensions) { - /* expand by doubling, or initial malloc */ - mSizeofExtensions = mNumExtensions ? - (2 * mNumExtensions) : MIN_EXTENSIONS; - mExtensions = (DecodedExten **)mAlloc.realloc( - mExtensions, mSizeofExtensions * sizeof(DecodedExten)); - } - mExtensions[mNumExtensions++] = new DecodedExten(extnId, - critical, nssObj, berEncoded, templ, mCoder, rawExtn); -} - -const DecodedExten *DecodedExtensions::getExtension( - unsigned extenDex) const -{ - assert(extenDex < mNumExtensions); - return mExtensions[extenDex]; -} - -/* Convert to CSSM_X509_EXTENSIONS */ -/* Currently only used when decoding a CRL and converting it en masse - * to CDSA */ -void DecodedExtensions::convertToCdsa( - CSSM_X509_EXTENSIONS &cssmExtens, - CssmAllocator &alloc) const -{ - memset(&cssmExtens, 0, sizeof(cssmExtens)); - if(mNumExtensions == NULL) { - return; - } - cssmExtens.extensions = (CSSM_X509_EXTENSION_PTR)alloc.malloc( - sizeof(CSSM_X509_EXTENSION) * mNumExtensions); - memset(cssmExtens.extensions, 0, - sizeof(CSSM_X509_EXTENSION) * mNumExtensions); - cssmExtens.numberOfExtensions = mNumExtensions; - for(unsigned dex=0; dexparse(&cssmExtens.extensions[dex], alloc); - } - catch(...) { - /* FIXME - what now? */ - clFieldLog("DecodedExtensions:convertToCdsa: extension " - "decode error"); - } - } -} - diff --git a/AppleX509CL/DecodedExtensions.h b/AppleX509CL/DecodedExtensions.h deleted file mode 100644 index 7c46ff8b..00000000 --- a/AppleX509CL/DecodedExtensions.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedExtensions.h - Intermediate representation of extensions. - */ - -#ifndef _DECODED_EXTENSIONS_H_ -#define _DECODED_EXTENSIONS_H_ - -#include -#include - -#include -#include - -#include "cldebugging.h" - -class DecodedExten -{ - NOCOPY(DecodedExten) -public: - - /* member variables only set on construct */ - DecodedExten( - const CSSM_OID &extnId, // copied - bool critical, - void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints, - // etc. NOT COPIED, exists in same - // memory space as coder - bool berEncoded, // indicates unknown extension - // which we do not BER-decode - // when parsing a cert - const SEC_ASN1Template *templ, // to decode/encode if !berEncoded - SecNssCoder &coder, // all local allocs from here - const CSSM_DATA *rawExtn=NULL); // NSS_CertExtension.value, copied to - // mRawExtn, optional (not present - // during a SetField op) - ~DecodedExten(); - - /* - * Convert this extension to a CSSM_X509_EXTENSION, after its contents - * have been converted to a native CDSA object (CE_KeyUsage, etc.). - * This is the final step of a getField op involving an extension. - */ - void convertToCdsa( - void *cdsaObj, // e.g. CE_KeyUsage - // CSSM_DATA_PTR for berEncoded - CSSM_X509_EXTENSION_PTR cssmExt, // contents mallocd in alloc's space - // and RETURNED - CssmAllocator &alloc) const; - - /* - * Convert a DecodedExten to a CSSM_X509_EXTENSION. This includes - * the mapping of the extnId to a known CDSA type and type and doing the - * actual NSS-to-CDSA conversion. - */ - void parse( - CSSM_X509_EXTENSION_PTR cssmExt, // mallocd by caller, contents - // mallocd in alloc's space, - // RETURNED - CssmAllocator &alloc) const; - - const CSSM_OID &extnId() const { return mExtnId; } - bool critical() const { return mCritical; } - void *nssObj() const { return mNssObj; } - bool berEncoded() const { return mBerEncoded; } - const SEC_ASN1Template *templ() const { return mTempl; } - CSSM_DATA *rawExtn() const { return mRawExtn; } -private: - CSSM_OID mExtnId; - bool mCritical; - void *mNssObj; // NSS_KeyUsage, NSS_BasicConstraints, etc. - bool mBerEncoded; // indicates unknown extension which we - // do not BER-decode when parsing a cert - const SEC_ASN1Template *mTempl; - // used for decode/encode - SecNssCoder &mCoder; - CSSM_DATA *mRawExtn; // optional BER-encoded extension data, not - // present if created via SetField() -}; - -/* - * A variable-size array of DecodedExtens. - * Used for storing cert and CRL extensions as well as per-CRL-entry - * extensions. - */ -class DecodedExtensions -{ - NOCOPY(DecodedExtensions) -public: - DecodedExtensions( - SecNssCoder &coder, // for local allocs - CssmAllocator &alloc); // for user space (copyout) allocs - ~DecodedExtensions(); - - /* Initialize by decoding an NSS-style NSS_CertExtension array */ - void decodeFromNss( - NSS_CertExtension **extensions); - - /* Encode into a NSS-style NSS_CertExtension array, allocating - * both the array pointers and the NSS_Extension elements themselves */ - void encodeToNss( - NSS_CertExtension **&extensions); - - /* add/retrieve entries */ - void addExtension( - const CSSM_OID &extnId, // copied - bool critical, - void *nssObj, // NSS_BasicConstraints, - // etc. NOT COPIED, exists in same - // memory space as coder - bool berEncoded, // indicates unknown extension - // which we do not BER-decode - // when parsing a cert - const SEC_ASN1Template *templ, // required if !berEncoded - const CSSM_DATA *rawExtn=NULL); // NSS_CertExtension.value, copied, - // optional (not present during a - // SetField op) - const DecodedExten *getExtension( - unsigned extenDex) const; - - /* - * Convert to CSSM_X509_EXTENSIONS, including conversion to - * native CDSA C structs. Only used on CRL side, on a getField - * returning the entire parsed CRL. */ - void convertToCdsa( - CSSM_X509_EXTENSIONS &cssmExtens, - CssmAllocator &alloc) const; - - unsigned numExtensions() const { return mNumExtensions; } - -private: - SecNssCoder &mCoder; - CssmAllocator &mAlloc; - DecodedExten **mExtensions; - unsigned mNumExtensions; // # valid DecodedExtens - unsigned mSizeofExtensions; // mallocd size in mExtensions -}; - -#endif /* _DECODED_EXTENSIONS_H_ */ diff --git a/AppleX509CL/DecodedItem.cpp b/AppleX509CL/DecodedItem.cpp deleted file mode 100644 index 17ba9869..00000000 --- a/AppleX509CL/DecodedItem.cpp +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedItem.cpp - class representing the common portions of NSS-style - * certs and CRLs, with extensions parsed and decoded (still in NSS - * format). - */ - -#include "DecodedItem.h" -#include "cldebugging.h" -#include "AppleX509CLSession.h" -#include "CSPAttacher.h" -#include "CLFieldsCommon.h" -#include "clNssUtils.h" -#include - - -DecodedItem::DecodedItem( - AppleX509CLSession &session) - : mState(IS_Empty), - mAlloc(session), - mSession(session), - mDecodedExtensions(mCoder, session) -{ -} - -DecodedItem::~DecodedItem() -{ - /* nothing for now */ -} - -/* - * Search for DecodedExten by AsnOid or "any unknown extension". - * Called from getField*() and inferKeyUsage. - * Returns NULL if specified extension not found. - */ -const DecodedExten *DecodedItem::findDecodedExt( - const CSSM_OID &extnId, // for known extensions - bool unknown, // otherwise - uint32 index, - uint32 &numFields) const -{ - unsigned dex; - const DecodedExten *rtnExt = NULL; - unsigned found = 0; - - for(dex=0; dexberEncoded() && - (clCompareCssmData(&decodedExt->extnId(), &extnId)) - ) || - (unknown && decodedExt->berEncoded()) - ) { - - if(found++ == index) { - /* the one we want */ - rtnExt = decodedExt; - } - if((rtnExt != NULL) && (index != 0)) { - /* only determine numFields on search for first one */ - break; - } - } - } - if(rtnExt != NULL) { - /* sucessful return */ - if(index == 0) { - numFields = found; - } - return rtnExt; - } - else { - return NULL; - } -} - diff --git a/AppleX509CL/DecodedItem.h b/AppleX509CL/DecodedItem.h deleted file mode 100644 index e496bca3..00000000 --- a/AppleX509CL/DecodedItem.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DecodedItem.h - class representing the common portions of NSS-format - * decoded certs and CRLs, with extensions parsed and decoded (still in - * NSS format). - * - * When a DecodedItem (cert or CRL) is quiescent and cached in the CL - * (either by an explicit cache call like CSSM_CL_CertCache or - * CSSM_CL_CrlCache(), or during a succession of GetFirst/GetNext field - * ops), the item is stored in the CL in what we call NSS form. NSS is - * the module we use to perform DER encoding and decoding; NSS form - * refers to structs defining Certs, CRLs, and extensions which are - * directly encodable and decodable by the NSS library. NSS structs are - * similar to their CDSA counterparts, sometimes identical, usually - * subtly different (due to requirements of the NSS module). - * - * Decoding a cert or a CRL: - * ------------------------- - * - * When an app decodes a cert or CRL for any reason, the following phases - * are executed: - * - * PHASE I - * ------- - * - * Basic BER-decode if the incoming CSSM_DATA blob. This happens in the - * constructors for DecodedCert and DecodedCrl. A modified/restricted - * version of this occurs in DecodedCert::decodeTbs(), which is used - * during a CSSM_CL_CertGetAllTemplateFields() call. - * - * PHASE II - * -------- - * - * Extensions are converted from untyped blobs - which is how they look - * after PHASE I - to NSS-style C structs. This is done by examining - * the ExtnId of each cert's or CRL's extensions and doing a BER decode - * specific to that extension type. This is performed in - * DecodedExtensions.decodeFromNss() which is called immediately after - * the top-level decode performed in PHASE I. - * - * It is at this point that a cert or CRL can be cached in the CL's - * cacheMap or queryMap (see AppleX509CLSession.{h,cpp}. We call this - * state "NSS Form". - * - * PHASE III (CRLs only) - * -------------------- - * - * This occurs when an app is actually fetching a full CRL in - * CDSA form. Individual entries in a CRL's revocation list also - * contain per-entry extension lists. These are converted from - * untyped blobs to meaningful NSS-style extension structs as - * in PHASE II prior to the conversion to CDSA form in PHASE IV. - * - * PHASE IV - * --------- - * - * This occurs when an app is actually fetching fields in CDSA form. - * This involves converting objects from NSS form to CDSA form - * (if necessary) and copying to the session allocator's memory space. - * - * The rationale behind this phased approach - in particular, the - * reason that in-memory items are stored in NSS form - is that this - * minimizes the number of copies between the intiial parse of a cert - * or CRL and the final GetField op. Since a GetField op inherently - * requires a copy (from internal memory to the session allocator's - * space), and conversion from NSS to CDSA form is basically a bunch of - * copies as well, we might as well just stop with the item in CRL - * format as soon as PHASE II is complete. Note that completion of - * PHASE II is in fact required before caching a cert since that enables - * us to have access to extension-specific info while a cert is - * cached. The KeyUsage and ExtendedKeyUsage extensions are used in - * this manner to get key info from a TBS cert. - * - * - * Creating and encoding a cert: - * ----------------------------- - * - * Creating a cert (creating CRLs is not supported in this release) - * follows more or less the reverse procedure, as follows: - * - * PHASE I - * ------- - * - * During a CSSM_CL_CertCreateTemplate() op, all fields which the - * app wishes to specify are passed into the CL in CDSA form. These - * fields are converted to NSS form in a temporary DecodedCert. This - * includes extensions (in NSS form). - * - * PHASE II - * -------- - * - * Extensions in NSS form are encoded and bundled up into the final, - * BER-encode ready NSS_CertExtension array form. This occurs - * in DecodedCert::encodeExtensions(), called from the top of - * DecodedCert::encodeTbs(). We're still processing an app's - * CSSM_CL_CertCreateTemplate() call at this point. - * - * PHASE III - * --------- - * - * Final DER-encoding of a TBS cert is performed in - * DecodedCert::encodeTbs(). The resulting CSSM_DATA is - * passed back to the app as what CDSA calls a template. - * This completes the CSSM_CL_CertCreateTemplate() call. - * - * PHASE IV - * -------- - * - * The TBS cert blob is signed and the resulting DER-encoded - * cert is passed back to the app. - */ - -#ifndef _DECODED_ITEM_H_ -#define _DECODED_ITEM_H_ - -#include -#include - -#include "cldebugging.h" -#include "DecodedExtensions.h" -#include - -/* state of a DecodedItem */ -typedef enum { - IS_Empty, - IS_DecodedAll, // can't set fields in this state - IS_DecodedTBS, // ditto - IS_Building // in the process of setting fields -} ItemState; - - -class AppleX509CLSession; - -class DecodedItem -{ -public: - DecodedItem( - AppleX509CLSession &session); - - virtual ~DecodedItem(); - - SecNssCoder &coder() { return mCoder; } - - static void describeFormat( - CssmAllocator &alloc, - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList); - -public: - /*** - *** Extensions support - ***/ - - /* called from decodeExtensions and setField* */ - void addExtension( - void *nssThing, // e.g. NSS_KeyUsage - const CSSM_OID &extnId, - bool critical, - bool berEncoded, - const SEC_ASN1Template *templ, // to decode/encode if !berEncoded - const CSSM_DATA *rawExtn=NULL) // Extension.extnValue, copied, only for - // setField*() - { mDecodedExtensions.addExtension(extnId, critical, nssThing, - berEncoded, templ, rawExtn); - } - - const DecodedExten *findDecodedExt( - const CSSM_OID &extnId, // for known extensions - bool unknown, // otherwise - uint32 index, - uint32 &numFields) const; - - const DecodedExtensions &decodedExtens() const - { return mDecodedExtensions; } - - /* - * Common code for get extension field routines. - * Given an OID identifying an extension and an index, see if - * we have the specified extension in mDecodedExtensions and - * return the NSS and CDSA style objects as well as the - * DecodedExten. - */ - template - bool GetExtenTop( - unsigned index, // which occurrence (0 = first) - uint32 &numFields, // RETURNED - CssmAllocator &alloc, - const CSSM_OID &fieldId, // identifies extension we seek - NssType *&nssObj, // RETURNED - CdsaType *&cdsaObj, // mallocd and RETURNED - const DecodedExten *&decodedExt) const // RETURNED - { - /* See if we have one of these in our list of DecodedExtens */ - decodedExt = findDecodedExt(fieldId, false, index, numFields); - if(decodedExt == NULL) { - return false; - } - nssObj = (NssType *)decodedExt->nssObj(); - cdsaObj = (CdsaType *)alloc.malloc(sizeof(CdsaType)); - memset(cdsaObj, 0, sizeof(CdsaType)); - return true; - } - -protected: - ItemState mState; - CssmAllocator &mAlloc; - SecNssCoder mCoder; // from which all local allocs come - AppleX509CLSession &mSession; - DecodedExtensions mDecodedExtensions; - -}; - - -#endif /* _DECODED_ITEM_H_ */ diff --git a/AppleX509CL/LockedMap.h b/AppleX509CL/LockedMap.h deleted file mode 100644 index 8388c40d..00000000 --- a/AppleX509CL/LockedMap.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * LockedMap.h - STL-style map with attached Mutex - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#ifndef _LOCKED_MAP_H_ -#define _LOCKED_MAP_H_ - -#include -#include - -template -class LockedMap -{ -private: - typedef std::map MapType; - MapType mMap; - Mutex mMapLock; - - /* low-level lookup, cacheMapLock held on entry and exit */ - ValueType - *lookupEntryLocked(KeyType key) - { - // don't create new entry if desired entry isn't there - typename MapType::iterator it = mMap.find(key); - if(it == mMap.end()) { - return NULL; - } - return it->second; - } - -public: - /* high level maintenance */ - void - addEntry(ValueType &value, KeyType key) - { - StLock _(mMapLock); - mMap[key] = &value; - } - - ValueType - *lookupEntry(KeyType key) - { - StLock _(mMapLock); - return lookupEntryLocked(key); - } - - void - removeEntry(KeyType key) - { - StLock _(mMapLock); - - ValueType *value = lookupEntryLocked(key); - if(value != NULL) { - mMap.erase(key); - } - } - - ValueType - *removeFirstEntry() - { - StLock _(mMapLock); - typename MapType::iterator it = mMap.begin(); - if(it == mMap.end()) { - return NULL; - } - ValueType *rtn = it->second; - mMap.erase(it->first); - return rtn; - } -}; - -#endif /* _LOCKED_MAP_H_ */ diff --git a/AppleX509CL/Session_CRL.cpp b/AppleX509CL/Session_CRL.cpp deleted file mode 100644 index 73ac4db8..00000000 --- a/AppleX509CL/Session_CRL.cpp +++ /dev/null @@ -1,436 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Apple X.509 CRL-related session functions. -// - -#include "AppleX509CLSession.h" -#include "clNssUtils.h" -#include "clNameUtils.h" - -void -AppleX509CLSession::CrlDescribeFormat( - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList) -{ - DecodedCrl::describeFormat(*this, NumberOfFields, OidList); -} - - -void -AppleX509CLSession::CrlGetAllFields( - const CssmData &Crl, - uint32 &NumberOfCrlFields, - CSSM_FIELD_PTR &CrlFields) -{ - class DecodedCrl decodedCrl(*this, Crl); - decodedCrl.getAllParsedCrlFields(NumberOfCrlFields, CrlFields); -} - - -CSSM_HANDLE -AppleX509CLSession::CrlGetFirstFieldValue( - const CssmData &Crl, - const CssmData &CrlField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value) -{ - NumberOfMatchedFields = 0; - Value = NULL; - CssmAutoData aData(*this); - - DecodedCrl *decodedCrl = new DecodedCrl(*this, Crl); - uint32 numMatches; - - /* this returns false if field not there, throws on bad OID */ - bool brtn; - try { - brtn = decodedCrl->getCrlFieldData(CrlField, - 0, // index - numMatches, - aData); - } - catch (...) { - delete decodedCrl; - throw; - } - if(!brtn) { - delete decodedCrl; - return CSSM_INVALID_HANDLE; - } - - /* cook up a CLCachedCRL, stash it in cache */ - CLCachedCRL *cachedCrl = new CLCachedCRL(*decodedCrl); - cacheMap.addEntry(*cachedCrl, cachedCrl->handle()); - - /* cook up a CLQuery, stash it */ - CLQuery *query = new CLQuery( - CLQ_CRL, - CrlField, - numMatches, - false, // isFromCache - cachedCrl->handle()); - queryMap.addEntry(*query, query->handle()); - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - NumberOfMatchedFields = numMatches; - return query->handle(); -} - - -bool -AppleX509CLSession::CrlGetNextFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value) -{ - /* fetch & validate the query */ - CLQuery *query = queryMap.lookupEntry(ResultsHandle); - if(query == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->queryType() != CLQ_CRL) { - clErrorLog("CrlGetNextFieldValue: bad queryType (%d)", - (int)query->queryType()); - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->nextIndex() >= query->numFields()) { - return false; - } - - /* fetch the associated cached CRL */ - CLCachedCRL *cachedCrl = lookupCachedCRL(query->cachedObject()); - uint32 dummy; - CssmAutoData aData(*this); - if(!cachedCrl->crl().getCrlFieldData(query->fieldId(), - query->nextIndex(), - dummy, - aData)) { - return false; - } - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - query->incrementIndex(); - return true; -} - - -void -AppleX509CLSession::IsCertInCrl( - const CssmData &Cert, - const CssmData &Crl, - CSSM_BOOL &CertFound) -{ - /* - * Decode the two entities. Note that doing it this way incurs - * the unnecessary (for our purposes) overhead of decoding - * extensions, but doing it this way is so spiffy that I can't - * resist. - */ - DecodedCert decodedCert(*this, Cert); - DecodedCrl decodedCrl(*this, Crl); - - NSS_TBSCertificate &tbsCert = decodedCert.mCert.tbs; - NSS_TBSCrl &tbsCrl = decodedCrl.mCrl.tbs; - - /* trivial case - empty CRL */ - unsigned numCrlEntries = - clNssArraySize((const void **)tbsCrl.revokedCerts); - if(numCrlEntries == 0) { - clFieldLog("IsCertInCrl: empty CRL"); - CertFound = CSSM_FALSE; - return; - } - - /* - * Get normalized and encoded versions of issuer names. - * Since the decoded entities are local, we can normalize in place. - */ - CssmAutoData encCertIssuer(*this); - CssmAutoData encCrlIssuer(*this); - try { - /* snag a handy temp allocator */ - SecNssCoder &coder = decodedCert.coder(); - CL_normalizeX509NameNSS(tbsCert.issuer, coder); - PRErrorCode prtn = SecNssEncodeItemOdata(&tbsCert.issuer, - NSS_NameTemplate, encCertIssuer); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - - CL_normalizeX509NameNSS(tbsCrl.issuer, coder); - prtn = SecNssEncodeItemOdata(&tbsCrl.issuer, - NSS_NameTemplate, encCrlIssuer); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - } - catch(...) { - clFieldLog("IsCertInCrl: normalize failure"); - throw; - } - - /* issuer names match? */ - CertFound = CSSM_FALSE; - if(encCertIssuer.get() != encCrlIssuer.get()) { - clFieldLog("IsCertInCrl: issuer name mismatch"); - return; - } - - /* is this cert's serial number in the CRL? */ - CSSM_DATA &certSerial = tbsCert.serialNumber; - for(unsigned dex=0; dexuserCertificate; - if(clCompareCssmData(&certSerial, &revokedSerial)) { - /* success */ - CertFound = CSSM_TRUE; - break; - } - } -} - -#pragma mark --- Cached --- - -void -AppleX509CLSession::CrlCache( - const CssmData &Crl, - CSSM_HANDLE &CrlHandle) -{ - DecodedCrl *decodedCrl = new DecodedCrl(*this, Crl); - - /* cook up a CLCachedCRL, stash it in cache */ - CLCachedCRL *cachedCrl = new CLCachedCRL(*decodedCrl); - cacheMap.addEntry(*cachedCrl, cachedCrl->handle()); - CrlHandle = cachedCrl->handle(); -} - -/* - * FIXME - CrlRecordIndex not supported, it'll require mods to - * the DecodedCrl::getCrlFieldData mechanism - */ -CSSM_HANDLE -AppleX509CLSession::CrlGetFirstCachedFieldValue( - CSSM_HANDLE CrlHandle, - const CssmData *CrlRecordIndex, - const CssmData &CrlField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value) -{ - if(CrlRecordIndex != NULL) { - /* not yet */ - CssmError::throwMe(CSSMERR_CL_INVALID_CRL_INDEX); - } - - /* fetch the associated cached CRL */ - CLCachedCRL *cachedCrl = lookupCachedCRL(CrlHandle); - if(cachedCrl == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE); - } - - CssmAutoData aData(*this); - uint32 numMatches; - - /* this returns false if field not there, throws on bad OID */ - if(!cachedCrl->crl().getCrlFieldData(CrlField, - 0, // index - numMatches, - aData)) { - return CSSM_INVALID_HANDLE; - } - - /* cook up a CLQuery, stash it */ - CLQuery *query = new CLQuery( - CLQ_CRL, - CrlField, - numMatches, - true, // isFromCache - cachedCrl->handle()); - queryMap.addEntry(*query, query->handle()); - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - NumberOfMatchedFields = numMatches; - return query->handle(); -} - - -bool -AppleX509CLSession::CrlGetNextCachedFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value) -{ - /* Identical to, so just call... */ - return CrlGetNextFieldValue(ResultsHandle, Value); -} - - -void -AppleX509CLSession::IsCertInCachedCrl( - const CssmData &Cert, - CSSM_HANDLE CrlHandle, - CSSM_BOOL &CertFound, - CssmData &CrlRecordIndex) -{ - unimplemented(); -} - - -void -AppleX509CLSession::CrlAbortCache( - CSSM_HANDLE CrlHandle) -{ - /* fetch the associated cached CRL, remove from map, delete it */ - CLCachedCRL *cachedCrl = lookupCachedCRL(CrlHandle); - if(cachedCrl == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE); - } - cacheMap.removeEntry(cachedCrl->handle()); - delete cachedCrl; -} - - -void -AppleX509CLSession::CrlAbortQuery( - CSSM_HANDLE ResultsHandle) -{ - /* fetch & validate the query */ - CLQuery *query = queryMap.lookupEntry(ResultsHandle); - if(query == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->queryType() != CLQ_CRL) { - clErrorLog("CrlAbortQuery: bad queryType (%d)", (int)query->queryType()); - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - - if(!query->fromCache()) { - /* the associated cached CRL was created just for this query; dispose */ - CLCachedCRL *cachedCrl = lookupCachedCRL(query->cachedObject()); - if(cachedCrl == NULL) { - /* should never happen */ - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - cacheMap.removeEntry(cachedCrl->handle()); - delete cachedCrl; - } - queryMap.removeEntry(query->handle()); - delete query; -} - -#pragma mark --- Template --- - -void -AppleX509CLSession::CrlCreateTemplate( - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - CssmData &NewCrl) -{ - unimplemented(); -} - - -void -AppleX509CLSession::CrlSetFields( - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - const CssmData &OldCrl, - CssmData &ModifiedCrl) -{ - unimplemented(); -} - - -void -AppleX509CLSession::CrlAddCert( - CSSM_CC_HANDLE CCHandle, - const CssmData &Cert, - uint32 NumberOfFields, - const CSSM_FIELD CrlEntryFields[], - const CssmData &OldCrl, - CssmData &NewCrl) -{ - unimplemented(); -} - - -void -AppleX509CLSession::CrlRemoveCert( - const CssmData &Cert, - const CssmData &OldCrl, - CssmData &NewCrl) -{ - unimplemented(); -} - - -void -AppleX509CLSession::CrlGetAllCachedRecordFields( - CSSM_HANDLE CrlHandle, - const CssmData &CrlRecordIndex, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CrlFields) -{ - unimplemented(); -} - -/* - * These are functionally identical to the corresponding - * Cert functions. - */ -void -AppleX509CLSession::CrlVerifyWithKey( - CSSM_CC_HANDLE CCHandle, - const CssmData &CrlToBeVerified) -{ - CertVerifyWithKey(CCHandle, CrlToBeVerified); -} - - -void -AppleX509CLSession::CrlVerify( - CSSM_CC_HANDLE CCHandle, - const CssmData &CrlToBeVerified, - const CssmData *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize) -{ - CertVerify(CCHandle, CrlToBeVerified, SignerCert, VerifyScope, - ScopeSize); -} - -void -AppleX509CLSession::CrlSign( - CSSM_CC_HANDLE CCHandle, - const CssmData &UnsignedCrl, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CssmData &SignedCrl) -{ - unimplemented(); -} - - - - diff --git a/AppleX509CL/Session_CSR.cpp b/AppleX509CL/Session_CSR.cpp deleted file mode 100644 index c6c09364..00000000 --- a/AppleX509CL/Session_CSR.cpp +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Session_CSP.cpp - CSR-related session functions. -// - -#include "AppleX509CLSession.h" -#include "DecodedCert.h" -#include "clNameUtils.h" -#include "clNssUtils.h" -#include "cldebugging.h" -#include "CSPAttacher.h" -#include "clNssUtils.h" -#include -#include -#include -#include -#include - -/* - * Generate a DER-encoded CSR. - */ -void AppleX509CLSession::generateCsr( - CSSM_CC_HANDLE CCHandle, - const CSSM_APPLE_CL_CSR_REQUEST *csrReq, - CSSM_DATA_PTR &csrPtr) -{ - /* - * We use the full NSSCertRequest here; we encode the - * NSSCertRequestInfo component separately to calculate - * its signature, then we encode the whole NSSCertRequest - * after dropping in the signature and SignatureAlgorithmIdentifier. - */ - NSSCertRequest certReq; - NSSCertRequestInfo &reqInfo = certReq.reqInfo; - PRErrorCode prtn; - - memset(&certReq, 0, sizeof(certReq)); - - /* - * Step 1: convert CSSM_APPLE_CL_CSR_REQUEST to CertificationRequestInfo. - * All allocs via local arena pool. - */ - SecNssCoder coder; - ArenaAllocator alloc(coder); - clIntToData(0, reqInfo.version, alloc); - - /* subject Name, required */ - if(csrReq->subjectNameX509 == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_POINTER); - } - CL_cssmNameToNss(*csrReq->subjectNameX509, reqInfo.subject, coder); - - /* key --> CSSM_X509_SUBJECT_PUBLIC_KEY_INFO */ - CL_CSSMKeyToSubjPubKeyInfoNSS(*csrReq->subjectPublicKey, - reqInfo.subjectPublicKeyInfo, coder); - - /* attributes - see sm_x501if - we support one, CSSMOID_ChallengePassword, - * as a printable string */ - if(csrReq->challengeString) { - /* alloc a NULL_terminated array of NSS_Attribute pointers */ - reqInfo.attributes = (NSS_Attribute **)coder.malloc(2 * sizeof(NSS_Attribute *)); - reqInfo.attributes[1] = NULL; - - /* alloc one NSS_Attribute */ - reqInfo.attributes[0] = (NSS_Attribute *)coder.malloc(sizeof(NSS_Attribute)); - NSS_Attribute *attr = reqInfo.attributes[0]; - memset(attr, 0, sizeof(NSS_Attribute)); - - /* NULL_terminated array of attrValues */ - attr->attrValue = (CSSM_DATA **)coder.malloc(2 * sizeof(CSSM_DATA *)); - attr->attrValue[1] = NULL; - - /* one value - we're almost there */ - attr->attrValue[0] = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA)); - - /* attrType is an OID, temp, use static OID */ - attr->attrType = CSSMOID_ChallengePassword; - - /* one value, spec'd as AsnAny, we have to encode first. */ - CSSM_DATA strData; - strData.Data = (uint8 *)csrReq->challengeString; - strData.Length = strlen(csrReq->challengeString); - prtn = coder.encodeItem(&strData, SEC_PrintableStringTemplate, - *attr->attrValue[0]); - if(prtn) { - clErrorLog("generateCsr: error encoding challengeString\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - } - - /* - * Step 2: DER-encode the NSSCertRequestInfo prior to signing. - */ - CSSM_DATA encReqInfo; - prtn = coder.encodeItem(&reqInfo, NSS_CertRequestInfoTemplate, encReqInfo); - if(prtn) { - clErrorLog("generateCsr: error encoding CertRequestInfo\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - - /* - * Step 3: sign the encoded NSSCertRequestInfo. - */ - CssmAutoData sig(*this); - CssmData &infoData = CssmData::overlay(encReqInfo); - signData(CCHandle, infoData, sig); - - /* - * Step 4: finish up NSSCertRequest - signatureAlgorithm, signature - */ - certReq.signatureAlgorithm.algorithm = csrReq->signatureOid; - /* FIXME - for now assume NULL alg params */ - CL_nullAlgParams(certReq.signatureAlgorithm); - certReq.signature.Data = (uint8 *)sig.data(); - certReq.signature.Length = sig.length() * 8; - - /* - * Step 5: DER-encode the finished NSSCertRequest into app space. - */ - CssmAutoData encCsr(*this); - prtn = SecNssEncodeItemOdata(&certReq, NSS_CertRequestTemplate, encCsr); - if(prtn) { - clErrorLog("generateCsr: error encoding CertRequestInfo\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - - /* TBD - enc64 the result, when we have this much working */ - csrPtr = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - csrPtr->Data = (uint8 *)encCsr.data(); - csrPtr->Length = encCsr.length(); - encCsr.release(); -} - -/* - * Verify CSR with its own public key. - */ -void AppleX509CLSession::verifyCsr( - const CSSM_DATA *csrPtr) -{ - /* - * 1. Extract the public key from the CSR. We do this by decoding - * the whole thing and getting a CSSM_KEY from the - * SubjectPublicKeyInfo. - */ - NSSCertRequest certReq; - SecNssCoder coder; - PRErrorCode prtn; - - memset(&certReq, 0, sizeof(certReq)); - prtn = coder.decodeItem(*csrPtr, NSS_CertRequestTemplate, &certReq); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_INVALID_DATA); - } - - NSSCertRequestInfo &reqInfo = certReq.reqInfo; - CSSM_KEY_PTR cssmKey = CL_extractCSSMKeyNSS(reqInfo.subjectPublicKeyInfo, - *this, // alloc - NULL); // no DecodedCert - - /* - * 2. Obtain signature algorithm and parameters. - */ - CSSM_X509_ALGORITHM_IDENTIFIER sigAlgId = certReq.signatureAlgorithm; - CSSM_ALGORITHMS vfyAlg = CL_oidToAlg(sigAlgId.algorithm); - - /* - * 3. Extract the raw bits to be verified and the signature. We - * decode the CSR as a CertificationRequestSigned for this, which - * avoids the decode of the CertificationRequestInfo. - */ - NSS_SignedCertRequest certReqSigned; - memset(&certReqSigned, 0, sizeof(certReqSigned)); - prtn = coder.decodeItem(*csrPtr, NSS_SignedCertRequestTemplate, &certReqSigned); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_INVALID_DATA); - } - - CSSM_DATA sigBytes = certReqSigned.signature; - sigBytes.Length = (sigBytes.Length + 7 ) / 8; - CssmData &sigCdata = CssmData::overlay(sigBytes); - CssmData &toVerify = CssmData::overlay(certReqSigned.certRequestBlob); - - /* - * 4. Attach to CSP, cook up signature context, verify signature. - */ - CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true); - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - vfyAlg, - NULL, // Access Creds - cssmKey, - &ccHand); - if(crtn) { - CssmError::throwMe(crtn); - } - verifyData(ccHand, toVerify, sigCdata); - CL_freeCSSMKey(cssmKey, *this); -} - diff --git a/AppleX509CL/Session_Cert.cpp b/AppleX509CL/Session_Cert.cpp deleted file mode 100644 index 1f1e2208..00000000 --- a/AppleX509CL/Session_Cert.cpp +++ /dev/null @@ -1,409 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Session_Cert.cpp - cert-related session functions. -// - -#include "AppleX509CLSession.h" -#include "DecodedCert.h" -#include "DecodedCrl.h" -#include "CLCachedEntry.h" -#include "cldebugging.h" -#include - -void -AppleX509CLSession::CertDescribeFormat( - uint32 &NumberOfFields, - CSSM_OID_PTR &OidList) -{ - DecodedCert::describeFormat(*this, NumberOfFields, OidList); -} - -void -AppleX509CLSession::CertGetAllFields( - const CssmData &Cert, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CertFields) -{ - DecodedCert decodedCert(*this, Cert); - decodedCert.getAllParsedCertFields(NumberOfFields, CertFields); -} - - -CSSM_HANDLE -AppleX509CLSession::CertGetFirstFieldValue( - const CssmData &EncodedCert, - const CssmData &CertField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value) -{ - NumberOfMatchedFields = 0; - Value = NULL; - CssmAutoData aData(*this); - - DecodedCert *decodedCert = new DecodedCert(*this, EncodedCert); - uint32 numMatches; - - /* this returns false if field not there, throws on bad OID */ - bool brtn; - try { - brtn = decodedCert->getCertFieldData(CertField, - 0, // index - numMatches, - aData); - } - catch (...) { - delete decodedCert; - throw; - } - if(!brtn) { - delete decodedCert; - return CSSM_INVALID_HANDLE; - } - - /* cook up a CLCachedCert, stash it in cache */ - CLCachedCert *cachedCert = new CLCachedCert(*decodedCert); - cacheMap.addEntry(*cachedCert, cachedCert->handle()); - - /* cook up a CLQuery, stash it */ - CLQuery *query = new CLQuery( - CLQ_Cert, - CertField, - numMatches, - false, // isFromCache - cachedCert->handle()); - queryMap.addEntry(*query, query->handle()); - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - NumberOfMatchedFields = numMatches; - return query->handle(); -} - - -bool -AppleX509CLSession::CertGetNextFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value) -{ - /* fetch & validate the query */ - CLQuery *query = queryMap.lookupEntry(ResultsHandle); - if(query == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->queryType() != CLQ_Cert) { - clErrorLog("CertGetNextFieldValue: bad queryType (%d)", (int)query->queryType()); - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->nextIndex() >= query->numFields()) { - return false; - } - - /* fetch the associated cached cert */ - CLCachedCert *cachedCert = lookupCachedCert(query->cachedObject()); - uint32 dummy; - CssmAutoData aData(*this); - if(!cachedCert->cert().getCertFieldData(query->fieldId(), - query->nextIndex(), - dummy, - aData)) { - return false; - } - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - query->incrementIndex(); - return true; -} - -void -AppleX509CLSession::CertCache( - const CssmData &EncodedCert, - CSSM_HANDLE &CertHandle) -{ - DecodedCert *decodedCert = new DecodedCert(*this, EncodedCert); - - /* cook up a CLCachedCert, stash it in cache */ - CLCachedCert *cachedCert = new CLCachedCert(*decodedCert); - cacheMap.addEntry(*cachedCert, cachedCert->handle()); - CertHandle = cachedCert->handle(); -} - -CSSM_HANDLE -AppleX509CLSession::CertGetFirstCachedFieldValue( - CSSM_HANDLE CertHandle, - const CssmData &CertField, - uint32 &NumberOfMatchedFields, - CSSM_DATA_PTR &Value) -{ - /* fetch the associated cached cert */ - CLCachedCert *cachedCert = lookupCachedCert(CertHandle); - if(cachedCert == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE); - } - - CssmAutoData aData(*this); - uint32 numMatches; - - /* this returns false if field not there, throws on bad OID */ - if(!cachedCert->cert().getCertFieldData(CertField, - 0, // index - numMatches, - aData)) { - return CSSM_INVALID_HANDLE; - } - - /* cook up a CLQuery, stash it */ - CLQuery *query = new CLQuery( - CLQ_Cert, - CertField, - numMatches, - true, // isFromCache - cachedCert->handle()); - queryMap.addEntry(*query, query->handle()); - - /* success - copy field data to outgoing Value */ - Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - *Value = aData.release(); - NumberOfMatchedFields = numMatches; - return query->handle(); -} - - -bool -AppleX509CLSession::CertGetNextCachedFieldValue( - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR &Value) -{ - /* Identical to, so just call... */ - return CertGetNextFieldValue(ResultsHandle, Value); -} - -void -AppleX509CLSession::CertAbortCache( - CSSM_HANDLE CertHandle) -{ - /* fetch the associated cached cert, remove from map, delete it */ - CLCachedCert *cachedCert = lookupCachedCert(CertHandle); - if(cachedCert == NULL) { - clErrorLog("CertAbortCache: cachedCert not found"); - CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE); - } - cacheMap.removeEntry(cachedCert->handle()); - delete cachedCert; -} - -/* - * Abort either type of cert field query (cache based or non-cache based) - */ -void -AppleX509CLSession::CertAbortQuery( - CSSM_HANDLE ResultsHandle) -{ - /* fetch & validate the query */ - CLQuery *query = queryMap.lookupEntry(ResultsHandle); - if(query == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - if(query->queryType() != CLQ_Cert) { - clErrorLog("CertAbortQuery: bad queryType (%d)", (int)query->queryType()); - CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE); - } - - if(!query->fromCache()) { - /* the associated cached cert was created just for this query; dispose */ - CLCachedCert *cachedCert = lookupCachedCert(query->cachedObject()); - if(cachedCert == NULL) { - /* should never happen */ - clErrorLog("CertAbortQuery: cachedCert not found"); - CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR); - } - cacheMap.removeEntry(cachedCert->handle()); - delete cachedCert; - } - queryMap.removeEntry(query->handle()); - delete query; -} - -void -AppleX509CLSession::CertCreateTemplate( - uint32 NumberOfFields, - const CSSM_FIELD CertFields[], - CssmData &CertTemplate) -{ - /* cook up an empty Cert */ - DecodedCert cert(*this); - - /* grind thru specified fields; exceptions are fatal */ - for(uint32 dex=0; dexFieldOid; - - /* oid-specific handling of value */ - /* BUG - the CssmRemoteData constructor clears the referent, - * iff the referent is a CSSSM_DATA (as opposed to a CssmData). - */ - CssmData &cData = CssmData::overlay(thisField->FieldValue); - CssmRemoteData rData(*this, cData); - try { - DecodedCert::freeCertFieldData(CssmOid::overlay(*thisOid), rData); - } - catch(...) { - /* CRL field? */ - DecodedCrl::freeCrlFieldData(CssmOid::overlay(*thisOid), rData); - } - /* and the oid itself */ - free(thisOid->Data); - thisOid->Data = NULL; - thisOid->Length = 0; - } - free(FieldArray); -} - -void -AppleX509CLSession::FreeFieldValue( - const CssmData &CertOrCrlOid, - CssmData &Value) -{ - CssmRemoteData cd(*this, Value); - try { - DecodedCert::freeCertFieldData(CertOrCrlOid, cd); - } - catch(...) { - /* CRL field? */ - DecodedCrl::freeCrlFieldData(CertOrCrlOid, cd); - } - free(&Value); -} - -void -AppleX509CLSession::CertGroupFromVerifiedBundle( - CSSM_CC_HANDLE CCHandle, - const CSSM_CERT_BUNDLE &CertBundle, - const CssmData *SignerCert, - CSSM_CERTGROUP_PTR &CertGroup) -{ - unimplemented(); -} - -void -AppleX509CLSession::CertGroupToSignedBundle( - CSSM_CC_HANDLE CCHandle, - const CSSM_CERTGROUP &CertGroupToBundle, - const CSSM_CERT_BUNDLE_HEADER *BundleInfo, - CssmData &SignedBundle) -{ - unimplemented(); -} - -void -AppleX509CLSession::PassThrough( - CSSM_CC_HANDLE CCHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams) -{ - switch(PassThroughId) { - case CSSM_APPLEX509CL_OBTAIN_CSR: - { - /* - * Create a Cert Signing Request (CSR). - * Input is a CSSM_APPLE_CL_CSR_REQUEST. - * Output is a PEM-encoded CertSigningRequest (NSS type - * NSS_SignedCertRequest from pkcs10). - */ - if(InputParams == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); - } - if(OutputParams == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_OUTPUT_POINTER); - } - CSSM_APPLE_CL_CSR_REQUEST *csrReq = - (CSSM_APPLE_CL_CSR_REQUEST *)InputParams; - if((csrReq->subjectNameX509 == NULL) || - (csrReq->signatureOid.Data == NULL) || - (csrReq->subjectPublicKey == NULL) || - (csrReq->subjectPrivateKey == NULL)) { - CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); - } - CSSM_DATA_PTR csrPtr = NULL; - generateCsr(CCHandle, csrReq, csrPtr); - *OutputParams = csrPtr; - break; - } - case CSSM_APPLEX509CL_VERIFY_CSR: - { - /* - * Perform signature verify of a CSR. - * Input: CSSM_DATA referring to a DER-encoded CSR. - * Output: Nothing, throws CSSMERR_CL_VERIFICATION_FAILURE - * on failure. - */ - if(InputParams == NULL) { - CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); - } - const CSSM_DATA *csrPtr = (const CSSM_DATA *)InputParams; - verifyCsr(csrPtr); - break; - } - default: - CssmError::throwMe(CSSMERR_CL_INVALID_PASSTHROUGH_ID); - } -} - diff --git a/AppleX509CL/Session_Crypto.cpp b/AppleX509CL/Session_Crypto.cpp deleted file mode 100644 index bcce4930..00000000 --- a/AppleX509CL/Session_Crypto.cpp +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * Session_Crypto.cpp: CL session functions: sign, verify, CSSM_KEY extraction. - * - * Created 9/1/2000 by Doug Mitchell. - * Copyright (c) 2000 by Apple Computer. - */ - -#include "AppleX509CLSession.h" -#include "DecodedCert.h" -#include "cldebugging.h" -#include "CSPAttacher.h" -#include "clNssUtils.h" -#include -#include -#include -#include -#include - -/* - * Given a DER-encoded cert, obtain a fully usable CSSM_KEY representing - * the cert's public key. - */ -void -AppleX509CLSession::CertGetKeyInfo( - const CssmData &Cert, - CSSM_KEY_PTR &Key) -{ - DecodedCert decodedCert(*this, Cert); - Key = decodedCert.extractCSSMKey(*this); -} - -/* - * Given a DER-encoded cert and a fully specified crypto context, verify - * cert's TBS and signature. - */ -void -AppleX509CLSession::CertVerifyWithKey( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertToBeVerified) -{ - CssmAutoData tbs(*this); - CssmAutoData algId(*this); - CssmAutoData sig(*this); - CL_certCrlDecodeComponents(CertToBeVerified, tbs, algId, sig); - verifyData(CCHandle, tbs, sig); -} - -/* - * Verify a DER-encoded cert, obtaining crypto context from either - * caller-specified context or by inference from SignerCert. - */ -void -AppleX509CLSession::CertVerify( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertToBeVerified, - const CssmData *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize) -{ - if((VerifyScope != NULL) || (ScopeSize != 0)) { - CssmError::throwMe(CSSMERR_CL_SCOPE_NOT_SUPPORTED); - } - if((CCHandle == CSSM_INVALID_HANDLE) && (SignerCert == NULL)) { - /* need one or the other */ - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - - /* get top-level components */ - CssmAutoData tbs(*this); // in DER format - CssmAutoData algId(*this); // in DER format - CssmAutoData sig(*this); // in DER format - CL_certCrlDecodeComponents(CertToBeVerified, tbs, algId, sig); - - /* these must be explicitly freed upon exit */ - CSSM_KEY_PTR signerPubKey = NULL; - CSSM_CONTEXT_PTR context = NULL; - CSSM_CSP_HANDLE cspHand = CSSM_INVALID_HANDLE; - CSSM_CC_HANDLE ourCcHand = CSSM_INVALID_HANDLE; - - /* SignerCert optional; if present, obtain its subject key */ - if(SignerCert != NULL) { - CertGetKeyInfo(*SignerCert, signerPubKey); - } - - /* signerPubKey must be explicitly freed in any case */ - try { - if(CCHandle != CSSM_INVALID_HANDLE) { - /* - * We'll use this CCHandle for the sig verify, but - * make sure it matches possible incoming SignerCert parameters - */ - if(SignerCert != NULL) { - CSSM_RETURN crtn; - - /* extract signer's public key as a CSSM_KEY from context */ - crtn = CSSM_GetContext(CCHandle, &context); - if(crtn) { - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - CSSM_CONTEXT_ATTRIBUTE_PTR attr; - crtn = CSSM_GetContextAttribute(context, - CSSM_ATTRIBUTE_KEY, - &attr); - if(crtn) { - clErrorLog("CertVerify: valid CCHandle but no key!\n"); - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - /* require match */ - assert(signerPubKey != NULL); - CSSM_KEY_PTR contextPubKey = attr->Attribute.Key; - if(contextPubKey->KeyHeader.AlgorithmId != - signerPubKey->KeyHeader.AlgorithmId) { - clErrorLog("CertVerify: AlgorithmId mismatch!\n"); - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - - /* TBD - check key size, when we have a CSP which can report it */ - /* TBD - anything else? */ - } /* verifying multiple contexts */ - /* OK to use CCHandle as is for verify context */ - } /* valid CCHandle */ - else { - /* - * All we have is signer cert. We already have its public key; - * get signature alg from CertToBeVerified's Cert.algID, which - * we currently have in DER form. Decode it into temp memory. - */ - assert(SignerCert != NULL); - assert(signerPubKey != NULL); - - CSSM_X509_ALGORITHM_IDENTIFIER cssmAlgId; - SecNssCoder coder; - PRErrorCode prtn; - - CssmData &algIdData = algId.get(); - memset(&cssmAlgId, 0, sizeof(cssmAlgId)); - prtn = coder.decode(algIdData.data(), algIdData.length(), - NSS_AlgorithmIDTemplate, &cssmAlgId); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - CSSM_ALGORITHMS vfyAlg = CL_oidToAlg(cssmAlgId.algorithm); - - /* attach to CSP, cook up a context */ - cspHand = getGlobalCspHand(true); - CSSM_RETURN crtn; - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - vfyAlg, - NULL, // Access Creds - signerPubKey, - &ourCcHand); - CCHandle = ourCcHand; - } /* inferring sig verify context from SignerCert */ - verifyData(CCHandle, tbs, sig); - } - catch(...) { - /* FIXME - isn't there a better way to do this? Save the - * exception as a CSSM_RETURN and throw it if nonzero later? - */ - if(context != NULL) { - CSSM_FreeContext(context); - } - CL_freeCSSMKey(signerPubKey, *this); - if(ourCcHand != CSSM_INVALID_HANDLE) { - CSSM_DeleteContext(ourCcHand); - } - throw; - } - if(context != NULL) { - CSSM_FreeContext(context); - } - CL_freeCSSMKey(signerPubKey, *this); - if(ourCcHand != CSSM_INVALID_HANDLE) { - CSSM_DeleteContext(ourCcHand); - } -} - -/* - * Given a DER-encoded TBSCert and a fully specified crypto context, - * sign the TBSCert and return the resulting DER-encoded Cert. - */ -void -AppleX509CLSession::CertSign( - CSSM_CC_HANDLE CCHandle, - const CssmData &CertTemplate, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CssmData &SignedCert) -{ - if((SignScope != NULL) || (ScopeSize != 0)) { - CssmError::throwMe(CSSMERR_CL_SCOPE_NOT_SUPPORTED); - } - if(CCHandle == CSSM_INVALID_HANDLE) { - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - - /* cook up algId from context->(signing key, sig algorithm) */ - CSSM_CONTEXT_PTR context = NULL; // must be freed - CSSM_RETURN crtn; - crtn = CSSM_GetContext(CCHandle, &context); - if(crtn) { - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - CSSM_CONTEXT_ATTRIBUTE_PTR attr; // not freed - crtn = CSSM_GetContextAttribute(context, - CSSM_ATTRIBUTE_KEY, - &attr); - if(crtn) { - clErrorLog("CertSign: valid CCHandle but no signing key!\n"); - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - CSSM_KEY_PTR signingKey = attr->Attribute.Key; - if(signingKey == NULL) { - clErrorLog("CertSign: valid CCHandle, NULL signing key!\n"); - CssmError::throwMe(CSSMERR_CL_INVALID_CONTEXT_HANDLE); - } - - CssmAutoData encAlgId(*this); - CssmAutoData rawSig(*this); - CssmAutoData fullCert(*this); - try { - /* - * FIXME: we really should break up the template and ensure that its - * signature algId matches the one we're signing with, or just use - * that algId here....for now, this is up to the app to make sure. - */ - - /* temp allocs/encode into here */ - SecNssCoder coder; - - /* CSSM alg --> CSSM_X509_ALGORITHM_IDENTIFIER */ - CSSM_X509_ALGORITHM_IDENTIFIER algId; - memset(&algId, 0, sizeof(algId)); - const CSSM_OID *oid = cssmAlgToOid(context->AlgorithmType); - - if(oid == NULL) { - clErrorLog("CertSIgn: unknown alg (%u)\n", - (unsigned)context->AlgorithmType); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - algId.algorithm = *oid; - - /* NULL params - FIXME - is this OK? */ - CL_nullAlgParams(algId); - /* DER-encode the algID */ - PRErrorCode prtn; - prtn = SecNssEncodeItemOdata(&algId, NSS_AlgorithmIDTemplate, - encAlgId); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - - /* sign TBS --> rawSig */ - signData(CCHandle, CertTemplate, rawSig); - /* put it all together */ - CL_certEncodeComponents(CertTemplate, encAlgId, rawSig, fullCert); - } - catch (...) { - CSSM_FreeContext(context); - throw; - } - CSSM_FreeContext(context); - SignedCert = fullCert.release(); -} - -/*** Private functions ***/ - -/* - * Sign a CssmData with the specified signing context. Used for - * signing both certs and CRLs; this routine doesn't know anything - * about either one. - */ -void -AppleX509CLSession::signData( - CSSM_CC_HANDLE ccHand, - const CssmData &tbs, - CssmOwnedData &sig) // mallocd and returned -{ - CSSM_RETURN crtn; - CssmData cSig; - - crtn = CSSM_SignData( - ccHand, - &tbs, - 1, // DataBufCount - CSSM_ALGID_NONE, // DigestAlgorithm, - &cSig); - if(crtn) { - clErrorLog("AppleX509CLSession::CSSM_SignData: %s\n", - cssmErrorString(crtn).c_str()); - CssmError::throwMe(crtn); - } - sig.set(cSig); -} - -/* - * Verify a block of data given a crypto context and a signature. - * Used for verifying certs and CRLs. Returns a CSSM_RETURN (callers - * always need to clean up after calling us). - */ -void AppleX509CLSession::verifyData( - CSSM_CC_HANDLE ccHand, - const CssmData &tbs, - const CssmData &sig) -{ - CSSM_RETURN crtn; - - crtn = CSSM_VerifyData(ccHand, - &tbs, - 1, - CSSM_ALGID_NONE, // Digest alg - &sig); - if(crtn) { - if(crtn == CSSMERR_CSP_VERIFY_FAILED) { - /* CSP and CL report this differently */ - CssmError::throwMe(CSSMERR_CL_VERIFICATION_FAILURE); - } - else { - CssmError::throwMe(crtn); - } - } -} - diff --git a/AppleX509CL/TODO b/AppleX509CL/TODO deleted file mode 100644 index de81bb21..00000000 --- a/AppleX509CL/TODO +++ /dev/null @@ -1 +0,0 @@ -Things TODO in AppleX509CL diff --git a/AppleX509CL/clNameUtils.cpp b/AppleX509CL/clNameUtils.cpp deleted file mode 100644 index 737a8a25..00000000 --- a/AppleX509CL/clNameUtils.cpp +++ /dev/null @@ -1,741 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * clNameUtils.cpp - support for Name, GeneralizedName, all sorts of names - */ - -#include "clNameUtils.h" -#include "clNssUtils.h" -#include "cldebugging.h" -#include - -#pragma mark ----- NSS_Name <--> CSSM_X509_NAME ----- - -/* - * NSS_ATV --> CSSM_X509_TYPE_VALUE_PAIR - */ - -void CL_nssAtvToCssm( - const NSS_ATV &nssObj, - CSSM_X509_TYPE_VALUE_PAIR &cssmObj, - CssmAllocator &alloc) -{ - /* tag and decoded data */ - cssmObj.valueType = nssObj.value.tag; - clAllocCopyData(alloc, nssObj.value.item, cssmObj.value); - /* the OID */ - clAllocCopyData(alloc, nssObj.type, cssmObj.type); -} - -/* NSS_RDN --> CSSM_X509_RDN */ -void CL_nssRdnToCssm( - const NSS_RDN &nssObj, - CSSM_X509_RDN &cssmObj, - CssmAllocator &alloc, - SecNssCoder &coder) // conversion requires further decoding -{ - memset(&cssmObj, 0, sizeof(cssmObj)); - unsigned numAtvs = clNssArraySize((const void **)nssObj.atvs); - if(numAtvs == 0) { - return; - } - - size_t len = numAtvs * sizeof(CSSM_X509_TYPE_VALUE_PAIR); - cssmObj.AttributeTypeAndValue = - (CSSM_X509_TYPE_VALUE_PAIR_PTR)alloc.malloc(len); - cssmObj.numberOfPairs = numAtvs; - CSSM_X509_TYPE_VALUE_PAIR_PTR cssmAtvs = cssmObj.AttributeTypeAndValue; - memset(cssmAtvs, 0, len); - - for(unsigned dex=0; dex CSSM_X509_NAME */ -void CL_nssNameToCssm( - const NSS_Name &nssObj, - CSSM_X509_NAME &cssmObj, - CssmAllocator &alloc) -{ - memset(&cssmObj, 0, sizeof(cssmObj)); - unsigned numRdns = clNssArraySize((const void **)nssObj.rdns); - if(numRdns == 0) { - /* not technically an error */ - return; - } - - size_t len = numRdns * sizeof(CSSM_X509_RDN); - cssmObj.RelativeDistinguishedName = (CSSM_X509_RDN_PTR)alloc.malloc(len); - cssmObj.numberOfRDNs = numRdns; - CSSM_X509_RDN_PTR cssmRdns = cssmObj.RelativeDistinguishedName; - memset(cssmRdns, 0, len); - - SecNssCoder coder; // conversion requires further decoding - - for(unsigned dex=0; dex NSS_ATV - */ -void CL_cssmAtvToNss( - const CSSM_X509_TYPE_VALUE_PAIR &cssmObj, - NSS_ATV &nssObj, - SecNssCoder &coder) -{ - memset(&nssObj, 0, sizeof(nssObj)); - - /* copy the OID */ - coder.allocCopyItem(cssmObj.type, nssObj.type); - - /* tag and value */ - nssObj.value.tag = cssmObj.valueType; - coder.allocCopyItem(cssmObj.value, nssObj.value.item); -} - -/* CSSM_X509_RDN --> NSS_RDN */ -void CL_cssmRdnToNss( - const CSSM_X509_RDN &cssmObj, - NSS_RDN &nssObj, - SecNssCoder &coder) -{ - memset(&nssObj, 0, sizeof(nssObj)); - - /* alloc NULL-terminated array of ATV pointers */ - unsigned numAtvs = cssmObj.numberOfPairs; - unsigned size = (numAtvs + 1) * sizeof(void *); - nssObj.atvs = (NSS_ATV **)coder.malloc(size); - memset(nssObj.atvs, 0, size); - - /* grind thru the elements */ - for(unsigned atvDex=0; atvDex NSS_Name */ -void CL_cssmNameToNss( - const CSSM_X509_NAME &cssmObj, - NSS_Name &nssObj, - SecNssCoder &coder) -{ - memset(&nssObj, 0, sizeof(nssObj)); - - /* alloc NULL-terminated array of RDN pointers */ - unsigned numRdns = cssmObj.numberOfRDNs; - nssObj.rdns = (NSS_RDN **)clNssNullArray(numRdns, coder); - - /* grind thru the elements */ - for(unsigned rdnDex=0; rdnDexatvs); - if(numAttrs == 0) { - clFieldLog("clNormalizeX509Name: zero numAttrs at index %d", rdnDex); - continue; - } - - /* descend into array of attribute/values */ - for(unsigned attrDex=0; attrDexatvs[attrDex]; - assert(attr != NULL); - - /* - * attr->value is an ASN_ANY containing an encoded - * string. We only normalize Prinatable String types. - * If we find one, decode it, normalize it, encode the - * result, and put the encoding back in attr->value. - * We temporarily "leak" the original string, which only - * has a lifetime of the incoming SecNssCoder. - */ - NSS_TaggedItem &attrVal = attr->value; - if(attrVal.tag != SEC_ASN1_PRINTABLE_STRING) { - /* skip it */ - continue; - } - - /* normalize */ - char *strPtr = (char *)attrVal.item.Data; - int newLen = attrVal.item.Length; - CL_normalizeString(strPtr, newLen); - - /* possible length adjustment */ - attrVal.item.Length = newLen; - } /* for each attribute/value */ - } /* for each RDN */ -} - -#pragma mark ----- CE_GeneralNames <--> NSS_GeneralNames ----- - -void CL_nssGeneralNameToCssm( - NSS_GeneralName &nssObj, - CE_GeneralName &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc) // destination -{ - memset(&cdsaObj, 0, sizeof(cdsaObj)); - PRErrorCode prtn; - - /* for caller's CE_GeneralName */ - CSSM_BOOL berEncoded = CSSM_FALSE; - CE_GeneralNameType cdsaTag; - - /* - * At this point, depending on the decoded object's tag, we either - * have the final bytes to copy out, or we need to decode further. - * After this switch, if doCopy is true, give the caller a copy - * of nssObj.item. - */ - bool doCopy = true; - switch(nssObj.tag) { - case NGT_OtherName: // ASN_ANY -> CE_OtherName - { - cdsaTag = GNT_OtherName; - - /* decode to coder memory */ - CE_OtherName *nssOther = - (CE_OtherName *)coder.malloc(sizeof(CE_OtherName)); - memset(nssOther, 0, sizeof(CE_OtherName)); - prtn = coder.decodeItem(nssObj.item, - NSS_GenNameOtherNameTemplate, - nssOther); - if(prtn) { - clErrorLog("CL_nssGeneralNameToCssm: error decoding " - "OtherName\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - /* copy out to caller */ - clAllocData(alloc, cdsaObj.name, sizeof(CE_OtherName)); - clCopyOtherName(*nssOther, *((CE_OtherName *)cdsaObj.name.Data), - alloc); - doCopy = false; - break; - } - case NGT_RFC822Name: // IA5String, done - cdsaTag = GNT_RFC822Name; - break; - case NGT_DNSName: // IA5String - cdsaTag = GNT_DNSName; - break; - case NGT_X400Address: // ASY_ANY, leave alone - cdsaTag = GNT_X400Address; - berEncoded = CSSM_TRUE; - break; - case NGT_DirectoryName: // ASN_ANY --> NSS_Name - { - cdsaTag = GNT_DirectoryName; - - /* Decode to coder memory */ - NSS_Name *nssName = (NSS_Name *)coder.malloc(sizeof(NSS_Name)); - memset(nssName, 0, sizeof(NSS_Name)); - prtn = coder.decodeItem(nssObj.item, NSS_NameTemplate, nssName); - if(prtn) { - clErrorLog("CL_nssGeneralNameToCssm: error decoding " - "NSS_Name\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - /* convert & copy out to caller */ - clAllocData(alloc, cdsaObj.name, sizeof(CSSM_X509_NAME)); - CL_nssNameToCssm(*nssName, - *((CSSM_X509_NAME *)cdsaObj.name.Data), alloc); - doCopy = false; - break; - } - case NGT_EdiPartyName: // ASN_ANY, leave alone - cdsaTag = GNT_EdiPartyName; - berEncoded = CSSM_TRUE; - break; - case NGT_URI: // IA5String - cdsaTag = GNT_URI; - break; - case NGT_IPAddress: // OCTET_STRING - cdsaTag = GNT_IPAddress; - break; - case NGT_RegisteredID: // OID - cdsaTag = GNT_RegisteredID; - break; - default: - clErrorLog("CL_nssGeneralNameToCssm: bad name tag\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - cdsaObj.nameType = cdsaTag; - cdsaObj.berEncoded = berEncoded; - if(doCopy) { - clAllocCopyData(alloc, nssObj.item, cdsaObj.name); - } -} - -void CL_nssGeneralNamesToCssm( - const NSS_GeneralNames &nssObj, - CE_GeneralNames &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc) // destination -{ - memset(&cdsaObj, 0, sizeof(cdsaObj)); - unsigned numNames = clNssArraySize((const void **)nssObj.names); - if(numNames == 0) { - return; - } - - /* - * Decode each name element, currently a raw ASN_ANY blob. - * Then convert each result into CDSA form. - * This array of (NSS_GeneralName)s is temporary, it doesn't - * persist outside of this routine other than the fact that it's - * mallocd by the coder arena pool. - */ - NSS_GeneralName *names = - (NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames); - memset(names, 0, sizeof(NSS_GeneralName) * numNames); - cdsaObj.generalName = (CE_GeneralName *)alloc.malloc( - sizeof(CE_GeneralName) * numNames); - cdsaObj.numNames = numNames; - - for(unsigned dex=0; dexnumNames; i++) { - /* - * Two special cases here. - */ - CE_GeneralName *genName = &cdsaObj->generalName[i]; - switch(genName->nameType) { - case GNT_DirectoryName: - if((!genName->berEncoded) && // we're flexible - (genName->name.Length == - sizeof(CSSM_X509_NAME))) { // paranoia - CL_freeX509Name((CSSM_X509_NAME_PTR)genName->name.Data, alloc); - } - break; - - case GNT_OtherName: - if((!genName->berEncoded) && // we're flexible - (genName->name.Length == - sizeof(CE_OtherName))) { // paranoia - CE_OtherName *con = (CE_OtherName *)genName->name.Data; - CL_freeOtherName(con, alloc); - } - break; - default: - break; - } - /* and always free this */ - alloc.free(cdsaObj->generalName[i].name.Data); - } - if(cdsaObj->numNames) { - memset(cdsaObj->generalName, 0, cdsaObj->numNames * sizeof(CE_GeneralName)); - alloc.free(cdsaObj->generalName); - } - memset(cdsaObj, 0, sizeof(CE_GeneralNames)); -} - -void CL_freeCssmDistPoints( - CE_CRLDistPointsSyntax *cssmDps, - CssmAllocator &alloc) -{ - if(cssmDps == NULL) { - return; - } - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *cssmDp = &cssmDps->distPoints[dex]; - if(cssmDp->distPointName) { - CL_freeCssmDistPointName(cssmDp->distPointName, alloc); - alloc.free(cssmDp->distPointName); - } - if(cssmDp->crlIssuer) { - CL_freeCssmGeneralNames(cssmDp->crlIssuer, alloc); - alloc.free(cssmDp->crlIssuer); - } - } - memset(cssmDps->distPoints, 0, - cssmDps->numDistPoints * sizeof(CE_CRLDistributionPoint)); - alloc.free(cssmDps->distPoints); - memset(cssmDps, 0, sizeof(*cssmDps)); -} - -void CL_freeCssmDistPointName( - CE_DistributionPointName *cssmDpn, - CssmAllocator &alloc) -{ - if(cssmDpn == NULL) { - return; - } - switch(cssmDpn->nameType) { - case CE_CDNT_FullName: - CL_freeCssmGeneralNames(cssmDpn->fullName, alloc); - alloc.free(cssmDpn->fullName); - break; - case CE_CDNT_NameRelativeToCrlIssuer: - CL_freeX509Rdn(cssmDpn->rdn, alloc); - alloc.free(cssmDpn->rdn); - break; - } - memset(cssmDpn, 0, sizeof(*cssmDpn)); -} - -/* free contents of an CSSM_X509_NAME */ -void CL_freeX509Name( - CSSM_X509_NAME_PTR x509Name, - CssmAllocator &alloc) -{ - if(x509Name == NULL) { - return; - } - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex]; - CL_freeX509Rdn(rdn, alloc); - } - alloc.free(x509Name->RelativeDistinguishedName); - memset(x509Name, 0, sizeof(CSSM_X509_NAME)); -} - -void CL_freeX509Rdn( - CSSM_X509_RDN_PTR rdn, - CssmAllocator &alloc) -{ - if(rdn == NULL) { - return; - } - for(unsigned atvDex=0; atvDexnumberOfPairs; atvDex++) { - CSSM_X509_TYPE_VALUE_PAIR_PTR atv = - &rdn->AttributeTypeAndValue[atvDex]; - alloc.free(atv->type.Data); - alloc.free(atv->value.Data); - memset(atv, 0, sizeof(CSSM_X509_TYPE_VALUE_PAIR)); - } - alloc.free(rdn->AttributeTypeAndValue); - memset(rdn, 0, sizeof(CSSM_X509_RDN)); -} - -void CL_freeOtherName( - CE_OtherName *cssmOther, - CssmAllocator &alloc) -{ - if(cssmOther == NULL) { - return; - } - alloc.free(cssmOther->typeId.Data); - alloc.free(cssmOther->value.Data); - memset(cssmOther, 0, sizeof(*cssmOther)); -} - -void CL_freeCssmIssuingDistPoint( - CE_IssuingDistributionPoint *cssmIdp, - CssmAllocator &alloc) -{ - CL_freeCssmDistPointName(cssmIdp->distPointName, alloc); -} - diff --git a/AppleX509CL/clNameUtils.h b/AppleX509CL/clNameUtils.h deleted file mode 100644 index 072b6065..00000000 --- a/AppleX509CL/clNameUtils.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * clNameUtils.h - support for Name, GeneralizedName, all sorts of names - */ - -#ifndef _CL_NAME_UTILS_H_ -#define _CL_NAME_UTILS_H_ - -#include -#include -#include -#include -#include -#include - -void CL_nssAtvToCssm( - const NSS_ATV &nssObj, - CSSM_X509_TYPE_VALUE_PAIR &cssmObj, - CssmAllocator &alloc - #if !NSS_TAGGED_ITEMS - , SecNssCoder &coder - #endif - ); -void CL_nssRdnToCssm( - const NSS_RDN &nssObj, - CSSM_X509_RDN &cssmObj, - CssmAllocator &alloc, - SecNssCoder &coder); -void CL_nssNameToCssm( - const NSS_Name &nssObj, - CSSM_X509_NAME &cssmObj, - CssmAllocator &alloc); - -void CL_cssmAtvToNss( - const CSSM_X509_TYPE_VALUE_PAIR &cssmObj, - NSS_ATV &nssObj, - SecNssCoder &coder); -void CL_cssmRdnToNss( - const CSSM_X509_RDN &cssmObj, - NSS_RDN &nssObj, - SecNssCoder &coder); -void CL_cssmNameToNss( - const CSSM_X509_NAME &cssmObj, - NSS_Name &nssObj, - SecNssCoder &coder); - -void CL_normalizeString( - char *strPtr, - int &strLen); // IN/OUT -void CL_normalizeX509NameNSS( - NSS_Name &nssName, - SecNssCoder &coder); - -void CL_nssGeneralNameToCssm( - NSS_GeneralName &nssObj, - CE_GeneralName &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc); // destination - -void CL_nssGeneralNamesToCssm( - const NSS_GeneralNames &nssObj, - CE_GeneralNames &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc); // destination -void CL_cssmGeneralNameToNss( - CE_GeneralName &cdsaObj, - NSS_GeneralName &nssObj, // actually an NSSTaggedItem - SecNssCoder &coder); // for temp decoding -void CL_cssmGeneralNamesToNss( - const CE_GeneralNames &cdsaObj, - NSS_GeneralNames &nssObj, - SecNssCoder &coder); - -void clCopyOtherName( - const CE_OtherName &src, - CE_OtherName &dst, - CssmAllocator &alloc); - -void CL_freeAuthorityKeyId( - CE_AuthorityKeyID &cdsaObj, - CssmAllocator &alloc); -void CL_freeCssmGeneralNames( - CE_GeneralNames *cdsaObj, - CssmAllocator &alloc); -void CL_freeCssmDistPointName( - CE_DistributionPointName *cssmDpn, - CssmAllocator &alloc); -void CL_freeCssmDistPoints( - CE_CRLDistPointsSyntax *cssmDps, - CssmAllocator &alloc); -void CL_freeX509Name( - CSSM_X509_NAME_PTR x509Name, - CssmAllocator &alloc); -void CL_freeX509Rdn( - CSSM_X509_RDN_PTR rdn, - CssmAllocator &alloc); -void CL_freeOtherName( - CE_OtherName *cssmOther, - CssmAllocator &alloc); -void CL_freeCssmIssuingDistPoint( - CE_IssuingDistributionPoint *cssmIdp, - CssmAllocator &alloc); - - -#endif /* _CL_NAME_UTILS_H_ */ diff --git a/AppleX509CL/clNssUtils.cpp b/AppleX509CL/clNssUtils.cpp deleted file mode 100644 index 7997c716..00000000 --- a/AppleX509CL/clNssUtils.cpp +++ /dev/null @@ -1,997 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * clNssUtils.cpp - support for libnssasn1-based ASN1 encode/decode - */ - -#include "clNssUtils.h" -#include "clNameUtils.h" -#include "CSPAttacher.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#pragma mark ----- ArenaAllocator ----- - -/* - * Avoid inlining this for debuggability - */ -void *ArenaAllocator::malloc(size_t len) throw(std::bad_alloc) -{ - try { - return mCoder.malloc(len); - } - catch (...) { - throw std::bad_alloc(); - } -} - -/* intentionally not implemented, should never be called */ -void ArenaAllocator::free(void *p) throw() -{ - throw std::bad_alloc(); -} - -void *ArenaAllocator::realloc(void *p, size_t len) throw(std::bad_alloc) -{ - throw std::bad_alloc(); -} - -#pragma mark ----- Malloc/Copy/Compare CSSM_DATA ----- - -/* - * Misc. alloc/copy with arbitrary CssmAllocator - */ -/* malloc d.Data, set d.Length */ -void clAllocData( - CssmAllocator &alloc, - CSSM_DATA &dst, - size_t len) -{ - if(len == 0) { - dst.Data = NULL; - } - else { - dst.Data = (uint8 *)alloc.malloc(len); - } - dst.Length = len; -} - -/* malloc and copy */ -void clAllocCopyData( - CssmAllocator &alloc, - const CSSM_DATA &src, - CSSM_DATA &dst) -{ - clAllocData(alloc, dst, src.Length); - if(dst.Length != 0) { - memmove(dst.Data, src.Data, src.Length); - } -} - -/* - * Compare two CSSM_DATAs (or two CSSM_OIDs), return true if identical. - */ -bool clCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2) -{ - if((data1 == NULL) || (data1->Data == NULL) || - (data2 == NULL) || (data2->Data == NULL) || - (data1->Length != data2->Length)) { - return false; - } - if(data1->Length != data2->Length) { - return false; - } - if(memcmp(data1->Data, data2->Data, data1->Length) == 0) { - return true; - } - else { - return false; - } -} - -#pragma mark ----- CSSM_DATA <--> uint32 ----- - -uint32 clDataToInt( - const CSSM_DATA &cdata, - CSSM_RETURN toThrow) /* = CSSMERR_CL_INVALID_CERT_POINTER */ -{ - if((cdata.Length == 0) || (cdata.Data == NULL)) { - return 0; - } - uint32 len = cdata.Length; - if(len > sizeof(uint32)) { - CssmError::throwMe(toThrow); - } - - uint32 rtn = 0; - uint8 *cp = cdata.Data; - for(uint32 i=0; i>= 8; - } -} - -#pragma mark ----- CSSM_BOOL <--> CSSM_DATA ----- -/* - * A Bool is encoded as one byte of either 0 or 0xff - * Default of NSS boolean not present is false - */ -CSSM_BOOL clNssBoolToCssm( - const CSSM_DATA &nssBool) -{ - if((nssBool.Data != NULL) && (nssBool.Data[0] == 0xff)) { - return CSSM_TRUE; - } - else { - return CSSM_FALSE; - } -} - -void clCssmBoolToNss( - CSSM_BOOL cBool, - CSSM_DATA &nssBool, - CssmAllocator &alloc) -{ - uint32 num = cBool ? 0xff : 0; - clIntToData(num, nssBool, alloc); -} - -#pragma mark ----- Bit String manipulation ----- - -/* - * Adjust the length of a CSSM_DATA representing a pre-encoded - * bit string. On entry the length field is the number of bytes - * of data; en exit, the number if bits. Trailing zero bits - * are counted as unused (which is how KeyUsage and NetscapeCertType - * extensions are encoded). - */ -void clCssmBitStringToNss( - CSSM_DATA &b) -{ - int numBits = b.Length * 8; - - /* start at end of bit array, scanning backwards looking - * for the first set bit */ - bool foundSet = false; - for(int dex=b.Length-1; dex>=0; dex--) { - unsigned bitMask = 0x01; - uint8 byte = b.Data[dex]; - for(unsigned bdex=0; bdex<8; bdex++) { - if(byte & bitMask) { - foundSet = true; - break; - } - else { - bitMask <<= 1; - numBits--; - } - } - if(foundSet) { - break; - } - } - /* !foundSet --> numBits = 0 */ - assert(((numBits > 0) & foundSet) || ((numBits == 0) && !foundSet)); - b.Length = (uint32)numBits; -} - -/* - * On entry, Length is bit count; on exit, a byte count. - * The job here is to ensure that bits marked as "unused" in the - * BER encoding are cleared. Encoding rules say they are undefined in - * the actual encoding. - */ -void clNssBitStringToCssm( - CSSM_DATA &b) -{ - uint32 byteCount = (b.Length + 7) / 8; - unsigned partialBits = b.Length & 0x7; - b.Length = byteCount; - if(partialBits == 0) { - return; - } - - /* mask off unused bits */ - unsigned unusedBits = 8 - partialBits; - uint8 *bp = b.Data + b.Length - 1; - /* mask = (2 ** unusedBits) - 1 */ - unsigned mask = (1 << unusedBits) - 1; - *bp &= ~mask; -} - -#pragma mark ----- NSS array manipulation ----- -/* - * How many items in a NULL-terminated array of pointers? - */ -unsigned clNssArraySize( - const void **array) -{ - unsigned count = 0; - if (array) { - while (*array++) { - count++; - } - } - return count; -} - -/* malloc a NULL-ed array of pointers of size num+1 */ -void **clNssNullArray( - uint32 num, - SecNssCoder &coder) -{ - unsigned len = (num + 1) * sizeof(void *); - void **p = (void **)coder.malloc(len); - memset(p, 0, len); - return p; -} - -/* - * GIven a CSSM_DATA containing a decoded BIT_STRING, - * convert to a KeyUsage. - */ -CE_KeyUsage clBitStringToKeyUsage( - const CSSM_DATA &cdata) -{ - unsigned toCopy = (cdata.Length + 7) / 8; - if(toCopy > 2) { - /* I hope I never see this... */ - clErrorLog("clBitStringToKeyUsage: KeyUsage larger than 2 bytes!"); - toCopy = 2; - } - unsigned char bits[2] = {0, 0}; - memmove(bits, cdata.Data, toCopy); - CE_KeyUsage usage = (((unsigned)bits[0]) << 8) | bits[1]; - return usage; -} - -CSSM_ALGORITHMS CL_oidToAlg( - const CSSM_OID &oid) -{ - CSSM_ALGORITHMS alg; - bool found = cssmOidToAlg(&oid, &alg); - if(!found) { - clErrorLog("CL_oidToAlg: unknown alg\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - return alg; -} - -#pragma mark ----- copy CSSM_X509_ALGORITHM_IDENTIFIER ----- - -/* - * Copy CSSM_X509_ALGORITHM_IDENTIFIER, same format (NSS and CSSM). - */ -void CL_copyAlgId( - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId, - CSSM_X509_ALGORITHM_IDENTIFIER &dstAlgId, - CssmAllocator &alloc) -{ - clAllocCopyData(alloc, srcAlgId.algorithm, dstAlgId.algorithm); - clAllocCopyData(alloc, srcAlgId.parameters, dstAlgId.parameters); -} - -void CL_freeCssmAlgId( - CSSM_X509_ALGORITHM_IDENTIFIER *cdsaObj, // optional - CssmAllocator &alloc) -{ - if(cdsaObj == NULL) { - return; - } - alloc.free(cdsaObj->algorithm.Data); - alloc.free(cdsaObj->parameters.Data); - memset(cdsaObj, 0, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)); -} - - -#pragma mark ----- CSSM_X509_TIME <--> NSS format ----- - -/* - * Map the tag associated with a choice of DirectoryString elements to - * a template array for encoding/decoding that string type. - * Contrary to RFC2459, we allow the IA5String type, which is actually - * used in the real world (cf. the email address in Thawte's serverbasic - * cert). - */ - -/* The template chooser does the work here */ - -bool CL_nssTimeToCssm( - const NSS_TaggedItem &nssTime, - CSSM_X509_TIME &cssmObj, - CssmAllocator &alloc) -{ - cssmObj.timeType = nssTime.tag; - clAllocCopyData(alloc, nssTime.item, cssmObj.time); - return true; -} - -/* - * CSSM time to NSS time. - */ -void CL_cssmTimeToNss( - const CSSM_X509_TIME &cssmTime, - NSS_TaggedItem &nssTime, - SecNssCoder &coder) -{ - nssTime.tag = cssmTime.timeType; - coder.allocCopyItem(cssmTime.time, nssTime.item); -} - -void CL_freeCssmTime( - CSSM_X509_TIME *cssmTime, - CssmAllocator &alloc) -{ - if(cssmTime == NULL) { - return; - } - if(cssmTime->time.Data) { - alloc.free(cssmTime->time.Data); - } - memset(cssmTime, 0, sizeof(CSSM_X509_TIME)); -} - - -#pragma mark ----- CSSM_X509_SUBJECT_PUBLIC_KEY_INFO <--> CSSM_KEY ----- - -/* - * Copy a CSSM_X509_SUBJECT_PUBLIC_KEY_INFO. - * - * Same format (NSS and CSSM), EXCEPT: - * - * Objects which have just been NSS decoded or are about to be - * NSS encoded have the subjectPublicKey.Length field in BITS - * since this field is wrapped in a BIT STRING upon encoding. - * - * Caller tells us which format (bits or bytes) - * to use for each of {src, dst}. - */ -void CL_copySubjPubKeyInfo( - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &srcInfo, - bool srcInBits, - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &dstInfo, - bool dstInBits, - CssmAllocator &alloc) -{ - CL_copyAlgId(srcInfo.algorithm, dstInfo.algorithm, alloc); - - CSSM_DATA srcKey = srcInfo.subjectPublicKey; - if(srcInBits) { - srcKey.Length = (srcKey.Length + 7) / 8; - } - clAllocCopyData(alloc, srcKey, dstInfo.subjectPublicKey); - if(dstInBits) { - dstInfo.subjectPublicKey.Length *= 8; - } -} - -/* - * Obtain a CSSM_KEY from a CSSM_X509_SUBJECT_PUBLIC_KEY_INFO, - * inferring as much as we can from required fields - * (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO) and extensions (for - * KeyUse, obtained from the optional DecodedCert). - */ -CSSM_KEY_PTR CL_extractCSSMKeyNSS( - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &keyInfo, - CssmAllocator &alloc, - const DecodedCert *decodedCert) // optional -{ - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR) alloc.malloc(sizeof(CSSM_KEY)); - memset(cssmKey, 0, sizeof(CSSM_KEY)); - CSSM_KEYHEADER &hdr = cssmKey->KeyHeader; - CssmRemoteData keyData(alloc, cssmKey->KeyData); - try { - hdr.HeaderVersion = CSSM_KEYHEADER_VERSION; - /* CspId blank */ - hdr.BlobType = CSSM_KEYBLOB_RAW; - hdr.AlgorithmId = CL_oidToAlg(keyInfo.algorithm.algorithm); - hdr.KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; - - /* - * Format inferred from AlgorithmId. I have never seen these defined - * anywhere, e.g., what's the format of an RSA public key in a cert? - * X509 certainly doesn't say. However. the following two cases are - * known to be correct. - */ - switch(hdr.AlgorithmId) { - case CSSM_ALGID_RSA: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - break; - case CSSM_ALGID_DSA: - case CSSM_ALGID_DH: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_X509; - break; - case CSSM_ALGID_FEE: - /* CSSM_KEYBLOB_RAW_FORMAT_NONE --> DER encoded */ - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - break; - default: - /* punt */ - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - hdr.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - - /* KeyUsage inferred from extensions */ - if(decodedCert) { - hdr.KeyUsage = decodedCert->inferKeyUsage(); - } - else { - hdr.KeyUsage = CSSM_KEYUSE_ANY; - } - - /* start/end date unknown, leave zero */ - hdr.WrapAlgorithmId = CSSM_ALGID_NONE; - hdr.WrapMode = CSSM_ALGMODE_NONE; - - switch(hdr.AlgorithmId) { - case CSSM_ALGID_DSA: - case CSSM_ALGID_DH: - { - /* - * Just encode the whole subject public key info blob. - * NOTE we're assuming that the keyInfo.subjectPublicKey - * field is in the NSS_native BITSTRING format, i.e., - * its Length field is in bits and we don't have to adjust. - */ - PRErrorCode prtn = SecNssEncodeItemOdata(&keyInfo, - NSS_SubjectPublicKeyInfoTemplate, keyData); - if(prtn) { - clErrorLog("extractCSSMKey: error on reencode\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - break; - } - default: - /* - * RSA, FEE for now. - * keyInfo.subjectPublicKey (in BITS) ==> KeyData - */ - keyData.copy(keyInfo.subjectPublicKey.Data, - (keyInfo.subjectPublicKey.Length + 7) / 8); - } - keyData.release(); - - /* - * LogicalKeySizeInBits - ask the CSP - */ - CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true); - CSSM_KEY_SIZE keySize; - CSSM_RETURN crtn; - crtn = CSSM_QueryKeySizeInBits(cspHand, CSSM_INVALID_HANDLE, cssmKey, - &keySize); - switch(crtn) { - default: - CssmError::throwMe(crtn); - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - /* - * This is how the CSP indicates a "partial" public key, - * with a valid public key value but no alg-specific - * parameters (currently, DSA only). - */ - hdr.KeyAttr |= CSSM_KEYATTR_PARTIAL; - /* and drop thru */ - case CSSM_OK: - cssmKey->KeyHeader.LogicalKeySizeInBits = - keySize.LogicalKeySizeInBits; - break; - } - } - catch (...) { - alloc.free(cssmKey); - throw; - } - return cssmKey; -} - -/* - * Set up a encoded NULL for CSSM_X509_ALGORITHM_IDENTIFIER.parameters. - */ -void CL_nullAlgParams( - CSSM_X509_ALGORITHM_IDENTIFIER &algId) -{ - static const uint8 encNull[2] = { SEC_ASN1_NULL, 0 }; - CSSM_DATA encNullData; - encNullData.Data = (uint8 *)encNull; - encNullData.Length = 2; - - algId.parameters = encNullData; -} - -/* - * Convert a CSSM_KEY to a CSSM_X509_SUBJECT_PUBLIC_KEY_INFO. The - * CSSM key must be in raw format and with a specific blob format. - * -- RSA keys have to be CSSM_KEYBLOB_RAW_FORMAT_PKCS1 - * -- DSA keys have to be CSSM_KEYBLOB_RAW_FORMAT_X509 - */ -void CL_CSSMKeyToSubjPubKeyInfoNSS( - const CSSM_KEY &cssmKey, - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &nssKeyInfo, - SecNssCoder &coder) -{ - const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader; - if(hdr.BlobType != CSSM_KEYBLOB_RAW) { - clErrorLog("CL SetField: must specify RAW key blob\n"); - CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); - } - memset(&nssKeyInfo, 0, sizeof(nssKeyInfo)); - - /* algorithm and format dependent from here... */ - switch(hdr.AlgorithmId) { - case CSSM_ALGID_RSA: - if(hdr.Format != CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { - clErrorLog("CL SetField: RSA key must be in PKCS1 format\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - /* and fall thru */ - default: - { - /* Key header's algorithm --> OID */ - const CSSM_OID *oid = cssmAlgToOid(hdr.AlgorithmId); - if(oid == NULL) { - clErrorLog("CL SetField: Unknown key algorithm\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - } - CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssKeyInfo.algorithm; - coder.allocCopyItem(*oid, algId.algorithm); - - /* NULL algorithm parameters, always in this case */ - CL_nullAlgParams(algId); - - /* Copy key bits, destination is a BIT STRING */ - coder.allocCopyItem(cssmKey.KeyData, nssKeyInfo.subjectPublicKey); - nssKeyInfo.subjectPublicKey.Length *= 8; - break; - } - case CSSM_ALGID_DSA: - if(hdr.Format != CSSM_KEYBLOB_RAW_FORMAT_X509) { - clErrorLog("CL SetField: DSA key must be in X509 format\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - - /* - * All we do is decode the whole key blob into the - * SubjectPublicKeyInfo. - */ - if(coder.decodeItem(cssmKey.KeyData, - NSS_SubjectPublicKeyInfoTemplate, - &nssKeyInfo)) { - clErrorLog("CL SetField: Error decoding DSA public key\n"); - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); - } - break; - } -} - -void CL_freeCSSMKey( - CSSM_KEY_PTR cssmKey, - CssmAllocator &alloc, - bool freeTop) -{ - if(cssmKey == NULL) { - return; - } - alloc.free(cssmKey->KeyData.Data); - memset(cssmKey, 0, sizeof(CSSM_KEY)); - if(freeTop) { - alloc.free(cssmKey); - } -} - -#pragma mark ----- CE_AuthorityKeyID <--> NSS_AuthorityKeyId ----- - -void CL_cssmAuthorityKeyIdToNss( - const CE_AuthorityKeyID &cdsaObj, - NSS_AuthorityKeyId &nssObj, - SecNssCoder &coder) -{ - memset(&nssObj, 0, sizeof(nssObj)); - if(cdsaObj.keyIdentifierPresent) { - nssObj.keyIdentifier = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA)); - coder.allocCopyItem(cdsaObj.keyIdentifier, *nssObj.keyIdentifier); - } - if(cdsaObj.generalNamesPresent ) { - /* GeneralNames, the hard one */ - CL_cssmGeneralNamesToNss(*cdsaObj.generalNames, - nssObj.genNames, coder); - } - if(cdsaObj.serialNumberPresent) { - coder.allocCopyItem(cdsaObj.serialNumber,nssObj.serialNumber); - } -} - -void CL_nssAuthorityKeyIdToCssm( - const NSS_AuthorityKeyId &nssObj, - CE_AuthorityKeyID &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc) -{ - if(nssObj.keyIdentifier != NULL) { - cdsaObj.keyIdentifierPresent = CSSM_TRUE; - clAllocCopyData(alloc, *nssObj.keyIdentifier, cdsaObj.keyIdentifier); - } - if(nssObj.genNames.names != NULL) { - /* GeneralNames, the hard one */ - cdsaObj.generalNamesPresent = CSSM_TRUE; - cdsaObj.generalNames = - (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralNames)); - CL_nssGeneralNamesToCssm(nssObj.genNames, - *cdsaObj.generalNames, - coder, - alloc); - } - if(nssObj.serialNumber.Data != NULL) { - cdsaObj.serialNumberPresent = CSSM_TRUE; - clAllocCopyData(alloc, nssObj.serialNumber, cdsaObj.serialNumber); - } -} - -#pragma mark ----- decode/encode CE_DistributionPointName ----- - -/* This is always a DER-encoded blob at the NSS level */ -void CL_decodeDistributionPointName( - const CSSM_DATA &nssBlob, - CE_DistributionPointName &cssmDpn, - SecNssCoder &coder, - CssmAllocator &alloc) -{ - memset(&cssmDpn, 0, sizeof(CE_DistributionPointName)); - if(nssBlob.Length == 0) { - clErrorLog("***CL_decodeDistributionPointName: bad PointName\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - unsigned char tag = nssBlob.Data[0] & SEC_ASN1_TAGNUM_MASK; - switch(tag) { - case NSS_DIST_POINT_FULL_NAME_TAG: - { - /* decode to temp coder memory */ - NSS_GeneralNames gnames; - gnames.names = NULL; - if(coder.decodeItem(nssBlob, NSS_DistPointFullNameTemplate, - &gnames)) { - clErrorLog("***Error decoding DistPointFullName\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - cssmDpn.nameType = CE_CDNT_FullName; - cssmDpn.fullName = (CE_GeneralNames *)alloc.malloc( - sizeof(CE_GeneralNames)); - - /* copy out to caller */ - CL_nssGeneralNamesToCssm(gnames, - *cssmDpn.fullName, coder, alloc); - break; - } - case NSS_DIST_POINT_RDN_TAG: - { - /* decode to temp coder memory */ - NSS_RDN rdn; - memset(&rdn, 0, sizeof(rdn)); - if(coder.decodeItem(nssBlob, NSS_DistPointRDNTemplate, - &rdn)) { - clErrorLog("***Error decoding DistPointRDN\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - cssmDpn.nameType = CE_CDNT_NameRelativeToCrlIssuer; - cssmDpn.rdn = (CSSM_X509_RDN_PTR)alloc.malloc( - sizeof(CSSM_X509_RDN)); - - /* copy out to caller */ - CL_nssRdnToCssm(rdn, *cssmDpn.rdn, alloc, coder); - break; - } - default: - clErrorLog("***Bad CE_DistributionPointName tag\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } -} - -void CL_encodeDistributionPointName( - CE_DistributionPointName &cpoint, - CSSM_DATA &npoint, - SecNssCoder &coder) -{ - const SEC_ASN1Template *templ = NULL; - NSS_GeneralNames gnames; - NSS_RDN rdn; - void *encodeSrc = NULL; - - /* - * Our job is to convert one of two incoming aggregate types - * into NSS format, then encode the result into npoint. - */ - switch(cpoint.nameType) { - case CE_CDNT_FullName: - CL_cssmGeneralNamesToNss(*cpoint.fullName, - gnames, coder); - encodeSrc = &gnames; - templ = NSS_DistPointFullNameTemplate; - break; - - case CE_CDNT_NameRelativeToCrlIssuer: - CL_cssmRdnToNss(*cpoint.rdn, rdn, coder); - encodeSrc = &rdn; - templ = NSS_DistPointRDNTemplate; - break; - default: - clErrorLog("CL_encodeDistributionPointName: bad nameType\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG); - } - if(coder.encodeItem(encodeSrc, templ, npoint)) { - clErrorLog("CL_encodeDistributionPointName: encode error\n"); - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } -} - - -#pragma mark --- CE_CRLDistPointsSyntax <--> NSS_CRLDistributionPoints --- - -void CL_cssmDistPointsToNss( - const CE_CRLDistPointsSyntax &cdsaObj, - NSS_CRLDistributionPoints &nssObj, - SecNssCoder &coder) -{ - memset(&nssObj, 0, sizeof(nssObj)); - unsigned numPoints = cdsaObj.numDistPoints; - if(numPoints == 0) { - return; - } - nssObj.distPoints = - (NSS_DistributionPoint **)clNssNullArray(numPoints, coder); - for(unsigned dex=0; dexdistPointName) { - /* encode and drop into ASN_ANY slot */ - npoint->distPointName = (CSSM_DATA *) - coder.malloc(sizeof(CSSM_DATA)); - CL_encodeDistributionPointName(*cpoint->distPointName, - *npoint->distPointName, coder); - - } - - if(cpoint->reasonsPresent) { - /* bit string, presumed max length 8 bits */ - coder.allocItem(npoint->reasons, 1); - npoint->reasons.Data[0] = cpoint->reasons; - /* adjust for bit string length */ - npoint->reasons.Length = 8; - } - - if(cpoint->crlIssuer) { - CL_cssmGeneralNamesToNss(*cpoint->crlIssuer, - npoint->crlIssuer, coder); - } - } -} - -void CL_nssDistPointsToCssm( - const NSS_CRLDistributionPoints &nssObj, - CE_CRLDistPointsSyntax &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc) -{ - memset(&cdsaObj, 0, sizeof(cdsaObj)); - unsigned numPoints = clNssArraySize((const void **)nssObj.distPoints); - if(numPoints == 0) { - return; - } - - unsigned len = sizeof(CE_CRLDistributionPoint) * numPoints; - cdsaObj.distPoints = (CE_CRLDistributionPoint *)alloc.malloc(len); - memset(cdsaObj.distPoints, 0, len); - cdsaObj.numDistPoints = numPoints; - - for(unsigned dex=0; dex 8) { - clErrorLog("***CL_nssDistPointsToCssm: Malformed reasons\n"); - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - cpoint.reasonsPresent = CSSM_TRUE; - if(npoint.reasons.Length != 0) { - cpoint.reasons = npoint.reasons.Data[0]; - } - } - - if(npoint.crlIssuer.names != NULL) { - /* Cook up a new CE_GeneralNames */ - cpoint.crlIssuer = - (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralNames)); - CL_nssGeneralNamesToCssm(npoint.crlIssuer, *cpoint.crlIssuer, - coder, alloc); - } - } -} - -#pragma mark ----- IssuingDistributionPoint ----- - -void CL_nssIssuingDistPointToCssm( - NSS_IssuingDistributionPoint *nssIdp, - CE_IssuingDistributionPoint *cssmIdp, - SecNssCoder &coder, - CssmAllocator &alloc) -{ - /* All fields optional */ - memset(cssmIdp, 0, sizeof(*cssmIdp)); - if(nssIdp->distPointName) { - CE_DistributionPointName *cssmDp = (CE_DistributionPointName *) - alloc.malloc(sizeof(CE_DistributionPointName)); - - /* - * This one is currently still encoded; we have to peek - * at its tag and decode accordingly. - */ - CL_decodeDistributionPointName(*nssIdp->distPointName, - *cssmDp, coder, alloc); - cssmIdp->distPointName = cssmDp; - } - if(nssIdp->onlyUserCerts) { - cssmIdp->onlyUserCertsPresent = CSSM_TRUE; - cssmIdp->onlyUserCerts = clNssBoolToCssm(*nssIdp->onlyUserCerts); - } - if(nssIdp->onlyCACerts) { - cssmIdp->onlyCACertsPresent = CSSM_TRUE; - cssmIdp->onlyCACerts = clNssBoolToCssm(*nssIdp->onlyCACerts); - } - if(nssIdp->onlySomeReasons) { - cssmIdp->onlySomeReasonsPresent = CSSM_TRUE; - if(nssIdp->onlySomeReasons->Length > 0) { - cssmIdp->onlySomeReasons = *nssIdp->onlySomeReasons->Data; - } - else { - cssmIdp->onlySomeReasons = 0; - } - } - if(nssIdp->indirectCRL) { - cssmIdp->indirectCrlPresent = CSSM_TRUE; - cssmIdp->indirectCrl = clNssBoolToCssm(*nssIdp->indirectCRL); - } -} - -#pragma mark ----- Top-level Cert/CRL encode and decode ----- - -/* - * To ensure a secure means of signing and verifying TBSCert blobs, we - * provide these functions to encode and decode just the top-level - * elements of a certificate. Unfortunately there is no guarantee - * that when you decode and re-encode a TBSCert blob, you get the - * same thing you started with (although with DER rules, as opposed - * to BER rules, you should). Thus when signing, we sign the TBSCert - * and encode the signed cert here without ever decoding the TBSCert (or, - * at least, without using the decoded version to get the encoded TBS blob). - */ - -void CL_certCrlDecodeComponents( - const CssmData &signedItem, // DER-encoded cert or CRL - CssmOwnedData &tbsBlob, // still DER-encoded - CssmOwnedData &algId, // ditto - CssmOwnedData &rawSig) // raw bits (not an encoded AsnBits) -{ - /* BER-decode into temp memory */ - NSS_SignedCertOrCRL nssObj; - SecNssCoder coder; - PRErrorCode prtn; - - memset(&nssObj, 0, sizeof(nssObj)); - prtn = coder.decode(signedItem.data(), signedItem.length(), - NSS_SignedCertOrCRLTemplate, &nssObj); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); - } - - /* tbsBlob and algId are raw ASN_ANY including tags, which we pass - * back to caller intact */ - tbsBlob.copy(nssObj.tbsBlob.Data, nssObj.tbsBlob.Length); - algId.copy(nssObj.signatureAlgorithm.Data, - nssObj.signatureAlgorithm.Length); - - /* signature is a bit string which we do in fact decode */ - rawSig.copy(nssObj.signature.Data, - (nssObj.signature.Length + 7) / 8); -} - - -/* - * Given pre-DER-encoded blobs, do the final encode step for a signed cert. - */ -void -CL_certEncodeComponents( - const CssmData &TBSCert, // DER-encoded - const CssmData &algId, // ditto - const CssmData &rawSig, // raw bits, not encoded - CssmOwnedData &signedCert) // DER-encoded -{ - NSS_SignedCertOrCRL nssObj; - nssObj.tbsBlob.Data = TBSCert.Data; - nssObj.tbsBlob.Length = TBSCert.Length; - nssObj.signatureAlgorithm.Data = algId.Data; - nssObj.signatureAlgorithm.Length = algId.Length; - nssObj.signature.Data = rawSig.Data; - nssObj.signature.Length = rawSig.Length * 8; // BIT STRING - - PRErrorCode prtn; - - prtn = SecNssEncodeItemOdata(&nssObj, - NSS_SignedCertOrCRLTemplate,signedCert); - if(prtn) { - CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); - } - -} diff --git a/AppleX509CL/clNssUtils.h b/AppleX509CL/clNssUtils.h deleted file mode 100644 index f6939637..00000000 --- a/AppleX509CL/clNssUtils.h +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * clNssUtils.h - support for libnssasn1-based ASN1 encode/decode - */ - -#ifndef _CL_NSS_UTILS_H_ -#define _CL_NSS_UTILS_H_ - -#include -#include -#include -#include "DecodedCert.h" - -/* - * A CssmAllocator which is actually based upon a PLArenaPool. This only - * mallocs, it doesn't have a free - all memory allocated with this - * object is freed when the SecNssCoder associated with this object is - * freed. It's used to malloc the fields in DecodedCert.mCert and - * DecodedCrl.mCrl. - */ -class ArenaAllocator : public Security::CssmAllocator -{ - NOCOPY(ArenaAllocator) -public: - ArenaAllocator(SecNssCoder &coder) - : mCoder(coder) { } - ~ArenaAllocator() { } - void *malloc(size_t) throw(std::bad_alloc) ; - void free(void *) throw() ; - void *realloc(void *, size_t) throw(std::bad_alloc); -private: - SecNssCoder &mCoder; -}; - -/* - * Misc. alloc/copy with arbitrary CssmAllocator - */ - -/* malloc d.Data, set d.Length */ -void clAllocData( - CssmAllocator &alloc, - CSSM_DATA &dst, - size_t len); - -/* malloc and copy */ -void clAllocCopyData( - CssmAllocator &alloc, - const CSSM_DATA &src, - CSSM_DATA &dst); - -/* return true if two CSSM_DATAs (or two CSSM_OIDs) compare equal */ -bool clCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2); - -/* - * CSSM_DATA --> uint32 - */ -uint32 clDataToInt( - const CSSM_DATA &cdata, - CSSM_RETURN toThrow = CSSMERR_CL_INVALID_CERT_POINTER); -void clIntToData( - uint32 num, - CSSM_DATA &cdata, - CssmAllocator &alloc); - -/* CSSM_BOOL <--> CSSM_DATA */ -CSSM_BOOL clNssBoolToCssm( - const CSSM_DATA &nssBool); -void clCssmBoolToNss( - CSSM_BOOL cBool, - CSSM_DATA &nssBool, - CssmAllocator &alloc); - -/* Bit String */ -void clCssmBitStringToNss( - CSSM_DATA &b); -void clNssBitStringToCssm( - CSSM_DATA &b); - -/* How many items in a NULL-terminated array of pointers? */ -unsigned clNssArraySize( - const void **array); - -/* malloc a NULL-ed array of pointers of size num+1 */ -void **clNssNullArray( - uint32 num, - SecNssCoder &coder); - -CE_KeyUsage clBitStringToKeyUsage( - const CSSM_DATA &cdata); - -CSSM_ALGORITHMS CL_oidToAlg( - const CSSM_OID &oid); - -void CL_copyAlgId( - const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId, - CSSM_X509_ALGORITHM_IDENTIFIER &destAlgId, - CssmAllocator &alloc); -void CL_freeCssmAlgId( - CSSM_X509_ALGORITHM_IDENTIFIER *cdsaObj, // optional - CssmAllocator &alloc); - - -bool CL_nssTimeToCssm( - const NSS_Time &derTime, - CSSM_X509_TIME &cssmObj, - CssmAllocator &alloc); -void CL_cssmTimeToNss( - const CSSM_X509_TIME &cssmTime, - NSS_Time &nssTime, - SecNssCoder &coder); -void CL_freeCssmTime( - CSSM_X509_TIME *cssmTime, - CssmAllocator &alloc); - -void CL_nullAlgParams( - CSSM_X509_ALGORITHM_IDENTIFIER &algId); - -void CL_copySubjPubKeyInfo( - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &srcInfo, - bool srcInBits, - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &dstInfo, - bool dstInBits, - CssmAllocator &alloc); -CSSM_KEY_PTR CL_extractCSSMKeyNSS( - const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &keyInfo, - CssmAllocator &alloc, - const DecodedCert *decodedCert); // optional -void CL_CSSMKeyToSubjPubKeyInfoNSS( - const CSSM_KEY &cssmKey, - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &nssKeyInfo, - SecNssCoder &coder); -void CL_freeCSSMKey( - CSSM_KEY_PTR cssmKey, - CssmAllocator &alloc, - bool freeTop = true); // delete the actual key - // as well as contents - -void CL_cssmAuthorityKeyIdToNss( - const CE_AuthorityKeyID &cdsaObj, - NSS_AuthorityKeyId &nssObj, - SecNssCoder &coder); -void CL_nssAuthorityKeyIdToCssm( - const NSS_AuthorityKeyId &nssObj, - CE_AuthorityKeyID &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc); - -void CL_decodeDistributionPointName( - const CSSM_DATA &nssBlob, - CE_DistributionPointName &cssmDpn, - SecNssCoder &coder, - CssmAllocator &alloc); -void CL_encodeDistributionPointName( - CE_DistributionPointName &cpoint, - CSSM_DATA &npoint, - SecNssCoder &coder); -void CL_cssmDistPointsToNss( - const CE_CRLDistPointsSyntax &cdsaObj, - NSS_CRLDistributionPoints &nssObj, - SecNssCoder &coder); -void CL_nssDistPointsToCssm( - const NSS_CRLDistributionPoints &nssObj, - CE_CRLDistPointsSyntax &cdsaObj, - SecNssCoder &coder, // for temp decoding - CssmAllocator &alloc); - -void CL_nssIssuingDistPointToCssm( - NSS_IssuingDistributionPoint *nssIdp, - CE_IssuingDistributionPoint *cssmIdp, - SecNssCoder &coder, - CssmAllocator &alloc); - -void CL_certCrlDecodeComponents( - const CssmData &signedItem, // DER-encoded cert or CRL - CssmOwnedData &tbsBlob, // still DER-encoded - CssmOwnedData &algId, // ditto - CssmOwnedData &rawSig); // raw bits (not an encoded AsnBits) -void -CL_certEncodeComponents( - const CssmData &TBSCert, // DER-encoded - const CssmData &algId, // ditto - const CssmData &rawSig, // raw bits, not encoded - CssmOwnedData &signedCert); // DER-encoded - -#endif /* _CL_NSS_UTILS_H_ */ diff --git a/AppleX509CL/cl_common.mdsinfo b/AppleX509CL/cl_common.mdsinfo deleted file mode 100644 index 2b573672..00000000 --- a/AppleX509CL/cl_common.mdsinfo +++ /dev/null @@ -1,28 +0,0 @@ - - - - - BuiltIn - - CDSAVersion - 2.0 - Desc - Apple built-in CL - DynamicFlag - - MdsFileDescription - Built-in X509 CL Common info - MdsFileType - PluginCommon - ModuleID - {87191ca4-0fc9-11d4-849a000502b52122} - ModuleName - AppleX509CL - MultiThreadFlag - - ProductVersion - 1.0 - ServiceMask - CSSM_SERVICE_CL - - diff --git a/AppleX509CL/cl_primary.mdsinfo b/AppleX509CL/cl_primary.mdsinfo deleted file mode 100644 index 932e311e..00000000 --- a/AppleX509CL/cl_primary.mdsinfo +++ /dev/null @@ -1,38 +0,0 @@ - - - - - BundleTypeFormat - - CertFieldsNames - - - CertTypeFormat - <<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER - CrlTypeFormat_NONE - 0 - DefaultTemplateType - CSSM_CL_TEMPLATE_INTERMEDIATE_CERT - MdsFileDescription - Built-in X509CL Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_CL_PRIMARY_RECORDTYPE - ModuleID - {87191ca4-0fc9-11d4-849a000502b52122} - ModuleName - AppleX509CL - ProductVersion - 1.0 - SSID - 0 - TemplateFieldNames - - - Vendor - Apple Computer, Inc. - XlationTypeFormat - - - diff --git a/AppleX509CL/cldebugging.h b/AppleX509CL/cldebugging.h deleted file mode 100644 index 553e1d63..00000000 --- a/AppleX509CL/cldebugging.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cldebugging.h - - Contains: Debugging macros. -*/ - -#ifndef _CLDEBUGGING_H_ -#define _CLDEBUGGING_H_ - -#include - -#ifdef NDEBUG -/* this actually compiles to nothing */ -#define clErrorLog(args...) secdebug("clError", ## args) -#else -#define clErrorLog(args...) printf(args) -#endif -#define clFieldLog(args...) secdebug("clField", ## args) - -#endif /* _CLDEBUGGING_H_ */ diff --git a/AppleX509CL/cssmplugin.exp b/AppleX509CL/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/AppleX509CL/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/AppleX509TP/AppleTP.cpp b/AppleX509TP/AppleTP.cpp deleted file mode 100644 index 6bd8977b..00000000 --- a/AppleX509TP/AppleTP.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleTP.cpp -// -#include "AppleTP.h" -#include "AppleTPSession.h" - - -// -// Make and break the plugin object -// -AppleTP::AppleTP() -{ -} - -AppleTP::~AppleTP() -{ -} - - -// -// Create a new plugin session, our way -// -PluginSession *AppleTP::makeSession( - CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) -{ - switch (subserviceType) { - case CSSM_SERVICE_TP: - return new AppleTPSession(handle, - *this, - version, - subserviceId, - subserviceType, - attachFlags, - upcalls); - default: - CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo - } -} diff --git a/AppleX509TP/AppleTP.h b/AppleX509TP/AppleTP.h deleted file mode 100644 index 80c7a224..00000000 --- a/AppleX509TP/AppleTP.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleTP.h - TP module for X509, SSL, iSign -// -#ifndef _H_APPLETP -#define _H_APPLETP - -#include -#include - -class AppleTP : public CssmPlugin -{ -public: - AppleTP(); - ~AppleTP(); - - PluginSession *makeSession( - CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); -private: - // Don't copy AppleTP - AppleTP(const AppleTP&); - void operator=(const AppleTP&); -}; - - -#endif //_H_APPLETP diff --git a/AppleX509TP/AppleTPSession.cpp b/AppleX509TP/AppleTPSession.cpp deleted file mode 100644 index 5e409bb4..00000000 --- a/AppleX509TP/AppleTPSession.cpp +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AppleTPSession.cpp - general session support and (mostly) unimplemented functions - */ - -#include "AppleTPSession.h" -#include "TPCertInfo.h" -#include "TPCrlInfo.h" -#include "tpCrlVerify.h" -#include "tpdebugging.h" - -AppleTPSession::AppleTPSession( - CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : TPPluginSession(theHandle, plug, version, subserviceId, - subserviceType,attachFlags, upcalls) -{ -} - -AppleTPSession::~AppleTPSession() -{ -} - -void AppleTPSession::CertCreateTemplate(CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD CertFields[], - CssmData &CertTemplate) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CrlVerify(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL &CrlToBeVerified, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult) -{ - /* verify input args */ - if(RevokerVerifyResult != NULL) { - /* not yet, but probably someday */ - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - switch(CrlToBeVerified.CrlType) { - case CSSM_CRL_TYPE_X_509v1: - case CSSM_CRL_TYPE_X_509v2: - break; - default: - CssmError::throwMe(CSSMERR_TP_INVALID_CRL_TYPE); - } - switch(CrlToBeVerified.CrlEncoding) { - case CSSM_CRL_ENCODING_BER: - case CSSM_CRL_ENCODING_DER: - break; - default: - CssmError::throwMe(CSSMERR_TP_INVALID_CRL_ENCODING); - } - - /* optional arguments */ - CSSM_TIMESTRING cssmTimeStr = NULL; - const CSSM_TP_CALLERAUTH_CONTEXT *cred = NULL; - uint32 NumberOfAnchorCerts = 0; - CSSM_DATA_PTR AnchorCerts = NULL; - CSSM_DL_DB_LIST_PTR DBList = NULL; - CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0; - CSSM_APPLE_TP_ACTION_DATA *actionData = NULL; - - if(VerifyContext != NULL) { - cred = VerifyContext->Cred; - actionData = - (CSSM_APPLE_TP_ACTION_DATA *)VerifyContext->ActionData.Data; - if(actionData != NULL) { - switch(actionData->Version) { - case CSSM_APPLE_TP_ACTION_VERSION: - if(VerifyContext->ActionData.Length != - sizeof(CSSM_APPLE_TP_ACTION_DATA)) { - CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); - } - break; - /* handle backwards versions here if we ever go - * beyond version 0 */ - default: - CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); - } - actionFlags = actionData->ActionFlags; - } - } - if(cred != NULL) { - cssmTimeStr = cred->VerifyTime; - NumberOfAnchorCerts = cred->NumberOfAnchorCerts; - AnchorCerts = cred->AnchorCerts; - DBList = cred->DBList; - } - - /* this must be parseable, throw immediately if not */ - TPCrlInfo crlToVerify(CLHandle, CSPHandle, &CrlToBeVerified.CrlBlob, - TIC_NoCopy, cssmTimeStr); - - /* required at the API but in fact may be empty */ - TPCertGroup inCertGroup(SignerCertGroup, CLHandle, CSPHandle, *this, - cssmTimeStr, // optional 'this' time - false, // firstCertMustBeValid - TGO_Group); - - /* common CRL verify parameters */ - TPCrlVerifyContext vfyCtx(*this, - CLHandle, - CSPHandle, - cssmTimeStr, - NumberOfAnchorCerts, - AnchorCerts, - &inCertGroup, - NULL, // no CRLs, we're on our own - NULL, // gatheredCerts, none so far - DBList, - kCrlNone, // policy, varies per policy - actionFlags, - 0); // crlOptFlags, varies per policy - - /* - * We assert the doCrlVerify flag to ensure CRL verification - * if intermediate certs which verifyWithContext() gathers to - * verify this CRL. - */ - CSSM_RETURN crtn = crlToVerify.verifyWithContext(vfyCtx, NULL, true); - if(crtn) { - tpCrlDebug("CrlVerify failure"); - CssmError::throwMe(crtn); - } -} - -void AppleTPSession::CertReclaimKey(const CSSM_CERTGROUP &CertGroup, - uint32 CertIndex, - CSSM_LONG_HANDLE KeyCacheHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -/*** CertGroupVerify, CertGroupConstruct in TPCertGroup.cpp ***/ - -void AppleTPSession::CertSign(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CssmData &CertTemplateToBeSigned, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, - CssmData &SignedCert) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle, - const CSSM_TUPLEGROUP &TupleGroup, - CSSM_CERTGROUP_PTR &CertTemplates) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::ReceiveConfirmation(const CssmData &ReferenceIdentifier, - CSSM_TP_CONFIRM_RESPONSE_PTR &Responses, - sint32 &ElapsedTime) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::PassThrough(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CssmData *OldCrlTemplate, - const CSSM_CERTGROUP &CertGroupToBeRemoved, - const CSSM_CERTGROUP &RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, - CssmData &NewCrlTemplate) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertRevoke(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CssmData *OldCrlTemplate, - const CSSM_CERTGROUP &CertGroupToBeRevoked, - const CSSM_CERTGROUP &RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, - CSSM_TP_CERTCHANGE_REASON Reason, - CssmData &NewCrlTemplate) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CrlCreateTemplate(CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD CrlFields[], - CssmData &NewCrlTemplate) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle, - const CSSM_CERTGROUP &CertGroup, - CSSM_TUPLEGROUP_PTR &TupleGroup) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_FORM_TYPE FormType, - CssmData &BlankForm) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CrlSign(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_ENCODED_CRL &CrlToBeSigned, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, - CssmData &SignedCrl) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertGroupPrune(CSSM_CL_HANDLE CLHandle, - const CSSM_DL_DB_LIST &DBList, - const CSSM_CERTGROUP &OrderedCertGroup, - CSSM_CERTGROUP_PTR &PrunedCertGroup) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::ApplyCrlToDb(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL &CrlToBeApplied, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle, - const CssmData &CertTemplate, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CertFields) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::ConfirmCredResult(const CssmData &ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - const CSSM_TP_CONFIRM_RESPONSE &Responses, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void AppleTPSession::FormSubmit(CSSM_TP_FORM_TYPE FormType, - const CssmData &Form, - const CSSM_TP_AUTHORITY_ID *ClearanceAuthority, - const CSSM_TP_AUTHORITY_ID *RepresentedAuthority, - AccessCredentials *Credentials) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - diff --git a/AppleX509TP/AppleTPSession.h b/AppleX509TP/AppleTPSession.h deleted file mode 100644 index 72512783..00000000 --- a/AppleX509TP/AppleTPSession.h +++ /dev/null @@ -1,257 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AppleTPSession.h - TP session functions. - * - * Created 10/5/2000 by Doug Mitchell. - */ - -#ifndef _H_APPLE_TP_SESSION -#define _H_APPLE_TP_SESSION - -#include -#include "TPCertInfo.h" - -#define REALLOC_WORKAROUND 0 -#if REALLOC_WORKAROUND -#include -#endif - -class AppleTPSession : public TPPluginSession { - -public: - - AppleTPSession( - CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls); - - ~AppleTPSession(); - - #if REALLOC_WORKAROUND - void *realloc(void *oldp, size_t size) { - void *newp = malloc(size); - memmove(newp, oldp, size); - free(oldp); - return newp; - } - #endif /* REALLOC_WORKAROUND */ - - /* methods declared in TPabstractSession.h */ - void CertCreateTemplate(CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD CertFields[], - CssmData &CertTemplate); - void CrlVerify(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL &CrlToBeVerified, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult); - void CertReclaimKey(const CSSM_CERTGROUP &CertGroup, - uint32 CertIndex, - CSSM_LONG_HANDLE KeyCacheHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry); - void CertGroupVerify(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_CERTGROUP &CertGroupToBeVerified, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult); - void CertGroupConstruct(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DL_DB_LIST &DBList, - const void *ConstructParams, - const CSSM_CERTGROUP &CertGroupFrag, - CSSM_CERTGROUP_PTR &CertGroup); - void CertSign(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CssmData &CertTemplateToBeSigned, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, - CssmData &SignedCert); - void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle, - const CSSM_TUPLEGROUP &TupleGroup, - CSSM_CERTGROUP_PTR &CertTemplates); - void ReceiveConfirmation(const CssmData &ReferenceIdentifier, - CSSM_TP_CONFIRM_RESPONSE_PTR &Responses, - sint32 &ElapsedTime); - void PassThrough(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CssmData *OldCrlTemplate, - const CSSM_CERTGROUP &CertGroupToBeRemoved, - const CSSM_CERTGROUP &RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, - CssmData &NewCrlTemplate); - void CertRevoke(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CssmData *OldCrlTemplate, - const CSSM_CERTGROUP &CertGroupToBeRevoked, - const CSSM_CERTGROUP &RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, - CSSM_TP_CERTCHANGE_REASON Reason, - CssmData &NewCrlTemplate); - void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle); - void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD CrlFields[], - CssmData &NewCrlTemplate); - void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle, - const CSSM_CERTGROUP &CertGroup, - CSSM_TUPLEGROUP_PTR &TupleGroup); - void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, - const CSSM_TP_REQUEST_SET &RequestInput, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, - sint32 &EstimatedTime, - CssmData &ReferenceIdentifier); - void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_FORM_TYPE FormType, - CssmData &BlankForm); - void CrlSign(CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_ENCODED_CRL &CrlToBeSigned, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, - CssmData &SignedCrl); - void CertGroupPrune(CSSM_CL_HANDLE CLHandle, - const CSSM_DL_DB_LIST &DBList, - const CSSM_CERTGROUP &OrderedCertGroup, - CSSM_CERTGROUP_PTR &PrunedCertGroup); - void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL &CrlToBeApplied, - const CSSM_CERTGROUP &SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult); - void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle, - const CssmData &CertTemplate, - uint32 &NumberOfFields, - CSSM_FIELD_PTR &CertFields); - void ConfirmCredResult(const CssmData &ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - const CSSM_TP_CONFIRM_RESPONSE &Responses, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority); - void FormSubmit(CSSM_TP_FORM_TYPE FormType, - const CssmData &Form, - const CSSM_TP_AUTHORITY_ID *ClearanceAuthority, - const CSSM_TP_AUTHORITY_ID *RepresentedAuthority, - AccessCredentials *Credentials); - void RetrieveCredResult(const CssmData &ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - sint32 &EstimatedTime, - CSSM_BOOL &ConfirmationRequired, - CSSM_TP_RESULT_SET_PTR &RetrieveOutput); - -private: - void CertGroupConstructPriv(CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup &inCertGroup, - const CSSM_DL_DB_LIST *DBList, // optional here - const char *cssmTimeStr, // optional - uint32 numAnchorCerts, // optional - const CSSM_DATA *anchorCerts, - - /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET is - * interesting */ - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - /* - * Certs to be freed by caller (i.e., TPCertInfo which we allocate - * as a result of using a cert from anchorCerts of dbList) are added - * to this group. - */ - TPCertGroup &certsToBeFreed, - - /* returned */ - CSSM_BOOL &verifiedToRoot, // end of chain self-verifies - CSSM_BOOL &verifiedToAnchor, // end of chain in anchors - TPCertGroup &outCertGroup); // RETURNED - - /* in tpCredRequest.cp */ - CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray, - unsigned numNames); - void freeX509Name(CSSM_X509_NAME *top); - CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow); - void freeX509Time(CSSM_X509_TIME *xtime); - void refKeyToRaw( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey); - void makeCertTemplate( - /* required */ - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, // for converting ref to raw key - uint32 serialNumber, - const CSSM_X509_NAME *issuerName, - const CSSM_X509_NAME *subjectName, - const CSSM_X509_TIME *notBefore, - const CSSM_X509_TIME *notAfter, - const CSSM_KEY *subjectPubKey, - const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA - /* optional */ - const CSSM_DATA *subjectUniqueId, - const CSSM_DATA *issuerUniqueId, - CSSM_X509_EXTENSION *extensions, - unsigned numExtensions, - CSSM_DATA_PTR &rawCert); - - void SubmitCsrRequest( - const CSSM_TP_REQUEST_SET &RequestInput, - sint32 &EstimatedTime, - CssmData &ReferenceIdentifier); - - /* - * Per-session storage of SubmitCredRequest results. - * - * A TpCredHandle is just an address of a cert, cast to a uint32. It's - * what ReferenceIdentifier.Data points to. - */ - typedef uint32 TpCredHandle; - typedef std::map credMap; - credMap tpCredMap; - Mutex tpCredMapLock; - - /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and - * add it and the cert to tpCredMap. */ - void addCertToMap( - const CSSM_DATA *cert, - CSSM_DATA_PTR refId); - - /* given a ReferenceIdentifier, obtain associated cert and remove from the map */ - CSSM_DATA_PTR getCertFromMap( - const CSSM_DATA *refId); - -}; - -#endif /* _H_APPLE_TP_SESSION */ diff --git a/AppleX509TP/AppleX509TPPlugin.cpp b/AppleX509TP/AppleX509TPPlugin.cpp deleted file mode 100644 index 4debd333..00000000 --- a/AppleX509TP/AppleX509TPPlugin.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtai -n - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Produce the "genuine plugin version" of the Apple X509 TP -// -#include - - -// -// Create the plugin object and generate the C layer hookup -// -ModuleNexus plugin; - -#include diff --git a/AppleX509TP/CVSVersionInfo.txt b/AppleX509TP/CVSVersionInfo.txt deleted file mode 100644 index 5d71b6ed..00000000 --- a/AppleX509TP/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $ -# $Name: $ -ProjectName: AppleX509TP -ProjectVersion: 3 diff --git a/AppleX509TP/TPCertInfo.cpp b/AppleX509TP/TPCertInfo.cpp deleted file mode 100644 index 75fcd77c..00000000 --- a/AppleX509TP/TPCertInfo.cpp +++ /dev/null @@ -1,1422 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPCertInfo.h - TP's private certificate info classes - * - * Written 10/23/2000 by Doug Mitchell. - */ - -#include "TPCertInfo.h" -#include "tpdebugging.h" -#include "tpTime.h" -#include "certGroupUtils.h" -#include "TPDatabase.h" -#include "TPNetwork.h" -#include -#include -#include -#include -#include /* for memcmp */ -#include /* for Mutex */ -#include -#include -#include - -#define tpTimeDbg(args...) secdebug("tpTime", ## args) -#define tpCertInfoDbg(args...) secdebug("tpCert", ## args) - -static const TPClItemCalls tpCertClCalls = -{ - CSSM_CL_CertGetFirstCachedFieldValue, - CSSM_CL_CertAbortQuery, - CSSM_CL_CertCache, - CSSM_CL_CertAbortCache, - CSSM_CL_CertVerify, - &CSSMOID_X509V1ValidityNotBefore, - &CSSMOID_X509V1ValidityNotAfter, - CSSMERR_TP_INVALID_CERT_POINTER, - CSSMERR_TP_CERT_EXPIRED, - CSSMERR_TP_CERT_NOT_VALID_YET -}; - -TPClItemInfo::TPClItemInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const TPClItemCalls &clCalls, - const CSSM_DATA *itemData, - TPItemCopy copyItemData, - const char *verifyTime) // may be NULL - : - mClHand(clHand), - mCspHand(cspHand), - mClCalls(clCalls), - mWeOwnTheData(false), - mCacheHand(0), - mIssuerName(NULL), - mItemData(NULL), - mSigAlg(CSSM_ALGID_NONE), - mIsExpired(false), - mIsNotValidYet(false), - mIndex(0) -{ - try { - cacheItem(itemData, copyItemData); - /* - * Fetch standard fields... - * Issue name assumes same OID for Certs and CRLs! - */ - CSSM_RETURN crtn = fetchField(&CSSMOID_X509V1IssuerName, &mIssuerName); - if(crtn) { - CssmError::throwMe(crtn); - } - - /* - * Signing algorithm, infer from TBS algId - * Note this assumesÊthat the OID for fetching this field is the - * same for CRLs and Certs. - */ - CSSM_DATA_PTR algField; - crtn = fetchField(&CSSMOID_X509V1SignatureAlgorithmTBS, &algField); - if(crtn) { - releaseResources(); - CssmError::throwMe(crtn); - } - if(algField->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)) { - tpErrorLog("TPClItemInfo: bad CSSM_X509_ALGORITHM_IDENTIFIER\n"); - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - CSSM_X509_ALGORITHM_IDENTIFIER *algId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)algField->Data; - bool algFound = cssmOidToAlg(&algId->algorithm, &mSigAlg); - if(!algFound) { - tpErrorLog("TPClItemInfo: unknown signature algorithm\n"); - CssmError::throwMe(CSSMERR_TP_UNKNOWN_FORMAT); - } - freeField(&CSSMOID_X509V1SignatureAlgorithmTBS, algField); - - fetchNotBeforeAfter(); - calculateCurrent(verifyTime); - } - catch(...) { - releaseResources(); - throw; - } -} - -TPClItemInfo::~TPClItemInfo() -{ - tpCertInfoDbg("TPClItemInfo destruct this %p", this); - releaseResources(); -} - -void TPClItemInfo::releaseResources() -{ - if(mWeOwnTheData && (mItemData != NULL)) { - tpFreeCssmData(CssmAllocator::standard(), mItemData, CSSM_TRUE); - mWeOwnTheData = false; - mItemData = NULL; - } - if(mIssuerName) { - freeField(&CSSMOID_X509V1IssuerName, mIssuerName); - mIssuerName = NULL; - } - if(mCacheHand != 0) { - mClCalls.abortCache(mClHand, mCacheHand); - mCacheHand = 0; - } -} - -/* fetch arbitrary field from cached cert */ -CSSM_RETURN TPClItemInfo::fetchField( - const CSSM_OID *fieldOid, - CSSM_DATA_PTR *fieldData) // mallocd by CL and RETURNED -{ - CSSM_RETURN crtn; - - uint32 NumberOfFields = 0; - CSSM_HANDLE resultHand = 0; - *fieldData = NULL; - - assert(mClCalls.getField != NULL); - assert(mCacheHand != 0); - crtn = mClCalls.getField( - mClHand, - mCacheHand, - fieldOid, - &resultHand, - &NumberOfFields, - fieldData); - if(crtn) { - return crtn; - } - if(NumberOfFields != 1) { - tpErrorLog("TPCertInfo::fetchField: numFields %d, expected 1\n", - (int)NumberOfFields); - } - mClCalls.abortQuery(mClHand, resultHand); - return CSSM_OK; -} - -/* free arbitrary field obtained from fetchField() */ -CSSM_RETURN TPClItemInfo::freeField( - const CSSM_OID *fieldOid, - CSSM_DATA_PTR fieldData) -{ - return CSSM_CL_FreeFieldValue(mClHand, fieldOid, fieldData); - -} - -/* - * Verify with an issuer cert - works on certs and CRLs. - * Issuer/subject name match already performed by caller. - * Optional paramCert is used to provide parameters when issuer - * has a partial public key. - */ -CSSM_RETURN TPClItemInfo::verifyWithIssuer( - TPCertInfo *issuerCert, - TPCertInfo *paramCert /* = NULL */) const -{ - CSSM_RETURN crtn; - - assert(mClHand != 0); - assert(issuerCert->isIssuerOf(*this)); - assert(mCspHand != 0); - - /* - * Special case: detect partial public key right now; don't even - * bother trying the cert verify in that case. - */ - if(issuerCert->hasPartialKey() && (paramCert == NULL)) { - /* caller deals with this later */ - tpVfyDebug("verifyWithIssuer PUBLIC_KEY_INCOMPLETE"); - return CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE; - } - - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreateSignatureContext(mCspHand, - mSigAlg, - NULL, // Access Creds - issuerCert->pubKey(), - &ccHand); - if(crtn != CSSM_OK) { - tpErrorLog("verifyWithIssuer: CreateSignatureContext error\n"); - CssmError::throwMe(crtn); - } - if(paramCert != NULL) { - assert(issuerCert->hasPartialKey()); - - /* add in parameter-bearing key */ - CSSM_CONTEXT_ATTRIBUTE newAttr; - - newAttr.AttributeType = CSSM_ATTRIBUTE_PARAM_KEY; - newAttr.AttributeLength = sizeof(CSSM_KEY); - newAttr.Attribute.Key = paramCert->pubKey(); - crtn = CSSM_UpdateContextAttributes(ccHand, 1, &newAttr); - if(crtn) { - tpErrorLog("verifyWithIssuer: CSSM_UpdateContextAttributes error\n"); - CssmError::throwMe(crtn); - } - } - crtn = mClCalls.itemVerify(mClHand, - ccHand, - mItemData, - NULL, // issuer cert - NULL, // VerifyScope - 0); // ScopeSize - - switch(crtn) { - case CSSM_OK: // success - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: // caller handles - tpVfyDebug("verifyWithIssuer GOOD"); - break; - default: - /* all others appear here as general cert verify error */ - crtn = CSSMERR_TP_VERIFICATION_FAILURE; - tpVfyDebug("verifyWithIssuer BAD"); - break; - } - CSSM_DeleteContext(ccHand); - return crtn; -} - -CSSM_RETURN TPClItemInfo::cacheItem( - const CSSM_DATA *itemData, - TPItemCopy copyItemData) -{ - switch(copyItemData) { - case TIC_NoCopy: - mItemData = const_cast(itemData); - break; - case TIC_CopyData: - mItemData = tpMallocCopyCssmData(CssmAllocator::standard(), itemData); - mWeOwnTheData = true; - break; - default: - assert(0); - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - - /* cache the cert/CRL in the CL */ - return mClCalls.cacheItem(mClHand, mItemData, &mCacheHand); -} - -/* - * Calculate not before/after times as struct tm. Only throws on - * gross error (CSSMERR_TP_INVALID_CERT_POINTER, etc.). - * - * Only differences between Cert and CRL flavors of this are the - * OIDs used to fetch the appropriate before/after times, both of - * which are expressed as CSSM_X509_TIME structs for both Certs - * and CRLS. - */ -void TPClItemInfo::fetchNotBeforeAfter() -{ - CSSM_DATA_PTR notBeforeField = NULL; - CSSM_DATA_PTR notAfterField = NULL; - CSSM_RETURN crtn = CSSM_OK; - CSSM_X509_TIME *xTime; - - assert(cacheHand() != CSSM_INVALID_HANDLE); - crtn = fetchField(mClCalls.notBeforeOid, ¬BeforeField); - if(crtn) { - tpErrorLog("fetchNotBeforeAfter: GetField error\n"); - CssmError::throwMe(mClCalls.invalidItemRtn); - } - - /* subsequent errors to errOut */ - xTime = (CSSM_X509_TIME *)notBeforeField->Data; - if(timeStringToTm((char *)xTime->time.Data, xTime->time.Length, &mNotBefore)) { - tpErrorLog("fetchNotBeforeAfter: malformed notBefore time\n"); - crtn = mClCalls.invalidItemRtn; - goto errOut; - } - - crtn = fetchField(mClCalls.notAfterOid, ¬AfterField); - if(crtn) { - /* - * Tolerate a missing NextUpdate in CRL only - */ - if(mClCalls.notAfterOid == &CSSMOID_X509V1ValidityNotAfter) { - tpErrorLog("fetchNotBeforeAfter: GetField error\n"); - crtn = mClCalls.invalidItemRtn; - goto errOut; - } - else { - /* - * Fake NextUpdate to be "at the end of time" - */ - timeStringToTm(CSSM_APPLE_CRL_END_OF_TIME, - strlen(CSSM_APPLE_CRL_END_OF_TIME), - &mNotAfter); - } - } - else { - xTime = (CSSM_X509_TIME *)notAfterField->Data; - if(timeStringToTm((char *)xTime->time.Data, xTime->time.Length, &mNotAfter)) { - tpErrorLog("fetchNotBeforeAfter: malformed notAfter time\n"); - crtn = mClCalls.invalidItemRtn; - goto errOut; - } - } - crtn = CSSM_OK; -errOut: - if(notAfterField) { - freeField(mClCalls.notAfterOid, notAfterField); - } - if(notBeforeField) { - freeField(mClCalls.notBeforeOid, notBeforeField); - } - if(crtn != CSSM_OK) { - CssmError::throwMe(crtn); - } -} - -/* - * Verify validity (not before/after) by comparing the reference - * time (verifyString if present, or "now" if NULL) to the - * not before/after fields fetched from the item at construction. - * - * Called implicitly at construction; can be called again any time - * to re-establish validity (e.g. after fetching an item from a cache). - * - * We use some stdlib time calls over in tpTime.c; the stdlib function - * gmtime() is not thread-safe, so we do the protection here. Note that - * this makes *our* calls to gmtime() thread-safe, but if the app has - * other threads which are also calling gmtime, we're out of luck. - */ -ModuleNexus tpTimeLock; - -CSSM_RETURN TPClItemInfo::calculateCurrent( - const char *verifyString) -{ - struct tm refTime; - - if(verifyString != NULL) { - /* caller specifies verification time base */ - if(timeStringToTm(verifyString, strlen(verifyString), &refTime)) { - tpErrorLog("calculateCurrent: timeStringToTm error\n"); - return CSSMERR_TP_INVALID_TIMESTRING; - } - } - else { - /* time base = right now */ - StLock _(tpTimeLock()); - nowTime(&refTime); - } - if(compareTimes(&refTime, &mNotBefore) < 0) { - mIsNotValidYet = true; - tpTimeDbg("\nTP_CERT_NOT_VALID_YET:\n now y:%d m:%d d:%d h:%d m:%d", - refTime.tm_year, refTime.tm_mon, refTime.tm_mday, - refTime.tm_hour, refTime.tm_min); - tpTimeDbg(" notBefore y:%d m:%d d:%d h:%d m:%d", - mNotBefore.tm_year, mNotBefore.tm_mon, mNotBefore.tm_mday, - mNotBefore.tm_hour, mNotBefore.tm_min); - return mClCalls.notValidYetRtn; - } - else { - mIsNotValidYet = false; - } - - if(compareTimes(&refTime, &mNotAfter) > 0) { - mIsExpired = true; - tpTimeDbg("\nTP_CERT_EXPIRED: \n now y:%d m:%d d:%d " - "h:%d m:%d", - refTime.tm_year, refTime.tm_mon, refTime.tm_mday, - refTime.tm_hour, refTime.tm_min); - tpTimeDbg(" notAfter y:%d m:%d d:%d h:%d m:%d", - mNotAfter.tm_year, mNotAfter.tm_mon, mNotAfter.tm_mday, - mNotAfter.tm_hour, mNotAfter.tm_min); - return mClCalls.expiredRtn; - } - else { - mIsExpired = false; - return CSSM_OK; - } -} - - -/* - * No default constructor - this is the only way. - * This caches the cert and fetches subjectName, issuerName, and - * mPublicKey to ensure the incoming certData is well-constructed. - */ -TPCertInfo::TPCertInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *certData, - TPItemCopy copyCertData, // true: we copy, we free - // false - caller owns - const char *verifyTime) // may be NULL - : - TPClItemInfo(clHand, cspHand, tpCertClCalls, certData, - copyCertData, verifyTime), - mSubjectName(NULL), - mPublicKey(NULL), - mIsAnchor(false), - mIsFromDb(false), - mIsFromNet(false), - mNumStatusCodes(0), - mStatusCodes(NULL), - mUniqueRecord(NULL), - mUsed(false), - mIsLeaf(false), - mIsRoot(TRS_Unknown) -{ - CSSM_RETURN crtn; - - tpCertInfoDbg("TPCertInfo construct this %p", this); - mDlDbHandle.DLHandle = 0; - mDlDbHandle.DBHandle = 0; - - /* fetch subject name */ - crtn = fetchField(&CSSMOID_X509V1SubjectName, &mSubjectName); - if(crtn) { - /* bad cert */ - releaseResources(); - CssmError::throwMe(crtn); - } - - /* this cert's public key */ - crtn = CSSM_CL_CertGetKeyInfo(clHand, certData, &mPublicKey); - if(crtn) { - /* bad cert */ - releaseResources(); - CssmError::throwMe(crtn); - } - - /* calculate other commonly used fields */ - if(tpCompareCssmData(mSubjectName, issuerName())) { - /* - * Per Radar 3374978, perform complete signature verification - * lazily - just check subject/issuer match here. - */ - tpAnchorDebug("TPCertInfo potential anchor"); - mIsRoot = TRS_NamesMatch; - } - else { - mIsRoot = TRS_NotRoot; - } -} - -/* frees mSubjectName, mIssuerName, mCacheHand via mClHand */ -TPCertInfo::~TPCertInfo() -{ - tpCertInfoDbg("TPCertInfo destruct this %p", this); - releaseResources(); -} - -void TPCertInfo::releaseResources() -{ - if(mSubjectName) { - freeField(&CSSMOID_X509V1SubjectName, mSubjectName); - mSubjectName = NULL; - } - if(mStatusCodes) { - free(mStatusCodes); - mStatusCodes = NULL; - } - if(mPublicKey) { - /* allocated by CL */ - tpFreePluginMemory(clHand(), mPublicKey->KeyData.Data); - tpFreePluginMemory(clHand(), mPublicKey); - mPublicKey = NULL; - } - TPClItemInfo::releaseResources(); -} - -const CSSM_DATA *TPCertInfo::subjectName() -{ - assert(mSubjectName != NULL); - return mSubjectName; -} - -/* - * Perform semi-lazy evaluation of "rootness". Subject and issuer names - * compared at constructor. - */ -bool TPCertInfo::isSelfSigned() -{ - switch(mIsRoot) { - case TRS_NotRoot: // known not to be root - return false; - case TRS_IsRoot: - return true; - case TRS_Unknown: // actually shouldn't happen, but to be safe... - case TRS_NamesMatch: - default: - /* do the signature verify */ - if(verifyWithIssuer(this) == CSSM_OK) { - tpAnchorDebug("isSelfSigned anchor verified"); - mIsRoot = TRS_IsRoot; - return true; - } - else { - tpAnchorDebug("isSelfSigned anchor vfy FAIL"); - mIsRoot = TRS_NotRoot; - return false; - } - } -} - -/* - * Am I the issuer of the specified subject item? Returns true if so. - * Works for subject certs as well as CRLs. - */ -bool TPCertInfo::isIssuerOf( - const TPClItemInfo &subject) -{ - assert(mSubjectName != NULL); - assert(subject.issuerName() != NULL); - if(tpCompareCssmData(mSubjectName, subject.issuerName())) { - return true; - } - else { - return false; - } -} - -void TPCertInfo::addStatusCode(CSSM_RETURN code) -{ - mNumStatusCodes++; - mStatusCodes = (CSSM_RETURN *)realloc(mStatusCodes, - mNumStatusCodes * sizeof(CSSM_RETURN)); - mStatusCodes[mNumStatusCodes - 1] = code; -} - -/* - * Indicate whether this cert's public key is a CSSM_KEYATTR_PARTIAL - * key. - */ -bool TPCertInfo::hasPartialKey() -{ - if(mPublicKey->KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL) { - return true; - } - else { - return false; - } -} - -/*** - *** TPCertGroup class - ***/ - -/* build empty group */ -TPCertGroup::TPCertGroup( - CssmAllocator &alloc, - TPGroupOwner whoOwns) : - mAlloc(alloc), - mCertInfo(NULL), - mNumCerts(0), - mSizeofCertInfo(0), - mWhoOwns(whoOwns) -{ - tpCertInfoDbg("TPCertGroup simple construct this %p", this); - /* nothing for now */ -} - -/* - * Construct from unordered, untrusted CSSM_CERTGROUP. Resulting - * TPCertInfos are more or less in the same order as the incoming - * certs, though incoming certs are discarded if they don't parse. - * No verification of any sort is performed. - */ -TPCertGroup::TPCertGroup( - const CSSM_CERTGROUP &CertGroupFrag, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CssmAllocator &alloc, - const char *verifyTime, // may be NULL - bool firstCertMustBeValid, - TPGroupOwner whoOwns) : - mAlloc(alloc), - mCertInfo(NULL), - mNumCerts(0), - mSizeofCertInfo(0), - mWhoOwns(whoOwns) -{ - tpCertInfoDbg("TPCertGroup hard construct this %p", this); - - /* verify input args */ - if(cspHand == CSSM_INVALID_HANDLE) { - CssmError::throwMe(CSSMERR_TP_INVALID_CSP_HANDLE); - } - if(clHand == CSSM_INVALID_HANDLE) { - CssmError::throwMe(CSSMERR_TP_INVALID_CL_HANDLE); - } - if(firstCertMustBeValid) { - if( (CertGroupFrag.NumCerts == 0) || - (CertGroupFrag.GroupList.CertList[0].Data == NULL) || - (CertGroupFrag.GroupList.CertList[0].Length == 0)) { - CssmError::throwMe(CSSMERR_TP_INVALID_CERTIFICATE); - } - } - if(CertGroupFrag.CertGroupType != CSSM_CERTGROUP_DATA) { - CssmError::throwMe(CSSMERR_TP_INVALID_CERTGROUP); - } - switch(CertGroupFrag.CertType) { - case CSSM_CERT_X_509v1: - case CSSM_CERT_X_509v2: - case CSSM_CERT_X_509v3: - break; - default: - CssmError::throwMe(CSSMERR_TP_UNKNOWN_FORMAT); - } - switch(CertGroupFrag.CertEncoding) { - case CSSM_CERT_ENCODING_BER: - case CSSM_CERT_ENCODING_DER: - break; - default: - CssmError::throwMe(CSSMERR_TP_UNKNOWN_FORMAT); - } - - /* - * Add remaining input certs to mCertInfo. - */ - TPCertInfo *certInfo = NULL; - for(unsigned certDex=0; certDexindex(certDex); - appendCert(certInfo); - } -} - -/* - * Deletes contents of mCertInfo[] if appropriate. - */ -TPCertGroup::~TPCertGroup() -{ - if(mWhoOwns == TGO_Group) { - unsigned i; - for(i=0; i here, but - * gdb is so lame that it doesn't even let one examine the contents - * of an array<> (or just about anything else in the STL). I prefer - * debuggability over saving a few lines of trivial code. - */ -void TPCertGroup::appendCert( - TPCertInfo *certInfo) // appends to end of mCertInfo -{ - if(mNumCerts == mSizeofCertInfo) { - if(mSizeofCertInfo == 0) { - /* appending to empty array */ - mSizeofCertInfo = 1; - } - else { - mSizeofCertInfo *= 2; - } - mCertInfo = (TPCertInfo **)mAlloc.realloc(mCertInfo, - mSizeofCertInfo * sizeof(TPCertInfo *)); - } - mCertInfo[mNumCerts++] = certInfo; -} - -TPCertInfo *TPCertGroup::certAtIndex( - unsigned index) -{ - if(index > (mNumCerts - 1)) { - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - return mCertInfo[index]; -} - -TPCertInfo *TPCertGroup::removeCertAtIndex( - unsigned index) // doesn't delete the cert, just - // removes it from out list -{ - if(index > (mNumCerts - 1)) { - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - TPCertInfo *rtn = mCertInfo[index]; - - /* removed requested element and compact remaining array */ - unsigned i; - for(i=index; i<(mNumCerts - 1); i++) { - mCertInfo[i] = mCertInfo[i+1]; - } - mNumCerts--; - return rtn; -} - -TPCertInfo *TPCertGroup::firstCert() -{ - if(mNumCerts == 0) { - /* the caller really should not do this... */ - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - else { - return mCertInfo[0]; - } -} - -TPCertInfo *TPCertGroup::lastCert() -{ - if(mNumCerts == 0) { - return NULL; - } - else { - return mCertInfo[mNumCerts - 1]; - } -} - -/* build a CSSM_CERTGROUP corresponding with our mCertInfo */ -CSSM_CERTGROUP_PTR TPCertGroup::buildCssmCertGroup() -{ - CSSM_CERTGROUP_PTR cgrp = - (CSSM_CERTGROUP_PTR)mAlloc.malloc(sizeof(CSSM_CERTGROUP)); - cgrp->NumCerts = mNumCerts; - cgrp->CertGroupType = CSSM_CERTGROUP_DATA; - cgrp->CertType = CSSM_CERT_X_509v3; - cgrp->CertEncoding = CSSM_CERT_ENCODING_DER; - if(mNumCerts == 0) { - /* legal */ - cgrp->GroupList.CertList = NULL; - return cgrp; - } - cgrp->GroupList.CertList = (CSSM_DATA_PTR)mAlloc.calloc(mNumCerts, - sizeof(CSSM_DATA)); - for(unsigned i=0; iitemData(), - &cgrp->GroupList.CertList[i]); - } - return cgrp; -} - -/* build a CSSM_TP_APPLE_EVIDENCE_INFO array */ -CSSM_TP_APPLE_EVIDENCE_INFO *TPCertGroup::buildCssmEvidenceInfo() -{ - CSSM_TP_APPLE_EVIDENCE_INFO *infoArray; - - infoArray = (CSSM_TP_APPLE_EVIDENCE_INFO *)mAlloc.calloc(mNumCerts, - sizeof(CSSM_TP_APPLE_EVIDENCE_INFO)); - for(unsigned i=0; iisExpired()) { - evInfo->StatusBits |= CSSM_CERT_STATUS_EXPIRED; - } - if(certInfo->isNotValidYet()) { - evInfo->StatusBits |= CSSM_CERT_STATUS_NOT_VALID_YET; - } - if(certInfo->dlDbHandle().DLHandle == 0) { - if(certInfo->isAnchor()) { - evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_ANCHORS; - } - else if(certInfo->isFromNet()) { - evInfo->StatusBits |= CSSM_CERT_STATUS_IS_FROM_NET; - } - else { - evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_INPUT_CERTS; - } - } - if(certInfo->isSelfSigned()) { - evInfo->StatusBits |= CSSM_CERT_STATUS_IS_ROOT; - } - - unsigned numCodes = certInfo->numStatusCodes(); - if(numCodes) { - evInfo->NumStatusCodes = numCodes; - evInfo->StatusCodes = (CSSM_RETURN *)mAlloc.calloc(numCodes, - sizeof(CSSM_RETURN)); - for(unsigned j=0; jStatusCodes[j] = (certInfo->statusCodes())[j]; - } - } - - evInfo->Index = certInfo->index(); - evInfo->DlDbHandle = certInfo->dlDbHandle(); - evInfo->UniqueRecord = certInfo->uniqueRecord(); - } - return infoArray; -} - -/* Given a status for basic construction of a cert group and a status - * of (optional) policy verification, plus the implicit notBefore/notAfter - * status in the certs, calculate a global return code. This just - * encapsulates a policy for CertGroupConstruct and CertGroupVerify. - */ -CSSM_RETURN TPCertGroup::getReturnCode( - CSSM_RETURN constructStatus, - CSSM_BOOL allowExpired, - CSSM_BOOL allowExpiredRoot, - CSSM_RETURN policyStatus /* = CSSM_OK */) -{ - if(constructStatus) { - /* CSSMERR_TP_NOT_TRUSTED, CSSMERR_TP_INVALID_ANCHOR_CERT, gross errors */ - return constructStatus; - } - - /* check for expired, not valid yet */ - bool expired = false; - bool notValid = false; - for(unsigned i=0; iisExpired() && - !(allowExpiredRoot && mCertInfo[i]->isSelfSigned())) { - expired = true; - } - if(mCertInfo[i]->isNotValidYet()) { - notValid = true; - } - } - if(expired && !allowExpired) { - return CSSMERR_TP_CERT_EXPIRED; - } - if(notValid) { - return CSSMERR_TP_CERT_NOT_VALID_YET; - } - return policyStatus; -} - -/* set all TPCertINfo.mUsed flags false */ -void TPCertGroup::setAllUnused() -{ - for(unsigned dex=0; dexused(false); - } -} - -/* - * Search unused incoming certs to find an issuer of specified cert or CRL. - * WARNING this assumes a valid "used" state for all certs in this group. - * If partialIssuerKey is true on return, caller must re-verify signature - * of subject later when sufficient info is available. - */ -TPCertInfo *TPCertGroup::findIssuerForCertOrCrl( - const TPClItemInfo &subject, - bool &partialIssuerKey) -{ - partialIssuerKey = false; - for(unsigned certDex=0; certDexused()) { - continue; - } - - /* subject/issuer names match? */ - if(certInfo->isIssuerOf(subject)) { - /* yep, do a sig verify */ - tpVfyDebug("findIssuerForCertOrCrl issuer/subj match checking sig"); - CSSM_RETURN crtn = subject.verifyWithIssuer(certInfo); - switch(crtn) { - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - /* issuer OK, check sig later */ - partialIssuerKey = true; - /* and fall thru */ - case CSSM_OK: - /* YES */ - certInfo->used(true); - return certInfo; - default: - /* just skip this one and keep looking */ - tpVfyDebug("findIssuerForCertOrCrl issuer/subj match BAD SIG"); - break; - } - } /* names match */ - } - /* not found */ - return NULL; -} - -/* - * Construct ordered, verified cert chain from a variety of inputs. - * Time validity is ignored and needs to be checked by caller (it's - * stored in each TPCertInfo we add to ourself during construction). - * The only error returned is CSSMERR_APPLETP_INVALID_ROOT, meaning - * we verified back to a supposed root cert which did not in fact - * self-verify. Other interesting status is returned via the - * verifiedToRoot and verifiedToAnchor flags. - * - * NOTE: is it the caller's responsibility to call setAllUnused() for both - * incoming cert groups (inCertGroup and gatheredCerts). We don't do that - * here because we may call ourself recursively. - */ -CSSM_RETURN TPCertGroup::buildCertGroup( - const TPClItemInfo &subjectItem, // Cert or CRL - TPCertGroup *inCertGroup, // optional - const CSSM_DL_DB_LIST *dbList, // optional - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const char *verifyTime, // optional, for establishing - // validity of new TPCertInfos - /* trusted anchors, optional */ - /* FIXME - maybe this should be a TPCertGroup */ - uint32 numAnchorCerts, - const CSSM_DATA *anchorCerts, - - /* - * Certs to be freed by caller (i.e., TPCertInfo which we allocate - * as a result of using a cert from anchorCerts or dbList) are added - * to this group. - */ - TPCertGroup &certsToBeFreed, - - /* - * Other certificates gathered during the course of this operation, - * currently consisting of certs fetched from DBs and from the net. - * This is not used when called by AppleTPSession::CertGroupConstructPriv; - * it's an optimization for the case when we're building a cert group - * for TPCrlInfo::verifyWithContext - we avoid re-fetching certs from - * the net which are needed to verify both the subject cert and a CRL. - */ - TPCertGroup *gatheredCerts, - - /* - * Indicates that subjectItem is the last element in this cert group. - * If true, that cert will be tested for "root-ness", including - * -- subject/issuer compare - * -- signature self-verify - * -- anchor compare - */ - CSSM_BOOL subjectIsInGroup, - - /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET is interesting */ - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - - /* returned */ - CSSM_BOOL &verifiedToRoot, // end of chain self-verifies - CSSM_BOOL &verifiedToAnchor) // end of chain in anchors -{ - const TPClItemInfo *thisSubject = &subjectItem; - CSSM_RETURN crtn = CSSM_OK; - TPCertInfo *issuerCert = NULL; - unsigned certDex; - TPCertInfo *anchorInfo = NULL; - bool foundPartialIssuer = false; - - tpVfyDebug("buildCertGroup top"); - - /* possible expired root which we'll only use if we can't find - * a better one */ - TPCertInfo *expiredRoot = NULL; - - verifiedToRoot = CSSM_FALSE; - verifiedToAnchor = CSSM_FALSE; - - /*** main loop to seach inCertGroup and dbList *** - * - * Exit loop on: - * -- find a root cert in the chain - * -- memory error - * -- or no more certs to add to chain. - */ - for(;;) { - /* - * Top of loop: thisSubject is the item we're trying to verify. - */ - - /* is thisSubject a root cert? */ - if(subjectIsInGroup) { - TPCertInfo *subjCert = lastCert(); - assert(subjCert != NULL); - if(subjCert->isSelfSigned()) { - /* We're at the end of the chain. */ - verifiedToRoot = CSSM_TRUE; - - /* - * Special case if this root is expired (and it's not the - * leaf): remove it from the outgoing cert group, save it, - * and try to proceed with anchor cert processing. - */ - if(subjCert->isExpired() && (mNumCerts > 1)) { - tpDebug("buildCertGroup: EXPIRED ROOT, looking for good one"); - mNumCerts--; - expiredRoot = subjCert; - thisSubject = lastCert(); - } - break; - } - } - - /* - * Search unused incoming certs to find an issuer. - * Both cert groups are optional. - * We'll add issuer to outCertGroup below. - */ - if(inCertGroup != NULL) { - bool partial = false; - issuerCert = inCertGroup->findIssuerForCertOrCrl(*thisSubject, - partial); - if(issuerCert) { - if(partial) { - /* deal with this later */ - foundPartialIssuer = true; - tpDebug("buildCertGroup: PARTIAL Cert FOUND in inCertGroup"); - } - else { - tpDebug("buildCertGroup: Cert FOUND in inCertGroup"); - } - } - } - if((issuerCert == NULL) && (gatheredCerts != NULL)) { - bool partial = false; - issuerCert = gatheredCerts->findIssuerForCertOrCrl(*thisSubject, - partial); - if(issuerCert) { - if(partial) { - /* deal with this later */ - foundPartialIssuer = true; - tpDebug("buildCertGroup: PARTIAL Cert FOUND in gatheredCerts"); - } - else { - tpDebug("buildCertGroup: Cert FOUND in gatheredCerts"); - } - } - } - - if((issuerCert == NULL) && (dbList != NULL)) { - /* Issuer not in incoming cert group. Search DBList. */ - bool partial = false; - issuerCert = tpDbFindIssuerCert(mAlloc, - clHand, - cspHand, - thisSubject, - dbList, - verifyTime, - partial); - if(issuerCert) { - /* caller must free */ - certsToBeFreed.appendCert(issuerCert); - if(partial) { - /* deal with this later */ - foundPartialIssuer = true; - tpDebug("buildCertGroup: PARTIAL Cert FOUND in dbList"); - } - else { - tpDebug("buildCertGroup: Cert FOUND in dbList"); - } - } - } /* Issuer not in incoming cert group */ - - if(issuerCert == NULL) { - /* end of search, broken chain */ - break; - } - - /* - * One way or the other, we've found a cert which verifies subjectCert. - * Add the issuer to outCertGroup and make it the new thisSubject for - * the next pass. - */ - appendCert(issuerCert); - thisSubject = issuerCert; - subjectIsInGroup = CSSM_TRUE; - issuerCert = NULL; - } /* main loop */ - - /* - * This can be NULL if we're evaluating a CRL (and we haven't - * gotten very far). - */ - TPCertInfo *endCert = lastCert(); - - if(numAnchorCerts == 0) { - /* we're probably done */ - goto post_anchor; - } - assert(anchorCerts != NULL); - - /*** anchor cert handling ***/ - /* - * Case 1: last cert in output is a root cert. See if - * the root cert is in AnchorCerts. This also applies to - * the expiredRoot case; we report a different error for - * "we trust the root but it's expired" versus "we don't - * trust the root". - * Note that the above loop did the actual root self-verify test. - * FIXME - shouldn't we be searching for a match in AnchorCerts - * whether or not endCert is a root!!? - */ - if((endCert && endCert->isSelfSigned()) || expiredRoot) { - - TPCertInfo *theRoot; - if(expiredRoot) { - /* this is NOT in our outgoing cert group (yet) */ - theRoot = expiredRoot; - } - else { - theRoot = endCert; - } - /* see if that root cert is identical to one of the anchor certs */ - for(certDex=0; certDexitemData(), &anchorCerts[certDex])) { - /* one fully successful return */ - verifiedToAnchor = CSSM_TRUE; - theRoot->isAnchor(true); - theRoot->index(certDex); - if(expiredRoot) { - /* verified to anchor but caller will see - * CSSMERR_TP_CERT_EXPIRED */ - appendCert(expiredRoot); - } - /* one more thing: partial public key processing needed? */ - if(foundPartialIssuer) { - return verifyWithPartialKeys(subjectItem); - } - else { - return CSSM_OK; - } - } - } - - if(!expiredRoot) { - /* verified to a root cert which is not an anchor */ - /* Generally maps to CSSMERR_TP_INVALID_ANCHOR_CERT by caller */ - /* one more thing: partial public key processing needed? */ - if(foundPartialIssuer) { - return verifyWithPartialKeys(subjectItem); - } - else { - return CSSM_OK; - } - } - /* else try finding a good anchor */ - } - - /* - * Case 2: try to validate thisSubject with anchor certs - */ - for(certDex=0; certDexisIssuerOf(*thisSubject)) { - /* not this anchor */ - tpAnchorDebug("buildCertGroup anchor not issuer"); - delete anchorInfo; - anchorInfo = NULL; - continue; - } - - crtn = thisSubject->verifyWithIssuer(anchorInfo); - switch(crtn) { - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - /* - * A bit of a corner case. Found an issuer in AnchorCerts, but - * we can't do a signature verify since the issuer has a partial - * public key. Proceed but return - * CSSMERR_TP_CERTIFICATE_CANT_OPERATE. - */ - crtn = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - anchorInfo->addStatusCode(CSSMERR_TP_CERTIFICATE_CANT_OPERATE); - foundPartialIssuer = true; - /* drop thru */ - case CSSM_OK: - /* The other normal fully successful return. */ - verifiedToAnchor = CSSM_TRUE; - if(anchorInfo->isSelfSigned()) { - verifiedToRoot = CSSM_TRUE; - } - - /* - * Add this anchor cert to the output group - * and to certsToBeFreed. - */ - appendCert(anchorInfo); - anchorInfo->isAnchor(true); - anchorInfo->index(certDex); - certsToBeFreed.appendCert(anchorInfo); - tpDebug("buildCertGroup: Cert FOUND by signer in AnchorList"); - /* one more thing: partial public key processing needed? */ - if(foundPartialIssuer) { - return verifyWithPartialKeys(subjectItem); - } - else { - return crtn; - } - - default: - /* continue to next anchor */ - tpVfyDebug("buildCertGroup found issuer in anchor, BAD SIG"); - delete anchorInfo; - anchorInfo = NULL; - break; - } - } /* for each anchor */ - /* regardless of anchor search status... */ - crtn = CSSM_OK; -post_anchor: - if(expiredRoot) { - /* - * One remaining special case: expiredRoot found in input certs, but - * no luck resolving the problem with the anchors. Go ahead and append - * the expired root and return. - */ - tpDebug("buildCertGroup: accepting EXPIRED root"); - appendCert(expiredRoot); - if(foundPartialIssuer) { - return verifyWithPartialKeys(subjectItem); - } - else { - return CSSM_OK; - } - } - - /* - * If we haven't verified to a root, and net fetch of certs is enabled, - * try to get the issuer of the last cert in the chain from the net. - * If that succeeds, then call ourself recursively to perform the - * whole search again (including comparing to or verifying against - * anchor certs). - */ - if(!verifiedToRoot && !verifiedToAnchor && - (endCert != NULL) && - (actionFlags & CSSM_TP_ACTION_FETCH_CERT_FROM_NET)) { - TPCertInfo *issuer = NULL; - CSSM_RETURN cr = tpFetchIssuerFromNet(*endCert, - clHand, - cspHand, - verifyTime, - issuer); - switch(cr) { - case CSSMERR_TP_CERTGROUP_INCOMPLETE: - /* no issuerAltName, no reason to log this */ - break; - default: - /* gross error */ - endCert->addStatusCode(cr); - break; - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - /* use this one but re-verify later */ - foundPartialIssuer = true; - /* and drop thru */ - case CSSM_OK: - tpDebug("buildCertGroup: Cert FOUND from Net; recursing"); - - /* add this fetched cert to constructed group */ - appendCert(issuer); - issuer->isFromNet(true); - certsToBeFreed.appendCert(issuer); - - /* and go again */ - cr = buildCertGroup(*issuer, - inCertGroup, - dbList, - clHand, - cspHand, - verifyTime, - numAnchorCerts, - anchorCerts, - certsToBeFreed, - gatheredCerts, - CSSM_TRUE, // subjectIsInGroup - actionFlags, - verifiedToRoot, - verifiedToAnchor); - if(cr) { - return cr; - } - - /* one more thing: partial public key processing needed? */ - if(foundPartialIssuer) { - return verifyWithPartialKeys(subjectItem); - } - else { - return CSSM_OK; - } - } - } - /* regardless of outcome, check for partial keys to log per-cert status */ - CSSM_RETURN partRtn = CSSM_OK; - if(foundPartialIssuer) { - partRtn = verifyWithPartialKeys(subjectItem); - } - if(crtn) { - return crtn; - } - else { - return partRtn; - } -} - -/* - * Called from buildCertGroup as final processing of a constructed - * group when CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE has been - * detected. Perform partial public key processing. - * - * We don't have to verify every element, just the ones whose - * issuers have partial public keys. - * - * Returns: - * CSSMERR_TP_CERTIFICATE_CANT_OPERATE in the case of an issuer cert - * with a partial public key which can't be completed. - * CSSMERR_TP_INVALID_CERT_AUTHORITY if sig verify failed with - * a (supposedly) completed partial key - */ -CSSM_RETURN TPCertGroup::verifyWithPartialKeys( - const TPClItemInfo &subjectItem) // Cert or CRL -{ - TPCertInfo *lastFullKeyCert = NULL; - tpDebug("verifyWithPartialKeys top"); - - /* start from the end - it's easier */ - for(int dex=mNumCerts-1; dex >= 0; dex--) { - TPCertInfo *thisCert = mCertInfo[dex]; - - /* - * If this is the start of the cert chain, and it's not being - * used to verify subjectItem, then we're done. - */ - if(dex == 0) { - if((void *)thisCert == (void *)&subjectItem) { - tpDebug("verifyWithPartialKeys: success at leaf cert"); - return CSSM_OK; - } - } - if(!thisCert->hasPartialKey()) { - /* - * Good to know. Record this and move on. - */ - lastFullKeyCert = thisCert; - tpDebug("full key cert found at index %d", dex); - continue; - } - if(lastFullKeyCert == NULL) { - /* - * No full keys between here and the end! - */ - tpDebug("UNCOMPLETABLE cert at index %d", dex); - thisCert->addStatusCode(CSSMERR_TP_CERTIFICATE_CANT_OPERATE); - return CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - } - - /* do the verify - of next cert in chain or of subjectItem */ - const TPClItemInfo *subject; - if(dex == 0) { - subject = &subjectItem; - tpDebug("...verifying subject item with partial cert 0"); - } - else { - subject = mCertInfo[dex - 1]; - tpDebug("...verifying with partial cert %d", dex); - } - CSSM_RETURN crtn = subject->verifyWithIssuer(thisCert, - lastFullKeyCert); - if(crtn) { - tpDebug("CERT VERIFY ERROR with partial cert at index %d", dex); - thisCert->addStatusCode(CSSMERR_TP_CERTIFICATE_CANT_OPERATE); - return CSSMERR_TP_INVALID_CERT_AUTHORITY; - } - } - - /* we just verified subjectItem - right? */ - assert((void *)mCertInfo[0] != (void *)&subjectItem); - tpDebug("verifyWithPartialKeys: success at subjectItem"); - return CSSM_OK; -} diff --git a/AppleX509TP/TPCertInfo.h b/AppleX509TP/TPCertInfo.h deleted file mode 100644 index 447bac95..00000000 --- a/AppleX509TP/TPCertInfo.h +++ /dev/null @@ -1,484 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPCertInfo.h - TP's private certificate info and cert group classes - * - * Written 10/23/2000 by Doug Mitchell. - */ - -#ifndef _TP_CERT_INFO_H_ -#define _TP_CERT_INFO_H_ - -#include -#include -#include -#include -#include - -/* protects TP-wide access to time() and gmtime() */ -extern ModuleNexus tpTimeLock; - -/* - * Prototypes for functions which are isomorphic between certs and CRLs at the - * CL API. - */ -typedef CSSM_RETURN (*clGetFirstFieldFcn)( - CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ItemHandle, // cached cert or CRL - const CSSM_OID *ItemField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); -typedef CSSM_RETURN (*clAbortQueryFcn)( - CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle); // from clGetFirstFieldFcn -typedef CSSM_RETURN (*clCacheItemFcn)( - CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Item, // raw cert or CRL - CSSM_HANDLE_PTR CertHandle); -typedef CSSM_RETURN (*clAbortCacheFcn)( - CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ItemHandle); // from clCacheItemFcn -typedef CSSM_RETURN (*clItemVfyFcn)( - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CrlOrCertToBeVerified, - const CSSM_DATA *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - -typedef struct { - /* CL/cert-specific functions */ - clGetFirstFieldFcn getField; - clAbortQueryFcn abortQuery; - clCacheItemFcn cacheItem; - clAbortCacheFcn abortCache; - clItemVfyFcn itemVerify; - /* CL/cert-specific OIDs */ - const CSSM_OID *notBeforeOid; - const CSSM_OID *notAfterOid; - /* CL/cert specific errors */ - CSSM_RETURN invalidItemRtn; // CSSMERR_TP_INVALID_{CERT,CRL}_POINTER - CSSM_RETURN expiredRtn; - CSSM_RETURN notValidYetRtn; -} TPClItemCalls; - -class TPCertInfo; - -/* - * On construction of a TPClItemInfo, specifies whether or not to - * copy the incoming item data (in which we free it upon destruction) - * or to use caller's data as is (in which case the caller maintains - * the data). - */ -typedef enum { - TIC_None = 0, // never used - TIC_NoCopy, // caller maintains - TIC_CopyData // we copy and free -} TPItemCopy; - -/* - * State of a cert's mIsRoot flag. We do signature self-verify on demand. - */ -typedef enum { - TRS_Unknown, // initial state - TRS_NamesMatch, // subject == issuer, but no sig verify yet - TRS_NotRoot, // subject != issuer, OR sig verify failed - TRS_IsRoot // it's a root -} TPRootState; - -/* - * Base class for TPCertInfo and TPCrlInfo. Encapsulates caching of - * an entity within the CL, field lookup/free, and signature verify, - * all of which use similar functions at the CL API. - */ -class TPClItemInfo -{ - NOCOPY(TPClItemInfo) -public: - TPClItemInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const TPClItemCalls &clCalls, - const CSSM_DATA *itemData, - TPItemCopy copyItemData, - const char *verifyTime); // may be NULL - - ~TPClItemInfo(); - void releaseResources(); - - /* - * Fetch arbitrary field from cached cert. - * Only should be used when caller is sure there is either zero or one - * of the requested fields present in the cert. - */ - CSSM_RETURN fetchField( - const CSSM_OID *fieldOid, - CSSM_DATA_PTR *fieldData); // mallocd by CL and RETURNED - - /* free arbitrary field obtained from fetchField() */ - CSSM_RETURN freeField( - const CSSM_OID *fieldOid, - CSSM_DATA_PTR fieldData); - - /* - * Verify with an issuer cert - works on certs and CRLs. - * Issuer/subject name match already performed by caller. - * May return CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE without - * performing a signature op, in which case it is the caller's - * resposibility to complete this operation later when - * sufficient information is available. - * - * Optional paramCert is used to provide parameters when issuer - * has a partial public key. - */ - CSSM_RETURN verifyWithIssuer( - TPCertInfo *issuerCert, - TPCertInfo *paramCert = NULL) const; - - /* accessors */ - CSSM_CL_HANDLE clHand() const { return mClHand; } - CSSM_CSP_HANDLE cspHand() const { return mCspHand; } - CSSM_HANDLE cacheHand() const { return mCacheHand; } - const CSSM_DATA *itemData() const { return mItemData; } - const CSSM_DATA *issuerName() const { return mIssuerName; }; - unsigned index() const { return mIndex; } - void index(unsigned dex) { mIndex = dex; } - bool isExpired() { return mIsExpired; } - bool isNotValidYet() { return mIsNotValidYet; } - - /* - * Calculate validity (not before/after). Returns - * CSSMERR_{TP_CERT,APPLETP_CRL}_NOT_VALID_YET - * CSSMERR_xxx_T_EXPIRED - * CSSM_OK - * CSSMERR_xxx_INVALID_CERT_POINTER, other "bogus cert" errors - */ - CSSM_RETURN calculateCurrent( - const char *verifyString = NULL); - -private: - - /* Tell CL to parse and cache the item */ - CSSM_RETURN cacheItem( - const CSSM_DATA *itemData, - TPItemCopy copyItemData); - - - /* fetch not before/after fields */ - void fetchNotBeforeAfter(); - - CSSM_CL_HANDLE mClHand; // always valid - CSSM_CSP_HANDLE mCspHand; // always valid - const TPClItemCalls &mClCalls; - bool mWeOwnTheData; // if true, we have to free - // mCertData - /* following four valid subsequent to cacheItem(), generally - * called by subclass's constructor */ - CSSM_HANDLE mCacheHand; - CSSM_DATA_PTR mIssuerName; - CSSM_DATA *mItemData; - CSSM_ALGORITHMS mSigAlg; - - /* calculated implicitly at construction */ - struct tm mNotBefore; - struct tm mNotAfter; - - /* also calculated at construction, but can be recalculated at will */ - bool mIsExpired; - bool mIsNotValidYet; - - unsigned mIndex; -}; - -/* - * Class representing one certificate. The raw cert data usually comes from - * a client (via incoming cert groups in CertGroupConstruct() and - * CertGroupVerify()); in this case, we don't own the raw data and - * don't copy or free it. Caller can optionally specify that we copy - * (and own and eventually free) the raw cert data. Currently this is - * only done when we find a cert in a DlDb. The constructor throws - * on any error (bad cert data); subsequent to successful construction, no CSSM - * errors are thrown and it's guaranteed that the cert is basically good and - * successfully cached in the CL, and that we have a locally cached subject - * and issuer name (in normalized encoded format). - */ -class TPCertInfo : public TPClItemInfo -{ - NOCOPY(TPCertInfo) -public: - /* - * No default constructor - this is the only way. - * This caches the cert and fetches subjectName and issuerName - * to ensure the incoming certData is well-constructed. - */ - TPCertInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *certData, - TPItemCopy copyCertData, - - const char *verifyTime); // may be NULL - - /* frees mSubjectName, mIssuerName, mCacheHand via mClHand */ - ~TPCertInfo(); - - /* accessors */ - const CSSM_DATA *subjectName(); - - bool isSelfSigned(); - - bool isAnchor() { return mIsAnchor; } - void isAnchor(bool a) { mIsAnchor = a; } - bool isFromNet() { return mIsFromNet; } - void isFromNet(bool n) { mIsFromNet = n; }; - unsigned numStatusCodes() { return mNumStatusCodes; } - CSSM_RETURN *statusCodes() { return mStatusCodes; } - CSSM_DL_DB_HANDLE dlDbHandle() { return mDlDbHandle; } - void dlDbHandle(CSSM_DL_DB_HANDLE hand) - { mDlDbHandle = hand; } - CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord() - { return mUniqueRecord; } - void uniqueRecord(CSSM_DB_UNIQUE_RECORD_PTR rec) - { mUniqueRecord = rec; } - CSSM_KEY_PTR pubKey() { return mPublicKey; } - bool used() { return mUsed; } - void used(bool u) { mUsed = u; } - bool isLeaf() { return mIsLeaf; } - void isLeaf(bool l) { mIsLeaf = l; } - /* - * Am I the issuer of the specified subject item? Returns true if so. - * Works for subject certs as well as CRLs. - */ - bool isIssuerOf( - const TPClItemInfo &subject); - - void addStatusCode( - CSSM_RETURN code); - - /* - * Indicate whether this cert's public key is a CSSM_KEYATTR_PARTIAL - * key. - */ - bool hasPartialKey(); - -private: - /* obtained from CL at construction */ - CSSM_DATA_PTR mSubjectName; // always valid - CSSM_KEY_PTR mPublicKey; - - /* maintained by caller, default at constructor 0/false */ - bool mIsAnchor; - bool mIsFromDb; - bool mIsFromNet; - unsigned mNumStatusCodes; - CSSM_RETURN *mStatusCodes; - CSSM_DL_DB_HANDLE mDlDbHandle; - CSSM_DB_UNIQUE_RECORD_PTR mUniqueRecord; - bool mUsed; // e.g., used in current loop - bool mIsLeaf; // first in chain - TPRootState mIsRoot; // subject == issuer - - void releaseResources(); -}; - -/* Describe who owns the items in a TP{Cert,Crl}Group */ -typedef enum { - TGO_None = 0, // not used - TGO_Group, // TP{Cert,Crl}Group owns the items - TGO_Caller // caller owns the items -} TPGroupOwner; - -/* - * TP's private Cert Group class. Provides a list of TPCertInfo pointers, - * to which caller can append additional elements, access an element at - * an arbitrary position, and remover an element at an arbitrrary position. - */ -class TPCertGroup -{ - NOCOPY(TPCertGroup) -public: - /* - * No default constructor. - * This one creates an empty TPCertGroup. - */ - TPCertGroup( - CssmAllocator &alloc, - TPGroupOwner whoOwns); // if TGO_Group, we delete - - /* - * Construct from unordered, untrusted CSSM_CERTGROUP. Resulting - * TPCertInfos are more or less in the same order as the incoming - * certs, though incoming certs are discarded if they don't parse. - * No verification of any sort is performed. - */ - TPCertGroup( - const CSSM_CERTGROUP &CertGroupFrag, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CssmAllocator &alloc, - const char *verifyString, // may be NULL - bool firstCertMustBeValid, - TPGroupOwner whoOwns); - - /* - * Deletes all TPCertInfo's. - */ - ~TPCertGroup(); - - /* - * Construct ordered, verified cert chain from a variety of inputs. - * Time validity is ignored and needs to be checked by caller (it's - * stored in each TPCertInfo we add to ourself during construction). - * The only error returned is CSSMERR_APPLETP_INVALID_ROOT, meaning - * we verified back to a supposed root cert which did not in fact - * self-verify. Other interesting status is returned via the - * verifiedToRoot and verifiedToAnchor flags. - * - * NOTE: is it the caller's responsibility to call setAllUnused() - * for both incoming cert groups (inCertGroup and gatheredCerts). - * We don't do that here because we may call ourself recursively. - * - * subjectItem may or may not be in the cert group (currently, it - * is in the group if it's a cert and it's not if it's a CRL, but - * we don't rely on that). - */ - CSSM_RETURN buildCertGroup( - const TPClItemInfo &subjectItem, // Cert or CRL - TPCertGroup *inCertGroup, // optional - const CSSM_DL_DB_LIST *dbList, // optional - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const char *verifyString, // optional, for establishing - // validity of new TPCertInfos - /* trusted anchors, optional */ - /* FIXME - maybe this should be a TPCertGroup */ - uint32 numAnchorCerts, - const CSSM_DATA *anchorCerts, - - /* - * Certs to be freed by caller (i.e., TPCertInfo which we allocate - * as a result of using a cert from anchorCerts or dbList) are added - * to this group. - */ - TPCertGroup &certsToBeFreed, - - /* - * Other certificates gathered during the course of this operation, - * currently consisting of certs fetched from DBs and from the net. - * This is not used when called by AppleTPSession::CertGroupConstructPriv; - * it's an optimization for the case when we're building a cert group - * for TPCrlInfo::verifyWithContext - we avoid re-fetching certs from - * the net which are needed to verify both the subject cert and a CRL. - */ - TPCertGroup *gatheredCerts, - - /* - * Indicates that subjectItem is the last element in this cert group. - * If true, that cert will be tested for "root-ness", including - * -- subject/issuer compare - * -- signature self-verify - * -- anchor compare - */ - CSSM_BOOL subjectIsInGroup, - - /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET is - * interesting */ - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - - /* returned */ - CSSM_BOOL &verifiedToRoot, // end of chain self-verifies - CSSM_BOOL &verifiedToAnchor); // end of chain in anchors - - /* add/remove/access TPTCertInfo's. */ - void appendCert( - TPCertInfo *certInfo); // appends to end of mCertInfo - TPCertInfo *certAtIndex( - unsigned index); - TPCertInfo *removeCertAtIndex( - unsigned index); // doesn't delete the cert, just - // removes it from our list - unsigned numCerts() const // how many do we have? - { return mNumCerts; } - - /* - * Convenience accessors for first and last cert, only valid when we have - * at least one cert. - */ - TPCertInfo *firstCert(); - TPCertInfo *lastCert(); - - /* build a CSSM_CERTGROUP corresponding with our mCertInfo */ - CSSM_CERTGROUP_PTR buildCssmCertGroup(); - - /* build a CSSM_TP_APPLE_EVIDENCE_INFO array corresponding with our - * mCertInfo */ - CSSM_TP_APPLE_EVIDENCE_INFO *buildCssmEvidenceInfo(); - - /* Given a status for basic construction of a cert group and a status - * of (optional) policy verification, plus the implicit notBefore/notAfter - * status in the certs, calculate a global return code. This just - * encapsulates a policy for CertGroupeConstruct and CertGroupVerify. - */ - CSSM_RETURN getReturnCode( - CSSM_RETURN constructStatus, - CSSM_BOOL allowExpired, - CSSM_BOOL allowExpiredRoot, - CSSM_RETURN policyStatus = CSSM_OK); - - CssmAllocator - &alloc() {return mAlloc; } - - /* set all TPCertInfo.mUsed flags false */ - void setAllUnused(); - -private: - - /* - * Search unused incoming certs to find an issuer of specified - * cert or CRL. - * WARNING this assumes a valied "used" state for all certs - * in this group. - * If partialIssuerKey is true on return, caller must re-verify signature - * of subject later when sufficient info is available. - */ - TPCertInfo *findIssuerForCertOrCrl( - const TPClItemInfo &subject, - bool &partialIssuerKey); - - /* - * Called from buildCertGroup as final processing of a constructed - * group when CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE has been - * detected. Perform partial public key processing. - * Returns: - * CSSMERR_TP_CERTIFICATE_CANT_OPERATE - can't complete partial key - * CSSMERR_TP_INVALID_CERT_AUTHORITY - sig verify failed with - * (supposedly) completed partial key - */ - CSSM_RETURN verifyWithPartialKeys( - const TPClItemInfo &subjectItem); // Cert or CRL - - CssmAllocator &mAlloc; - TPCertInfo **mCertInfo; // just an array of pointers - unsigned mNumCerts; // valid certs in certInfo - unsigned mSizeofCertInfo; // mallocd space in certInfo - TPGroupOwner mWhoOwns; // if TGO_Group, we delete certs - // upon destruction -}; -#endif /* _TP_CERT_INFO_H_ */ diff --git a/AppleX509TP/TPCrlInfo.cpp b/AppleX509TP/TPCrlInfo.cpp deleted file mode 100644 index bae007ad..00000000 --- a/AppleX509TP/TPCrlInfo.cpp +++ /dev/null @@ -1,723 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPCrlInfo.h - TP's private CRL and CRL group - * - * Written 9/30/2002 by Doug Mitchell. - */ - -#include "TPCrlInfo.h" -#include "tpdebugging.h" -#include "certGroupUtils.h" -#include "tpCrlVerify.h" -#include "tpPolicies.h" -#include -#include -#include -#include -#include /* for memcmp */ -#include - -/* - * Replacement for CSSM_CL_CrlGetFirstCachedFieldValue for use with - * TPCrlItemInfo's generic getFirstCachedField mechanism. - */ -static CSSM_RETURN tpGetFirstCachedFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle, - const CSSM_OID *CrlField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value) -{ - return CSSM_CL_CrlGetFirstCachedFieldValue(CLHandle, - CrlHandle, - NULL, // const CSSM_DATA *CrlRecordIndex, - CrlField, - ResultsHandle, - NumberOfMatchedFields, - Value); -} - -static const TPClItemCalls tpCrlClCalls = -{ - tpGetFirstCachedFieldValue, - CSSM_CL_CrlAbortQuery, - CSSM_CL_CrlCache, - CSSM_CL_CrlAbortCache, - CSSM_CL_CrlVerify, - &CSSMOID_X509V1CRLThisUpdate, - &CSSMOID_X509V1CRLNextUpdate, - CSSMERR_TP_INVALID_CRL_POINTER, - CSSMERR_APPLETP_CRL_EXPIRED, - CSSMERR_APPLETP_CRL_NOT_VALID_YET -}; - - -/* - * No default constructor - this is the only way. - * This caches the cert and fetches subjectName and issuerName - * to ensure the incoming certData is well-constructed. - */ -TPCrlInfo::TPCrlInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *crlData, - TPItemCopy copyCrlData, // true: we copy, we free - // false - caller owns - const char *verifyTime) // = NULL - - : TPClItemInfo(clHand, cspHand, tpCrlClCalls, crlData, - copyCrlData, verifyTime), - mRefCount(0), - mToBeDeleted(false), - mFromWhere(CFW_Nowhere), - mX509Crl(NULL), - mCrlFieldToFree(NULL), - mVerifyState(CVS_Unknown), - mVerifyError(CSSMERR_TP_INTERNAL_ERROR) -{ - CSSM_RETURN crtn; - - mUri.Data = NULL; - mUri.Length = 0; - - /* fetch parsed CRL */ - crtn = fetchField(&CSSMOID_X509V2CRLSignedCrlCStruct, &mCrlFieldToFree); - if(crtn) { - /* bad CRL */ - releaseResources(); - CssmError::throwMe(crtn); - } - if(mCrlFieldToFree->Length != sizeof(CSSM_X509_SIGNED_CRL)) { - tpErrorLog("fetchField(SignedCrlCStruct) length error\n"); - releaseResources(); - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - mX509Crl = (CSSM_X509_SIGNED_CRL *)mCrlFieldToFree->Data; - /* any other other commonly used fields? */ -} - -TPCrlInfo::~TPCrlInfo() -{ - releaseResources(); -} - -void TPCrlInfo::releaseResources() -{ - if(mCrlFieldToFree) { - freeField(&CSSMOID_X509V2CRLSignedCrlCStruct, mCrlFieldToFree); - mCrlFieldToFree = NULL; - } - if(mUri.Data) { - CssmAllocator::standard().free(mUri.Data); - mUri.Data = NULL; - mUri.Length = 0; - } - TPClItemInfo::releaseResources(); -} - -void TPCrlInfo::uri(const CSSM_DATA &uri) -{ - tpCopyCssmData(CssmAllocator::standard(), &uri, &mUri); -} - -/* - * List of extensions we understand and can accept as critical. - */ -static const CSSM_OID *const TPGoodCrlExtens[] = -{ - &CSSMOID_CrlNumber, - /* Note NOT CSSMOID_DeltaCrlIndicator! That's fatal */ - &CSSMOID_CrlReason, - &CSSMOID_CertIssuer, - &CSSMOID_IssuingDistributionPoint, - &CSSMOID_HoldInstructionCode, - &CSSMOID_InvalidityDate, - &CSSMOID_AuthorityKeyIdentifier, - &CSSMOID_SubjectAltName, - &CSSMOID_IssuerAltName -}; - -#define NUM_KNOWN_EXTENS (sizeof(TPGoodCrlExtens) / sizeof(CSSM_OID_PTR)) - -/* - * Do our best to understand all the entries in a CSSM_X509_EXTENSIONS, - * which may be per-CRL or per-entry. - * - * For now, we just ensure that for every critical extension, - * we actually understand it and can deal it. - */ -CSSM_RETURN TPCrlInfo::parseExtensions( - TPCrlVerifyContext &vfyCtx, - bool isPerEntry, - uint32 entryIndex, // if isPerEntry - const CSSM_X509_EXTENSIONS &extens, - TPCertInfo *forCert, // optional - bool &isIndirectCrl) // RETURNED -{ - isIndirectCrl = false; - for(uint32 dex=0; dexcritical) { - /* critical: is it in our list of understood extensions? */ - unsigned i; - for(i=0; iextnId, TPGoodCrlExtens[i])) { - /* we're cool with this one */ - break; - } - } - if(i == NUM_KNOWN_EXTENS) { - tpCrlDebug("parseExtensions: Unknown Critical Extension\n"); - return CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN; - } - } - - /* Specific extension handling. */ - if(tpCompareOids(&exten->extnId, - &CSSMOID_IssuingDistributionPoint)) { - /* - * If this assertion fails, we're out of sync with the CL - */ - assert(exten->format == CSSM_X509_DATAFORMAT_PAIR); - CE_IssuingDistributionPoint *idp = - (CE_IssuingDistributionPoint *) - exten->value.parsedValue; - - /* - * Snag indirectCrl flag for caller in any case - */ - if(idp->indirectCrlPresent && idp->indirectCrl) { - isIndirectCrl = true; - } - if(forCert != NULL) { - /* If no target cert, i.e., we're just verifying a CRL, - * skip the remaining IDP checks. */ - - /* verify onlyCACerts/onlyUserCerts */ - bool isUserCert; - if(forCert->isLeaf() && - !(vfyCtx.actionFlags && CSSM_TP_ACTION_LEAF_IS_CA)) { - isUserCert = true; - } - else { - isUserCert = false; - } - if((idp->onlyUserCertsPresent) && (idp->onlyUserCerts)) { - if(!isUserCert) { - tpCrlDebug("parseExtensions: onlyUserCerts, " - "!leaf\n"); - return CSSMERR_APPLETP_IDP_FAIL; - } - } - if((idp->onlyCACertsPresent) && (idp->onlyCACerts)) { - if(isUserCert) { - tpCrlDebug("parseExtensions: onlyCACerts, leaf\n"); - return CSSMERR_APPLETP_IDP_FAIL; - } - } - } /* IDP */ - } /* have target cert */ - } - - return CSSM_OK; -} - -/* - * The heavyweight "perform full verification of this CRL" op. - * Must verify to an anchor cert in tpVerifyContext. - * Intermediate certs can come from signerCerts or dBList. - */ -CSSM_RETURN TPCrlInfo::verifyWithContext( - TPCrlVerifyContext &tpVerifyContext, - TPCertInfo *forCert, // optional - bool doCrlVerify) -{ - /* - * Step 1: this CRL must be current. Caller might have re-evaluated - * expired/notValidYet since our construction via calculateCurrent(). - */ - if(isExpired()) { - return CSSMERR_APPLETP_CRL_EXPIRED; - } - if(isNotValidYet()) { - return CSSMERR_APPLETP_CRL_NOT_VALID_YET; - } - - /* subsequent verify state is cached */ - switch(mVerifyState) { - case CVS_Good: - return CSSM_OK; - case CVS_Bad: - return mVerifyError; - case CVS_Unknown: - break; - default: - tpErrorLog("verifyWithContext: bad verifyState\n"); - return CSSMERR_TP_INTERNAL_ERROR; - } - - /* - * Step 2: parse & understand all critical CRL extensions. - */ - CSSM_RETURN crtn; - bool isIndirectCrl; - crtn = parseExtensions(tpVerifyContext, - false, - 0, - mX509Crl->tbsCertList.extensions, - forCert, - isIndirectCrl); - if(crtn) { - mVerifyState = CVS_Bad; - if(forCert) { - forCert->addStatusCode(crtn); - } - return crtn; - } - CSSM_X509_REVOKED_CERT_LIST_PTR revoked = - mX509Crl->tbsCertList.revokedCertificates; - if(revoked != NULL) { - for(uint32 dex=0; dexnumberOfRevokedCertEntries; dex++) { - bool dummyIsIndirect; // can't be set here - crtn = parseExtensions(tpVerifyContext, - true, - dex, - revoked->revokedCertEntry[dex].extensions, - forCert, - dummyIsIndirect); - if(crtn) { - mVerifyState = CVS_Bad; - if(forCert) { - forCert->addStatusCode(crtn); - } - return crtn; - } - } - } - - /* - * Step 3: obtain a fully verified cert chain which verifies this CRL. - */ - CSSM_BOOL verifiedToRoot; - CSSM_BOOL verifiedToAnchor; - - TPCertGroup outCertGroup(tpVerifyContext.alloc, - TGO_Caller); // CRLs owned by inCertGroup - - /* set up for disposal of TPCertInfos created by - * CertGroupConstructPriv */ - TPCertGroup certsToBeFreed(tpVerifyContext.alloc, TGO_Group); - - if(tpVerifyContext.signerCerts) { - /* start from scratch with this group */ - tpVerifyContext.signerCerts->setAllUnused(); - } - crtn = outCertGroup.buildCertGroup( - *this, // subject item - tpVerifyContext.signerCerts, // inCertGroup, optional - tpVerifyContext.dbList, // optional - tpVerifyContext.clHand, - tpVerifyContext.cspHand, - tpVerifyContext.verifyTime, - tpVerifyContext.numAnchorCerts, - tpVerifyContext.anchorCerts, - certsToBeFreed, - tpVerifyContext.gatheredCerts, - CSSM_FALSE, // subjectIsInGroup - tpVerifyContext.actionFlags, - verifiedToRoot, - verifiedToAnchor); - if(crtn) { - tpCrlDebug("TPCrlInfo::verifyWithContext buildCertGroup failure " - "index %u", index()); - if(forCert) { - forCert->addStatusCode(crtn); - } - return crtn; - } - if(!verifiedToAnchor) { - /* required */ - mVerifyState = CVS_Bad; - if(verifiedToRoot) { - /* verified to root which is not an anchor */ - tpCrlDebug("TPCrlInfo::verifyWithContext root, no anchor, " - "index %u", index()); - crtn = CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT; - } - else { - /* partial chain, no root, not verifiable by anchor */ - tpCrlDebug("TPCrlInfo::verifyWithContext no root, no anchor, " - "index %u", index()); - crtn = CSSMERR_APPLETP_CRL_NOT_TRUSTED; - } - if(forCert) { - forCert->addStatusCode(crtn); - } - return crtn; - } - - /* - * Step 4: policy verification on the returned cert group - * We need to (temporarily) assert the "leaf cert is a CA" flag - * here. - */ - outCertGroup.certAtIndex(0)->isLeaf(true); - crtn = tp_policyVerify(kCrlPolicy, - tpVerifyContext.alloc, - tpVerifyContext.clHand, - tpVerifyContext.cspHand, - &outCertGroup, - verifiedToRoot, - tpVerifyContext.actionFlags | CSSM_TP_ACTION_LEAF_IS_CA, - NULL, // sslOpts - NULL); // policyOpts, not currently used - if(crtn) { - tpCrlDebug(" ...verifyWithContext policy FAILURE CRL %u", - index()); - if(forCert) { - forCert->addStatusCode(CSSMERR_APPLETP_CRL_POLICY_FAIL); - } - mVerifyState = CVS_Bad; - return crtn; - } - - /* - * Step 5: recursively perform CRL verification on the certs - * gathered to verify this CRL. - * Only performed if this CRL is an indirect CRL or the caller - * explicitly told us to do this (i.e., caller is verifying a - * CRL, not a cert chain). - */ - if(isIndirectCrl || doCrlVerify) { - tpCrlDebug("verifyWithContext recursing to " - "tpVerifyCertGroupWithCrls"); - crtn = tpVerifyCertGroupWithCrls(outCertGroup, - tpVerifyContext); - if(crtn) { - tpCrlDebug(" ...verifyWithContext CRL reverify FAILURE CRL %u", - index()); - if(forCert) { - forCert->addStatusCode(crtn); - } - mVerifyState = CVS_Bad; - return crtn; - } - } - - tpCrlDebug(" ...verifyWithContext CRL %u SUCCESS", index()); - mVerifyState = CVS_Good; - return crtn; -} - -/* - * Do I have the same issuer as the specified subject cert? Returns - * true if so. - */ -bool TPCrlInfo::hasSameIssuer( - const TPCertInfo &subject) -{ - assert(subject.issuerName() != NULL); - if(tpCompareCssmData(issuerName(), subject.issuerName())) { - return true; - } - else { - return false; - } -} - -/* - * Determine if specified cert has been revoked. Assumes that - * the current CRL has been fully verified. - * - * Assumes current CRL is verified good and that issuer names of - * the cert and CRL match. - * - * This duplicates similar logic in the CL, but to avoid re-parsing - * the subject cert (which we have parsed and cached), we just do it - * here. - * - * Possible errors are - * CSSMERR_TP_CERT_REVOKED - * CSSMERR_TP_CERT_SUSPENDED - * TBD - * - * Error status is added to subjectCert. - */ -CSSM_RETURN TPCrlInfo::isCertRevoked( - TPCertInfo &subjectCert) -{ - assert(mVerifyState == CVS_Good); - CSSM_X509_TBS_CERTLIST_PTR tbs = &mX509Crl->tbsCertList; - - /* trivial case - empty CRL */ - if((tbs->revokedCertificates == NULL) || - (tbs->revokedCertificates->numberOfRevokedCertEntries == 0)) { - tpCrlDebug(" isCertRevoked: empty CRL at index %u", index()); - return CSSM_OK; - } - - /* is subject cert's serial number in this CRL? */ - CSSM_DATA_PTR subjSerial = NULL; - CSSM_RETURN crtn; - crtn = subjectCert.fetchField(&CSSMOID_X509V1SerialNumber, &subjSerial); - if(crtn) { - /* should never happen */ - tpErrorLog("TPCrlInfo:isCertRevoked: error fetching serial number\n"); - subjectCert.addStatusCode(crtn); - return crtn; - } - /* subsequent errors to errOut: */ - - uint32 numEntries = tbs->revokedCertificates->numberOfRevokedCertEntries; - CSSM_X509_REVOKED_CERT_ENTRY_PTR entries = - tbs->revokedCertificates->revokedCertEntry; - crtn = CSSM_OK; - for(uint32 dex=0; dexcertificateSerialNumber)) { - /* - * It's in there. - * FIXME: we're assuming that we don't have to compare - * the "current verification time" (the verifyTime argument - * to both our and the TPCertInfo's constructor) to this - * entry's revocationDate. That would imply that a CRL could - * contain a future revocation, and I don't think that - * X509//RFC2459 intends this. - */ - /* - * REQUIRED TBD: parse the entry's extensions, specifically to - * get a reason. This will entail a bunch of new TP/cert specific - * CSSM_RETURNS. - * For now, just flag it revoked. - */ - crtn = CSSMERR_TP_CERT_REVOKED; - tpCrlDebug(" isCertRevoked: cert %u REVOKED by CRL %u", - subjectCert.index(), index()); - break; - } - } - - subjectCert.freeField(&CSSMOID_X509V1SerialNumber, subjSerial); - if(crtn) { - subjectCert.addStatusCode(crtn); - } - return crtn; -} - -/*** - *** TPCrlGroup class - ***/ - -/* build empty group */ -TPCrlGroup::TPCrlGroup( - CssmAllocator &alloc, - TPGroupOwner whoOwns) : - mAlloc(alloc), - mCrlInfo(NULL), - mNumCrls(0), - mSizeofCrlInfo(0), - mWhoOwns(whoOwns) -{ - /* nothing for now */ -} - -/* - * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting - * TPCrlInfos are more or less in the same order as the incoming - * CRLs, though incoming CRLs are discarded if they don't parse. - * No verification of any sort is performed. - */ -TPCrlGroup::TPCrlGroup( - const CSSM_CRLGROUP *cssmCrlGroup, // optional - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CssmAllocator &alloc, - const char *verifyTime, // may be NULL - TPGroupOwner whoOwns) : - mAlloc(alloc), - mCrlInfo(NULL), - mNumCrls(0), - mSizeofCrlInfo(0), - mWhoOwns(whoOwns) -{ - /* verify input args */ - if((cssmCrlGroup == NULL) || (cssmCrlGroup->NumberOfCrls == 0)) { - return; - } - if(cspHand == CSSM_INVALID_HANDLE) { - CssmError::throwMe(CSSMERR_TP_INVALID_CSP_HANDLE); - } - if(clHand == CSSM_INVALID_HANDLE) { - CssmError::throwMe(CSSMERR_TP_INVALID_CL_HANDLE); - } - if(cssmCrlGroup->CrlGroupType != CSSM_CRLGROUP_DATA) { - CssmError::throwMe(CSSMERR_TP_INVALID_CERTGROUP); - } - switch(cssmCrlGroup->CrlType) { - case CSSM_CRL_TYPE_X_509v1: - case CSSM_CRL_TYPE_X_509v2: - break; - default: - CssmError::throwMe(CSSMERR_TP_UNKNOWN_FORMAT); - } - switch(cssmCrlGroup->CrlEncoding) { - case CSSM_CRL_ENCODING_BER: - case CSSM_CRL_ENCODING_DER: - break; - default: - CssmError::throwMe(CSSMERR_TP_UNKNOWN_FORMAT); - } - - /* - * Add remaining input certs to mCrlInfo. - */ - TPCrlInfo *crlInfo = NULL; - for(unsigned crlDex=0; crlDexNumberOfCrls; crlDex++) { - try { - crlInfo = new TPCrlInfo(clHand, - cspHand, - &cssmCrlGroup->GroupCrlList.CrlList[crlDex], - TIC_NoCopy, // don't copy data - verifyTime); - } - catch (...) { - /* just ignore this CRL */ - continue; - } - crlInfo->index(crlDex); - appendCrl(*crlInfo); - } -} - -/* - * Deletes all TPCrlInfo's if appropriate. - */ -TPCrlGroup::~TPCrlGroup() -{ - if(mWhoOwns == TGO_Group) { - unsigned i; - for(i=0; i here, but - * gdb is so lame that it doesn't even let one examine the contents - * of an array<> (or just about anything else in the STL). I prefer - * debuggability over saving a few lines of trivial code. - */ -void TPCrlGroup::appendCrl( - TPCrlInfo &crlInfo) -{ - if(mNumCrls == mSizeofCrlInfo) { - if(mSizeofCrlInfo == 0) { - /* appending to empty array */ - mSizeofCrlInfo = 1; - } - else { - mSizeofCrlInfo *= 2; - } - mCrlInfo = (TPCrlInfo **)mAlloc.realloc(mCrlInfo, - mSizeofCrlInfo * sizeof(TPCrlInfo *)); - } - mCrlInfo[mNumCrls++] = &crlInfo; -} - -TPCrlInfo *TPCrlGroup::crlAtIndex( - unsigned index) -{ - if(index > (mNumCrls - 1)) { - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - return mCrlInfo[index]; -} - -TPCrlInfo &TPCrlGroup::removeCrlAtIndex( - unsigned index) // doesn't delete the cert, just - // removes it from our list -{ - if(index > (mNumCrls - 1)) { - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - TPCrlInfo &rtn = *mCrlInfo[index]; - - /* removed requested element and compact remaining array */ - unsigned i; - for(i=index; i<(mNumCrls - 1); i++) { - mCrlInfo[i] = mCrlInfo[i+1]; - } - mNumCrls--; - return rtn; -} - -void TPCrlGroup::removeCrl( - TPCrlInfo &crlInfo) -{ - for(unsigned dex=0; dexhasSameIssuer(subject)) { - return crl; - } - } - return NULL; -} diff --git a/AppleX509TP/TPCrlInfo.h b/AppleX509TP/TPCrlInfo.h deleted file mode 100644 index 7dd91d09..00000000 --- a/AppleX509TP/TPCrlInfo.h +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPCrlInfo.h - TP's private CRL and CRL group classes - * - * Written 9/25/2001 by Doug Mitchell. - */ - -#ifndef _TP_CRL_INFO_H_ -#define _TP_CRL_INFO_H_ - -#include -#include -#include -#include -#include -#include "TPCertInfo.h" -#include "tpCrlVerify.h" - -/* - * Verification state of a TPCrlInfo. Verification refers to the process - * of cert chain validation from the CRL to a trusted root. Since this - * is a rather heavyweight operation, this is done on demand, when a given - * CRL is "believed to be" the appropriate one for a given cert. It - * is separate from not before/after verification, which is performed - * on the fly as needed. - */ -typedef enum { - CVS_Unknown, // initial default state - CVS_Good, // known good - CVS_Bad // known bad -} TPCrlVerifyState; - -/* - * Indicates where a particular CRL came from. Currently only used - * in the tpCrlVerify module. - */ -typedef enum { - CFW_Nowhere, // default, never returned - CFW_InGroup, // from incoming TPCrlGroup - CFW_DlDb, // verifyContext.dbList - CFW_LocalCache, // tpGlobalCrlCache - CFW_Net, // tpFetchCrlFromNet - /* probably others */ -} TPCrlFromWhere; - - -/* - * Class representing one CRL. The raw CRL data usually comes from - * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we - * don't own the raw data and don't copy or free it. Caller can - * optionally specify that we copy (and own and eventually free) the raw cert data. - * Currently this is only done when we find a CRL in a DlDb. The constructor throws - * on any error (bad CRL data); subsequent to successful construction, no CSSM - * errors are thrown and it's guaranteed that the CRL is basically readable and - * successfully cached in the CL, and that we have a locally cached - * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format). - */ -class TPCrlInfo : public TPClItemInfo -{ - NOCOPY(TPCrlInfo) -public: - /* - * No default constructor - this is the only way. - */ - TPCrlInfo( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *crlData, - TPItemCopy copyCrlData, - const char *verifyTime); // NULL ==> time = right now - - /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */ - ~TPCrlInfo(); - - /* - * The heavyweight "perform full verification" op. - * If doCrlVerify is true, we'll do an eventually recursive - * CRL verification test on the cert group we construct - * here to verify the CRL in question. This recursive - * verifdy is also done if the CRL is an indirect CRL. - * Currently, the doCrlVerifyFlag will be set false in the - * normal case of verifying a cert chain; in that case the - * various certs needed to verify the CRL are assumed to - * be a subset of the cert chain being verified, and CRL - * verification of that cert chain is being performed - * elsewhere. The caller would set doCrlVerify true when - * the top-level op is simply a CRL verify. - */ - CSSM_RETURN verifyWithContext( - TPCrlVerifyContext &tpVerifyContext, - TPCertInfo *forCert, // optional - bool doCrlVerify = false); - - /* - * Do I have the same issuer as the specified subject cert? - * Returns true if so. - */ - bool TPCrlInfo::hasSameIssuer( - const TPCertInfo &subject); - - /* - * Determine if specified cert has been revoked. Assumes that - * the current CRL has been fully verified. - */ - CSSM_RETURN isCertRevoked( - TPCertInfo &subjectCert); - - /* accessors */ - const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; } - TPCrlVerifyState verifyState() { return mVerifyState; } - - const CSSM_DATA *uri() { return &mUri; } - void uri(const CSSM_DATA &uri); - - /* - * Ref count info maintained by caller (currently only in - * tpCrlVfy.cpp's global cache module). - */ - int mRefCount; - bool mToBeDeleted; - - /* used only by tpCrlVerify */ - TPCrlFromWhere mFromWhere; - - -private: - CSSM_X509_SIGNED_CRL *mX509Crl; - CSSM_DATA_PTR mCrlFieldToFree; - TPCrlVerifyState mVerifyState; - CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad - CSSM_DATA mUri; // if fetched from net - - void releaseResources(); - CSSM_RETURN parseExtensions( - TPCrlVerifyContext &tpVerifyContext, - bool isPerEntry, - uint32 entryIndex, // if isPerEntry - const CSSM_X509_EXTENSIONS &extens, - TPCertInfo *forCert, // optional - bool &isIndirectCrl);// RETURNED - -}; - -/* - * TP's private CRL Group class. - */ -class TPCrlGroup -{ - NOCOPY(TPCrlGroup) -public: - /* construct empty CRL group */ - TPCrlGroup( - CssmAllocator &alloc, - TPGroupOwner whoOwns); // if TGO_Group, we delete - - /* - * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting - * TPCrlInfos are more or less in the same order as the incoming - * CRLs, though incoming CRLs are discarded if they don't parse. - * No verification of any sort is performed. - */ - TPCrlGroup( - const CSSM_CRLGROUP *cssmCrlGroup, // optional - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CssmAllocator &alloc, - const char *cssmTimeStr, // may be NULL - TPGroupOwner whoOwns); - - /* - * Deletes all TPCrlInfo's. - */ - ~TPCrlGroup(); - - /* add/remove/access TPCrlInfo's. */ - void appendCrl( - TPCrlInfo &crlInfo); // appends to end of mCertInfo - TPCrlInfo *crlAtIndex( - unsigned index); - TPCrlInfo &removeCrlAtIndex( - unsigned index); // doesn't delete the cert, just - // removes it from our list - void removeCrl( - TPCrlInfo &crlInfo); // ditto - - /* - * Convenience accessors for first and last CRL, only valid when we have - * at least one cert. - */ - TPCrlInfo *firstCrl(); - TPCrlInfo *lastCrl(); - - /* - * Find a CRL whose issuer matches specified subject cert. - * Returned CRL has not necessarily been verified. - */ - TPCrlInfo *findCrlForCert( - TPCertInfo &subject); - - CssmAllocator &alloc() { return mAlloc; } - unsigned numCrls() { return mNumCrls; } - -private: - CssmAllocator &mAlloc; - TPCrlInfo **mCrlInfo; // just an array of pointers - unsigned mNumCrls; // valid certs in certInfo - unsigned mSizeofCrlInfo; // mallocd space in certInfo - TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs - // upon destruction -}; -#endif /* _TP_CRL_INFO_H_ */ - diff --git a/AppleX509TP/TPDatabase.cpp b/AppleX509TP/TPDatabase.cpp deleted file mode 100644 index ba471d05..00000000 --- a/AppleX509TP/TPDatabase.cpp +++ /dev/null @@ -1,706 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPDatabase.cpp - TP's DL/DB access functions. - * - * Created 10/9/2002 by Doug Mitchell. - */ - -#include -#include -#include /* private API */ -#include /* private SecInferLabelFromX509Name() */ -#include -#include -#include "TPDatabase.h" -#include "tpdebugging.h" -#include "certGroupUtils.h" -#include "TPCertInfo.h" -#include "TPCrlInfo.h" -#include "tpCrlVerify.h" -#include "tpTime.h" - - -/* - * Given a DL/DB, look up cert by subject name. Subsequent - * certs can be found using the returned result handle. - */ -static CSSM_DB_UNIQUE_RECORD_PTR tpCertLookup( - CSSM_DL_DB_HANDLE dlDb, - const CSSM_DATA *subjectName, // DER-encoded - CSSM_HANDLE_PTR resultHand, // RETURNED - CSSM_DATA_PTR cert) // RETURNED -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - - cert->Data = NULL; - cert->Length = 0; - - /* SWAG until cert schema nailed down */ - predicate.DbOperator = CSSM_DB_EQUAL; - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = "Subject"; - predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - predicate.Attribute.Value = const_cast(subjectName); - predicate.Attribute.NumberOfValues = 1; - - query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - query.SelectionPredicate = &predicate; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // FIXME - used? - - CSSM_DL_DataGetFirst(dlDb, - &query, - resultHand, - NULL, // don't fetch attributes - cert, - &record); - return record; -} - -/* - * Search a list of DBs for a cert which verifies specified subject item. - * Just a boolean return - we found it, or not. If we did, we return - * TPCertInfo associated with the raw cert. - * A true partialIssuerKey on return indicates that caller must deal - * with partial public key processing later. - */ -TPCertInfo *tpDbFindIssuerCert( - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const TPClItemInfo *subjectItem, - const CSSM_DL_DB_LIST *dbList, - const char *verifyTime, // may be NULL - bool &partialIssuerKey) // RETURNED -{ - uint32 dbDex; - CSSM_HANDLE resultHand; - CSSM_DATA cert; - CSSM_DL_DB_HANDLE dlDb; - CSSM_DB_UNIQUE_RECORD_PTR record; - TPCertInfo *issuerCert = NULL; - bool foundIt; - - partialIssuerKey = false; - if(dbList == NULL) { - return NULL; - } - for(dbDex=0; dbDexNumHandles; dbDex++) { - dlDb = dbList->DLDBHandle[dbDex]; - cert.Data = NULL; - cert.Length = 0; - record = tpCertLookup(dlDb, - subjectItem->issuerName(), - &resultHand, - &cert); - /* remember we have to: - * -- abort this query regardless, and - * -- free the CSSM_DATA cert regardless, and - * -- free the unique record if we don't use it - * (by placing it in issuerCert)... - */ - if(record != NULL) { - /* Found one */ - assert(cert.Data != NULL); - issuerCert = new TPCertInfo(clHand, cspHand, &cert, TIC_CopyData, verifyTime); - /* we're done with raw cert data */ - /* FIXME this assumes that alloc is the same as the - * allocator associated with DlDB...OK? */ - tpFreeCssmData(alloc, &cert, CSSM_FALSE); - cert.Data = NULL; - cert.Length = 0; - - /* Does it verify the subject cert? */ - CSSM_RETURN crtn = subjectItem->verifyWithIssuer(issuerCert); - switch(crtn) { - case CSSM_OK: - break; - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - partialIssuerKey = true; - break; - default: - delete issuerCert; - issuerCert = NULL; - CSSM_DL_FreeUniqueRecord(dlDb, record); - - /* - * Verify fail. Continue searching this DB. Break on - * finding the holy grail or no more records found. - */ - for(;;) { - cert.Data = NULL; - cert.Length = 0; - CSSM_RETURN crtn = CSSM_DL_DataGetNext(dlDb, - resultHand, - NULL, // no attrs - &cert, - &record); - if(crtn) { - /* no more, done with this DB */ - assert(cert.Data == NULL); - break; - } - assert(cert.Data != NULL); - - /* found one - does it verify subject? */ - issuerCert = new TPCertInfo(clHand, cspHand, &cert, TIC_CopyData, - verifyTime); - /* we're done with raw cert data */ - tpFreeCssmData(alloc, &cert, CSSM_FALSE); - cert.Data = NULL; - cert.Length = 0; - - /* FIXME - figure out allowExpire, etc. */ - crtn = subjectItem->verifyWithIssuer(issuerCert); - foundIt = false; - switch(crtn) { - case CSSM_OK: - foundIt = true; - break; - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - partialIssuerKey = true; - foundIt = true; - break; - default: - break; - } - if(foundIt) { - /* yes! */ - break; - } - delete issuerCert; - CSSM_DL_FreeUniqueRecord(dlDb, record); - issuerCert = NULL; - } /* searching subsequent records */ - } /* switch verify */ - - if(issuerCert != NULL) { - /* successful return */ - tpDebug("tpDbFindIssuer: found cert record %p", record); - CSSM_DL_DataAbortQuery(dlDb, resultHand); - issuerCert->dlDbHandle(dlDb); - issuerCert->uniqueRecord(record); - return issuerCert; - } - } /* tpCertLookup, i.e., CSSM_DL_DataGetFirst, succeeded */ - else { - assert(cert.Data == NULL); - } - /* in any case, abort the query for this db */ - CSSM_DL_DataAbortQuery(dlDb, resultHand); - - } /* main loop searching dbList */ - - /* issuer not found */ - return NULL; -} - -/* - * Given a DL/DB, look up CRL by issuer name and validity time. - * Subsequent CRLs can be found using the returned result handle. - */ -#define SEARCH_BY_DATE 1 - -static CSSM_DB_UNIQUE_RECORD_PTR tpCrlLookup( - CSSM_DL_DB_HANDLE dlDb, - const CSSM_DATA *issuerName, // DER-encoded - CSSM_TIMESTRING verifyTime, // may be NULL, implies "now" - CSSM_HANDLE_PTR resultHand, // RETURNED - CSSM_DATA_PTR crl) // RETURNED -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE pred[3]; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - char timeStr[CSSM_TIME_STRLEN + 1]; - - crl->Data = NULL; - crl->Length = 0; - - /* Three predicates...first, the issuer name */ - pred[0].DbOperator = CSSM_DB_EQUAL; - pred[0].Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - pred[0].Attribute.Info.Label.AttributeName = "Issuer"; - pred[0].Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - pred[0].Attribute.Value = const_cast(issuerName); - pred[0].Attribute.NumberOfValues = 1; - - /* now before/after. Cook up an appropriate time string. */ - if(verifyTime != NULL) { - /* Caller spec'd tolerate any format */ - int rtn = tpTimeToCssmTimestring(verifyTime, strlen(verifyTime), timeStr); - if(rtn) { - tpErrorLog("tpCrlLookup: Invalid VerifyTime string\n"); - return NULL; - } - } - else { - /* right now */ - StLock _(tpTimeLock()); - timeAtNowPlus(0, TIME_CSSM, timeStr); - } - CSSM_DATA timeData; - timeData.Data = (uint8 *)timeStr; - timeData.Length = CSSM_TIME_STRLEN; - - #if SEARCH_BY_DATE - pred[1].DbOperator = CSSM_DB_LESS_THAN; - pred[1].Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - pred[1].Attribute.Info.Label.AttributeName = "NextUpdate"; - pred[1].Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - pred[1].Attribute.Value = &timeData; - pred[1].Attribute.NumberOfValues = 1; - - pred[2].DbOperator = CSSM_DB_GREATER_THAN; - pred[2].Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - pred[2].Attribute.Info.Label.AttributeName = "ThisUpdate"; - pred[2].Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - pred[2].Attribute.Value = &timeData; - pred[2].Attribute.NumberOfValues = 1; - #endif - - query.RecordType = CSSM_DL_DB_RECORD_X509_CRL; - query.Conjunctive = CSSM_DB_AND; - #if SEARCH_BY_DATE - query.NumSelectionPredicates = 3; - #else - query.NumSelectionPredicates = 1; - #endif - query.SelectionPredicate = pred; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // FIXME - used? - - CSSM_DL_DataGetFirst(dlDb, - &query, - resultHand, - NULL, // don't fetch attributes - crl, - &record); - return record; -} - -/* - * Search a list of DBs for a CRL from the specified issuer and (optional) - * TPCrlVerifyContext.verifyTime. - * Just a boolean return - we found it, or not. If we did, we return a - * TPCrlInfo which has been verified with the specified TPCrlVerifyContext. - */ -TPCrlInfo *tpDbFindIssuerCrl( - TPCrlVerifyContext &vfyCtx, - const CSSM_DATA &issuer, - TPCertInfo &forCert) -{ - uint32 dbDex; - CSSM_HANDLE resultHand; - CSSM_DATA crl; - CSSM_DL_DB_HANDLE dlDb; - CSSM_DB_UNIQUE_RECORD_PTR record; - TPCrlInfo *issuerCrl = NULL; - CSSM_DL_DB_LIST_PTR dbList = vfyCtx.dbList; - CSSM_RETURN crtn; - - if(dbList == NULL) { - return NULL; - } - for(dbDex=0; dbDexNumHandles; dbDex++) { - dlDb = dbList->DLDBHandle[dbDex]; - crl.Data = NULL; - crl.Length = 0; - record = tpCrlLookup(dlDb, - &issuer, - vfyCtx.verifyTime, - &resultHand, - &crl); - /* remember we have to: - * -- abort this query regardless, and - * -- free the CSSM_DATA crl regardless, and - * -- free the unique record if we don't use it - * (by placing it in issuerCert)... - */ - if(record != NULL) { - /* Found one */ - assert(crl.Data != NULL); - issuerCrl = new TPCrlInfo(vfyCtx.clHand, - vfyCtx.cspHand, - &crl, - TIC_CopyData, - vfyCtx.verifyTime); - /* we're done with raw CRL data */ - /* FIXME this assumes that vfyCtx.alloc is the same as the - * allocator associated with DlDB...OK? */ - tpFreeCssmData(vfyCtx.alloc, &crl, CSSM_FALSE); - crl.Data = NULL; - crl.Length = 0; - - /* and we're done with the record */ - CSSM_DL_FreeUniqueRecord(dlDb, record); - - /* Does it verify with specified context? */ - crtn = issuerCrl->verifyWithContext(vfyCtx, &forCert); - if(crtn) { - - delete issuerCrl; - issuerCrl = NULL; - - /* - * Verify fail. Continue searching this DB. Break on - * finding the holy grail or no more records found. - */ - for(;;) { - crl.Data = NULL; - crl.Length = 0; - crtn = CSSM_DL_DataGetNext(dlDb, - resultHand, - NULL, // no attrs - &crl, - &record); - if(crtn) { - /* no more, done with this DB */ - assert(crl.Data == NULL); - break; - } - assert(crl.Data != NULL); - - /* found one - is it any good? */ - issuerCrl = new TPCrlInfo(vfyCtx.clHand, - vfyCtx.cspHand, - &crl, - TIC_CopyData, - vfyCtx.verifyTime); - /* we're done with raw CRL data */ - /* FIXME this assumes that vfyCtx.alloc is the same as the - * allocator associated with DlDB...OK? */ - tpFreeCssmData(vfyCtx.alloc, &crl, CSSM_FALSE); - crl.Data = NULL; - crl.Length = 0; - - CSSM_DL_FreeUniqueRecord(dlDb, record); - - crtn = issuerCrl->verifyWithContext(vfyCtx, &forCert); - if(crtn == CSSM_OK) { - /* yes! */ - break; - } - delete issuerCrl; - issuerCrl = NULL; - } /* searching subsequent records */ - } /* verify fail */ - /* else success! */ - - if(issuerCrl != NULL) { - /* successful return */ - CSSM_DL_DataAbortQuery(dlDb, resultHand); - tpDebug("tpDbFindIssuerCrl: found CRL record %p", record); - return issuerCrl; - } - } /* tpCrlLookup, i.e., CSSM_DL_DataGetFirst, succeeded */ - else { - assert(crl.Data == NULL); - } - /* in any case, abort the query for this db */ - CSSM_DL_DataAbortQuery(dlDb, resultHand); - - } /* main loop searching dbList */ - - /* issuer not found */ - return NULL; -} - -/* - * Update an existing DLDB to be CRL-capable. - */ -static CSSM_RETURN tpAddCrlSchema( - CSSM_DL_DB_HANDLE dlDbHand) -{ - return CSSM_DL_CreateRelation(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - "CSSM_DL_DB_RECORD_X509_CRL", - Security::KeychainCore::Schema::X509CrlSchemaAttributeCount, - Security::KeychainCore::Schema::X509CrlSchemaAttributeList, - Security::KeychainCore::Schema::X509CrlSchemaIndexCount, - Security::KeychainCore::Schema::X509CrlSchemaIndexList); -} - -/* - * Search extensions for specified OID, assumed to have underlying - * value type of uint32; returns the value and true if found. - */ -static bool tpSearchNumericExtension( - const CSSM_X509_EXTENSIONS *extens, - const CSSM_OID *oid, - uint32 *val) -{ - for(uint32 dex=0; dexnumberOfExtensions; dex++) { - const CSSM_X509_EXTENSION *exten = &extens->extensions[dex]; - if(!tpCompareOids(&exten->extnId, oid)) { - continue; - } - if(exten->format != CSSM_X509_DATAFORMAT_PAIR) { - tpErrorLog("***Malformed CRL extension\n"); - continue; - } - *val = *((uint32 *)exten->value.parsedValue); - return true; - } - return false; -} - -/* - * Store a CRL in a DLDB. - * We store the following attributes: - * - * CrlType - * CrlEncoding - * PrintName (Inferred from issuer) - * Issuer - * ThisUpdate - * NextUpdate - * URI (if present) - * CrlNumber (if present) - * DeltaCrlNumber (if present) - */ -#define MAX_CRL_ATTRS 9 - -CSSM_RETURN tpDbStoreCrl( - TPCrlInfo &crl, - CSSM_DL_DB_HANDLE &dlDbHand) -{ - CSSM_DB_ATTRIBUTE_DATA attrs[MAX_CRL_ATTRS]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; - CSSM_DATA crlTypeData; - CSSM_DATA crlEncData; - CSSM_RETURN crtn; - CSSM_DB_UNIQUE_RECORD_PTR recordPtr; - CSSM_CRL_ENCODING crlEnc = CSSM_CRL_ENCODING_DER; - const CSSM_X509_TBS_CERTLIST *tbsCrl; - CSSM_CRL_TYPE crlType; - CSSM_DATA thisUpdateData = {0, NULL}; - CSSM_DATA nextUpdateData = {0, NULL}; - char thisUpdate[CSSM_TIME_STRLEN+1]; - char nextUpdate[CSSM_TIME_STRLEN+1]; - uint32 crlNumber; - uint32 deltaCrlNumber; - CSSM_DATA crlNumberData; - CSSM_DATA deltaCrlNumberData; - bool crlNumberPresent = false; - bool deltaCrlPresent = false; - - tbsCrl = &(crl.x509Crl()->tbsCertList); - - /* CrlType inferred from version */ - if(tbsCrl->version.Length == 0) { - /* should never happen... */ - crlType = CSSM_CRL_TYPE_X_509v1; - } - else { - uint8 vers = tbsCrl->version.Data[tbsCrl->version.Length - 1]; - switch(vers) { - case 0: - crlType = CSSM_CRL_TYPE_X_509v1; - break; - case 1: - crlType = CSSM_CRL_TYPE_X_509v2; - break; - default: - tpErrorLog("***Unknown version in CRL (%u)\n", vers); - crlType = CSSM_CRL_TYPE_X_509v1; - break; - } - } - crlTypeData.Data = (uint8 *)&crlType; - crlTypeData.Length = sizeof(CSSM_CRL_TYPE); - /* encoding more-or-less assumed here */ - crlEncData.Data = (uint8 *)&crlEnc; - crlEncData.Length = sizeof(CSSM_CRL_ENCODING); - - /* printName inferred from issuer */ - CSSM_DATA printName; - const CSSM_DATA *printNamePtr; - printNamePtr = SecInferLabelFromX509Name(&tbsCrl->issuer); - if(printNamePtr) { - printName = *(const_cast(printNamePtr)); - } - else { - printName.Data = (uint8 *)"X509 CRL"; - printName.Length = 8; - } - - /* cook up CSSM_TIMESTRING versions of this/next update */ - int rtn = tpTimeToCssmTimestring((const char *)tbsCrl->thisUpdate.time.Data, - tbsCrl->thisUpdate.time.Length, - thisUpdate); - if(rtn) { - tpErrorLog("***Badly formatted thisUpdate\n"); - } - else { - thisUpdateData.Data = (uint8 *)thisUpdate; - thisUpdateData.Length = CSSM_TIME_STRLEN; - } - if(tbsCrl->nextUpdate.time.Data != NULL) { - rtn = tpTimeToCssmTimestring((const char *)tbsCrl->nextUpdate.time.Data, - tbsCrl->nextUpdate.time.Length, - nextUpdate); - if(rtn) { - tpErrorLog("***Badly formatted nextUpdate\n"); - } - else { - nextUpdateData.Data = (uint8 *)nextUpdate; - nextUpdateData.Length = CSSM_TIME_STRLEN; - } - } - else { - /* - * NextUpdate not present; fake it by using "virtual end of time" - */ - tpTimeToCssmTimestring(CSSM_APPLE_CRL_END_OF_TIME, - strlen(CSSM_APPLE_CRL_END_OF_TIME), nextUpdate); - nextUpdateData.Data = (uint8 *)nextUpdate; - nextUpdateData.Length = CSSM_TIME_STRLEN; - } - - /* optional CrlNumber and DeltaCrlNumber */ - if(tpSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_CrlNumber, - &crlNumber)) { - crlNumberData.Data = (uint8 *)&crlNumber; - crlNumberData.Length = sizeof(uint32); - crlNumberPresent = true; - } - if(tpSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_DeltaCrlIndicator, - &deltaCrlNumber)) { - deltaCrlNumberData.Data = (uint8 *)&deltaCrlNumber; - deltaCrlNumberData.Length = sizeof(uint32); - deltaCrlPresent = true; - } - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlType"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlTypeData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlEncoding"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlEncData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "PrintName"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &printName; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "Issuer"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = const_cast(crl.issuerName()); - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "ThisUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &thisUpdateData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "NextUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &nextUpdateData; - attr++; - - /* now the optional attributes */ - CSSM_DATA uri = *crl.uri(); - if(uri.Data != NULL) { - /* ensure URI string does not contain NULL */ - if(uri.Data[uri.Length - 1] == 0) { - uri.Length--; - } - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "URI"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &uri; - attr++; - } - if(crlNumberPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlNumberData; - attr++; - } - if(deltaCrlPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "DeltaCrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &deltaCrlNumberData; - attr++; - } - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CRL; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = attr - attrs; - recordAttrs.AttributeData = attrs; - - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl.itemData(), - &recordPtr); - if(crtn == CSSMERR_DL_INVALID_RECORDTYPE) { - /* gross hack of inserting this "new" schema that Keychain - * didn't specify */ - crtn = tpAddCrlSchema(dlDbHand); - if(crtn == CSSM_OK) { - /* Retry with a fully capable DLDB */ - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl.itemData(), - &recordPtr); - } - } - if(crtn) { - tpErrorLog("CSSM_DL_DataInsert: %s", cssmErrorString(crtn).c_str()); - } - else { - CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr); - } - - return crtn; -} diff --git a/AppleX509TP/TPDatabase.h b/AppleX509TP/TPDatabase.h deleted file mode 100644 index 85268e69..00000000 --- a/AppleX509TP/TPDatabase.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPDatabase.h - TP's DL/DB access functions. - * - * Created 10/9/2002 by Doug Mitchell. - */ - -#ifndef _TP_DATABASE_H_ -#define _TP_DATABASE_H_ - -#include -#include -#include "TPCertInfo.h" - -#ifdef __cplusplus -extern "C" { -#endif - -TPCertInfo *tpDbFindIssuerCert( - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const TPClItemInfo *subjectItem, - const CSSM_DL_DB_LIST *dbList, - const char *verifyTime, // may be NULL - bool &partialIssuerKey); // RETURNED - -/* - * Search a list of DBs for a CRL from the specified issuer and (optional) - * TPCrlVerifyContext.verifyTime. - * Just a boolean return - we found it, or not. If we did, we return a - * TPCrlInfo which has been verified with the specified TPCrlVerifyContext. - */ -class TPCrlInfo; -class TPCrlVerifyContext; - -TPCrlInfo *tpDbFindIssuerCrl( - TPCrlVerifyContext &vfyCtx, - const CSSM_DATA &issuer, - TPCertInfo &forCert); - -/* - * Store a CRL in a DLDB. - */ -CSSM_RETURN tpDbStoreCrl( - TPCrlInfo &crl, - CSSM_DL_DB_HANDLE &dlDb); - -#ifdef __cplusplus -} -#endif - -#endif /* _TP_DATABASE_H_ */ \ No newline at end of file diff --git a/AppleX509TP/TPNetwork.cpp b/AppleX509TP/TPNetwork.cpp deleted file mode 100644 index 630661cc..00000000 --- a/AppleX509TP/TPNetwork.cpp +++ /dev/null @@ -1,534 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPNetwork.h - LDAP, HTTP and (eventually) other network tools - * - * Written 10/3/2002 by Doug Mitchell. - */ - -#include "TPNetwork.h" -#include "tpdebugging.h" -#include -#include -#include -#include -/* Unix-y fork and file stuff */ -#include -#include -#include -#include -#include - -/* normally, crlrefresh exec'd from here */ -#define CRL_FETCH_TOOL "/usr/bin/crlrefresh" - -/* !NDEBUG, this env var optionally points to crlrefresh */ -#define CRL_FETCH_ENV "TP_CRLREFRESH" - -#define CRL_RBUF_SIZE 1024 /* read this much at a time from pipe */ - -typedef enum { - LT_Crl = 1, - LT_Cert -} LF_Type; - -static CSSM_RETURN tpFetchViaNet( - const CSSM_DATA &url, - LF_Type lfType, - CssmAllocator &alloc, - CSSM_DATA &attrBlob) // mallocd and RETURNED -{ - char *arg1; - int status; - - switch(lfType) { - case LT_Crl: - arg1 = "f"; - break; - case LT_Cert: - arg1 = "F"; - break; - default: - return CSSMERR_TP_INTERNAL_ERROR; - } - - /* create pipe to catch CRL_FETCH_TOOL's output */ - int pipeFds[2]; - status = pipe(pipeFds); - if(status) { - tpErrorLog("tpFetchViaNet: pipe error %d\n", errno); - return CSSMERR_TP_REQUEST_LOST; - } - - pid_t pid = fork(); - if(pid < 0) { - tpErrorLog("tpFetchViaNet: fork error %d\n", errno); - return CSSMERR_TP_REQUEST_LOST; - } - if(pid == 0) { - /* child: run CRL_FETCH_TOOL */ - - /* don't assume URL string is NULL terminated */ - char *urlStr; - if(url.Data[url.Length - 1] == '\0') { - urlStr = (char *)url.Data; - } - else { - urlStr = (char *)alloc.malloc(url.Length + 1); - memmove(urlStr, url.Data, url.Length); - urlStr[url.Length] = '\0'; - } - - /* set up pipeFds[1] as stdout for CRL_FETCH_TOOL */ - status = dup2(pipeFds[1], STDOUT_FILENO); - if(status < 0) { - tpErrorLog("tpFetchViaNet: dup2 error %d\n", errno); - _exit(1); - } - close(pipeFds[0]); - close(pipeFds[1]); - - char *crlFetchTool = CRL_FETCH_TOOL; - #ifndef NDEBUG - char *cft = getenv(CRL_FETCH_ENV); - if(cft) { - crlFetchTool = cft; - } - #endif /* NDEBUG */ - - /* here we go */ - execl(crlFetchTool, CRL_FETCH_TOOL, arg1, urlStr, NULL); - - /* only get here on error */ - Syslog::error("TPNetwork: exec returned %d errno %d", status, errno); - /* we are the child... */ - _exit(1); - } - - /* parent - resulting blob comes in on pipeFds[0] */ - close(pipeFds[1]); - int thisRead = 0; - int totalRead = 0; - char inBuf[CRL_RBUF_SIZE]; - attrBlob.Data = NULL; - attrBlob.Length = 0; // buf size until complete, then actual size of - // good data - CSSM_RETURN crtn = CSSM_OK; - - do { - thisRead = read(pipeFds[0], inBuf, CRL_RBUF_SIZE); - if(thisRead < 0) { - switch(errno) { - case EINTR: - /* try some more */ - continue; - default: - tpErrorLog("tpFetchViaNet: read from child error %d\n", errno); - crtn = CSSMERR_TP_REQUEST_LOST; - break; - } - if(crtn) { - break; - } - } - if(thisRead == 0) { - /* normal termination */ - attrBlob.Length = totalRead; - break; - } - if(attrBlob.Length < (unsigned)(totalRead + thisRead)) { - uint32 newLen = attrBlob.Length + CRL_RBUF_SIZE; - attrBlob.Data = (uint8 *)alloc.realloc(attrBlob.Data, newLen); - attrBlob.Length = newLen; - - } - memmove(attrBlob.Data + totalRead, inBuf, thisRead); - totalRead += thisRead; - } while(1); - - close(pipeFds[0]); - - /* ensure child exits */ - pid_t rtnPid; - do { - rtnPid = wait4(pid, &status, 0 /* options */, NULL /* rusage */); - if(rtnPid == pid) { - if(!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { - tpErrorLog("tpFetchViaNet: bad exit status from child\n"); - crtn = CSSMERR_TP_REQUEST_LOST; - } - /* done */ - break; - } - else if(rtnPid < 0) { - if(errno == EINTR) { - /* try again */ - continue; - } - /* hosed */ - tpErrorLog("tpFetchViaNet: wait4 error %d\n", errno); - crtn = CSSMERR_TP_REQUEST_LOST; - break; - } - else { - tpErrorLog("tpFetchViaNet: wait4 returned %d\n", rtnPid); - crtn = CSSMERR_TP_REQUEST_LOST; - } - } while(1); - - return crtn; -} - -static CSSM_RETURN tpCrlViaNet( - const CSSM_DATA &url, - TPCrlVerifyContext &vfyCtx, - TPCertInfo &forCert, // for verifyWithContext - TPCrlInfo *&rtnCrl) -{ - TPCrlInfo *crl = NULL; - CSSM_DATA crlData; - CSSM_RETURN crtn; - CssmAllocator &alloc = CssmAllocator::standard(); - - crtn = tpFetchViaNet(url, LT_Crl, alloc, crlData); - if(crtn) { - return crtn; - } - try { - crl = new TPCrlInfo(vfyCtx.clHand, - vfyCtx.cspHand, - &crlData, - TIC_CopyData, - vfyCtx.verifyTime); // cssmTimeStr FIMXE - do we need this? - } - catch(...) { - alloc.free(crlData.Data); - rtnCrl = NULL; - return CSSMERR_APPLETP_CRL_NOT_FOUND; - } - alloc.free(crlData.Data); - - /* full CRL verify */ - crtn = crl->verifyWithContext(vfyCtx, &forCert); - if(crtn == CSSM_OK) { - crl->uri(url); - } - else { - delete crl; - crl = NULL; - } - rtnCrl = crl; - return crtn; -} - -static CSSM_RETURN tpIssuerCertViaNet( - const CSSM_DATA &url, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const char *verifyTime, - TPCertInfo &subject, - TPCertInfo *&rtnCert) -{ - TPCertInfo *issuer = NULL; - CSSM_DATA certData; - CSSM_RETURN crtn; - CssmAllocator &alloc = CssmAllocator::standard(); - - crtn = tpFetchViaNet(url, LT_Cert, alloc, certData); - if(crtn) { - tpErrorLog("tpIssuerCertViaNet: net fetch failed\n"); - return CSSMERR_APPLETP_CERT_NOT_FOUND_FROM_ISSUER; - } - try { - issuer = new TPCertInfo(clHand, - cspHand, - &certData, - TIC_CopyData, - verifyTime); - } - catch(...) { - tpErrorLog("tpIssuerCertViaNet: bad cert via net fetch\n"); - alloc.free(certData.Data); - rtnCert = NULL; - return CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER; - } - alloc.free(certData.Data); - - /* subject/issuer match? */ - if(!issuer->isIssuerOf(subject)) { - tpErrorLog("tpIssuerCertViaNet: wrong issuer cert via net fetch\n"); - crtn = CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER; - } - else { - /* yep, do a sig verify */ - crtn = subject.verifyWithIssuer(issuer); - if(crtn) { - tpErrorLog("tpIssuerCertViaNet: sig verify fail for cert via net " - "fetch\n"); - crtn = CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER; - } - } - if(crtn) { - assert(issuer != NULL); - delete issuer; - issuer = NULL; - } - rtnCert = issuer; - return crtn; -} - -/* - * Fetch a CRL or a cert via a GeneralNames. - * Shared by cert and CRL code to avoid duplicating GeneralNames traversal - * code, despite the awkward interface for this function. - */ -static CSSM_RETURN tpFetchViaGeneralNames( - const CE_GeneralNames *names, - TPCertInfo &forCert, - TPCrlVerifyContext *verifyContext, // only for CRLs - CSSM_CL_HANDLE clHand, // only for certs - CSSM_CSP_HANDLE cspHand, // only for certs - const char *verifyTime, // only for certs, optional - /* exactly one must be non-NULL, that one is returned */ - TPCertInfo **certInfo, - TPCrlInfo **crlInfo) -{ - assert(certInfo || crlInfo); - assert(!certInfo || !crlInfo); - CSSM_RETURN crtn; - - for(unsigned nameDex=0; nameDexnumNames; nameDex++) { - CE_GeneralName *name = &names->generalName[nameDex]; - switch(name->nameType) { - case GNT_URI: - if(name->name.Length < 5) { - continue; - } - if(strncmp((char *)name->name.Data, "ldap:", 5) && - strncmp((char *)name->name.Data, "http:", 5) && - strncmp((char *)name->name.Data, "https:", 6)) { - /* eventually handle other schemes here */ - continue; - } - if(certInfo) { - tpDebug(" fetching cert via net"); - crtn = tpIssuerCertViaNet(name->name, - clHand, - cspHand, - verifyTime, - forCert, - *certInfo); - } - else { - tpDebug(" fetching CRL via net"); - assert(verifyContext != NULL); - crtn = tpCrlViaNet(name->name, - *verifyContext, - forCert, - *crlInfo); - } - switch(crtn) { - case CSSM_OK: - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: // caller handles - return crtn; - default: - break; - } - /* not found/no good; try again */ - break; - default: - tpCrlDebug(" tpFetchCrlFromNet: unknown" - "nameType (%u)", (unsigned)name->nameType); - break; - } /* switch nameType */ - } /* for each name */ - if(certInfo) { - return CSSMERR_TP_CERTGROUP_INCOMPLETE; - } - else { - return CSSMERR_APPLETP_CRL_NOT_FOUND; - } -} - -/* - * Fetch CRL(s) from specified cert if the cert has a cRlDistributionPoint - * extension. - * - * Return values: - * CSSM_OK - found and returned fully verified CRL - * CSSMERR_APPLETP_CRL_NOT_FOUND - no CRL in cRlDistributionPoint - * Anything else - gross error, typically from last LDAP/HTTP attempt - * - * FIXME - this whole mechanism sort of falls apart if verifyContext.verifyTime - * is non-NULL. How are we supposed to get the CRL which was valid at - * a specified time in the past? - */ -CSSM_RETURN tpFetchCrlFromNet( - TPCertInfo &cert, - TPCrlVerifyContext &vfyCtx, - TPCrlInfo *&crl) // RETURNED -{ - /* does the cert have a cRlDistributionPoint? */ - CSSM_DATA_PTR fieldValue; // mallocd by CL - - if(vfyCtx.verifyTime != NULL) { - tpErrorLog("***tpFetchCrlFromNet: don't know how to time travel\n"); - return CSSMERR_APPLETP_CRL_NOT_FOUND; - } - CSSM_RETURN crtn = cert.fetchField(&CSSMOID_CrlDistributionPoints, - &fieldValue); - switch(crtn) { - case CSSM_OK: - break; - case CSSMERR_CL_NO_FIELD_VALUES: - /* field not present */ - return CSSMERR_APPLETP_CRL_NOT_FOUND; - default: - /* gross error */ - return crtn; - } - if(fieldValue->Length != sizeof(CSSM_X509_EXTENSION)) { - tpErrorLog("tpFetchCrlFromNet: malformed CSSM_FIELD"); - return CSSMERR_TP_UNKNOWN_FORMAT; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)fieldValue->Data; - CE_CRLDistPointsSyntax *dps = - (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue; - TPCrlInfo *rtnCrl = NULL; - - /* default return if we don't find anything */ - crtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *dp = &dps->distPoints[dex]; - if(dp->distPointName == NULL) { - continue; - } - /* - * FIXME if this uses an indirect CRL, we need to follow the - * crlIssuer field... TBD. - */ - switch(dp->distPointName->nameType) { - case CE_CDNT_NameRelativeToCrlIssuer: - /* not yet */ - tpErrorLog("tpFetchCrlFromNet: " - "CE_CDNT_NameRelativeToCrlIssuerÊnot implemented\n"); - break; - - case CE_CDNT_FullName: - { - CE_GeneralNames *names = dp->distPointName->fullName; - crtn = tpFetchViaGeneralNames(names, - cert, - &vfyCtx, - 0, // clHand, use the one in vfyCtx - 0, // cspHand, ditto - NULL, // verifyTime - in vfyCtx - NULL, - &rtnCrl); - break; - } /* CE_CDNT_FullName */ - - default: - /* not yet */ - tpErrorLog("tpFetchCrlFromNet: " - "unknown distPointName->nameType (%u)\n", - (unsigned)dp->distPointName->nameType); - break; - } /* switch distPointName->nameType */ - if(crtn) { - /* i.e., tpFetchViaGeneralNames SUCCEEDED */ - break; - } - } /* for each distPoints */ - - cert.freeField(&CSSMOID_CrlDistributionPoints, fieldValue); - if(crtn == CSSM_OK) { - assert(rtnCrl != NULL); - crl = rtnCrl; - } - return crtn; -} - -/* - * Fetch issuer cert of specified cert if the cert has an issuerAltName - * with a URI. If non-NULL cert is returned, it has passed subject/issuer - * name comparison and signature verification with target cert. - * - * Return values: - * CSSM_OK - found and returned issuer cert - * CSSMERR_TP_CERTGROUP_INCOMPLETE - no URL in issuerAltName - * CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE - found and returned issuer - * cert, but signature verification needs subsequent retry. - * Anything else - gross error, typically from last LDAP/HTTP attempt - */ -CSSM_RETURN tpFetchIssuerFromNet( - TPCertInfo &subject, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const char *verifyTime, - TPCertInfo *&issuer) // RETURNED -{ - /* does the cert have a issuerAltName? */ - CSSM_DATA_PTR fieldValue; // mallocd by CL - - if(verifyTime != NULL) { - tpErrorLog("***tpFetchIssuerFromNet: don't know how to time travel\n"); - return CSSMERR_TP_CERTGROUP_INCOMPLETE; - } - CSSM_RETURN crtn = subject.fetchField(&CSSMOID_IssuerAltName, - &fieldValue); - switch(crtn) { - case CSSM_OK: - break; - case CSSMERR_CL_NO_FIELD_VALUES: - /* field not present */ - return CSSMERR_TP_CERTGROUP_INCOMPLETE; - default: - /* gross error */ - return crtn; - } - if(fieldValue->Length != sizeof(CSSM_X509_EXTENSION)) { - tpPolicyError("tpFetchIssuerFromNet: malformed CSSM_FIELD"); - return CSSMERR_TP_UNKNOWN_FORMAT; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)fieldValue->Data; - CE_GeneralNames *names = (CE_GeneralNames *)cssmExt->value.parsedValue; - TPCertInfo *rtnCert = NULL; - - crtn = tpFetchViaGeneralNames(names, - subject, - NULL, // verifyContext - clHand, - cspHand, - verifyTime, - &rtnCert, - NULL); - subject.freeField(&CSSMOID_IssuerAltName, fieldValue); - switch(crtn) { - case CSSM_OK: - case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE: - issuer = rtnCert; - break; - default: - break; - } - return crtn; -} - - diff --git a/AppleX509TP/TPNetwork.h b/AppleX509TP/TPNetwork.h deleted file mode 100644 index aa17d186..00000000 --- a/AppleX509TP/TPNetwork.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * TPNetwork.h - LDAP (and eventually) other network tools - * - * Written 10/3/2002 by Doug Mitchell. - */ - -#ifndef _TP_NETWORK_H_ -#define _TP_NETWORK_H_ - -#include -#include "TPCertInfo.h" -#include "TPCrlInfo.h" - -extern "C" { - -/* - * Fetch CRL(s) for specified cert if the cert has a cRlDistributionPoint - * extension. If a non-NULL CRL is returned, it has passed verification - * with specified TPCrlVerifyContext. - * The common, trivial failure of "no URI in a cRlDistributionPoint - * extension" is indicated by CSSMERR_APPLETP_CRL_NOT_FOUND. - */ -extern CSSM_RETURN tpFetchCrlFromNet( - TPCertInfo &cert, - TPCrlVerifyContext &verifyContext, - TPCrlInfo *&crl); // RETURNED - -/* - * Fetch issuer cert of specified cert if the cert has an issuerAltName - * with a URI. If non-NULL cert is returned, it has passed subject/issuer - * name comparison and signature verification with target cert. - * The common, trivial failure of "no URI in an issuerAltName - * extension" is indicated by CSSMERR_TP_CERTGROUP_INCOMPLETE. - * A CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE return indicates that - * subsequent signature verification is needed. - */ -extern CSSM_RETURN tpFetchIssuerFromNet( - TPCertInfo &subject, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const char *verifyTime, - TPCertInfo *&issuer); // RETURNED - -} - -#endif /* TP_NETWORK_H_ */ diff --git a/AppleX509TP/certGroupUtils.cpp b/AppleX509TP/certGroupUtils.cpp deleted file mode 100644 index b4a183c4..00000000 --- a/AppleX509TP/certGroupUtils.cpp +++ /dev/null @@ -1,566 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - certGroupUtils.cpp - - Created 10/9/2000 by Doug Mitchell. -*/ - -#include -#include -#include -#include -#include -#include - -#include "certGroupUtils.h" -#include "tpdebugging.h" -#include "tpTime.h" - -#include /* for memcmp */ - - -/* - * Copy one CSSM_DATA to another, mallocing destination. - */ -void tpCopyCssmData( - CssmAllocator &alloc, - const CSSM_DATA *src, - CSSM_DATA_PTR dst) -{ - dst->Data = (uint8 *)alloc.malloc(src->Length); - dst->Length = src->Length; - memmove(dst->Data, src->Data, src->Length); -} - -/* - * Malloc a CSSM_DATA, copy another one to it. - */ -CSSM_DATA_PTR tpMallocCopyCssmData( - CssmAllocator &alloc, - const CSSM_DATA *src) -{ - CSSM_DATA_PTR dst = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA)); - tpCopyCssmData(alloc, src, dst); - return dst; -} - -/* - * Free the data referenced by a CSSM data, and optionally, the struct itself. - */ -void tpFreeCssmData( - CssmAllocator &alloc, - CSSM_DATA_PTR data, - CSSM_BOOL freeStruct) -{ - if(data == NULL) { - return; - } - if(data->Length != 0) { - tpFree(alloc, data->Data); - } - if(freeStruct) { - tpFree(alloc, data); - } - else { - data->Length = 0; - data->Data = NULL; - } -} - -/* - * Compare two CSSM_DATAs, return CSSM_TRUE if identical. - */ -CSSM_BOOL tpCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2) -{ - if((data1 == NULL) || (data1->Data == NULL) || - (data2 == NULL) || (data2->Data == NULL) || - (data1->Length != data2->Length)) { - return CSSM_FALSE; - } - if(data1->Length != data2->Length) { - return CSSM_FALSE; - } - if(memcmp(data1->Data, data2->Data, data1->Length) == 0) { - return CSSM_TRUE; - } - else { - return CSSM_FALSE; - } -} - -/* - * Free memory via specified plugin's app-level allocator - */ -void tpFreePluginMemory( - CSSM_HANDLE hand, - void *p) -{ - CSSM_API_MEMORY_FUNCS memFuncs; - CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs); - if(crtn) { - tpErrorLog("CSSM_GetAPIMemoryFunctions failure\n"); - /* oh well, leak and continue */ - return; - } - memFuncs.free_func(p, memFuncs.AllocRef); -} - -/* - * Obtain the public key blob from a cert. - */ -CSSM_DATA_PTR tp_CertGetPublicKey( - TPCertInfo *cert, - CSSM_DATA_PTR *valueToFree) // used in tp_CertFreePublicKey -{ - CSSM_RETURN crtn; - CSSM_DATA_PTR val; - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *keyInfo; - - *valueToFree = NULL; - crtn = cert->fetchField(&CSSMOID_X509V1SubjectPublicKeyCStruct, &val); - if(crtn) { - tpErrorLog("Error on CSSM_CL_CertGetFirstFieldValue(PublicKeyCStruct)\n"); - return NULL; - } - *valueToFree = val; - keyInfo = (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)val->Data; - return &keyInfo->subjectPublicKey; -} - -void tp_CertFreePublicKey( - CSSM_CL_HANDLE clHand, - CSSM_DATA_PTR value) -{ - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectPublicKeyCStruct, value); -} - -/* - * Obtain signature algorithm info from a cert. - */ -CSSM_X509_ALGORITHM_IDENTIFIER_PTR tp_CertGetAlgId( - TPCertInfo *cert, - CSSM_DATA_PTR *valueToFree) // used in tp_CertFreeAlgId -{ - CSSM_RETURN crtn; - CSSM_DATA_PTR val; - - *valueToFree = NULL; - crtn = cert->fetchField(&CSSMOID_X509V1SignatureAlgorithm, &val); - if(crtn) { - tpErrorLog("Error on fetchField(CSSMOID_X509V1SignatureAlgorithm)\n"); - return NULL; - } - *valueToFree = val; - return (CSSM_X509_ALGORITHM_IDENTIFIER_PTR)val->Data; -} - -void tp_CertFreeAlgId( - CSSM_CL_HANDLE clHand, - CSSM_DATA_PTR value) -{ - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SignatureAlgorithm, value); -} - -/* - * Determine if two certs - passed in encoded form - are equivalent. - */ -CSSM_BOOL tp_CompareCerts( - const CSSM_DATA *cert1, - const CSSM_DATA *cert2) -{ - return tpCompareCssmData(cert1, cert2); -} - - -/* - * Given a aignature OID, return the corresponding CSSM_ALGID for the - * signature the required key. - */ -CSSM_ALGORITHMS tpOidToAldId( - const CSSM_OID *oid, - CSSM_ALGORITHMS *keyAlg) // RETURNED -{ - *keyAlg = CSSM_ALGID_RSA; // default - if(tpCompareOids(oid, &CSSMOID_MD2WithRSA)) { - return CSSM_ALGID_MD2WithRSA; - } - else if(tpCompareOids(oid, &CSSMOID_MD5WithRSA)) { - return CSSM_ALGID_MD5WithRSA; - } - else if(tpCompareOids(oid, &CSSMOID_SHA1WithRSA)) { - return CSSM_ALGID_SHA1WithRSA; - } - else if(tpCompareOids(oid, &CSSMOID_SHA1WithRSA_OIW)) { - return CSSM_ALGID_SHA1WithRSA; - } - else if(tpCompareOids(oid, &CSSMOID_SHA1WithDSA)) { - *keyAlg = CSSM_ALGID_DSA; - return CSSM_ALGID_SHA1WithDSA; - } - else if(tpCompareOids(oid, &CSSMOID_APPLE_FEE_MD5)) { - *keyAlg = CSSM_ALGID_FEE; - return CSSM_ALGID_FEE_MD5; - } - else if(tpCompareOids(oid, &CSSMOID_APPLE_FEE_SHA1)) { - *keyAlg = CSSM_ALGID_FEE; - return CSSM_ALGID_FEE_SHA1; - } - else if(tpCompareOids(oid, &CSSMOID_APPLE_ECDSA)) { - *keyAlg = CSSM_ALGID_FEE; - return CSSM_ALGID_SHA1WithECDSA; - } - else { - *keyAlg = CSSM_ALGID_NONE; - return CSSM_ALGID_NONE; - } -} - -/* - * Convert a C string to lower case in place. NULL terminator not needed. - */ -void tpToLower( - char *str, - unsigned strLen) -{ - for(unsigned i=0; i= MAX_DNS_COMP_LEN. - * Returns true if a component was found. - */ -static bool tpNextDnsComp( - const char *inBuf, - uint32 &inBufLen, // IN/OUT - char *outBuf, // component RETURNED here - uint32 &outBufLen) // RETURNED length of component -{ - outBufLen = 0; - if(inBufLen == 0) { - return false; - } - - /* skip over leading '.' */ - if(*inBuf == '.') { - inBuf++; - if(--inBufLen == 0) { - return false; - } - } - - /* copy chars until out of data or next '.' found */ - do { - if(*inBuf == '.') { - break; - } - *outBuf++ = *inBuf++; - inBufLen--; - outBufLen++; - if(outBufLen >= MAX_DNS_COMP_LEN) { - /* abort */ - break; - } - } while(inBufLen != 0); - if(outBufLen) { - return true; - } - else { - return false; - } -} - -/* - * Find location of specified substring in given bigstring. Returns - * pointer to start of substring in bigstring, else returns NULL. - */ -static const char *tpSubStr( - const char *bigstr, - uint32 bigstrLen, - const char *substr, - uint32 substrLen) -{ - /* stop searching substrLen chars before end of bigstr */ - const char *endBigStr = bigstr + bigstrLen - substrLen; - for( ; bigstr <= endBigStr; ) { - if(*bigstr == *substr) { - /* first char match - remainder? */ - if(substrLen == 1) { - /* don't count on memcmp(a,b,0) */ - return bigstr; - } - if(!memcmp(bigstr+1, substr+1, substrLen - 1)) { - return bigstr; - } - } - bigstr++; - } - return NULL; -} - -/* - * Compare two DNS components, with full wildcard check. We assume - * that no '.' chars exist (per the processing performed in - * tpNextDnsComp()). Returns CSSM_TRUE on match, else CSSM_FALSE. - */ -static CSSM_BOOL tpCompareComps( - const char *hostComp, // no wildcards - uint32 hostCompLen, - const char *certComp, // wildcards OK here - uint32 certCompLen) -{ - const char *endCertComp = certComp + certCompLen; - const char *endHostComp = hostComp + hostCompLen; - do { - /* wild card in cert name? */ - const char *wildCard = tpSubStr(certComp, certCompLen, - "*", 1); - if(wildCard == NULL) { - /* no, require perfect literal match right now */ - if((hostCompLen == certCompLen) && - !memcmp(hostComp, certComp, certCompLen)) { - return CSSM_TRUE; - } - else { - return CSSM_FALSE; - } - } - - if(wildCard != certComp) { - /* - * Require literal match of hostComp with certComp - * up until (but not including) the wildcard - */ - uint32 subStrLen = wildCard - certComp; - if(subStrLen > hostCompLen) { - /* out of host name chars */ - return CSSM_FALSE; - } - if(memcmp(certComp, hostComp, subStrLen)) { - return CSSM_FALSE; - } - /* OK, skip over substring */ - hostComp += subStrLen; - hostCompLen -= subStrLen; - /* start parsing at the wildcard itself */ - certComp = wildCard; - certCompLen -= subStrLen; - continue; - } - - /* - * Currently looking at a wildcard. - * - * Find substring in hostComp which matches from the char after - * the wildcard up to whichever of these comes next: - * - * -- end of certComp - * -- another wildcard - */ - wildCard++; - if(wildCard == endCertComp) { - /* - * -- Wild card at end of cert's DNS - * -- nothing else to match - rest of hostComp is the wildcard - * match - * -- done, success - */ - return CSSM_TRUE; - } - - const char *afterSubStr; // in certComp - afterSubStr = tpSubStr(wildCard, endCertComp - wildCard, - "*", 1); - if(afterSubStr == NULL) { - /* no more wildcards - use end of certComp */ - afterSubStr = endCertComp; - } - uint32 subStrLen = afterSubStr - wildCard; - const char *foundSub = tpSubStr(hostComp, hostCompLen, - wildCard, subStrLen); - if(foundSub == NULL) { - /* No match of explicit chars */ - return CSSM_FALSE; - } - - /* found it - skip past this substring */ - hostComp = foundSub + subStrLen; - hostCompLen = endHostComp - hostComp; - certComp = afterSubStr; - certCompLen = endCertComp - afterSubStr; - - } while((hostCompLen != 0) || (certCompLen != 0)); - if((hostCompLen == 0) && (certCompLen == 0)) { - return CSSM_TRUE; - } - else { - /* end of one but not the other */ - return CSSM_FALSE; - } -} - -/* - * Compare hostname, is presented to the TP in - * CSSM_APPLE_TP_SSL_OPTIONS.ServerName, to a server name obtained - * from the server's cert (i.e., from subjectAltName or commonName). - * Limited wildcard checking is performed here. - * - * The incoming hostname is assumed to have been processed by tpToLower(); - * we'll perform that processing on certName here. - * - * Returns CSSM_TRUE on match, else CSSM_FALSE. - */ -CSSM_BOOL tpCompareHostNames( - const char *hostName, // spec'd by app, tpToLower'd - uint32 hostNameLen, - char *certName, // from cert, we tpToLower - uint32 certNameLen) -{ - tpToLower(certName, certNameLen); - - /* tolerate optional NULL terminators for both */ - if(hostName[hostNameLen - 1] == '\0') { - hostNameLen--; - } - if(certName[certNameLen - 1] == '\0') { - certNameLen--; - } - - /* case 1: exact match */ - if((certNameLen == hostNameLen) && - !memcmp(certName, hostName, certNameLen)) { - return CSSM_TRUE; - } - - /* - * Case 2: Compare one component at a time, handling wildcards in - * cert's server name. The characters implicitly matched by a - * wildcard span only one component of a dnsName. - */ - do { - /* get next component from each dnsName */ - char hostComp[MAX_DNS_COMP_LEN]; - char certComp[MAX_DNS_COMP_LEN]; - uint32 hostCompLen; - uint32 certCompLen; - - bool foundHost = tpNextDnsComp(hostName, hostNameLen, - hostComp, hostCompLen); - bool foundCert = tpNextDnsComp(certName, certNameLen, - certComp, certCompLen); - if(foundHost != foundCert) { - /* unequal number of components */ - tpPolicyError("tpCompareHostNames: wildcard mismatch (1)"); - return CSSM_FALSE; - } - if(!foundHost) { - /* normal successful termination */ - return CSSM_TRUE; - } - - /* compare individual components */ - if(!tpCompareComps(hostComp, hostCompLen, - certComp, certCompLen)) { - tpPolicyError("tpCompareHostNames: wildcard mismatch (2)"); - return CSSM_FALSE; - } - - /* skip over this component */ - hostName += hostCompLen; - certName += certCompLen; - } while(1); - /* NOT REACHED */ - //assert(0): - return CSSM_FALSE; -} - -/* - * Compare email address, is presented to the TP in - * CSSM_APPLE_TP_SMIME_OPTIONS.SenderEmail, to a string obtained - * from the sender's cert (i.e., from subjectAltName or Subject DN). - * - * Returns CSSM_TRUE on match, else CSSM_FALSE. - * - * Incomiong appEmail string has already been tpNormalizeAddrSpec'd. - * We do that for certEmail string here. - */ -CSSM_BOOL tpCompareEmailAddr( - const char *appEmail, // spec'd by app, normalized - uint32 appEmailLen, - char *certEmail, // from cert, we normalize - uint32 certEmailLen) -{ - tpNormalizeAddrSpec(certEmail, certEmailLen); - - /* tolerate optional NULL terminators for both */ - if(appEmail[appEmailLen - 1] == '\0') { - appEmailLen--; - } - if(certEmail[certEmailLen - 1] == '\0') { - certEmailLen--; - } - if((certEmailLen == appEmailLen) && - !memcmp(certEmail, appEmail, certEmailLen)) { - return CSSM_TRUE; - } - else { - /* mismatch */ - tpPolicyError("tpCompareEmailAddr: app/cert email addrs mismatch"); - return CSSM_FALSE; - } -} diff --git a/AppleX509TP/certGroupUtils.h b/AppleX509TP/certGroupUtils.h deleted file mode 100644 index 07104af9..00000000 --- a/AppleX509TP/certGroupUtils.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - certGroupUtils.h - - Created 10/9/2000 by Doug Mitchell. -*/ - -#ifndef _CERT_GROUP_UTILS_H -#define _CERT_GROUP_UTILS_H - -#include -#include -#include "TPCertInfo.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* quick & dirty port from OS9 to OS X... */ -#define tpFree(alloc, ptr) (alloc).free(ptr) -#define tpMalloc(alloc, size) (alloc).malloc(size) -#define tpCalloc(alloc, num, size) (alloc).calloc(num, size) - -void tpCopyCssmData( - CssmAllocator &alloc, - const CSSM_DATA *src, - CSSM_DATA_PTR dst); -CSSM_DATA_PTR tpMallocCopyCssmData( - CssmAllocator &alloc, - const CSSM_DATA *src); -void tpFreeCssmData( - CssmAllocator &alloc, - CSSM_DATA_PTR data, - CSSM_BOOL freeStruct); -CSSM_BOOL tpCompareCssmData( - const CSSM_DATA *data1, - const CSSM_DATA *data2); - -/* - * This should break if/when CSSM_OID is not the same as - * CSSM_DATA, which is exactly what we want. - */ -#define tpCompareOids(oid1, oid2) tpCompareCssmData(oid1, oid2) - -void tpFreePluginMemory( - CSSM_HANDLE hand, - void *p); - -CSSM_DATA_PTR tp_CertGetPublicKey( - TPCertInfo *cert, - CSSM_DATA_PTR *valueToFree); // used in tp_CertFreePublicKey -void tp_CertFreePublicKey( - CSSM_CL_HANDLE clHand, - CSSM_DATA_PTR value); - -CSSM_X509_ALGORITHM_IDENTIFIER_PTR tp_CertGetAlgId( - TPCertInfo *cert, - CSSM_DATA_PTR *valueToFree); // used in tp_CertFreeAlgId -void tp_CertFreeAlgId( - CSSM_CL_HANDLE clHand, - CSSM_DATA_PTR value); - -CSSM_BOOL tp_CompareCerts( - const CSSM_DATA *cert1, - const CSSM_DATA *cert2); - -/* - * Given an OID, return the corresponding CSSM_ALGID. - */ -CSSM_ALGORITHMS tpOidToAldId( - const CSSM_OID *oid, - CSSM_ALGORITHMS *keyAlg); // RETURNED - -void tpToLower( - char *str, - unsigned strLen); - -void tpNormalizeAddrSpec( - char *addr, - unsigned addrLen); - -CSSM_BOOL tpCompareHostNames( - const char *hostName, // spec'd by app, tpToLower'd - uint32 hostNameLen, - char *certName, // from cert, we tpToLower - uint32 certNameLen); - -CSSM_BOOL tpCompareEmailAddr( - const char *appEmail, // spec'd by app, tpToLower'd - uint32 appEmailLen, - char *certEmail, // from cert, we tpToLower - uint32 certEmailLen); - -#ifdef __cplusplus -} -#endif - -#endif /* _CERT_GROUP_UTILS_H */ diff --git a/AppleX509TP/cssmplugin.exp b/AppleX509TP/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/AppleX509TP/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/AppleX509TP/iSignRootCerts.c b/AppleX509TP/iSignRootCerts.c deleted file mode 100644 index 5bccc65d..00000000 --- a/AppleX509TP/iSignRootCerts.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: iSignRootCerts.c - - Contains: embedded iSign root certs - subject name and public keys - - Written by: Doug Mitchell. - - Copyright: Copyright 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include -#include "rootCerts.h" - -#if TP_ROOT_CERT_ENABLE - -/* - * this static data is generated by extractCertFields, copy&pasted from - * its output into this source file - */ - -/*********************** -Cert File Name: serverbasic.crt -Subject Name : - Country : ZA - State : Western Cape - Locality : Cape Town - Org : Thawte Consulting cc - OrgUnit : Certification Services Division - Common Name : Thawte Server CA - Email addrs : server-certs@thawte.com - ***********************/ -static const uint8 serverbasic_subject_bytes[] = { - 0x30, 0x81, 0xc4, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, 0x41, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x0c, 0x57, 0x45, 0x53, 0x54, 0x45, - 0x52, 0x4e, 0x20, 0x43, 0x41, 0x50, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x09, 0x43, 0x41, 0x50, 0x45, 0x20, 0x54, - 0x4f, 0x57, 0x4e, 0x31, 0x1d, 0x30, 0x1b, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x54, 0x48, - 0x41, 0x57, 0x54, 0x45, 0x20, 0x43, 0x4f, 0x4e, - 0x53, 0x55, 0x4c, 0x54, 0x49, 0x4e, 0x47, 0x20, - 0x43, 0x43, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x43, 0x45, 0x52, - 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, - 0x4f, 0x4e, 0x20, 0x53, 0x45, 0x52, 0x56, 0x49, - 0x43, 0x45, 0x53, 0x20, 0x44, 0x49, 0x56, 0x49, - 0x53, 0x49, 0x4f, 0x4e, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x54, - 0x48, 0x41, 0x57, 0x54, 0x45, 0x20, 0x53, 0x45, - 0x52, 0x56, 0x45, 0x52, 0x20, 0x43, 0x41, 0x31, - 0x26, 0x30, 0x24, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x17, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2d, 0x63, - 0x65, 0x72, 0x74, 0x73, 0x40, 0x74, 0x68, 0x61, - 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d -}; -const CSSM_DATA serverbasic_subject = { 199, (uint8 *)serverbasic_subject_bytes }; -static const uint8 serverbasic_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xd3, - 0xa4, 0x50, 0x6e, 0xc8, 0xff, 0x56, 0x6b, 0xe6, - 0xcf, 0x5d, 0xb6, 0xea, 0x0c, 0x68, 0x75, 0x47, - 0xa2, 0xaa, 0xc2, 0xda, 0x84, 0x25, 0xfc, 0xa8, - 0xf4, 0x47, 0x51, 0xda, 0x85, 0xb5, 0x20, 0x74, - 0x94, 0x86, 0x1e, 0x0f, 0x75, 0xc9, 0xe9, 0x08, - 0x61, 0xf5, 0x06, 0x6d, 0x30, 0x6e, 0x15, 0x19, - 0x02, 0xe9, 0x52, 0xc0, 0x62, 0xdb, 0x4d, 0x99, - 0x9e, 0xe2, 0x6a, 0x0c, 0x44, 0x38, 0xcd, 0xfe, - 0xbe, 0xe3, 0x64, 0x09, 0x70, 0xc5, 0xfe, 0xb1, - 0x6b, 0x29, 0xb6, 0x2f, 0x49, 0xc8, 0x3b, 0xd4, - 0x27, 0x04, 0x25, 0x10, 0x97, 0x2f, 0xe7, 0x90, - 0x6d, 0xc0, 0x28, 0x42, 0x99, 0xd7, 0x4c, 0x43, - 0xde, 0xc3, 0xf5, 0x21, 0x6d, 0x54, 0x9f, 0x5d, - 0xc3, 0x58, 0xe1, 0xc0, 0xe4, 0xd9, 0x5b, 0xb0, - 0xb8, 0xdc, 0xb4, 0x7b, 0xdf, 0x36, 0x3a, 0xc2, - 0xb5, 0x66, 0x22, 0x12, 0xd6, 0x87, 0x0d, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -const CSSM_DATA serverbasic_pubKey = { 140, (uint8 *)serverbasic_pubKey_bytes }; - - -/*********************** -Cert File Name: serverpremium.crt -Subject Name : - Country : ZA - State : Western Cape - Locality : Cape Town - Org : Thawte Consulting cc - OrgUnit : Certification Services Division - Common Name : Thawte Premium Server CA - Email addrs : premium-server@thawte.com - ***********************/ -static const uint8 serverpremium_subject_bytes[] = { - 0x30, 0x81, 0xce, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, 0x41, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x0c, 0x57, 0x45, 0x53, 0x54, 0x45, - 0x52, 0x4e, 0x20, 0x43, 0x41, 0x50, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x09, 0x43, 0x41, 0x50, 0x45, 0x20, 0x54, - 0x4f, 0x57, 0x4e, 0x31, 0x1d, 0x30, 0x1b, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x54, 0x48, - 0x41, 0x57, 0x54, 0x45, 0x20, 0x43, 0x4f, 0x4e, - 0x53, 0x55, 0x4c, 0x54, 0x49, 0x4e, 0x47, 0x20, - 0x43, 0x43, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x43, 0x45, 0x52, - 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, - 0x4f, 0x4e, 0x20, 0x53, 0x45, 0x52, 0x56, 0x49, - 0x43, 0x45, 0x53, 0x20, 0x44, 0x49, 0x56, 0x49, - 0x53, 0x49, 0x4f, 0x4e, 0x31, 0x21, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x54, - 0x48, 0x41, 0x57, 0x54, 0x45, 0x20, 0x50, 0x52, - 0x45, 0x4d, 0x49, 0x55, 0x4d, 0x20, 0x53, 0x45, - 0x52, 0x56, 0x45, 0x52, 0x20, 0x43, 0x41, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x19, - 0x70, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x2d, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x40, 0x74, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, - 0x6d -}; -const CSSM_DATA serverpremium_subject = { 209, (uint8 *)serverpremium_subject_bytes }; -static const uint8 serverpremium_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xd2, - 0x36, 0x36, 0x6a, 0x8b, 0xd7, 0xc2, 0x5b, 0x9e, - 0xda, 0x81, 0x41, 0x62, 0x8f, 0x38, 0xee, 0x49, - 0x04, 0x55, 0xd6, 0xd0, 0xef, 0x1c, 0x1b, 0x95, - 0x16, 0x47, 0xef, 0x18, 0x48, 0x35, 0x3a, 0x52, - 0xf4, 0x2b, 0x6a, 0x06, 0x8f, 0x3b, 0x2f, 0xea, - 0x56, 0xe3, 0xaf, 0x86, 0x8d, 0x9e, 0x17, 0xf7, - 0x9e, 0xb4, 0x65, 0x75, 0x02, 0x4d, 0xef, 0xcb, - 0x09, 0xa2, 0x21, 0x51, 0xd8, 0x9b, 0xd0, 0x67, - 0xd0, 0xba, 0x0d, 0x92, 0x06, 0x14, 0x73, 0xd4, - 0x93, 0xcb, 0x97, 0x2a, 0x00, 0x9c, 0x5c, 0x4e, - 0x0c, 0xbc, 0xfa, 0x15, 0x52, 0xfc, 0xf2, 0x44, - 0x6e, 0xda, 0x11, 0x4a, 0x6e, 0x08, 0x9f, 0x2f, - 0x2d, 0xe3, 0xf9, 0xaa, 0x3a, 0x86, 0x73, 0xb6, - 0x46, 0x53, 0x58, 0xc8, 0x89, 0x05, 0xbd, 0x83, - 0x11, 0xb8, 0x73, 0x3f, 0xaa, 0x07, 0x8d, 0xf4, - 0x42, 0x4d, 0xe7, 0x40, 0x9d, 0x1c, 0x37, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -const CSSM_DATA serverpremium_pubKey = { 140, (uint8 *)serverpremium_pubKey_bytes }; - - -/*********************** -Cert File Name: PCA3ss_v4.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 3 Public Primary Certification Authority - ***********************/ -static const uint8 PCA3ss_v4_subject_bytes[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, 0x49, - 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, 0x2e, - 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2e, 0x43, 0x4c, 0x41, 0x53, 0x53, - 0x20, 0x33, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, - 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, 0x52, - 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, - 0x59 -}; -const CSSM_DATA PCA3ss_v4_subject = { 97, (uint8 *)PCA3ss_v4_subject_bytes }; -static const uint8 PCA3ss_v4_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, - 0x5c, 0x59, 0x9e, 0xf2, 0x1b, 0x8a, 0x01, 0x14, - 0xb4, 0x10, 0xdf, 0x04, 0x40, 0xdb, 0xe3, 0x57, - 0xaf, 0x6a, 0x45, 0x40, 0x8f, 0x84, 0x0c, 0x0b, - 0xd1, 0x33, 0xd9, 0xd9, 0x11, 0xcf, 0xee, 0x02, - 0x58, 0x1f, 0x25, 0xf7, 0x2a, 0xa8, 0x44, 0x05, - 0xaa, 0xec, 0x03, 0x1f, 0x78, 0x7f, 0x9e, 0x93, - 0xb9, 0x9a, 0x00, 0xaa, 0x23, 0x7d, 0xd6, 0xac, - 0x85, 0xa2, 0x63, 0x45, 0xc7, 0x72, 0x27, 0xcc, - 0xf4, 0x4c, 0xc6, 0x75, 0x71, 0xd2, 0x39, 0xef, - 0x4f, 0x42, 0xf0, 0x75, 0xdf, 0x0a, 0x90, 0xc6, - 0x8e, 0x20, 0x6f, 0x98, 0x0f, 0xf8, 0xac, 0x23, - 0x5f, 0x70, 0x29, 0x36, 0xa4, 0xc9, 0x86, 0xe7, - 0xb1, 0x9a, 0x20, 0xcb, 0x53, 0xa5, 0x85, 0xe7, - 0x3d, 0xbe, 0x7d, 0x9a, 0xfe, 0x24, 0x45, 0x33, - 0xdc, 0x76, 0x15, 0xed, 0x0f, 0xa2, 0x71, 0x64, - 0x4c, 0x65, 0x2e, 0x81, 0x68, 0x45, 0xa7, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -const CSSM_DATA PCA3ss_v4_pubKey = { 140, (uint8 *)PCA3ss_v4_pubKey_bytes }; - - -/* end of static data generated by extractCertFields */ - -const tpRootCert iSignRootCerts[] = { - { &serverbasic_subject, &serverbasic_pubKey, 1024 }, - { &serverpremium_subject, &serverpremium_pubKey, 1024 }, - { &PCA3ss_v4_subject, &PCA3ss_v4_pubKey, 1024 } -}; - -unsigned const numiSignRootCerts = sizeof(iSignRootCerts) / sizeof(tpRootCert); - -#endif /* TP_ROOT_CERT_ENABLE */ diff --git a/AppleX509TP/rootCerts.cpp b/AppleX509TP/rootCerts.cpp deleted file mode 100644 index 15bc3a5e..00000000 --- a/AppleX509TP/rootCerts.cpp +++ /dev/null @@ -1,302 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please - * see the License for the specific language governing rights and - * limitations under the License. - */ - - -/* - File: rootCerts.cp - - Contains: Bridge between SecTrustGetCSSMAnchorCertificates() and - TP's internally cached tpRootCert array. - - Written by: Doug Mitchell. - - Copyright: Copyright 2002 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "rootCerts.h" - -#if TP_ROOT_CERT_ENABLE - -#include "certGroupUtils.h" -#include "tpdebugging.h" -#include -#include -#include -#include - -/* static in TPRootStore */ -ModuleNexus TPRootStore::tpGlobalRoots; - -TPRootStore::~TPRootStore() -{ - /* - * Technically this never gets called because the only instance - * of a TPRootStore is via tpGlobalRoots. Freeing mRootCerts - * here really doesn't accomplish anything. - */ -} - -const tpRootCert *TPRootStore::rootCerts( - CSSM_CL_HANDLE clHand, - unsigned &numRootCerts) -{ - StLock _(mLock); - if(mRootCerts) { - numRootCerts = mNumRootCerts; - return mRootCerts; - } - - CssmAllocator &alloc(CssmAllocator::standard()); - CertGroup roots; - tpRootCert *tpRoots = NULL; // copy to mRootCerts on success - unsigned numTpRoots = 0; - - try { - /* Obtain system-wide root certs in blob format */ - Security::KeychainCore::TrustStore &trustStore = - Security::KeychainCore::Trust::gStore(); - trustStore.getCssmRootCertificates(roots); - if(roots.type() != CSSM_CERTGROUP_DATA) { - secdebug("tpAnchor", "Bad certGroup Type (%d)\n", - (int)roots.type()); - return NULL; - } - numTpRoots = roots.count(); - if(numTpRoots == 0) { - secdebug("tpAnchor", "empty certGroup\n"); - return NULL; - } - - /* set up tpRoots array, one for each cert in the group */ - tpRoots = - (tpRootCert *)alloc.malloc(numTpRoots * sizeof(tpRootCert)); - memset(tpRoots, 0, numTpRoots * sizeof(tpRootCert)); - for(uint32 certNum=0; certNumsubjectName); - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectName, - field); - - /* extract public key info - the blob and key size in bits */ - CSSM_KEY_PTR key; - crtn = CSSM_CL_CertGetKeyInfo(clHand, certData, &key); - if(crtn) { - secdebug("tpAnchor", "CSSM_CL_CertGetKeyInfo error on cert %u", - (unsigned)certNum); - /* clear out this tpRoot? */ - continue; - } - tpCopyCssmData(alloc, &key->KeyData, &tpRoot->publicKey); - tpRoot->keySize = key->KeyHeader.LogicalKeySizeInBits; - - /* A hole in the CDSA API: there is no free function at the - * CL API for this key. It got mallocd with clHand's - * allocator.... - */ - CSSM_API_MEMORY_FUNCS memFuncs; - crtn = CSSM_GetAPIMemoryFunctions(clHand, &memFuncs); - if(crtn) { - secdebug("tpAnchor", "CSSM_GetAPIMemoryFunctions error"); - /* Oh well.. */ - continue; - } - memFuncs.free_func(key->KeyData.Data, memFuncs.AllocRef); - memFuncs.free_func(key, memFuncs.AllocRef); - } /* main loop */ - } - catch(...) { - /* TBD */ - return NULL; - } - mNumRootCerts = numTpRoots; - numRootCerts = mNumRootCerts; - mRootCerts = tpRoots; - return mRootCerts; -} - -/* - * Compare a root cert to a list of known embedded roots. - */ -CSSM_BOOL tp_isKnownRootCert( - TPCertInfo *rootCert, // raw cert to compare - CSSM_CL_HANDLE clHand) -{ - const CSSM_DATA *subjectName = NULL; - CSSM_DATA_PTR publicKey = NULL; - unsigned dex; - CSSM_BOOL brtn = CSSM_FALSE; - CSSM_DATA_PTR valToFree = NULL; - const tpRootCert *roots; - unsigned numRoots; - - roots = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRoots); - - subjectName = rootCert->subjectName(); - publicKey = tp_CertGetPublicKey(rootCert, &valToFree); - if(publicKey == NULL) { - tpPolicyError("tp_isKnownRootCert: error retrieving public " - "key info!"); - goto errOut; - } - - /* - * Grind thru the list of known certs, demanding perfect match of - * both fields - */ - for(dex=0; dexclHand(), valToFree); - return brtn; -} - -/* - * Attempt to verify specified cert (from the end of a chain) with one of - * our known roots. - */ -CSSM_BOOL tp_verifyWithKnownRoots( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertInfo *certToVfy) // last in chain, not root -{ - CSSM_KEY rootKey; // pub key manufactured from tpRootCert info - CSSM_CC_HANDLE ccHand; // signature context - CSSM_RETURN crtn; - unsigned dex; - const tpRootCert *rootInfo; - CSSM_BOOL brtn = CSSM_FALSE; - CSSM_KEYHEADER *hdr = &rootKey.KeyHeader; - CSSM_X509_ALGORITHM_IDENTIFIER_PTR algId; - CSSM_DATA_PTR valToFree = NULL; - CSSM_ALGORITHMS sigAlg; - const tpRootCert *rootCerts = NULL; - unsigned numRootCerts = 0; - - memset(&rootKey, 0, sizeof(CSSM_KEY)); - - /* - * Get signature algorithm from subject key - */ - algId = tp_CertGetAlgId(certToVfy, &valToFree); - if(algId == NULL) { - /* bad cert */ - return CSSM_FALSE; - } - /* subsequest errors to errOut: */ - - /* map to key and signature algorithm */ - sigAlg = tpOidToAldId(&algId->algorithm, &hdr->AlgorithmId); - if(sigAlg == CSSM_ALGID_NONE) { - tpPolicyError("tp_verifyWithKnownRoots: unknown sig alg"); - goto errOut; - } - - /* Set up other constant key fields */ - hdr->BlobType = CSSM_KEYBLOB_RAW; - switch(hdr->AlgorithmId) { - case CSSM_ALGID_RSA: - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - break; - case CSSM_ALGID_DSA: - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - break; - case CSSM_ALGID_FEE: - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - break; - default: - /* punt */ - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - hdr->KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_VERIFY; - - rootCerts = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRootCerts); - for(dex=0; dexsubjectName, certToVfy->issuerName())) { - /* not this root */ - continue; - } - - /* only variation in key in the loop - raw key bits and size */ - rootKey.KeyData = rootInfo->publicKey; - hdr->LogicalKeySizeInBits = rootInfo->keySize; - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // AcccedCred - &rootKey, - &ccHand); - if(crtn) { - tpPolicyError("tp_verifyWithKnownRoots: " - "CSSM_CSP_CreateSignatureContext err"); - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - } - crtn = CSSM_CL_CertVerify(clHand, - ccHand, - certToVfy->itemData(), - NULL, // no signer cert - NULL, // VerifyScope - 0); // ScopeSize - CSSM_DeleteContext(ccHand); - if(crtn == CSSM_OK) { - /* success! */ - brtn = CSSM_TRUE; - break; - } - } -errOut: - if(valToFree != NULL) { - tp_CertFreeAlgId(clHand, valToFree); - } - return brtn; -} - -#endif /* TP_ROOT_CERT_ENABLE */ - diff --git a/AppleX509TP/rootCerts.h b/AppleX509TP/rootCerts.h deleted file mode 100644 index ec514882..00000000 --- a/AppleX509TP/rootCerts.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: rootCerts.h - - Contains: Interface to local cache of system-wide trusted root certs - - Written by: Doug Mitchell. - - Copyright: Copyright 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _TP_ROOT_CERTS_H_ -#define _TP_ROOT_CERTS_H_ - -/* - * As of 3/18/02, use of the built-in root certs is disabled by default. - * Their use is enabled at in CSSM_TP_CertGroupVerify by the use of the - * CSSM_TP_USE_INTERNAL_ROOT_CERTS bit in - * CSSM_APPLE_TP_ACTION_DATA.ActionFlags. The presence of the root certs - * at all (at compile time) is controlled TP_ROOT_CERT_ENABLE. - */ -#define TP_ROOT_CERT_ENABLE 0 - -#if TP_ROOT_CERT_ENABLE - -#include -#include -#include -#include "TPCertInfo.h" - -/* - * Each one of these represents one known root cert. - */ -typedef struct { - CSSM_DATA subjectName; // normalized and DER-encoded - CSSM_DATA publicKey; // DER-encoded - uint32 keySize; -} tpRootCert; - -/* One of these per process which caches the roots in tpRootCert format */ -class TPRootStore -{ -public: - TPRootStore() : mRootCerts(NULL), mNumRootCerts(0) { } - ~TPRootStore(); - const tpRootCert *rootCerts( - CSSM_CL_HANDLE clHand, - unsigned &numRootCerts); - static ModuleNexus tpGlobalRoots; - -private: - tpRootCert *mRootCerts; - unsigned mNumRootCerts; - Mutex mLock; -}; - - -/* - * Compare a root cert to a list of known embedded roots. - */ -extern "C" { - -CSSM_BOOL tp_isKnownRootCert( - TPCertInfo *rootCert, // raw cert to compare - CSSM_CL_HANDLE clHand); - -CSSM_BOOL tp_verifyWithKnownRoots( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertInfo *certToVfy); // last in chain, not root - -} - -#endif /* TP_ROOT_CERT_ENABLE */ - -#endif /* _TP_ROOT_CERTS_H_ */ diff --git a/AppleX509TP/sslRootCerts.c b/AppleX509TP/sslRootCerts.c deleted file mode 100644 index 4150c09a..00000000 --- a/AppleX509TP/sslRootCerts.c +++ /dev/null @@ -1,1429 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslRootCerts.c - - Contains: embedded SSL root certs - subject name and public keys - - Written by: Doug Mitchell. - - Copyright: Copyright 2000 by Apple Computer, Inc., all rights reserved. - -*/ - -#include -#include "rootCerts.h" - -#if TP_ROOT_CERT_ENABLE - -/*********************** -Cert File Name: Class1_PCA_G2_v2.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 1 Public Primary Certification Authority - G2 - OrgUnit : (c) 1998 VeriSign, Inc. - For authorized use only - OrgUnit : VeriSign Trust Network - ***********************/ -static const uint8 Class1_PCA_G2_v2_subject_bytes[] = { - 0x30, 0x81, 0xc1, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x33, 0x43, 0x4c, 0x41, 0x53, - 0x53, 0x20, 0x31, 0x20, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, - 0x52, 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, - 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, - 0x20, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x31, - 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x31, 0x28, 0x43, 0x29, 0x20, 0x31, 0x39, - 0x39, 0x38, 0x20, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x4f, 0x52, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x5a, - 0x45, 0x44, 0x20, 0x55, 0x53, 0x45, 0x20, 0x4f, - 0x4e, 0x4c, 0x59, 0x31, 0x1f, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, 0x45, - 0x52, 0x49, 0x53, 0x49, 0x47, 0x4e, 0x20, 0x54, - 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x45, 0x54, - 0x57, 0x4f, 0x52, 0x4b -}; -static const CSSM_DATA Class1_PCA_G2_v2_subject = { 196, (uint8 *)Class1_PCA_G2_v2_subject_bytes }; -static const uint8 Class1_PCA_G2_v2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, - 0xd0, 0xba, 0xbe, 0x16, 0x2d, 0xb8, 0x83, 0xd4, - 0xca, 0xd2, 0x0f, 0xbc, 0x76, 0x31, 0xca, 0x94, - 0xd8, 0x1d, 0x93, 0x8c, 0x56, 0x02, 0xbc, 0xd9, - 0x6f, 0x1a, 0x6f, 0x52, 0x36, 0x6e, 0x75, 0x56, - 0x0a, 0x55, 0xd3, 0xdf, 0x43, 0x87, 0x21, 0x11, - 0x65, 0x8a, 0x7e, 0x8f, 0xbd, 0x21, 0xde, 0x6b, - 0x32, 0x3f, 0x1b, 0x84, 0x34, 0x95, 0x05, 0x9d, - 0x41, 0x35, 0xeb, 0x92, 0xeb, 0x96, 0xdd, 0xaa, - 0x59, 0x3f, 0x01, 0x53, 0x6d, 0x99, 0x4f, 0xed, - 0xe5, 0xe2, 0x2a, 0x5a, 0x90, 0xc1, 0xb9, 0xc4, - 0xa6, 0x15, 0xcf, 0xc8, 0x45, 0xeb, 0xa6, 0x5d, - 0x8e, 0x9c, 0x3e, 0xf0, 0x64, 0x24, 0x76, 0xa5, - 0xcd, 0xab, 0x1a, 0x6f, 0xb6, 0xd8, 0x7b, 0x51, - 0x61, 0x6e, 0xa6, 0x7f, 0x87, 0xc8, 0xe2, 0xb7, - 0xe5, 0x34, 0xdc, 0x41, 0x88, 0xea, 0x09, 0x40, - 0xbe, 0x73, 0x92, 0x3d, 0x6b, 0xe7, 0x75, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA Class1_PCA_G2_v2_pubKey = { 140, (uint8 *)Class1_PCA_G2_v2_pubKey_bytes }; - - -/*********************** -Cert File Name: Class2_PCA_G2_v2.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 2 Public Primary Certification Authority - G2 - OrgUnit : (c) 1998 VeriSign, Inc. - For authorized use only - OrgUnit : VeriSign Trust Network - ***********************/ -static const uint8 Class2_PCA_G2_v2_subject_bytes[] = { - 0x30, 0x81, 0xc1, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x33, 0x43, 0x4c, 0x41, 0x53, - 0x53, 0x20, 0x32, 0x20, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, - 0x52, 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, - 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, - 0x20, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x31, - 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x31, 0x28, 0x43, 0x29, 0x20, 0x31, 0x39, - 0x39, 0x38, 0x20, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x4f, 0x52, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x5a, - 0x45, 0x44, 0x20, 0x55, 0x53, 0x45, 0x20, 0x4f, - 0x4e, 0x4c, 0x59, 0x31, 0x1f, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, 0x45, - 0x52, 0x49, 0x53, 0x49, 0x47, 0x4e, 0x20, 0x54, - 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x45, 0x54, - 0x57, 0x4f, 0x52, 0x4b -}; -static const CSSM_DATA Class2_PCA_G2_v2_subject = { 196, (uint8 *)Class2_PCA_G2_v2_subject_bytes }; -static const uint8 Class2_PCA_G2_v2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, - 0x88, 0x01, 0x21, 0x74, 0x2c, 0xe7, 0x1a, 0x03, - 0xf0, 0x98, 0xe1, 0x97, 0x3c, 0x0f, 0x21, 0x08, - 0xf1, 0x9c, 0xdb, 0x97, 0xe9, 0x9a, 0xfc, 0xc2, - 0x04, 0x06, 0x13, 0xbe, 0x5f, 0x52, 0xc8, 0xcc, - 0x1e, 0x2c, 0x12, 0x56, 0x2c, 0xb8, 0x01, 0x69, - 0x2c, 0xcc, 0x99, 0x1f, 0xad, 0xb0, 0x96, 0xae, - 0x79, 0x04, 0xf2, 0x13, 0x39, 0xc1, 0x7b, 0x98, - 0xba, 0x08, 0x2c, 0xe8, 0xc2, 0x84, 0x13, 0x2c, - 0xaa, 0x69, 0xe9, 0x09, 0xf4, 0xc7, 0xa9, 0x02, - 0xa4, 0x42, 0xc2, 0x23, 0x4f, 0x4a, 0xd8, 0xf0, - 0x0e, 0xa2, 0xfb, 0x31, 0x6c, 0xc9, 0xe6, 0x6f, - 0x99, 0x27, 0x07, 0xf5, 0xe6, 0xf4, 0x4c, 0x78, - 0x9e, 0x6d, 0xeb, 0x46, 0x86, 0xfa, 0xb9, 0x86, - 0xc9, 0x54, 0xf2, 0xb2, 0xc4, 0xaf, 0xd4, 0x46, - 0x1c, 0x5a, 0xc9, 0x15, 0x30, 0xff, 0x0d, 0x6c, - 0xf5, 0x2d, 0x0e, 0x6d, 0xce, 0x7f, 0x77, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA Class2_PCA_G2_v2_pubKey = { 140, (uint8 *)Class2_PCA_G2_v2_pubKey_bytes }; - - -/*********************** -Cert File Name: Class3_PCA_G2_v2.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 3 Public Primary Certification Authority - G2 - OrgUnit : (c) 1998 VeriSign, Inc. - For authorized use only - OrgUnit : VeriSign Trust Network - ***********************/ -static const uint8 Class3_PCA_G2_v2_subject_bytes[] = { - 0x30, 0x81, 0xc1, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x33, 0x43, 0x4c, 0x41, 0x53, - 0x53, 0x20, 0x33, 0x20, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, - 0x52, 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, - 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, - 0x20, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x31, - 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x31, 0x28, 0x43, 0x29, 0x20, 0x31, 0x39, - 0x39, 0x38, 0x20, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x4f, 0x52, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x5a, - 0x45, 0x44, 0x20, 0x55, 0x53, 0x45, 0x20, 0x4f, - 0x4e, 0x4c, 0x59, 0x31, 0x1f, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, 0x45, - 0x52, 0x49, 0x53, 0x49, 0x47, 0x4e, 0x20, 0x54, - 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x45, 0x54, - 0x57, 0x4f, 0x52, 0x4b -}; -static const CSSM_DATA Class3_PCA_G2_v2_subject = { 196, (uint8 *)Class3_PCA_G2_v2_subject_bytes }; -static const uint8 Class3_PCA_G2_v2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcc, - 0x5e, 0xd1, 0x11, 0x5d, 0x5c, 0x69, 0xd0, 0xab, - 0xd3, 0xb9, 0x6a, 0x4c, 0x99, 0x1f, 0x59, 0x98, - 0x30, 0x8e, 0x16, 0x85, 0x20, 0x46, 0x6d, 0x47, - 0x3f, 0xd4, 0x85, 0x20, 0x84, 0xe1, 0x6d, 0xb3, - 0xf8, 0xa4, 0xed, 0x0c, 0xf1, 0x17, 0x0f, 0x3b, - 0xf9, 0xa7, 0xf9, 0x25, 0xd7, 0xc1, 0xcf, 0x84, - 0x63, 0xf2, 0x7c, 0x63, 0xcf, 0xa2, 0x47, 0xf2, - 0xc6, 0x5b, 0x33, 0x8e, 0x64, 0x40, 0x04, 0x68, - 0xc1, 0x80, 0xb9, 0x64, 0x1c, 0x45, 0x77, 0xc7, - 0xd8, 0x6e, 0xf5, 0x95, 0x29, 0x3c, 0x50, 0xe8, - 0x34, 0xd7, 0x78, 0x1f, 0xa8, 0xba, 0x6d, 0x43, - 0x91, 0x95, 0x8f, 0x45, 0x57, 0x5e, 0x7e, 0xc5, - 0xfb, 0xca, 0xa4, 0x04, 0xeb, 0xea, 0x97, 0x37, - 0x54, 0x30, 0x6f, 0xbb, 0x01, 0x47, 0x32, 0x33, - 0xcd, 0xdc, 0x57, 0x9b, 0x64, 0x69, 0x61, 0xf8, - 0x9b, 0x1d, 0x1c, 0x89, 0x4f, 0x5c, 0x67, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA Class3_PCA_G2_v2_pubKey = { 140, (uint8 *)Class3_PCA_G2_v2_pubKey_bytes }; - - -/*********************** -Cert File Name: Class4_PCA_G2_v2.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 4 Public Primary Certification Authority - G2 - OrgUnit : (c) 1998 VeriSign, Inc. - For authorized use only - OrgUnit : VeriSign Trust Network - ***********************/ -static const uint8 Class4_PCA_G2_v2_subject_bytes[] = { - 0x30, 0x81, 0xc1, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x33, 0x43, 0x4c, 0x41, 0x53, - 0x53, 0x20, 0x34, 0x20, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, - 0x52, 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, - 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, - 0x20, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x31, - 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x31, 0x28, 0x43, 0x29, 0x20, 0x31, 0x39, - 0x39, 0x38, 0x20, 0x56, 0x45, 0x52, 0x49, 0x53, - 0x49, 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x4f, 0x52, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x5a, - 0x45, 0x44, 0x20, 0x55, 0x53, 0x45, 0x20, 0x4f, - 0x4e, 0x4c, 0x59, 0x31, 0x1f, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, 0x45, - 0x52, 0x49, 0x53, 0x49, 0x47, 0x4e, 0x20, 0x54, - 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x45, 0x54, - 0x57, 0x4f, 0x52, 0x4b -}; -static const CSSM_DATA Class4_PCA_G2_v2_subject = { 196, (uint8 *)Class4_PCA_G2_v2_subject_bytes }; -static const uint8 Class4_PCA_G2_v2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xba, - 0xf0, 0xe4, 0xcf, 0xf9, 0xc4, 0xae, 0x85, 0x54, - 0xb9, 0x07, 0x57, 0xf9, 0x8f, 0xc5, 0x7f, 0x68, - 0x11, 0xf8, 0xc4, 0x17, 0xb0, 0x44, 0xdc, 0xe3, - 0x30, 0x73, 0xd5, 0x2a, 0x62, 0x2a, 0xb8, 0xd0, - 0xcc, 0x1c, 0xed, 0x28, 0x5b, 0x7e, 0xbd, 0x6a, - 0xdc, 0xb3, 0x91, 0x24, 0xca, 0x41, 0x62, 0x3c, - 0xfc, 0x02, 0x01, 0xbf, 0x1c, 0x16, 0x31, 0x94, - 0x05, 0x97, 0x76, 0x6e, 0xa2, 0xad, 0xbd, 0x61, - 0x17, 0x6c, 0x4e, 0x30, 0x86, 0xf0, 0x51, 0x37, - 0x2a, 0x50, 0xc7, 0xa8, 0x62, 0x81, 0xdc, 0x5b, - 0x4a, 0xaa, 0xc1, 0xa0, 0xb4, 0x6e, 0xeb, 0x2f, - 0xe5, 0x57, 0xc5, 0xb1, 0x2b, 0x40, 0x70, 0xdb, - 0x5a, 0x4d, 0xa1, 0x8e, 0x1f, 0xbd, 0x03, 0x1f, - 0xd8, 0x03, 0xd4, 0x8f, 0x4c, 0x99, 0x71, 0xbc, - 0xe2, 0x82, 0xcc, 0x58, 0xe8, 0x98, 0x3a, 0x86, - 0xd3, 0x86, 0x38, 0xf3, 0x00, 0x29, 0x1f, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA Class4_PCA_G2_v2_pubKey = { 140, (uint8 *)Class4_PCA_G2_v2_pubKey_bytes }; - - -/*********************** -Cert File Name: PCA1ss_v4.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 1 Public Primary Certification Authority - ***********************/ -static const uint8 PCA1ss_v4_subject_bytes[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, 0x49, - 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, 0x2e, - 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2e, 0x43, 0x4c, 0x41, 0x53, 0x53, - 0x20, 0x31, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, - 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, 0x52, - 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, - 0x59 -}; -static const CSSM_DATA PCA1ss_v4_subject = { 97, (uint8 *)PCA1ss_v4_subject_bytes }; -static const uint8 PCA1ss_v4_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, - 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, - 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, - 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, - 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, - 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, - 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, - 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, - 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, - 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, - 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, - 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, - 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, - 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, - 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, - 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, - 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA PCA1ss_v4_pubKey = { 140, (uint8 *)PCA1ss_v4_pubKey_bytes }; - - -/*********************** -Cert File Name: PCA2ss_v4.cer -Subject Name : - Country : US - Org : VeriSign, Inc. - OrgUnit : Class 2 Public Primary Certification Authority - ***********************/ -static const uint8 PCA2ss_v4_subject_bytes[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0e, 0x56, 0x45, 0x52, 0x49, 0x53, 0x49, - 0x47, 0x4e, 0x2c, 0x20, 0x49, 0x4e, 0x43, 0x2e, - 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2e, 0x43, 0x4c, 0x41, 0x53, 0x53, - 0x20, 0x32, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, - 0x43, 0x20, 0x50, 0x52, 0x49, 0x4d, 0x41, 0x52, - 0x59, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, - 0x59 -}; -static const CSSM_DATA PCA2ss_v4_subject = { 97, (uint8 *)PCA2ss_v4_subject_bytes }; -static const uint8 PCA2ss_v4_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb6, - 0x5a, 0x8b, 0xa3, 0x0d, 0x6a, 0x23, 0x83, 0x80, - 0x6b, 0xcf, 0x39, 0x87, 0xf4, 0x21, 0x13, 0x33, - 0x06, 0x4c, 0x25, 0xa2, 0xed, 0x55, 0x12, 0x97, - 0xc5, 0xa7, 0x80, 0xb9, 0xfa, 0x83, 0xc1, 0x20, - 0xa0, 0xfa, 0x2f, 0x15, 0x0d, 0x7c, 0xa1, 0x60, - 0x6b, 0x7e, 0x79, 0x2c, 0xfa, 0x06, 0x0f, 0x3a, - 0xae, 0xf6, 0x1b, 0x6f, 0xb1, 0xd2, 0xff, 0x2f, - 0x28, 0x52, 0x5f, 0x83, 0x7d, 0x4b, 0xc4, 0x7a, - 0xb7, 0xf8, 0x66, 0x1f, 0x80, 0x54, 0xfc, 0xb7, - 0xc2, 0x8e, 0x59, 0x4a, 0x14, 0x57, 0x46, 0xd1, - 0x9a, 0x93, 0xbe, 0x41, 0x91, 0x03, 0xbb, 0x15, - 0x80, 0x93, 0x5c, 0xeb, 0xe7, 0xcc, 0x08, 0x6c, - 0x3f, 0x3e, 0xb3, 0x4a, 0xfc, 0xff, 0x4b, 0x6c, - 0x23, 0xd5, 0x50, 0x82, 0x26, 0x44, 0x19, 0x8e, - 0x23, 0xc3, 0x71, 0xea, 0x19, 0x24, 0x47, 0x04, - 0x9e, 0x75, 0xbf, 0xc8, 0xa6, 0x00, 0x1f, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA PCA2ss_v4_pubKey = { 140, (uint8 *)PCA2ss_v4_pubKey_bytes }; - -/*********************** -Cert File Name: RSASecureServer.cer -Subject Name : - Country : US - Org : RSA Data Security, Inc. - OrgUnit : Secure Server Certification Authority - ***********************/ -static const uint8 RSASecureServer_subject_bytes[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x17, 0x52, 0x53, 0x41, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, - 0x49, 0x54, 0x59, 0x2c, 0x20, 0x49, 0x4e, 0x43, - 0x2e, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x25, 0x53, 0x45, 0x43, 0x55, - 0x52, 0x45, 0x20, 0x53, 0x45, 0x52, 0x56, 0x45, - 0x52, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, - 0x59 -}; -static const CSSM_DATA RSASecureServer_subject = { 97, (uint8 *)RSASecureServer_subject_bytes }; -static const uint8 RSASecureServer_pubKey_bytes[] = { - 0x30, 0x81, 0x85, 0x02, 0x7e, 0x00, 0x92, 0xce, - 0x7a, 0xc1, 0xae, 0x83, 0x3e, 0x5a, 0xaa, 0x89, - 0x83, 0x57, 0xac, 0x25, 0x01, 0x76, 0x0c, 0xad, - 0xae, 0x8e, 0x2c, 0x37, 0xce, 0xeb, 0x35, 0x78, - 0x64, 0x54, 0x03, 0xe5, 0x84, 0x40, 0x51, 0xc9, - 0xbf, 0x8f, 0x08, 0xe2, 0x8a, 0x82, 0x08, 0xd2, - 0x16, 0x86, 0x37, 0x55, 0xe9, 0xb1, 0x21, 0x02, - 0xad, 0x76, 0x68, 0x81, 0x9a, 0x05, 0xa2, 0x4b, - 0xc9, 0x4b, 0x25, 0x66, 0x22, 0x56, 0x6c, 0x88, - 0x07, 0x8f, 0xf7, 0x81, 0x59, 0x6d, 0x84, 0x07, - 0x65, 0x70, 0x13, 0x71, 0x76, 0x3e, 0x9b, 0x77, - 0x4c, 0xe3, 0x50, 0x89, 0x56, 0x98, 0x48, 0xb9, - 0x1d, 0xa7, 0x29, 0x1a, 0x13, 0x2e, 0x4a, 0x11, - 0x59, 0x9c, 0x1e, 0x15, 0xd5, 0x49, 0x54, 0x2c, - 0x73, 0x3a, 0x69, 0x82, 0xb1, 0x97, 0x39, 0x9c, - 0x6d, 0x70, 0x67, 0x48, 0xe5, 0xdd, 0x2d, 0xd6, - 0xc8, 0x1e, 0x7b, 0x02, 0x03, 0x01, 0x00, 0x01 - -}; -static const CSSM_DATA RSASecureServer_pubKey = { 136, (uint8 *)RSASecureServer_pubKey_bytes }; - - -/*********************** -Cert File Name: persbasi.crt -Subject Name : - Country : ZA - State : Western Cape - Locality : Cape Town - Org : Thawte Consulting - OrgUnit : Certification Services Division - Common Name : Thawte Personal Basic CA - Email addrs : personal-basic@thawte.com - ***********************/ -static const uint8 persbasi_subject_bytes[] = { - 0x30, 0x81, 0xcb, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, 0x41, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x0c, 0x57, 0x45, 0x53, 0x54, 0x45, - 0x52, 0x4e, 0x20, 0x43, 0x41, 0x50, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x09, 0x43, 0x41, 0x50, 0x45, 0x20, 0x54, - 0x4f, 0x57, 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x54, 0x48, - 0x41, 0x57, 0x54, 0x45, 0x20, 0x43, 0x4f, 0x4e, - 0x53, 0x55, 0x4c, 0x54, 0x49, 0x4e, 0x47, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x53, - 0x20, 0x44, 0x49, 0x56, 0x49, 0x53, 0x49, 0x4f, - 0x4e, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x18, 0x54, 0x48, 0x41, 0x57, - 0x54, 0x45, 0x20, 0x50, 0x45, 0x52, 0x53, 0x4f, - 0x4e, 0x41, 0x4c, 0x20, 0x42, 0x41, 0x53, 0x49, - 0x43, 0x20, 0x43, 0x41, 0x31, 0x28, 0x30, 0x26, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x19, 0x70, 0x65, 0x72, - 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x2d, 0x62, 0x61, - 0x73, 0x69, 0x63, 0x40, 0x74, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d -}; -static const CSSM_DATA persbasi_subject = { 206, (uint8 *)persbasi_subject_bytes }; -static const uint8 persbasi_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xbc, - 0xbc, 0x93, 0x53, 0x6d, 0xc0, 0x50, 0x4f, 0x82, - 0x15, 0xe6, 0x48, 0x94, 0x35, 0xa6, 0x5a, 0xbe, - 0x6f, 0x42, 0xfa, 0x0f, 0x47, 0xee, 0x77, 0x75, - 0x72, 0xdd, 0x8d, 0x49, 0x9b, 0x96, 0x57, 0xa0, - 0x78, 0xd4, 0xca, 0x3f, 0x51, 0xb3, 0x69, 0x0b, - 0x91, 0x76, 0x17, 0x22, 0x07, 0x97, 0x6a, 0xc4, - 0x51, 0x93, 0x4b, 0xe0, 0x8d, 0xef, 0x37, 0x95, - 0xa1, 0x0c, 0x4d, 0xda, 0x34, 0x90, 0x1d, 0x17, - 0x89, 0x97, 0xe0, 0x35, 0x38, 0x57, 0x4a, 0xc0, - 0xf4, 0x08, 0x70, 0xe9, 0x3c, 0x44, 0x7b, 0x50, - 0x7e, 0x61, 0x9a, 0x90, 0xe3, 0x23, 0xd3, 0x88, - 0x11, 0x46, 0x27, 0xf5, 0x0b, 0x07, 0x0e, 0xbb, - 0xdd, 0xd1, 0x7f, 0x20, 0x0a, 0x88, 0xb9, 0x56, - 0x0b, 0x2e, 0x1c, 0x80, 0xda, 0xf1, 0xe3, 0x9e, - 0x29, 0xef, 0x14, 0xbd, 0x0a, 0x44, 0xfb, 0x1b, - 0x5b, 0x18, 0xd1, 0xbf, 0x23, 0x93, 0x21, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA persbasi_pubKey = { 140, (uint8 *)persbasi_pubKey_bytes }; - - -/*********************** -Cert File Name: persfree.crt -Subject Name : - Country : ZA - State : Western Cape - Locality : Cape Town - Org : Thawte Consulting - OrgUnit : Certification Services Division - Common Name : Thawte Personal Freemail CA - Email addrs : personal-freemail@thawte.com - ***********************/ -static const uint8 persfree_subject_bytes[] = { - 0x30, 0x81, 0xd1, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, 0x41, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x0c, 0x57, 0x45, 0x53, 0x54, 0x45, - 0x52, 0x4e, 0x20, 0x43, 0x41, 0x50, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x09, 0x43, 0x41, 0x50, 0x45, 0x20, 0x54, - 0x4f, 0x57, 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x54, 0x48, - 0x41, 0x57, 0x54, 0x45, 0x20, 0x43, 0x4f, 0x4e, - 0x53, 0x55, 0x4c, 0x54, 0x49, 0x4e, 0x47, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x53, - 0x20, 0x44, 0x49, 0x56, 0x49, 0x53, 0x49, 0x4f, - 0x4e, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x54, 0x48, 0x41, 0x57, - 0x54, 0x45, 0x20, 0x50, 0x45, 0x52, 0x53, 0x4f, - 0x4e, 0x41, 0x4c, 0x20, 0x46, 0x52, 0x45, 0x45, - 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x43, 0x41, 0x31, - 0x2b, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1c, - 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, - 0x2d, 0x66, 0x72, 0x65, 0x65, 0x6d, 0x61, 0x69, - 0x6c, 0x40, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d -}; -static const CSSM_DATA persfree_subject = { 212, (uint8 *)persfree_subject_bytes }; -static const uint8 persfree_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xd4, - 0x69, 0xd7, 0xd4, 0xb0, 0x94, 0x64, 0x5b, 0x71, - 0xe9, 0x47, 0xd8, 0x0c, 0x51, 0xb6, 0xea, 0x72, - 0x91, 0xb0, 0x84, 0x5e, 0x7d, 0x2d, 0x0d, 0x8f, - 0x7b, 0x12, 0xdf, 0x85, 0x25, 0x75, 0x28, 0x74, - 0x3a, 0x42, 0x2c, 0x63, 0x27, 0x9f, 0x95, 0x7b, - 0x4b, 0xef, 0x7e, 0x19, 0x87, 0x1d, 0x86, 0xea, - 0xa3, 0xdd, 0xb9, 0xce, 0x96, 0x64, 0x1a, 0xc2, - 0x14, 0x6e, 0x44, 0xac, 0x7c, 0xe6, 0x8f, 0xe8, - 0x4d, 0x0f, 0x71, 0x1f, 0x40, 0x38, 0xa6, 0x00, - 0xa3, 0x87, 0x78, 0xf6, 0xf9, 0x94, 0x86, 0x5e, - 0xad, 0xea, 0xc0, 0x5e, 0x76, 0xeb, 0xd9, 0x14, - 0xa3, 0x5d, 0x6e, 0x7a, 0x7c, 0x0c, 0xa5, 0x4b, - 0x55, 0x7f, 0x06, 0x19, 0x29, 0x7f, 0x9e, 0x9a, - 0x26, 0xd5, 0x6a, 0xbb, 0x38, 0x24, 0x08, 0x6a, - 0x98, 0xc7, 0xb1, 0xda, 0xa3, 0x98, 0x91, 0xfd, - 0x79, 0xdb, 0xe5, 0x5a, 0xc4, 0x1c, 0xb9, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA persfree_pubKey = { 140, (uint8 *)persfree_pubKey_bytes }; - - -/*********************** -Cert File Name: persprem.crt -Subject Name : - Country : ZA - State : Western Cape - Locality : Cape Town - Org : Thawte Consulting - OrgUnit : Certification Services Division - Common Name : Thawte Personal Premium CA - Email addrs : personal-premium@thawte.com - ***********************/ -static const uint8 persprem_subject_bytes[] = { - 0x30, 0x81, 0xcf, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, 0x41, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x0c, 0x57, 0x45, 0x53, 0x54, 0x45, - 0x52, 0x4e, 0x20, 0x43, 0x41, 0x50, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x09, 0x43, 0x41, 0x50, 0x45, 0x20, 0x54, - 0x4f, 0x57, 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x54, 0x48, - 0x41, 0x57, 0x54, 0x45, 0x20, 0x43, 0x4f, 0x4e, - 0x53, 0x55, 0x4c, 0x54, 0x49, 0x4e, 0x47, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x20, - 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x53, - 0x20, 0x44, 0x49, 0x56, 0x49, 0x53, 0x49, 0x4f, - 0x4e, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1a, 0x54, 0x48, 0x41, 0x57, - 0x54, 0x45, 0x20, 0x50, 0x45, 0x52, 0x53, 0x4f, - 0x4e, 0x41, 0x4c, 0x20, 0x50, 0x52, 0x45, 0x4d, - 0x49, 0x55, 0x4d, 0x20, 0x43, 0x41, 0x31, 0x2a, - 0x30, 0x28, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1b, 0x70, - 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x2d, - 0x70, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x40, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, - 0x6f, 0x6d -}; -static const CSSM_DATA persprem_subject = { 210, (uint8 *)persprem_subject_bytes }; -static const uint8 persprem_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, - 0x66, 0xd9, 0xf8, 0x07, 0x44, 0xcf, 0xb9, 0x8c, - 0x2e, 0xf0, 0xa1, 0xef, 0x13, 0x45, 0x6c, 0x05, - 0xdf, 0xde, 0x27, 0x16, 0x51, 0x36, 0x41, 0x11, - 0x6c, 0x6c, 0x3b, 0xed, 0xfe, 0x10, 0x7d, 0x12, - 0x9e, 0xe5, 0x9b, 0x42, 0x9a, 0xfe, 0x60, 0x31, - 0xc3, 0x66, 0xb7, 0x73, 0x3a, 0x48, 0xae, 0x4e, - 0xd0, 0x32, 0x37, 0x94, 0x88, 0xb5, 0x0d, 0xb6, - 0xd9, 0xf3, 0xf2, 0x44, 0xd9, 0xd5, 0x88, 0x12, - 0xdd, 0x76, 0x4d, 0xf2, 0x1a, 0xfc, 0x6f, 0x23, - 0x1e, 0x7a, 0xf1, 0xd8, 0x98, 0x45, 0x4e, 0x07, - 0x10, 0xef, 0x16, 0x42, 0xd0, 0x43, 0x75, 0x6d, - 0x4a, 0xde, 0xe2, 0xaa, 0xc9, 0x31, 0xff, 0x1f, - 0x00, 0x70, 0x7c, 0x66, 0xcf, 0x10, 0x25, 0x08, - 0xba, 0xfa, 0xee, 0x00, 0xe9, 0x46, 0x03, 0x66, - 0x27, 0x11, 0x15, 0x3b, 0xaa, 0x5b, 0xf2, 0x98, - 0xdd, 0x36, 0x42, 0xb2, 0xda, 0x88, 0x75, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA persprem_pubKey = { 140, (uint8 *)persprem_pubKey_bytes }; - -/*********************** -Cert File Name: GTECyberTrustGlobalRoot.crt -Subject Name : - Country : US - Org : GTE Corporation - OrgUnit : GTE CyberTrust Solutions, Inc. - Common Name : GTE CyberTrust Global Root - ***********************/ -static const uint8 GTECyberTrustGlobalRoot_subject_bytes[] = { - 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x53, 0x4f, 0x4c, 0x55, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20, 0x49, 0x4e, - 0x43, 0x2e, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x20, 0x47, 0x4c, 0x4f, 0x42, - 0x41, 0x4c, 0x20, 0x52, 0x4f, 0x4f, 0x54 -}; -static const CSSM_DATA GTECyberTrustGlobalRoot_subject = { 119, (uint8 *)GTECyberTrustGlobalRoot_subject_bytes }; -static const uint8 GTECyberTrustGlobalRoot_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0x95, - 0x0f, 0xa0, 0xb6, 0xf0, 0x50, 0x9c, 0xe8, 0x7a, - 0xc7, 0x88, 0xcd, 0xdd, 0x17, 0x0e, 0x2e, 0xb0, - 0x94, 0xd0, 0x1b, 0x3d, 0x0e, 0xf6, 0x94, 0xc0, - 0x8a, 0x94, 0xc7, 0x06, 0xc8, 0x90, 0x97, 0xc8, - 0xb8, 0x64, 0x1a, 0x7a, 0x7e, 0x6c, 0x3c, 0x53, - 0xe1, 0x37, 0x28, 0x73, 0x60, 0x7f, 0xb2, 0x97, - 0x53, 0x07, 0x9f, 0x53, 0xf9, 0x6d, 0x58, 0x94, - 0xd2, 0xaf, 0x8d, 0x6d, 0x88, 0x67, 0x80, 0xe6, - 0xed, 0xb2, 0x95, 0xcf, 0x72, 0x31, 0xca, 0xa5, - 0x1c, 0x72, 0xba, 0x5c, 0x02, 0xe7, 0x64, 0x42, - 0xe7, 0xf9, 0xa9, 0x2c, 0xd6, 0x3a, 0x0d, 0xac, - 0x8d, 0x42, 0xaa, 0x24, 0x01, 0x39, 0xe6, 0x9c, - 0x3f, 0x01, 0x85, 0x57, 0x0d, 0x58, 0x87, 0x45, - 0xf8, 0xd3, 0x85, 0xaa, 0x93, 0x69, 0x26, 0x85, - 0x70, 0x48, 0x80, 0x3f, 0x12, 0x15, 0xc7, 0x79, - 0xb4, 0x1f, 0x05, 0x2f, 0x3b, 0x62, 0x99, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustGlobalRoot_pubKey = { 140, (uint8 *)GTECyberTrustGlobalRoot_pubKey_bytes }; - - -/*********************** -Cert File Name: GTECyberTrustRoot.crt -Subject Name : - Country : US - Org : GTE Corporation - Common Name : GTE CyberTrust Root - ***********************/ -static const uint8 GTECyberTrustRoot_subject_bytes[] = { - 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x13, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54 -}; -static const CSSM_DATA GTECyberTrustRoot_subject = { 71, (uint8 *)GTECyberTrustRoot_subject_bytes }; -static const uint8 GTECyberTrustRoot_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb8, - 0xe6, 0x4f, 0xba, 0xdb, 0x98, 0x7c, 0x71, 0x7c, - 0xaf, 0x44, 0xb7, 0xd3, 0x0f, 0x46, 0xd9, 0x64, - 0xe5, 0x93, 0xc1, 0x42, 0x8e, 0xc7, 0xba, 0x49, - 0x8d, 0x35, 0x2d, 0x7a, 0xe7, 0x8b, 0xbd, 0xe5, - 0x05, 0x31, 0x59, 0xc6, 0xb1, 0x2f, 0x0a, 0x0c, - 0xfb, 0x9f, 0xa7, 0x3f, 0xa2, 0x09, 0x66, 0x84, - 0x56, 0x1e, 0x37, 0x29, 0x1b, 0x87, 0xe9, 0x7e, - 0x0c, 0xca, 0x9a, 0x9f, 0xa5, 0x7f, 0xf5, 0x15, - 0x94, 0xa3, 0xd5, 0xa2, 0x46, 0x82, 0xd8, 0x68, - 0x4c, 0xd1, 0x37, 0x15, 0x06, 0x68, 0xaf, 0xbd, - 0xf8, 0xb0, 0xb3, 0xf0, 0x29, 0xf5, 0x95, 0x5a, - 0x09, 0x16, 0x61, 0x77, 0x0a, 0x22, 0x25, 0xd4, - 0x4f, 0x45, 0xaa, 0xc7, 0xbd, 0xe5, 0x96, 0xdf, - 0xf9, 0xd4, 0xa8, 0x8e, 0x42, 0xcc, 0x24, 0xc0, - 0x1e, 0x91, 0x27, 0x4a, 0xb5, 0x6d, 0x06, 0x80, - 0x63, 0x39, 0xc4, 0xa2, 0x5e, 0x38, 0x03, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustRoot_pubKey = { 140, (uint8 *)GTECyberTrustRoot_pubKey_bytes }; - - -/*********************** -Cert File Name: GTECyberTrustRoot2.crt -Subject Name : - Country : US - Org : GTE Corporation - OrgUnit : GTE CyberTrust Solutions, Inc. - Common Name : GTE CyberTrust Root 2 - ***********************/ -static const uint8 GTECyberTrustRoot2_subject_bytes[] = { - 0x30, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x53, 0x4f, 0x4c, 0x55, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20, 0x49, 0x4e, - 0x43, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, - 0x20, 0x32 -}; -static const CSSM_DATA GTECyberTrustRoot2_subject = { 114, (uint8 *)GTECyberTrustRoot2_subject_bytes }; -static const uint8 GTECyberTrustRoot2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xd9, - 0x2c, 0x4c, 0x4e, 0x2f, 0x69, 0x1a, 0x23, 0xe3, - 0x56, 0xba, 0xf3, 0xce, 0x84, 0xc0, 0x09, 0xc0, - 0x79, 0xf1, 0x44, 0x5f, 0x33, 0x1f, 0x15, 0x91, - 0x7f, 0x8a, 0x88, 0x28, 0xb8, 0x24, 0x45, 0xcc, - 0x8f, 0x18, 0xcd, 0x1f, 0x74, 0xd1, 0xb5, 0x8f, - 0x71, 0x4c, 0xd6, 0x31, 0xf6, 0x73, 0x96, 0x84, - 0x94, 0x40, 0xc5, 0xa9, 0x83, 0x60, 0x24, 0x7d, - 0xaf, 0x6f, 0x34, 0xb7, 0x4b, 0x4c, 0xc2, 0x09, - 0x80, 0x3b, 0x45, 0x04, 0x9e, 0xc4, 0x3c, 0xc4, - 0x27, 0x75, 0x7b, 0x00, 0x0c, 0xa1, 0x64, 0x47, - 0xb5, 0x14, 0x5d, 0x82, 0x4b, 0x51, 0x3a, 0x58, - 0xbb, 0x44, 0x4c, 0x3d, 0xd3, 0xe5, 0x06, 0x38, - 0xe8, 0x61, 0x5c, 0x98, 0x78, 0xbb, 0x80, 0xb3, - 0x9c, 0xda, 0x72, 0x82, 0x62, 0xa0, 0xdf, 0x9c, - 0x5f, 0xeb, 0xf9, 0x4f, 0x77, 0xc2, 0xcc, 0x60, - 0x18, 0x00, 0x6b, 0x34, 0x82, 0x25, 0xb3, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustRoot2_pubKey = { 140, (uint8 *)GTECyberTrustRoot2_pubKey_bytes }; - - -/*********************** -Cert File Name: GTECyberTrustRoot3.crt -Subject Name : - Country : US - Org : GTE Corporation - OrgUnit : GTE CyberTrust Solutions, Inc. - Common Name : GTE CyberTrust Root 3 - ***********************/ -static const uint8 GTECyberTrustRoot3_subject_bytes[] = { - 0x30, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x53, 0x4f, 0x4c, 0x55, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20, 0x49, 0x4e, - 0x43, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, - 0x20, 0x33 -}; -static const CSSM_DATA GTECyberTrustRoot3_subject = { 114, (uint8 *)GTECyberTrustRoot3_subject_bytes }; -static const uint8 GTECyberTrustRoot3_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe1, - 0xf3, 0xb1, 0x2b, 0x0b, 0xce, 0xdc, 0x14, 0xd9, - 0x34, 0x97, 0x62, 0x50, 0x12, 0x56, 0x63, 0x84, - 0x4c, 0x53, 0xfa, 0xc0, 0x85, 0xcf, 0xfa, 0xc1, - 0xdd, 0x0f, 0xde, 0x79, 0x13, 0x7f, 0x53, 0xfb, - 0xaa, 0x0e, 0x60, 0xdd, 0xe2, 0x62, 0xbf, 0xc6, - 0xee, 0x4e, 0x99, 0x34, 0xaa, 0x68, 0x43, 0x35, - 0x99, 0xf8, 0xa3, 0xfd, 0xf3, 0x63, 0xbd, 0x01, - 0x54, 0x6a, 0x9e, 0xb2, 0x3a, 0x96, 0x2c, 0x7b, - 0x78, 0x28, 0xc6, 0x5a, 0xb5, 0x8d, 0x1a, 0x15, - 0x18, 0xfd, 0xe3, 0x8c, 0x2e, 0xa2, 0x50, 0x09, - 0x5b, 0x71, 0xd6, 0x0d, 0xb5, 0x18, 0x1f, 0x19, - 0x8e, 0x04, 0x29, 0x93, 0x93, 0x78, 0xab, 0x5f, - 0x14, 0xe7, 0x73, 0x42, 0xf2, 0x03, 0x0c, 0x57, - 0xa2, 0x1b, 0x50, 0x3b, 0x0b, 0xbb, 0x59, 0xe0, - 0xa0, 0x3a, 0x03, 0xee, 0x27, 0x1b, 0x5a, 0x4c, - 0xb9, 0xb0, 0x08, 0xca, 0xb9, 0x1a, 0x89, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustRoot3_pubKey = { 140, (uint8 *)GTECyberTrustRoot3_pubKey_bytes }; - - -/*********************** -Cert File Name: GTECyberTrustRoot4.crt -Subject Name : - Country : US - Org : GTE Corporation - OrgUnit : GTE CyberTrust Solutions, Inc. - Common Name : GTE CyberTrust Root 4 - ***********************/ -static const uint8 GTECyberTrustRoot4_subject_bytes[] = { - 0x30, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x53, 0x4f, 0x4c, 0x55, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20, 0x49, 0x4e, - 0x43, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, - 0x20, 0x34 -}; -static const CSSM_DATA GTECyberTrustRoot4_subject = { 114, (uint8 *)GTECyberTrustRoot4_subject_bytes }; -static const uint8 GTECyberTrustRoot4_pubKey_bytes[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xba, 0x9d, 0x22, 0x6e, 0x7f, 0xda, 0x66, - 0x3c, 0x39, 0x42, 0xb1, 0xa3, 0x2a, 0x6f, 0xd3, - 0xf7, 0xbc, 0xae, 0xac, 0x31, 0x5a, 0xd7, 0x11, - 0x90, 0x47, 0xb9, 0x9d, 0x19, 0x2e, 0xf9, 0xf3, - 0x1b, 0x22, 0xa0, 0xc3, 0xe1, 0xa7, 0xba, 0xc4, - 0xfc, 0x5e, 0x0a, 0x94, 0x4b, 0x98, 0x5a, 0x4b, - 0x26, 0xe4, 0x1f, 0xf4, 0xdc, 0xf3, 0xfe, 0x8e, - 0x88, 0xdc, 0x6c, 0x2d, 0x7c, 0x77, 0x87, 0x26, - 0x50, 0xc0, 0x5e, 0x4e, 0xa8, 0x28, 0xa1, 0xea, - 0x17, 0x69, 0x4f, 0x4d, 0xc6, 0x01, 0x0e, 0xda, - 0x9a, 0x0d, 0x06, 0x56, 0x26, 0x15, 0xb6, 0xa4, - 0x5d, 0x7a, 0x35, 0xaf, 0x8d, 0xed, 0x78, 0x52, - 0x86, 0xf9, 0x38, 0xab, 0xb3, 0x01, 0xd3, 0xda, - 0x05, 0x96, 0xb1, 0xb6, 0x50, 0xab, 0xc0, 0xa1, - 0xae, 0x17, 0x53, 0xfa, 0x43, 0x39, 0x20, 0x71, - 0x65, 0x23, 0xdb, 0x6d, 0xc4, 0xb6, 0xed, 0x98, - 0x45, 0x83, 0xd7, 0xd2, 0xf6, 0xe2, 0xa9, 0x6b, - 0xfb, 0xf9, 0x75, 0xcc, 0xef, 0xc5, 0xab, 0x71, - 0x96, 0x35, 0xe8, 0xdf, 0x8e, 0x91, 0x9b, 0xa8, - 0x10, 0x75, 0x1f, 0xb7, 0xce, 0x13, 0x8e, 0x6b, - 0xb3, 0x96, 0x77, 0x97, 0x1a, 0x91, 0x2f, 0xc7, - 0x2c, 0x69, 0x99, 0xf0, 0x0f, 0x2a, 0x68, 0x00, - 0x98, 0x76, 0x44, 0x1b, 0x8c, 0x28, 0xd2, 0xeb, - 0x8e, 0xf4, 0x83, 0xb4, 0x7f, 0xa4, 0x25, 0x5e, - 0x6c, 0x3b, 0xd9, 0xc6, 0x68, 0xd5, 0x61, 0xb8, - 0xd4, 0x5e, 0x31, 0x07, 0xb5, 0x5b, 0x90, 0x35, - 0x52, 0x57, 0x7b, 0x17, 0x20, 0xed, 0x2d, 0xb8, - 0x1e, 0x8e, 0x88, 0x39, 0x3e, 0x52, 0xcb, 0xdf, - 0xf0, 0x5c, 0xb1, 0x65, 0xbb, 0xa5, 0x12, 0xb4, - 0x90, 0x63, 0xbf, 0x71, 0x9d, 0x32, 0xc1, 0xda, - 0xbf, 0x50, 0x4a, 0x95, 0xbe, 0x06, 0x3a, 0xc4, - 0x2b, 0xeb, 0xcd, 0x98, 0x76, 0x44, 0x4d, 0x0b, - 0xe5, 0x02, 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustRoot4_pubKey = { 270, (uint8 *)GTECyberTrustRoot4_pubKey_bytes }; - - -/*********************** -Cert File Name: GTECyberTrustRoot5.crt -Subject Name : - Country : US - Org : GTE Corporation - OrgUnit : GTE CyberTrust Solutions, Inc. - Common Name : GTE CyberTrust Root 5 - ***********************/ -static const uint8 GTECyberTrustRoot5_subject_bytes[] = { - 0x30, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x4f, - 0x52, 0x50, 0x4f, 0x52, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x53, 0x4f, 0x4c, 0x55, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20, 0x49, 0x4e, - 0x43, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x59, 0x42, 0x45, 0x52, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, - 0x20, 0x35 -}; -static const CSSM_DATA GTECyberTrustRoot5_subject = { 114, (uint8 *)GTECyberTrustRoot5_subject_bytes }; -static const uint8 GTECyberTrustRoot5_pubKey_bytes[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xbc, 0x12, 0x6e, 0x3f, 0x8a, 0x7c, 0x7a, - 0x97, 0x01, 0xec, 0x1e, 0xbb, 0x39, 0x5a, 0x02, - 0xf4, 0x78, 0x44, 0xa2, 0x48, 0x1b, 0x8e, 0x7b, - 0x49, 0x52, 0x7a, 0xb8, 0x7b, 0x47, 0xb3, 0xaf, - 0x94, 0x9b, 0x6f, 0xbb, 0x96, 0xfa, 0x2b, 0x6a, - 0x65, 0x5c, 0xb8, 0x1c, 0x94, 0x73, 0xbe, 0xbf, - 0x89, 0x0a, 0x22, 0x80, 0xee, 0x57, 0xfc, 0x8c, - 0x05, 0xbb, 0x70, 0x9f, 0x97, 0x39, 0x04, 0xda, - 0xa3, 0x87, 0x5c, 0xa8, 0xe5, 0xca, 0xaf, 0xc0, - 0x33, 0x9a, 0xd5, 0x37, 0x5c, 0x4b, 0xac, 0xe4, - 0x80, 0xd0, 0xa6, 0x23, 0x60, 0xfb, 0xfd, 0x72, - 0x2e, 0x94, 0x9d, 0xc7, 0xce, 0xc2, 0x04, 0x32, - 0xef, 0x78, 0x60, 0x5d, 0xed, 0xad, 0x87, 0x0f, - 0x45, 0x65, 0x1e, 0x3c, 0x9a, 0x0a, 0x9a, 0xbe, - 0x5d, 0x1d, 0x99, 0xec, 0xe7, 0xf2, 0xd1, 0xc6, - 0x7a, 0x17, 0xd9, 0xad, 0x9b, 0x54, 0x96, 0x7f, - 0xc4, 0x7c, 0x60, 0xbf, 0x85, 0xaa, 0x15, 0x35, - 0x1d, 0x40, 0xda, 0x11, 0xbc, 0xec, 0x54, 0x21, - 0x28, 0x2d, 0x23, 0xa1, 0xa8, 0xf0, 0xcf, 0x2d, - 0xcd, 0xdd, 0xfc, 0x7e, 0x0f, 0x5e, 0xe1, 0x65, - 0x07, 0x56, 0xcb, 0x07, 0xb4, 0xd2, 0x56, 0xe8, - 0x5e, 0x31, 0xcc, 0x18, 0x63, 0xc4, 0x86, 0xd2, - 0x2d, 0x85, 0xcf, 0x93, 0x92, 0xab, 0x6d, 0xfe, - 0x68, 0x39, 0xfb, 0xde, 0x73, 0xbd, 0x86, 0xf8, - 0xe4, 0x46, 0x7a, 0xea, 0x9f, 0x0c, 0xcb, 0xf4, - 0x19, 0xfe, 0x63, 0xbc, 0xd1, 0x2c, 0x7b, 0x88, - 0x33, 0x36, 0xf6, 0xe4, 0xe1, 0x9c, 0x0c, 0x53, - 0x81, 0x60, 0x1c, 0xda, 0x2e, 0xab, 0x96, 0xa9, - 0x16, 0x88, 0x13, 0x50, 0x99, 0xb2, 0xbd, 0x55, - 0xdf, 0x15, 0x30, 0x7e, 0xe8, 0xe5, 0x98, 0xfb, - 0x70, 0x7e, 0x6c, 0xb5, 0x07, 0xfc, 0xfc, 0x46, - 0xb7, 0xd0, 0xed, 0x37, 0x96, 0x7e, 0x32, 0xfe, - 0x21, 0x02, 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA GTECyberTrustRoot5_pubKey = { 270, (uint8 *)GTECyberTrustRoot5_pubKey_bytes }; - - -/*********************** -Cert File Name: BTCTRoot.uu.raw -Subject Name : - Country : IE - Org : Baltimore - OrgUnit : CyberTrust - Common Name : Baltimore CyberTrust Root - ***********************/ -static const uint8 BTCTRoot_subject_bytes[] = { - 0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x09, 0x42, 0x41, 0x4c, 0x54, 0x49, 0x4d, - 0x4f, 0x52, 0x45, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x59, - 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x19, 0x42, 0x41, 0x4c, 0x54, 0x49, - 0x4d, 0x4f, 0x52, 0x45, 0x20, 0x43, 0x59, 0x42, - 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, - 0x52, 0x4f, 0x4f, 0x54 -}; -static const CSSM_DATA BTCTRoot_subject = { 92, (uint8 *)BTCTRoot_subject_bytes }; -static const uint8 BTCTRoot_pubKey_bytes[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xa3, 0x04, 0xbb, 0x22, 0xab, 0x98, 0x3d, - 0x57, 0xe8, 0x26, 0x72, 0x9a, 0xb5, 0x79, 0xd4, - 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, - 0xe3, 0x5b, 0x8e, 0x2b, 0x29, 0x9a, 0x64, 0xdf, - 0xa1, 0x5d, 0xed, 0xb0, 0x09, 0x05, 0x6d, 0xdb, - 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, - 0x88, 0xda, 0x12, 0xeb, 0x38, 0xeb, 0x21, 0x9d, - 0xc0, 0x41, 0x2b, 0x01, 0x52, 0x7b, 0x88, 0x77, - 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, - 0x6a, 0x09, 0xe7, 0x73, 0xe8, 0x11, 0x40, 0xa7, - 0xd1, 0xcc, 0xca, 0x62, 0x8d, 0x2d, 0xe5, 0x8f, - 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, - 0xea, 0xf5, 0xab, 0x25, 0x87, 0x8a, 0x9a, 0x96, - 0x1c, 0xa9, 0x67, 0xb8, 0x3f, 0x0c, 0xd5, 0xf7, - 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, - 0x70, 0xf0, 0x8f, 0xc0, 0x12, 0xca, 0x06, 0xcb, - 0x9a, 0xe1, 0xd9, 0xca, 0x33, 0x7a, 0x77, 0xd6, - 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, - 0x13, 0xd2, 0xc0, 0xc2, 0xa4, 0xae, 0x5e, 0x60, - 0xfe, 0xb6, 0xa6, 0x05, 0xfc, 0xb4, 0xdd, 0x07, - 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, - 0xa5, 0x63, 0xe0, 0x90, 0x0c, 0x7d, 0x5d, 0xb2, - 0x06, 0x7a, 0xf3, 0x85, 0xea, 0xeb, 0xd4, 0x03, - 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, - 0x69, 0xbc, 0xf9, 0x39, 0x36, 0x72, 0x75, 0xcf, - 0x77, 0x52, 0x4d, 0xf3, 0xc9, 0x90, 0x2c, 0xb9, - 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, - 0x98, 0x21, 0x5c, 0x07, 0x99, 0x29, 0xbd, 0xc6, - 0x3a, 0xec, 0xe7, 0x6e, 0x86, 0x3a, 0x6b, 0x97, - 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, - 0x78, 0x8d, 0x76, 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, - 0x2a, 0x86, 0xa7, 0x4d, 0x90, 0xdc, 0x27, 0x1a, - 0x39, 0x02, 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA BTCTRoot_pubKey = { 270, (uint8 *)BTCTRoot_pubKey_bytes }; - -/*********************** -Cert File Name: BTCTcodert.uu.raw -Subject Name : - Country : IE - Org : Baltimore - OrgUnit : CyberTrust - Common Name : Baltimore CyberTrust Code Signing Root - ***********************/ -static const uint8 BTCTcodert_subject_bytes[] = { - 0x30, 0x67, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x09, 0x42, 0x41, 0x4c, 0x54, 0x49, 0x4d, - 0x4f, 0x52, 0x45, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x59, - 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x26, 0x42, 0x41, 0x4c, 0x54, 0x49, - 0x4d, 0x4f, 0x52, 0x45, 0x20, 0x43, 0x59, 0x42, - 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, - 0x43, 0x4f, 0x44, 0x45, 0x20, 0x53, 0x49, 0x47, - 0x4e, 0x49, 0x4e, 0x47, 0x20, 0x52, 0x4f, 0x4f, - 0x54 -}; -static const CSSM_DATA BTCTcodert_subject = { 105, (uint8 *)BTCTcodert_subject_bytes }; -static const uint8 BTCTcodert_pubKey_bytes[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xc8, 0x71, 0x9a, 0x18, 0x12, 0x8e, 0x7a, - 0xdb, 0xf9, 0x9a, 0xfc, 0x41, 0xaf, 0xd8, 0xf2, - 0xf4, 0x09, 0x8e, 0xad, 0x3f, 0xfe, 0x67, 0x37, - 0x3c, 0xda, 0xc9, 0x26, 0x50, 0xb1, 0xb1, 0x3e, - 0xcb, 0xe8, 0x4e, 0x73, 0x00, 0xf2, 0xb2, 0xdc, - 0xf3, 0xc5, 0x46, 0xfb, 0x09, 0xef, 0x18, 0x96, - 0xce, 0xa7, 0xe0, 0x9c, 0x84, 0x5d, 0x20, 0x0e, - 0x7a, 0xa0, 0xaa, 0x36, 0x8b, 0xfa, 0x28, 0xb6, - 0x78, 0x2e, 0xb3, 0xec, 0xe8, 0x47, 0xf3, 0x04, - 0xf0, 0x90, 0x23, 0xb4, 0xea, 0xaf, 0xe5, 0x53, - 0xb8, 0x05, 0xf7, 0x47, 0x5d, 0x2b, 0x86, 0xf1, - 0xa7, 0xa4, 0xc6, 0x3b, 0x35, 0xb6, 0xd2, 0x0d, - 0x52, 0x41, 0xd7, 0xf4, 0x92, 0x75, 0xe1, 0xa2, - 0x0a, 0x50, 0x56, 0x87, 0xbe, 0x97, 0x0b, 0x7b, - 0x33, 0x85, 0x10, 0xb9, 0x28, 0x18, 0xee, 0x33, - 0xea, 0x48, 0x11, 0xd7, 0x5b, 0x91, 0x47, 0x76, - 0x22, 0xd4, 0xee, 0xcf, 0x5d, 0xe7, 0xa8, 0x4e, - 0x1c, 0x9d, 0x96, 0x91, 0xdd, 0x9c, 0xbd, 0x74, - 0x09, 0xa8, 0x72, 0x61, 0xaa, 0xb0, 0x21, 0x3a, - 0xf1, 0x3d, 0x2c, 0x03, 0x56, 0x09, 0xd2, 0xc1, - 0xdc, 0xc3, 0xb5, 0xc7, 0x54, 0x37, 0xab, 0xe6, - 0x26, 0xa2, 0xb2, 0x46, 0x71, 0x73, 0xca, 0x11, - 0x88, 0xee, 0xbc, 0xe7, 0x64, 0xf7, 0xd0, 0x11, - 0x1a, 0x73, 0x40, 0x5a, 0xc8, 0x49, 0x2c, 0x0f, - 0xb7, 0xef, 0x90, 0x7f, 0x68, 0x80, 0x04, 0x38, - 0x0b, 0x1b, 0x0f, 0x3b, 0xd4, 0xf5, 0xa0, 0xb3, - 0xc2, 0x8e, 0xe1, 0x34, 0xb4, 0x80, 0x99, 0x6d, - 0x9e, 0x76, 0xd4, 0x92, 0x29, 0x40, 0xb1, 0x95, - 0xd2, 0x37, 0xa4, 0x67, 0x12, 0x7f, 0xe0, 0x62, - 0xbb, 0xae, 0x35, 0xc5, 0x99, 0x36, 0x82, 0x44, - 0xb8, 0xe6, 0x78, 0x18, 0x33, 0x61, 0x71, 0x93, - 0x5b, 0x2d, 0x8d, 0x9f, 0x78, 0x95, 0x82, 0xeb, - 0x6d, 0x02, 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA BTCTcodert_pubKey = { 270, (uint8 *)BTCTcodert_pubKey_bytes }; - - -/*********************** -Cert File Name: BTCTmort.uu.raw -Subject Name : - Country : IE - Org : Baltimore - OrgUnit : CyberTrust - Common Name : Baltimore CyberTrust Mobile Root - ***********************/ -static const uint8 BTCTmort_subject_bytes[] = { - 0x30, 0x61, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x09, 0x42, 0x41, 0x4c, 0x54, 0x49, 0x4d, - 0x4f, 0x52, 0x45, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x59, - 0x42, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x20, 0x42, 0x41, 0x4c, 0x54, 0x49, - 0x4d, 0x4f, 0x52, 0x45, 0x20, 0x43, 0x59, 0x42, - 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, - 0x4d, 0x4f, 0x42, 0x49, 0x4c, 0x45, 0x20, 0x52, - 0x4f, 0x4f, 0x54 -}; -static const CSSM_DATA BTCTmort_subject = { 99, (uint8 *)BTCTmort_subject_bytes }; -static const uint8 BTCTmort_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa3, - 0x6d, 0xb1, 0x38, 0x56, 0xac, 0xfc, 0xb5, 0x56, - 0x21, 0xde, 0xc0, 0x90, 0x5d, 0x26, 0x47, 0x82, - 0xc6, 0x7d, 0x8f, 0x1f, 0xa0, 0x85, 0x8f, 0x2f, - 0xbb, 0xd4, 0xe1, 0x1c, 0x1d, 0xf2, 0x24, 0x1f, - 0x28, 0xb0, 0x2f, 0xb9, 0xa4, 0xa5, 0x6f, 0xa2, - 0x22, 0x20, 0x64, 0xfe, 0x84, 0x47, 0x3c, 0x7e, - 0x2b, 0x6c, 0x69, 0x6a, 0xb8, 0xd4, 0xc0, 0x96, - 0x8e, 0x8c, 0x52, 0x0d, 0xcd, 0x6f, 0x41, 0xd4, - 0xbf, 0x04, 0xae, 0xa7, 0x81, 0x2f, 0x2d, 0x98, - 0x48, 0xd2, 0xc1, 0x94, 0xa3, 0xb5, 0x19, 0x5d, - 0x5d, 0x51, 0x64, 0xf4, 0x8e, 0x41, 0xb0, 0x9b, - 0xc0, 0x2d, 0x22, 0xa0, 0x5e, 0xc6, 0xd8, 0x5a, - 0x12, 0x63, 0xbc, 0x11, 0x4a, 0x5e, 0x26, 0x12, - 0x1d, 0xe2, 0x26, 0x05, 0xe6, 0x0f, 0x5f, 0x22, - 0x1f, 0x7a, 0x5f, 0x76, 0x94, 0xae, 0xcf, 0x5a, - 0x28, 0x0e, 0xab, 0x45, 0xda, 0x22, 0x31, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA BTCTmort_pubKey = { 140, (uint8 *)BTCTmort_pubKey_bytes }; - - -/*********************** -Cert File Name: TC_Class_0.cer -Subject Name : - Country : DE - State : Hamburg - Locality : Hamburg - Org : TC TrustCenter for Security in Data Networks GmbH - OrgUnit : TC TrustCenter Class 0 CA - Email addrs : certificate@trustcenter.de - ***********************/ -static const uint8 TC_Class_0_subject_bytes[] = { - 0x30, 0x81, 0xbc, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, 0x45, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x41, 0x4d, 0x42, 0x55, - 0x52, 0x47, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x07, 0x48, 0x41, 0x4d, - 0x42, 0x55, 0x52, 0x47, 0x31, 0x3a, 0x30, 0x38, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x31, 0x54, - 0x43, 0x20, 0x54, 0x52, 0x55, 0x53, 0x54, 0x43, - 0x45, 0x4e, 0x54, 0x45, 0x52, 0x20, 0x46, 0x4f, - 0x52, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x49, 0x4e, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x47, 0x4d, 0x42, 0x48, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x19, 0x54, 0x43, 0x20, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x43, 0x45, 0x4e, 0x54, 0x45, - 0x52, 0x20, 0x43, 0x4c, 0x41, 0x53, 0x53, 0x20, - 0x30, 0x20, 0x43, 0x41, 0x31, 0x29, 0x30, 0x27, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x1a, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x40, 0x74, 0x72, 0x75, 0x73, 0x74, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x64, 0x65 -}; -static const CSSM_DATA TC_Class_0_subject = { 191, (uint8 *)TC_Class_0_subject_bytes }; -static const uint8 TC_Class_0_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, - 0x7d, 0xe6, 0xbe, 0xbf, 0xd5, 0xf0, 0x2f, 0x6d, - 0x4e, 0x0e, 0xd1, 0xe0, 0x8d, 0x0b, 0x7f, 0x3b, - 0x54, 0xe8, 0x8a, 0xe2, 0xb0, 0x9f, 0x28, 0xc5, - 0x8a, 0xc6, 0xb9, 0xb3, 0x33, 0x27, 0xf5, 0x27, - 0xca, 0x1a, 0x4c, 0x54, 0x12, 0x6b, 0xb4, 0xb2, - 0x46, 0xb3, 0x1d, 0x4b, 0xb3, 0xf4, 0x21, 0x0b, - 0x4b, 0x02, 0x2e, 0xa1, 0xc2, 0x34, 0x9c, 0x85, - 0xa0, 0xc4, 0x78, 0x11, 0xdb, 0xdb, 0x6b, 0x27, - 0x2b, 0x09, 0x2a, 0x18, 0x4e, 0x40, 0xcc, 0x9f, - 0x71, 0x19, 0x67, 0x99, 0x74, 0xa2, 0x7c, 0x3f, - 0xc1, 0xd8, 0x8b, 0x23, 0xc8, 0x63, 0x3b, 0x8a, - 0x21, 0xab, 0x5c, 0xde, 0x1e, 0xf4, 0x8d, 0xdc, - 0xb4, 0x18, 0xc3, 0x05, 0x73, 0xf4, 0x6a, 0xb4, - 0xa1, 0xfa, 0x01, 0x08, 0x2b, 0x01, 0x0f, 0x6d, - 0x37, 0x5b, 0xaa, 0x38, 0x86, 0x67, 0x39, 0xd7, - 0xe5, 0x5f, 0xfa, 0xe4, 0x7e, 0xcc, 0xa3, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA TC_Class_0_pubKey = { 140, (uint8 *)TC_Class_0_pubKey_bytes }; - - -/*********************** -Cert File Name: TC_Class_1.cer -Subject Name : - Country : DE - State : Hamburg - Locality : Hamburg - Org : TC TrustCenter for Security in Data Networks GmbH - OrgUnit : TC TrustCenter Class 1 CA - Email addrs : certificate@trustcenter.de - ***********************/ -static const uint8 TC_Class_1_subject_bytes[] = { - 0x30, 0x81, 0xbc, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, 0x45, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x41, 0x4d, 0x42, 0x55, - 0x52, 0x47, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x07, 0x48, 0x41, 0x4d, - 0x42, 0x55, 0x52, 0x47, 0x31, 0x3a, 0x30, 0x38, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x31, 0x54, - 0x43, 0x20, 0x54, 0x52, 0x55, 0x53, 0x54, 0x43, - 0x45, 0x4e, 0x54, 0x45, 0x52, 0x20, 0x46, 0x4f, - 0x52, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x49, 0x4e, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x47, 0x4d, 0x42, 0x48, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x19, 0x54, 0x43, 0x20, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x43, 0x45, 0x4e, 0x54, 0x45, - 0x52, 0x20, 0x43, 0x4c, 0x41, 0x53, 0x53, 0x20, - 0x31, 0x20, 0x43, 0x41, 0x31, 0x29, 0x30, 0x27, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x1a, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x40, 0x74, 0x72, 0x75, 0x73, 0x74, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x64, 0x65 -}; -static const CSSM_DATA TC_Class_1_subject = { 191, (uint8 *)TC_Class_1_subject_bytes }; -static const uint8 TC_Class_1_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb0, - 0x29, 0xeb, 0xb4, 0x76, 0xb3, 0xae, 0xd7, 0xb6, - 0x5b, 0xb4, 0x5e, 0xe7, 0xbd, 0xe3, 0xb1, 0x9c, - 0x49, 0x04, 0x57, 0x5b, 0xa1, 0xab, 0xd9, 0x7f, - 0x13, 0x1b, 0xfd, 0xba, 0x61, 0xab, 0xd8, 0xe7, - 0x71, 0xdf, 0x2d, 0x00, 0x94, 0x5d, 0x51, 0x48, - 0x7d, 0x23, 0xef, 0x75, 0x62, 0x84, 0x90, 0x3c, - 0x0a, 0x1f, 0x59, 0x11, 0x74, 0x2f, 0x8e, 0x80, - 0xa5, 0xfd, 0x30, 0x02, 0x3d, 0x29, 0x52, 0xcd, - 0x72, 0x1a, 0x49, 0x21, 0x9c, 0xbc, 0xcb, 0x52, - 0x8e, 0x48, 0xa1, 0x63, 0x96, 0xc8, 0x10, 0x85, - 0x30, 0x69, 0x57, 0x74, 0x45, 0xc0, 0x5a, 0x86, - 0xc6, 0xd5, 0x3d, 0xe0, 0x68, 0x57, 0x7d, 0x31, - 0x6a, 0x24, 0x8d, 0x45, 0x97, 0x3e, 0x31, 0x7e, - 0x68, 0x66, 0x32, 0x6e, 0x24, 0x6d, 0xec, 0x32, - 0x36, 0xc9, 0x41, 0xca, 0xf0, 0x31, 0x44, 0xc8, - 0xa3, 0x61, 0xca, 0x1b, 0xa0, 0x36, 0x1f, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA TC_Class_1_pubKey = { 140, (uint8 *)TC_Class_1_pubKey_bytes }; - - -/*********************** -Cert File Name: TC_Class_2.cer -Subject Name : - Country : DE - State : Hamburg - Locality : Hamburg - Org : TC TrustCenter for Security in Data Networks GmbH - OrgUnit : TC TrustCenter Class 2 CA - Email addrs : certificate@trustcenter.de - ***********************/ -static const uint8 TC_Class_2_subject_bytes[] = { - 0x30, 0x81, 0xbc, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, 0x45, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x41, 0x4d, 0x42, 0x55, - 0x52, 0x47, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x07, 0x48, 0x41, 0x4d, - 0x42, 0x55, 0x52, 0x47, 0x31, 0x3a, 0x30, 0x38, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x31, 0x54, - 0x43, 0x20, 0x54, 0x52, 0x55, 0x53, 0x54, 0x43, - 0x45, 0x4e, 0x54, 0x45, 0x52, 0x20, 0x46, 0x4f, - 0x52, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x49, 0x4e, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x47, 0x4d, 0x42, 0x48, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x19, 0x54, 0x43, 0x20, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x43, 0x45, 0x4e, 0x54, 0x45, - 0x52, 0x20, 0x43, 0x4c, 0x41, 0x53, 0x53, 0x20, - 0x32, 0x20, 0x43, 0x41, 0x31, 0x29, 0x30, 0x27, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x1a, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x40, 0x74, 0x72, 0x75, 0x73, 0x74, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x64, 0x65 -}; -static const CSSM_DATA TC_Class_2_subject = { 191, (uint8 *)TC_Class_2_subject_bytes }; -static const uint8 TC_Class_2_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xda, - 0x38, 0xe8, 0xed, 0x32, 0x00, 0x29, 0x71, 0x83, - 0x01, 0x0d, 0xbf, 0x8c, 0x01, 0xdc, 0xda, 0xc6, - 0xad, 0x39, 0xa4, 0xa9, 0x8a, 0x2f, 0xd5, 0x8b, - 0x5c, 0x68, 0x5f, 0x50, 0xc6, 0x62, 0xf5, 0x66, - 0xbd, 0xca, 0x91, 0x22, 0xec, 0xaa, 0x1d, 0x51, - 0xd7, 0x3d, 0xb3, 0x51, 0xb2, 0x83, 0x4e, 0x5d, - 0xcb, 0x49, 0xb0, 0xf0, 0x4c, 0x55, 0xe5, 0x6b, - 0x2d, 0xc7, 0x85, 0x0b, 0x30, 0x1c, 0x92, 0x4e, - 0x82, 0xd4, 0xca, 0x02, 0xed, 0xf7, 0x6f, 0xbe, - 0xdc, 0xe0, 0xe3, 0x14, 0xb8, 0x05, 0x53, 0xf2, - 0x9a, 0xf4, 0x56, 0x8b, 0x5a, 0x9e, 0x85, 0x93, - 0xd1, 0xb4, 0x82, 0x56, 0xae, 0x4d, 0xbb, 0xa8, - 0x4b, 0x57, 0x16, 0xbc, 0xfe, 0xf8, 0x58, 0x9e, - 0xf8, 0x29, 0x8d, 0xb0, 0x7b, 0xcd, 0x78, 0xc9, - 0x4f, 0xac, 0x8b, 0x67, 0x0c, 0xf1, 0x9c, 0xfb, - 0xfc, 0x57, 0x9b, 0x57, 0x5c, 0x4f, 0x0d, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA TC_Class_2_pubKey = { 140, (uint8 *)TC_Class_2_pubKey_bytes }; - - -/*********************** -Cert File Name: TC_Class_3.cer -Subject Name : - Country : DE - State : Hamburg - Locality : Hamburg - Org : TC TrustCenter for Security in Data Networks GmbH - OrgUnit : TC TrustCenter Class 3 CA - Email addrs : certificate@trustcenter.de - ***********************/ -static const uint8 TC_Class_3_subject_bytes[] = { - 0x30, 0x81, 0xbc, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, 0x45, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x41, 0x4d, 0x42, 0x55, - 0x52, 0x47, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x07, 0x48, 0x41, 0x4d, - 0x42, 0x55, 0x52, 0x47, 0x31, 0x3a, 0x30, 0x38, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x31, 0x54, - 0x43, 0x20, 0x54, 0x52, 0x55, 0x53, 0x54, 0x43, - 0x45, 0x4e, 0x54, 0x45, 0x52, 0x20, 0x46, 0x4f, - 0x52, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x49, 0x4e, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x47, 0x4d, 0x42, 0x48, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x19, 0x54, 0x43, 0x20, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x43, 0x45, 0x4e, 0x54, 0x45, - 0x52, 0x20, 0x43, 0x4c, 0x41, 0x53, 0x53, 0x20, - 0x33, 0x20, 0x43, 0x41, 0x31, 0x29, 0x30, 0x27, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x1a, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x40, 0x74, 0x72, 0x75, 0x73, 0x74, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x64, 0x65 -}; -static const CSSM_DATA TC_Class_3_subject = { 191, (uint8 *)TC_Class_3_subject_bytes }; -static const uint8 TC_Class_3_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb6, - 0xb4, 0xc1, 0x35, 0x05, 0x2e, 0x0d, 0x8d, 0xec, - 0xa0, 0x40, 0x6a, 0x1c, 0x0e, 0x27, 0xa6, 0x50, - 0x92, 0x6b, 0x50, 0x1b, 0x07, 0xde, 0x2e, 0xe7, - 0x76, 0xcc, 0xe0, 0xda, 0xfc, 0x84, 0xa8, 0x5e, - 0x8c, 0x63, 0x6a, 0x2b, 0x4d, 0xd9, 0x4e, 0x02, - 0x76, 0x11, 0xc1, 0x0b, 0xf2, 0x8d, 0x79, 0xca, - 0x00, 0xb6, 0xf1, 0xb0, 0x0e, 0xd7, 0xfb, 0xa4, - 0x17, 0x3d, 0xaf, 0xab, 0x69, 0x7a, 0x96, 0x27, - 0xbf, 0xaf, 0x33, 0xa1, 0x9a, 0x2a, 0x59, 0xaa, - 0xc4, 0xb5, 0x37, 0x08, 0xf2, 0x12, 0xa5, 0x31, - 0xb6, 0x43, 0xf5, 0x32, 0x96, 0x71, 0x28, 0x28, - 0xab, 0x8d, 0x28, 0x86, 0xdf, 0xbb, 0xee, 0xe3, - 0x0c, 0x7d, 0x30, 0xd6, 0xc3, 0x52, 0xab, 0x8f, - 0x5d, 0x27, 0x9c, 0x6b, 0xc0, 0xa3, 0xe7, 0x05, - 0x6b, 0x57, 0x49, 0x44, 0xb3, 0x6e, 0xea, 0x64, - 0xcf, 0xd2, 0x8e, 0x7a, 0x50, 0x77, 0x77, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA TC_Class_3_pubKey = { 140, (uint8 *)TC_Class_3_pubKey_bytes }; - - -/*********************** -Cert File Name: TC_Class_4.cer -Subject Name : - Country : DE - State : Hamburg - Locality : Hamburg - Org : TC TrustCenter for Security in Data Networks GmbH - OrgUnit : TC TrustCenter Class 4 CA - Email addrs : certificate@trustcenter.de - ***********************/ -static const uint8 TC_Class_4_subject_bytes[] = { - 0x30, 0x81, 0xbc, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, 0x45, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x41, 0x4d, 0x42, 0x55, - 0x52, 0x47, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x07, 0x48, 0x41, 0x4d, - 0x42, 0x55, 0x52, 0x47, 0x31, 0x3a, 0x30, 0x38, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x31, 0x54, - 0x43, 0x20, 0x54, 0x52, 0x55, 0x53, 0x54, 0x43, - 0x45, 0x4e, 0x54, 0x45, 0x52, 0x20, 0x46, 0x4f, - 0x52, 0x20, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, - 0x54, 0x59, 0x20, 0x49, 0x4e, 0x20, 0x44, 0x41, - 0x54, 0x41, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x47, 0x4d, 0x42, 0x48, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x19, 0x54, 0x43, 0x20, 0x54, 0x52, - 0x55, 0x53, 0x54, 0x43, 0x45, 0x4e, 0x54, 0x45, - 0x52, 0x20, 0x43, 0x4c, 0x41, 0x53, 0x53, 0x20, - 0x34, 0x20, 0x43, 0x41, 0x31, 0x29, 0x30, 0x27, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x1a, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x40, 0x74, 0x72, 0x75, 0x73, 0x74, 0x63, 0x65, - 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x64, 0x65 -}; -static const CSSM_DATA TC_Class_4_subject = { 191, (uint8 *)TC_Class_4_subject_bytes }; -static const uint8 TC_Class_4_pubKey_bytes[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xbf, - 0x2f, 0x63, 0xd6, 0x36, 0x7b, 0xb2, 0x0d, 0xd3, - 0x55, 0xf5, 0x64, 0x6c, 0xe6, 0x25, 0x5d, 0xc6, - 0xb4, 0xc8, 0x14, 0xba, 0x25, 0x38, 0x83, 0xeb, - 0x56, 0x62, 0xa5, 0x55, 0xa9, 0x65, 0xa3, 0xf4, - 0x23, 0x99, 0xc2, 0x4b, 0xb9, 0xd0, 0xcd, 0x54, - 0x67, 0xa6, 0xa3, 0xa0, 0xa3, 0xa9, 0x33, 0x2b, - 0x76, 0xe4, 0xbd, 0xad, 0x77, 0xb2, 0xed, 0x5c, - 0x12, 0x74, 0xc3, 0xc5, 0xb6, 0x0f, 0x52, 0x9a, - 0x72, 0x93, 0x43, 0x90, 0x62, 0x66, 0x15, 0x0f, - 0x45, 0xa5, 0xdd, 0xe0, 0xdd, 0xb8, 0x6f, 0x40, - 0x6e, 0x57, 0xc1, 0x79, 0x72, 0xa3, 0x60, 0xaa, - 0xba, 0x76, 0x1d, 0x12, 0x89, 0x53, 0x5a, 0xfc, - 0x02, 0xbe, 0xe1, 0x09, 0x13, 0xc5, 0x4a, 0x2f, - 0xdc, 0x3d, 0x8b, 0x19, 0xad, 0xd7, 0x8b, 0x24, - 0x45, 0xfb, 0x4c, 0xf4, 0xcd, 0x5c, 0x35, 0x1d, - 0x29, 0x4c, 0x51, 0xf3, 0xf2, 0x6c, 0x55, 0x02, - 0x03, 0x01, 0x00, 0x01 -}; -static const CSSM_DATA TC_Class_4_pubKey = { 140, (uint8 *)TC_Class_4_pubKey_bytes }; - - -/* end of static data generated by extractCertFields */ - -const tpRootCert sslRootCerts[] = -{ - { &Class1_PCA_G2_v2_subject, &Class1_PCA_G2_v2_pubKey, 1024 }, - { &Class2_PCA_G2_v2_subject, &Class2_PCA_G2_v2_pubKey, 1024 }, - { &Class3_PCA_G2_v2_subject, &Class3_PCA_G2_v2_pubKey, 1024 }, - { &Class4_PCA_G2_v2_subject, &Class4_PCA_G2_v2_pubKey, 1024 }, - { &PCA1ss_v4_subject, &PCA1ss_v4_pubKey, 1024 }, - { &PCA2ss_v4_subject, &PCA2ss_v4_pubKey, 1024 }, - { &PCA3ss_v4_subject, &PCA3ss_v4_pubKey, 1024 }, - { &RSASecureServer_subject, &RSASecureServer_pubKey, 1000 }, - { &persbasi_subject, &persbasi_pubKey, 1024 }, - { &persfree_subject, &persfree_pubKey, 1024 }, - { &persprem_subject, &persprem_pubKey, 1024 }, - { &serverpremium_subject, &serverpremium_pubKey, 1024 }, - { &serverbasic_subject, &serverbasic_pubKey, 1024 }, - { >ECyberTrustGlobalRoot_subject, >ECyberTrustGlobalRoot_pubKey, 1024 }, - { >ECyberTrustRoot_subject, >ECyberTrustRoot_pubKey, 1024 }, - { >ECyberTrustRoot2_subject, >ECyberTrustRoot2_pubKey, 1024 }, - { >ECyberTrustRoot3_subject, >ECyberTrustRoot3_pubKey, 1024 }, - { >ECyberTrustRoot4_subject, >ECyberTrustRoot4_pubKey, 2048 }, - { >ECyberTrustRoot5_subject, >ECyberTrustRoot5_pubKey, 2048 }, - { &BTCTRoot_subject, &BTCTRoot_pubKey, 2048 }, - { &BTCTcodert_subject, &BTCTcodert_pubKey, 2048 }, - { &BTCTmort_subject, &BTCTmort_pubKey, 1024 }, - { &TC_Class_0_subject, &TC_Class_0_pubKey, 1024 }, - { &TC_Class_1_subject, &TC_Class_1_pubKey, 1024 }, - { &TC_Class_2_subject, &TC_Class_2_pubKey, 1024 }, - { &TC_Class_3_subject, &TC_Class_3_pubKey, 1024 }, - { &TC_Class_4_subject, &TC_Class_4_pubKey, 1024 }, - -}; - -const unsigned numSslRootCerts = sizeof(sslRootCerts) / sizeof(tpRootCert); - -#endif /* TP_ROOT_CERT_ENABLE */ diff --git a/AppleX509TP/tpCertGroup.cpp b/AppleX509TP/tpCertGroup.cpp deleted file mode 100644 index 7f765e63..00000000 --- a/AppleX509TP/tpCertGroup.cpp +++ /dev/null @@ -1,677 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * tpCertGroup.cpp - Cert group functions (construct, verify) - * - * Created 10/5/2000 by Doug Mitchell. - */ - -#include "AppleTPSession.h" -#include "certGroupUtils.h" -#include "TPCertInfo.h" -#include "TPCrlInfo.h" -#include "tpPolicies.h" -#include "tpdebugging.h" -#include "rootCerts.h" -#include "tpCrlVerify.h" -#include -#include - -/*----------------------------------------------------------------------------- - * CertGroupConstruct - * - * Description: - * This function returns a pointer to a mallocd CSSM_CERTGROUP which - * refers to a mallocd list of raw ordered X.509 certs which verify back as - * far as the TP is able to go. The first cert of the returned list is the - * subject cert. The TP will attempt to search thru the DBs passed in - * DBList in order to complete the chain. The chain is completed when a - * self-signed (root) cert is found in the chain. The root cert may be - * present in the input CertGroupFrag, or it may have been obtained from - * one of the DBs passed in DBList. It is not an error if no root cert is - * found. - * - * The error conditions are: - * -- The first cert of CertGroupFrag is an invalid cert. NULL is returned, - * err = CSSM_TP_INVALID_CERTIFICATE. - * -- The root cert (if found) fails to verify. Valid certgroup is returned, - * err = CSSMERR_TP_VERIFICATION_FAILURE. - * -- Any cert in the (possibly partially) constructed chain has expired or - * isn't valid yet, err = CSSMERR_TP_CERT_EXPIRED or - * CSSMERR_TP_CERT_NOT_VALID_YET. A CertGroup is returned. - * -- CSSMERR_TP_CERT_EXPIRED and CSSMERR_TP_CERT_NOT_VALID_YET. If one of these - * conditions obtains for the first (leaf) cert, the function throws this - * error immediately and the outgoing cert group is empty. For subsequent certs, - * the temporal validity of a cert is only tested AFTER a cert successfully - * meets the cert chaining criteria (subject/issuer match and signature - * verify). A cert in a chain with this error is not added to the outgoing - * cert group. - * -- the usual errors like bad handle or memory failure. - * - * Parameters: - * Two handles - to an open CL and CSP. The CSP must be capable of - * dealing with the signature algorithms used by the certs. The CL must be - * an X.509-savvy CL. - * - * CertGroupFrag, an unordered array of raw X.509 certs in the form of a - * CSSM_CERTGROUP_PTR. The first cert of this list is the subject cert - * which is eventually to be verified. The other certs can be in any order - * and may not even have any relevance to the cert chain being constructed. - * They may also be invalid certs. - * - * DBList, a list of DB/DL handles which may contain certs necessary to - * complete the desired cert chain. (Not currently implemented.) - * - *---------------------------------------------------------------------------*/ - -/* public version */ -void AppleTPSession::CertGroupConstruct(CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DL_DB_LIST &DBList, - const void *ConstructParams, - const CSSM_CERTGROUP &CertGroupFrag, - CSSM_CERTGROUP_PTR &CertGroup) -{ - TPCertGroup outCertGroup(*this, TGO_Caller); - TPCertGroup inCertGroup(CertGroupFrag, - clHand, - cspHand, - *this, - NULL, // cssmTimeStr - true, // firstCertMustBeValid - TGO_Group); - - /* set up for disposal of TPCertInfos created by CertGroupConstructPriv */ - TPCertGroup certsToBeFreed(*this, TGO_Group); - - CSSM_RETURN constructReturn = CSSM_OK; - CSSM_BOOL verifiedToRoot; // not used - CSSM_BOOL verifiedToAnchor; // not used - - try { - CertGroupConstructPriv(clHand, - cspHand, - inCertGroup, - &DBList, - NULL, // cssmTimeStr - /* no anchors */ - 0, NULL, - 0, // actionFlags - certsToBeFreed, - verifiedToRoot, - verifiedToAnchor, - outCertGroup); - } - catch(const CssmError &cerr) { - constructReturn = cerr.cssmError(); - /* abort if no certs found */ - if(outCertGroup.numCerts() == 0) { - CssmError::throwMe(constructReturn); - } - } - CertGroup = outCertGroup.buildCssmCertGroup(); - if(constructReturn) { - CssmError::throwMe(constructReturn); - } -} - - -/* - * Private version of CertGroupConstruct, used by CertGroupConstruct and - * CertGroupVerify. Populates a TP-style TPCertGroup for further processing. - * This only throws CSSM-style exceptions in the following cases: - * - * -- input parameter errors - * -- the first (leaf) cert is bad (doesn't parse, expired, not valid yet). - * -- root found but it doesn't self-verify - * - * All other cert-related errors simply result in the bad cert being ignored. - * Other exceptions are gross system errors like malloc failure. - */ -void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup &inCertGroup, - const CSSM_DL_DB_LIST *DBList, // optional here - const char *cssmTimeStr, // optional - - /* trusted anchors, optional */ - /* FIXME - maybe this should be a TPCertGroup */ - uint32 numAnchorCerts, - const CSSM_DATA *anchorCerts, - - /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET is - * interesting */ - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - /* - * Certs to be freed by caller (i.e., TPCertInfo which we allocate - * as a result of using a cert from anchorCerts of dbList) are added - * to this group. - */ - TPCertGroup &certsToBeFreed, - - /* returned */ - CSSM_BOOL &verifiedToRoot, // end of chain self-verifies - CSSM_BOOL &verifiedToAnchor, // end of chain in anchors - TPCertGroup &outCertGroup) // RETURNED -{ - TPCertInfo *subjectCert; // the one we're working on - CSSM_RETURN outErr = CSSM_OK; - - /* this'll be the first subject cert in the main loop */ - subjectCert = inCertGroup.certAtIndex(0); - - /* Append leaf cert to outCertGroup */ - outCertGroup.appendCert(subjectCert); - subjectCert->isLeaf(true); - outCertGroup.setAllUnused(); - - outErr = outCertGroup.buildCertGroup( - *subjectCert, - &inCertGroup, - DBList, - clHand, - cspHand, - cssmTimeStr, - numAnchorCerts, - anchorCerts, - certsToBeFreed, - NULL, // gatheredCerts - none here - CSSM_TRUE, // subjectIsInGroup - enables root check on - // subject cert - actionFlags, - verifiedToRoot, - verifiedToAnchor); - if(outErr) { - CssmError::throwMe(outErr); - } -} -/*----------------------------------------------------------------------------- - * CertGroupVerify - * - * Description: - * -- Construct a cert chain using TP_CertGroupConstruct. - * -- Attempt to verify that cert chain against one of the known - * good certs passed in AnchorCerts. - * -- Optionally enforces additional policies (TBD) when verifying the cert chain. - * -- Optionally returns the entire cert chain constructed in - * TP_CertGroupConstruct and here, all the way to an anchor cert or as - * far as we were able to go, in *Evidence. - * - * Parameters: - * Two handles - to an open CL and CSP. The CSP must be capable of - * dealing with the signature algorithms used by the certs. The CL must be - * an X.509-savvy CL. - * - * RawCerts, an unordered array of raw certs in the form of a - * CSSM_CERTGROUP_PTR. The first cert of this list is the subject cert - * which is eventually to be verified. The other certs can be in any order - * and may not even have any relevance to the cert chain being constructed. - * They may also be invalid certs. - * - * DBList, a list of DB/DL handles which may contain certs necessary to - * complete the desired cert chain. (Currently not implemented.) - * - * AnchorCerts, a list of known trusted certs. - * NumberOfAnchorCerts, size of AnchorCerts array. - * - * PolicyIdentifiers, Optional policy OID. NULL indicates default - * X.509 trust policy. - * - * Supported Policies: - * CSSMOID_APPLE_ISIGN - * CSSMOID_APPLE_X509_BASIC - * - * For both of these, the associated FieldValue must be {0, NULL}, - * - * NumberOfPolicyIdentifiers, size of PolicyIdentifiers array, must be - * zero or one. - * - * All other arguments must be zero/NULL. - * - * Returns: - * CSSM_OK : cert chain verified all the way back to an AnchorCert. - * CSSMERR_TP_INVALID_ANCHOR_CERT : In this case, the cert chain - * was validated back to a self-signed (root) cert found in either - * CertToBeVerified or in one of the DBs in DBList, but that root cert - * was *NOT* found in the AnchorCert list. - * CSSMERR_TP_NOT_TRUSTED: no root cert was found and no AnchorCert - * verified the end of the constructed cert chain. - * CSSMERR_TP_VERIFICATION_FAILURE: a root cert was found which does - * not self-verify. - * CSSMERR_TP_VERIFY_ACTION_FAILED: indicates a failure of the requested - * policy action. - * CSSMERR_TP_INVALID_CERTIFICATE: indicates a bad leaf cert. - * CSSMERR_TP_INVALID_REQUEST_INPUTS : no incoming VerifyContext. - * CSSMERR_TP_CERT_EXPIRED and CSSMERR_TP_CERT_NOT_VALID_YET: see comments - * for CertGroupConstruct. - * CSSMERR_TP_CERTIFICATE_CANT_OPERATE : issuer cert was found with a partial - * public key, rendering full verification impossible. - * CSSMERR_TP_INVALID_CERT_AUTHORITY : issuer cert was found with a partial - * public key and which failed to perform subsequent signature - * verification. - *---------------------------------------------------------------------------*/ - -void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_CERTGROUP &CertGroupToBeVerified, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult) -{ - CSSM_BOOL verifiedToRoot = CSSM_FALSE; - CSSM_BOOL verifiedToAnchor = CSSM_FALSE; - CSSM_RETURN constructReturn = CSSM_OK; - CSSM_RETURN policyReturn = CSSM_OK; - const CSSM_TP_CALLERAUTH_CONTEXT *cred; - CSSM_BOOL allowExpired = CSSM_FALSE; - CSSM_BOOL allowExpiredRoot = CSSM_FALSE; - /* declare volatile as compiler workaround to avoid caching in CR4 */ - const CSSM_APPLE_TP_ACTION_DATA * volatile actionData = NULL; - CSSM_TIMESTRING cssmTimeStr; - CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0; - CSSM_TP_STOP_ON tpStopOn = 0; - - /* keep track of whether we did policy checking; if not, we do defaults */ - bool didCertPolicy = false; - bool didRevokePolicy = false; - - if(VerifyContextResult) { - memset(VerifyContextResult, 0, sizeof(*VerifyContextResult)); - } - - /* verify input args, skipping the ones checked by CertGroupConstruct */ - if((VerifyContext == NULL) || (VerifyContext->Cred == NULL)) { - /* the spec says that this is optional but we require it */ - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - cred = VerifyContext->Cred; - - /* Optional ActionData affecting all policies */ - actionData = (CSSM_APPLE_TP_ACTION_DATA * volatile)VerifyContext->ActionData.Data; - if(actionData != NULL) { - switch(actionData->Version) { - case CSSM_APPLE_TP_ACTION_VERSION: - if(VerifyContext->ActionData.Length != - sizeof(CSSM_APPLE_TP_ACTION_DATA)) { - CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); - } - break; - /* handle backwards versions here if we ever go beyond version 0 */ - default: - CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); - } - actionFlags = actionData->ActionFlags; - if(actionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED) { - allowExpired = CSSM_TRUE; - } - if(actionData->ActionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT) { - allowExpiredRoot = CSSM_TRUE; - } - } - - /* optional, may be NULL */ - cssmTimeStr = cred->VerifyTime; - - tpStopOn = cred->VerificationAbortOn; - switch(tpStopOn) { - /* the only two we support */ - case CSSM_TP_STOP_ON_NONE: - case CSSM_TP_STOP_ON_FIRST_FAIL: - break; - /* default maps to stop on first fail */ - case CSSM_TP_STOP_ON_POLICY: - tpStopOn = CSSM_TP_STOP_ON_FIRST_FAIL; - break; - default: - CssmError::throwMe(CSSMERR_TP_INVALID_STOP_ON_POLICY); - } - - /* now the args we can't deal with */ - if(cred->CallerCredentials != NULL) { - CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); - } - /* ...any others? */ - - /* get verified (possibly partial) outCertGroup - error is fatal */ - /* BUT: we still return partial evidence if asked to...from now on. */ - TPCertGroup outCertGroup(*this, - TGO_Caller); // certs are owned by inCertGroup - TPCertGroup inCertGroup(CertGroupToBeVerified, clHand, cspHand, *this, - cssmTimeStr, // optional 'this' time - true, // firstCertMustBeValid - TGO_Group); - - /* set up for disposal of TPCertInfos created by CertGroupConstructPriv */ - TPCertGroup certsToBeFreed(*this, TGO_Group); - - try { - CertGroupConstructPriv( - clHand, - cspHand, - inCertGroup, - cred->DBList, - cssmTimeStr, - cred->NumberOfAnchorCerts, - cred->AnchorCerts, - actionFlags, - certsToBeFreed, - verifiedToRoot, - verifiedToAnchor, - outCertGroup); - } - catch(const CssmError &cerr) { - constructReturn = cerr.cssmError(); - /* abort if no certs found */ - if(outCertGroup.numCerts() == 0) { - CssmError::throwMe(constructReturn); - } - /* else press on, collecting as much info as we can */ - } - /* others are way fatal */ - assert(outCertGroup.numCerts() >= 1); - - /* Infer interim status from return values */ - if((constructReturn != CSSMERR_TP_CERTIFICATE_CANT_OPERATE) && - (constructReturn != CSSMERR_TP_INVALID_CERT_AUTHORITY)) { - /* these returns do not get overridden */ - if(verifiedToAnchor) { - /* full success; anchor doesn't have to be root */ - constructReturn = CSSM_OK; - } - else if(verifiedToRoot) { - /* verified to root which is not an anchor */ - constructReturn = CSSMERR_TP_INVALID_ANCHOR_CERT; - } - else { - /* partial chain, no root, not verifiable by anchor */ - constructReturn = CSSMERR_TP_NOT_TRUSTED; - } - } - - /* - * CSSMERR_TP_NOT_TRUSTED and CSSMERR_TP_INVALID_ANCHOR_CERT - * are both special cases which can result in full success - * when CSSM_TP_USE_INTERNAL_ROOT_CERTS is enabled. - */ - #if TP_ROOT_CERT_ENABLE - if(actionFlags & CSSM_TP_USE_INTERNAL_ROOT_CERTS) { - // The secret "enable root cert check" flag - - TPCertInfo *lastCert = outCertGroup.lastCert(); - if(constructReturn == CSSMERR_TP_NOT_TRUSTED) { - /* - * See if last (non-root) cert can be verified by - * an embedded root */ - assert(lastCert != NULL); - CSSM_BOOL brtn = tp_verifyWithKnownRoots(clHand, - cspHand, - lastCert); - if(brtn) { - /* success with no incoming root, actually common (successful) case */ - constructReturn = CSSM_OK; - } - } - else if(constructReturn == CSSMERR_TP_INVALID_ANCHOR_CERT) { - /* is the end cert the same as one of our trusted roots? */ - assert(lastCert != NULL); - bool brtn = tp_isKnownRootCert(lastCert, clHand); - if(brtn) { - constructReturn = CSSM_OK; - } - } - } - #endif /* TP_ROOT_CERT_ENABLE */ - - /* - * Parameters passed to tp_policyVerify() and which vary per policy - * in the loop below - */ - TPPolicy tpPolicy; - const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts; - CSSM_RETURN thisPolicyRtn = CSSM_OK; // returned from tp_policyVerify() - - /* common CRL verify parameters */ - TPCrlGroup *crlGroup = NULL; - try { - crlGroup = new TPCrlGroup(&VerifyContext->Crls, - clHand, cspHand, - *this, // alloc - cssmTimeStr, - TGO_Group); - } - catch(const CssmError &cerr) { - CSSM_RETURN cr = cerr.cssmError(); - /* I don't see a straightforward way to report this error, - * other than adding it to the leaf cert's status... */ - outCertGroup.certAtIndex(0)->addStatusCode(cr); - tpDebug("CertGroupVerify: error constructing CrlGroup; continuing\n"); - } - /* others are way fatal */ - - TPCrlVerifyContext crlVfyContext(*this, - clHand, - cspHand, - cssmTimeStr, - cred->NumberOfAnchorCerts, - cred->AnchorCerts, - &inCertGroup, - crlGroup, - /* - * This may consist of certs gathered from the net (which is the purpose - * of this argument) and from DLDBs (a side-effect optimization). - */ - &certsToBeFreed, - cred->DBList, - kCrlNone, // policy, varies per policy - actionFlags, - 0); // crlOptFlags, varies per policy - - /* true if we're to execute tp_policyVerify at end of loop */ - bool doPolicyVerify; - - /* grind thru each policy */ - for(uint32 polDex=0; polDexPolicy.NumberOfPolicyIds; polDex++) { - if(cred->Policy.PolicyIds == NULL) { - policyReturn = CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - CSSM_FIELD_PTR policyId = &cred->Policy.PolicyIds[polDex]; - const CSSM_DATA *fieldVal = &policyId->FieldValue; - const CSSM_OID *oid = &policyId->FieldOid; - thisPolicyRtn = CSSM_OK; - doPolicyVerify = false; - sslOpts = NULL; - - /* first the basic cert policies */ - if(tpCompareOids(oid, &CSSMOID_APPLE_TP_SSL)) { - tpPolicy = kTP_SSL; - doPolicyVerify = true; - /* and do the tp_policyVerify() call below */ - } - - else if(tpCompareOids(oid, &CSSMOID_APPLE_X509_BASIC)) { - /* no options */ - if(fieldVal->Data != NULL) { - policyReturn = CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - tpPolicy = kTPx509Basic; - doPolicyVerify = true; - } - - else if(tpCompareOids(oid, &CSSMOID_APPLE_TP_SMIME)) { - tpPolicy = kTP_SMIME; - doPolicyVerify = true; - } - - else if(tpCompareOids(oid, &CSSMOID_APPLE_TP_EAP)) { - /* treated here exactly the same as SSL */ - tpPolicy = kTP_SSL; - doPolicyVerify = true; - } - - else if(tpCompareOids(oid, &CSSMOID_APPLE_ISIGN)) { - /* no options */ - if(fieldVal->Data != NULL) { - policyReturn = CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - tpPolicy = kTPiSign; - doPolicyVerify = true; - } - - /* now revocation policies */ - else if(tpCompareOids(oid, &CSSMOID_APPLE_TP_REVOCATION_CRL)) { - /* CRL-specific options */ - const CSSM_APPLE_TP_CRL_OPTIONS *crlOpts; - crlOpts = (CSSM_APPLE_TP_CRL_OPTIONS *)fieldVal->Data; - thisPolicyRtn = CSSM_OK; - if(crlOpts != NULL) { - switch(crlOpts->Version) { - case CSSM_APPLE_TP_CRL_OPTS_VERSION: - if(fieldVal->Length != - sizeof(CSSM_APPLE_TP_CRL_OPTIONS)) { - thisPolicyRtn = - CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - break; - /* handle backwards compatibility here if necessary */ - default: - thisPolicyRtn = CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - if(thisPolicyRtn != CSSM_OK) { - policyReturn = thisPolicyRtn; - break; - } - } - crlVfyContext.policy = kCrlBasic; - crlVfyContext.crlOpts = crlOpts; - - thisPolicyRtn = tpVerifyCertGroupWithCrls(outCertGroup, - crlVfyContext); - didRevokePolicy = true; - } - /* etc. - add more policies here */ - else { - /* unknown TP policy OID */ - policyReturn = CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - break; - } - - /* common tp_policyVerify call */ - if(doPolicyVerify) { - thisPolicyRtn = tp_policyVerify(tpPolicy, - *this, - clHand, - cspHand, - &outCertGroup, - verifiedToRoot, - actionFlags, - fieldVal, - cred->Policy.PolicyControl); // not currently used - didCertPolicy = true; - } - - if(thisPolicyRtn) { - /* Policy error. First remember the error if it's the first policy - * error we'veÊseen. */ - if(policyReturn == CSSM_OK) { - policyReturn = thisPolicyRtn; - } - /* Keep going? */ - if(tpStopOn == CSSM_TP_STOP_ON_FIRST_FAIL) { - /* Nope; we're done with policy evaluation */ - break; - } - } - } /* for each policy */ - - /* - * Upon completion of the above loop, perform default policy ops if - * appropriate. - */ - if((policyReturn == CSSM_OK) || (tpStopOn == CSSM_TP_STOP_ON_NONE)) { - if(!didCertPolicy) { - policyReturn = tp_policyVerify(kTPDefault, - *this, - clHand, - cspHand, - &outCertGroup, - verifiedToRoot, - actionFlags, - NULL, // policyFieldData - cred->Policy.PolicyControl); // not currently used - } - if( !didRevokePolicy && // no revoke policy yet - ( (policyReturn == CSSM_OK || // default cert policy OK - (tpStopOn == CSSM_TP_STOP_ON_NONE)) // keep going anyway - ) - ) { - - crlVfyContext.policy = TP_CRL_POLICY_DEFAULT; - crlVfyContext.crlOpts = NULL; - CSSM_RETURN thisPolicyRtn = tpVerifyCertGroupWithCrls(outCertGroup, - crlVfyContext); - if((thisPolicyRtn != CSSM_OK) && (policyReturn == CSSM_OK)) { - policyReturn = thisPolicyRtn; - } - - } - } /* default policy opts */ - - delete crlGroup; - - /* return evidence - i.e., constructed chain - if asked to */ - if(VerifyContextResult != NULL) { - /* - * VerifyContextResult->Evidence[0] : CSSM_TP_APPLE_EVIDENCE_HEADER - * VerifyContextResult->Evidence[1] : CSSM_CERTGROUP - * VerifyContextResult->Evidence[2] : CSSM_TP_APPLE_EVIDENCE_INFO - */ - VerifyContextResult->NumberOfEvidences = 3; - VerifyContextResult->Evidence = - (CSSM_EVIDENCE_PTR)calloc(3, sizeof(CSSM_EVIDENCE)); - - CSSM_TP_APPLE_EVIDENCE_HEADER *hdr = - (CSSM_TP_APPLE_EVIDENCE_HEADER *)malloc( - sizeof(CSSM_TP_APPLE_EVIDENCE_HEADER)); - hdr->Version = CSSM_TP_APPLE_EVIDENCE_VERSION; - CSSM_EVIDENCE_PTR ev = &VerifyContextResult->Evidence[0]; - ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_HEADER; - ev->Evidence = hdr; - - ev = &VerifyContextResult->Evidence[1]; - ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERTGROUP; - ev->Evidence = outCertGroup.buildCssmCertGroup(); - - ev = &VerifyContextResult->Evidence[2]; - ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERT_INFO; - ev->Evidence = outCertGroup.buildCssmEvidenceInfo(); - - } - CSSM_RETURN outErr = outCertGroup.getReturnCode(constructReturn, - allowExpired, allowExpiredRoot, policyReturn); - - if(outErr) { - CssmError::throwMe(outErr); - } -} - - diff --git a/AppleX509TP/tpCredRequest.cpp b/AppleX509TP/tpCredRequest.cpp deleted file mode 100644 index b5dd7efe..00000000 --- a/AppleX509TP/tpCredRequest.cpp +++ /dev/null @@ -1,787 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * tpCredRequest.cpp - credential request functions SubmitCredRequest, - * RetrieveCredResult - * - * Created 1/24/2002 by Doug Mitchell. - */ - -#include "AppleTPSession.h" -#include "certGroupUtils.h" -#include "tpdebugging.h" -#include "tpTime.h" -#include -#include -#include -#include -#include -#include -#include - -#define tpCredDebug(args...) secdebug("tpCred", ## args) - -/* - * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. - * We do one a/v pair per RDN. - */ -CSSM_X509_NAME * AppleTPSession::buildX509Name( - const CSSM_APPLE_TP_NAME_OID *nameArray, - unsigned numNames) -{ - CSSM_X509_NAME *top = (CSSM_X509_NAME *)malloc(sizeof(CSSM_X509_NAME)); - top->numberOfRDNs = numNames; - if(numNames == 0) { - /* legal! */ - top->RelativeDistinguishedName = NULL; - return top; - } - top->RelativeDistinguishedName = - (CSSM_X509_RDN_PTR)malloc(sizeof(CSSM_X509_RDN) * numNames); - CSSM_X509_RDN_PTR rdn; - const CSSM_APPLE_TP_NAME_OID *nameOid; - unsigned nameDex; - for(nameDex=0; nameDexRelativeDistinguishedName[nameDex]; - nameOid = &nameArray[nameDex]; - rdn->numberOfPairs = 1; - rdn->AttributeTypeAndValue = (CSSM_X509_TYPE_VALUE_PAIR_PTR) - malloc(sizeof(CSSM_X509_TYPE_VALUE_PAIR)); - CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = rdn->AttributeTypeAndValue; - tpCopyCssmData(*this, nameOid->oid, &atvp->type); - atvp->valueType = BER_TAG_PRINTABLE_STRING; - atvp->value.Length = strlen(nameOid->string); - atvp->value.Data = (uint8 *)malloc(atvp->value.Length); - memmove(atvp->value.Data, nameOid->string, atvp->value.Length); - } - return top; -} - -/* free the CSSM_X509_NAME obtained from buildX509Name */ -void AppleTPSession::freeX509Name( - CSSM_X509_NAME *top) -{ - if(top == NULL) { - return; - } - unsigned nameDex; - CSSM_X509_RDN_PTR rdn; - for(nameDex=0; nameDexnumberOfRDNs; nameDex++) { - rdn = &top->RelativeDistinguishedName[nameDex]; - if(rdn->AttributeTypeAndValue) { - for(unsigned aDex=0; aDexnumberOfPairs; aDex++) { - CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = - &rdn->AttributeTypeAndValue[aDex]; - free(atvp->type.Data); - free(atvp->value.Data); - } - free(rdn->AttributeTypeAndValue); - } - } - free(top->RelativeDistinguishedName); - free(top); -} - -/* Obtain a CSSM_X509_TIME representing "now" plus specified seconds */ - -/* - * Although RFC 2459, *the* spec for X509 certs, allows for not before/after - * times to be expressed in ther generalized (4-digit year) or UTC (2-digit year - * with implied century rollover), IE 5 on Mac will not accept the generalized - * format. - */ -#define TP_FOUR_DIGIT_YEAR 0 -#if TP_FOUR_DIGIT_YEAR -#define TP_TIME_FORMAT TIME_GEN -#define TP_TIME_TAG BER_TAG_GENERALIZED_TIME -#else -#define TP_TIME_FORMAT TIME_UTC -#define TP_TIME_TAG BER_TAG_UTC_TIME -#endif /* TP_FOUR_DIGIT_YEAR */ - -CSSM_X509_TIME * AppleTPSession::buildX509Time( - unsigned secondsFromNow) -{ - CSSM_X509_TIME *xtime = (CSSM_X509_TIME *)malloc(sizeof(CSSM_X509_TIME)); - xtime->timeType = TP_TIME_TAG; - char *ts = (char *)malloc(GENERALIZED_TIME_STRLEN + 1); - { - StLock _(tpTimeLock()); - timeAtNowPlus(secondsFromNow, TP_TIME_FORMAT, ts); - } - xtime->time.Data = (uint8 *)ts; - xtime->time.Length = strlen(ts); - return xtime; -} - -/* Free CSSM_X509_TIME obtained in buildX509Time */ -void AppleTPSession::freeX509Time( - CSSM_X509_TIME *xtime) -{ - if(xtime == NULL) { - return; - } - free((char *)xtime->time.Data); - free(xtime); -} - -/* - * Cook up a CSSM_DATA with specified integer, DER style (minimum number of - * bytes, big-endian). - */ -static void intToDER( - uint32 theInt, - CSSM_DATA &DER_Data, - CssmAllocator &alloc) -{ - if(theInt < 0x100) { - DER_Data.Length = 1; - DER_Data.Data = (uint8 *)alloc.malloc(1); - DER_Data.Data[0] = (unsigned char)(theInt); - } - else if(theInt < 0x10000) { - DER_Data.Length = 2; - DER_Data.Data = (uint8 *)alloc.malloc(2); - DER_Data.Data[0] = (unsigned char)(theInt >> 8); - DER_Data.Data[1] = (unsigned char)(theInt); - } - else if(theInt < 0x1000000) { - DER_Data.Length = 3; - DER_Data.Data = (uint8 *)alloc.malloc(3); - DER_Data.Data[0] = (unsigned char)(theInt >> 16); - DER_Data.Data[1] = (unsigned char)(theInt >> 8); - DER_Data.Data[2] = (unsigned char)(theInt); - } - else { - DER_Data.Length = 4; - DER_Data.Data = (uint8 *)alloc.malloc(4); - DER_Data.Data[0] = (unsigned char)(theInt >> 24); - DER_Data.Data[1] = (unsigned char)(theInt >> 16); - DER_Data.Data[2] = (unsigned char)(theInt >> 8); - DER_Data.Data[3] = (unsigned char)(theInt); - } -} - -/* The reverse of the above. */ -static uint32 DERToInt( - const CSSM_DATA &DER_Data) -{ - uint32 rtn = 0; - uint8 *bp = DER_Data.Data; - for(unsigned dex=0; dexKeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - actPubKey = subjectPubKey; - break; - case CSSM_KEYBLOB_REFERENCE: - refKeyToRaw(cspHand, subjectPubKey, &rawPubKey); - actPubKey = &rawPubKey; - freeRawKey = CSSM_TRUE; - break; - default: - tpCredDebug("CSSM_CL_CertCreateTemplate: bad key blob type (%u)", - (unsigned)subjectPubKey->KeyHeader.BlobType); - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - - - /* - * version, always 2 (X509v3) - * serialNumber thru subjectPubKey - */ - unsigned numFields = 8 + numExtensions; - if(subjectUniqueId) { - numFields++; - } - if(issuerUniqueId) { - numFields++; - } - - certTemp = (CSSM_FIELD *)malloc(sizeof(CSSM_FIELD) * numFields); - - - /* version */ - intToDER(2, versionDER, *this); - certTemp[fieldDex].FieldOid = CSSMOID_X509V1Version; - certTemp[fieldDex++].FieldValue = versionDER; - - /* serial number */ - intToDER(serialNumber, serialDER, *this); - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SerialNumber; - certTemp[fieldDex++].FieldValue = serialDER; - - /* subject and issuer name */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1IssuerNameCStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)issuerName; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); - - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SubjectNameCStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)subjectName; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); - - /* not before/after */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotBefore; - certTemp[fieldDex].FieldValue.Data = (uint8 *)notBefore; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); - - certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotAfter; - certTemp[fieldDex].FieldValue.Data = (uint8 *)notAfter; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); - - /* the subject key */ - certTemp[fieldDex].FieldOid = CSSMOID_CSSMKeyStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)actPubKey; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_KEY); - - /* signature algorithm */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SignatureAlgorithmTBS; - certTemp[fieldDex].FieldValue.Data = (uint8 *)&algId; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_ALGORITHM_IDENTIFIER); - - /* subject/issuer unique IDs */ - if(subjectUniqueId != 0) { - certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateSubjectUniqueId; - certTemp[fieldDex++].FieldValue = *subjectUniqueId; - } - if(issuerUniqueId != 0) { - certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateIssuerUniqueId; - certTemp[fieldDex++].FieldValue = *issuerUniqueId; - } - - for(extNum=0; extNumformat == CSSM_X509_DATAFORMAT_PARSED) { - certTemp[fieldDex].FieldOid = ext->extnId; - } - else { - certTemp[fieldDex].FieldOid = CSSMOID_X509V3CertificateExtensionCStruct; - } - certTemp[fieldDex].FieldValue.Data = (uint8 *)ext; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_EXTENSION); - } - assert(fieldDex == numFields); - - /* - * OK, here we go - */ - rawCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - rawCert->Data = NULL; - rawCert->Length = 0; - CSSM_RETURN crtn = CSSM_CL_CertCreateTemplate(clHand, - fieldDex, - certTemp, - rawCert); - if(crtn) { - tpCredDebug("CSSM_CL_CertCreateTemplate returned %s", - cssmErrorString(crtn).c_str()); - free(rawCert->Data); - free(rawCert); - rawCert = NULL; - } - - /* free the stuff we mallocd to get here */ - free(serialDER.Data); - free(versionDER.Data); - free(certTemp); - if(freeRawKey) { - tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE); - } - if(crtn) { - CssmError::throwMe(crtn); - } -} - -/* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and - * add it and the cert to tpCredMap. */ -void AppleTPSession::addCertToMap( - const CSSM_DATA *cert, - CSSM_DATA_PTR refId) -{ - StLock _(tpCredMapLock); - - TpCredHandle hand = reinterpret_cast(cert); - intToDER(hand, *refId, *this); - tpCredMap[hand] = cert; -} - -/* given a ReferenceIdentifier, obtain associated cert and remove from the map */ -CSSM_DATA_PTR AppleTPSession::getCertFromMap( - const CSSM_DATA *refId) -{ - StLock _(tpCredMapLock); - CSSM_DATA_PTR rtn = NULL; - - if((refId == NULL) || (refId->Data == NULL)) { - return NULL; - } - TpCredHandle hand = DERToInt(*refId); - credMap::iterator it = tpCredMap.find(hand); - if(it == tpCredMap.end()) { - return NULL; - } - rtn = const_cast(it->second); - tpCredMap.erase(hand); - return rtn; -} - -/* - * SubmitCredRequest, CSR form. - */ -void AppleTPSession::SubmitCsrRequest( - const CSSM_TP_REQUEST_SET &RequestInput, - sint32 &EstimatedTime, // RETURNED - CssmData &ReferenceIdentifier) // RETURNED -{ - CSSM_DATA_PTR csrPtr = NULL; - CSSM_CC_HANDLE sigHand = 0; - CSSM_APPLE_CL_CSR_REQUEST csrReq; - - memset(&csrReq, 0, sizeof(csrReq)); - - /* for now we're using the same struct for input as the the normal - * X509 cert request. */ - CSSM_APPLE_TP_CERT_REQUEST *certReq = - (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests; - if((certReq->cspHand == 0) || - (certReq->clHand == 0) || - (certReq->certPublicKey == NULL) || - (certReq->issuerPrivateKey == NULL) || - (certReq->signatureOid.Data == NULL)) { - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - - /* convert ref public key to raw per CL requirements */ - const CSSM_KEY *subjectPubKey = certReq->certPublicKey; - const CSSM_KEY *actPubKey = NULL; - CSSM_BOOL freeRawKey = CSSM_FALSE; - CSSM_KEY rawPubKey; - - switch(subjectPubKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - actPubKey = subjectPubKey; - break; - case CSSM_KEYBLOB_REFERENCE: - refKeyToRaw(certReq->cspHand, subjectPubKey, &rawPubKey); - actPubKey = &rawPubKey; - freeRawKey = CSSM_TRUE; - break; - default: - tpCredDebug("SubmitCsrRequest: bad key blob type (%u)", - (unsigned)subjectPubKey->KeyHeader.BlobType); - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - - /* cook up a CL-passthrough-specific request */ - csrReq.subjectNameX509 = buildX509Name(certReq->subjectNames, - certReq->numSubjectNames); - csrReq.signatureAlg = certReq->signatureAlg; - csrReq.signatureOid = certReq->signatureOid; - csrReq.cspHand = certReq->cspHand; - csrReq.subjectPublicKey = actPubKey; - csrReq.subjectPrivateKey = certReq->issuerPrivateKey; - csrReq.challengeString = certReq->challengeString; - - /* A crypto handle to pass to the CL */ - CSSM_RETURN crtn; - crtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand, - certReq->signatureAlg, - NULL, // AccessCred - certReq->issuerPrivateKey, - &sigHand); - if(crtn) { - tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", - cssmErrorString(crtn).c_str()); - goto abort; - } - - /* down to the CL to do the actual work */ - crtn = CSSM_CL_PassThrough(certReq->clHand, - sigHand, - CSSM_APPLEX509CL_OBTAIN_CSR, - &csrReq, - (void **)&csrPtr); - if(crtn) { - tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", - cssmErrorString(crtn).c_str()); - goto abort; - } - - /* save it for retrieval by RetrieveCredResult */ - addCertToMap(csrPtr, &ReferenceIdentifier); - EstimatedTime = 0; - -abort: - /* free local resources */ - if(csrReq.subjectNameX509) { - freeX509Name(csrReq.subjectNameX509); - } - if(sigHand) { - CSSM_DeleteContext(sigHand); - } - if(freeRawKey) { - tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE); - } - if(crtn) { - CssmError::throwMe(crtn); - } -} - -/* - * Submit cred (cert) request. Currently the only form of request we - * handle is the basis "sign this cert with key right now", with policy OI - * CSSMOID_APPLE_TP_LOCAL_CERT_GEN. - */ -void AppleTPSession::SubmitCredRequest( - const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, - const CSSM_TP_REQUEST_SET &RequestInput, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, - sint32 &EstimatedTime, - CssmData &ReferenceIdentifier) -{ - /* free all of these on return if non-NULL */ - CSSM_DATA_PTR certTemplate = NULL; - CSSM_X509_TIME_PTR notBeforeX509 = NULL; - CSSM_X509_TIME_PTR notAfterX509 = NULL; - CSSM_X509_NAME_PTR subjectX509 = NULL; - CSSM_X509_NAME_PTR issuerX509 = NULL; - CSSM_X509_EXTENSION_PTR extens509 = NULL; - CSSM_CC_HANDLE sigContext = 0; - - /* this gets saved on success */ - CSSM_DATA_PTR signedCert = NULL; - - /* validate rather limited set of input args */ - if(PreferredAuthority != NULL) { - CssmError::throwMe(CSSMERR_TP_INVALID_AUTHORITY); - } - if(RequestType != CSSM_TP_AUTHORITY_REQUEST_CERTISSUE) { - CssmError::throwMe(CSSMERR_TP_UNSUPPORTED_SERVICE); - } - if(CallerAuthContext == NULL) { - CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); - } - if((RequestInput.NumberOfRequests != 1) || - (RequestInput.Requests == NULL)) { - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - - /* Apple-specific args */ - const CSSM_TP_POLICYINFO *tpPolicy = &CallerAuthContext->Policy; - if((tpPolicy->NumberOfPolicyIds != 1) || - (tpPolicy->PolicyIds == NULL)) { - CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); - } - if(tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid, - &CSSMOID_APPLE_TP_CSR_GEN)) { - /* break out to CSR-specific code */ - SubmitCsrRequest(RequestInput, EstimatedTime, ReferenceIdentifier); - return; - } - else if(!tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid, - &CSSMOID_APPLE_TP_LOCAL_CERT_GEN)) { - CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); - } - - CSSM_APPLE_TP_CERT_REQUEST *certReq = - (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests; - if((certReq->cspHand == 0) || - (certReq->clHand == 0) || - (certReq->certPublicKey == NULL) || - (certReq->issuerPrivateKey == NULL)) { - CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); - } - if((certReq->numExtensions != 0) & (certReq->extensions == NULL)) { - CssmError::throwMe(CSSMERR_TP_INVALID_POINTER); - } - - CSSM_RETURN ourRtn = CSSM_OK; - - try { - /* convert caller's friendly names and times to CDSA style */ - subjectX509 = buildX509Name(certReq->subjectNames, certReq->numSubjectNames); - if(certReq->issuerNames != NULL) { - issuerX509 = buildX509Name(certReq->issuerNames, certReq->numIssuerNames); - } - else if(certReq->issuerNameX509) { - /* caller obtained this from an existing signer's cert */ - issuerX509 = certReq->issuerNameX509; - } - else { - /* self-signed */ - issuerX509 = subjectX509; - } - notBeforeX509 = buildX509Time(certReq->notBefore); - notAfterX509 = buildX509Time(certReq->notAfter); - - if(certReq->numExtensions != 0) { - /* convert extensions array from CE_DataAndType to CSSM_X509_EXTENSION */ - extens509 = (CSSM_X509_EXTENSION *)malloc(sizeof(CSSM_X509_EXTENSION) * - certReq->numExtensions); - memset(extens509, 0, sizeof(CSSM_X509_EXTENSION) * - certReq->numExtensions); - for(unsigned dex=0; dexnumExtensions; dex++) { - CSSM_X509_EXTENSION *extn = &extens509[dex]; - CE_DataAndType *cdt = &certReq->extensions[dex]; - void *parsedValue; - CSSM_OID extnId; - - switch(cdt->type) { - case DT_AuthorityKeyID: - parsedValue = &cdt->extension.authorityKeyID; - extnId = CSSMOID_AuthorityKeyIdentifier; - break; - case DT_SubjectKeyID: - parsedValue = &cdt->extension.subjectKeyID; - extnId = CSSMOID_SubjectKeyIdentifier; - break; - case DT_KeyUsage: - parsedValue = &cdt->extension.keyUsage; - extnId = CSSMOID_KeyUsage; - break; - case DT_SubjectAltName: - parsedValue = &cdt->extension.subjectAltName; - extnId = CSSMOID_SubjectAltName; - break; - case DT_ExtendedKeyUsage: - parsedValue = &cdt->extension.extendedKeyUsage; - extnId = CSSMOID_ExtendedKeyUsage; - break; - case DT_BasicConstraints: - parsedValue = &cdt->extension.basicConstraints; - extnId = CSSMOID_BasicConstraints; - break; - case DT_CertPolicies: - parsedValue = &cdt->extension.certPolicies; - extnId = CSSMOID_CertificatePolicies; - break; - case DT_NetscapeCertType: - parsedValue = &cdt->extension.netscapeCertType; - extnId = CSSMOID_NetscapeCertType; - break; - case DT_Other: - default: - tpCredDebug("SubmitCredRequest: DT_Other not supported"); - CssmError::throwMe(CSSMERR_TP_UNKNOWN_TAG); - // NOT REACHED - } - extn->extnId = extnId; - extn->critical = cdt->critical; - extn->format = CSSM_X509_DATAFORMAT_PARSED; - extn->value.parsedValue = parsedValue; - extn->BERvalue.Data = NULL; - extn->BERvalue.Length = 0; - } /* for each extension */ - } /* converting extensions */ - - /* cook up the unsigned template */ - makeCertTemplate(certReq->clHand, - certReq->cspHand, - certReq->serialNumber, - issuerX509, - subjectX509, - notBeforeX509, - notAfterX509, - certReq->certPublicKey, - certReq->signatureOid, - NULL, // subjectUniqueID, not used here (yet) - NULL, // issuerUniqueId - extens509, - certReq->numExtensions, - certTemplate); - - /* create signature context */ - ourRtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand, - certReq->signatureAlg, - (CallerAuthContext ? CallerAuthContext->CallerCredentials : NULL), - certReq->issuerPrivateKey, - &sigContext); - if(ourRtn) { - tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", - cssmErrorString(ourRtn).c_str()); - CssmError::throwMe(ourRtn); - } - - signedCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - signedCert->Data = NULL; - signedCert->Length = 0; - ourRtn = CSSM_CL_CertSign(certReq->clHand, - sigContext, - certTemplate, // CertToBeSigned - NULL, // SignScope - 0, // ScopeSize, - signedCert); - if(ourRtn) { - tpCredDebug("CSSM_CL_CertSign returned %s", - cssmErrorString(ourRtn).c_str()); - CssmError::throwMe(ourRtn); - } - - /* save it for retrieval by RetrieveCredResult */ - addCertToMap(signedCert, &ReferenceIdentifier); - EstimatedTime = 0; - } - catch (const CssmError &cerr) { - tpCredDebug("SubmitCredRequest: CSSM error %s", - cssmErrorString(cerr).c_str()); - ourRtn = cerr.cssmError(); - } - catch(...) { - tpCredDebug("SubmitCredRequest: unknown exception"); - ourRtn = CSSMERR_TP_INTERNAL_ERROR; // ?? - } - - /* free reources */ - tpFreeCssmData(*this, certTemplate, CSSM_TRUE); - freeX509Name(subjectX509); - if(certReq->issuerNames) { - freeX509Name(issuerX509); - } - /* else same as subject */ - freeX509Time(notBeforeX509); - freeX509Time(notAfterX509); - if(extens509) { - free(extens509); - } - if(sigContext != 0) { - CSSM_DeleteContext(sigContext); - } - if(ourRtn) { - CssmError::throwMe(ourRtn); - } -} - -void AppleTPSession::RetrieveCredResult( - const CssmData &ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - sint32 &EstimatedTime, - CSSM_BOOL &ConfirmationRequired, - CSSM_TP_RESULT_SET_PTR &RetrieveOutput) -{ - const CSSM_DATA *cert = getCertFromMap(&ReferenceIdentifier); - - if(cert == NULL) { - tpCredDebug("RetrieveCredResult: refId not found"); - CssmError::throwMe(CSSMERR_TP_INVALID_IDENTIFIER); - } - - /* CSSM_TP_RESULT_SET.Results points to a CSSM_ENCODED_CERT */ - CSSM_ENCODED_CERT *encCert = (CSSM_ENCODED_CERT *)malloc(sizeof(CSSM_ENCODED_CERT)); - encCert->CertType = CSSM_CERT_X_509v3; - encCert->CertEncoding = CSSM_CERT_ENCODING_DER; - - /* - * caller must free all three: - * CSSM_TP_RESULT_SET_PTR RetrieveOutput - * RetrieveOutput->Results (CSSM_ENCODED_CERT *encCert) - * encCert->CertBlob.Data (the actual cert) - */ - encCert->CertBlob = *cert; - RetrieveOutput = (CSSM_TP_RESULT_SET_PTR)malloc( - sizeof(CSSM_TP_RESULT_SET)); - RetrieveOutput->Results = encCert; - RetrieveOutput->NumberOfResults = 1; - ConfirmationRequired = CSSM_FALSE; - EstimatedTime = 0; -} diff --git a/AppleX509TP/tpCrlVerify.cpp b/AppleX509TP/tpCrlVerify.cpp deleted file mode 100644 index 66612fb3..00000000 --- a/AppleX509TP/tpCrlVerify.cpp +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * tpCrlVerify.cpp - routines to verify CRLs and to verify certs against CRLs. - * - * Written 9/26/02 by Doug Mitchell. - */ - -#include "tpCrlVerify.h" -#include "TPCertInfo.h" -#include "TPCrlInfo.h" -#include "tpdebugging.h" -#include "TPNetwork.h" -#include "TPDatabase.h" -#include -#include - -/* crlrefresh does this now */ -#define WRITE_FETCHED_CRLS_TO_DB 0 - -/* - * For now, a process-wide memory resident CRL cache. - * We are responsible for deleting the CRLs which get added to this - * cache. Currently the only time we add a CRL to this cache is - * when we fetch one from the net. We ref count CRLs in this cache - * to allow multi-threaded access. - */ -class TPCRLCache : private TPCrlGroup -{ -public: - TPCRLCache(); - ~TPCRLCache() { } - TPCrlInfo *search( - TPCertInfo &cert, - TPCrlVerifyContext &vfyCtx); - void add( - TPCrlInfo &crl); - void remove( - TPCrlInfo &crl); - void release( - TPCrlInfo &crl); - -private: - /* Protects ref count of all members of the cache */ - Mutex mLock; -}; - -TPCRLCache::TPCRLCache() - : TPCrlGroup(CssmAllocator::standard(), TGO_Group) -{ - -} - -TPCrlInfo *TPCRLCache::search( - TPCertInfo &cert, - TPCrlVerifyContext &vfyCtx) -{ - StLock _(mLock); - TPCrlInfo *crl = findCrlForCert(cert); - if(crl) { - /* reevaluate validity */ - crl->calculateCurrent(vfyCtx.verifyTime); - crl->mRefCount++; - } - return crl; -} - -/* bumps ref count - caller is going to be using the CRL */ -void TPCRLCache::add( - TPCrlInfo &crl) -{ - StLock _(mLock); - crl.mRefCount++; - appendCrl(crl); -} - -/* we delete on this one if --refCount == 0 */ -void TPCRLCache::remove( - TPCrlInfo &crl) -{ - StLock _(mLock); - removeCrl(crl); - release(crl); - assert(crl.mRefCount > 0); - crl.mRefCount--; - if(crl.mRefCount == 0) { - delete &crl; - } - else { - /* in use, flag for future delete */ - crl.mToBeDeleted = true; - } -} - -/* only delete if refCount zero AND flagged for deletion */ -void TPCRLCache::release( - TPCrlInfo &crl) -{ - StLock _(mLock); - assert(crl.mRefCount > 0); - crl.mRefCount--; - if(crl.mToBeDeleted & (crl.mRefCount == 0)) { - delete &crl; - } -} - -static ModuleNexus tpGlobalCrlCache; - -/* - * Find CRL for specified cert. Only returns a fully verified CRL. - * Cert-specific errors such as CSSMERR_APPLETP_CRL_NOT_FOUND will be added - * to cert's return codes. - */ -static CSSM_RETURN tpFindCrlForCert( - TPCertInfo &subject, - TPCrlInfo *&foundCrl, // RETURNED - TPCrlVerifyContext &vfyCtx) -{ - - TPCrlInfo *crl = NULL; - foundCrl = NULL; - CSSM_APPLE_TP_CRL_OPT_FLAGS crlOptFlags = 0; - - if(vfyCtx.crlOpts) { - crlOptFlags = vfyCtx.crlOpts->CrlFlags; - } - - /* Search inputCrls for a CRL for subject cert */ - if(vfyCtx.inputCrls != NULL) { - crl = vfyCtx.inputCrls->findCrlForCert(subject); - if(crl && (crl->verifyWithContext(vfyCtx, &subject) == CSSM_OK)) { - foundCrl = crl; - crl->mFromWhere = CFW_InGroup; - tpCrlDebug(" ...CRL found in CrlGroup"); - return CSSM_OK; - } - } - - /* local process-wide cache */ - crl = tpGlobalCrlCache().search(subject, vfyCtx); - if(crl) { - if(crl->verifyWithContext(vfyCtx, &subject) == CSSM_OK) { - foundCrl = crl; - crl->mFromWhere = CFW_LocalCache; - tpCrlDebug(" ...CRL found in local cache"); - return CSSM_OK; - } - else { - tpGlobalCrlCache().remove(*crl); - } - } - - /* - * Try DL/DB. - * Note tpDbFindIssuerCrl() returns a verified CRL. - */ - crl = tpDbFindIssuerCrl(vfyCtx, *subject.issuerName(), subject); - if(crl) { - foundCrl = crl; - crl->mFromWhere = CFW_DlDb; - tpCrlDebug(" ...CRL found in DlDb"); - return CSSM_OK; - } - - /* Last resort: try net if enabled */ - CSSM_RETURN crtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - crl = NULL; - if(crlOptFlags & CSSM_TP_ACTION_FETCH_CRL_FROM_NET) { - crtn = tpFetchCrlFromNet(subject, vfyCtx, crl); - } - - if(crtn) { - subject.addStatusCode(crtn); - tpCrlDebug(" ...tpFindCrlForCert: CRL not found"); - return crtn; - } - - /* got one from net - add to global cache */ - assert(crl != NULL); - tpGlobalCrlCache().add(*crl); - crl->mFromWhere = CFW_Net; - tpCrlDebug(" ...CRL found from net"); - -#if WRITE_FETCHED_CRLS_TO_DB - /* and to DLDB if enabled */ - if((vfyCtx.crlOpts != NULL) && (vfyCtx.crlOpts->crlStore != NULL)) { - crtn = tpDbStoreCrl(*crl, *vfyCtx.crlOpts->crlStore); - if(crtn) { - /* let's not let this affect the CRL verification...just log - * the per-cert error. */ - subject.addStatusCode(crtn); - } - else { - tpCrlDebug(" ...CRL written to DB"); - } - } -#endif /* WRITE_FETCHED_CRLS_TO_DB */ - - foundCrl = crl; - return CSSM_OK; -} - -/* - * Dispose of a CRL obtained from tpFindCrlForCert(). - */ -static void tpDisposeCrl( - TPCrlInfo &crl, - TPCrlVerifyContext &vfyCtx) -{ - switch(crl.mFromWhere) { - case CFW_Nowhere: - default: - assert(0); - CssmError::throwMe(CSSMERR_TP_INTERNAL_ERROR); - case CFW_InGroup: - /* nothing to do, handled by TPCrlGroup */ - return; - case CFW_DlDb: - /* cooked up specially for this call */ - delete &crl; - return; - case CFW_LocalCache: // cache hit - case CFW_Net: // fetched from net & added to cache - tpGlobalCrlCache().release(crl); - return; - /* probably others */ - } -} - -/* - * Perform CRL verification on a cert group. - * The cert group has already passed basic issuer/subject and signature - * verification. The status of the incoming CRLs is completely unknown. - * - * FIXME - No mechanism to get CRLs from net with non-NULL verifyTime. - * How are we supposed to get the CRL which was valid at a specified - * time in the past? - */ -CSSM_RETURN tpVerifyCertGroupWithCrls( - TPCertGroup &certGroup, // to be verified - TPCrlVerifyContext &vfyCtx) -{ - CSSM_RETURN crtn; - CSSM_RETURN ourRtn = CSSM_OK; - - switch(vfyCtx.policy) { - case kCrlNone: - return CSSM_OK; - case kCrlBasic: - break; - default: - return CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - } - - assert(vfyCtx.clHand != 0); - tpCrlDebug("tpVerifyCertGroupWithCrls numCerts %u", certGroup.numCerts()); - CSSM_APPLE_TP_CRL_OPT_FLAGS optFlags = 0; - if(vfyCtx.crlOpts != NULL) { - optFlags = vfyCtx.crlOpts->CrlFlags; - } - - /* found & verified CRLs we need to release */ - TPCrlGroup foundCrls(vfyCtx.alloc, TGO_Caller); - - try { - - unsigned certDex; - TPCrlInfo *crl = NULL; - - /* main loop, verify each cert */ - for(certDex=0; certDexisAnchor() ? "anchor " : "", cert->index()); - if(cert->isSelfSigned()) { - /* CRL meaningless for a root cert */ - continue; - } - crl = NULL; - do { - /* find a CRL for this cert by hook or crook */ - crtn = tpFindCrlForCert(*cert, crl, vfyCtx); - if(crtn) { - if(!(optFlags & CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT)) { - /* - * This is the only place where "Best Attempt" - * tolerates an error - */ - tpCrlDebug(" ...cert %u: no CRL; skipping", - cert->index()); - crtn = CSSM_OK; - } - break; - } - /* Keep track; we'll release all when done. */ - assert(crl != NULL); - foundCrls.appendCrl(*crl); - - /* revoked? */ - crtn = crl->isCertRevoked(*cert); - if(crtn) { - break; - } - tpCrlDebug(" ...cert %u VERIFIED by CRL", cert->index()); - } while(0); - - /* done processing one cert */ - if(crtn) { - tpCrlDebug(" ...cert at index %u FAILED crl vfy", - cert->index()); - if(ourRtn == CSSM_OK) { - ourRtn = crtn; - } - /* continue on to next cert */ - } /* error on one cert */ - } /* for each cert */ - } - catch(const CssmError &cerr) { - if(ourRtn == CSSM_OK) { - ourRtn = cerr.cssmError(); - } - } - /* other exceptions fatal */ - - /* release all found CRLs */ - for(unsigned dex=0; dex -#include - -class TPCertInfo; -class TPCertGroup; -class TPCrlInfo; -class TPCrlGroup; - -/* - * Enumerated CRL policies enforced by this module. - */ -typedef enum { - kCrlNone, /* no CRL checking */ - kCrlBasic, -} TPCrlPolicy; - -/* Module-specific default policy */ -#define TP_CRL_POLICY_DEFAULT kCrlNone - -/* - * Various parameters widely used in any operation involing the - * verification of CRLs and of a cert against a CRL. Most fields - * are generally optional for a given operation except. - */ -class TPCrlVerifyContext { - NOCOPY(TPCrlVerifyContext) -public: - TPCrlVerifyContext( - CssmAllocator &_alloc, - CSSM_CL_HANDLE _clHand, - CSSM_CSP_HANDLE _cspHand, - CSSM_TIMESTRING _verifyTime, - uint32 _numAnchorCerts, - const CSSM_DATA *_anchorCerts, - TPCertGroup *_signerCerts, - TPCrlGroup *_inputCrls, - TPCertGroup *_gatheredCerts, - CSSM_DL_DB_LIST_PTR _dbList, - TPCrlPolicy _policy, - CSSM_APPLE_TP_ACTION_FLAGS _actionFlags, - CSSM_APPLE_TP_CRL_OPTIONS *_crlOpts) - : alloc(_alloc), - clHand(_clHand), - cspHand(_cspHand), - verifyTime(_verifyTime), - numAnchorCerts(_numAnchorCerts), - anchorCerts(_anchorCerts), - signerCerts(_signerCerts), - inputCrls(_inputCrls), - gatheredCerts(_gatheredCerts), - dbList(_dbList), - policy(_policy), - actionFlags(_actionFlags), - crlOpts(_crlOpts) - { } - - ~TPCrlVerifyContext() { } - - CssmAllocator &alloc; - CSSM_CL_HANDLE clHand; - CSSM_CSP_HANDLE cspHand; - - /* - * NULL means "verify for this momemt", otherwise indicates - * time at which an entity is to be verified. - */ - CSSM_TIMESTRING verifyTime; - - /* trusted anchors */ - /* FIXME - maybe this should be a TPCertGroup */ - uint32 numAnchorCerts; - const CSSM_DATA *anchorCerts; - - /* - * Intermediate CRL signing certs. Optional. - * This could come from the raw cert group to be verified - * in CertGroupVerify(), or the explicit SignerCertGroup in - * CrlVerify(). These certs have not been verified in any - * way other than to ensure that they parse and have been cached - * by the CL. - */ - TPCertGroup *signerCerts; - - /* Raw CRLs provided by caller, state unknown, optional */ - TPCrlGroup *inputCrls; - - /* - * Other certificates gathered during the course of this operation, - * currently consisting of certs fetched from DBs and from the net. - * This is currently set to AppleTPSession::CertGroupVerify's - * certsToBeFreed, to include certs fetched from the net (a - * significant optimization) and from DLDB (a side effect, also - * a slight optimization). - */ - TPCertGroup *gatheredCerts; - - /* can contain certs and/or CRLs */ - CSSM_DL_DB_LIST_PTR dbList; - - TPCrlPolicy policy; - CSSM_APPLE_TP_ACTION_FLAGS actionFlags; - const CSSM_APPLE_TP_CRL_OPTIONS *crlOpts; -}; - -extern "C" { - -CSSM_RETURN tpVerifyCertGroupWithCrls( - TPCertGroup &certGroup, // to be verified - TPCrlVerifyContext &tpVerifyContext); - -} - -#endif /* _TP_CRL_VERIFY_H_ */ diff --git a/AppleX509TP/tpPolicies.cpp b/AppleX509TP/tpPolicies.cpp deleted file mode 100644 index a2c8a6fc..00000000 --- a/AppleX509TP/tpPolicies.cpp +++ /dev/null @@ -1,1344 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - policies.cpp - TP module policy implementation - - Created 10/9/2000 by Doug Mitchell. -*/ - -#include -#include -#include "tpPolicies.h" -#include -#include -#include "tpdebugging.h" -#include "rootCerts.h" -#include "certGroupUtils.h" -#include -#include -#include -#include -#include -#include -#include - - -/* - * Our private per-extension info. One of these per (understood) extension per - * cert. - */ -typedef struct { - CSSM_BOOL present; - CSSM_BOOL critical; - CE_Data *extnData; // mallocd by CL - CSSM_DATA *valToFree; // the data we pass to freeField() -} iSignExtenInfo; - -/* - * Struct to keep track of info pertinent to one cert. - */ -typedef struct { - - /* extensions we're interested in */ - iSignExtenInfo authorityId; - iSignExtenInfo subjectId; - iSignExtenInfo keyUsage; - iSignExtenInfo extendKeyUsage; - iSignExtenInfo basicConstraints; - iSignExtenInfo netscapeCertType; - iSignExtenInfo subjectAltName; - - /* flag indicating presence of a critical extension we don't understand */ - CSSM_BOOL foundUnknownCritical; - -} iSignCertInfo; - - -/* - * Setup a single iSignExtenInfo. Called once per known extension - * per cert. - */ -static CSSM_RETURN tpSetupExtension( - CssmAllocator &alloc, - CSSM_DATA *extnData, - iSignExtenInfo *extnInfo) // which component of certInfo -{ - if(extnData->Length != sizeof(CSSM_X509_EXTENSION)) { - tpPolicyError("tpSetupExtension: malformed CSSM_FIELD"); - return CSSMERR_TP_UNKNOWN_FORMAT; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)extnData->Data; - extnInfo->present = CSSM_TRUE; - extnInfo->critical = cssmExt->critical; - extnInfo->extnData = (CE_Data *)cssmExt->value.parsedValue; - extnInfo->valToFree = extnData; - return CSSM_OK; -} - -/* - * Fetch a known extension, set up associated iSignExtenInfo if present. - */ -static CSSM_RETURN iSignFetchExtension( - CssmAllocator &alloc, - TPCertInfo *tpCert, - const CSSM_OID *fieldOid, // which extension to fetch - iSignExtenInfo *extnInfo) // where the info goes -{ - CSSM_DATA_PTR fieldValue; // mallocd by CL - CSSM_RETURN crtn; - - crtn = tpCert->fetchField(fieldOid, &fieldValue); - switch(crtn) { - case CSSM_OK: - break; - case CSSMERR_CL_NO_FIELD_VALUES: - /* field not present, OK */ - return CSSM_OK; - default: - return crtn; - } - return tpSetupExtension(alloc, - fieldValue, - extnInfo); -} - -/* - * Search for al unknown extensions. If we find one which is flagged critical, - * flag certInfo->foundUnknownCritical. Only returns error on gross errors. - */ -static CSSM_RETURN iSignSearchUnknownExtensions( - TPCertInfo *tpCert, - iSignCertInfo *certInfo) -{ - CSSM_RETURN crtn; - CSSM_DATA_PTR fieldValue = NULL; - CSSM_HANDLE searchHand = CSSM_INVALID_HANDLE; - uint32 numFields = 0; - - crtn = CSSM_CL_CertGetFirstCachedFieldValue(tpCert->clHand(), - tpCert->cacheHand(), - &CSSMOID_X509V3CertificateExtensionCStruct, - &searchHand, - &numFields, - &fieldValue); - switch(crtn) { - case CSSM_OK: - /* found one, proceed */ - break; - case CSSMERR_CL_NO_FIELD_VALUES: - /* no unknown extensions present, OK */ - return CSSM_OK; - default: - return crtn; - } - - if(fieldValue->Length != sizeof(CSSM_X509_EXTENSION)) { - tpPolicyError("iSignSearchUnknownExtensions: malformed CSSM_FIELD"); - return CSSMERR_TP_UNKNOWN_FORMAT; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)fieldValue->Data; - if(cssmExt->critical) { - /* BRRZAPP! Found an unknown extension marked critical */ - certInfo->foundUnknownCritical = CSSM_TRUE; - goto fini; - } - CSSM_CL_FreeFieldValue(tpCert->clHand(), - &CSSMOID_X509V3CertificateExtensionCStruct, - fieldValue); - fieldValue = NULL; - - /* process remaining unknown extensions */ - for(unsigned i=1; iclHand(), - searchHand, - &fieldValue); - if(crtn) { - /* should never happen */ - tpPolicyError("searchUnknownExtensions: GetNextCachedFieldValue" - "error"); - break; - } - if(fieldValue->Length != sizeof(CSSM_X509_EXTENSION)) { - tpPolicyError("iSignSearchUnknownExtensions: " - "malformed CSSM_FIELD"); - crtn = CSSMERR_TP_UNKNOWN_FORMAT; - break; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)fieldValue->Data; - if(cssmExt->critical) { - /* BRRZAPP! Found an unknown extension marked critical */ - certInfo->foundUnknownCritical = CSSM_TRUE; - break; - } - CSSM_CL_FreeFieldValue(tpCert->clHand(), - &CSSMOID_X509V3CertificateExtensionCStruct, - fieldValue); - fieldValue = NULL; - } /* for additional fields */ - -fini: - if(fieldValue) { - CSSM_CL_FreeFieldValue(tpCert->clHand(), - &CSSMOID_X509V3CertificateExtensionCStruct, - fieldValue); - } - if(searchHand != CSSM_INVALID_HANDLE) { - CSSM_CL_CertAbortQuery(tpCert->clHand(), searchHand); - } - return crtn; -} -/* - * Given a TPCertInfo, fetch the associated iSignCertInfo fields. - * Returns CSSM_FAIL on error. - */ -static CSSM_RETURN iSignGetCertInfo( - CssmAllocator &alloc, - TPCertInfo *tpCert, - iSignCertInfo *certInfo) -{ - CSSM_RETURN crtn; - - /* first grind thru the extensions we're interested in */ - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_AuthorityKeyIdentifier, - &certInfo->authorityId); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_SubjectKeyIdentifier, - &certInfo->subjectId); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_KeyUsage, - &certInfo->keyUsage); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_ExtendedKeyUsage, - &certInfo->extendKeyUsage); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_BasicConstraints, - &certInfo->basicConstraints); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_NetscapeCertType, - &certInfo->netscapeCertType); - if(crtn) { - return crtn; - } - crtn = iSignFetchExtension(alloc, - tpCert, - &CSSMOID_SubjectAltName, - &certInfo->subjectAltName); - if(crtn) { - return crtn; - } - - /* now look for extensions we don't understand - the only thing we're interested - * in is the critical flag. */ - return iSignSearchUnknownExtensions(tpCert, certInfo); -} - -/* - * Free (via CL) the fields allocated in iSignGetCertInfo(). - */ -static void iSignFreeCertInfo( - CSSM_CL_HANDLE clHand, - iSignCertInfo *certInfo) -{ - if(certInfo->authorityId.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_AuthorityKeyIdentifier, - certInfo->authorityId.valToFree); - } - if(certInfo->subjectId.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_SubjectKeyIdentifier, - certInfo->subjectId.valToFree); - } - if(certInfo->keyUsage.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_KeyUsage, - certInfo->keyUsage.valToFree); - } - if(certInfo->extendKeyUsage.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_ExtendedKeyUsage, - certInfo->extendKeyUsage.valToFree); - } - if(certInfo->basicConstraints.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_BasicConstraints, - certInfo->basicConstraints.valToFree); - } - if(certInfo->netscapeCertType.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_NetscapeCertType, - certInfo->netscapeCertType.valToFree); - } - if(certInfo->subjectAltName.present) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_SubjectAltName, - certInfo->subjectAltName.valToFree); - } -} - -/* - * See if cert's Subject.{commonName,EmailAddress} matches caller-specified - * string. Returns CSSM_TRUE if match, else returns CSSM_FALSE. - * Also indicates whether *any* of the specified fields were found, regardless - * of match state. - */ -typedef enum { - SN_CommonName, // CSSMOID_CommonName, host name format - SN_Email // CSSMOID_EmailAddress -} SubjSubjNameSearchType; - -static CSSM_BOOL tpCompareSubjectName( - TPCertInfo &cert, - SubjSubjNameSearchType searchType, - const char *callerStr, // already tpToLower'd - uint32 callerStrLen, - bool &fieldFound) -{ - char *certName = NULL; // from cert's subject name - uint32 certNameLen = 0; - CSSM_DATA_PTR subjNameData = NULL; - CSSM_RETURN crtn; - CSSM_BOOL ourRtn = CSSM_FALSE; - const CSSM_OID *oidSrch; - - fieldFound = false; - switch(searchType) { - case SN_CommonName: - oidSrch = &CSSMOID_CommonName; - break; - case SN_Email: - oidSrch = &CSSMOID_EmailAddress; - break; - default: - assert(0); - return CSSM_FALSE; - } - crtn = cert.fetchField(&CSSMOID_X509V1SubjectNameCStruct, &subjNameData); - if(crtn) { - /* should never happen, we shouldn't be here if there is no subject */ - tpPolicyError("tp_verifySslOpts: error retrieving subject name"); - return CSSM_FALSE; - } - CSSM_X509_NAME_PTR x509name = (CSSM_X509_NAME_PTR)subjNameData->Data; - if((x509name == NULL) || (subjNameData->Length != sizeof(CSSM_X509_NAME))) { - tpPolicyError("tp_verifySslOpts: malformed CSSM_X509_NAME"); - cert.freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); - return CSSM_FALSE; - } - - /* Now grunge thru the X509 name looking for a common name */ - CSSM_X509_TYPE_VALUE_PAIR *ptvp; - CSSM_X509_RDN_PTR rdnp; - unsigned rdnDex; - unsigned pairDex; - - for(rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - rdnp = &x509name->RelativeDistinguishedName[rdnDex]; - for(pairDex=0; pairDexnumberOfPairs; pairDex++) { - ptvp = &rdnp->AttributeTypeAndValue[pairDex]; - if(tpCompareOids(&ptvp->type, oidSrch)) { - fieldFound = true; - certName = (char *)ptvp->value.Data; - certNameLen = ptvp->value.Length; - switch(searchType) { - case SN_CommonName: - ourRtn = tpCompareHostNames(callerStr, callerStrLen, - certName, certNameLen); - break; - case SN_Email: - ourRtn = tpCompareEmailAddr(callerStr, callerStrLen, - certName, certNameLen); - break; - } - if(ourRtn) { - /* success */ - break; - } - /* else keep going, maybe there's another common name */ - } - } - if(ourRtn) { - break; - } - } - cert.freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); - return ourRtn; -} - -/* - * Compare ASCII form of an IP address to a CSSM_DATA containing - * the IP address's numeric components. Returns true on match. - */ -static CSSM_BOOL tpCompIpAddrStr( - const char *str, - unsigned strLen, - const CSSM_DATA *numeric) -{ - const char *cp = str; - const char *nextDot; - char buf[100]; - - if((numeric == NULL) || (numeric->Length == 0) || (str == NULL)) { - return CSSM_FALSE; - } - if(cp[strLen - 1] == '\0') { - /* ignore NULL terminator */ - strLen--; - } - for(unsigned dex=0; dexLength; dex++) { - /* cp points to start of current string digit */ - /* find next dot */ - const char *lastChar = cp + strLen; - nextDot = cp + 1; - for( ; nextDotLength - 1)) { - return CSSM_FALSE; - } - } - else if(dex == (numeric->Length - 1)) { - return CSSM_FALSE; - } - unsigned digLen = nextDot - cp; - if(digLen >= sizeof(buf)) { - /* preposterous */ - return CSSM_FALSE; - } - memmove(buf, cp, digLen); - buf[digLen] = '\0'; - /* incr digLen to include the next dot */ - digLen++; - cp += digLen; - strLen -= digLen; - int digVal = atoi(buf); - if(digVal != numeric->Data[dex]) { - return CSSM_FALSE; - } - } - return CSSM_TRUE; -} - -/* - * See if cert's subjectAltName contains an element matching caller-specified - * string, hostname, in the following forms: - * - * SAN_HostName : dnsName, iPAddress - * SAN_Email : RFC822Name - * - * Returns CSSM_TRUE if match, else returns CSSM_FALSE. - * - * Also indicates whether or not a dnsName (search type HostName) or - * RFC822Name (search type SAM_Email) was found, regardless of result - * of comparison. - * - * The appStr/appStrLen args are optional - if NULL/0, only the - * search for dnsName/RFC822Name is done. - */ -typedef enum { - SAN_HostName, - SAN_Email -} SubjAltNameSearchType; - -static CSSM_BOOL tpCompareSubjectAltName( - const iSignExtenInfo &subjAltNameInfo, - const char *appStr, - uint32 appStrLen, - SubjAltNameSearchType searchType, - bool &dnsNameFound, // RETURNED, SAN_HostName case - bool &emailFound) // RETURNED, SAN_Email case -{ - dnsNameFound = false; - emailFound = false; - if(!subjAltNameInfo.present) { - /* common failure, no subjectAltName found */ - return CSSM_FALSE; - } - - CE_GeneralNames *names = &subjAltNameInfo.extnData->subjectAltName; - CSSM_BOOL ourRtn = CSSM_FALSE; - char *certName; - unsigned certNameLen; - - /* Search thru the CE_GeneralNames looking for the appropriate attribute */ - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *name = &names->generalName[dex]; - switch(searchType) { - case SAN_HostName: - switch(name->nameType) { - case GNT_IPAddress: - if(appStr == NULL) { - /* nothing to do here */ - break; - } - ourRtn = tpCompIpAddrStr(appStr, appStrLen, &name->name); - break; - - case GNT_DNSName: - if(name->berEncoded) { - tpErrorLog("tpCompareSubjectAltName: malformed " - "CE_GeneralName (1)\n"); - break; - } - certName = (char *)name->name.Data; - if(certName == NULL) { - tpErrorLog("tpCompareSubjectAltName: malformed " - "CE_GeneralName (2)\n"); - break; - } - certNameLen = name->name.Length; - dnsNameFound = true; - if(appStr != NULL) { - /* skip if caller passed in NULL */ - ourRtn = tpCompareHostNames(appStr, appStrLen, - certName, certNameLen); - } - break; - - default: - /* not interested, proceed to next name */ - break; - } - break; /* from case HostName */ - - case SAN_Email: - if(name->nameType != GNT_RFC822Name) { - /* not interested */ - break; - } - certName = (char *)name->name.Data; - if(certName == NULL) { - tpErrorLog("tpCompareSubjectAltName: malformed " - "GNT_RFC822Name\n"); - break; - } - certNameLen = name->name.Length; - emailFound = true; - if(appStr != NULL) { - ourRtn = tpCompareEmailAddr(appStr, appStrLen, certName, - certNameLen); - } - break; - } - if(ourRtn) { - /* success */ - break; - } - } - return ourRtn; -} - -/* is host name in the form of a.b.c.d, where a,b,c, and d are digits? */ -static CSSM_BOOL tpIsNumeric( - const char *hostName, - unsigned hostNameLen) -{ - if(hostName[hostNameLen - 1] == '\0') { - /* ignore NULL terminator */ - hostNameLen--; - } - for(unsigned i=0; iData == NULL)) { - /* optional */ - return CSSM_OK; - } - CSSM_APPLE_TP_SSL_OPTIONS *sslOpts; - sslOpts = (CSSM_APPLE_TP_SSL_OPTIONS *)sslFieldOpts->Data; - switch(sslOpts->Version) { - case CSSM_APPLE_TP_SSL_OPTS_VERSION: - if(sslFieldOpts->Length != sizeof(CSSM_APPLE_TP_SSL_OPTIONS)) { - return CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - } - break; - /* handle backwards compatibility here if necessary */ - default: - return CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - } - - unsigned hostNameLen = sslOpts->ServerNameLen; - - if(hostNameLen == 0) { - /* optional */ - return CSSM_OK; - } - if(sslOpts->ServerName == NULL) { - return CSSMERR_TP_INVALID_POINTER; - } - - /* convert caller's hostname string to lower case */ - char *hostName = (char *)certGroup.alloc().malloc(hostNameLen); - memmove(hostName, sslOpts->ServerName, hostNameLen); - tpToLower(hostName, hostNameLen); - - TPCertInfo *leaf = certGroup.certAtIndex(0); - assert(leaf != NULL); - - CSSM_BOOL match = CSSM_FALSE; - - /* First check subjectAltName... */ - bool dnsNameFound = false; - bool dummy; - match = tpCompareSubjectAltName(leafCertInfo.subjectAltName, - hostName, hostNameLen, - SAN_HostName, dnsNameFound, dummy); - - /* - * Then common name, if - * -- no match from subjectAltName, AND - * -- dnsName was NOT found, AND - * -- hostName is not strictly numeric form (1.2.3.4) - */ - if(!match && !dnsNameFound && !tpIsNumeric(hostName, hostNameLen)) { - bool fieldFound; - match = tpCompareSubjectName(*leaf, SN_CommonName, hostName, hostNameLen, - fieldFound); - } - certGroup.alloc().free(hostName); - if(match) { - return CSSM_OK; - } - else { - leaf->addStatusCode(CSSMERR_APPLETP_HOSTNAME_MISMATCH); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } -} - -/* - * Verify SMIME options. - */ -#define CE_CIPHER_MASK (~(CE_KU_EncipherOnly | CE_KU_DecipherOnly)) - -static CSSM_RETURN tp_verifySmimeOpts( - TPCertGroup &certGroup, - const CSSM_DATA *smimeFieldOpts, - const iSignCertInfo &leafCertInfo) -{ - /* - * First validate optional S/MIME options. - */ - CSSM_APPLE_TP_SMIME_OPTIONS *smimeOpts = NULL; - if(smimeFieldOpts != NULL) { - smimeOpts = (CSSM_APPLE_TP_SMIME_OPTIONS *)smimeFieldOpts->Data; - } - if(smimeOpts != NULL) { - switch(smimeOpts->Version) { - case CSSM_APPLE_TP_SMIME_OPTS_VERSION: - if(smimeFieldOpts->Length != - sizeof(CSSM_APPLE_TP_SMIME_OPTIONS)) { - return CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - } - break; - /* handle backwards compatibility here if necessary */ - default: - return CSSMERR_TP_INVALID_POLICY_IDENTIFIERS; - } - } - - TPCertInfo *leaf = certGroup.certAtIndex(0); - assert(leaf != NULL); - - /* Verify optional email address */ - unsigned emailLen = 0; - if(smimeOpts != NULL) { - emailLen = smimeOpts->SenderEmailLen; - } - bool emailFoundInSAN = false; - if(emailLen != 0) { - if(smimeOpts->SenderEmail == NULL) { - return CSSMERR_TP_INVALID_POINTER; - } - - /* normalize caller's email string */ - char *email = (char *)certGroup.alloc().malloc(emailLen); - memmove(email, smimeOpts->SenderEmail, emailLen); - tpNormalizeAddrSpec(email, emailLen); - - CSSM_BOOL match = false; - - /* - * First check subjectAltName. The emailFound bool indicates - * that *some* email address was found, regardless of a match - * condition. - */ - bool dummy; - match = tpCompareSubjectAltName(leafCertInfo.subjectAltName, - email, emailLen, - SAN_Email, dummy, emailFoundInSAN); - - /* - * Then subject DN, CSSMOID_EmailAddress, if no match from - * subjectAltName - */ - bool emailFoundInDn = false; - if(!match) { - match = tpCompareSubjectName(*leaf, SN_Email, email, emailLen, - emailFoundInDn); - } - certGroup.alloc().free(email); - - /* - * Error here only if no match found but there was indeed *some* - * email address in the cert. - */ - if(!match && (emailFoundInSAN || emailFoundInDn)) { - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND); - tpPolicyError("SMIME email addrs in cert but no match"); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - } - - /* - * Going by the letter of the law, here's what RFC 2632 has to say - * about the legality of an empty Subject Name: - * - * ...the subject DN in a user's (i.e. end-entity) certificate MAY - * be an empty SEQUENCE in which case the subjectAltName extension - * will include the subject's identifier and MUST be marked as - * critical. - * - * OK, first examine the leaf cert's subject name. - */ - CSSM_RETURN crtn; - CSSM_DATA_PTR subjNameData = NULL; - crtn = leaf->fetchField(&CSSMOID_X509V1SubjectNameCStruct, &subjNameData); - if(crtn) { - /* This should really never happen */ - tpPolicyError("SMIME policy: error fetching subjectName"); - leaf->addStatusCode(CSSMERR_TP_INVALID_CERTIFICATE); - return CSSMERR_TP_INVALID_CERTIFICATE; - } - /* must do a leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct on exit */ - - const CSSM_X509_NAME *x509Name = (const CSSM_X509_NAME *)subjNameData->Data; - if(x509Name->numberOfRDNs == 0) { - /* - * Empty subject name. If we haven't already seen a valid - * email address in the subject alternate name (by looking - * for a specific address specified by app), try to find - * one now. - */ - if(!emailFoundInSAN && // haven't found one, and - (emailLen == 0)) { // didn't even look yet - bool dummy; - tpCompareSubjectAltName(leafCertInfo.subjectAltName, - NULL, 0, // email, emailLen, - SAN_Email, dummy, - emailFoundInSAN); // the variable we're updating - } - if(!emailFoundInSAN) { - tpPolicyError("SMIME policy fail: empty subject name and " - "no Email Addrs in SubjectAltName"); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS); - leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - - /* - * One more thing: this leaf must indeed have a subjAltName - * extension and it must be critical. We would not have gotten this - * far if the subjAltName extension was not actually present.... - */ - assert(leafCertInfo.subjectAltName.present); - if(!leafCertInfo.subjectAltName.critical) { - tpPolicyError("SMIME policy fail: empty subject name and " - "no Email Addrs in SubjectAltName"); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT); - leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - } - leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); - - /* - * Enforce the usage of the key associated with the leaf cert. - * Cert's KeyUsage must be a superset of what the app is trying to do. - * Note the {en,de}cipherONly flags are handledÊseparately.... - */ - const iSignExtenInfo &kuInfo = leafCertInfo.keyUsage; - if(kuInfo.present) { - CE_KeyUsage certKu = *((CE_KeyUsage *)kuInfo.extnData); - CE_KeyUsage appKu = smimeOpts->IntendedUsage; - CE_KeyUsage intersection = certKu & appKu; - if((intersection & CE_CIPHER_MASK) != (appKu & CE_CIPHER_MASK)) { - tpPolicyError("SMIME KeyUsage err: appKu 0x%x certKu 0x%x", - appKu, certKu); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_BAD_KEY_USE); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - - /* Now the en/de cipher only bits - for keyAgreement only */ - if(appKu & CE_KU_KeyAgreement) { - /* - * 1. App wants to use this for key agreement; it must - * say what it wants to do with the derived key. - * In this context, the app's XXXonly bit means that - * it wants to use the key for that op - not necessarliy - * "only". - */ - if((appKu & (CE_KU_EncipherOnly | CE_KU_DecipherOnly)) == 0) { - tpPolicyError("SMIME KeyUsage err: KeyAgreement with " - "no Encipher or Decipher"); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_BAD_KEY_USE); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - - /* - * 2. If cert restricts to encipher only make sure the - * app isn't trying to decipher. - */ - if((certKu & CE_KU_EncipherOnly) && - (appKu & CE_KU_DecipherOnly)) { - tpPolicyError("SMIME KeyUsage err: cert EncipherOnly, " - "app wants to decipher"); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_BAD_KEY_USE); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - - /* - * 3. If cert restricts to decipher only make sure the - * app isn't trying to encipher. - */ - if((certKu & CE_KU_DecipherOnly) && - (appKu & CE_KU_EncipherOnly)) { - tpPolicyError("SMIME KeyUsage err: cert DecipherOnly, " - "app wants to encipher"); - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_BAD_KEY_USE); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - } - } - - /* - * Ensure that, if an extendedKeyUsage extension is present in the - * leaf, that either emailProtection or anyExtendedKeyUsage usages is present - */ - const iSignExtenInfo &ekuInfo = leafCertInfo.extendKeyUsage; - if(ekuInfo.present) { - bool foundGoodEku = false; - CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)ekuInfo.extnData; - assert(eku != NULL); - for(unsigned i=0; inumPurposes; i++) { - if(tpCompareOids(&eku->purposes[i], &CSSMOID_EmailProtection)) { - foundGoodEku = true; - break; - } - if(tpCompareOids(&eku->purposes[i], &CSSMOID_ExtendedKeyUsageAny)) { - foundGoodEku = true; - break; - } - } - if(!foundGoodEku) { - leaf->addStatusCode(CSSMERR_APPLETP_SMIME_BAD_EXT_KEY_USE); - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - } - - return CSSM_OK; -} - -/* - * RFC2459 says basicConstraints must be flagged critical for - * CA certs, but Verisign doesn't work that way. - */ -#define BASIC_CONSTRAINTS_MUST_BE_CRITICAL 0 - -/* - * TP iSign spec says Extended Key Usage required for leaf certs, - * but Verisign doesn't work that way. - */ -#define EXTENDED_KEY_USAGE_REQUIRED_FOR_LEAF 0 - -/* - * TP iSign spec says Subject Alternate Name required for leaf certs, - * but Verisign doesn't work that way. - */ -#define SUBJECT_ALT_NAME_REQUIRED_FOR_LEAF 0 - -/* - * TP iSign spec originally required KeyUsage for all certs, but - * Verisign doesn't have that in their roots. - */ -#define KEY_USAGE_REQUIRED_FOR_ROOT 0 - -/* - * RFC 2632, "S/MIME Version 3 Certificate Handling", section - * 4.4.2, says that KeyUsage extensions MUST be flagged critical, - * but Thawte's intermediate cert (common namd "Thawte Personal - * Freemail Issuing CA" does not meet this requirement. - */ -#define SMIME_KEY_USAGE_MUST_BE_CRITICAL 0 - -/* - * Public routine to perform TP verification on a constructed - * cert group. - * Returns CSSM_TRUE on success. - * Asumes the chain has passed basic subject/issuer verification. First cert of - * incoming certGroup is end-entity (leaf). - * - * Per-policy details: - * iSign: Assumes that last cert in incoming certGroup is a root cert. - * Also assumes a cert group of more than one cert. - * kTPx509Basic: CertGroup of length one allowed. - */ -CSSM_RETURN tp_policyVerify( - TPPolicy policy, - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup *certGroup, - CSSM_BOOL verifiedToRoot, // last cert is good root - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - const CSSM_DATA *policyFieldData, // optional - void *policyOpts) // future options -{ - iSignCertInfo *certInfo = NULL; - uint32 numCerts; - iSignCertInfo *thisCertInfo; - uint16 expUsage; - uint16 actUsage; - unsigned certDex; - CSSM_BOOL cA = CSSM_FALSE; // init for compiler warning - bool isLeaf; // end entity - bool isRoot; // root cert - CE_ExtendedKeyUsage *extendUsage; - CE_AuthorityKeyID *authorityId; - CSSM_RETURN outErr = CSSM_OK; // for gross, non-policy errors - CSSM_BOOL policyFail = CSSM_FALSE; - - /* First, kTPDefault is a nop here */ - if(policy == kTPDefault) { - return CSSM_OK; - } - - if(certGroup == NULL) { - return CSSMERR_TP_INVALID_CERTGROUP; - } - numCerts = certGroup->numCerts(); - if(numCerts == 0) { - return CSSMERR_TP_INVALID_CERTGROUP; - } - if(policy == kTPiSign) { - if(!verifiedToRoot) { - /* no way, this requires a root cert */ - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - if(numCerts <= 1) { - /* nope, not for iSign */ - return CSSMERR_TP_VERIFY_ACTION_FAILED; - } - } - - /* cook up an iSignCertInfo array */ - certInfo = (iSignCertInfo *)tpCalloc(alloc, numCerts, sizeof(iSignCertInfo)); - /* subsequent errors to errOut: */ - - /* fill it with interesting info from parsed certs */ - for(certDex=0; certDexcertAtIndex(certDex), - &certInfo[certDex])) { - (certGroup->certAtIndex(certDex))->addStatusCode( - CSSMERR_TP_INVALID_CERTIFICATE); - /* this one is fatal */ - outErr = CSSMERR_TP_INVALID_CERTIFICATE; - goto errOut; - } - } - - /* - * OK, the heart of TP enforcement. - * First check for presence of required extensions and - * critical extensions we don't understand. - */ - for(certDex=0; certDexcertAtIndex(certDex); - - if(thisCertInfo->foundUnknownCritical) { - /* illegal for all policies */ - tpPolicyError("tp_policyVerify: critical flag in unknown " - "extension"); - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN); - policyFail = CSSM_TRUE; - } - - /* - * Note it's possible for both of these to be true, for a - * of length one (kTPx509Basic, kCrlPolicy only!) - * FIXME: should this code work of the last cert in the chain is - * NOT a root? - */ - isLeaf = thisTpCertInfo->isLeaf(); - isRoot = thisTpCertInfo->isSelfSigned(); - - /* - * BasicConstraints.cA - * iSign: required in all but leaf and root, - * for which it is optional (with default values of false - * for leaf and true for root). - * kTPx509Basic, - * kTP_SSL, - * kTP_SMIME always optional, default of false for leaf and - * true for others - * All: cA must be false for leaf, true for others - */ - if(!thisCertInfo->basicConstraints.present) { - /* - * No basicConstraints present; infer a cA value if appropriate. - */ - if(isLeaf) { - /* cool, use default; note that kTPx509Basic with - * certGroup length of one may take this case */ - cA = CSSM_FALSE; - } - else if(isRoot) { - /* cool, use default */ - cA = CSSM_TRUE; - } - else { - switch(policy) { - case kTPx509Basic: - case kTP_SSL: - case kCrlPolicy: - case kTP_SMIME: - /* - * not present, not leaf, not root.... - * ....RFC2459 says this can not be a CA - */ - cA = CSSM_FALSE; - break; - case kTPiSign: - /* required for iSign in this position */ - tpPolicyError("tp_policyVerify: no " - "basicConstraints"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode( - CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS); - break; - default: - /* not reached */ - assert(0); - break; - } - } - } - else { - /* basicConstraints present */ - #if BASIC_CONSTRAINTS_MUST_BE_CRITICAL - /* disabled for verisign compatibility */ - if(!thisCertInfo->basicConstraints.critical) { - /* per RFC 2459 */ - tpPolicyError("tp_policyVerify: basicConstraints marked " - "not critical"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_TP_VERIFY_ACTION_FAILED); - } - #endif /* BASIC_CONSTRAINTS_MUST_BE_CRITICAL */ - - const CE_BasicConstraints *bcp = - &thisCertInfo->basicConstraints.extnData->basicConstraints; - - cA = bcp->cA; - - /* Verify pathLenConstraint if present */ - if(!isLeaf && // leaf, certDex=0, don't care - cA && // p.l.c. only valid for CAs - bcp->pathLenConstraintPresent) { // present? - /* - * pathLenConstraint=0 legal for certDex 1 only - * pathLenConstraint=1 legal for certDex {1,2} - * etc. - */ - if(certDex > (bcp->pathLenConstraint + 1)) { - tpPolicyError("tp_policyVerify: pathLenConstraint " - "exceeded"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode( - CSSMERR_APPLETP_PATH_LEN_CONSTRAINT); - } - } - } - - if(isLeaf) { - /* - * Special cases to allow a chain of length 1, leaf and root - * both true, and for caller to override the "leaf can't be a CA" - * requirement when a CA cert is explicitly being evaluated as the - * leaf. - */ - if(cA && !isRoot && - !(actionFlags & CSSM_TP_ACTION_LEAF_IS_CA)) { - tpPolicyError("tp_policyVerify: cA true for leaf"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA); - } - } else if(!cA) { - tpPolicyError("tp_policyVerify: cA false for non-leaf"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA); - } - - /* - * Authority Key Identifier optional - * iSign : only allowed in !root. - * If present, must not be critical. - * kTPx509Basic, - * kTP_SSL, - * kTP_SMIME : ignored (though used later for chain verification) - */ - if((policy == kTPiSign) && thisCertInfo->authorityId.present) { - if(isRoot) { - tpPolicyError("tp_policyVerify: authorityId in root"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID); - } - if(thisCertInfo->authorityId.critical) { - /* illegal per RFC 2459 */ - tpPolicyError("tp_policyVerify: authorityId marked " - "critical"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID); - } - } - - /* - * Subject Key Identifier optional - * iSign : can't be critical. - * kTPx509Basic, - * kTP_SSL, - * kTP_SMIME : ignored (though used later for chain verification) - */ - if(thisCertInfo->subjectId.present) { - if((policy == kTPiSign) && thisCertInfo->subjectId.critical) { - tpPolicyError("tp_policyVerify: subjectId marked critical"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_SUBJECT_ID); - } - } - - /* - * Key Usage optional except as noted required - * iSign : required for non-root/non-leaf - * Leaf cert : if present, usage = digitalSignature - * Exception : if leaf, and keyUsage not present, - * netscape-cert-type must be present, with - * Object Signing bit set - * kTPx509Basic, - * kTP_SSL, - * kTP_SMIME, : non-leaf : usage = keyCertSign - * Leaf: don't care - * kCrlPolicy : Leaf: usage = CRLSign - * kTP_SMIME : if present, must be critical - */ - if(thisCertInfo->keyUsage.present) { - /* - * Leaf cert: usage = digitalSignature - * Others: usage = keyCertSign - * We only require that one bit to be set, we ignore others. - */ - if(isLeaf) { - switch(policy) { - case kTPiSign: - expUsage = CE_KU_DigitalSignature; - break; - case kCrlPolicy: - /* if present, this bit must be set */ - expUsage = CE_KU_CRLSign; - break; - default: - /* hack to accept whatever's there */ - expUsage = thisCertInfo->keyUsage.extnData->keyUsage; - break; - } - } - else { - /* this is true for all policies */ - expUsage = CE_KU_KeyCertSign; - } - actUsage = thisCertInfo->keyUsage.extnData->keyUsage; - if(!(actUsage & expUsage)) { - tpPolicyError("tp_policyVerify: bad keyUsage (leaf %s; " - "usage 0x%x)", - (certDex == 0) ? "TRUE" : "FALSE", actUsage); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); - } - #if 0 - if((policy == kTP_SMIME) && !thisCertInfo->keyUsage.critical) { - /* - * Per Radar 3410245, allow this for intermediate certs. - */ - if(SMIME_KEY_USAGE_MUST_BE_CRITICAL || isLeaf || isRoot) { - tpPolicyError("tp_policyVerify: key usage, !critical, SMIME"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_SMIME_KEYUSAGE_NOT_CRITICAL); - } - } - #endif - } - else if(policy == kTPiSign) { - /* - * iSign requires keyUsage present for non root OR - * netscape-cert-type/ObjectSigning for leaf - */ - if(isLeaf && thisCertInfo->netscapeCertType.present) { - CE_NetscapeCertType ct = - thisCertInfo->netscapeCertType.extnData->netscapeCertType; - - if(!(ct & CE_NCT_ObjSign)) { - tpPolicyError("tp_policyVerify: netscape-cert-type, " - "!ObjectSign"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); - } - } - else if(!isRoot) { - tpPolicyError("tp_policyVerify: !isRoot, no keyUsage, " - "!(leaf and netscapeCertType)"); - policyFail = CSSM_TRUE; - thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); - } - } - } /* for certDex, checking presence of extensions */ - - /* - * Special case checking for leaf (end entity) cert - * - * iSign only: Extended key usage, optional for leaf, - * value CSSMOID_ExtendedUseCodeSigning - */ - if((policy == kTPiSign) && certInfo[0].extendKeyUsage.present) { - extendUsage = &certInfo[0].extendKeyUsage.extnData->extendedKeyUsage; - if(extendUsage->numPurposes != 1) { - tpPolicyError("tp_policyVerify: bad extendUsage->numPurposes " - "(%d)", - (int)extendUsage->numPurposes); - policyFail = CSSM_TRUE; - (certGroup->certAtIndex(0))->addStatusCode( - CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE); - } - if(!tpCompareOids(extendUsage->purposes, - &CSSMOID_ExtendedUseCodeSigning)) { - tpPolicyError("tp_policyVerify: bad extendKeyUsage"); - policyFail = CSSM_TRUE; - (certGroup->certAtIndex(0))->addStatusCode( - CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE); - } - } - - /* - * Verify authorityId-->subjectId linkage. - * All optional - skip if needed fields not present. - * Also, always skip last (root) cert. - */ - for(certDex=0; certDex<(numCerts-1); certDex++) { - if(!certInfo[certDex].authorityId.present || - !certInfo[certDex+1].subjectId.present) { - continue; - } - authorityId = &certInfo[certDex].authorityId.extnData->authorityKeyID; - if(!authorityId->keyIdentifierPresent) { - /* we only know how to compare keyIdentifier */ - continue; - } - if(!tpCompareCssmData(&authorityId->keyIdentifier, - &certInfo[certDex+1].subjectId.extnData->subjectKeyID)) { - tpPolicyError("tp_policyVerify: bad key ID linkage"); - policyFail = CSSM_TRUE; - (certGroup->certAtIndex(certDex))->addStatusCode( - CSSMERR_APPLETP_INVALID_ID_LINKAGE); - } - } - - /* - * SSL: optionally verify common name. - * FIXME - should this be before or after the root cert test? How can - * we return both errors? - */ - if(policy == kTP_SSL) { - CSSM_RETURN cerr = tp_verifySslOpts(*certGroup, policyFieldData, - certInfo[0]); - if(cerr) { - policyFail = CSSM_TRUE; - } - } - - /* S/MIME */ - if(policy == kTP_SMIME) { - CSSM_RETURN cerr = tp_verifySmimeOpts(*certGroup, policyFieldData, - certInfo[0]); - if(cerr) { - policyFail = CSSM_TRUE; - } - } - - if(policyFail && (outErr == CSSM_OK)) { - /* only error in this function was policy failure */ - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - } -errOut: - /* free resources */ - for(certDex=0; certDex -#include -#include -#include "TPCertInfo.h" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/* - * Private CSSM_APPLE_TP_ACTION_FLAGS value to enable implicit - * root certs. - */ -#define CSSM_TP_USE_INTERNAL_ROOT_CERTS 0x80000000 - -/* - * Enumerated certificate policies enforced by this module. - */ -typedef enum { - kTPDefault, /* no extension parsing, just sig and expiration */ - kTPx509Basic, /* basic X.509/RFC2459 */ - kTPiSign, /* Apple code signing */ - kTP_SSL, /* SecureTransport/SSL */ - kCrlPolicy, /* cert chain verification via CRL */ - kTP_SMIME /* S/MIME */ -} TPPolicy; - -/* - * Perform TP verification on a constructed (ordered) cert group. - * Returns CSSM_TRUE on success. - */ -CSSM_RETURN tp_policyVerify( - TPPolicy policy, - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup *certGroup, - CSSM_BOOL verifiedToRoot, // last cert is good root - CSSM_APPLE_TP_ACTION_FLAGS actionFlags, - const CSSM_DATA *policyFieldData, // optional - void *policyControl); // future use - -#ifdef __cplusplus -} -#endif -#endif /* _TP_POLICIES_H_ */ diff --git a/AppleX509TP/tpTime.c b/AppleX509TP/tpTime.c deleted file mode 100644 index 55e6835c..00000000 --- a/AppleX509TP/tpTime.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * tpTime.c - cert related time functions - * - * Written 10/10/2000 by Doug Mitchell. - */ - -#include "tpTime.h" -#include -#include -#include -#include -#include - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -int timeStringToTm( - const char *str, - unsigned len, - struct tm *tmp) -{ - char szTemp[5]; - bool isUtc = false; // 2-digit year - bool isCssmTime = false; // no trailing 'Z' - unsigned x; - unsigned i; - char *cp; - - if((str == NULL) || (len == 0) || (tmp == NULL)) { - return 1; - } - - /* tolerate NULL terminated or not */ - if(str[len - 1] == '\0') { - len--; - } - switch(len) { - case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant - isUtc = true; - break; - case CSSM_TIME_STRLEN: - isCssmTime = true; - break; - case GENERALIZED_TIME_STRLEN: // 4-digit year - break; - default: // unknown format - return 1; - } - - cp = (char *)str; - - /* check that all characters except last are digits */ - for(i=0; i<(len - 1); i++) { - if ( !(isdigit(cp[i])) ) { - return 1; - } - } - - /* check last character is a 'Z' or digit as appropriate */ - if(isCssmTime) { - if(!isdigit(cp[len - 1])) { - return 1; - } - } - else { - if(cp[len - 1] != 'Z' ) { - return 1; - } - } - - /* YEAR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - if(!isUtc) { - /* two more digits */ - szTemp[2] = *cp++; - szTemp[3] = *cp++; - szTemp[4] = '\0'; - } - else { - szTemp[2] = '\0'; - } - x = atoi( szTemp ); - if(isUtc) { - /* - * 2-digit year. - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX - * ...though we allow this as of 10/10/02...dmitch - * 70 < year <= 99 : assume century 20 - */ - if(x < 50) { - x += 2000; - } - /* - else if(x < 70) { - return 1; - } - */ - else { - /* century 20 */ - x += 1900; - } - } - /* by definition - tm_year is year - 1900 */ - tmp->tm_year = x - 1900; - - /* MONTH */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* in the string, months are from 1 to 12 */ - if((x > 12) || (x <= 0)) { - return 1; - } - /* in a tm, 0 to 11 */ - tmp->tm_mon = x - 1; - - /* DAY */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* 1..31 in both formats */ - if((x > 31) || (x <= 0)) { - return 1; - } - tmp->tm_mday = x; - - /* HOUR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 23) || (x < 0)) { - return 1; - } - tmp->tm_hour = x; - - /* MINUTE */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_min = x; - - /* SECOND */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_sec = x; - return 0; -} - -/* - * Return current GMT time as a struct tm. - * Caller must hold tpTimeLock. - */ -void nowTime( - struct tm *now) -{ - time_t nowTime = time(NULL); - *now = *gmtime(&nowTime); -} - -/* - * Compare two times. Assumes they're both in GMT. Returns: - * -1 if t1 < t2 - * 0 if t1 == t2 - * 1 if t1 > t2 - */ -int compareTimes( - const struct tm *t1, - const struct tm *t2) -{ - if(t1->tm_year > t2->tm_year) { - return 1; - } - else if(t1->tm_year < t2->tm_year) { - return -1; - } - /* year equal */ - else if(t1->tm_mon > t2->tm_mon) { - return 1; - } - else if(t1->tm_mon < t2->tm_mon) { - return -1; - } - /* month equal */ - else if(t1->tm_mday > t2->tm_mday) { - return 1; - } - else if(t1->tm_mday < t2->tm_mday) { - return -1; - } - /* day of month equal */ - else if(t1->tm_hour > t2->tm_hour) { - return 1; - } - else if(t1->tm_hour < t2->tm_hour) { - return -1; - } - /* hour equal */ - else if(t1->tm_min > t2->tm_min) { - return 1; - } - else if(t1->tm_min < t2->tm_min) { - return -1; - } - /* minute equal */ - else if(t1->tm_sec > t2->tm_sec) { - return 1; - } - else if(t1->tm_sec < t2->tm_sec) { - return -1; - } - /* equal */ - return 0; -} - -/* - * Create a time string, in either UTC (2-digit) or or Generalized (4-digit) - * year format. Caller mallocs the output string whose length is at least - * (UTC_TIME_STRLEN+1), (GENERALIZED_TIME_STRLEN+1), or (CSSM_TIME_STRLEN+1) - * respectively. Caller must hold tpTimeLock. - */ -void timeAtNowPlus(unsigned secFromNow, - TpTimeSpec timeSpec, - char *outStr) -{ - struct tm utc; - time_t baseTime; - - baseTime = time(NULL); - baseTime += (time_t)secFromNow; - utc = *gmtime(&baseTime); - - switch(timeSpec) { - case TIME_UTC: - /* UTC - 2 year digits - code which parses this assumes that - * (2-digit) years between 0 and 49 are in century 21 */ - if(utc.tm_year >= 100) { - utc.tm_year -= 100; - } - sprintf(outStr, "%02d%02d%02d%02d%02d%02dZ", - utc.tm_year /* + 1900 */, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_GEN: - sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", - /* note year is relative to 1900, hopefully it'll have - * four valid digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_CSSM: - sprintf(outStr, "%04d%02d%02d%02d%02d%02d", - /* note year is relative to 1900, hopefully it'll have - * four valid digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - } -} - -/* - * Convert a time string, which can be in any of three forms (UTC, - * generalized, or CSSM_TIMESTRING) into a CSSM_TIMESTRING. Caller - * mallocs the result, which must be at least (CSSM_TIME_STRLEN+1) bytes. - * Returns nonzero if incoming time string is badly formed. - */ -int tpTimeToCssmTimestring( - const char *inStr, // not necessarily NULL terminated - unsigned inStrLen, // not including possible NULL - char *outTime) -{ - if((inStrLen == 0) || (inStr == NULL)) { - return 1; - } - outTime[0] = '\0'; - switch(inStrLen) { - case UTC_TIME_STRLEN: - { - /* infer century and prepend to output */ - char tmp[3]; - int year; - tmp[0] = inStr[0]; - tmp[1] = inStr[1]; - tmp[2] = '\0'; - year = atoi(tmp); - - /* - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX - * 70 < year <= 99 : assume century 20 - */ - if(year < 50) { - /* century 21 */ - strcpy(outTime, "20"); - } - else if(year < 70) { - return 1; - } - else { - /* century 20 */ - strcpy(outTime, "19"); - } - memmove(outTime + 2, inStr, inStrLen - 1); // don't copy the Z - break; - } - case CSSM_TIME_STRLEN: - memmove(outTime, inStr, inStrLen); // trivial case - break; - case GENERALIZED_TIME_STRLEN: - memmove(outTime, inStr, inStrLen - 1); // don't copy the Z - break; - - default: - return 1; - } - outTime[CSSM_TIME_STRLEN] = '\0'; - return 0; -} - diff --git a/AppleX509TP/tpTime.h b/AppleX509TP/tpTime.h deleted file mode 100644 index f8914189..00000000 --- a/AppleX509TP/tpTime.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * tpTime.h - cert related time functions - * - * Written 10/10/2000 by Doug Mitchell. - */ - -#ifndef _TP_TIME_H_ -#define _TP_TIME_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* lengths of time strings without trailing NULL */ -#define UTC_TIME_STRLEN 13 -#define CSSM_TIME_STRLEN 14 /* no trailing 'Z' */ -#define GENERALIZED_TIME_STRLEN 15 - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -extern int timeStringToTm( - const char *str, - unsigned len, - struct tm *tmp); - -/* - * Return current GMT time as a struct tm. - * Caller must hold tpTimeLock. - */ -extern void nowTime( - struct tm *now); - -/* - * Compare two times. Assumes they're both in GMT. Returns: - * -1 if t1 < t2 - * 0 if t1 == t2 - * 1 if t1 > t2 - */ -extern int compareTimes( - const struct tm *t1, - const struct tm *t2); - -/* - * Create a time string, in either UTC (2-digit) or or Generalized (4-digit) - * year format. Caller mallocs the output string whose length is at least - * (UTC_TIME_STRLEN+1), (GENERALIZED_TIME_STRLEN+1), or (CSSM_TIME_STRLEN+1) - * respectively. Caller must hold tpTimeLock. - */ -typedef enum { - TIME_UTC, - TIME_GEN, - TIME_CSSM -} TpTimeSpec; - -void timeAtNowPlus(unsigned secFromNow, - TpTimeSpec timeSpec, - char *outStr); - -/* - * Convert a time string, which can be in any of three forms (UTC, - * generalized, or CSSM_TIMESTRING) into a CSSM_TIMESTRING. Caller - * mallocs the result, which must be at least (CSSM_TIME_STRLEN+1) bytes. - * Returns nonzero if incoming time string is badly formed. - */ -int tpTimeToCssmTimestring( - const char *inStr, // not necessarily NULL terminated - unsigned inStrLen, // not including possible NULL - char *outTime); // caller mallocs - -#ifdef __cplusplus -} -#endif - -#endif /* _TP_TIME_H_*/ diff --git a/AppleX509TP/tp_common.mdsinfo b/AppleX509TP/tp_common.mdsinfo deleted file mode 100644 index 2e616a9f..00000000 --- a/AppleX509TP/tp_common.mdsinfo +++ /dev/null @@ -1,28 +0,0 @@ - - - - - BuiltIn - - CDSAVersion - 2.0 - Desc - Apple built-in X509TP - DynamicFlag - - MdsFileDescription - Built-in X509TP Common info - MdsFileType - PluginCommon - ModuleID - {87191ca5-0fc9-11d4-849a000502b52122} - ModuleName - AppleX509TP - MultiThreadFlag - - ProductVersion - 1.0 - ServiceMask - CSSM_SERVICE_TP - - diff --git a/AppleX509TP/tp_policyOids.mdsinfo b/AppleX509TP/tp_policyOids.mdsinfo deleted file mode 100644 index 5429a4c0..00000000 --- a/AppleX509TP/tp_policyOids.mdsinfo +++ /dev/null @@ -1,46 +0,0 @@ - - - - - MdsFileDescription - Built-in X509TP Policy OIDs - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_TP_OIDS_RECORDTYPE - ModuleID - {87191ca5-0fc9-11d4-849a000502b52122} - Policies - - - OID - - KoZIhvdjZAEB - - Value - - - - - OID - - KoZIhvdjZAEC - - Value - - - - - OID - - KoZIhvdjZAED - - Value - - - - - SSID - 0 - - diff --git a/AppleX509TP/tp_primary.mdsinfo b/AppleX509TP/tp_primary.mdsinfo deleted file mode 100644 index 6670aaf8..00000000 --- a/AppleX509TP/tp_primary.mdsinfo +++ /dev/null @@ -1,34 +0,0 @@ - - - - - AclSubjectTypes - - CSSM_ACL_SUBJECT_TYPE_ANY - - AuthTags - - CSSM_ACL_AUTHORIZATION_ANY - - CertTypeFormat - <<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER - MdsFileDescription - Built-in X509TP Primary info - MdsFileType - PluginSpecific - MdsRecordType - MDS_CDSADIR_TP_PRIMARY_RECORDTYPE - ModuleID - {87191ca5-0fc9-11d4-849a000502b52122} - ModuleName - AppleX509TP - ProductVersion - 1.0 - SSID - 0 - SampleTypes - - Vendor - Apple Computer, Inc. - - diff --git a/AppleX509TP/tpdebugging.h b/AppleX509TP/tpdebugging.h deleted file mode 100644 index 1924b475..00000000 --- a/AppleX509TP/tpdebugging.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: tpdebugging.h - - Contains: Debugging macros. - - Written by: Doug Mitchell - - Copyright: (c) 1998 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - 06/02/98 dpm Added DEBUG_THREAD_YIELD. - 03/10/98 dpm Created. - -*/ - -#ifndef _TPDEBUGGING_H_ -#define _TPDEBUGGING_H_ - -#include - -#ifdef NDEBUG -/* this actually compiles to nothing */ -#define tpErrorLog(args...) secdebug("tpError", ## args) -#else -#define tpErrorLog(args...) printf(args) -#endif - -#define tpDebug(args...) secdebug("tpDebug", ## args) -#define tpCrlDebug(args...) secdebug("tpCrlDebug", ## args) -#define tpPolicyError(args...) secdebug("tpPolicy", ## args) -#define tpVfyDebug(args...) secdebug("tpVfyDebug", ## args) -#define tpAnchorDebug(args...) secdebug("tpAnchorDebug", ## args) - -#endif /* _TPDEBUGGING_H_ */ diff --git a/CdsaUtils/cuCdsaUtils.cpp b/CdsaUtils/cuCdsaUtils.cpp deleted file mode 100644 index ee64d747..00000000 --- a/CdsaUtils/cuCdsaUtils.cpp +++ /dev/null @@ -1,683 +0,0 @@ -/* - * Copyright (c) 2001-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuCdsaUtils.cpp - - Description: common CDSA access utilities - - Author: dmitch -*/ - -#include "cuCdsaUtils.h" -#include -#include -#include -#include /* for cssmPerror() */ -#include /* for cssmPerror() */ -#include - -static CSSM_VERSION vers = {2, 0}; -static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; - -/* - * Standard app-level memory functions required by CDSA. - */ -void * cuAppMalloc (uint32 size, void *allocRef) { - return( malloc(size) ); -} - -void cuAppFree (void *mem_ptr, void *allocRef) { - free(mem_ptr); - return; -} - -void * cuAppRealloc (void *ptr, uint32 size, void *allocRef) { - return( realloc( ptr, size ) ); -} - -void * cuAppCalloc (uint32 num, uint32 size, void *allocRef) { - return( calloc( num, size ) ); -} - -static CSSM_API_MEMORY_FUNCS memFuncs = { - cuAppMalloc, - cuAppFree, - cuAppRealloc, - cuAppCalloc, - NULL - }; - -CSSM_BOOL cuCompareCssmData(const CSSM_DATA *d1, - const CSSM_DATA *d2) -{ - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - return CSSM_TRUE; -} - -/* - * Init CSSM; returns CSSM_FALSE on error. Reusable. - */ -static CSSM_BOOL cssmInitd = CSSM_FALSE; - -CSSM_BOOL cuCssmStartup() -{ - CSSM_RETURN crtn; - CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - - if(cssmInitd) { - return CSSM_TRUE; - } - crtn = CSSM_Init (&vers, - CSSM_PRIVILEGE_SCOPE_NONE, - &testGuid, - CSSM_KEY_HIERARCHY_NONE, - &pvcPolicy, - NULL /* reserved */); - if(crtn != CSSM_OK) - { - cuPrintError("CSSM_Init", crtn); - return CSSM_FALSE; - } - else { - cssmInitd = CSSM_TRUE; - return CSSM_TRUE; - } -} - -/* - * Attach to CSP. Returns zero on error. - */ -CSSM_CSP_HANDLE cuCspStartup( - CSSM_BOOL bareCsp) // true ==> CSP, false ==> CSP/DL -{ - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - const CSSM_GUID *guid; - - /* common CSSM init */ - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - if(bareCsp) { - guid = &gGuidAppleCSP; - } - else { - guid = &gGuidAppleCSPDL; - } - crtn = CSSM_ModuleLoad(guid, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad()", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (guid, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CSP, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &cspHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach()", crtn); - return 0; - } - return cspHand; -} - -/* Attach to DL side of CSPDL */ -CSSM_DL_HANDLE cuDlStartup() -{ - CSSM_DL_HANDLE dlHand = 0; - CSSM_RETURN crtn; - - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleCSPDL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad(Apple CSPDL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleCSPDL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_DL, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &dlHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach(Apple CSPDL)", crtn); - return 0; - } - return dlHand; -} - -CSSM_CL_HANDLE cuClStartup() -{ - CSSM_CL_HANDLE clHand; - CSSM_RETURN crtn; - - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509CL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad(AppleCL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509CL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CL, // SubserviceFlags - Where is this used? - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &clHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach(AppleCL)", crtn); - return 0; - } - else { - return clHand; - } -} - -CSSM_TP_HANDLE cuTpStartup() -{ - CSSM_TP_HANDLE tpHand; - CSSM_RETURN crtn; - - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509TP, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad(AppleTP)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509TP, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_TP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &tpHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach(AppleTP)", crtn); - return 0; - } - else { - return tpHand; - } -} - -/* - * open a DB, ensure it's empty. - */ -CSSM_DB_HANDLE cuDbStartup( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName) -{ - CSSM_DB_HANDLE dbHand = 0; - CSSM_RETURN crtn; - CSSM_DBINFO dbInfo; - - /* first delete possible existing DB, ignore error */ - crtn = CSSM_DL_DbDelete(dlHand, dbName, NULL, NULL); - switch(crtn) { - /* only allowed error is "no such file" */ - case CSSM_OK: - case CSSMERR_DL_DATASTORE_DOESNOT_EXIST: - break; - default: - cuPrintError("CSSM_DL_DbDelete", crtn); - return 0; - } - - memset(&dbInfo, 0, sizeof(CSSM_DBINFO)); - - /* now create it */ - crtn = CSSM_DL_DbCreate(dlHand, - dbName, - NULL, // DbLocation - &dbInfo, - // &Security::KeychainCore::Schema::DBInfo, - CSSM_DB_ACCESS_PRIVILEGED, - NULL, // CredAndAclEntry - NULL, // OpenParameters - &dbHand); - if(crtn) { - cuPrintError("CSSM_DL_DbCreate", crtn); - } - return dbHand; -} - -/* - * Attach to existing DB or create an empty new one. - */ -CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand, - char *dbName, - CSSM_BOOL doCreate, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_DB_HANDLE dbHand; - - /* try open existing DB in either case */ - - crtn = CSSM_DL_DbOpen(dlHand, - dbName, - NULL, // DbLocation - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - &dbHand); - if(crtn == CSSM_OK) { - return dbHand; - } - if(!doCreate) { - if(!quiet) { - printf("***no such data base (%s)\n", dbName); - cuPrintError("CSSM_DL_DbOpen", crtn); - } - return 0; - } - /* have to create one */ - return cuDbStartup(dlHand, dbName); -} - -/* - * Given a context specified via a CSSM_CC_HANDLE, add a new - * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType, - * AttributeLength, and an untyped pointer. - */ -CSSM_RETURN cuAddContextAttribute(CSSM_CC_HANDLE CCHandle, - uint32 AttributeType, - uint32 AttributeLength, - const void *AttributePtr) -{ - CSSM_CONTEXT_ATTRIBUTE newAttr; - CSSM_RETURN crtn; - - newAttr.AttributeType = AttributeType; - newAttr.AttributeLength = AttributeLength; - newAttr.Attribute.Data = (CSSM_DATA_PTR)AttributePtr; - crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr); - if(crtn) { - cuPrintError("CSSM_UpdateContextAttributes", crtn); - } - return crtn; -} - - -/* - * Derive symmetric key. - * Note in the X CSP, we never return an IV. - */ -CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_KEY_PTR key) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - uint32 keyAttr; - CSSM_DATA dummyLabel; - CSSM_PKCS5_PBKDF2_PARAMS pbeParams; - CSSM_DATA pbeData; - CSSM_ACCESS_CREDENTIALS creds; - - memset(key, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_PKCS5_PBKDF2, - keyAlg, - keySizeInBits, - &creds, - NULL, // BaseKey - iterationCnt, - salt, - NULL, // seed - &ccHand); - if(crtn) { - cuPrintError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return crtn; - } - keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | - CSSM_KEYATTR_SENSITIVE; - dummyLabel.Length = keyLabelLen; - dummyLabel.Data = (uint8 *)keyLabel; - - /* passing in password is pretty strange....*/ - pbeParams.Passphrase = *password; - pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; - pbeData.Data = (uint8 *)&pbeParams; - pbeData.Length = sizeof(pbeParams); - crtn = CSSM_DeriveKey(ccHand, - &pbeData, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // cred and acl - key); - if(crtn) { - cuPrintError("CSSM_DeriveKey", crtn); - return crtn; - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - cuPrintError("CSSM_DeleteContext", crtn); - } - return crtn; -} - -/* - * Generate key pair of arbitrary algorithm. - */ - -/* CSP DL currently does not perform DSA generate params; let CSP do it implicitly */ -#define DO_DSA_GEN_PARAMS 0 - -CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE *dlDbHand, // optional - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYATTR_FLAGS privAttrs) // CSSM_KEYATTR_EXTRACTABLE, etc. -{ - CSSM_RETURN crtn; - CSSM_RETURN ocrtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - cuPrintError("CSSM_CSP_CreateKeyGenContext", crtn); - return crtn; - } - - /* post-context-create algorithm-specific stuff */ - switch(algorithm) { - #if DO_DSA_GEN_PARAMS - case CSSM_ALGID_DSA: - /* - * extra step - generate params - this just adds some - * info to the context - */ - { - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, &dummy); - if(crtn) { - cuPrintError("CSSM_GenerateAlgorithmParams", crtn); - CSSM_DeleteContext(ccHand); - return crtn; - } - cuAppFree(dummy.Data, NULL); - } - break; - #endif /* DO_DSA_GEN_PARAMS */ - default: - break; - } - - /* optionally specify DL/DB storage location */ - if(dlDbHand) { - crtn = cuAddContextAttribute(ccHand, - CSSM_ATTRIBUTE_DL_DB_HANDLE, - sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE), - dlDbHand); - if(crtn) { - CSSM_DeleteContext(ccHand); - return crtn; - } - } - ocrtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttrs, - &keyLabelData, - pubKey, - privKeyUsage, - privAttrs, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(ocrtn) { - cuPrintError("CSSM_GenerateKeyPair", ocrtn); - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - cuPrintError("CSSM_DeleteContext", crtn); - if(ocrtn == CSSM_OK) { - /* error on CSSM_GenerateKeyPair takes precedence */ - ocrtn = crtn; - } - } - return ocrtn; -} - - -/* - * Add a certificate to an open Keychain. - */ -CSSM_RETURN cuAddCertToKC( - SecKeychainRef keychain, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *keyLabel) // ?? -{ - SecCertificateRef certificate; - - OSStatus rslt = SecCertificateCreateFromData(cert, certType, certEncoding, &certificate); - if (!rslt) - { - rslt = SecCertificateAddToKeychain(certificate, keychain); - CFRelease(certificate); - } - - return rslt; -} - -/* - * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to an - * unsigned. - */ -unsigned cuDER_ToInt(const CSSM_DATA *DER_Data) -{ - uint32 rtn = 0; - unsigned i = 0; - - while(i < DER_Data->Length) { - rtn |= DER_Data->Data[i]; - if(++i == DER_Data->Length) { - break; - } - rtn <<= 8; - } - return rtn; -} - -/* - * Log CSSM error. - */ -void cuPrintError(const char *op, CSSM_RETURN err) -{ - cssmPerror(op, err); -} - -/* - * Verify a CRL against system anchors and intermediate certs. - */ -CSSM_RETURN cuCrlVerify( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *crlData, - CSSM_DL_DB_HANDLE_PTR certKeychain, // intermediate certs - const CSSM_DATA *anchors, - uint32 anchorCount) -{ - /* main job is building a CSSM_TP_VERIFY_CONTEXT and its components */ - CSSM_TP_VERIFY_CONTEXT vfyCtx; - CSSM_TP_CALLERAUTH_CONTEXT authCtx; - - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); - memset(&authCtx, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - - /* CSSM_TP_CALLERAUTH_CONTEXT components */ - /* - typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; - } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - */ - CSSM_FIELD policyId; - CSSM_APPLE_TP_CRL_OPTIONS crlOpts; - policyId.FieldOid = CSSMOID_APPLE_TP_REVOCATION_CRL; - policyId.FieldValue.Data = (uint8 *)&crlOpts; - policyId.FieldValue.Length = sizeof(crlOpts); - crlOpts.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; - /* perhaps this should be user-specifiable */ - crlOpts.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET; - crlOpts.crlStore = NULL; - - authCtx.Policy.NumberOfPolicyIds = 1; - authCtx.Policy.PolicyIds = &policyId; - authCtx.Policy.PolicyControl = NULL; - - authCtx.VerifyTime = NULL; - authCtx.VerificationAbortOn = CSSM_TP_STOP_ON_POLICY; - authCtx.CallbackWithVerifiedCert = NULL; - - /* anchors */ - authCtx.NumberOfAnchorCerts = anchorCount; - authCtx.AnchorCerts = const_cast(anchors); - - /* DBList of intermediate certs */ - CSSM_DL_DB_HANDLE handles[1]; - unsigned numDbs = 0; - if(certKeychain != NULL) { - handles[0] = *certKeychain; - numDbs++; - } - CSSM_DL_DB_LIST dlDbList; - dlDbList.DLDBHandle = certKeychain; - dlDbList.NumHandles = (certKeychain ? 1 : 0); - - authCtx.DBList = &dlDbList; - authCtx.CallerCredentials = NULL; - - /* CSSM_TP_VERIFY_CONTEXT */ - vfyCtx.ActionData.Data = NULL; - vfyCtx.ActionData.Length = 0; - vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; - vfyCtx.Cred = &authCtx; - - /* cook up CSSM_ENCODED_CRL */ - CSSM_ENCODED_CRL encCrl; - encCrl.CrlType = CSSM_CRL_TYPE_X_509v2; - encCrl.CrlEncoding = CSSM_CRL_ENCODING_DER; - encCrl.CrlBlob = *crlData; - - /* CDSA API requires a SignerCertGroup; for us, all the certs are in - * certKeyChain... */ - CSSM_CERTGROUP certGroup; - certGroup.CertType = CSSM_CERT_X_509v1; - certGroup.CertEncoding = CSSM_CERT_ENCODING_DER; - certGroup.NumCerts = 0; - certGroup.GroupList.CertList = NULL; - certGroup.CertGroupType = CSSM_CERTGROUP_DATA; - - CSSM_RETURN crtn = CSSM_TP_CrlVerify(tpHand, - clHand, - cspHand, - &encCrl, - &certGroup, - &vfyCtx, - NULL); // RevokerVerifyResult - if(crtn) { - cuPrintError("CSSM_TP_CrlVerify", crtn); - } - return crtn; -} - diff --git a/CdsaUtils/cuCdsaUtils.h b/CdsaUtils/cuCdsaUtils.h deleted file mode 100644 index 682885ee..00000000 --- a/CdsaUtils/cuCdsaUtils.h +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2001-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuCdsaUtils.h - - Description: common CDSA access utilities - - Author: dmitch -*/ - -#ifndef _COMMON_CDSA_UTILS_H_ -#define _COMMON_CDSA_UTILS_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* common memory allocators shared by app and CSSM */ -extern void * cuAppMalloc (uint32 size, void *allocRef); -extern void cuAppFree (void *mem_ptr, void *allocRef); -extern void * cuAppRealloc (void *ptr, uint32 size, void *allocRef); -extern void * cuAppCalloc (uint32 num, uint32 size, void *allocRef); - -#define APP_MALLOC(s) cuAppMalloc(s, NULL) -#define APP_FREE(p) cuAppFree(p, NULL) -#define APP_REALLOC(p, s) cuAppRealloc(p, s, NULL) -#define APP_CALLOC(n, s) cuAppRealloc(n, s, NULL) - -extern CSSM_BOOL cuCompareCssmData( - const CSSM_DATA *d1, - const CSSM_DATA *d2); - -/* OID flavor of same, which will break when an OID is not a CSSM_DATA */ -#define cuCompareOid(o1, o2) cuCompareCssmData(o1, o2) - -void cuPrintError(const char *op, CSSM_RETURN err); - -/* Init CSSM; returns CSSM_FALSE on error. Reusable. */ -extern CSSM_BOOL cuCssmStartup(); - -/* Attach to CSP. Returns zero on error. */ -extern CSSM_CSP_HANDLE cuCspStartup( - CSSM_BOOL bareCsp); // true ==> CSP, false ==> CSP/DL - -/* Attach to DL side of CSPDL. */ -extern CSSM_DL_HANDLE cuDlStartup(); - -/* Attach to CL, TP */ -extern CSSM_CL_HANDLE cuClStartup(); -extern CSSM_TP_HANDLE cuTpStartup(); - -/* Open a DB, ensure it's empty. */ -CSSM_DB_HANDLE cuDbStartup( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName); - -/* Attach to existing DB or create an empty new one. */ -CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand, - char *dbName, - CSSM_BOOL doCreate, - CSSM_BOOL quiet); - -/* - * Derive symmetric key using PBE. - */ -extern CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_KEY_PTR key); - -/* - * Generate key pair of arbitrary algorithm. - */ -extern CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE *dlDbHand, // optional - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYATTR_FLAGS privAttrs); // CSSM_KEYATTR_EXTRACTABLE, etc. - -/* Convert a reference key to a raw key. */ -CSSM_RETURN cuRefKeyToRaw(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey); // RETURNED - -/* - * Add a certificate to a keychain. - */ -CSSM_RETURN cuAddCertToKC( - SecKeychainRef keychain, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *keyLabel); // ?? - -/* - * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to an - * unsigned. - */ -unsigned cuDER_ToInt( - const CSSM_DATA *DER_Data); - -/* - * Verify a CRL against system anchors and intermediate certs. - */ -CSSM_RETURN cuCrlVerify( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *crlData, - CSSM_DL_DB_HANDLE_PTR certKeychain, // intermediate certs - const CSSM_DATA *anchors, - uint32 anchorCount); - -#ifdef __cplusplus -} -#endif - -#endif /* _COMMON_CDSA_UTILS_H_ */ \ No newline at end of file diff --git a/CdsaUtils/cuDbUtils.cpp b/CdsaUtils/cuDbUtils.cpp deleted file mode 100644 index de78a602..00000000 --- a/CdsaUtils/cuDbUtils.cpp +++ /dev/null @@ -1,559 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. - * Please obtain a copy of the License at http://www.apple.com/publicsource - * and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights - * and limitations under the License. - */ - -/* - File: cuDbUtils.cpp - - Description: CDSA DB access utilities - - Author: dmitch -*/ - -#include "cuCdsaUtils.h" -#include "cuTimeStr.h" -#include "cuDbUtils.h" -#include "cuPrintCert.h" -#include -#include -#include -#include /* private SecInferLabelFromX509Name() */ -#include /* for cssmPerror() */ -#include -#include -#include -#include -#include /* private API */ - -/* - * Add a certificate to an open DLDB. - */ -CSSM_RETURN cuAddCertToDb( - CSSM_DL_DB_HANDLE dlDbHand, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *publicKeyHash) -{ - CSSM_DB_ATTRIBUTE_DATA attrs[6]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; - CSSM_DATA certTypeData; - CSSM_DATA certEncData; - CSSM_DATA printNameData; - CSSM_RETURN crtn; - CSSM_DB_UNIQUE_RECORD_PTR recordPtr; - - /* issuer and serial number required, fake 'em */ - CSSM_DATA issuer = {6, (uint8 *)"issuer"}; - CSSM_DATA serial = {6, (uint8 *)"serial"}; - - /* we spec six attributes, skipping alias */ - certTypeData.Data = (uint8 *)&certType; - certTypeData.Length = sizeof(CSSM_CERT_TYPE); - certEncData.Data = (uint8 *)&certEncoding; - certEncData.Length = sizeof(CSSM_CERT_ENCODING); - printNameData.Data = (uint8 *)printName; - printNameData.Length = strlen(printName) + 1; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CertType"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &certTypeData; - - attr++; - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CertEncoding"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &certEncData; - - attr++; - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "PrintName"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &printNameData; - - attr++; - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "PublicKeyHash"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = (CSSM_DATA_PTR)publicKeyHash; - - attr++; - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "Issuer"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &issuer; - - attr++; - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "SerialNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &serial; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = 6; - recordAttrs.AttributeData = attrs; - - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CERTIFICATE, - &recordAttrs, - cert, - &recordPtr); - if(crtn) { - cuPrintError("CSSM_DL_DataInsert", crtn); - } - else { - CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr); - } - return crtn; -} - -static CSSM_RETURN cuAddCrlSchema( - CSSM_DL_DB_HANDLE dlDbHand); - -static void cuInferCrlLabel( - const CSSM_X509_NAME *x509Name, - CSSM_DATA *label) // not mallocd; contents are from the x509Name -{ - /* use private API for common "infer label" logic */ - const CSSM_DATA *printValue = SecInferLabelFromX509Name(x509Name); - if(printValue == NULL) { - /* punt! */ - label->Data = (uint8 *)"X509 CRL"; - label->Length = 8; - } - else { - *label = *printValue; - } -} - -/* - * Search extensions for specified OID, assumed to have underlying - * value type of uint32; returns the value and true if found. - */ -static bool cuSearchNumericExtension( - const CSSM_X509_EXTENSIONS *extens, - const CSSM_OID *oid, - uint32 *val) -{ - for(uint32 dex=0; dexnumberOfExtensions; dex++) { - const CSSM_X509_EXTENSION *exten = &extens->extensions[dex]; - if(!cuCompareOid(&exten->extnId, oid)) { - continue; - } - if(exten->format != CSSM_X509_DATAFORMAT_PAIR) { - printf("***Malformed extension\n"); - continue; - } - *val = *((uint32 *)exten->value.parsedValue); - return true; - } - return false; -} - -/* - * Add a CRL to an existing DL/DB. - */ -#define MAX_CRL_ATTRS 9 - -CSSM_RETURN cuAddCrlToDb( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - const CSSM_DATA *crl, - const CSSM_DATA *URI) // optional -{ - CSSM_DB_ATTRIBUTE_DATA attrs[MAX_CRL_ATTRS]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; - CSSM_DATA crlTypeData; - CSSM_DATA crlEncData; - CSSM_DATA printNameData; - CSSM_RETURN crtn; - CSSM_DB_UNIQUE_RECORD_PTR recordPtr; - CSSM_DATA_PTR issuer; // mallocd by CL - CSSM_DATA_PTR crlValue; // ditto - uint32 numFields; - CSSM_HANDLE result; - CSSM_CRL_ENCODING crlEnc = CSSM_CRL_ENCODING_DER; - const CSSM_X509_SIGNED_CRL *signedCrl; - const CSSM_X509_TBS_CERTLIST *tbsCrl; - CSSM_CRL_TYPE crlType; - CSSM_DATA thisUpdateData = {0, NULL}; - CSSM_DATA nextUpdateData = {0, NULL}; - char *thisUpdate, *nextUpdate; - unsigned timeLen; - uint32 crlNumber; - uint32 deltaCrlNumber; - CSSM_DATA crlNumberData; - CSSM_DATA deltaCrlNumberData; - bool crlNumberPresent = false; - bool deltaCrlPresent = false; - CSSM_DATA attrUri; - - /* get normalized issuer name as Issuer attr */ - crtn = CSSM_CL_CrlGetFirstFieldValue(clHand, - crl, - &CSSMOID_X509V1IssuerName, - &result, - &numFields, - &issuer); - if(crtn) { - cuPrintError("CSSM_CL_CrlGetFirstFieldValue(Issuer)", crtn); - return crtn; - } - CSSM_CL_CrlAbortQuery(clHand, result); - - /* get parsed CRL from the CL */ - crtn = CSSM_CL_CrlGetFirstFieldValue(clHand, - crl, - &CSSMOID_X509V2CRLSignedCrlCStruct, - &result, - &numFields, - &crlValue); - if(crtn) { - cuPrintError("CSSM_CL_CrlGetFirstFieldValue(Issuer)", crtn); - return crtn; - } - CSSM_CL_CrlAbortQuery(clHand, result); - if(crlValue == NULL) { - printf("***CSSM_CL_CrlGetFirstFieldValue: value error (1)\n"); - return CSSMERR_CL_INVALID_CRL_POINTER; - } - if((crlValue->Data == NULL) || - (crlValue->Length != sizeof(CSSM_X509_SIGNED_CRL))) { - printf("***CSSM_CL_CrlGetFirstFieldValue: value error (2)\n"); - return CSSMERR_CL_INVALID_CRL_POINTER; - } - signedCrl = (const CSSM_X509_SIGNED_CRL *)crlValue->Data; - tbsCrl = &signedCrl->tbsCertList; - - /* CrlType inferred from version */ - if(tbsCrl->version.Length == 0) { - /* should never happen... */ - crlType = CSSM_CRL_TYPE_X_509v1; - } - else { - uint8 vers = tbsCrl->version.Data[tbsCrl->version.Length - 1]; - switch(vers) { - case 0: - crlType = CSSM_CRL_TYPE_X_509v1; - break; - case 1: - crlType = CSSM_CRL_TYPE_X_509v2; - break; - default: - printf("***Unknown version in CRL (%u)\n", vers); - crlType = CSSM_CRL_TYPE_X_509v1; - break; - } - } - crlTypeData.Data = (uint8 *)&crlType; - crlTypeData.Length = sizeof(CSSM_CRL_TYPE); - /* encoding more-or-less assumed here */ - crlEncData.Data = (uint8 *)&crlEnc; - crlEncData.Length = sizeof(CSSM_CRL_ENCODING); - - /* printName inferred from issuer */ - cuInferCrlLabel(&tbsCrl->issuer, &printNameData); - - /* cook up CSSM_TIMESTRING versions of this/next update */ - thisUpdate = cuX509TimeToCssmTimestring(&tbsCrl->thisUpdate, &timeLen); - if(thisUpdate == NULL) { - printf("***Badly formatted thisUpdate\n"); - } - else { - thisUpdateData.Data = (uint8 *)thisUpdate; - thisUpdateData.Length = timeLen; - } - if(tbsCrl->nextUpdate.time.Data != NULL) { - nextUpdate = cuX509TimeToCssmTimestring(&tbsCrl->nextUpdate, &timeLen); - if(nextUpdate == NULL) { - printf("***Badly formatted nextUpdate\n"); - } - else { - nextUpdateData.Data = (uint8 *)nextUpdate; - nextUpdateData.Length = timeLen; - } - } - else { - /* - * NextUpdate not present; fake it by using "virtual end of time" - */ - CSSM_X509_TIME tempTime = { 0, // timeType, not used - { strlen(CSSM_APPLE_CRL_END_OF_TIME), - (uint8 *)CSSM_APPLE_CRL_END_OF_TIME} }; - nextUpdate = cuX509TimeToCssmTimestring(&tempTime, &timeLen); - nextUpdateData.Data = (uint8 *)nextUpdate; - nextUpdateData.Length = CSSM_TIME_STRLEN; - } - - /* optional CrlNumber and DeltaCrlNumber */ - if(cuSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_CrlNumber, - &crlNumber)) { - crlNumberData.Data = (uint8 *)&crlNumber; - crlNumberData.Length = sizeof(uint32); - crlNumberPresent = true; - } - if(cuSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_DeltaCrlIndicator, - &deltaCrlNumber)) { - deltaCrlNumberData.Data = (uint8 *)&deltaCrlNumber; - deltaCrlNumberData.Length = sizeof(uint32); - deltaCrlPresent = true; - } - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlType"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlTypeData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlEncoding"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlEncData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "PrintName"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &printNameData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "Issuer"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = issuer; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "ThisUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &thisUpdateData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "NextUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &nextUpdateData; - attr++; - - /* now the optional attributes */ - if(crlNumberPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlNumberData; - attr++; - } - if(deltaCrlPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "DeltaCrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &deltaCrlNumberData; - attr++; - } - if(URI) { - /* ensure URI string does not contain NULL */ - attrUri = *URI; - if((attrUri.Length != 0) && - (attrUri.Data[attrUri.Length - 1] == 0)) { - attrUri.Length--; - } - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "URI"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &attrUri; - attr++; - } - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CRL; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = attr - attrs; - recordAttrs.AttributeData = attrs; - - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl, - &recordPtr); - if(crtn == CSSMERR_DL_INVALID_RECORDTYPE) { - /* gross hack of inserting this "new" schema that Keychain didn't specify */ - crtn = cuAddCrlSchema(dlDbHand); - if(crtn == CSSM_OK) { - /* Retry with a fully capable DLDB */ - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl, - &recordPtr); - } - } - if(crtn) { - cuPrintError("CSSM_DL_DataInsert", crtn); - } - else { - CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr); - } - - /* free all the stuff we allocated to get here */ - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerName, issuer); - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V2CRLSignedCrlCStruct, crlValue); - free(thisUpdate); - free(nextUpdate); - return crtn; -} - - -/* - * Update an existing DLDB to be CRL-capable. - */ -static CSSM_RETURN cuAddCrlSchema( - CSSM_DL_DB_HANDLE dlDbHand) -{ - return CSSM_DL_CreateRelation(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - "CSSM_DL_DB_RECORD_X509_CRL", - Security::KeychainCore::Schema::X509CrlSchemaAttributeCount, - Security::KeychainCore::Schema::X509CrlSchemaAttributeList, - Security::KeychainCore::Schema::X509CrlSchemaIndexCount, - Security::KeychainCore::Schema::X509CrlSchemaIndexList); -} - -/* - * Search DB for all records of type CRL or cert, calling appropriate - * parse/print routine for each record. - */ -CSSM_RETURN cuDumpCrlsCerts( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - CSSM_BOOL isCert, - unsigned &numItems, // returned - CSSM_BOOL verbose) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_HANDLE resultHand; - CSSM_RETURN crtn; - CSSM_DATA certCrl; - const char *itemStr; - - numItems = 0; - itemStr = isCert ? "Certificate" : "CRL"; - - /* just search by recordType, no predicates, no attributes */ - if(isCert) { - query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - } - else { - query.RecordType = CSSM_DL_DB_RECORD_X509_CRL; - } - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - certCrl.Data = NULL; - certCrl.Length = 0; - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - NULL, // no attrs - &certCrl, - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - /* no data, otherwise OK */ - return CSSM_OK; - case CSSMERR_DL_INVALID_RECORDTYPE: - /* invalid record type just means "this hasn't been set up - * for certs yet". */ - return crtn; - default: - cuPrintError("DataGetFirst", crtn); - return crtn; - } - - /* got one; print it */ - printf("%s %u:\n", itemStr, numItems); - if(isCert) { - printCert(certCrl.Data, certCrl.Length, verbose); - } - else { - printCrl(certCrl.Data, certCrl.Length, verbose); - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - APP_FREE(certCrl.Data); - certCrl.Data = NULL; - certCrl.Length = 0; - numItems++; - - /* get the rest */ - for(;;) { - crtn = CSSM_DL_DataGetNext(dlDbHand, - resultHand, - NULL, - &certCrl, - &record); - switch(crtn) { - case CSSM_OK: - printf("%s %u:\n", itemStr, numItems); - if(isCert) { - printCert(certCrl.Data, certCrl.Length, verbose); - } - else { - printCrl(certCrl.Data, certCrl.Length, verbose); - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - APP_FREE(certCrl.Data); - certCrl.Data = NULL; - certCrl.Length = 0; - numItems++; - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - return CSSM_OK; - default: - cuPrintError("DataGetNext", crtn); - return crtn; - } - } - /* NOT REACHED */ -} - diff --git a/CdsaUtils/cuDbUtils.h b/CdsaUtils/cuDbUtils.h deleted file mode 100644 index 70931a50..00000000 --- a/CdsaUtils/cuDbUtils.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuDbUtils.h - - Description: CDSA DB access utilities - - Author: dmitch -*/ - -#ifndef _CU_DB_UTILS_H_ -#define _CU_DB_UTILS_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Add a certificate to an open DLDB. - */ -CSSM_RETURN cuAddCertToDb( - CSSM_DL_DB_HANDLE dlDbHand, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *publicKeyHash); // ?? - -/* - * Add a CRL to an open DL/DB. - */ -CSSM_RETURN cuAddCrlToDb( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - const CSSM_DATA *crl, - const CSSM_DATA *URI); // optional - -/* - * Search DB for all records of type CRL or cert, calling appropriate - * parse/print routine for each record. - */ -CSSM_RETURN cuDumpCrlsCerts( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - CSSM_BOOL isCert, - unsigned &numItems, // returned - CSSM_BOOL verbose); - -#ifdef __cplusplus -} -#endif - -#endif /* _CU_DB_UTILS_H_ */ \ No newline at end of file diff --git a/CdsaUtils/cuEnc64.c b/CdsaUtils/cuEnc64.c deleted file mode 100644 index 59dfbdc9..00000000 --- a/CdsaUtils/cuEnc64.c +++ /dev/null @@ -1,392 +0,0 @@ -/* - * Copyright (c) 1998-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * cuEnc64.c - encode/decode in 64-char IA5 format, per RFC 1421 - */ - -#include "cuEnc64.h" -#include - -#ifndef NULL -#define NULL ((void *)0) -#endif /* NULL */ - -/* - * map a 6-bit binary value to a printable character. - */ -static const -unsigned char bintoasc[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -/* - * Map an 7-bit printable character to its corresponding binary value. - * Any illegal characters return high bit set. - */ -static const -unsigned char asctobin[] = -{ - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x3e, 0x80, 0x80, 0x80, 0x3f, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, - 0x3c, 0x3d, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80 -}; - -/* - * map 6 bits to a printing char - */ -#define ENC(c) (bintoasc[((c) & 0x3f)]) - -#define PAD '=' - -/* - * map one group of up to 3 bytes at inp to 4 bytes at outp. - * Count is number of valid bytes in *inp; if less than 3, the - * 1 or two extras must be zeros. - */ -static void encChunk(const unsigned char *inp, - unsigned char *outp, - int count) -{ - unsigned char c1, c2, c3, c4; - - c1 = *inp >> 2; - c2 = ((inp[0] << 4) & 0x30) | ((inp[1] >> 4) & 0xf); - c3 = ((inp[1] << 2) & 0x3c) | ((inp[2] >> 6) & 0x3); - c4 = inp[2] & 0x3f; - *outp++ = ENC(c1); - *outp++ = ENC(c2); - if (count == 1) { - *outp++ = PAD; - *outp = PAD; - } else { - *outp++ = ENC(c3); - if (count == 2) { - *outp = PAD; - } - else { - *outp = ENC(c4); - } - } -} - -/* - * Given input buffer inbuf, length inlen, encode to 64-char IA5 format. - * Result is fmalloc'd and returned; it is terminated by Microsoft-style - * newline and NULL. Its length (including the trailing newline and NULL) - * is returned in *outlen. - */ - -unsigned char *cuEnc64(const unsigned char *inbuf, - unsigned inlen, - unsigned *outlen) // RETURNED -{ - return cuEnc64WithLines(inbuf, inlen, 0, outlen); -} - -unsigned char *cuEnc64WithLines(const unsigned char *inbuf, - unsigned inlen, - unsigned linelen, - unsigned *outlen) -{ - unsigned outTextLen; - unsigned len; // to malloc, liberal - unsigned olen = 0; // actual output size - unsigned char *outbuf; - unsigned char endbuf[3]; - unsigned i; - unsigned char *outp; - unsigned numLines; - unsigned thisLine; - - outTextLen = ((inlen + 2) / 3) * 4; - if(linelen) { - /* - * linelen must be 0 mod 4 for this to work; round up... - */ - if((linelen & 0x03) != 0) { - linelen = (linelen + 3) & 0xfffffffc; - } - numLines = (outTextLen + linelen - 1)/ linelen; - } - else { - numLines = 1; - } - - /* - * Total output size = encoded text size plus one newline per - * line of output, plus trailing NULL. We always generate newlines - * as \n; when decoding, we tolerate \r\n (Microsoft) or \n. - */ - len = outTextLen + (2 * numLines) + 1; - outbuf = (unsigned char*)malloc(len); - outp = outbuf; - thisLine = 0; - - while(inlen) { - if(inlen < 3) { - for(i=0; i<3; i++) { - if(i < inlen) { - endbuf[i] = inbuf[i]; - } - else { - endbuf[i] = 0; - } - } - encChunk(endbuf, outp, inlen); - inlen = 0; - } - else { - encChunk(inbuf, outp, 3); - inlen -= 3; - inbuf += 3; - } - outp += 4; - thisLine += 4; - olen += 4; - if((linelen != 0) && (thisLine >= linelen) && inlen) { - /* - * last trailing newline added below - * Note we don't split 4-byte output chunks over newlines - */ - *outp++ = '\n'; - olen++; - thisLine = 0; - } - } - *outp++ = '\n'; - *outp = '\0'; - olen += 2; - *outlen = olen; - return outbuf; -} - -static inline int isWhite(unsigned char c) -{ - switch(c) { - case '\n': - case '\r': - case ' ': - case '\t': - case '\0': - return 1; - default: - return 0; - } -} - -/* - * Strip off all whitespace from a (supposedly) enc64-format string. - * Returns a malloc'd string. - */ -static unsigned char *stringCleanse(const unsigned char *inbuf, - unsigned inlen, - unsigned *outlen) -{ - unsigned char *news; // cleansed inbuf - unsigned newsDex; // index into news - unsigned i; - - news = (unsigned char*)malloc(inlen); - newsDex = 0; - for(i=0; i 0) { - goto errorOut; - } - } - else { - goto errorOut; - } - } else if (*bp & 0x80 || (c3 = asctobin[*bp]) & 0x80) { - goto errorOut; - } else { - bp++; - inlen--; - if (*bp == PAD) { - /* - * Three input bytes, two output - */ - c4 = 0; - thisOlen = 2; - if (c3 & 3) { - goto errorOut; - } - } else if (*bp & 0x80 || (c4 = asctobin[*bp]) & 0x80) { - goto errorOut; - } else { - /* - * Normal non-pad case - */ - thisOlen = 3; - } - bp++; - inlen--; - } - j = (c1 << 2) | (c2 >> 4); - *outp++ = j; - if(thisOlen > 1) { - j = (c2 << 4) | (c3 >> 2); - *outp++ = j; - if(thisOlen == 3) { - j = (c3 << 6) | c4; - *outp++ = j; - } - } - olen += thisOlen; - } - free(news); - *outlen = olen; - return outbuf; /* normal return */ - -errorOut: - free(news); - free(outbuf); - return (unsigned char*) NULL; -} - -/* - * Determine if specified input data is valid enc64 format. Returns 1 - * if valid, 0 if not. - * This doesn't do a full enc64 parse job; it scans for legal characters - * and proper sync when a possible pad is found. - */ -int cuIsValidEnc64(const unsigned char *inbuf, - unsigned inlen) -{ - int padChars = 0; // running count of PAD chars - int validEncChars = 0; - unsigned char c; - - /* - * -- scan inbuf - * -- skip whitespace - * -- count valid chars - * -- ensure not more than 2 PAD chars, only at end - * -- ensure valid chars mod 4 == 0 - */ - - while(inlen) { - c = *inbuf++; - inlen--; - if(isWhite(c)) { - continue; - } - if(c == PAD) { - if(++padChars > 2) { - return 0; // max of 2 PAD chars at end - } - } - else if(padChars > 0) { - return 0; // no normal chars after seeing PAD - } - else if((c & 0x80) || ((asctobin[c]) & 0x80)) { - return 0; // invalid encoded char - } - validEncChars++; - } - if((validEncChars & 0x03) != 0) { - return 0; - } - else { - return 1; - } -} diff --git a/CdsaUtils/cuEnc64.h b/CdsaUtils/cuEnc64.h deleted file mode 100644 index 77cb958b..00000000 --- a/CdsaUtils/cuEnc64.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 1998-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * cuEnc64.h - encode/decode in 64-char IA5 format, per RFC 1421 - */ - -#ifndef _CU_ENC64_H_ -#define _CU_ENC64_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to - * binary. Result is malloced and returned; its length is returned in *outlen. - * NULL return indicates corrupted input. - */ -unsigned char *cuEnc64(const unsigned char *inbuf, - unsigned inlen, - unsigned *outlen); // RETURNED - -/* - * Enc64, with embedded newlines every lineLen in result. A newline is - * the UNIX \n. Result is mallocd. - */ -unsigned char *cuEnc64WithLines(const unsigned char *inbuf, - unsigned inlen, - unsigned linelen, - unsigned *outlen); // RETURNED - -/* - * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to - * binary. Result is malloced and returned; its length is returned in *outlen. - * NULL return indicates corrupted input. All whitespace in inbuf is - * ignored. - */ -unsigned char *cuDec64(const unsigned char *inbuf, - unsigned inlen, - unsigned *outlen); - -/* - * Determine if specified input data is valid enc64 format. Returns 1 - * if valid, 0 if not. - */ -int cuIsValidEnc64(const unsigned char *inbuf, - unsigned inbufLen); - -#ifdef __cplusplus -} -#endif - -#endif /*_CU_ENC64_H_*/ diff --git a/CdsaUtils/cuFileIo.c b/CdsaUtils/cuFileIo.c deleted file mode 100644 index 010a1e58..00000000 --- a/CdsaUtils/cuFileIo.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2001-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuFileIo.c - - Description: simple file read/write utilities -*/ - -#include -#include -#include -#include -#include -#include -#include -#include "cuFileIo.h" - -int writeFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes) -{ - int rtn; - int fd; - - fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600); - if(fd <= 0) { - return errno; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - return errno; - } - rtn = write(fd, bytes, (size_t)numBytes); - if(rtn != (int)numBytes) { - if(rtn >= 0) { - printf("writeFile: short write\n"); - } - rtn = EIO; - } - else { - rtn = 0; - } - close(fd); - return rtn; -} - -/* - * Read entire file. - */ -int readFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes) // returned -{ - int rtn; - int fd; - char *buf; - struct stat sb; - unsigned size; - - *numBytes = 0; - *bytes = NULL; - fd = open(fileName, O_RDONLY, 0); - if(fd <= 0) { - return errno; - } - rtn = fstat(fd, &sb); - if(rtn) { - goto errOut; - } - size = sb.st_size; - buf = malloc(size); - if(buf == NULL) { - rtn = ENOMEM; - goto errOut; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - goto errOut; - } - rtn = read(fd, buf, (size_t)size); - if(rtn != (int)size) { - if(rtn >= 0) { - printf("readFile: short read\n"); - } - rtn = EIO; - } - else { - rtn = 0; - *bytes = buf; - *numBytes = size; - } -errOut: - close(fd); - return rtn; -} diff --git a/CdsaUtils/cuFileIo.h b/CdsaUtils/cuFileIo.h deleted file mode 100644 index bb3de3f8..00000000 --- a/CdsaUtils/cuFileIo.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2001-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuFileIo.h - - Description: simple file read/write utilities -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -int readFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes); // returned - -int writeFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes); - -#ifdef __cplusplus -} -#endif diff --git a/CdsaUtils/cuOidParser.cpp b/CdsaUtils/cuOidParser.cpp deleted file mode 100644 index 105218c7..00000000 --- a/CdsaUtils/cuOidParser.cpp +++ /dev/null @@ -1,314 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. - * Please obtain a copy of the License at http://www.apple.com/publicsource - * and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights - * and limitations under the License. - */ - -/* - * cuOidParser.cpp - parse an Intel-style OID, with the assistance - * of dumpasn1.cfg - */ - -#include -#include -#include -#include -#include "cuOidParser.h" -#include "cuFileIo.h" -#include -#include -#include -#include -#include -#include -#include - -/* get config file from .. or from . */ -#define CONFIG_FILE_NAME "dumpasn1.cfg" -static char *CONFIG_FILE1 = "../"CONFIG_FILE_NAME; -static char *CONFIG_FILE2 = CONFIG_FILE_NAME; -/* or from here via getenv */ -#define CONFIG_FILE_ENV "LOCAL_BUILD_DIR" - -static char *OID_ENTRY_START = "OID = "; -static char *OID_DESCR_START = "Description = "; -/* - * Read entire file with extra bytes left over in the mallocd buffer. - */ -int readFileExtra( - char *fileName, - unsigned extraBytes, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes) // returned -{ - int rtn; - int fd; - unsigned char *buf; - struct stat sb; - unsigned size; - - *numBytes = 0; - *bytes = NULL; - fd = open(fileName, O_RDONLY, 0); - if(fd <= 0) { - return 1; - } - rtn = fstat(fd, &sb); - if(rtn) { - goto errOut; - } - size = sb.st_size; - buf = (unsigned char *)malloc(size + extraBytes); - if(buf == NULL) { - rtn = ENOMEM; - goto errOut; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - goto errOut; - } - rtn = read(fd, buf, (size_t)size); - if(rtn != (int)size) { - if(rtn >= 0) { - printf("readFile: short read\n"); - } - rtn = EIO; - } - else { - rtn = 0; - *bytes = buf; - *numBytes = size; - } -errOut: - close(fd); - return rtn; -} - -/* - * Attempt to read dumpasn1.cfg from various places. If we can't find it, - * printOid() function will just print raw bytes as it - * would if the .cfg file did not contain the desired OID. - */ -static CSSM_DATA_PTR readConfig() -{ - CSSM_DATA_PTR configData = NULL; - int rtn; - - configData = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); - if(configData == NULL) { - return NULL; - } - /* malloc one extra byte, we'll null it later */ - rtn = readFileExtra(CONFIG_FILE1, 1, &configData->Data, - (unsigned *)&configData->Length); - if(rtn) { - rtn = readFileExtra(CONFIG_FILE2, 1, &configData->Data, - (unsigned *)&configData->Length); - } - if(rtn) { - char fileName[100]; - char *localBuildDir = getenv(CONFIG_FILE_ENV); - if(localBuildDir == NULL) { - rtn = 1; - } - else { - sprintf(fileName, "%s/%s", localBuildDir, CONFIG_FILE_NAME); - rtn = readFileExtra(fileName, 1, &configData->Data, - (unsigned *)&configData->Length); - } - } - if(rtn == 0) { - /* make the whole shebang one long C string */ - configData->Data[configData->Length++] = '\0'; - return configData; - } - else { - free(configData); - return NULL; - } -} - -/* - * The heart of this module. - * - * -- Convert Intel-style OID to a string which might be found - * in the config file - * -- search config file for that string - * -- if found, use that entry in config file to output meaningful - * string and return CSSM_TRUE. Else return CSSM_FALSE. - */ -static CSSM_BOOL parseOidWithConfig( - const CSSM_DATA_PTR configData, - const CSSM_OID_PTR oid, - char *strBuf) -{ - char *fullOidStr = NULL; - char *ourEntry = NULL; - char *nextEntry = NULL; - char *descStart = NULL; - char *cp; - unsigned i; - CSSM_BOOL brtn; - char *nextCr; // next CR if any - char *nextNl; // next NL if any - char *eol; // end of line - int len; - - if(configData == NULL) { - return CSSM_FALSE; - } - - /* cook up a full OID string, with tag and length */ - fullOidStr = (char *)malloc((3 * oid->Length) + - // 2 chars plus space per byte - strlen(OID_ENTRY_START) + // "OID = " - 6 + // 06 xx - tag and length - 1); // NULL - if(fullOidStr == NULL) { - return CSSM_FALSE; - } - /* subsequent errors to errOut: */ - - sprintf(fullOidStr, "OID = 06 %02X", (unsigned)oid->Length); - cp = fullOidStr + strlen(fullOidStr); - for(i=0; iLength; i++) { - /* move cp to current end of string */ - cp += strlen(cp); - /* add one byte */ - sprintf(cp, " %02X", oid->Data[i]); - } - - /* - * Let's play it loose and assume that there are no embedded NULLs - * in the config file. Thus we can use the spiffy string functions - * in stdlib. - */ - ourEntry = strstr((char *)configData->Data, fullOidStr); - if(ourEntry == NULL) { - brtn = CSSM_FALSE; - goto errOut; - } - - /* get position of NEXT full entry - may be NULL (end of file) */ - nextEntry = strstr(ourEntry+1, OID_ENTRY_START); - - /* get position of our entry's description line */ - descStart = strstr(ourEntry+1, OID_DESCR_START); - - /* handle not found/overflow */ - if( (descStart == NULL) || // no more description lines - ( (descStart > nextEntry) && // no description in THIS entry - (nextEntry != NULL) ) ) { // make sure this is valid - brtn = CSSM_FALSE; - goto errOut; - } - - /* set descStart to after the leader */ - descStart += strlen(OID_DESCR_START); - - /* - * descStart points to the text we're interested in. - * First find end of line, any style. - */ - nextNl = strchr(descStart, '\n'); - nextCr = strchr(descStart, '\r'); - if((nextNl == NULL) && (nextCr == NULL)) { - /* no line terminator, go to eof */ - eol = (char *)configData->Data + configData->Length; - } - else if(nextCr == NULL) { - eol = nextNl; - } - else if(nextNl == NULL) { - eol = nextCr; - } - else if(nextNl < nextCr) { - /* both present, take first one */ - eol = nextNl; - } - else { - eol = nextCr; - } - - /* caller's string buf = remainder of description line */ - len = eol - descStart; - if(len > (OID_PARSER_STRING_SIZE - 1)) { - /* fixed-length output buf, avoid overflow */ - len = OID_PARSER_STRING_SIZE - 1; - } - memcpy(strBuf, descStart, len); - strBuf[len] = '\0'; - brtn = CSSM_TRUE; -errOut: - if(fullOidStr != NULL) { - free(fullOidStr); - } - return brtn; -} - -/*** OidParser class ***/ -OidParser::OidParser(bool noConfig) -{ - if(noConfig) { - configData = NULL; - } - else { - configData = readConfig(); - } -} - -OidParser::~OidParser() -{ - if(configData == NULL) { - return; - } - if(configData->Data != NULL) { - free(configData->Data); - } - free(configData); -} - -/* - * Parse an Intel-style OID, generating a C string in caller-supplied buffer. - */ -void OidParser::oidParse( - const unsigned char *oidp, - unsigned oidLen, - char *strBuf) -{ - unsigned i; - CSSM_OID oid; - - oid.Data = (uint8 *)oidp; - oid.Length = oidLen; - - if((oidLen == 0) || (oidp == NULL)) { - strcpy(strBuf, "EMPTY"); - return; - } - if(parseOidWithConfig(configData, &oid, strBuf) == CSSM_FALSE) { - /* no config file, just dump the bytes */ - char cbuf[8]; - - sprintf(strBuf, "OID : < 06 %02X ", (unsigned)oid.Length); - for(i=0; i"); - } -} - - diff --git a/CdsaUtils/cuOidParser.h b/CdsaUtils/cuOidParser.h deleted file mode 100644 index fcadc5a7..00000000 --- a/CdsaUtils/cuOidParser.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * cuOidParser.cpp - parse an Intel-style OID, with the assistance of - * dumpasn1.cfg. - * - * The config file is looked for in the following locations: - * - * current working directory (.) - * parent directory (..) - * The directory specified by the environment variable LOCAL_BUILD_DIR - * - * OidParser will still work if the config file is not found, but OIDs - * will be dispayed in raw hex format. - */ - -#ifndef _OID_PARSER_H_ -#define _OID_PARSER_H_ - -#include - -/* - * Generated strings go into a client-allocated char array of - * this size. - */ -#define OID_PARSER_STRING_SIZE 120 - -class OidParser -{ -private: - CSSM_DATA_PTR configData; // contents of dumpasn1.cfg -public: - /* costruct with noConfig true - skip reading config file */ - OidParser(bool noConfig=false); - ~OidParser(); - - /* - * Parse an Intel-style OID, generating a C string in - * caller-supplied buffer. - */ - void oidParse( - const unsigned char *oidp, - unsigned oidLen, - char *strBuf); - -}; - -#endif /* _OID_PARSER_H_ */ diff --git a/CdsaUtils/cuPem.cpp b/CdsaUtils/cuPem.cpp deleted file mode 100644 index 6675ef60..00000000 --- a/CdsaUtils/cuPem.cpp +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuPem.h - - Description: PEM encode/decode routines - - Author: dmitch - -*/ - -#include "cuPem.h" -#include -#include -#include -#include -#include "cuEnc64.h" - -#define PEM_SCAN_LEN 8192 - -/* - * Determine if specified blob appears to be PEM format. - * Returns 1 if so, 0 if not. - */ -int isPem( - const unsigned char *inData, - unsigned inDataLen) -{ - /* - * 1. The entire blob must be printable ASCII. - */ - const unsigned char *cp = inData; - for(unsigned dex=0; dex PEM_SCAN_LEN) { - len = PEM_SCAN_LEN; - } - memcpy(buf, inData, len); - buf[len] = '\0'; - const char *p = strstr((const char *)buf, "-----BEGIN "); - if(p == NULL) { - return 0; - } - - /* - * Now the last PEM_SCAN_LEN chars or inDataLen, whichever is less. - */ - if(inDataLen > PEM_SCAN_LEN) { - memcpy(buf, inData + inDataLen - PEM_SCAN_LEN, PEM_SCAN_LEN); - buf[PEM_SCAN_LEN] = '\0'; - } - /* else we already have whole blob in buf[] */ - p = strstr((const char *)buf, "-----END "); - if(p == NULL) { - return 0; - } - /* success */ - return 1; -} - -int pemEncode( - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, - unsigned *outDataLen, - const char *headerString) -{ - unsigned char *enc; - unsigned encLen; - - /* First base64 encode */ - enc = cuEnc64WithLines(inData, inDataLen, 64, &encLen); - if(enc == NULL) { - /* malloc error is actually the only known failure */ - printf("***pemEncode: Error encoding file. Aborting.\n"); - return -1; - } - - /* estimate outsize - just be sloppy, way conservative */ - unsigned outSize = encLen + (2 * strlen(headerString)) + 200; - *outData = (unsigned char *)malloc(outSize); - sprintf((char *)*outData, "-----BEGIN %s-----\n%s-----END %s-----\n", - headerString, (char *)enc, headerString); - *outDataLen = strlen((char *)*outData); - - if((*outData)[*outDataLen - 1] == '\0') { - (*outDataLen)--; - } - free(enc); - return 0; -} - -int pemDecode( - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, - unsigned *outDataLen) -{ - char *cp; - char *curr1, *curr2; - char *startPem = NULL; - char *endPem = NULL; - unsigned char *out; - unsigned outLen; - int ourRtn = 0; - char *freeCp = NULL; - - /* make the whole thing a NULL-terminated string */ - if(inData[inDataLen - 1] != '\0') { - cp = freeCp = (char *)malloc(inDataLen + 1); - memmove(cp, inData, inDataLen); - cp[inDataLen] = '\0'; - inDataLen++; - } - else { - /* already is */ - cp = (char *)inData; - } - - /* cp is start of NULL-terminated buffer, size inDataLen */ - /* skip over everything until "-----" */ - curr1 = strstr(cp, "-----"); - if(curr1 == NULL) { - printf("***pemDecode: no terminator found\n"); - ourRtn = -1; - goto abort; - } - - /* find end of separator line, handling both flavors of terminator */ - cp = curr1; - curr1 = strchr(cp, '\n'); - curr2 = strchr(cp, '\r'); - if((curr1 == NULL) & (curr2 == NULL)) { - printf("***pemDecode: Bad PEM format (1)\n"); - ourRtn = -1; - goto abort; - } - if(curr1 == NULL) { - startPem = curr2; - } - else { - startPem = curr1; - } - - /* startPem points to end of separator line */ - /* locate ending terminator and lop it off */ - curr1 = strstr(startPem, "-----"); - if(curr1 == NULL) { - printf("***pemDecode: Bad PEM format (2)\n"); - ourRtn = -1; - goto abort; - } - endPem = curr1; - /* endPem points to last PEM data plus one */ - - out = cuDec64((unsigned char *)startPem, endPem-startPem, &outLen); - if(out == NULL) { - printf("Bad PEM format (3)\n"); - ourRtn = -1; - goto abort; - } - *outData = out; - *outDataLen = outLen; -abort: - if(freeCp) { - free(freeCp); - } - return ourRtn; -} - diff --git a/CdsaUtils/cuPem.h b/CdsaUtils/cuPem.h deleted file mode 100644 index 58a08fde..00000000 --- a/CdsaUtils/cuPem.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: cuPem.h - - Description: PEM encode/decode routines - - Author: dmitch -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -int isPem( - const unsigned char *inData, - unsigned inDataLen); - -int pemEncode( - const unsigned char *inData, - unsigned inFileLen, - unsigned char **outData, - unsigned *outDataLen, - const char *headerString); - -int pemDecode( - const unsigned char *inData, - unsigned inFileLen, - unsigned char **outData, - unsigned *outDataLen); - -#ifdef __cplusplus -} -#endif diff --git a/CdsaUtils/cuPrintCert.cpp b/CdsaUtils/cuPrintCert.cpp deleted file mode 100644 index 3c738740..00000000 --- a/CdsaUtils/cuPrintCert.cpp +++ /dev/null @@ -1,1372 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * cuPrintCert.cpp - Parse a cert or CRL, dump contents. - */ -#include "cuCdsaUtils.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include "cuPrintCert.h" -#include "cuOidParser.h" -#include "cuTimeStr.h" -#include - -static char *months[] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -}; - -static void printTimeStr(const CSSM_DATA *cssmTime) -{ - struct tm tm; - - /* ignore cssmTime->timeType for now */ - if(cuTimeStringToTm((char *)cssmTime->Data, cssmTime->Length, &tm)) { - printf("***Bad time string format***\n"); - return; - } - if(tm.tm_mon > 11) { - printf("***Bad time string format***\n"); - return; - } - printf("%02d:%02d:%02d %s %d, %04d\n", - tm.tm_hour, tm.tm_min, tm.tm_sec, - months[tm.tm_mon], tm.tm_mday, tm.tm_year + 1900); - -} - - -static void printTime(const CSSM_X509_TIME *cssmTime) -{ - /* ignore cssmTime->timeType for now */ - printTimeStr(&cssmTime->time); -} - -static void printDataAsHex( - const CSSM_DATA *d, - unsigned maxToPrint = 0) // optional, 0 means print it all -{ - unsigned i; - bool more = false; - uint32 len = d->Length; - uint8 *cp = d->Data; - - if((maxToPrint != 0) && (len > maxToPrint)) { - len = maxToPrint; - more = true; - } - for(i=0; iLength - * Tag is implied - */ -static void printOid(OidParser &parser, const CSSM_DATA *oid) -{ - char strBuf[OID_PARSER_STRING_SIZE]; - - if(oid == NULL) { - printf("NULL\n"); - return; - } - if((oid->Length == 0) || (oid->Data == NULL)) { - printf("EMPTY\n"); - return; - } - parser.oidParse(oid->Data, oid->Length, strBuf); - printf("%s\n", strBuf); -} - -/* - * Used to print generic blobs which we don't really understand. - * The bytesToPrint argument is usually thing->Length; it's here because snacc - * peports lengths of bit strings in BITS. Caller knows this and - * modifies bytesToPrint accordingly. In any case, bytesToPrint is the - * max number of valid bytes in *thing->Data. - */ -#define BLOB_LENGTH_PRINT 3 - -static void printBlobBytes( - char *blobType, - char *quanta, // e.g., "bytes', "bits" - uint32 bytesToPrint, - const CSSM_DATA *thing) -{ - uint32 dex; - uint32 toPrint = bytesToPrint; - - if(toPrint > BLOB_LENGTH_PRINT) { - toPrint = BLOB_LENGTH_PRINT; - } - printf("%s; Length %u %s; data = ", - blobType, (unsigned)thing->Length, quanta); - for(dex=0; dexData[dex]); - if(dex == (toPrint - 1)) { - break; - } - } - if(dex < bytesToPrint) { - printf(" ...\n"); - } - else { - printf("\n"); - } -} - -/* - * Print an IA5String or Printable string. Null terminator is not assumed. - * Trailing newline is printed. - */ -static void printString( - const CSSM_DATA *str) -{ - unsigned i; - char *cp = (char *)str->Data; - for(i=0; iLength; i++) { - printf("%c", *cp++); - } - printf("\n"); -} - -static void printDerThing( - CSSM_BER_TAG tagType, - const CSSM_DATA *thing, - OidParser &parser) -{ - switch(tagType) { - case BER_TAG_INTEGER: - printf("%d\n", cuDER_ToInt(thing)); - return; - case BER_TAG_BOOLEAN: - if(thing->Length != 1) { - printf("***malformed BER_TAG_BOOLEAN: length %u data ", - (unsigned)thing->Length); - } - printf("%u\n", cuDER_ToInt(thing)); - return; - case BER_TAG_PRINTABLE_STRING: - case BER_TAG_IA5_STRING: - case BER_TAG_T61_STRING: // mostly printable.... - printString(thing); - return; - case BER_TAG_OCTET_STRING: - printBlobBytes("Byte string", "bytes", thing->Length, thing); - return; - case BER_TAG_BIT_STRING: - printBlobBytes("Bit string", "bits", (thing->Length + 7) / 8, thing); - return; - case BER_TAG_SEQUENCE: - printBlobBytes("Sequence", "bytes", thing->Length, thing); - return; - case BER_TAG_SET: - printBlobBytes("Set", "bytes", thing->Length, thing); - return; - case BER_TAG_OID: - printf("OID = "); - printOid(parser, thing); - break; - default: - printf("not displayed (tagType = %s; length %u)\n", - tagTypeString(tagType), (unsigned)thing->Length); - break; - - } -} - -static void printSigAlg( - const CSSM_X509_ALGORITHM_IDENTIFIER *sigAlg, - OidParser &parser) -{ - printOid(parser, &sigAlg->algorithm); - if(sigAlg->parameters.Data != NULL) { - printf(" alg params : "); - printDataAsHex(&sigAlg->parameters, 8); - } -} - -/* compare two OIDs, return CSSM_TRUE if identical */ -static CSSM_BOOL compareOids( - const CSSM_OID *oid1, - const CSSM_OID *oid2) -{ - if((oid1 == NULL) || (oid2 == NULL)) { - return CSSM_FALSE; - } - if(oid1->Length != oid2->Length) { - return CSSM_FALSE; - } - if(memcmp(oid1->Data, oid2->Data, oid1->Length)) { - return CSSM_FALSE; - } - else { - return CSSM_TRUE; - } -} - -static void printRdn( - const CSSM_X509_RDN *rdnp, - OidParser &parser) -{ - CSSM_X509_TYPE_VALUE_PAIR *ptvp; - unsigned pairDex; - char *fieldName; - - for(pairDex=0; pairDexnumberOfPairs; pairDex++) { - ptvp = &rdnp->AttributeTypeAndValue[pairDex]; - if(compareOids(&ptvp->type, &CSSMOID_CountryName)) { - fieldName = "Country "; - } - else if(compareOids(&ptvp->type, &CSSMOID_OrganizationName)) { - fieldName = "Org "; - } - else if(compareOids(&ptvp->type, &CSSMOID_LocalityName)) { - fieldName = "Locality "; - } - else if(compareOids(&ptvp->type, &CSSMOID_OrganizationalUnitName)) { - fieldName = "OrgUnit "; - } - else if(compareOids(&ptvp->type, &CSSMOID_CommonName)) { - fieldName = "Common Name "; - } - else if(compareOids(&ptvp->type, &CSSMOID_Surname)) { - fieldName = "Surname "; - } - else if(compareOids(&ptvp->type, &CSSMOID_Title)) { - fieldName = "Title "; - } - else if(compareOids(&ptvp->type, &CSSMOID_Surname)) { - fieldName = "Surname "; - } - else if(compareOids(&ptvp->type, &CSSMOID_StateProvinceName)) { - fieldName = "State "; - } - else if(compareOids(&ptvp->type, &CSSMOID_CollectiveStateProvinceName)) { - fieldName = "Coll. State "; - } - else if(compareOids(&ptvp->type, &CSSMOID_EmailAddress)) { - /* deprecated, used by Thawte */ - fieldName = "Email addrs "; - } - else { - fieldName = "Other name "; - } - printf(" %s : ", fieldName); - printDerThing(ptvp->valueType, &ptvp->value, parser); - } /* for each type/value pair */ -} - -static CSSM_RETURN printName( - const CSSM_X509_NAME *x509Name, - OidParser &parser) -{ - CSSM_X509_RDN_PTR rdnp; - unsigned rdnDex; - - for(rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - rdnp = &x509Name->RelativeDistinguishedName[rdnDex]; - printRdn(rdnp, parser); - } - - return CSSM_OK; -} - -static void printKeyHeader( - const CSSM_KEYHEADER &hdr) -{ - printf(" Algorithm : "); - switch(hdr.AlgorithmId) { - case CSSM_ALGID_RSA: - printf("RSA\n"); - break; - case CSSM_ALGID_DSA: - printf("DSA\n"); - break; - case CSSM_ALGID_FEE: - printf("FEE\n"); - break; - case CSSM_ALGID_DH: - printf("Diffie-Hellman\n"); - break; - default: - printf("Unknown(%u(d), 0x%x)\n", (unsigned)hdr.AlgorithmId, - (unsigned)hdr.AlgorithmId); - } - printf(" Key Size : %u bits\n", (unsigned)hdr.LogicalKeySizeInBits); - printf(" Key Use : "); - CSSM_KEYUSE usage = hdr.KeyUsage; - if(usage & CSSM_KEYUSE_ANY) { - printf("CSSM_KEYUSE_ANY "); - } - if(usage & CSSM_KEYUSE_ENCRYPT) { - printf("CSSM_KEYUSE_ENCRYPT "); - } - if(usage & CSSM_KEYUSE_DECRYPT) { - printf("CSSM_KEYUSE_DECRYPT "); - } - if(usage & CSSM_KEYUSE_SIGN) { - printf("CSSM_KEYUSE_SIGN "); - } - if(usage & CSSM_KEYUSE_VERIFY) { - printf("CSSM_KEYUSE_VERIFY "); - } - if(usage & CSSM_KEYUSE_SIGN_RECOVER) { - printf("CSSM_KEYUSE_SIGN_RECOVER "); - } - if(usage & CSSM_KEYUSE_VERIFY_RECOVER) { - printf("CSSM_KEYUSE_VERIFY_RECOVER "); - } - if(usage & CSSM_KEYUSE_WRAP) { - printf("CSSM_KEYUSE_WRAP "); - } - if(usage & CSSM_KEYUSE_UNWRAP) { - printf("CSSM_KEYUSE_UNWRAP "); - } - if(usage & CSSM_KEYUSE_DERIVE) { - printf("CSSM_KEYUSE_DERIVE "); - } - printf("\n"); - -} - -/* - * Print contents of a CE_GeneralNames as best we can. - */ -static void printGeneralNames( - const CE_GeneralNames *generalNames, - OidParser &parser) -{ - unsigned i; - CE_GeneralName *name; - - for(i=0; inumNames; i++) { - name = &generalNames->generalName[i]; - switch(name->nameType) { - case GNT_RFC822Name: - printf(" RFC822Name : "); - printString(&name->name); - break; - case GNT_DNSName: - printf(" DNSName : "); - printString(&name->name); - break; - case GNT_URI: - printf(" URI : "); - printString(&name->name); - break; - case GNT_IPAddress: - printf(" IP Address : "); - for(unsigned i=0; iname.Length; i++) { - printf("%d", name->name.Data[i]); - if(i < (name->name.Length - 1)) { - printf("."); - } - } - printf("\n"); - break; - case GNT_RegisteredID: - printf(" RegisteredID : "); - printOid(parser, &name->name); - break; - case GNT_X400Address: - /* ORAddress, a very complicated struct - punt */ - printf(" X400Address : "); - printBlobBytes("Sequence", "bytes", name->name.Length, &name->name); - break; - case GNT_DirectoryName: - if(!name->berEncoded) { - /* CL parsed it for us into an CSSM_X509_NAME */ - if(name->name.Length != sizeof(CSSM_X509_NAME)) { - printf("***MALFORMED GNT_DirectoryName\n"); - break; - } - const CSSM_X509_NAME *x509Name = - (const CSSM_X509_NAME *)name->name.Data; - printf(" Dir Name :\n"); - printName(x509Name, parser); - } - else { - /* encoded Name (i.e. CSSM_X509_NAME) */ - printf(" Dir Name : "); - printBlobBytes("Byte string", "bytes", - name->name.Length, &name->name); - } - break; - case GNT_EdiPartyName: - /* sequence EDIPartyName */ - printf(" EdiPartyName : "); - printBlobBytes("Sequence", "bytes", name->name.Length, &name->name); - break; - case GNT_OtherName: - { - printf(" OtherName :\n"); - if(name->name.Length != sizeof(CE_OtherName)) { - printf("***Malformed CE_OtherName\n"); - break; - } - CE_OtherName *other = (CE_OtherName *)name->name.Data; - printf(" typeID : "); - printOid(parser, &other->typeId); - printf(" value : "); - printDataAsHex(&other->value, 0); - break; - } - } - } -} - -static int printCdsaExtensionCommon( - const CSSM_X509_EXTENSION *cssmExt, - OidParser &parser, - bool expectParsed, - CSSM_BOOL verbose, - bool extraIndent = false) -{ - if(extraIndent) { - printf(" Extension : "); printOid(parser, &cssmExt->extnId); - printf(" Critical : %s\n", cssmExt->critical ? "TRUE" : "FALSE"); - } - else { - printf("Extension struct : "); printOid(parser, &cssmExt->extnId); - printf(" Critical : %s\n", cssmExt->critical ? "TRUE" : "FALSE"); - } - switch(cssmExt->format) { - case CSSM_X509_DATAFORMAT_ENCODED: - if(expectParsed) { - printf("Bad CSSM_X509_EXTENSION; expected FORMAT_PARSED\n"); - return 1; - } - if((cssmExt->BERvalue.Data == NULL) || - (cssmExt->value.parsedValue != NULL)) { - printf("***Malformed CSSM_X509_EXTENSION (1)\n"); - return 1; - } - break; - case CSSM_X509_DATAFORMAT_PARSED: - if(!expectParsed) { - printf("Bad CSSM_X509_EXTENSION; expected FORMAT_ENCODED\n"); - return 1; - } - if((cssmExt->BERvalue.Data != NULL) || - (cssmExt->value.parsedValue == NULL)) { - printf("***Malformed CSSM_X509_EXTENSION (2)\n"); - return 1; - } - break; - case CSSM_X509_DATAFORMAT_PAIR: - /* both parsed and encoded forms present */ - if(!expectParsed) { - printf("Bad CSSM_X509_EXTENSION; expected FORMAT_ENCODED\n"); - return 1; - } - if((cssmExt->BERvalue.Data == NULL) || - (cssmExt->value.parsedValue == NULL)) { - printf("***Malformed CSSM_X509_EXTENSION (3)\n"); - return 1; - } - if(verbose) { - /* also print some of the encoded form */ - if(extraIndent) { - printf(" Unparsed data : "); - } - else { - printf(" Unparsed data : "); - } - printDataAsHex(&cssmExt->BERvalue, 8); - } - break; - default: - printf("***Unknown CSSM_X509_EXTENSION.format\n"); - return 1; - } - return 0; -} - -static int printExtensionCommon( - const CSSM_DATA &value, - OidParser &parser, - CSSM_BOOL verbose, - bool expectParsed = true) -{ - if(value.Length != sizeof(CSSM_X509_EXTENSION)) { - printf("***malformed CSSM_FIELD (1)\n"); - return 1; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - return printCdsaExtensionCommon(cssmExt, parser, expectParsed, verbose); -} - - -static void printKeyUsage( - const CSSM_DATA &value) -{ - CE_KeyUsage usage; - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - - usage = *((CE_KeyUsage *)cssmExt->value.parsedValue); - printf(" usage : "); - if(usage & CE_KU_DigitalSignature) { - printf("DigitalSignature "); - } - if(usage & CE_KU_NonRepudiation) { - printf("NonRepudiation "); - } - if(usage & CE_KU_KeyEncipherment) { - printf("KeyEncipherment "); - } - if(usage & CE_KU_DataEncipherment) { - printf("DataEncipherment "); - } - if(usage & CE_KU_KeyAgreement) { - printf("KeyAgreement "); - } - if(usage & CE_KU_KeyCertSign) { - printf("KeyCertSign "); - } - if(usage & CE_KU_CRLSign) { - printf("CRLSign "); - } - if(usage & CE_KU_EncipherOnly) { - printf("EncipherOnly "); - } - if(usage & CE_KU_DecipherOnly) { - printf("DecipherOnly "); - } - printf("\n"); - -} - -static void printBasicConstraints( - const CSSM_DATA &value) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_BasicConstraints *bc = (CE_BasicConstraints *)cssmExt->value.parsedValue; - printf(" CA : %s\n", bc->cA ? "TRUE" : "FALSE"); - if(bc->pathLenConstraintPresent) { - printf(" pathLenConstr : %u\n", (unsigned)bc->pathLenConstraint); - } -} - -static void printExtKeyUsage( - const CSSM_DATA &value, - OidParser &parser) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)cssmExt->value.parsedValue; - unsigned oidDex; - for(oidDex=0; oidDexnumPurposes; oidDex++) { - printf(" purpose %2d : ", oidDex); - printOid(parser, &eku->purposes[oidDex]); - } -} - -static void printCssmAuthorityKeyId( - const CE_AuthorityKeyID *akid, - OidParser &parser) -{ - if(akid->keyIdentifierPresent) { - printf(" Auth KeyID : "); - printDataAsHex(&akid->keyIdentifier, -8); - } - if(akid->generalNamesPresent) { - printGeneralNames(akid->generalNames, parser); - } - if(akid->serialNumberPresent) { - printf(" serialNumber : "); - printDataAsHex(&akid->serialNumber, 8); - } -} - -static void printAuthorityKeyId( - const CSSM_DATA &value, - OidParser &parser) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)cssmExt->value.parsedValue; - printCssmAuthorityKeyId(akid, parser); -} - -static void printSubjectIssuerAltName( - const CSSM_DATA &value, - OidParser &parser) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_GeneralNames *san = (CE_GeneralNames *)cssmExt->value.parsedValue; - printGeneralNames(san, parser); -} - -static void printDistPointName( - const CE_DistributionPointName *dpn, - OidParser &parser) -{ - switch(dpn->nameType) { - case CE_CDNT_FullName: - printGeneralNames(dpn->fullName, parser); - break; - case CE_CDNT_NameRelativeToCrlIssuer: - printRdn(dpn->rdn, parser); - break; - default: - printf("***BOGUS CE_DistributionPointName.nameType\n"); - break; - } -} - -static void printDistPoint( - const CE_CRLDistributionPoint *dp, - OidParser &parser) -{ - if(dp->distPointName) { - printf(" Dist pt Name :\n"); - printDistPointName(dp->distPointName, parser); - } - printf(" reasonsPresent : %s\n", dp->reasonsPresent ? "TRUE" : "FALSE"); - if(dp->reasonsPresent) { - /* FIXME - parse */ - printf(" reasons : 0x%X\n", dp->reasons); - } - if(dp->crlIssuer) { - printf(" CRLIssuer :\n"); - printGeneralNames(dp->crlIssuer, parser); - } -} - -static void printDistributionPoints( - const CSSM_DATA &value, - OidParser &parser) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_CRLDistPointsSyntax *dps = (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue; - - for(unsigned dex=0; dexnumDistPoints; dex++) { - printf(" Dist pt %d :\n", dex); - printDistPoint(&dps->distPoints[dex], parser); - } -} - -static void printValueOrNotPresent( - CSSM_BOOL present, - CSSM_BOOL value) -{ - if(!present) { - printf("\n"); - } - else if(value) { - printf("TRUE\n"); - } - else { - printf("FALSE"); - } -} - -static void printIssuingDistributionPoint( - const CE_IssuingDistributionPoint *idp, - OidParser &parser) -{ - if(idp->distPointName) { - printf(" Dist pt :\n"); - printDistPointName(idp->distPointName, parser); - } - printf(" Only user certs : "); - printValueOrNotPresent(idp->onlyUserCertsPresent, idp->onlyUserCerts); - printf(" Only CA certs : "); - printValueOrNotPresent(idp->onlyCACertsPresent, idp->onlyCACerts); - printf(" Only some reason: "); - printValueOrNotPresent(idp->onlySomeReasonsPresent, idp->onlySomeReasons); - printf(" Indirectl CRL : "); - printValueOrNotPresent(idp->indirectCrlPresent, idp->indirectCrl); -} - -static void printCertPolicies( - const CSSM_DATA &value, - OidParser &parser) -{ - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - CE_CertPolicies *cdsaObj = (CE_CertPolicies *)cssmExt->value.parsedValue; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex]; - printf(" Policy %2d : ID ", polDex); - printOid(parser, &cPolInfo->certPolicyId); - for(unsigned qualDex=0; qualDexnumPolicyQualifiers; qualDex++) { - CE_PolicyQualifierInfo *cQualInfo = &cPolInfo->policyQualifiers[qualDex]; - printf(" Qual %2d : ID ", qualDex); - printOid(parser, &cQualInfo->policyQualifierId); - if(cuCompareCssmData(&cQualInfo->policyQualifierId, - &CSSMOID_QT_CPS)) { - printf(" CPS : "); - printString(&cQualInfo->qualifier); - } - else { - printf(" unparsed : "); - printDataAsHex(&cQualInfo->qualifier, 8); - } - } - } -} - -static void printNetscapeCertType( - const CSSM_DATA &value) -{ - CE_NetscapeCertType certType; - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; - - certType = *((CE_NetscapeCertType *)cssmExt->value.parsedValue); - printf(" certType : "); - if(certType & CE_NCT_SSL_Client) { - printf("SSL_Client "); - } - if(certType & CE_NCT_SSL_Server) { - printf("SSL_Server "); - } - if(certType & CE_NCT_SMIME) { - printf("S/MIME "); - } - if(certType & CE_NCT_ObjSign) { - printf("ObjectSign "); - } - if(certType & CE_NCT_Reserved) { - printf("Reserved "); - } - if(certType & CE_NCT_SSL_CA) { - printf("SSL_CA "); - } - if(certType & CE_NCT_SMIME_CA) { - printf("SMIME_CA "); - } - if(certType & CE_NCT_ObjSignCA) { - printf("ObjSignCA "); - } - printf("\n"); -} - -/* print one field */ -void printCertField( - const CSSM_FIELD &field, - OidParser &parser, - CSSM_BOOL verbose) -{ - const CSSM_DATA *thisData = &field.FieldValue; - const CSSM_OID *thisOid = &field.FieldOid; - - if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Version)) { - if(verbose) { - printf("Version : %u\n", cuDER_ToInt(thisData)); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SerialNumber)) { - printf("Serial Number : "); printDataAsHex(thisData, 0); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerNameCStruct)) { - printf("Issuer Name :\n"); - CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data; - if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) { - printf(" ***malformed CSSM_X509_NAME\n"); - } - else { - printName(name, parser); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectNameCStruct)) { - printf("Subject Name :\n"); - CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data; - if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) { - printf(" ***malformed CSSM_X509_NAME\n"); - } - else { - printName(name, parser); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotBefore)) { - CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data; - if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) { - printf(" ***malformed CSSM_X509_TIME\n"); - } - else if(verbose) { - printf("Not Before : "); printString(&cssmTime->time); - printf(" : "); - printTime(cssmTime); - } - else { - printf("Not Before : "); - printTime(cssmTime); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotAfter)) { - CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data; - if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) { - printf(" ***malformed CSSM_X509_TIME\n"); - } - else if(verbose) { - printf("Not After : "); printString(&cssmTime->time); - printf(" : "); - printTime(cssmTime); - } - else { - printf("Not After : "); - printTime(cssmTime); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithmTBS)) { - if(verbose) { - /* normally skip, it's the same as TBS sig alg */ - printf("TBS Sig Algorithm : "); - CSSM_X509_ALGORITHM_IDENTIFIER *algId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data; - if((algId == NULL) || - (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) { - printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n"); - } - else { - printSigAlg(algId, parser); - } - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithm)) { - printf("Cert Sig Algorithm : "); - CSSM_X509_ALGORITHM_IDENTIFIER *algId = - (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data; - if((algId == NULL) || - (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) { - printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n"); - } - else { - printSigAlg(algId, parser); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateIssuerUniqueId)) { - if(verbose) { - printf("Issuer UniqueId : "); - printDerThing(BER_TAG_BIT_STRING, thisData, parser); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateSubjectUniqueId)) { - if(verbose) { - printf("Subject UniqueId : "); - printDerThing(BER_TAG_BIT_STRING, thisData, parser); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectPublicKeyCStruct)) { - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *pubKeyInfo = - (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)thisData->Data; - printf("Pub Key Algorithm : "); - if((pubKeyInfo == NULL) || - (thisData->Length != sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO))) { - printf(" ***malformed CSSM_X509_SUBJECT_PUBLIC_KEY_INFO\n"); - } - else { - printSigAlg(&pubKeyInfo->algorithm, parser); - printf("Pub key Bytes : Length %u bytes : ", - (unsigned)pubKeyInfo->subjectPublicKey.Length); - printDataAsHex(&pubKeyInfo->subjectPublicKey, 8); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_CSSMKeyStruct)) { - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)thisData->Data; - printf("CSSM Key :\n"); - if((cssmKey == NULL) || - (thisData->Length != sizeof(CSSM_KEY))) { - printf(" ***malformed CSSM_KEY\n"); - } - else { - printKeyHeader(cssmKey->KeyHeader); - if(verbose) { - printf(" Key Blob : "); - printDataAsHex(&cssmKey->KeyData, 8); - } - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Signature)) { - printf("Signature : %u bytes : ", (unsigned)thisData->Length); - printDataAsHex(thisData, 8); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V3CertificateExtensionCStruct)) { - if(printExtensionCommon(*thisData, parser, verbose, false)) { - return; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data; - printf(" Unparsed data : "); printDataAsHex(&cssmExt->BERvalue, 8); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_KeyUsage)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printKeyUsage(*thisData); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_BasicConstraints)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printBasicConstraints(*thisData); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_ExtendedKeyUsage)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printExtKeyUsage(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectKeyIdentifier)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data; - CSSM_DATA_PTR cdata = (CSSM_DATA_PTR)cssmExt->value.parsedValue; - if((cdata == NULL) || (cdata->Data == NULL)) { - printf("****Malformed extension (no parsedValue)\n"); - } - else { - printf(" Subject KeyID : "); printDataAsHex(cdata, 8); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_AuthorityKeyIdentifier)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printAuthorityKeyId(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectAltName)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printSubjectIssuerAltName(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_IssuerAltName)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printSubjectIssuerAltName(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_CertificatePolicies)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printCertPolicies(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_NetscapeCertType)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printNetscapeCertType(*thisData); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_CrlDistributionPoints)) { - if(printExtensionCommon(*thisData, parser, verbose)) { - return; - } - printDistributionPoints(*thisData, parser); - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerName)) { - if(verbose) { - printf("Normalized Issuer : "); - printDataAsHex(thisData, 8); - } - } - else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectName)) { - if(verbose) { - printf("Normalized Subject : "); - printDataAsHex(thisData, 8); - } - } - else { - printf("Other field: : "); printOid(parser, thisOid); - } -} - -void printCrlExten( - const CSSM_X509_EXTENSION *exten, - CSSM_BOOL verbose, - OidParser &parser) -{ - const CSSM_OID *oid = &exten->extnId; - const void *thisData = exten->value.parsedValue; - - if(exten->format == CSSM_X509_DATAFORMAT_ENCODED) { - if(printCdsaExtensionCommon(exten, parser, false, verbose)) { - return; - } - printf(" Unparsed data : "); printDataAsHex(&exten->BERvalue, 8); - } - else if(exten->format != CSSM_X509_DATAFORMAT_PAIR) { - printf("***Badly formatted CSSM_X509_EXTENSION\n"); - return; - } - else if(cuCompareCssmData(oid, &CSSMOID_AuthorityKeyIdentifier)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose)) { - return; - } - printCssmAuthorityKeyId((CE_AuthorityKeyID *)thisData, parser); - } - else if(cuCompareCssmData(oid, &CSSMOID_IssuerAltName)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose)) { - return; - } - printGeneralNames((CE_GeneralNames *)thisData, parser); - } - else if(cuCompareCssmData(oid, &CSSMOID_CrlNumber)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose)) { - return; - } - printf(" CRL Number : %u\n", *((unsigned *)thisData)); - } - else if(cuCompareCssmData(oid, &CSSMOID_DeltaCrlIndicator)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose)) { - return; - } - printf(" Delta CRL Base : %u\n", *((unsigned *)thisData)); - } - else if(cuCompareCssmData(oid, &CSSMOID_IssuingDistributionPoint)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose)) { - return; - } - printIssuingDistributionPoint((CE_IssuingDistributionPoint *)thisData, - parser); - } - else { - /* should never happen - we're out of sync with the CL */ - printf("UNKNOWN EXTENSION : "); printOid(parser, oid); - } -} - -void printCrlEntryExten( - const CSSM_X509_EXTENSION *exten, - CSSM_BOOL verbose, - OidParser &parser) -{ - const CSSM_OID *oid = &exten->extnId; - const void *thisData = exten->value.parsedValue; - - if(exten->format == CSSM_X509_DATAFORMAT_ENCODED) { - if(printCdsaExtensionCommon(exten, parser, false, verbose, true)) { - return; - } - printf(" Unparsed data: "); printDataAsHex(&exten->BERvalue, 8); - } - else if(exten->format != CSSM_X509_DATAFORMAT_PAIR) { - printf("***Badly formatted CSSM_X509_EXTENSION\n"); - return; - } - else if(cuCompareCssmData(oid, &CSSMOID_CrlReason)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose, true)) { - return; - } - CE_CrlReason *cr = (CE_CrlReason *)thisData; - char *reason = "UNKNOWN"; - switch(*cr) { - case CE_CR_Unspecified: - reason = "CE_CR_Unspecified"; break; - case CE_CR_KeyCompromise: - reason = "CE_CR_KeyCompromise"; break; - case CE_CR_CACompromise: - reason = "CE_CR_CACompromise"; break; - case CE_CR_AffiliationChanged: - reason = "CE_CR_AffiliationChanged"; break; - case CE_CR_Superseded: - reason = "CE_CR_Superseded"; break; - case CE_CR_CessationOfOperation: - reason = "CE_CR_CessationOfOperation"; break; - case CE_CR_CertificateHold: - reason = "CE_CR_CertificateHold"; break; - case CE_CR_RemoveFromCRL: - reason = "CE_CR_RemoveFromCRL"; break; - default: - break; - } - printf(" CRL Reason : %s\n", reason); - } - else if(cuCompareCssmData(oid, &CSSMOID_HoldInstructionCode)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose, true)) { - return; - } - printf(" Hold Instr : "); - printOid(parser, (CSSM_OID_PTR)thisData); - } - else if(cuCompareCssmData(oid, &CSSMOID_InvalidityDate)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose, true)) { - return; - } - printf(" Invalid Date : "); - printTimeStr((CSSM_DATA_PTR)thisData); - } - else if(cuCompareCssmData(oid, &CSSMOID_CertIssuer)) { - if(printCdsaExtensionCommon(exten, parser, true, verbose, true)) { - return; - } - printGeneralNames((CE_GeneralNames *)thisData, parser); - } - else { - /* should never happen - we're out of sync with the CL */ - printf("UNKNOWN EXTENSION : "); printOid(parser, oid); - } -} - -void printCrlFields( - const CSSM_X509_SIGNED_CRL *signedCrl, - CSSM_BOOL verbose, - OidParser &parser) -{ - unsigned i; - const CSSM_X509_TBS_CERTLIST *tbsCrl = &signedCrl->tbsCertList; - - if(tbsCrl->version.Data) { - printf("Version : %d\n", cuDER_ToInt(&tbsCrl->version)); - } - - printf("TBS Sig Algorithm : "); - const CSSM_X509_ALGORITHM_IDENTIFIER *algId = &tbsCrl->signature; - printSigAlg(algId, parser); - - printf("Issuer Name :\n"); - printName(&tbsCrl->issuer, parser); - - printf("This Update : "); - printTime(&tbsCrl->thisUpdate); - printf("Next Update : "); - if(tbsCrl->nextUpdate.time.Data) { - printTime(&tbsCrl->nextUpdate); - } - else { - printf("\n"); - } - - CSSM_X509_REVOKED_CERT_LIST_PTR certList = tbsCrl->revokedCertificates; - if(certList) { - if(verbose) { - printf("Num Revoked Certs : %d\n", - (int)certList->numberOfRevokedCertEntries); - for(i=0; inumberOfRevokedCertEntries; i++) { - CSSM_X509_REVOKED_CERT_ENTRY_PTR entry; - entry = &certList->revokedCertEntry[i]; - printf("Revoked Cert %d :\n", (int)i); - printf(" Serial number : "); - printDataAsHex(&entry->certificateSerialNumber, 0); - printf(" Revocation time : "); - printTime(&entry->revocationDate); - const CSSM_X509_EXTENSIONS *cssmExtens = &entry->extensions; - uint32 numExtens = cssmExtens->numberOfExtensions; - if(numExtens == 0) { - continue; - } - printf(" Num Extensions : %u\n", (unsigned)numExtens); - for(unsigned dex=0; dexextensions[dex], verbose, - parser); - } - } - } - else { - printf("Num Revoked Certs : %d (use verbose option to see)\n", - (int)certList->numberOfRevokedCertEntries); - } - } - - const CSSM_X509_EXTENSIONS *crlExtens = &tbsCrl->extensions; - if(crlExtens->numberOfExtensions) { - printf("Num CRL Extensions : %d\n", - (int)crlExtens->numberOfExtensions); - for(i=0; inumberOfExtensions; i++) { - printCrlExten(&crlExtens->extensions[i], verbose, parser); - } - } - - const CSSM_X509_SIGNATURE *sig = &signedCrl->signature; - if(sig->encrypted.Data) { - printf("Signature : %u bytes : ", (unsigned)sig->encrypted.Length); - printDataAsHex(&sig->encrypted, 8); - } -} - - -/* connect to CSSM/CL lazily, once */ -static CSSM_CL_HANDLE clHand = 0; - -int printCert( - const unsigned char *certData, - unsigned certLen, - CSSM_BOOL verbose) -{ - CSSM_FIELD_PTR fieldPtr; // mallocd by CL - uint32 i; - uint32 numFields; - OidParser parser; - CSSM_DATA cert; - - if(clHand == 0) { - clHand = cuClStartup(); - if(clHand == 0) { - printf("***Error connecting to CSSM cert module; aborting cert " - "display\n"); - return 0; - } - } - cert.Data = (uint8 *)certData; - cert.Length = certLen; - - CSSM_RETURN crtn = CSSM_CL_CertGetAllFields(clHand, - &cert, - &numFields, - &fieldPtr); - if(crtn) { - cuPrintError("CSSM_CL_CertGetAllFields", crtn); - return crtn; - } - - for(i=0; iData == NULL) || - (value->Length != sizeof(CSSM_X509_SIGNED_CRL))) { - printf("***CSSM_CL_CrlGetFirstFieldValue: value error (2)\n"); - return 1; - } - const CSSM_X509_SIGNED_CRL *signedCrl = - (const CSSM_X509_SIGNED_CRL *)value->Data; - printCrlFields(signedCrl, verbose, parser); - - crtn = CSSM_CL_FreeFieldValue(clHand, - &CSSMOID_X509V2CRLSignedCrlCStruct, - value); - if(crtn) { - cuPrintError("CSSM_CL_FreeFieldValue", crtn); - return crtn; - } - return 0; -} - - -void printCertShutdown() -{ - if(clHand != 0) { - CSSM_ModuleDetach(clHand); - } -} diff --git a/CdsaUtils/cuPrintCert.h b/CdsaUtils/cuPrintCert.h deleted file mode 100644 index dfdf7001..00000000 --- a/CdsaUtils/cuPrintCert.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. - * Please obtain a copy of the License at http://www.apple.com/publicsource - * and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights - * and limitations under the License. - */ - -/* - * cuPrintCert.h - text-based cert/CRL parser using CL - */ - -#ifndef _PRINT_CERT_H_ -#define _PRINT_CERT_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* print one field */ -void printCertField( - const CSSM_FIELD &field, - OidParser &parser, - CSSM_BOOL verbose); - -/* parse cert & print it */ -int printCert( - const unsigned char *certData, - unsigned certLen, - CSSM_BOOL verbose); - -/* print parsed CRL */ -void printCrlFields( - const CSSM_X509_SIGNED_CRL *signedCrl, - OidParser &parser); - -/* parse CRL & print it */ -int printCrl( - const unsigned char *crlData, - unsigned crlLen, - CSSM_BOOL verbose); - - -void printCertShutdown(); - -#ifdef __cplusplus -} -#endif - -#endif /* _PRINT_CERT_H_ */ diff --git a/CdsaUtils/cuTimeStr.cpp b/CdsaUtils/cuTimeStr.cpp deleted file mode 100644 index eb630bee..00000000 --- a/CdsaUtils/cuTimeStr.cpp +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * cuTimeStr.cpp - time string routines - */ -#include "cuTimeStr.h" -#include "cuCdsaUtils.h" -#include -#include -#include -#include -#include - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -int cuTimeStringToTm( - const char *str, - unsigned len, - struct tm *tmp) -{ - char szTemp[5]; - unsigned isUtc; - unsigned x; - unsigned i; - char *cp; - - if((str == NULL) || (len == 0) || (tmp == NULL)) { - return 1; - } - - /* tolerate NULL terminated or not */ - if(str[len - 1] == '\0') { - len--; - } - switch(len) { - case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant - isUtc = 1; - break; - case GENERALIZED_TIME_STRLEN: // 4-digit year - isUtc = 0; - break; - default: // unknown format - return 1; - } - - cp = (char *)str; - - /* check that all characters except last are digits */ - for(i=0; i<(len - 1); i++) { - if ( !(isdigit(cp[i])) ) { - return 1; - } - } - - /* check last character is a 'Z' */ - if(cp[len - 1] != 'Z' ) { - return 1; - } - - /* YEAR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - if(!isUtc) { - /* two more digits */ - szTemp[2] = *cp++; - szTemp[3] = *cp++; - szTemp[4] = '\0'; - } - else { - szTemp[2] = '\0'; - } - x = atoi( szTemp ); - if(isUtc) { - /* - * 2-digit year. - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX, though we tolerate - * 70 < year <= 99 : assume century 20 - */ - if(x < 50) { - x += 2000; - } - /* - else if(x < 70) { - return 1; - } - */ - else { - /* century 20 */ - x += 1900; - } - } - /* by definition - tm_year is year - 1900 */ - tmp->tm_year = x - 1900; - - /* MONTH */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* in the string, months are from 1 to 12 */ - if((x > 12) || (x <= 0)) { - return 1; - } - /* in a tm, 0 to 11 */ - tmp->tm_mon = x - 1; - - /* DAY */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* 1..31 in both formats */ - if((x > 31) || (x <= 0)) { - return 1; - } - tmp->tm_mday = x; - - /* HOUR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 23) || (x < 0)) { - return 1; - } - tmp->tm_hour = x; - - /* MINUTE */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_min = x; - - /* SECOND */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_sec = x; - return 0; -} - -#define MAX_TIME_STR_LEN 30 - -static Mutex timeMutex; // protects time(), gmtime() - -char *cuTimeAtNowPlus(int secFromNow, - timeSpec spec) -{ - struct tm utc; - char *outStr; - time_t baseTime; - - timeMutex.lock(); - baseTime = time(NULL); - baseTime += (time_t)secFromNow; - utc = *gmtime(&baseTime); - timeMutex.unlock(); - - outStr = (char *)APP_MALLOC(MAX_TIME_STR_LEN); - - switch(spec) { - case TIME_UTC: - /* UTC - 2 year digits - code which parses this assumes that - * (2-digit) years between 0 and 49 are in century 21 */ - if(utc.tm_year >= 100) { - utc.tm_year -= 100; - } - sprintf(outStr, "%02d%02d%02d%02d%02d%02dZ", - utc.tm_year /* + 1900 */, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_GEN: - sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", - /* note year is relative to 1900, hopefully it'll - * have four valid digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_CSSM: - sprintf(outStr, "%04d%02d%02d%02d%02d%02d", - /* note year is relative to 1900, hopefully it'll have - * four valid digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - } - return outStr; -} - -/* - * Convert a CSSM_X509_TIME, which can be in any of three forms (UTC, - * generalized, or CSSM_TIMESTRING) into a CSSM_TIMESTRING. Caller - * must free() the result. Returns NULL if x509time is badly formed. - */ -char *cuX509TimeToCssmTimestring( - const CSSM_X509_TIME *x509Time, - unsigned *rtnLen) // for caller's convenience -{ - int len = x509Time->time.Length; - const char *inStr = (char *)x509Time->time.Data; - // not NULL terminated! - char *rtn; - - *rtnLen = 0; - if((len == 0) || (inStr == NULL)) { - return NULL; - } - rtn = (char *)malloc(CSSM_TIME_STRLEN + 1); - rtn[0] = '\0'; - switch(len) { - case UTC_TIME_STRLEN: - { - /* infer century and prepend to output */ - char tmp[3]; - int year; - tmp[0] = inStr[0]; - tmp[1] = inStr[1]; - tmp[2] = '\0'; - year = atoi(tmp); - - /* - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX - * 70 < year <= 99 : assume century 20 - */ - if(year < 50) { - /* century 21 */ - strcpy(rtn, "20"); - } - else if(year < 70) { - free(rtn); - return NULL; - } - else { - /* century 20 */ - strcpy(rtn, "19"); - } - memmove(rtn + 2, inStr, len - 1); // don't copy the Z - break; - } - case CSSM_TIME_STRLEN: - memmove(rtn, inStr, len); // trivial case - break; - case GENERALIZED_TIME_STRLEN: - memmove(rtn, inStr, len - 1); // don't copy the Z - break; - - default: - free(rtn); - return NULL; - } - rtn[CSSM_TIME_STRLEN] = '\0'; - *rtnLen = CSSM_TIME_STRLEN; - return rtn; -} - diff --git a/CdsaUtils/cuTimeStr.h b/CdsaUtils/cuTimeStr.h deleted file mode 100644 index 497a51d3..00000000 --- a/CdsaUtils/cuTimeStr.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. - * Please obtain a copy of the License at http://www.apple.com/publicsource - * and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights - * and limitations under the License. - */ - -/* - * cuTimeStr.h = Time string utilities. - */ - -#ifndef _TIME_STR_H_ -#define _TIME_STR_H_ - -#include -#include - -#define UTC_TIME_STRLEN 13 -#define CSSM_TIME_STRLEN 14 /* no trailing 'Z' */ -#define GENERALIZED_TIME_STRLEN 15 - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -int cuTimeStringToTm( - const char *str, - unsigned len, - struct tm *tmp); - -typedef enum { - TIME_UTC, - TIME_CSSM, - TIME_GEN -} timeSpec; - -/* - * Return an APP_MALLOCd time string, specified format and time relative - * to 'now' in seconds. - */ -char *cuTimeAtNowPlus( - int secFromNow, - timeSpec spec); - -/* - * Convert a CSSM_X509_TIME, which can be in any of three forms (UTC, - * generalized, or CSSM_TIMESTRING) into a CSSM_TIMESTRING. Caller - * must free() the result. Returns NULL if x509time is badly formed. - */ -char *cuX509TimeToCssmTimestring( - const CSSM_X509_TIME *x509Time, - unsigned *rtnLen); // for caller's convenience - -#ifdef __cplusplus -} -#endif - -#endif /* _TIME_STR_H_ */ \ No newline at end of file diff --git a/CertTool/CertTool.cpp b/CertTool/CertTool.cpp deleted file mode 100644 index daba8178..00000000 --- a/CertTool/CertTool.cpp +++ /dev/null @@ -1,1581 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: CertTool.cpp - - Description: certificate manipulation tool - - Author: dmitch -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CertUI.h" -#include -#include -#include - -/* - * Workaround flags. - */ - -/* SecKeychainGetCSPHandle implemented? */ -#define SEC_KEYCHAIN_GET_CSP 1 - -/* SecKeyCreatePair() implemented */ -#define SEC_KEY_CREATE_PAIR 1 - -/* munge Label attr if manually generating or importing keys */ -#define MUNGE_LABEL_ATTR 1 - -#define KC_DB_PATH "Library/Keychains" /* relative to home */ - -/* - * defaults for undocumented 'Z' option - */ -#define ZDEF_KEY_LABEL "testCert" -#define ZDEF_KEY_ALG CSSM_ALGID_RSA -#define ZDEF_KEY_SIZE 512 -#define ZDEF_KEY_USAGE (kKeyUseSigning | kKeyUseEncrypting) -#define ZDEF_SIG_ALG CSSM_ALGID_SHA1WithRSA -#define ZDEF_SIG_OID CSSMOID_SHA1WithRSA -#define ZDEF_COMMON_NAME "localhost" -#define ZDEF_ORG_NAME "Apple Computer - DEBUG ONLY" -#define ZDEF_COUNTRY "US" -#define ZDEF_STATE "Washington" -#define ZDEF_CHALLENGE "someChallenge" - - CSSM_BOOL verbose = CSSM_FALSE; - -static void usage(char **argv) -{ - printf("usage:\n"); - printf(" Create a keypair and cert: %s c [options]\n", argv[0]); - printf(" Create a CSR: %s r outFileName [options]\n", - argv[0]); - printf(" Verify a CSR: %s v infileName [options]\n", argv[0]); - printf(" Import a certificate: %s i inFileName [options]\n", argv[0]); - printf(" Display a certificate: %s d inFileName [options]\n", argv[0]); - printf(" Import a CRL: %s I inFileName [options]\n", argv[0]); - printf(" Display a CRL: %s D inFileName [options]\n", argv[0]); - printf(" Display certs and CRLs in keychain: %s y [options]\n", argv[0]); - printf("Options:\n"); - printf(" k=keychainName\n"); - printf(" c (create the keychain)\n"); - printf(" p=passphrase (specify passphrase at keychain creation)\n"); - printf(" o=outFileName (create cert command only)\n"); - printf(" v (verbose)\n"); - printf(" d (infile/outfile in DER format; default is PEM)\n"); - printf(" r=privateKeyFileName (optional; for Import Certificate only)\n"); - printf(" f=[18f] (private key format = PKCS1/PKCS8/FIPS186; default is PKCS1\n" - " (openssl) for RSA, openssl for DSA, PKCS8 for Diffie-Hellman\n"); - #if SEC_KEY_CREATE_PAIR - printf(" a (create key with default ACL)\n"); - #endif - printf(" h(elp)\n"); - exit(1); -} - -static void printError(const char *errDescription,const char *errLocation,OSStatus crtn) -{ - // Show error in text form. If verbose, show location and decimal and hex error values - int len=64+(errLocation?strlen(errLocation):0); - if (verbose) - { - char *buf=(char *)malloc(len); - if (errDescription) - fprintf(stderr,"%s : ",errDescription); - // sprintf(buf," %s : %d [0x%x] : ", errLocation,(int)crtn,(unsigned int)crtn); - // cuPrintError(buf, crtn); - cuPrintError(errLocation, crtn); - free(buf); - } - else - { - if (errDescription) - fprintf(stderr,"%s\n",errDescription); - else - if (errLocation) - fprintf(stderr,"%s\n",errLocation); - else - fprintf(stderr,"Error: %d [0x%x]\n",(int)crtn,(unsigned int)crtn); - } -} - -#if SEC_KEY_CREATE_PAIR -/* - * Generate a key pair using the SecKeyCreatePair. - */ -static OSStatus generateSecKeyPair( - SecKeychainRef kcRef, - CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA - uint32 keySizeInBits, - CU_KeyUsage keyUsage, // CUK_Signing, etc. - CSSM_BOOL verbose, - CSSM_KEY_PTR *pubKeyPtr, // RETURNED, owned by Sec layer - CSSM_KEY_PTR *privKeyPtr, // RETURNED, owned by Sec layer - SecKeyRef *pubSecKey, // caller must release - SecKeyRef *privSecKey) // caller must release -{ - OSStatus ortn; - CSSM_KEYUSE pubKeyUse = 0; - CSSM_KEYUSE privKeyUse = 0; - - if(keyUsage & kKeyUseSigning) { - pubKeyUse |= CSSM_KEYUSE_VERIFY; - privKeyUse |= CSSM_KEYUSE_SIGN; - } - if(keyUsage & kKeyUseEncrypting) { - pubKeyUse |= (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_WRAP); - privKeyUse |= (CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_UNWRAP); - } - ortn = SecKeyCreatePair(kcRef, - keyAlg, keySizeInBits, - 0, // contextHandle - pubKeyUse, - CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_RETURN_REF, - privKeyUse, - CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF | - CSSM_KEYATTR_PERMANENT |CSSM_KEYATTR_EXTRACTABLE, - NULL, // FIXME - initialAccess - pubSecKey, - privSecKey); - if(ortn) { - printError("***Error creating key pair", - "SecKeyCreatePair", ortn); - cuPrintError("", ortn); - return ortn; - } - - /* extract CSSM keys for caller */ - ortn = SecKeyGetCSSMKey(*pubSecKey, const_cast(pubKeyPtr)); - if(ortn) { - printError("***Error extracting public key", - "SecKeyGetCSSMKey", ortn); - cuPrintError("", ortn); - } - else ortn = SecKeyGetCSSMKey(*privSecKey, const_cast(privKeyPtr)); - if(ortn) { - printError("***Error extracting private key", - "SecKeyGetCSSMKey", ortn); - cuPrintError("", ortn); - } - if(ortn) { - CFRelease(*pubSecKey); - *pubSecKey = NULL; - CFRelease(*privSecKey); - *privSecKey = NULL; - } - return ortn; -} -#endif - -/* - * Workaround to manually generate a key pair and munge its DB attributes - * to include the hash of the public key in the private key's Label attr. - */ -#if MUNGE_LABEL_ATTR - -/* - * Find private key by label, modify its Label attr to be the - * hash of the associated public key. - */ -static CSSM_RETURN setPubKeyHash( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - const char *keyLabel) // look up by this -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_DATA labelData; - CSSM_HANDLE resultHand; - - labelData.Data = (uint8 *)keyLabel; - labelData.Length = strlen(keyLabel) + 1; // incl. NULL - query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - predicate.DbOperator = CSSM_DB_EQUAL; - - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = "Label"; - predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - /* hope this cast is OK */ - predicate.Attribute.Value = &labelData; - query.SelectionPredicate = &predicate; - - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used? - - /* build Record attribute with one attr */ - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA attr; - attr.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr.Info.Label.AttributeName = "Label"; - attr.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - recordAttrs.NumberOfAttributes = 1; - recordAttrs.AttributeData = &attr; - - CSSM_DATA recordData = {NULL, 0}; - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - &recordData, - &record); - /* abort only on success */ - if(crtn != CSSM_OK) { - printError("***setPubKeyHash: can't find private key","CSSM_DL_DataGetFirst",crtn); - return crtn; - } - - CSSM_KEY_PTR keyToDigest = (CSSM_KEY_PTR)recordData.Data; - CSSM_DATA_PTR keyDigest = NULL; - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreatePassThroughContext(cspHand, - keyToDigest, - &ccHand); - if(crtn) { - printError("***Error calculating public key hash. Aborting.", - "CSSM_CSP_CreatePassThroughContext", crtn); - return crtn; - } - crtn = CSSM_CSP_PassThrough(ccHand, - CSSM_APPLECSP_KEYDIGEST, - NULL, - (void **)&keyDigest); - if(crtn) { - printError("***Error calculating public key hash. Aborting.", - "CSSM_CSP_PassThrough(PUBKEYHASH)", crtn); - return -1; - } - CSSM_FreeKey(cspHand, NULL, keyToDigest, CSSM_FALSE); - CSSM_DeleteContext(ccHand); - - /* - * Replace Label attr data with hash. - * NOTE: the module which allocated this attribute data - a DL - - * was loaded and attached by the Sec layer, not by us. Thus - * we can't use the memory allocator functions *we* used when - * attaching to the CSPDL - we have to use the ones - * which the Sec layer registered with the DL. - */ - CSSM_API_MEMORY_FUNCS memFuncs; - crtn = CSSM_GetAPIMemoryFunctions(dlDbHand.DLHandle, &memFuncs); - if(crtn) { - printError("***Error ","CSSM_GetAPIMemoryFunctions(DLHandle)",crtn); - /* oh well, leak and continue */ - } - else { - memFuncs.free_func(attr.Value->Data, memFuncs.AllocRef); - memFuncs.free_func(attr.Value, memFuncs.AllocRef); - } - attr.Value = keyDigest; - - /* modify key attributes */ - crtn = CSSM_DL_DataModify(dlDbHand, - CSSM_DL_DB_RECORD_PRIVATE_KEY, - record, - &recordAttrs, - NULL, // DataToBeModified - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - if(crtn) { - printError("***Error setting public key hash. Aborting.", - "CSSM_DL_DataModify(PUBKEYHASH)", crtn); - return crtn; - } - crtn = CSSM_DL_DataAbortQuery(dlDbHand, resultHand); - if(crtn) { - printError("***Error while stopping query", - "CSSM_DL_DataAbortQuery", crtn); - /* let's keep going in this case */ - } - crtn = CSSM_DL_FreeUniqueRecord(dlDbHand, record); - if(crtn) { - printError("***Error while freeing record", - "CSSM_DL_FreeUniqueRecord", crtn); - /* let's keep going in this case */ - crtn = CSSM_OK; - } - - /* free resources */ - cuAppFree(keyDigest->Data, NULL); - return CSSM_OK; -} -#endif /* MUNGE_LABEL_ATTR */ - -/* - * Generate a key pair using the CSPDL. - */ -static OSStatus generateKeyPair( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA - uint32 keySizeInBits, - const char *keyLabel, // C string - CU_KeyUsage keyUsage, // CUK_Signing, etc. - CSSM_BOOL verbose, - CSSM_KEY_PTR *pubKeyPtr, // mallocd, created, RETURNED - CSSM_KEY_PTR *privKeyPtr) // mallocd, created, RETURNED -{ - CSSM_KEY_PTR pubKey = reinterpret_cast( - APP_MALLOC(sizeof(CSSM_KEY))); - CSSM_KEY_PTR privKey = reinterpret_cast( - APP_MALLOC(sizeof(CSSM_KEY))); - if((pubKey == NULL) || (privKey == NULL)) { - return memFullErr; - } - - CSSM_RETURN crtn; - CSSM_KEYUSE pubKeyUse = 0; - CSSM_KEYUSE privKeyUse = 0; - - if(keyUsage & kKeyUseSigning) { - pubKeyUse |= CSSM_KEYUSE_VERIFY; - privKeyUse |= CSSM_KEYUSE_SIGN; - } - if(keyUsage & kKeyUseEncrypting) { - pubKeyUse |= (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_WRAP); - privKeyUse |= (CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_UNWRAP); - } - - crtn = cuCspGenKeyPair(cspHand, - &dlDbHand, - keyAlg, - keyLabel, - strlen(keyLabel) + 1, - keySizeInBits, - pubKey, - pubKeyUse, - CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF, - privKey, - privKeyUse, - CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | - CSSM_KEYATTR_EXTRACTABLE); - if(crtn) { - APP_FREE(pubKey); - APP_FREE(privKey); - return paramErr; - } - if(verbose) { - printf("...%u bit key pair generated.\n", - (unsigned)keySizeInBits); - } - - #if MUNGE_LABEL_ATTR - /* bind private key to cert by public key hash */ - crtn = setPubKeyHash(cspHand, - dlDbHand, - keyLabel); - if(crtn) { - printError("***Error setting public key hash. Continuing at peril.", - "setPubKeyHash", crtn); - } - #endif /* MUNGE_LABEL_ATTR */ - - *pubKeyPtr = pubKey; - *privKeyPtr = privKey; - return noErr; -} - -static OSStatus verifyCsr( - CSSM_CL_HANDLE clHand, - const char *fileName, - CSSM_BOOL pemFormat) -{ - unsigned char *csr = NULL; - unsigned csrLen; - CSSM_DATA csrData; - unsigned char *der = NULL; - unsigned derLen = 0; - - if(readFile(fileName, &csr, &csrLen)) { - printf("***Error reading CSR from file %s. Aborting.\n", - fileName); - return ioErr; - } - if(pemFormat) { - int rtn = pemDecode(csr, csrLen, &der, &derLen); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", fileName); - return ioErr; - } - csrData.Data = der; - csrData.Length = derLen; - } - else { - csrData.Data = csr; - csrData.Length = csrLen; - } - - CSSM_RETURN crtn = CSSM_CL_PassThrough(clHand, - 0, // CCHandle - CSSM_APPLEX509CL_VERIFY_CSR, - &csrData, - NULL); - if(crtn) { - printError("***Error verifying CSR","Verify CSR",crtn); - } - else { - printf("...CSR verified successfully.\n"); - } - if(der) { - free(der); - } - if(csr) { - free(csr); - } - return crtn; -} - -typedef enum { - CC_Cert, - CC_CRL -} CertOrCrl; - -static OSStatus displayCertCRL( - const char *fileName, - CSSM_BOOL pemFormat, - CertOrCrl certOrCrl, - CSSM_BOOL verbose) -{ - unsigned char *rawData = NULL; - unsigned rawDataSize; - unsigned char *derData = NULL; - unsigned derDataSize; - int rtn; - - rtn = readFile(fileName, &rawData, &rawDataSize); - if(rtn) { - printf("Error reading %s; aborting.\n", fileName); - return ioErr; - } - if(pemFormat && isPem(rawData, rawDataSize)) { - /* - * Here we cut the user some slack. See if the thing is actually - * PEM encoded and assume DER-encoded if it's not. - */ - rtn = pemDecode(rawData, rawDataSize, &derData, &derDataSize); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", fileName); - return ioErr; - } - rawData = derData; - rawDataSize = derDataSize; - } - if(certOrCrl == CC_Cert) { - printCert(rawData, rawDataSize, verbose); - } - else { - printCrl(rawData, rawDataSize, verbose); - } - if(derData != NULL) { - free(derData); - } - return noErr; -} - -static CSSM_RETURN importPrivateKey( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CSP_HANDLE cspHand, - const char *privKeyFileName, - CSSM_ALGORITHMS keyAlg, - CSSM_BOOL pemFormat, // of the file - CSSM_KEYBLOB_FORMAT keyFormat) // of the key blob itself, NONE means use - // default -{ - unsigned char *derKey = NULL; - unsigned derKeyLen; - unsigned char *pemKey = NULL; - unsigned pemKeyLen; - CSSM_KEY wrappedKey; - CSSM_KEY unwrappedKey; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHand = 0; - CSSM_RETURN crtn; - CSSM_DATA labelData; - CSSM_KEYHEADER_PTR hdr = &wrappedKey.KeyHeader; - CSSM_DATA descData = {0, NULL}; - CSSM_CSP_HANDLE rawCspHand = 0; - const char *privKeyLabel = NULL; - - /* - * Validate specified format for clarity - */ - switch(keyAlg) { - case CSSM_ALGID_RSA: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***RSA Private key must be in PKCS1 or PKCS8 format\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported RSA key"; - break; - case CSSM_ALGID_DSA: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_OPENSSL; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***DSA Private key must be in openssl, FIPS186, " - "or PKCS8 format\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported DSA key"; - break; - case CSSM_ALGID_DH: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***Diffie-Hellman Private key must be in PKCS8 format.\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported Diffie-Hellman key"; - break; - } - if(readFile(privKeyFileName, &pemKey, &pemKeyLen)) { - printf("***Error reading private key from file %s. Aborting.\n", - privKeyFileName); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - /* subsequent errors to done: */ - if(pemFormat) { - int rtn = pemDecode(pemKey, pemKeyLen, &derKey, &derKeyLen); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", privKeyFileName); - crtn = CSSMERR_CSP_INVALID_KEY; - goto done; - } - } - else { - derKey = pemKey; - derKeyLen = pemKeyLen; - } - - /* importing a raw key into the CSPDL involves a NULL unwrap */ - memset(&unwrappedKey, 0, sizeof(CSSM_KEY)); - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - - /* set up the imported key to look like a CSSM_KEY */ - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->AlgorithmId = keyAlg; - hdr->KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_ANY; - hdr->Format = keyFormat; - wrappedKey.KeyData.Data = derKey; - wrappedKey.KeyData.Length = derKeyLen; - - /* get key size in bits from raw CSP */ - rawCspHand = cuCspStartup(CSSM_TRUE); - if(rawCspHand == 0) { - printf("***Error attaching to CSP. Aborting.\n"); - crtn = CSSMERR_CSSM_INTERNAL_ERROR; - goto done; - } - CSSM_KEY_SIZE keySize; - crtn = CSSM_QueryKeySizeInBits(rawCspHand, NULL, &wrappedKey, &keySize); - if(crtn) { - printError("***Error finding size of key","CSSM_QueryKeySizeInBits",crtn); - goto done; - } - hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, // unwrapAlg - CSSM_ALGMODE_NONE, // unwrapMode - &creds, - NULL, // unwrappingKey - NULL, // initVector - CSSM_PADDING_NONE, // unwrapPad - 0, // Params - &ccHand); - if(crtn) { - printError("***Error creating context","CSSM_CSP_CreateSymmetricContext",crtn); - goto done; - } - - /* add DL/DB to context */ - CSSM_CONTEXT_ATTRIBUTE newAttr; - newAttr.AttributeType = CSSM_ATTRIBUTE_DL_DB_HANDLE; - newAttr.AttributeLength = sizeof(CSSM_DL_DB_HANDLE); - newAttr.Attribute.Data = (CSSM_DATA_PTR)&dlDbHand; - crtn = CSSM_UpdateContextAttributes(ccHand, 1, &newAttr); - if(crtn) { - printError("***Error updating context attributes","CSSM_UpdateContextAttributes",crtn); - goto done; - } - - /* do the NULL unwrap */ - labelData.Data = (uint8 *)privKeyLabel; - labelData.Length = strlen(privKeyLabel) + 1; - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - &wrappedKey, - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE | - CSSM_KEYATTR_EXTRACTABLE, - &labelData, - NULL, // CredAndAclEntry - &unwrappedKey, - &descData); // required - if(crtn != CSSM_OK) { - cuPrintError("CSSM_UnwrapKey", crtn); - goto done; - } - - /* one more thing: bind this private key to its public key */ - crtn = setPubKeyHash(cspHand, dlDbHand, privKeyLabel); - - /* We don't need the unwrapped key any more */ - CSSM_FreeKey(cspHand, - NULL, // access cred - &unwrappedKey, - CSSM_FALSE); // delete - -done: - if(ccHand) { - CSSM_DeleteContext(ccHand); - } - if(derKey) { - free(derKey); - } - if(pemFormat && pemKey) { - free(pemKey); - } - if(rawCspHand) { - CSSM_ModuleDetach(rawCspHand); - } - return crtn; -} - -static OSStatus importCert( - SecKeychainRef kcRef, - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CSP_HANDLE cspHand, - CSSM_CL_HANDLE clHand, - const char *fileName, - const char *privKeyFileName, // optional for importing priv key - CSSM_BOOL pemFormat, // format of files - CSSM_KEYBLOB_FORMAT privKeyFormat) // optional format of priv key -{ - unsigned char *cert = NULL; - unsigned certLen; - CSSM_DATA certData; - unsigned char *der = NULL; - unsigned derLen = 0; - - if(readFile(fileName, &cert, &certLen)) { - printf("***Error reading certificate from file %s. Aborting.\n", - fileName); - return ioErr; - } - if(pemFormat) { - int rtn = pemDecode(cert, certLen, &der, &derLen); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", fileName); - return ioErr; - } - certData.Data = der; - certData.Length = derLen; - } - else { - certData.Data = cert; - certData.Length = certLen; - } - - SecCertificateRef certRef; - OSStatus ortn = SecCertificateCreateFromData( - &certData, - CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_DER, - &certRef); - if(ortn) { - printError("***Error creating certificate","SecCertificateCreateFromData",ortn); - cuPrintError("", ortn); - return ortn; - } - ortn = SecCertificateAddToKeychain(certRef, kcRef); - if(ortn) { - printError("***Error adding certificate to keychain","SecCertificateAddToKeychain",ortn); - return ortn; - } - - if(privKeyFileName) { - /* Importing private key requires algorithm, from cert */ - CSSM_RETURN crtn; - CSSM_KEY_PTR pubKey; - crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, &pubKey); - if(crtn) { - printError("***Error obtaining public key from cert. Aborting","CSSM_CL_CertGetKeyInfo",crtn); - return crtn; - } - crtn = importPrivateKey(dlDbHand, cspHand, privKeyFileName, - pubKey->KeyHeader.AlgorithmId, pemFormat, privKeyFormat); - if(crtn) { - printError("***Error importing private key. Aborting","importPrivateKey",crtn); - return crtn; - } - /* this was mallocd by the CL */ - cuAppFree(pubKey->KeyData.Data, NULL); - cuAppFree(pubKey, NULL); - } - printf("...certificate successfully imported.\n"); - if(der) { - free(der); - } - if(cert) { - free(cert); - } - return noErr; -} - -static OSStatus importCRL( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - const char *fileName, - CSSM_BOOL pemFormat) -{ - unsigned char *crl = NULL; - unsigned crlLen; - CSSM_DATA crlData; - unsigned char *der = NULL; - unsigned derLen = 0; - - if(readFile(fileName, &crl, &crlLen)) { - printf("***Error reading CRL from file %s. Aborting.\n", - fileName); - return ioErr; - } - if(pemFormat) { - int rtn = pemDecode(crl, crlLen, &der, &derLen); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", fileName); - return ioErr; - } - crlData.Data = der; - crlData.Length = derLen; - } - else { - crlData.Data = crl; - crlData.Length = crlLen; - } - CSSM_RETURN crtn = cuAddCrlToDb(dlDbHand, clHand, &crlData, NULL); - if(crtn) { - printError("***Error adding CRL to keychain. Aborting","cuAddCrlToDb",crtn); - } - else { - printf("...CRL successfully imported.\n"); - } - if(der) { - free(der); - } - if(crl) { - free(crl); - } - return noErr; -} - -static OSStatus createCertCsr( - CSSM_BOOL createCsr, // true: CSR, false: Cert - CSSM_TP_HANDLE tpHand, // eventually, a SecKeychainRef - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR subjPubKey, - CSSM_KEY_PTR signerPrivKey, - CSSM_ALGORITHMS sigAlg, - const CSSM_OID *sigOid, - CU_KeyUsage keyUsage, // kKeyUseSigning, etc. - /* - * Issuer's RDN is obtained from the issuer cert, if present, or is - * assumed to be the same as the subject name (i.e., we're creating - * a self-signed root cert). - */ - const CSSM_DATA *issuerCert, - CSSM_BOOL useAllDefaults, - CSSM_DATA_PTR certData) // cert or CSR: mallocd and RETURNED -{ - CE_DataAndType exts[2]; - CE_DataAndType *extp = exts; - unsigned numExts; - - CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest - CSSM_APPLE_TP_CERT_REQUEST certReq; - CSSM_TP_REQUEST_SET reqSet; - sint32 estTime; - CSSM_BOOL confirmRequired; - CSSM_TP_RESULT_SET_PTR resultSet; - CSSM_ENCODED_CERT *encCert; - CSSM_APPLE_TP_NAME_OID subjectNames[MAX_NAMES]; - uint32 numNames; - CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext; - CSSM_FIELD policyId; - - /* Note a lot of the CSSM_APPLE_TP_CERT_REQUEST fields are not - * used for the createCsr option, but we'll fill in as much as is practical - * for either case. - */ - if(issuerCert != NULL) { - printf("createCertCsr: issuerCert not implemented\n"); - return unimpErr; - } - - numExts = 0; - - char challengeBuf[400]; - if(createCsr) { - if(useAllDefaults) { - strcpy(challengeBuf, ZDEF_CHALLENGE); - } - else { - while(1) { - getStringWithPrompt("Enter challenge string: ", - challengeBuf, sizeof(challengeBuf)); - if(challengeBuf[0] != '\0') { - break; - } - } - } - certReq.challengeString = challengeBuf; - } - else { - /* creating cert */ - certReq.challengeString = NULL; - - /* KeyUsage extension */ - extp->type = DT_KeyUsage; - extp->critical = CSSM_FALSE; - extp->extension.keyUsage = 0; - if(keyUsage & kKeyUseSigning) { - extp->extension.keyUsage |= - (CE_KU_DigitalSignature | CE_KU_KeyCertSign); - } - if(keyUsage & kKeyUseEncrypting) { - extp->extension.keyUsage |= - (CE_KU_KeyEncipherment | CE_KU_DataEncipherment); - } - extp++; - numExts++; - - /* BasicConstraints */ - extp->type = DT_BasicConstraints; - extp->critical = CSSM_TRUE; - extp->extension.basicConstraints.cA = CSSM_TRUE; - extp->extension.basicConstraints.pathLenConstraintPresent = CSSM_FALSE; - extp++; - numExts++; - } - - /* name array, get from user. */ - if(useAllDefaults) { - subjectNames[0].string = ZDEF_COMMON_NAME; - subjectNames[0].oid = &CSSMOID_CommonName; - subjectNames[1].string = ZDEF_ORG_NAME; - subjectNames[1].oid = &CSSMOID_OrganizationName; - subjectNames[2].string = ZDEF_COUNTRY; - subjectNames[2].oid = &CSSMOID_CountryName; - subjectNames[3].string = ZDEF_STATE; - subjectNames[3].oid = &CSSMOID_StateProvinceName; - numNames = 4; - } - else { - getNameOids(subjectNames, &numNames); - } - - /* certReq */ - certReq.cspHand = cspHand; - certReq.clHand = clHand; - certReq.serialNumber = 0x12345678; // TBD - random? From user? - certReq.numSubjectNames = numNames; - certReq.subjectNames = subjectNames; - - /* TBD - if we're passed in a signing cert, certReq.issuerNameX509 will - * be obtained from that cert. For now we specify "self-signed" cert - * by not providing an issuer name at all. */ - certReq.numIssuerNames = 0; // root for now - certReq.issuerNames = NULL; - certReq.issuerNameX509 = NULL; - certReq.certPublicKey = subjPubKey; - certReq.issuerPrivateKey = signerPrivKey; - certReq.signatureAlg = sigAlg; - certReq.signatureOid = *sigOid; - certReq.notBefore = 0; // TBD - from user - certReq.notAfter = 60 * 60 * 24 * 30; // seconds from now - certReq.numExtensions = numExts; - certReq.extensions = exts; - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - - /* a CSSM_TP_CALLERAUTH_CONTEXT to specify an OID */ - memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - memset(&policyId, 0, sizeof(CSSM_FIELD)); - if(createCsr) { - policyId.FieldOid = CSSMOID_APPLE_TP_CSR_GEN; - } - else { - policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN; - } - CallerAuthContext.Policy.NumberOfPolicyIds = 1; - CallerAuthContext.Policy.PolicyIds = &policyId; - - #if SEC_KEY_CREATE_PAIR - /* from SUJag */ - CssmClient::AclFactory factory; - CallerAuthContext.CallerCredentials = - const_cast(factory.promptCred()); - #endif /* SEC_KEY_CREATE_PAIR */ - - CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tpHand, - NULL, // PreferredAuthority - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - &reqSet, - &CallerAuthContext, - &estTime, - &refId); - - /* before proceeding, free resources allocated thus far */ - if(!useAllDefaults) { - freeNameOids(subjectNames, numNames); - } - - if(crtn) { - printError("***Error submitting credential request","CSSM_TP_SubmitCredRequest",crtn); - return crtn; - } - crtn = CSSM_TP_RetrieveCredResult(tpHand, - &refId, - NULL, // CallerAuthCredentials - &estTime, - &confirmRequired, - &resultSet); - if(crtn) { - printError("***Error retreiving credential request","CSSM_TP_RetrieveCredResult",crtn); - return crtn; - } - if(resultSet == NULL) { - printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n"); - return ioErr; - } - encCert = (CSSM_ENCODED_CERT *)resultSet->Results; - *certData = encCert->CertBlob; - - /* free resources allocated by TP */ - APP_FREE(refId.Data); - APP_FREE(encCert); - APP_FREE(resultSet); - return noErr; -} - -/* dump all certs & CRLs in a DL/DB */ -static OSStatus dumpCrlsCerts( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - CSSM_BOOL verbose) -{ - CSSM_RETURN crtn; - unsigned numItems; - - crtn = cuDumpCrlsCerts(dlDbHand, clHand, CSSM_TRUE, numItems, verbose); - if(crtn && (crtn != CSSMERR_DL_INVALID_RECORDTYPE)) { - /* invalid record type just means "this hasn't been set up - * for certs yet". */ - return noErr; - } - printf("...%u certificates found\n", numItems); - crtn = cuDumpCrlsCerts(dlDbHand, clHand, CSSM_FALSE, numItems, verbose); - if(crtn && (crtn != CSSMERR_DL_INVALID_RECORDTYPE)) { - /* invalid record type just means "this hasn't been set up - * for CRLs yet". */ - return noErr; - } - printf("...%u CRLs found\n", numItems); - return noErr; -} - - -typedef enum { - CO_Nop, - CO_CreateCert, - CO_CreateCSR, - CO_VerifyCSR, - CO_ImportCert, - CO_DisplayCert, - CO_ImportCRL, - CO_DisplayCRL, - CO_DumpDb // display certs & CRLs from a DB -} CertOp; - -int realmain (int argc, char **argv) -{ - SecKeychainRef kcRef = nil; - char kcPath[MAXPATHLEN + 1]; - UInt32 kcPathLen = MAXPATHLEN + 1; - CSSM_BOOL createKc = CSSM_FALSE; - OSStatus ortn; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_TP_HANDLE tpHand = 0; - CSSM_CL_HANDLE clHand = 0; - CSSM_KEY_PTR pubKey; - CSSM_KEY_PTR privKey; - int arg; - char *argp; - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS sigAlg; - const CSSM_OID *sigOid; - CSSM_DATA certData = {0, NULL}; - CSSM_RETURN crtn; - CU_KeyUsage keyUsage = 0; - bool isRoot; - CSSM_DATA keyLabel; - CSSM_BOOL createCsr = CSSM_FALSE; // else create cert - int optArgs = 0; - UInt32 pwdLen = 0; - Boolean promptUser = true; - char *allocdPassPhrase = NULL; - OSStatus ourRtn = noErr; - - /* command line arguments */ - char *fileName = NULL; - CSSM_BOOL pemFormat = CSSM_TRUE; - CertOp op = CO_Nop; - uint32 keySizeInBits; - char *kcName = NULL; - CSSM_BOOL useAllDefaults = CSSM_FALSE; // undoc'd cmd option - char *passPhrase = NULL; - const char *privKeyFileName = NULL; // optional openssl-style private key - CSSM_KEYBLOB_FORMAT privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - #if SEC_KEY_CREATE_PAIR - SecKeyRef pubSecKey = NULL; - SecKeyRef privSecKey = NULL; - #endif - CSSM_BOOL useSecKey = CSSM_FALSE; // w/default ACL - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'c': - op = CO_CreateCert; - optArgs = 2; - break; - case 'r': - if(argc < 3) { - usage(argv); - } - op = CO_CreateCSR; - createCsr = CSSM_TRUE; - fileName = argv[2]; - optArgs = 3; - break; - case 'v': - if(argc < 3) { - usage(argv); - } - op = CO_VerifyCSR; - fileName = argv[2]; - optArgs = 3; - break; - case 'i': - if(argc < 3) { - usage(argv); - } - optArgs = 3; - op = CO_ImportCert; - fileName = argv[2]; - break; - case 'd': - if(argc < 3) { - usage(argv); - } - op = CO_DisplayCert; - fileName = argv[2]; - optArgs = 3; - break; - case 'I': - if(argc < 3) { - usage(argv); - } - optArgs = 3; - op = CO_ImportCRL; - fileName = argv[2]; - break; - case 'D': - if(argc < 3) { - usage(argv); - } - op = CO_DisplayCRL; - fileName = argv[2]; - optArgs = 3; - break; - case 'y': - op = CO_DumpDb; - optArgs = 2; - break; - default: - usage(argv); - } - for(arg=optArgs; arg CertTool.html

CertTool

Last Update 10/10/02

Table Of Contents

1. Introduction
2. Generating a Self-Signed Certificate
3. Generating a Certificate Signing Request (CSR)
4. Verifying a CSR
5. Importing a Certificate from a Certificate Authority
6. Displaying a Certificate
7. Certificate Authorities and CSRs
8. Importing a CRL
9. Displaying a CRL

1. Introduction

CertTool is a UNIX command-line program which is used to create key pairs, certificates, and certificate signing requests; to import externally generated certificates into a Keychain, and to display the contents of certificates. Currently. the primary use of CertTool is to perform the certificate-related administration required to configure an SSL server based on Mac OS X's SecureTransport library. Each supported CertTool operation is described below in detail.

The reader of this document, and the user of CertTool, is assumed to be familiar with the following:

  • General principles of public key cryptography
  • The concepts of certificates and trust
  • General operation of the Secure Socket Layer (SSL) protocol
  • General operation of the Mac OS X Keychain
  • The Mac OS X SecureTransport library
No programming knowledge is assumed or required. An excellent primer on the topics of public key cryptography, certificates, and SSL can be found at http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html.

Note: in all examples of usage of the command line tool which follow, the user's input is shown in bold. Running CertTool with no command-line arguments results in usage info being displayed.
 

2. Generating a Self-Signed Certificate

This command generates a key pair and a self-signed (root) certificate and places them in a keychain. The root cert is signed by the private key generated during this command. The cert generated by this command is totally untrustworth and cannot be used in the "real world"; the primary use of this command is to facilitate early development of SSL server applications based on SecureTransport. In particular, "real world" SSL clients (e.g., web browsers) will complain to varying degrees when they attempt to connect to an SSL server which presents a cert which is generated by this command. Some broswers, after a fair amount of handholding, will allow you to conditionally "trust" this cert.

The format of this command is

# CertTool c [options]

The available options are:

k=keyChainName
Where "KeyChainName" is the name of the keychain into which keys and the cert will be added. If no keychain is specified, keys and certs are added to the default keychain. The specified keychain must exist unless you specify the 'c' option.
c
Specifies that the designated keychain is to be created.
This an interactive command; you will be prompted for a number of different items which are used to generate the keypair and the cert. A sample sesion follows.
 
# CertTool k=certkc
Enter key and certificate label: testCert

Please specify parameters for the key pair you will generate.

  r  RSA
  d  DSA
  f  FEE

Select key algorithm by letter: r

Valid key sizes for RSA are 512..2048; default is 512
Enter key size in bits or CR for default: 512

You have selected algorithm RSA, key size 512 bits.
OK (y/anything)? y
Enter cert/key usage (s=signing, b=signing AND encrypting): b
...Generating key pair...

<<Note: you will be prompted for the Keychain's passphrase by the Keychain system at this point if the specified keychain is not open.>>

Please specify the algorithm with which your certificate will be signed.

  5  RSA with MD5
  s  RSA with SHA1

Select signature algorithm by letter: s

You have selected algorithm RSA with SHA1.
OK (y/anything)? y
...creating certificate...

You will now specify the various components of the certificate's
Relative Distinguished Name (RDN). An RDN has a number of
components, all of which are optional, but at least one of
which must be present.

Note that if you are creating a certificate for use in an
SSL/TLS server, the Common Name component of the RDN must match
exactly the host name of the server. This must not be an IP
address, but the actual domain name, e.g. www.apple.com.

Entering a CR for a given RDN component results in no value for
that component.

Common Name       (e.g, www.apple.com) : 10.0.61.5
Country                  (e.g, US) :
Organization            (e.g, Apple Computer, Inc.) : Apple
Organization Unit     (e.g, Apple Data Security) :
State/Province          (e.g., California) : California

You have specified:
  Common Name       : 10.0.61.5
  Organization            : Apple
  State/Province         : California
Is this OK (y/anything)? y
..cert stored in Keychain.
#

The "Common Name" portion of the RDN - in the above case, "10.0.61.5" - MUST match the host name of the machine you'll running sslServer on. (In this case the test machine doesn't have an actual hostname; it's DHCP'd behind a firewall which is why "10.0.61.5" was specified for Common Name.) This is part of SSL's certificate verification; it prevents an attack using DNS spoofing.

A brief note about cert/key usage: the normal configuration of SecureTransport is that the server cert specified in SSLSetCertificate() is capable of both signing and encryption. If this cert is only capable of signing, then you must create a second keychain ontaining a cert which is capable of encryption, and pass that to SSLSetEncryptionCertificate().
 
 

3. Generating a Certificate Signing Request (CSR)

A CSR is the standard means by which an administrator of a web server provides information to a Certificate Authority (CA) in order to obtain a valid certificate which is signed by the CA. This type of cert is used in the real world; certs signed by CAs such as Verisign or Thawte are recognized by all web browsers when performing SSL transactions.

The general procedure for obtaining a "real" cert is:
 

  • Generate a key pair
  • Generate a CSR
  • Provide the CSR and some other information and/or documentation to the CA
  • CA sends you a certificate which is signed by the CA.
  • You import that certificate, obtained from the CA, into your keychain. The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate() call.
This command performs the first two steps in the above procedure. See Section 5 for information on importing the resulting certificate into your keychain.

The format of this command is

# CertTool r outFileName [options]

The resulting CSR will be written to "outFileName".

The available options are:

k=keyChainName

Where "KeyChainName" is the name of the keychain into which keys and the cert will be added. If no keychain is specified, keys and certs are added to the default keychain. The specified keychain must exist unless you specify the 'c' option.
d
The 'd' option tells CertTool to create the CSR in DER-encoded format. The default is PEM-encoded, which is what most CAs expect. PEM encoded data consists of printable ASCII text which can, for example, be pasted into an email message. DER-encoded data is nonprintable binary data.
c
Specifies that the designated keychain is to be created.
This an interactive command; you will be prompted for a number of different items which are used to generate the keypair and the CSR. The prompts given, and the format of the data you must supply, are identical to the data shown in the sample session in Section 2.

See Section 7 for more information on using CSRs and about CAs.
 
 

4. Verifying a CSR

A CSR contains, among other things, the public key which was generated in Section 3. The CSR is signed with the associated private key. Thus the inteegrity of a CSR can be verified by extracting its public key and verifying the signature of the CSR. This command performs this integrity check.

The format of this command is

# CertTool v inFileName [options]

The resulting CSR will be written to "outFileName".

The only available option is the 'd' flag, which as described in Section 3, indiciates that the CSR is in DER format rather than the default PEM format.

A typical (successful) run of this command is like so:

# CertTool v myCsr.pem
...CSR verified successfully.

A large number of things can go wrong of the verification fails; suffice it to say that if you see anything other than the above success message, you have a bad or corrupted CSR.
 

 

5. Importing a Certificate from a Certificate Authority

Once you have negotiated with your CA, and provided them with the CSR generated in Section 3 as well as any other information, documentation, and payment thay require, the CA will provide you with a certificate. Use this command to add that certificate to the keychain containing the keypair you generated in Section 3

The format of this command is

# CertTool i inFileName  [options]

The cert to import is obtained from "inFileName".

The available options are:

k=keyChainName

Where "KeyChainName" is the name of the keychain to which the cert will be added. If no keychain is specified, the cert is added to the default keychain. The specified keychain should contain the keypair you generated in Section 3. (Note you can import a certificate into a keychain which does not contain keys you generated but there will be no linkage between the imported certificate and a private key if you do this.) If the keychain is not open when this command is executed, you will be prompted by the Keychain system for its passphrase.
d
Specifies DER format as described above. The default is PEM format.

c
Specifies that the designated keychain is to be created.

6. Displaying a Certificate

This displays the contents of an existing certificate, obtained from a file.

The format of this command is

# CertTool d inFileName [options]

The cert to display is obtained from "inFileName".

The only available option is the 'd' flag, specifying DER format as described above. The default is PEM format
 

7. Certificate Authorities and CSRs

As mentioned above, the general procedure for obtaining a "real" cert is:
  • Generate a key pair
  • Generate a CSR
  • Provide the CSR and some other information and/or documentation to the CA
  • CA sends you a certificate which is signed by the CA.
  • You import that certificate, obtained from the CA, into your keychain. The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate() call.
One CA with an excellent web-based interface for obtaining a cert is Verisign (http://www.verisign.com/products/site/index.html). You can get a free 14-day trial certificate using nothing but CertTool, Verisign's web site, and email. You need to provide some personal information; then you paste in the CSR generated in Section 3 into a form on the web site. A few minutes later Verisign emails you a certificate, which you import into your keychain per Section 5.  The whole process takes less than 10 minutes. The free certificate obtained in this manner is signed by a temporary root cert which is not recognized by any browsers, but Verisign also provides a measn of installing this temporary root cert into your browser, directly from their web site. Typically one would use the free, temporary cert to perform initial configuration of a server and to ring out the general SSL infrastructure. Once you feel comfortable with the operation of the server, then it's time to buy a "real" certificate which will allow your web server to be recognized by any browser.

Thawte has a similar, very friendly service at http://www.thawte.com/.

Note that, for early web server development and/or testing, you can skip the entire procedure described above and just generate your own self-signed root cert as described in section 1. No CA is involved; no CSR is generated; no cert needs to be imported - CertTool generates a cert for you and immediately adds it to your keychain. Bear in mind that this option requires tolerance of the various SSL clients you'll be testing with, none of whom recognize your root cert.
 

5. Importing a CRL

This command is used to add a Certificate Revocation List (CRL) to a keychain.

The format of this command is

# CertTool I inFileName [options]

The CRL to import is obtained from "inFileName". 

The available options are:

k=keyChainName

Where "KeyChainName" is the name of the keychain to which the CRL will be added. If no keychain is specified, the cert is added to the default keychain.  If the keychain is not open when this command is executed, you will be prompted by the Keychain system for its passphrase.
d
Specifies DER format as described above. The default is PEM format.
c
Specifies that the designated keychain is to be created.


6. Displaying a CRL

This displays the contents of an existing Certificate Revocation List (CRL) , obtained from a file.

The format of this command is

# CertTool D inFileName [options]

The cert to display is obtained from "inFileName".

The only available option is the 'd' flag, specifying DER format as described above. The default is PEM format
 


\ No newline at end of file diff --git a/CertTool/CertUI.cpp b/CertTool/CertUI.cpp deleted file mode 100644 index 00c117ec..00000000 --- a/CertTool/CertUI.cpp +++ /dev/null @@ -1,447 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: CertUI.cpp - - Description: stdio-based routines to get cert info from user. - - Author: dmitch -*/ - -#include "CertUI.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -void showError( - OSStatus ortn, - const char *errStr) -{ - printf("%s returned %d\n", errStr, (int)ortn); -} - - -/* - * Safe gets(). - * -- guaranteed no buffer overflow - * -- guaranteed NULL-terminated string - * -- handles empty string (i.e., response is just CR) properly - */ -void getString( - char *buf, - unsigned bufSize) -{ - unsigned dex; - char c; - char *cp = buf; - - for(dex=0; dexdescription, nameOidIn->example); - fflush(stdout); - getString(resp, sizeof(resp)); - if(resp[0] != '\0') { - unsigned len = strlen(resp) + 1; - nameOidOut->string = (char *)malloc(len); - strcpy((char *)nameOidOut->string, resp); - nameOidOut->oid = nameOidIn->oid; - nameOidOut++; - outNames++; - } - } - if(outNames == 0) { - printf("\nYou must enter at least one value RDN component.\n\n"); - continue; - } - printf("\nYou have specified:\n"); - for(dex=0; dexoid), nameOidOut->string); - } - getStringWithPrompt("Is this OK (y/anything)? ", resp, sizeof(resp)); - if(resp[0] == 'y') { - ok = true; - break; - } - } - *numNames = outNames; -} - -/* - * Free strings mallocd in getNameOids. - */ -void freeNameOids( - CSSM_APPLE_TP_NAME_OID *subjectNames, - uint32 numNames) -{ - for(unsigned i=0; i 2048) { - return false; - } - return true; -} - -static bool dsaKeySizeVerify( - unsigned keySize) -{ - return((keySize >= 512) & (keySize <= 2048)); -} - -static bool feeKeySizeVerify( - unsigned keySize) -{ - switch(keySize) { - case 128: - case 161: - case 192: - return true; - default: - return false; - } -} - -typedef bool (*keySizeVerifyFcn)(unsigned keySize); - -/* map between algorithms, string, char selector, OID */ -typedef struct _AlgInfo { - CSSM_ALGORITHMS alg; - char *str; - char selector; - const CSSM_OID *oid; // only for signatures - uint32 defaultKeySize; // only for keys - char *keyRangeString; // only for keys - const struct _AlgInfo *sigAlgInfo; // only for keys - keySizeVerifyFcn vfyFcn; // only for keys -} AlgInfo; - -/* - * Note: CSSM_ALGID_MD2WithRSA does not work due to an inimplemented - * Security Server feature. Even though CSP nad CL support this, we - * don't really want to provide this capability anyway - it's a known - * insecure digest algorithm. - */ -static const AlgInfo rsaSigAlgInfo[] = -{ - { CSSM_ALGID_MD5WithRSA, "RSA with MD5", '5', &CSSMOID_MD5WithRSA}, -// { CSSM_ALGID_MD2WithRSA, "RSA with MD2", '2', &CSSMOID_MD2WithRSA}, - { CSSM_ALGID_SHA1WithRSA, "RSA with SHA1", 's', &CSSMOID_SHA1WithRSA}, - { CSSM_ALGID_NONE, NULL, 0 } -}; - -static const AlgInfo feeSigAlgInfo[] = -{ - { CSSM_ALGID_FEE_MD5, "FEE with MD5", '5', &CSSMOID_APPLE_FEE_MD5 }, - { CSSM_ALGID_FEE_SHA1, "FEE with SHA1", 's', &CSSMOID_APPLE_FEE_SHA1 }, - { CSSM_ALGID_SHA1WithECDSA, "ECDSA/SHA1", 'e', &CSSMOID_APPLE_ECDSA }, - { CSSM_ALGID_NONE, NULL, 0, NULL } -}; - -static const AlgInfo dsaSigAlgInfo[] = -{ - { CSSM_ALGID_SHA1WithDSA, "DSA with SHA1", 's', &CSSMOID_SHA1WithDSA }, - { CSSM_ALGID_NONE, NULL, 0, NULL } -}; - -static const AlgInfo keyAlgInfo[] = -{ - { CSSM_ALGID_RSA, "RSA", 'r', NULL, 512, "512..2048", - rsaSigAlgInfo, rsaKeySizeVerify}, - { CSSM_ALGID_DSA, "DSA", 'd', NULL, 512, "512..2048", - dsaSigAlgInfo, dsaKeySizeVerify}, - { CSSM_ALGID_FEE, "FEE", 'f', NULL, 128, "128, 161, 192", - feeSigAlgInfo, feeKeySizeVerify}, - { CSSM_ALGID_NONE, NULL, 0, NULL } -}; - - -/* map a char response to an element of an AlgInfo array */ -static const AlgInfo *algInfoForSelect( - const AlgInfo *algInfo, // NULL terminated - char c) -{ - while(algInfo->str != NULL) { - if(algInfo->selector == c) { - return algInfo; - } - algInfo++; - } - /* not found */ - return NULL; -} - -/* map a CSSM_ALGORITHM to an entry in keyAlgInfo[] */ -static const AlgInfo *algInfoForAlg( - CSSM_ALGORITHMS alg) -{ - const AlgInfo *algInfo = keyAlgInfo; - while(algInfo->str != NULL) { - if(algInfo->alg == alg) { - return algInfo; - } - algInfo++; - } - /* not found */ - return NULL; -} - -/* get key size and algorithm for subject key */ -void getKeyParams( - CSSM_ALGORITHMS &keyAlg, - uint32 &keySizeInBits) -{ - char resp[200]; - const AlgInfo *keyInfo; - const AlgInfo *tempInfo; - - /* get a key algorithm */ - printf("\nPlease specify parameters for the key pair you will generate.\n\n"); - while(1) { - /* break when we get a valid key algorithm */ - tempInfo = keyAlgInfo; - while(tempInfo->str != NULL) { - printf(" %c %s\n", tempInfo->selector, tempInfo->str); - tempInfo++; - } - getStringWithPrompt("\nSelect key algorithm by letter: ", resp, sizeof(resp)); - if(resp[0] == '\0') { - printf("***There is no default. Please choose a key algorithm.\n"); - continue; - } - keyInfo = algInfoForSelect(keyAlgInfo, resp[0]); - if(keyInfo) { - break; - } - } - - while(1) { - /* until we get a valid key size */ - printf("\nValid key sizes for %s are %s; default is %u\n", - keyInfo->str, keyInfo->keyRangeString, (unsigned)keyInfo->defaultKeySize); - getStringWithPrompt("Enter key size in bits or CR for default: ", - resp, sizeof(resp)); - if(resp[0] == '\0') { - keySizeInBits = keyInfo->defaultKeySize; - } - else { - keySizeInBits = atoi(resp); - } - if(keyInfo->vfyFcn(keySizeInBits)) { - printf("\nYou have selected algorithm %s, key size %u bits.\n", - keyInfo->str, (unsigned)keySizeInBits); - getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp)); - if(resp[0] == 'y') { - break; - } - } - else { - printf("***%u is not a legal key size for algorithm %s.\n", - (unsigned)keySizeInBits, keyInfo->str); - } - } - keyAlg = keyInfo->alg; -} - -/* given a signing key, obtain signing algorithm (int and oid format) */ -OSStatus getSigAlg( - const CSSM_KEY *signingKey, - CSSM_ALGORITHMS &sigAlg, - const CSSM_OID * &sigOid) -{ - char resp[200]; - const AlgInfo *keyInfo; - const AlgInfo *tempInfo; - const AlgInfo *sigInfoArray; - const AlgInfo *sigInfo; - - keyInfo = algInfoForAlg(signingKey->KeyHeader.AlgorithmId); - if(keyInfo == NULL) { - printf("***Signing key has unknown algorithm (%u).\n", - (unsigned)signingKey->KeyHeader.AlgorithmId); - return paramErr; - } - sigInfoArray = keyInfo->sigAlgInfo; - printf("\nPlease specify the algorithm with which your certificate will be " - "signed.\n\n"); - while(1) { - /* break when we get a valid sig algorithm */ - tempInfo = sigInfoArray; - while(tempInfo->str != NULL) { - printf(" %c %s\n", tempInfo->selector, tempInfo->str); - tempInfo++; - } - getStringWithPrompt("\nSelect signature algorithm by letter: ", - resp, sizeof(resp)); - if(resp[0] == '\0') { - printf("***There is no default. Please choose a signature algorithm.\n"); - continue; - } - sigInfo = algInfoForSelect(sigInfoArray, resp[0]); - if(sigInfo == NULL) { - printf("Try again.\n"); - continue; - } - printf("\nYou have selected algorithm %s.\n", sigInfo->str); - getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp)); - if(resp[0] == 'y') { - break; - } - } - sigAlg = sigInfo->alg; - sigOid = sigInfo->oid; - return noErr; -} - -CU_KeyUsage getKeyUsage(bool isRoot) -{ - char resp[200]; - char *prompt; - - if(isRoot) { - /* root HAS to be capable of signing */ - prompt = "Enter cert/key usage (s=signing, b=signing AND encrypting): "; - } - else { - prompt = "Enter cert/key usage (s=signing, e=encrypting, b=both): "; - } - while(1) { - getStringWithPrompt(prompt, resp, sizeof(resp)); - switch(resp[0]) { - case 's': - return kKeyUseSigning; - case 'e': - if(isRoot) { - continue; - } - return kKeyUseEncrypting; - case 'b': - return kKeyUseSigning | kKeyUseEncrypting; - - } - } -} - - diff --git a/CertTool/CertUI.h b/CertTool/CertUI.h deleted file mode 100644 index 7fcc9256..00000000 --- a/CertTool/CertUI.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - File: CertUI.h - - Description: stdio-based routines to get cert info from user. - - Author: dmitch -*/ - -#ifndef _CREATECERT_CERT_UI_H_ -#define _CREATECERT_CERT_UI_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { - -enum AbortException {kEOFException}; - -/* Dump error info. */ -void showError( - OSStatus ortn, - const char *errStr); - -/* - * Safe gets(). - * -- guaranteed no buffer overflow - * -- guaranteed NULL-terminated string - * -- handles empty string (i.e., response is just CR) properly - */ -void getString( - char *buf, - unsigned bufSize); - -/* - * Prompt and safe getString. - */ -void getStringWithPrompt( - const char *prompt, // need not end in newline - char *buf, - unsigned bufSize); - -/* - * Used to interactively cook up an array of CSSM_APPLE_TP_NAME_OIDs, representing - * a cert's RDN. - */ -typedef struct { - const CSSM_OID *oid; // e.g., CSSMOID_CommonName - const char *description; // e.g., "Common Name" - const char *example; // e.g., "www.apple.com" -} NameOidInfo; - -#define MAX_NAMES 5 - -/* Fill in a CSSM_APPLE_TP_NAME_OID array. */ -void getNameOids( - CSSM_APPLE_TP_NAME_OID *subjectNames, // size MAX_NAMES mallocd by caller - uint32 *numNames); // RETURNED - -/* - * Free strings mallocd in getNameOids. - */ -void freeNameOids( - CSSM_APPLE_TP_NAME_OID *subjectNames, - uint32 numNames); - -/* get key size and algorithm for subject key */ -void getKeyParams( - CSSM_ALGORITHMS &keyAlg, - uint32 &keySizeInBits); - -/* given a signing key, obtain signing algorithm (int and oid format) */ -OSStatus getSigAlg( - const CSSM_KEY *signingKey, - CSSM_ALGORITHMS &sigAlg, - const CSSM_OID * &sigOid); - -/* - * Obtain key usage. - */ - -/* these are OR-able bitfields */ -typedef unsigned CU_KeyUsage; -#define kKeyUseSigning 0x01 -#define kKeyUseEncrypting 0x02 - -CU_KeyUsage getKeyUsage(bool isRoot); - -#endif -#ifdef __cplusplus -} -#endif - -#endif /* _CREATECERT_CERT_UI_H_ */ diff --git a/CertTool/certtool.1 b/CertTool/certtool.1 deleted file mode 100644 index 17f9ab38..00000000 --- a/CertTool/certtool.1 +++ /dev/null @@ -1,436 +0,0 @@ -.de EX -.nf -.ft CW -.RS - -.. -.de EE -.br -.fi -.ft 1 -.RE -.PP -.. -.de BL -.TP -\(bu -.. -.TH CERTTOOL 1 "March 19, 2003" "Apple Computer, Inc." -.SH NAME -certtool \- create key pairs, certificates and certificate signing requests for -use with Keychains -.SH SYNOPSIS -.B certtool -command [command-args] [options] -.PP -.B certtool -c [options] -.PP -.B certtool -r outFileName [options] -.PP -.B certtool -v infileName [options] -.PP -.B certtool -i inFileName [options] -.PP -.B certtool -d inFileName [options] -.PP -.B certtool -I inFileName [options] -.PP -.B certtool -D inFileName [options] -.PP -.B certtool -y [options] -.SH CERTTOOL COMMAND SUMMARY -.B c -Create keypair and Certificate -.PP -.B r -Create CSR -.PP -.B v -Verify CSR -.PP -.B i -Import Certificate -.PP -.B d -Display Certificate -.PP -.B I -Import CRL -.PP -.B D -Display CRL -.PP -.B I -Import a CRL -.PP -.B y -Display all certs and CRLs in keychain -.PP -.SH "CERTTOOL OPTION SUMMARY" -.TP -.B c -Create the keychain, if one is needed. -.TP -.B d -Create a CSR in DER format; default is PEM -.TP -.B k=keychainName -Specify the Keychain to use for the operation. If keychainName starts with a '/', an absolute path is assumed; otherwise, the specified filename is relative to the user's Library/Keychains directory. -.TP -.B p=passphrase -Specify the keychain passphrase when creating -.TP -.B r=privateKeyFileName -Optional private key, for Import Certificate only -.TP -.B f=[18f] -Private Key Format = PKCS1/PKCS8/FIPS186; default is PKCS1 (openssl) -.TP -.B a -Generate private key with default ACL -.TP -.B h -Print usage message -.TP -.B v -Execute in verbose mode. -.SH "DESCRIPTION" -.B Certtool -is a UNIX command-line program which is used to create key pairs, certificates, -and certificate signing requests; to import externally generated certificates -and Certificate Revocation Lists (CRLs) into a Keychain, and to display the -contents of certificates and CRLs. Currently, the primary use of CertTool is -to perform the certificate-related administration required to configure an -SSL server based on Mac OS X's SecureTransport library. -.SH EXAMPLES -.PP -.B "Generating a Self-Signed Certificate" -.PP -This command generates a key pair and a self-signed (root) certificate -and places them in a keychain. The root cert is signed by the private -key generated during this command. The cert generated by this command -is totally untrustworthy and cannot be used in the "real world"; the -primary use of this command is to facilitate early development of SSL -server applications based on SecureTransport. In particular, -"real world" SSL clients (e.g., web browsers) will complain to -varying degrees when they attempt to connect to an SSL server which -presents a cert which is generated by this command. Some broswers, -after a fair amount of handholding, will allow you to conditionally -"trust" this cert. -.EX -# CertTool c [options] -.EE -The available options are: -.TP -k=keyChainName -.PP -Where "keyChainName" is the name of the keychain into which keys and the cert -will be added. If no keychain is specified, keys and certs are added to the -default keychain. The specified keychain must exist unless you specify the 'c' -option. -.TP -c -.PP -Specifies that the designated keychain is to be created. -.PP -This an interactive command; you will be prompted for a number of different -items which are used to generate the keypair and the cert. A sample session -follows. -.EX -# CertTool k=certkc -Enter key and certificate label: testCert - -Please specify parameters for the key pair you will generate. - - r RSA - d DSA - f FEE - -Select key algorithm by letter: r - -Valid key sizes for RSA are 512..2048; default is 512 -Enter key size in bits or CR for default: 512 - -You have selected algorithm RSA, key size 512 bits. -OK (y/anything)? y -Enter cert/key usage (s=signing, b=signing AND encrypting): b - ...Generating key pair... - -.EE -Note: you will be prompted for the Keychain's passphrase by the Keychain -system at this point if the specified keychain is not open and you have not specified the passphrase via the 'p' option. -.EX -Please specify the algorithm with which your certificate will be signed. - - 5 RSA with MD5 - s RSA with SHA1 - -Select signature algorithm by letter: s - -You have selected algorithm RSA with SHA1. -OK (y/anything)? y -...creating certificate... -.EE -You will now specify the various components of the certificate's -Relative Distinguished Name (RDN). An RDN has a number of -components, all of which are optional, but at least one of -which must be present. -.PP -Note that if you are creating a certificate for use in an -SSL/TLS server, the Common Name component of the RDN must match -exactly the host name of the server. This must not be an IP -address, but the actual domain name, e.g. www.apple.com. -Entering a CR for a given RDN component results in no value for -that component. -.EX -Common Name (e.g, www.apple.com) : 10.0.61.5 -Country (e.g, US) : -Organization (e.g, Apple Computer, Inc.) : Apple -Organization Unit (e.g, Apple Data Security) : -State/Province (e.g., California) : California - -You have specified: - Common Name : 10.0.61.5 - Organization : Apple - State/Province : California -Is this OK (y/anything)? y -..cert stored in Keychain. -# -.EE -The "Common Name" portion of the RDN - in the above case, "10.0.61.5" - MUST -match the host name of the machine you'll running sslServer on. (In this case -the test machine doesn't have an actual hostname; it's DHCP'd behind a firewall -which is why "10.0.61.5" was specified for Common Name.) This is part of SSL's -certificate verification; it prevents an attack using DNS spoofing. -.PP -A brief note about cert/key usage: the normal configuration of SecureTransport -is that the server cert specified in SSLSetCertificate() is capable of both -signing and encryption. If this cert is only capable of signing, then you must -create a second keychain ontaining a cert which is capable of encryption, and -pass that to SSLSetEncryptionCertificate(). -.PP -.B "Generating a Certificate Signing Request (CSR)" -.PP -A CSR is the standard means by which an administrator of a web server provides -information to a Certificate Authority (CA) in order to obtain a valid -certificate which is signed by the CA. This type of cert is used in the real -world; certs signed by CAs such as Verisign or Thawte are recognized by all web -browsers when performing SSL transactions. -.PP -The general procedure for obtaining a "real" cert is: -.BL -Generate a key pair -.BL -Generate a CSR -.BL -Provide the CSR and some other information and/or documentation to the CA -.BL -CA sends you a certificate which is signed by the CA. -.BL -You import that certificate, obtained from the CA, into your keychain. -.PP -The -items in that keychain can now be used in SecureTransport's SSLSetCertificate() -call. -.PP -This command performs the first two steps in the above procedure. See the -section below entitled "Importing a Certificate" for information on -importing the resulting certificate into your keychain. The format of -this command is -.EX -# CertTool r outFileName [options] -.EE -The resulting CSR will be written to "outFileName". -The available options are: -.EX -k=keyChainName -.EE -Where "KeyChainName" is the name of the keychain into which keys and the cert -will be added. If no keychain is specified, keys and certs are added to the -default keychain. The specified keychain must exist unless you specify the 'c' -option. -.EX - d -.EE -The 'd' option tells CertTool to create the CSR in DER-encoded format. The -default is PEM-encoded, which is what most CAs expect. PEM encoded data consists -of printable ASCII text which can, for example, be pasted into an email message. -DER-encoded data is nonprintable binary data. -.EX - c -.EE -Specifies that the designated keychain is to be created. -.PP -This an interactive command; you will be prompted for a number of different -items which are used to generate the keypair and the CSR. The prompts given, and -the format of the data you must supply, are identical to the data shown in the -sample session in Section 2. -.PP -.B "Verifying a CSR" -.PP -A CSR contains, among other things, the public key which was generated in -as described above. The CSR is signed with the associated private key. Thus the -integrity of a CSR can be verified by extracting its public key and verifying the signature of the CSR. This command performs this integrity check. The format of this command is -.EX -# CertTool v inFileName [options] -.EE -The only available option is the 'd' flag, which as described above in the -section entitled "Generating a Certificate Signing Request", indiciates -that the CSR is in DER format rather than the default PEM format. -A typical (successful) run of this command is like so: -.EX -# CertTool v myCsr.pem - ...CSR verified successfully. -.EE -A large number of things can go wrong if the verification fails; suffice it to -say that if you see anything other than the above success message, you have a -bad or corrupted CSR. -.PP -.B "Importing a Certificate from a Certificate Authority" -.PP -Once you have negotiated with your CA, and provided them with the CSR generated -as described above as well as any other information, documentation, and payment they -require, the CA will provide you with a certificate. Use this command to add -that certificate to the keychain containing the keypair you generated previously. -.PP -The format of this command is -.EX -# CertTool i inFileName [options] -.EE -The cert to import is obtained from "inFileName". The available options are: -.EX -k=keyChainName -.EE -Where "keyChainName" is the name of the keychain to which the cert will be -added. If no keychain is specified, the cert is added to the default keychain. -The specified keychain typically contains the keypair you generated previously. -(Note you can import a certificate into a keychain which does not contain keys -you generated but there will be no linkage between the imported certificate and -a private key if you do this.) If the keychain is not open when this command is -executed, you will be prompted by the Keychain system for its passphrase. -.EX -r=privateKeyFileName -.EE -Where "privateKeyFileName" is the name of the optional private key file to imported along with the certificate. This option is used to import cert/key pairs which are generated by other means, such as OpenSSL. -.EX -f=privateKeyFormat -.EE -Where "privateKeyFormat" is the format of the private key specified with the 'r' option. The formats are: '1' for PKCS1 (OpenSSL format), '8' (PKCS8), and 'f' (FIPS186, BSAFE format). The default is OpenSSL format for both RSA and DSA keys. -.EX - d -.EE -Specifies DER format as described above. The default is PEM format. -.EX - c -.EE -Specifies that the designated keychain is to be created. -.PP -.B "Displaying a Certificate" -.PP -This displays the contents of an existing certificate, obtained from a file. -The format of this command is -.EX -# CertTool d inFileName [options] -.EE -The cert to display is obtained from "inFileName". -The only available option is the 'd' flag, specifying DER format as described above. The default is PEM format. Actually, in the absence of this option, certtool will correctly determine the format of the certificate (PEM or DER). -.PP -.B "Importing a CRL" -.PP -This command is used to add a Certificate Revocation List (CRL) to a keychain. -The format of this command is -.EX -# CertTool I inFileName [options] -.EE -The CRL to import is obtained from "inFileName". The available options are: -.EX -k=keyChainName -.EE -Where "KeyChainName" is the name of the keychain to which the CRL will be added. -If no keychain is specified, the cert is added to the default keychain. If the -keychain is not open when this command is executed, you will be prompted by the -Keychain system for its passphrase. -.EX - d -.EE -Specifies DER format as described above. The default is PEM format. -.EX - c -.EE -Specifies that the designated keychain is to be created. -.PP -.B "Displaying a CRL" -.PP -This displays the contents of an existing Certificate Revocation List (CRL), -obtained from a file. The format of this command is -.EX -# CertTool D inFileName [options] -.EE -The cert to display is obtained from "inFileName". -The only available option is the 'd' flag, specifying DER format as described -above. The default is PEM format. -.PP -.B "Displaying Certificates and CRLs in a keychain" -.PP -This displays the contents of all certificates and CRLs in a keychain. The format of this command is -.EX -# CertTool y [options] -.EE -The available options are: -.EX -k=keyChainName -.EE -Where "KeyChainName" is the name of the keychain to display. -.EX -v -.EE -Specifies verbose mode. -.PP -.B "Certificate Authorities and CSRs" -.PP -As mentioned above, the general procedure for obtaining a "real" cert is: -.BL -Generate a key pair -.BL -Generate a CSR -.BL -Provide the CSR and some other information and/or documentation to the CA -.BL -CA sends you a certificate which is signed by the CA. -.BL -You import that certificate, obtained from the CA, into your keychain. -.PP -The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate() -call. -.PP -One CA with an excellent web-based interface for obtaining a cert is Verisign -(http://www.verisign.com/products/site/index.html). You can get a free 14-day -trial certificate using nothing but CertTool, Verisign's web site, and email. -You need to provide some personal information; then you paste in the CSR -generated as described in the section entitled "Generating a Certificate -Signing Request" into a form on the web site. A few minutes later Verisign -emails you a certificate, which you import into your keychain. -The whole process takes less than 10 minutes. The free certificate obtained in -this manner is signed by a temporary root cert which is not recognized by any -browsers, but Verisign also provides a means of installing this temporary root -cert into your browser, directly from their web site. Typically one would use -the free, temporary cert to perform initial configuration of a server and to -ring out the general SSL infrastructure. Once you feel comfortable with the -operation of the server, then it's time to buy a "real" certificate which will -allow your web server to be recognized by any browser. -.PP -Thawte has a similar, very friendly service at http://www.thawte.com/. -Note that, for early web server development and/or testing, you can skip the entire procedure described above and just generate your own self-signed root cert as described above. No CA is involved; no CSR is generated; no cert needs to be imported - CertTool generates a cert for you and immediately adds it to your keychain. Bear in mind that this option requires tolerance of the various SSL clients you'll be testing with, none of whom recognize your root cert. -.SH FILES -.B /System/Library/Keychains/X509Anchors -System root certificate database -.SH SEE ALSO -.BR openssl ( 1 ) diff --git a/CertTool/dumpasn1.cfg b/CertTool/dumpasn1.cfg deleted file mode 100644 index dc7b0e6b..00000000 --- a/CertTool/dumpasn1.cfg +++ /dev/null @@ -1,2925 +0,0 @@ -# dumpasn1 Object Identifier configuration file, available from -# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by -# dumpasn1.c and is used to display information on Object Identifiers found in -# ASN.1 objects. This is merely a list of things which you might conceivably -# find in use somewhere, and should in no way be taken as a guide to which OIDs -# to use - many of these will never been seen in the wild, or should be shot on -# sight if encountered. -# -# The format of this file is as follows: -# -# - All blank lines and lines beginning with a '#' are ignored. -# - OIDs are described by a set of attributes, of which at least the 'OID' and -# 'Description' must be present. Optional attributes are a 'Comment' and a -# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is -# encountered). -# - Attributes are listed one per line. The first attribute should be an 'OID' -# attribute since this is used to denote the start of a new OID description. -# The other attributes may be given in any order. -# -# See the rest of this file for examples of what an OID description should look -# like. - -# Some unknown X.500 attributes spec from the UK - -OID = 06 09 09 92 26 89 93 F2 2C 01 03 -Comment = Some oddball X.500 attribute collection -Description = rfc822Mailbox (0 9 2342 19200300 1 3) - -# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect) - -OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01 -Comment = Men are from Mars, this OID is from Pluto -Description = domainComponent (0 9 2342 19200300 100 1 25) - -# Certificates Australia - -OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01 -Comment = Certificates Australia CA -Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1) - -# Signet - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02 -Comment = Signet CA -Description = Signet personal (1 2 36 68980861 1 1 2) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03 -Comment = Signet CA -Description = Signet business (1 2 36 68980861 1 1 3) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04 -Comment = Signet CA -Description = Signet legal (1 2 36 68980861 1 1 4) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A -Comment = Signet CA -Description = Signet pilot (1 2 36 68980861 1 1 10) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B -Comment = Signet CA -Description = Signet intraNet (1 2 36 68980861 1 1 11) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14 -Comment = Signet CA -Description = Signet securityPolicy (1 2 36 68980861 1 1 20) - -# Mitsubishi - -OID = 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01 -Comment = Mitsubishi security algorithm -Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1) - -OID = 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01 -Comment = Mitsubishi security algorithm -Description = misty1-cbc (1 2 392 200011 61 1 1 1 1) - -# SEIS - -OID = 06 05 2A 85 70 22 01 -Comment = SEIS Project -Description = seis-cp (1 2 752 34 1) - -OID = 06 06 2A 85 70 22 01 01 -Comment = SEIS Project certificate policies -Description = SEIS high-assurnace certificatePolicy (1 2 752 34 1 1) - -OID = 06 06 2A 85 70 22 01 02 -Comment = SEIS Project certificate policies -Description = SEIS GAK certificatePolicy (1 2 752 34 1 2) - -OID = 06 05 2A 85 70 22 02 -Comment = SEIS Project -Description = SEIS pe (1 2 752 34 2) - -OID = 06 05 2A 85 70 22 03 -Comment = SEIS Project -Description = SEIS at (1 2 752 34 3) - -OID = 06 06 2A 85 70 22 03 01 -Comment = SEIS Project attribute -Description = SEIS at-personalIdentifier (1 2 752 34 3 1) - -# ANSI X9.57 - -OID = 06 06 2A 86 48 CE 38 01 -Comment = ANSI X9.57 -Description = module (1 2 840 10040 1) - -OID = 06 07 2A 86 48 CE 38 01 01 -Comment = ANSI X9.57 module -Description = x9f1-cert-mgmt (1 2 840 10040 1 1) - -OID = 06 06 2A 86 48 CE 38 02 -Comment = ANSI X9.57 -Description = holdinstruction (1 2 840 10040 2) - -OID = 06 07 2A 86 48 CE 38 02 01 -Comment = ANSI X9.57 hold instruction -Description = holdinstruction-none (1 2 840 10040 2 1) - -OID = 06 07 2A 86 48 CE 38 02 02 -Comment = ANSI X9.57 hold instruction -Description = callissuer (1 2 840 10040 2 2) - -OID = 06 07 2A 86 48 CE 38 02 03 -Comment = ANSI X9.57 hold instruction -Description = reject (1 2 840 10040 2 3) - -OID = 06 07 2A 86 48 CE 38 02 04 -Comment = ANSI X9.57 hold instruction -Description = pickupToken (1 2 840 10040 2 4) - -OID = 06 06 2A 86 48 CE 38 03 -Comment = ANSI X9.57 -Description = attribute (1 2 840 10040 3) - -OID = 06 06 2A 86 48 CE 38 03 01 -Comment = ANSI X9.57 attribute -Description = countersignature (1 2 840 10040 3 1) - -OID = 06 06 2A 86 48 CE 38 03 02 -Comment = ANSI X9.57 attribute -Description = attribute-cert (1 2 840 10040 3 2) - -OID = 06 06 2A 86 48 CE 38 04 -Comment = ANSI X9.57 -Description = algorithm (1 2 840 10040 4) - -# this is specified in sm_cms -OID = 06 07 2A 86 48 CE 38 04 01 -Comment = ANSI X9.57 algorithm -Description = dsa (1 2 840 10040 4 1) - -OID = 06 07 2A 86 48 CE 38 04 02 -Comment = ANSI X9.57 algorithm -Description = dsa-match (1 2 840 10040 4 2) - -OID = 06 07 2A 86 48 CE 38 04 03 -Comment = ANSI X9.57 algorithm -Description = dsaWithSha1 (1 2 840 10040 4 3) - -# ANSI X9.62 - -OID = 06 06 2A 86 48 CE 3D 01 -Comment = ANSI X9.62. This OID may also be assigned as ecdsa-with-SHA1 -Description = fieldType (1 2 840 10045 1) - -OID = 06 07 2A 86 48 CE 3D 01 01 -Comment = ANSI X9.62 field type -Description = prime-field (1 2 840 10045 1 1) - -OID = 06 07 2A 86 48 CE 3D 01 02 -Comment = ANSI X9.62 field type -Description = characteristic-two-field (1 2 840 10045 1 2) - -OID = 06 09 2A 86 48 CE 3D 01 02 03 -Comment = ANSI X9.62 field type -Description = characteristic-two-basis (1 2 840 10045 1 2 3) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 01 -Comment = ANSI X9.62 field basis -Description = onBasis (1 2 840 10045 1 2 3 1) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 02 -Comment = ANSI X9.62 field basis -Description = tpBasis (1 2 840 10045 1 2 3 2) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 03 -Comment = ANSI X9.62 field basis -Description = ppBasis (1 2 840 10045 1 2 3 3) - -OID = 06 07 2A 86 48 CE 3D 01 02 -Comment = ANSI X9.62 -Description = public-key-type (1 2 840 10045 1 2) - -OID = 06 08 2A 86 48 CE 3D 01 02 01 -Comment = ANSI X9.62 public key type -Description = ecPublicKey (1 2 840 10045 1 2 1) - -# The definition for the following OID is somewhat confused, and is given as -# keyType, publicKeyType, and public-key-type, all within 4 lines of text. -# ecPublicKey is defined using the ID publicKeyType, so this is what's used -# here. -OID = 06 06 2A 86 48 CE 3D 02 -Comment = ANSI X9.62 -Description = publicKeyType (1 2 840 10045 2) - -OID = 06 07 2A 86 48 CE 3D 02 01 -Comment = ANSI X9.62 public key type -Description = ecPublicKey (1 2 840 10045 2 1) - -# ANSI X9.42 - -OID = 06 07 2A 86 48 CE 3E 02 -Comment = ANSI X9.42 -Description = number-type (1 2 840 10046 2) - -OID = 06 07 2A 86 48 CE 3E 02 01 -Comment = ANSI X9.42 number-type -Description = dhPublicNumber (1 2 840 10046 2 1) - -# Nortel Secure Networks/Entrust - -OID = 06 07 2A 86 48 86 F6 7D 07 -Description = nsn (1 2 840 113533 7) - -OID = 06 08 2A 86 48 86 F6 7D 07 41 -Description = nsn-ce (1 2 840 113533 7 65) - -OID = 06 09 2A 86 48 86 F6 7D 07 41 00 -Comment = Nortel Secure Networks ce (1 2 840 113533 7 65) -Description = entrustVersInfo (1 2 840 113533 7 65 0) - -OID = 06 08 2A 86 48 86 F6 7D 07 42 -Description = nsn-alg (1 2 840 113533 7 66) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 03 -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast3CBC (1 2 840 113533 7 66 3) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0A -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast5CBC (1 2 840 113533 7 66 10) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0B -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast5MAC (1 2 840 113533 7 66 11) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0C -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0D -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = passwordBasedMac (1 2 840 113533 7 66 13) - -OID = 06 08 2A 86 48 86 F6 7D 07 43 -Description = nsn-oc (1 2 840 113533 7 67) - -OID = 06 09 2A 86 48 86 F6 7D 07 43 0C -Comment = Nortel Secure Networks oc (1 2 840 113533 7 67) -Description = entrustUser (1 2 840 113533 7 67 0) - -OID = 06 08 2A 86 48 86 F6 7D 07 44 -Description = nsn-at (1 2 840 113533 7 68) - -OID = 06 09 2A 86 48 86 F6 7D 07 44 00 -Comment = Nortel Secure Networks at (1 2 840 113533 7 68) -Description = entrustCAInfo (1 2 840 113533 7 68 0) - -OID = 06 09 2A 86 48 86 F6 7D 07 44 0A -Comment = Nortel Secure Networks at (1 2 840 113533 7 68) -Description = attributeCertificate (1 2 840 113533 7 68 10) - -# PKCS #1 - -OID = 06 08 2A 86 48 86 F7 0D 01 01 -Description = pkcs-1 (1 2 840 113549 1 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 01 -Comment = PKCS #1 -Description = rsaEncryption (1 2 840 113549 1 1 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 02 -Comment = PKCS #1 -Description = md2withRSAEncryption (1 2 840 113549 1 1 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 03 -Comment = PKCS #1 -Description = md4withRSAEncryption (1 2 840 113549 1 1 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 04 -Comment = PKCS #1 -Description = md5withRSAEncryption (1 2 840 113549 1 1 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 05 -Comment = PKCS #1 -Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) - -# There is some confusion over the identity of the following OID. The OAEP -# one is more recent, but independant vendors have already used the RIPEMD -# one, however it's likely that SET will be a bigger hammer so we report it -# as that. -OID = 06 09 2A 86 48 86 F7 0D 01 01 06 -Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption -Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6) -# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6) - -# PKCS #3 - -OID = 06 08 2A 86 48 86 F7 0D 01 03 -Description = pkcs-3 (1 2 840 113549 1 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 03 01 -Comment = PKCS #3 -Description = dhKeyAgreement (1 2 840 113549 1 3 1) - -# PKCS #5 - -OID = 06 09 2A 86 48 86 F7 0D 01 05 -Description = pkcs-5 (1 2 840 113549 1 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 01 -Comment = PKCS #5 -Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 03 -Comment = PKCS #5 -Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 04 -Comment = PKCS #5 -Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 06 -Comment = PKCS #5 -Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 09 -Comment = PKCS #5, used in BSAFE only -Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0A -Comment = PKCS #5 -Description = pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10) - -# PKCS #7 - -OID = 06 09 2A 86 48 86 F7 0D 01 07 -Description = pkcs-7 (1 2 840 113549 1 7) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 01 -Comment = PKCS #7 -Description = data (1 2 840 113549 1 7 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 02 -Comment = PKCS #7 -Description = signedData (1 2 840 113549 1 7 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 03 -Comment = PKCS #7 -Description = envelopedData (1 2 840 113549 1 7 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 04 -Comment = PKCS #7 -Description = signedAndEnvelopedData (1 2 840 113549 1 7 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 05 -Comment = PKCS #7 -Description = digestedData (1 2 840 113549 1 7 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 06 -Comment = PKCS #7 -Description = encryptedData (1 2 840 113549 1 7 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 07 -Comment = PKCS #7 experimental -Description = dataWithAttributes (1 2 840 113549 1 7 7) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 07 08 -Comment = PKCS #7 experimental -Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8) -Warning - -# PKCS #9 - -OID = 06 09 2A 86 48 86 F7 0D 01 09 -Description = pkcs-9 (1 2 840 113549 1 9) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 01 -Comment = PKCS #9 (1 2 840 113549 1 9). Deprecated, use an altName extension instead -Description = emailAddress (1 2 840 113549 1 9 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 02 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = unstructuredName (1 2 840 113549 1 9 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 03 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = contentType (1 2 840 113549 1 9 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 04 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = messageDigest (1 2 840 113549 1 9 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 05 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = signingTime (1 2 840 113549 1 9 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 06 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = countersignature (1 2 840 113549 1 9 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 07 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = challengePassword (1 2 840 113549 1 9 7) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 08 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = unstructuredAddress (1 2 840 113549 1 9 8) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 09 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = extendedCertificateAttributes (1 2 840 113549 1 9 9) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0A -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = issuerAndSerialNumber (1 2 840 113549 1 9 10) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0B -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = passwordCheck (1 2 840 113549 1 9 11) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0C -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = publicKey (1 2 840 113549 1 9 12) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0D -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = signingDescription (1 2 840 113549 1 9 13) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0E -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = extensionReq (1 2 840 113549 1 9 14) - -# PKCS #9 for use with S/MIME - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0F -Comment = PKCS #9 (1 2 840 113549 1 9). This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name -Description = sMIMECapabilities (1 2 840 113549 1 9 15) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15) -Description = preferSignedData (1 2 840 113549 1 9 15 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15) -Description = canNotDecryptAny (1 2 840 113549 1 9 15 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 1) instead -Description = receiptRequest (1 2 840 113549 1 9 15 3) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 1 1) instead -Description = receipt (1 2 840 113549 1 9 15 4) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 4) instead -Description = contentHints (1 2 840 113549 1 9 15 5) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 3) instead -Description = mlExpansionHistory (1 2 840 113549 1 9 15 6) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 10 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = id-sMIME (1 2 840 113549 1 9 16) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-mod (1 2 840 113549 1 9 16 0) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01 -Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) -Description = id-mod-cms (1 2 840 113549 1 9 16 0 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02 -Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) -Description = id-mod-ess (1 2 840 113549 1 9 16 0 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-ct (1 2 840 113549 1 9 16 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01 -Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1) -Description = id-ct-receipt (1 2 840 113549 1 9 16 1 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-aa (1 2 840 113549 1 9 16 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-receiptRequest (1 2 840 113549 1 9 16 2 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-securityLabel (1 2 840 113549 1 9 16 2 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-mlExpandHistory (1 2 840 113549 1 9 16 2 3) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentHint (1 2 840 113549 1 9 16 2 4) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-msgSigDigest (1 2 840 113549 1 9 16 2 5) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentIdentifier (1 2 840 113549 1 9 16 2 7) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-macValue (1 2 840 113549 1 9 16 2 8) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-equivalentLabels (1 2 840 113549 1 9 16 2 9) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentReference (1 2 840 113549 1 9 16 2 10) - -# PKCS #9 for use with PKCS #12 - -OID = 06 09 2A 86 48 86 F7 0D 01 09 14 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 15 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 16 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 17 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1) - -# PKCS #12. Note that current PKCS #12 implementations tend to be strange and -# peculiar, with implementors misusing OIDs or basing their work on earlier PFX -# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec -# itself is full of errors and inconsistencies, and a number of OIDs have been -# redefined in different drafts (often multiple times), which doesn't make the -# implementors job any easier. - -OID = 06 08 2A 86 48 86 F7 0D 01 0C -Description = pkcs-12 (1 2 840 113549 1 12) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 01 -Comment = This OID was formerly assigned as PKCS #12 modeID -Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 1). This OID was formerly assigned as pkcs-12-OfflineTransportMode -Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 2). This OID was formerly assigned as pkcs-12-OnlineTransportMode -Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 02 -Comment = Deprecated -Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01 -Comment = PKCS #12 ESPVKID (1 2 840 113549 1 12 2). Deprecated, use (1 2 840 113549 1 12 3 5) instead -Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1) -Warning - -# The following appear to have been redefined yet again at 12 10 in the latest -# PKCS #12 spec. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 03 -Description = pkcs-12-BagIds (1 2 840 113549 1 12 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 04 -Comment = Deprecated -Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01 -Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-X509CertCRLBag -Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02 -Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-SDSICertBag -Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2) - -# The following are from PFX. The ... 5 1 values have been reassigned to OIDs -# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 05 -Description = pkcs-12-OID (1 2 840 113549 1 12 5) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01 -Comment = PKCS #12 OID (1 2 840 113549 1 12 5). Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead -Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 1) instead -Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 2) instead -Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead -Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 5) instead -Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 6) instead -Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead -Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead -Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02 -Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03 -Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01 -Comment = PKCS #12 OID SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1) -Warning - -# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different -# order than the last redefinition at ... 12 3. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A -Description = pkcs-12Version1 (1 2 840 113549 1 12 10) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01 -Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6) - -# RSADSI digest algorithms - -OID = 06 08 2A 86 48 86 F7 0D 02 -Description = digestAlgorithm (1 2 840 113549 2) - -OID = 06 08 2A 86 48 86 F7 0D 02 02 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md2 (1 2 840 113549 2 2) - -OID = 06 08 2A 86 48 86 F7 0D 02 04 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md4 (1 2 840 113549 2 4) - -OID = 06 08 2A 86 48 86 F7 0D 02 05 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md5 (1 2 840 113549 2 5) - -# RSADSI encryption algorithms - -OID = 06 08 2A 86 48 86 F7 0D 03 -Description = encryptionAlgorithm (1 2 840 113549 3) - -OID = 06 08 2A 86 48 86 F7 0D 03 02 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc2CBC (1 2 840 113549 3 2) - -OID = 06 08 2A 86 48 86 F7 0D 03 03 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc2ECB (1 2 840 113549 3 3) - -OID = 06 08 2A 86 48 86 F7 0D 03 04 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc4 (1 2 840 113549 3 4) - -OID = 06 08 2A 86 48 86 F7 0D 03 05 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc4WithMAC (1 2 840 113549 3 5) - -OID = 06 08 2A 86 48 86 F7 0D 03 06 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = desx-CBC (1 2 840 113549 3 6) - -OID = 06 08 2A 86 48 86 F7 0D 03 07 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = des-EDE3-CBC (1 2 840 113549 3 7) - -OID = 06 08 2A 86 48 86 F7 0D 03 08 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc5CBC (1 2 840 113549 3 8) - -OID = 06 08 2A 86 48 86 F7 0D 03 09 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc5-CBCPad (1 2 840 113549 3 9) - -OID = 06 08 2A 86 48 86 F7 0D 03 0A -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3). Formerly called CDMFCBCPad -Description = desCDMF (1 2 840 113549 3 10) - -# Ascom Systech - -OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01 -Comment = Ascom Systech -Description = ascom (1 3 6 1 4 1 188 7 1 1) - -OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01 -Comment = Ascom Systech -Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1) - -# Microsoft - -OID = 06 08 2A 86 48 86 F7 14 04 03 -Comment = Microsoft -Description = microsoftExcel (1 2 840 113556 4 3) - -OID = 06 08 2A 86 48 86 F7 14 04 04 -Comment = Microsoft -Description = titledWithOID (1 2 840 113556 4 4) - -OID = 06 08 2A 86 48 86 F7 14 04 05 -Comment = Microsoft -Description = microsoftPowerPoint (1 2 840 113556 4 5) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 04 -Comment = Microsoft code signing -Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A -Comment = Microsoft code signing. Also known as policyLink -Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B -Comment = Microsoft code signing -Description = spcStatementType (1 3 6 1 4 1 311 2 1 11) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C -Comment = Microsoft code signing -Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E -Comment = Microsoft -Description = certExtensions (1 3 6 1 4 1 311 2 1 14) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F -Comment = Microsoft code signing -Description = spcPelmageData (1 3 6 1 4 1 311 2 1 15) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 14 -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 1) (1 3 6 1 4 1 311 2 1 20) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 15 -Comment = Microsoft -Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 16 -Comment = Microsoft -Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 19 -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A -Comment = Microsoft code signing -Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B -Comment = Microsoft code signing -Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28) - -OID = 06 0A 2B 06 01 04 01 82 37 03 02 01 -Comment = Microsoft code signing -Description = timestampCountersignature (1 3 6 1 4 1 311 3 2 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 01 -Comment = Microsoft PKCS #7 contentType -Description = certTrustList (1 3 6 1 4 1 311 10 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 02 -Comment = Microsoft -Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01 -Comment = Microsoft enhanced key usage -Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02 -Comment = Microsoft enhanced key usage -Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03 -Comment = Microsoft enhanced key usage -Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04 -Comment = Microsoft enhanced key usage -Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01 -Comment = Microsoft attribute -Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1) - -# UNINETT - -OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01 -Comment = UNINETT PCA -Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1) - -# ICE-TEL - -OID = 06 08 2B 06 01 04 01 95 18 0A -Comment = ICE-TEL CA -Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10) - -OID = 06 0A 2B 06 01 04 01 95 62 01 01 01 -Comment = ICE-TEL CA policy -Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1) - -# cryptlib - -OID = 06 09 2B 06 01 04 01 97 55 20 01 -Comment = cryptlib -Description = cryptlibEnvelope (1 3 6 1 4 1 3029 32 1) - -OID = 06 09 2B 06 01 04 01 97 55 20 02 -Comment = cryptlib -Description = cryptlibPrivateKey (1 3 6 1 4 1 3029 32 2) - -OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01 -Comment = cryptlib special MPEG-of-cat OID -Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1) - -# PKIX - -OID = 06 06 2B 06 01 05 05 07 -Description = pkix (1 3 6 1 5 5 7) - -OID = 06 07 2B 06 01 05 05 07 01 -Comment = PKIX -Description = privateExtension (1 3 6 1 5 5 7 1) - -OID = 06 08 2B 06 01 05 05 07 01 01 -Comment = PKIX private extension -Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1) - -OID = 06 07 2B 06 01 05 05 07 02 -Comment = PKIX -Description = policyQualifierIds (1 3 6 1 5 5 7 2) - -OID = 06 08 2B 06 01 05 05 07 02 01 -Comment = PKIX policy qualifier -Description = cps (1 3 6 1 5 5 7 2 1) - -OID = 06 08 2B 06 01 05 05 07 02 02 -Comment = PKIX policy qualifier -Description = unotice (1 3 6 1 5 5 7 2 2) - -OID = 06 07 2B 06 01 05 05 07 03 -Comment = PKIX -Description = keyPurpose (1 3 6 1 5 5 7 3) - -OID = 06 08 2B 06 01 05 05 07 03 01 -Comment = PKIX key purpose -Description = serverAuth (1 3 6 1 5 5 7 3 1) - -OID = 06 08 2B 06 01 05 05 07 03 02 -Comment = PKIX key purpose -Description = clientAuth (1 3 6 1 5 5 7 3 2) - -OID = 06 08 2B 06 01 05 05 07 03 03 -Comment = PKIX key purpose -Description = codeSigning (1 3 6 1 5 5 7 3 3) - -OID = 06 08 2B 06 01 05 05 07 03 04 -Comment = PKIX key purpose -Description = emailProtection (1 3 6 1 5 5 7 3 4) - -OID = 06 08 2B 06 01 05 05 07 03 05 -Comment = PKIX key purpose -Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5) - -OID = 06 08 2B 06 01 05 05 07 03 06 -Comment = PKIX key purpose -Description = ipsecTunnel (1 3 6 1 5 5 7 3 6) - -OID = 06 08 2B 06 01 05 05 07 03 07 -Comment = PKIX key purpose -Description = ipsecUser (1 3 6 1 5 5 7 3 7) - -OID = 06 08 2B 06 01 05 05 07 03 08 -Comment = PKIX key purpose -Description = timeStamping (1 3 6 1 5 5 7 3 8) - -OID = 06 07 2B 06 01 05 05 07 04 -Comment = PKIX -Description = cmpInformationTypes (1 3 6 1 5 5 7 4) - -OID = 06 08 2B 06 01 05 05 07 04 01 -Comment = PKIX CMP information -Description = caProtEncCert (1 3 6 1 5 5 7 4 1) - -OID = 06 08 2B 06 01 05 05 07 04 02 -Comment = PKIX CMP information -Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2) - -OID = 06 08 2B 06 01 05 05 07 04 03 -Comment = PKIX CMP information -Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3) - -OID = 06 08 2B 06 01 05 05 07 04 04 -Comment = PKIX CMP information -Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4) - -OID = 06 08 2B 06 01 05 05 07 04 05 -Comment = PKIX CMP information -Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5) - -OID = 06 08 2B 06 01 05 05 07 04 06 -Comment = PKIX CMP information -Description = currentCRL (1 3 6 1 5 5 7 4 6) - -OID = 06 08 2B 06 01 05 05 07 30 01 -Comment = PKIX authority info access descriptor -Description = ocsp (1 3 6 1 5 5 7 48 1) - -OID = 06 08 2B 06 01 05 05 07 30 02 -Comment = PKIX authority info access descriptor -Description = caIssuers (1 3 6 1 5 5 7 48 2) - -# ISAKMP - -OID = 06 08 2B 06 01 05 05 08 01 01 -Comment = ISAKMP HMAC algorithm -Description = HMAC-MD5 (1 3 6 1 5 5 8 1 1) - -OID = 06 08 2B 06 01 05 05 08 01 02 -Comment = ISAKMP HMAC algorithm -Description = HMAC-SHA (1 3 6 1 5 5 8 1 2) - -OID = 06 08 2B 06 01 05 05 08 01 03 -Comment = ISAKMP HMAC algorithm -Description = HMAC-Tiger (1 3 6 1 5 5 8 1 3) - -# DEC (via ECMA) - -OID = 06 07 2B 0C 02 87 73 07 01 -Comment = DASS algorithm -Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1) - -OID = 06 08 2B 0C 02 87 73 07 01 02 -Comment = DASS encryption algorithm -Description = decDEA (1 3 12 2 1011 7 1 2) - -OID = 06 07 2B 0C 02 87 73 07 02 -Comment = DASS algorithm -Description = decHashAlgorithm (1 3 12 2 1011 7 2) - -OID = 06 07 2B 0C 02 87 73 07 02 01 -Comment = DASS hash algorithm -Description = decMD2 (1 3 12 2 1011 7 2 1) - -OID = 06 07 2B 0C 02 87 73 07 02 02 -Comment = DASS hash algorithm -Description = decMD4 (1 3 12 2 1011 7 2 2) - -OID = 06 07 2B 0C 02 87 73 07 03 -Comment = DASS algorithm -Description = decSignatureAlgorithm (1 3 12 2 1011 7 3) - -OID = 06 07 2B 0C 02 87 73 07 03 01 -Comment = DASS signature algorithm -Description = decMD2withRSA (1 3 12 2 1011 7 3 1) - -OID = 06 07 2B 0C 02 87 73 07 03 02 -Comment = DASS signature algorithm -Description = decMD4withRSA (1 3 12 2 1011 7 3 2) - -OID = 06 07 2B 0C 02 87 73 07 03 03 -Comment = DASS signature algorithm -Description = decDEAMAC (1 3 12 2 1011 7 3 3) - -# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW), -# specialising in oddball and partially-defunct OIDs - -OID = 06 05 2B 0E 02 1A 05 -Comment = Unsure about this OID -Description = sha (1 3 14 2 26 5) - -OID = 06 06 2B 0E 03 02 01 01 -Comment = X.509. Unsure about this OID -Description = rsa (1 3 14 3 2 1 1) - -OID = 06 05 2B 0E 03 02 02 -Comment = Oddball OIW OID -Description = md4WitRSA (1 3 14 3 2 2) - -OID = 06 05 2B 0E 03 02 03 -Comment = Oddball OIW OID -Description = md5WithRSA (1 3 14 3 2 3) - -OID = 06 05 2B 0E 03 02 04 -Comment = Oddball OIW OID -Description = md4WithRSAEncryption (1 3 14 3 2 4) - -OID = 06 06 2B 0E 03 02 02 01 -Comment = X.509. Deprecated -Description = sqmod-N (1 3 14 3 2 2 1) -Warning - -OID = 06 06 2B 0E 03 02 03 01 -Comment = X.509. Deprecated -Description = sqmod-NwithRSA (1 3 14 3 2 3 1) -Warning - -OID = 06 05 2B 0E 03 02 06 -Description = desECB (1 3 14 3 2 6) - -OID = 06 05 2B 0E 03 02 07 -Description = desCBC (1 3 14 3 2 7) - -OID = 06 05 2B 0E 03 02 08 -Description = desOFB (1 3 14 3 2 8) - -OID = 06 05 2B 0E 03 02 09 -Description = desCFB (1 3 14 3 2 9) - -OID = 06 05 2B 0E 03 02 0A -Description = desMAC (1 3 14 3 2 10) - -OID = 06 05 2B 0E 03 02 0B -Comment = ISO 9796-2, also X9.31 Part 1 -Description = rsaSignature (1 3 14 3 2 11) - -# this is used by BSAFE -OID = 06 05 2B 0E 03 02 0C -Comment = OIW?, supposedly from an incomplete version of SDN.702 (doesn't match final SDN.702) -Description = dsa-bsafe (1 3 14 3 2 12) -Warning - -OID = 06 05 2B 0E 03 02 0D -Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27) -# Their response was that they know it's wrong, but noone uses SHA0 so it won't -# cause any problems, right? Note: BSAFE uses this as well! -Description = dsaWithSHA-bsafe (1 3 14 3 2 13) -Warning - -# The various mdWithRSASIsignature OIDs are for the ANSI X9.31 draft and use -# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and -# is still in progress -OID = 06 05 2B 0E 03 02 0E -Comment = Oddball OIW OID using 9796-2 padding rules -Description = mdc2WithRSASignature (1 3 14 3 2 14) - -OID = 06 05 2B 0E 03 02 0F -Comment = Oddball OIW OID using 9796-2 padding rules -Description = shaWithRSASignature (1 3 14 3 2 15) - -OID = 06 05 2B 0E 03 02 10 -Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead -Description = dhWithCommonModulus (1 3 14 3 2 16) -Warning - -OID = 06 05 2B 0E 03 02 11 -Comment = Oddball OIW OID. Mode is ECB -Description = desEDE (1 3 14 3 2 17) - -OID = 06 05 2B 0E 03 02 12 -Comment = Oddball OIW OID -Description = sha (1 3 14 3 2 18) - -OID = 06 05 2B 0E 03 02 13 -Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2 -Description = mdc-2 (1 3 14 3 2 19) - -OID = 06 05 2B 0E 03 02 14 -Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead -Description = dsaCommon (1 3 14 3 2 20) -Warning - -OID = 06 05 2B 0E 03 02 15 -Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead -Description = dsaCommonWithSHA (1 3 14 3 2 21) -Warning - -OID = 06 05 2B 0E 03 02 16 -Comment = Oddball OIW OID -Description = rsaKeyTransport (1 3 14 3 2 22) - -OID = 06 05 2B 0E 03 02 17 -Comment = Oddball OIW OID -Description = keyed-hash-seal (1 3 14 3 2 23) - -OID = 06 05 2B 0E 03 02 18 -Comment = Oddball OIW OID using 9796-2 padding rules -Description = md2WithRSASignature (1 3 14 3 2 24) - -OID = 06 05 2B 0E 03 02 19 -Comment = Oddball OIW OID using 9796-2 padding rules -Description = md5WithRSASignature (1 3 14 3 2 25) - -OID = 06 05 2B 0E 03 02 1A -Comment = OIW -Description = sha1 (1 3 14 3 2 26) - -# Yet another multiply-assigned OID -OID = 06 05 2B 0E 03 02 1B -Comment = OIW. This OID may also be assigned as ripemd-160 -Description = dsaWithSHA1 (1 3 14 3 2 27) - -OID = 06 05 2B 0E 03 02 1C -Comment = OIW -Description = dsaWithCommonSHA1 (1 3 14 3 2 28) - -OID = 06 05 2B 0E 03 02 1D -Comment = Oddball OIW OID -Description = sha-1WithRSAEncryption (1 3 14 3 2 29) - -OID = 06 05 2B 0E 03 03 01 -Comment = Oddball OIW OID -Description = simple-strong-auth-mechanism (1 3 14 3 3 1) - -OID = 06 06 2B 0E 07 02 01 01 -Comment = Unsure about this OID -Description = ElGamal (1 3 14 7 2 1 1) - -OID = 06 06 2B 0E 07 02 03 01 -Comment = Unsure about this OID -Description = md2WithRSA (1 3 14 7 2 3 1) - -OID = 06 06 2B 0E 07 02 03 02 -Comment = Unsure about this OID -Description = md2WithElGamal (1 3 14 7 2 3 2) - -# Teletrust - -OID = 06 03 2B 24 01 -Comment = Teletrust document -Description = document (1 3 36 1) - -OID = 06 04 2B 24 01 01 -Comment = Teletrust document -Description = finalVersion (1 3 36 1 1) - -OID = 06 04 2B 24 01 02 -Comment = Teletrust document -Description = draft (1 3 36 1 2) - -OID = 06 03 2B 24 02 -Comment = Teletrust sio -Description = sio (1 3 36 2) - -OID = 06 04 2B 24 02 01 -Comment = Teletrust sio -Description = certificate (1 3 36 2 1) - -OID = 06 04 2B 24 02 01 -Comment = Teletrust sio -Description = sedu (1 3 36 2 1) - -OID = 06 03 2B 24 03 -Comment = Teletrust algorithm -Description = algorithm (1 3 36 3) - -OID = 06 04 2B 24 03 01 -Comment = Teletrust algorithm -Description = encryptionAlgorithm (1 3 36 3 1) - -OID = 06 05 2B 24 03 01 01 -Comment = Teletrust encryption algorithm -Description = des (1 3 36 3 1 1) - -OID = 06 06 2B 24 03 01 01 01 -Comment = Teletrust encryption algorithm -Description = desECB_pad (1 3 36 3 1 1 1) - -OID = 06 07 2B 24 03 01 01 01 01 -Comment = Teletrust encryption algorithm -Description = desECB_ISOpad (1 3 36 3 1 1 1 1) - -OID = 06 07 2B 24 03 01 01 02 01 -Comment = Teletrust encryption algorithm -Description = desCBC_pad (1 3 36 3 1 1 2 1) - -OID = 06 08 2B 24 03 01 01 02 01 01 -Comment = Teletrust encryption algorithm -Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1) - -OID = 06 05 2B 24 03 01 03 -Comment = Teletrust encryption algorithm -Description = des_3 (1 3 36 3 1 3) - -OID = 06 07 2B 24 03 01 03 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3ECB_pad (1 3 36 3 1 3 1 1) - -OID = 06 08 2B 24 03 01 03 01 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1) - -OID = 06 07 2B 24 03 01 03 02 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3CBC_pad (1 3 36 3 1 3 2 1) - -OID = 06 08 2B 24 03 01 03 02 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1) - -OID = 06 05 2B 24 03 01 02 -Comment = Teletrust encryption algorithm -Description = idea (1 3 36 3 1 2) - -OID = 06 06 2B 24 03 01 02 01 -Comment = Teletrust encryption algorithm -Description = ideaECB (1 3 36 3 1 2 1) - -OID = 06 07 2B 24 03 01 02 01 01 -Comment = Teletrust encryption algorithm -Description = ideaECB_pad (1 3 36 3 1 2 1 1) - -OID = 06 08 2B 24 03 01 02 01 01 01 -Comment = Teletrust encryption algorithm -Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1) - -OID = 06 06 2B 24 03 01 02 02 -Comment = Teletrust encryption algorithm -Description = ideaCBC (1 3 36 3 1 2 2) - -OID = 06 07 2B 24 03 01 02 02 01 -Comment = Teletrust encryption algorithm -Description = ideaCBC_pad (1 3 36 3 1 2 2 1) - -OID = 06 08 2B 24 03 01 02 02 01 01 -Comment = Teletrust encryption algorithm -Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1) - -OID = 06 06 2B 24 03 01 02 03 -Comment = Teletrust encryption algorithm -Description = ideaOFB (1 3 36 3 1 2 3) - -OID = 06 06 2B 24 03 01 02 04 -Comment = Teletrust encryption algorithm -Description = ideaCFB (1 3 36 3 1 2 4) - -OID = 06 05 2B 24 03 01 04 -Comment = Teletrust encryption algorithm -Description = rsaEncryption (1 3 36 3 1 4) - -OID = 06 08 2B 24 03 01 04 84 00 11 -Comment = Teletrust encryption algorithm -Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17) - -OID = 06 05 2B 24 03 01 05 -Comment = Teletrust encryption algorithm -Description = bsi-1 (1 3 36 3 1 5) - -OID = 06 06 2B 24 03 01 05 01 -Comment = Teletrust encryption algorithm -Description = bsi_1ECB_pad (1 3 36 3 1 5 1) - -OID = 06 06 2B 24 03 01 05 02 -Comment = Teletrust encryption algorithm -Description = bsi_1CBC_pad (1 3 36 3 1 5 2) - -OID = 06 07 2B 24 03 01 05 02 01 -Comment = Teletrust encryption algorithm -Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1) - -OID = 06 04 2B 24 03 02 -Comment = Teletrust algorithm -Description = hashAlgorithm (1 3 36 3 2) - -OID = 06 05 2B 24 03 02 01 -Comment = Teletrust hash algorithm -Description = ripemd160 (1 3 36 3 2 1) - -OID = 06 05 2B 24 03 02 02 -Comment = Teletrust hash algorithm -Description = ripemd128 (1 3 36 3 2 2) - -OID = 06 05 2B 24 03 02 03 -Comment = Teletrust hash algorithm -Description = ripemd256 (1 3 36 3 2 3) - -OID = 06 05 2B 24 03 02 04 -Comment = Teletrust hash algorithm -Description = mdc2singleLength (1 3 36 3 2 4) - -OID = 06 05 2B 24 03 02 05 -Comment = Teletrust hash algorithm -Description = mdc2doubleLength (1 3 36 3 2 5) - -OID = 06 04 2B 24 03 03 -Comment = Teletrust algorithm -Description = signatureAlgorithm (1 3 36 3 3) - -OID = 06 05 2B 24 03 03 01 -Comment = Teletrust signature algorithm -Description = rsaSignature (1 3 36 3 3 1) - -OID = 06 06 2B 24 03 03 01 01 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1) - -# What *were* they thinking? -OID = 06 09 2B 24 03 03 01 01 84 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2) -OID = 06 09 2B 24 03 03 01 01 85 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2) -OID = 06 09 2B 24 03 03 01 01 86 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2) -OID = 06 09 2B 24 03 03 01 01 87 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2) -OID = 06 09 2B 24 03 03 01 01 88 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2) -OID = 06 09 2B 24 03 03 01 01 84 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3) -OID = 06 09 2B 24 03 03 01 01 85 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3) -OID = 06 09 2B 24 03 03 01 01 86 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3) -OID = 06 09 2B 24 03 03 01 01 87 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3) -OID = 06 09 2B 24 03 03 01 01 88 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3) -OID = 06 09 2B 24 03 03 01 01 84 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5) -OID = 06 09 2B 24 03 03 01 01 85 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5) -OID = 06 09 2B 24 03 03 01 01 86 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5) -OID = 06 09 2B 24 03 03 01 01 87 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5) -OID = 06 09 2B 24 03 03 01 01 88 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5) -OID = 06 09 2B 24 03 03 01 01 84 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9) -OID = 06 09 2B 24 03 03 01 01 85 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9) -OID = 06 09 2B 24 03 03 01 01 86 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9) -OID = 06 09 2B 24 03 03 01 01 87 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9) -OID = 06 09 2B 24 03 03 01 01 88 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9) -OID = 06 09 2B 24 03 03 01 01 84 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11) -OID = 06 09 2B 24 03 03 01 01 85 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11) -OID = 06 09 2B 24 03 03 01 01 86 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11) -OID = 06 09 2B 24 03 03 01 01 87 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11) -OID = 06 09 2B 24 03 03 01 01 88 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11) - -OID = 06 06 2B 24 03 03 01 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2) - -OID = 06 09 2B 24 03 03 01 02 84 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2) -OID = 06 09 2B 24 03 03 01 02 85 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2) -OID = 06 09 2B 24 03 03 01 02 86 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2) -OID = 06 09 2B 24 03 03 01 02 87 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2) -OID = 06 09 2B 24 03 03 01 02 88 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2) -OID = 06 09 2B 24 03 03 01 02 84 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3) -OID = 06 09 2B 24 03 03 01 02 85 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3) -OID = 06 09 2B 24 03 03 01 02 86 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3) -OID = 06 09 2B 24 03 03 01 02 87 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3) -OID = 06 09 2B 24 03 03 01 02 88 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3) -OID = 06 09 2B 24 03 03 01 02 84 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5) -OID = 06 09 2B 24 03 03 01 02 85 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5) -OID = 06 09 2B 24 03 03 01 02 86 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5) -OID = 06 09 2B 24 03 03 01 02 87 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5) -OID = 06 09 2B 24 03 03 01 02 88 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5) -OID = 06 09 2B 24 03 03 01 02 84 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9) -OID = 06 09 2B 24 03 03 01 02 85 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9) -OID = 06 09 2B 24 03 03 01 02 86 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9) -OID = 06 09 2B 24 03 03 01 02 87 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9) -OID = 06 09 2B 24 03 03 01 02 88 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9) -OID = 06 09 2B 24 03 03 01 02 84 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11) -OID = 06 09 2B 24 03 03 01 02 85 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11) -OID = 06 09 2B 24 03 03 01 02 86 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11) -OID = 06 09 2B 24 03 03 01 02 87 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11) -OID = 06 09 2B 24 03 03 01 02 88 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11) - -OID = 06 06 2B 24 03 03 01 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3) - -OID = 06 06 2B 24 03 03 01 04 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4) - -OID = 06 05 2B 24 03 03 02 -Comment = Teletrust signature algorithm -Description = ecsieSign (1 3 36 3 3 2) - -OID = 06 06 2B 24 03 03 02 01 -Comment = Teletrust signature algorithm -Description = ecsieSignWithsha1 (1 3 36 3 3 2 1) - -OID = 06 06 2B 24 03 03 02 02 -Comment = Teletrust signature algorithm -Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2) - -OID = 06 06 2B 24 03 03 02 03 -Comment = Teletrust signature algorithm -Description = ecsieSignWithmd2 (1 3 36 3 3 2 3) - -OID = 06 06 2B 24 03 03 02 04 -Comment = Teletrust signature algorithm -Description = ecsieSignWithmd5 (1 3 36 3 3 2 4) - -OID = 06 04 2B 24 03 04 -Comment = Teletrust algorithm -Description = signatureScheme (1 3 36 3 4) - -OID = 06 05 2B 24 03 04 01 -Comment = Teletrust signature scheme -Description = sigS_ISO9796-1 (1 3 36 3 4 1) - -OID = 06 05 2B 24 03 04 02 -Comment = Teletrust signature scheme -Description = sigS_ISO9796-2 (1 3 36 3 4 2) - -OID = 06 05 2B 24 03 04 02 01 -Comment = Teletrust signature scheme. Unsure what this is supposed to be -Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1) - -OID = 06 06 2B 24 03 04 02 02 -Comment = Teletrust signature scheme. Unsure what this is supposed to be -Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2) - -OID = 06 06 2B 24 03 04 02 03 -Comment = Teletrust signature scheme. 9796-2 with random number in padding field -Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3) - -OID = 06 03 2B 24 04 -Comment = Teletrust attribute -Description = attribute (1 3 36 4) - -OID = 06 03 2B 24 05 -Comment = Teletrust policy -Description = policy (1 3 36 5) - -OID = 06 03 2B 24 06 -Comment = Teletrust API -Description = api (1 3 36 6) - -OID = 06 04 2B 24 06 01 -Comment = Teletrust API -Description = manufacturer-specific_api (1 3 36 6 1) - -OID = 06 05 2B 24 06 01 01 -Comment = Teletrust API -Description = utimaco-api (1 3 36 6 1 1) - -OID = 06 04 2B 24 06 02 -Comment = Teletrust API -Description = functionality-specific_api (1 3 36 6 2) - -OID = 06 03 2B 24 07 -Comment = Teletrust key management -Description = keymgmnt (1 3 36 7) - -OID = 06 04 2B 24 07 01 -Comment = Teletrust key management -Description = keyagree (1 3 36 7 1) - -OID = 06 05 2B 24 07 01 01 -Comment = Teletrust key management -Description = bsiPKE (1 3 36 7 1 1) - -OID = 06 04 2B 24 07 02 -Comment = Teletrust key management -Description = keytrans (1 3 36 7 2) - -OID = 06 04 2B 24 07 02 01 -Comment = Teletrust key management. 9796-2 with key stored in hash field -Description = encISO9796-2Withrsa (1 3 36 7 2 1) - -# Thawte - -OID = 06 04 2B 65 01 04 -Comment = Thawte -Description = thawte-ce (1 3 101 1 4) - -OID = 06 05 2B 65 01 04 01 -Comment = Thawte certificate extension -Description = strongExtranet (1 3 101 1 4 1) - -# X.520 - -OID = 06 03 55 04 00 -Comment = X.520 id-at (2 5 4) -Description = objectClass (2 5 4 0) - -OID = 06 03 55 04 01 -Comment = X.520 id-at (2 5 4) -Description = aliasedEntryName (2 5 4 1) - -OID = 06 03 55 04 02 -Comment = X.520 id-at (2 5 4) -Description = knowledgeInformation (2 5 4 2) - -OID = 06 03 55 04 03 -Comment = X.520 id-at (2 5 4) -Description = commonName (2 5 4 3) - -OID = 06 03 55 04 04 -Comment = X.520 id-at (2 5 4) -Description = surname (2 5 4 4) - -OID = 06 03 55 04 05 -Comment = X.520 id-at (2 5 4) -Description = serialNumber (2 5 4 5) - -OID = 06 03 55 04 06 -Comment = X.520 id-at (2 5 4) -Description = countryName (2 5 4 6) - -OID = 06 03 55 04 07 -Comment = X.520 id-at (2 5 4) -Description = localityName (2 5 4 7) - -OID = 06 04 55 04 07 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveLocalityName (2 5 4 7 1) - -OID = 06 03 55 04 08 -Comment = X.520 id-at (2 5 4) -Description = stateOrProvinceName (2 5 4 8) - -OID = 06 04 55 04 08 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveStateOrProvinceName (2 5 4 8 1) - -OID = 06 03 55 04 09 -Comment = X.520 id-at (2 5 4) -Description = streetAddress (2 5 4 9) - -OID = 06 04 55 04 09 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveStreetAddress (2 5 4 9 1) - -OID = 06 03 55 04 0A -Comment = X.520 id-at (2 5 4) -Description = organizationName (2 5 4 10) - -OID = 06 04 55 04 0A 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveOrganizationName (2 5 4 10 1) - -OID = 06 03 55 04 0B -Comment = X.520 id-at (2 5 4) -Description = organizationalUnitName (2 5 4 11) - -OID = 06 04 55 04 0B 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveOrganizationalUnitName (2 5 4 11 1) - -OID = 06 03 55 04 0C -Comment = X.520 id-at (2 5 4) -Description = title (2 5 4 12) - -OID = 06 03 55 04 0D -Comment = X.520 id-at (2 5 4) -Description = description (2 5 4 13) - -OID = 06 03 55 04 0E -Comment = X.520 id-at (2 5 4) -Description = searchGuide (2 5 4 14) - -OID = 06 03 55 04 0F -Comment = X.520 id-at (2 5 4) -Description = businessCategory (2 5 4 15) - -OID = 06 03 55 04 10 -Comment = X.520 id-at (2 5 4) -Description = postalAddress (2 5 4 16) - -OID = 06 04 55 04 10 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostalAddress (2 5 4 16 1) - -OID = 06 03 55 04 11 -Comment = X.520 id-at (2 5 4) -Description = postalCode (2 5 4 17) - -OID = 06 04 55 04 11 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostalCode (2 5 4 17 1) - -OID = 06 03 55 04 12 -Comment = X.520 id-at (2 5 4) -Description = postOfficeBox (2 5 4 18) - -OID = 06 04 55 04 12 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostOfficeBox (2 5 4 18 1) - -OID = 06 03 55 04 13 -Comment = X.520 id-at (2 5 4) -Description = physicalDeliveryOfficeName (2 5 4 19) - -OID = 06 04 55 04 13 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1) - -OID = 06 03 55 04 14 -Comment = X.520 id-at (2 5 4) -Description = telephoneNumber (2 5 4 20) - -OID = 06 04 55 04 14 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTelephoneNumber (2 5 4 20 1) - -OID = 06 03 55 04 15 -Comment = X.520 id-at (2 5 4) -Description = telexNumber (2 5 4 21) - -OID = 06 04 55 04 15 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTelexNumber (2 5 4 21 1) - -OID = 06 03 55 04 16 -Comment = X.520 id-at (2 5 4) -Description = teletexTerminalIdentifier (2 5 4 22) - -OID = 06 04 55 04 16 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1) - -OID = 06 03 55 04 17 -Comment = X.520 id-at (2 5 4) -Description = facsimileTelephoneNumber (2 5 4 23) - -OID = 06 04 55 04 17 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1) - -OID = 06 03 55 04 18 -Comment = X.520 id-at (2 5 4) -Description = x121Address (2 5 4 24) - -OID = 06 03 55 04 19 -Comment = X.520 id-at (2 5 4) -Description = internationalISDNNumber (2 5 4 25) - -OID = 06 04 55 04 19 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveInternationalISDNNumber (2 5 4 25 1) - -OID = 06 03 55 04 1A -Comment = X.520 id-at (2 5 4) -Description = registeredAddress (2 5 4 26) - -OID = 06 03 55 04 1B -Comment = X.520 id-at (2 5 4) -Description = destinationIndicator (2 5 4 27) - -OID = 06 03 55 04 1C -Comment = X.520 id-at (2 5 4) -Description = preferredDeliveryMehtod (2 5 4 28) - -OID = 06 03 55 04 1D -Comment = X.520 id-at (2 5 4) -Description = presentationAddress (2 5 4 29) - -OID = 06 03 55 04 1E -Comment = X.520 id-at (2 5 4) -Description = supportedApplicationContext (2 5 4 30) - -OID = 06 03 55 04 1F -Comment = X.520 id-at (2 5 4) -Description = member (2 5 4 31) - -OID = 06 03 55 04 20 -Comment = X.520 id-at (2 5 4) -Description = owner (2 5 4 32) - -OID = 06 03 55 04 21 -Comment = X.520 id-at (2 5 4) -Description = roleOccupant (2 5 4 33) - -OID = 06 03 55 04 22 -Comment = X.520 id-at (2 5 4) -Description = seeAlso (2 5 4 34) - -OID = 06 03 55 04 23 -Comment = X.520 id-at (2 5 4) -Description = userPassword (2 5 4 35) - -OID = 06 03 55 04 24 -Comment = X.520 id-at (2 5 4) -Description = userCertificate (2 5 4 36) - -OID = 06 03 55 04 25 -Comment = X.520 id-at (2 5 4) -Description = caCertificate (2 5 4 37) - -OID = 06 03 55 04 26 -Comment = X.520 id-at (2 5 4) -Description = authorityRevocationList (2 5 4 38) - -OID = 06 03 55 04 27 -Comment = X.520 id-at (2 5 4) -Description = certificateRevocationList (2 5 4 39) - -OID = 06 03 55 04 28 -Comment = X.520 id-at (2 5 4) -Description = crossCertificatePair (2 5 4 40) - -OID = 06 03 55 04 29 -Comment = X.520 id-at (2 5 4) -Description = name (2 5 4 41) - -OID = 06 03 55 04 2A -Comment = X.520 id-at (2 5 4) -Description = givenName (2 5 4 42) - -OID = 06 03 55 04 2B -Comment = X.520 id-at (2 5 4) -Description = initials (2 5 4 43) - -OID = 06 03 55 04 2C -Comment = X.520 id-at (2 5 4) -Description = generationQualifier (2 5 4 44) - -OID = 06 03 55 04 2D -Comment = X.520 id-at (2 5 4) -Description = uniqueIdentifier (2 5 4 45) - -OID = 06 03 55 04 2E -Comment = X.520 id-at (2 5 4) -Description = dnQualifier (2 5 4 46) - -OID = 06 03 55 04 2F -Comment = X.520 id-at (2 5 4) -Description = enhancedSearchGuide (2 5 4 47) - -OID = 06 03 55 04 30 -Comment = X.520 id-at (2 5 4) -Description = protocolInformation (2 5 4 48) - -OID = 06 03 55 04 31 -Comment = X.520 id-at (2 5 4) -Description = distinguishedName (2 5 4 49) - -OID = 06 03 55 04 32 -Comment = X.520 id-at (2 5 4) -Description = uniqueMember (2 5 4 50) - -OID = 06 03 55 04 33 -Comment = X.520 id-at (2 5 4) -Description = houseIdentifier (2 5 4 51) - -OID = 06 03 55 04 34 -Comment = X.520 id-at (2 5 4) -Description = supportedAlgorithms (2 5 4 52) - -OID = 06 03 55 04 35 -Comment = X.520 id-at (2 5 4) -Description = deltaRevocationList (2 5 4 53) - -OID = 06 03 55 04 3A -Comment = X.520 id-at (2 5 4) -Description = crossCertificatePair (2 5 4 58) - -# X500 algorithms - -OID = 06 02 55 08 -Description = X.500-Algorithms (2 5 8) - -OID = 06 03 55 08 01 -Description = X.500-Alg-Encryption (2 5 8 1) - -OID = 06 04 55 08 01 01 -Comment = X.500 algorithms. Ambiguous, since no padding rules specified -Description = rsa (2 5 8 1 1) -Warning - -# X.509. Some of the smaller values are from early X.509 drafts with -# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are -# marked if these are known. In some cases there are multiple generations of -# superseded OIDs - -OID = 06 03 55 1D 01 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead -Description = authorityKeyIdentifier (2 5 29 1) -Warning - -OID = 06 03 55 1D 02 -Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead -Description = keyAttributes (2 5 29 2) -Warning - -OID = 06 03 55 1D 03 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead -Description = certificatePolicies (2 5 29 3) -Warning - -OID = 06 03 55 1D 04 -Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead -Description = keyUsageRestriction (2 5 29 4) -Warning - -OID = 06 03 55 1D 05 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead -Description = policyMapping (2 5 29 5) -Warning - -OID = 06 03 55 1D 06 -Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead -Description = subtreesConstraint (2 5 29 6) -Warning - -OID = 06 03 55 1D 07 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead -Description = subjectAltName (2 5 29 7) -Warning - -OID = 06 03 55 1D 08 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead -Description = issuerAltName (2 5 29 8) -Warning - -OID = 06 03 55 1D 09 -Comment = X.509 id-ce (2 5 29) -Description = subjectDirectoryAttributes (2 5 29 9) - -OID = 06 03 55 1D 0A -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead -Description = basicConstraints (2 5 29 10) -Warning - -OID = 06 03 55 1D 0B -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead -Description = nameConstraints (2 5 29 11) -Warning - -OID = 06 03 55 1D 0C -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead -Description = policyConstraints (2 5 29 12) -Warning - -OID = 06 03 55 1D 0D -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead -Description = basicConstraints (2 5 29 13) -Warning - -OID = 06 03 55 1D 0E -Comment = X.509 id-ce (2 5 29) -Description = subjectKeyIdentifier (2 5 29 14) - -OID = 06 03 55 1D 0F -Comment = X.509 id-ce (2 5 29) -Description = keyUsage (2 5 29 15) - -OID = 06 03 55 1D 10 -Comment = X.509 id-ce (2 5 29) -Description = privateKeyUsagePeriod (2 5 29 16) - -OID = 06 03 55 1D 11 -Comment = X.509 id-ce (2 5 29) -Description = subjectAltName (2 5 29 17) - -OID = 06 03 55 1D 12 -Comment = X.509 id-ce (2 5 29) -Description = issuerAltName (2 5 29 18) - -OID = 06 03 55 1D 13 -Comment = X.509 id-ce (2 5 29) -Description = basicConstraints (2 5 29 19) - -OID = 06 03 55 1D 14 -Comment = X.509 id-ce (2 5 29) -Description = cRLNumber (2 5 29 20) - -OID = 06 03 55 1D 15 -Comment = X.509 id-ce (2 5 29) -Description = cRLReason (2 5 29 21) - -OID = 06 03 55 1D 16 -Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain -Description = expirationDate (2 5 29 22) -Warning - -OID = 06 03 55 1D 17 -Comment = X.509 id-ce (2 5 29) -Description = instructionCode (2 5 29 23) - -OID = 06 03 55 1D 18 -Comment = X.509 id-ce (2 5 29) -Description = invalidityDate (2 5 29 24) - -OID = 06 03 55 1D 19 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead -Description = cRLDistributionPoints (2 5 29 25) deprecated -Warning - -OID = 06 03 55 1D 1A -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead -Description = issuingDistributionPoint (2 5 29 26) -Warning - -OID = 06 03 55 1D 1B -Comment = X.509 id-ce (2 5 29) -Description = deltaCRLIndicator (2 5 29 27) - -OID = 06 03 55 1D 1C -Comment = X.509 id-ce (2 5 29) -Description = issuingDistributionPoint (2 5 29 28) - -OID = 06 03 55 1D 1D -Comment = X.509 id-ce (2 5 29) -Description = certificateIssuer (2 5 29 29) - -OID = 06 03 55 1D 1E -Comment = X.509 id-ce (2 5 29) -Description = nameConstraints (2 5 29 30) - -OID = 06 03 55 1D 1F -Comment = X.509 id-ce (2 5 29) -Description = cRLDistributionPoints (2 5 29 31) - -OID = 06 03 55 1D 20 -Comment = X.509 id-ce (2 5 29) -Description = certificatePolicies (2 5 29 32) - -OID = 06 03 55 1D 21 -Comment = X.509 id-ce (2 5 29) -Description = policyMappings (2 5 29 33) - -OID = 06 03 55 1D 22 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead -Description = policyConstraints (2 5 29 34) -Warning - -OID = 06 03 55 1D 23 -Comment = X.509 id-ce (2 5 29) -Description = authorityKeyIdentifier (2 5 29 35) - -OID = 06 03 55 1D 24 -Comment = X.509 id-ce (2 5 29) -Description = policyConstraints (2 5 29 36) - -OID = 06 03 55 1D 25 -Comment = X.509 id-ce (2 5 29) -Description = extKeyUsage (2 5 29 37) - -# DMS-SDN-702 - -OID = 06 09 60 86 48 01 65 02 01 01 01 -Comment = DMS-SDN-702 -Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1) - -OID = 06 09 60 86 48 01 65 02 01 01 02 -Comment = DMS-SDN-702. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1. -Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2) - -OID = 06 09 60 86 48 01 65 02 01 01 03 -Comment = DMS-SDN-702 -Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3) - -OID = 06 09 60 86 48 01 65 02 01 01 04 -Comment = DMS-SDN-702. Formerly known as mosaicConfidentialityAlgorithm -Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4) - -OID = 06 09 60 86 48 01 65 02 01 01 05 -Comment = DMS-SDN-702 -Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5) - -OID = 06 09 60 86 48 01 65 02 01 01 06 -Comment = DMS-SDN-702. Formerly known as mosaicIntegrityAlgorithm -Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6) - -OID = 06 09 60 86 48 01 65 02 01 01 07 -Comment = DMS-SDN-702 -Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7) - -OID = 06 09 60 86 48 01 65 02 01 01 08 -Comment = DMS-SDN-702. Formerly know as mosaicTokenProtectionAlgorithm -Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8) - -OID = 06 09 60 86 48 01 65 02 01 01 09 -Comment = DMS-SDN-702 -Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9) - -OID = 06 09 60 86 48 01 65 02 01 01 0A -Comment = DMS-SDN-702. Formerly known as mosaicKeyManagementAlgorithm -Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10) - -OID = 06 09 60 86 48 01 65 02 01 01 0B -Comment = DMS-SDN-702 -Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11) - -OID = 06 09 60 86 48 01 65 02 01 01 0C -Comment = DMS-SDN-702. Formerly known as mosaicKMandSigAlgorithm -Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12) - -OID = 06 09 60 86 48 01 65 02 01 01 0D -Comment = DMS-SDN-702 -Description = SuiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13) - -OID = 06 09 60 86 48 01 65 02 01 01 0E -Comment = DMS-SDN-702 -Description = SuiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14) - -OID = 06 09 60 86 48 01 65 02 01 01 0F -Comment = DMS-SDN-702 -Description = SuiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15) - -OID = 06 09 60 86 48 01 65 02 01 01 10 -Comment = DMS-SDN-702 -Description = SuiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16) - -OID = 06 09 60 86 48 01 65 02 01 01 11 -Comment = DMS-SDN-702 -Description = SuiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17) - -OID = 06 09 60 86 48 01 65 02 01 01 12 -Comment = DMS-SDN-702 -Description = SuiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18) - -OID = 06 09 60 86 48 01 65 02 01 01 13 -Comment = DMS-SDN-702. Formerly known as mosaicUpdatedSigAlgorithm -Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19) - -OID = 06 09 60 86 48 01 65 02 01 01 14 -Comment = DMS-SDN-702. Formerly known as mosaicKMandUpdSigAlgorithms -Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20) - -OID = 06 09 60 86 48 01 65 02 01 01 15 -Comment = DMS-SDN-702. Formerly known as mosaicUpdatedIntegAlgorithm -Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21) - -OID = 06 09 60 86 48 01 65 02 01 01 16 -Comment = DMS-SDN-702. Formerly known as mosaicKeyEncryptionAlgorithm -Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22) - -# CSOR (GAK-FIPS) - -OID = 06 07 60 86 48 01 65 03 01 -Comment = CSOR GAK -Description = slabel (2 16 840 1 101 3 1) -Warning - -OID = 06 07 60 86 48 01 65 03 02 -Comment = CSOR GAK -Description = pki (2 16 840 1 101 3 2) -Warning - -OID = 06 08 60 86 48 01 65 03 02 01 -Comment = CSOR GAK policy -Description = GAK policyIdentifier (2 16 840 1 101 3 2 1) -Warning - -OID = 06 08 60 86 48 01 65 03 02 02 -Comment = CSOR GAK extended key usage -Description = GAK (2 16 840 1 101 3 2 2) -Warning - -OID = 06 09 60 86 48 01 65 03 02 02 01 -Comment = CSOR GAK extended key usage -Description = kRAKey (2 16 840 1 101 3 2 2 1) -Warning - -OID = 06 08 60 86 48 01 65 03 02 03 -Comment = CSOR GAK extensions -Description = extensions (2 16 840 1 101 3 2 3) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 01 -Comment = CSOR GAK extensions -Description = kRTechnique (2 16 840 1 101 3 2 3 1) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 02 -Comment = CSOR GAK extensions -Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 03 -Comment = CSOR GAK extensions -Description = kR (2 16 840 1 101 3 2 3 3) -Warning - -OID = 06 08 60 86 48 01 65 03 02 04 -Comment = CSOR GAK -Description = keyrecoveryschemes (2 16 840 1 101 3 2 4) -Warning - -OID = 06 08 60 86 48 01 65 03 02 05 -Comment = CSOR GAK -Description = krapola (2 16 840 1 101 3 2 5) -Warning - -OID = 06 07 60 86 48 01 65 03 03 -Comment = CSOR GAK -Description = arpa (2 16 840 1 101 3 3) -Warning - -# Novell - -OID = 06 09 60 86 48 01 86 F8 37 01 09 -Comment = Novell -Description = pki (2 16 840 1 113719 1 9) - -OID = 06 0A 60 86 48 01 86 F8 37 01 09 04 -Comment = Novell PKI -Description = pkiAttributeType (2 16 840 1 113719 1 9 4) - -OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01 -Comment = Novell PKI attribute type -Description = registeredAttributes (2 16 840 1 113719 1 9 4 1) - -OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02 -Comment = Novell PKI attribute type -Description = relianceLimit (2 16 840 1 113719 1 9 4 2) - -# Netscape - -OID = 06 08 60 86 48 01 86 F8 42 01 -Comment = Netscape -Description = cert-extension (2 16 840 1 113730 1) - -OID = 06 09 60 86 48 01 86 F8 42 01 01 -Comment = Netscape certificate extension -Description = netscape-cert-type (2 16 840 1 113730 1 1) - -OID = 06 09 60 86 48 01 86 F8 42 01 02 -Comment = Netscape certificate extension -Description = netscape-base-url (2 16 840 1 113730 1 2) - -OID = 06 09 60 86 48 01 86 F8 42 01 03 -Comment = Netscape certificate extension -Description = netscape-revocation-url (2 16 840 1 113730 1 3) - -OID = 06 09 60 86 48 01 86 F8 42 01 04 -Comment = Netscape certificate extension -Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4) - -OID = 06 09 60 86 48 01 86 F8 42 02 05 -Comment = Netscape certificate extension -Description = netscape-cert-sequence (2 16 840 1 113730 2 5) - -OID = 06 09 60 86 48 01 86 F8 42 02 06 -Comment = Netscape certificate extension -Description = netscape-cert-url (2 16 840 1 113730 2 6) - -OID = 06 09 60 86 48 01 86 F8 42 01 07 -Comment = Netscape certificate extension -Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7) - -OID = 06 09 60 86 48 01 86 F8 42 01 08 -Comment = Netscape certificate extension -Description = netscape-ca-policy-url (2 16 840 1 113730 1 8) - -OID = 06 09 60 86 48 01 86 F8 42 01 09 -Comment = Netscape certificate extension -Description = HomePage-url (2 16 840 1 113730 1 9) - -OID = 06 09 60 86 48 01 86 F8 42 01 0A -Comment = Netscape certificate extension -Description = EntityLogo (2 16 840 1 113730 1 10) - -OID = 06 09 60 86 48 01 86 F8 42 01 0B -Comment = Netscape certificate extension -Description = UserPicture (2 16 840 1 113730 1 11) - -OID = 06 09 60 86 48 01 86 F8 42 01 0C -Comment = Netscape certificate extension -Description = netscape-ssl-server-name (2 16 840 1 113730 1 12) - -OID = 06 09 60 86 48 01 86 F8 42 01 0D -Comment = Netscape certificate extension -Description = netscape-comment (2 16 840 1 113730 1 13) - -OID = 06 08 60 86 48 01 86 F8 42 02 -Comment = Netscape -Description = data-type (2 16 840 1 113730 2) - -OID = 06 09 60 86 48 01 86 F8 42 02 01 -Comment = Netscape data type -Description = GIF (2 16 840 1 113730 2 1) - -OID = 06 09 60 86 48 01 86 F8 42 02 02 -Comment = Netscape data type -Description = JPEG (2 16 840 1 113730 2 2) - -OID = 06 09 60 86 48 01 86 F8 42 02 03 -Comment = Netscape data type -Description = URL (2 16 840 1 113730 2 3) - -OID = 06 09 60 86 48 01 86 F8 42 02 04 -Comment = Netscape data type -Description = HTML (2 16 840 1 113730 2 4) - -OID = 06 09 60 86 48 01 86 F8 42 02 05 -Comment = Netscape data type -Description = CertSeq (2 16 840 1 113730 2 5) - -OID = 06 08 60 86 48 01 86 F8 42 03 -Comment = Netscape -Description = directory (2 16 840 1 113730 3) - -OID = 06 09 60 86 48 01 86 F8 42 03 01 -Comment = Netscape directory -Description = ldapDefinitions (2 16 840 1 113730 3 1) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 01 -Comment = Netscape LDAP definitions -Description = carLicense (2 16 840 1 113730 3 1 1) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 02 -Comment = Netscape LDAP definitions -Description = departmentNumber (2 16 840 1 113730 3 1 2) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 03 -Comment = Netscape LDAP definitions -Description = employeeNumber (2 16 840 1 113730 3 1 3) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 04 -Comment = Netscape LDAP definitions -Description = employeeType (2 16 840 1 113730 3 1 4) - -OID = 06 0A 60 86 48 01 86 F8 42 03 02 02 -Comment = Netscape LDAP definitions -Description = inetOrgPerson (2 16 840 1 113730 3 2 2) - -OID = 06 09 60 86 48 01 86 F8 42 04 01 -Comment = Netscape -Description = serverGatedCrypto (2 16 840 1 113730 4 1) - -# Verisign - -OID = 06 0A 60 86 48 01 86 F8 45 01 06 03 -Comment = Verisign -Description = Unknown Verisign extension (2 16 840 1 113733 1 6 3) - -OID = 06 0A 60 86 48 01 86 F8 45 01 06 06 -Comment = Verisign -Description = Unknown Verisign extension (2 16 840 1 113733 1 6 6) - -OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01 -Comment = Verisign -Description = Verisign certificatePolicy (2 16 840 1 113733 1 7 1 1) - -OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01 -Comment = Verisign -Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 1) - -OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02 -Comment = Verisign -Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 2) - -OID = 06 0A 60 86 48 01 86 F8 45 01 08 01 -Comment = Verisign -Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1) - -# SET - -OID = 06 03 67 2A 00 -Comment = SET -Description = contentType (2 23 42 0) - -OID = 06 04 67 2A 00 00 -Comment = SET contentType -Description = PANData (2 23 42 0 0) - -OID = 06 04 67 2A 00 01 -Comment = SET contentType -Description = PANToken (2 23 42 0 1) - -OID = 06 04 67 2A 00 02 -Comment = SET contentType -Description = PANOnly (2 23 42 0 2) - -# And on and on and on for another 80-odd OIDs which I'm not going to type in - -OID = 06 03 67 2A 01 -Comment = SET -Description = msgExt (2 23 42 1) - -OID = 06 03 67 2A 02 -Comment = SET -Description = field (2 23 42 2) - -OID = 06 04 67 2A 02 00 -Comment = SET field -Description = fullName (2 23 42 2 0) - -OID = 06 04 67 2A 02 01 -Comment = SET field -Description = givenName (2 23 42 2 1) - -OID = 06 04 67 2A 02 02 -Comment = SET field -Description = familyName (2 23 42 2 2) - -OID = 06 04 67 2A 02 03 -Comment = SET field -Description = birthFamilyName (2 23 42 2 3) - -OID = 06 04 67 2A 02 04 -Comment = SET field -Description = placeName (2 23 42 2 4) - -OID = 06 04 67 2A 02 05 -Comment = SET field -Description = identificationNumber (2 23 42 2 5) - -OID = 06 04 67 2A 02 06 -Comment = SET field -Description = month (2 23 42 2 6) - -OID = 06 04 67 2A 02 07 -Comment = SET field -Description = date (2 23 42 2 7) - -OID = 06 04 67 2A 02 08 -Comment = SET field -Description = address (2 23 42 2 8) - -OID = 06 04 67 2A 02 09 -Comment = SET field -Description = telephone (2 23 42 2 9) - -OID = 06 04 67 2A 02 0A -Comment = SET field -Description = amount (2 23 42 2 10) - -OID = 06 04 67 2A 02 0B -Comment = SET field -Description = accountNumber (2 23 42 2 7 11) - -OID = 06 04 67 2A 02 0C -Comment = SET field -Description = passPhrase (2 23 42 2 7 12) - -OID = 06 03 67 2A 03 -Comment = SET -Description = attribute (2 23 42 3) - -OID = 06 04 67 2A 03 00 -Comment = SET attribute -Description = cert (2 23 42 3 0) - -OID = 06 05 67 2A 03 00 00 -Comment = SET cert attribute -Description = rootKeyThumb (2 23 42 3 0 0) - -OID = 06 05 67 2A 03 00 01 -Comment = SET cert attribute -Description = additionalPolicy (2 23 42 3 0 1) - -OID = 06 03 67 2A 04 -Comment = SET -Description = algorithm (2 23 42 4) - -OID = 06 03 67 2A 05 -Comment = SET -Description = policy (2 23 42 5) - -OID = 06 04 67 2A 05 00 -Comment = SET policy -Description = root (2 23 42 5 0) - -OID = 06 03 67 2A 06 -Comment = SET -Description = module (2 23 42 6) - -OID = 06 03 67 2A 07 -Comment = SET -Description = certExt (2 23 42 7) - -OID = 06 04 67 2A 07 00 -Comment = SET cert extension -Description = hashedRootKey (2 23 42 7 0) - -OID = 06 04 67 2A 07 01 -Comment = SET cert extension -Description = certificateType (2 23 42 7 1) - -OID = 06 04 67 2A 07 02 -Comment = SET cert extension -Description = merchantData (2 23 42 7 2) - -OID = 06 04 67 2A 07 03 -Comment = SET cert extension -Description = cardCertRequired (2 23 42 7 3) - -OID = 06 04 67 2A 07 04 -Comment = SET cert extension -Description = tunneling (2 23 42 7 4) - -OID = 06 04 67 2A 07 05 -Comment = SET cert extension -Description = setExtensions (2 23 42 7 5) - -OID = 06 04 67 2A 07 06 -Comment = SET cert extension -Description = setQualifier (2 23 42 7 6) - -OID = 06 03 67 2A 08 -Comment = SET -Description = brand (2 23 42 8) - -OID = 06 04 67 2A 08 01 -Comment = SET brand -Description = IATA-ATA (2 23 42 8 1) - -OID = 06 04 67 2A 08 04 -Comment = SET brand -Description = VISA (2 23 42 8 4) - -OID = 06 04 67 2A 08 05 -Comment = SET brand -Description = MasterCard (2 23 42 8 5) - -OID = 06 04 67 2A 08 1E -Comment = SET brand -Description = Diners (2 23 42 8 30) - -OID = 06 04 67 2A 08 22 -Comment = SET brand -Description = AmericanExpress (2 23 42 8 34) - -OID = 06 05 67 2A 08 AE 7B -Comment = SET brand -Description = Novus (2 23 42 8 6011) - -OID = 06 03 67 2A 09 -Comment = SET -Description = vendor (2 23 42 9) - -OID = 06 04 67 2A 09 00 -Comment = SET vendor -Description = GlobeSet (2 23 42 9 0) - -OID = 06 04 67 2A 09 01 -Comment = SET vendor -Description = IBM (2 23 42 9 1) - -OID = 06 04 67 2A 09 02 -Comment = SET vendor -Description = CyberCash (2 23 42 9 2) - -OID = 06 04 67 2A 09 03 -Comment = SET vendor -Description = Terisa (2 23 42 9 3) - -OID = 06 04 67 2A 09 04 -Comment = SET vendor -Description = RSADSI (2 23 42 9 4) - -OID = 06 04 67 2A 09 05 -Comment = SET vendor -Description = VeriFone (2 23 42 9 5) - -OID = 06 04 67 2A 09 06 -Comment = SET vendor -Description = TrinTech (2 23 42 9 6) - -OID = 06 04 67 2A 09 07 -Comment = SET vendor -Description = BankGate (2 23 42 9 7) - -OID = 06 04 67 2A 09 08 -Comment = SET vendor -Description = GTE (2 23 42 9 8) - -OID = 06 04 67 2A 09 09 -Comment = SET vendor -Description = CompuSource (2 23 42 9 9) - -OID = 06 04 67 2A 09 0A -Comment = SET vendor -Description = Griffin (2 23 42 9 10) - -OID = 06 04 67 2A 09 0B -Comment = SET vendor -Description = Certicom (2 23 42 9 11) - -OID = 06 04 67 2A 09 0C -Comment = SET vendor -Description = OSS (2 23 42 9 12) - -OID = 06 04 67 2A 09 0D -Comment = SET vendor -Description = TenthMountain (2 23 42 9 13) - -OID = 06 04 67 2A 09 0E -Comment = SET vendor -Description = Antares (2 23 42 9 14) - -OID = 06 04 67 2A 09 0F -Comment = SET vendor -Description = ECC (2 23 42 9 15) - -OID = 06 04 67 2A 09 10 -Comment = SET vendor -Description = Maithean (2 23 42 9 16) - -OID = 06 04 67 2A 09 11 -Comment = SET vendor -Description = Netscape (2 23 42 9 17) - -OID = 06 04 67 2A 09 12 -Comment = SET vendor -Description = Verisign (2 23 42 9 18) - -OID = 06 04 67 2A 09 13 -Comment = SET vendor -Description = BlueMoney (2 23 42 9 19) - -OID = 06 04 67 2A 09 14 -Comment = SET vendor -Description = Lacerte (2 23 42 9 20) - -OID = 06 04 67 2A 09 15 -Comment = SET vendor -Description = Fujitsu (2 23 42 9 21) - -OID = 06 04 67 2A 09 16 -Comment = SET vendor -Description = eLab (2 23 42 9 22) - -OID = 06 04 67 2A 09 17 -Comment = SET vendor -Description = Entrust (2 23 42 9 23) - -OID = 06 04 67 2A 09 18 -Comment = SET vendor -Description = VIAnet (2 23 42 9 24) - -OID = 06 04 67 2A 09 19 -Comment = SET vendor -Description = III (2 23 42 9 25) - -OID = 06 04 67 2A 09 1A -Comment = SET vendor -Description = OpenMarket (2 23 42 9 26) - -OID = 06 04 67 2A 09 1B -Comment = SET vendor -Description = Lexem (2 23 42 9 27) - -OID = 06 04 67 2A 09 1C -Comment = SET vendor -Description = Intertrader (2 23 42 9 28) - -OID = 06 04 67 2A 09 1D -Comment = SET vendor -Description = Persimmon (2 23 42 9 29) - -OID = 06 04 67 2A 09 1E -Comment = SET vendor -Description = NABLE (2 23 42 9 30) - -OID = 06 04 67 2A 09 1F -Comment = SET vendor -Description = espace-net (2 23 42 9 31) - -OID = 06 04 67 2A 09 20 -Comment = SET vendor -Description = Hitachi (2 23 42 9 32) - -OID = 06 04 67 2A 09 21 -Comment = SET vendor -Description = Microsoft (2 23 42 9 33) - -OID = 06 04 67 2A 09 22 -Comment = SET vendor -Description = NEC (2 23 42 9 34) - -OID = 06 04 67 2A 09 23 -Comment = SET vendor -Description = Mitsubishi (2 23 42 9 35) - -OID = 06 04 67 2A 09 24 -Comment = SET vendor -Description = NCR (2 23 42 9 36) - -OID = 06 04 67 2A 09 25 -Comment = SET vendor -Description = e-COMM (2 23 42 9 37) - -OID = 06 04 67 2A 09 26 -Comment = SET vendor -Description = Gemplus (2 23 42 9 38) - -OID = 06 03 67 2A 0A -Comment = SET -Description = national (2 23 42 10) - -OID = 06 05 67 2A 0A 81 40 -Comment = SET national -Description = Japan (2 23 42 10 192) - -# Draft SET. These were invented for testing in pre-1.0 drafts, but have -# been used nonetheless by implementors - -OID = 06 04 86 8D 6F 02 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = hashedRootKey (2 54 1775 2) -Warning - -OID = 06 04 86 8D 6F 03 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = certificateType (2 54 1775 3) -Warning - -OID = 06 04 86 8D 6F 04 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = merchantData (2 54 1775 4) -Warning - -OID = 06 04 86 8D 6F 05 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = cardCertRequired (2 54 1775 5) -Warning - -OID = 06 04 86 8D 6F 06 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = tunneling (2 54 1775 6) -Warning - -OID = 06 04 86 8D 6F 07 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = setQualifier (2 54 1775 7) -Warning - -OID = 06 04 86 8D 6F 63 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = set-data (2 54 1775 99) -Warning - -# Apple - -OID = 06 06 2A 86 48 86 F7 63 -Comment = Apple Computer, Inc. -Description = apple (1 2 840 113635) - -OID = 6 07 2A 86 48 86 F7 63 64 -Comment = Apple Data Security -Description = appleDataSecurity (1 2 840 113635 100) - -OID = 06 08 2A 86 48 86 F7 63 64 01 -Comment = Apple Trust Policy -Description = appleTrustPolicy (1 2 840 113635 100 1) - -OID = 06 08 2A 86 48 86 F7 63 64 02 -Comment = Apple Security Algorithms -Description = appleSecurityAlgorithm (1 2 840 113635 100 2) - -OID = 06 09 2A 86 48 86 F7 63 64 01 01 -Comment = Apple iSign -Description = iSignTP (1 2 840 113635 100 1 1) - -OID = 06 09 2A 86 48 86 F7 63 64 01 02 -Comment = Apple X509 Basic -Description = AppleX509Basic (1 2 840 113635 100 1 2) - -OID = 06 09 2A 86 48 86 F7 63 64 02 01 -Comment = Apple FEE -Description = fee (1 2 840 113635 100 2 1) - -OID = 06 09 2A 86 48 86 F7 63 64 02 02 -Comment = Apple ASC -Description = asc (1 2 840 113635 100 2 2) - -OID = 06 09 2A 86 48 86 F7 63 64 02 03 -Comment = Apple FEE/MD5 signature -Description = feeMD5 (1 2 840 113635 100 2 3) - -OID = 06 09 2A 86 48 86 F7 63 64 02 04 -Comment = Apple FEE/SHA1 signature -Description = feeSHA1 (1 2 840 113635 100 2 4) - -OID = 06 09 2A 86 48 86 F7 63 64 02 05 -Comment = Apple FEED encryption -Description = appleFeed (1 2 840 113635 100 2 5) - -OID = 06 09 2A 86 48 86 F7 63 64 02 06 -Comment = Apple FEEDExp signature -Description = appleFeedExp (1 2 840 113635 100 2 6) - -OID = 06 09 2A 86 48 86 F7 63 64 02 07 -Comment = Apple FEE/ECDSA signature -Description = feeECDSA (1 2 840 113635 100 2 7) - - -# Extended key usage -OID = 06 04 55 1D 25 03 -Comment = Code Signing -Description = id-kp-codeSigning (OID 2 5 29 37 3) - -# Intel's CDSA-specific SHA1withECDSA -OID = 06 0B 60 86 48 01 86 F8 4D 02 02 05 51 -Comment = CDSA SHA1 with ECDSA -Description = sha1WithECDSA (OID 2 16 840 1 113741 2 2 5 81) - -# Microsoft Cert Authority Renewal Version -OID = 06 09 2B 06 01 04 01 82 37 15 01 -Comment = Microsoft Cert Authority Renewal Version -Description = certSrv-ca-version (OID 1 3 6 1 4 1 311 21 1) - -# Fictitious US DOD CRL entry extension -OID = 06 09 60 86 48 01 65 02 01 0C 02 -Comment = Fictitious US DOD CRL entry extension -Description = id-test-extension (OID 2 16 840 1 101 2 1 12 2) - -# End of Fahnenstange diff --git a/CrlRefresh/crlRefresh.cpp b/CrlRefresh/crlRefresh.cpp deleted file mode 100644 index 5ddf4af0..00000000 --- a/CrlRefresh/crlRefresh.cpp +++ /dev/null @@ -1,1202 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * Examine the CRLs in the system CRL cache, looking for expired CRLs - * for which we don't have current valid entries. Perform net fetch for - * all such entries to get up-to-date entries. Purge entries older - * than specified date (i.e., "stale" CRLs). - * - * Terminology used here: - * - * 'nowTime' is the absolute current time. - * 'updateTime' is the time at which we evaluate a CRL's NextUpdate - * attribute to determine whether a CRL has expired. This is - * generally subsequent to nowTime. - * 'expired' means that a CRL's NextUpdate time has passed, relative - * to updateTime, and that we need to fetch a new CRL to replace - * the expired CRL. - * 'expireOverlap' is (nowTime - updateTime) in seconds. It's the - * distance into the future at which we evaluate a CRL's expiration - * status. - * 'stale' means that a CRL is so old that it should be deleted from - * the cache. - * 'staleTime' is maximum age (relative to nowTime) that a CRL can - * achieve in cache before being deemed stale. StaleTime is always - * greater than expireOverlap (i.e., if a CRL is stale, it MUST be - * expired, but a CRL can be expired without being stale). - * - * CRLs are only deleted from cache if they are stale; multiple - * CRLs from one CA may exist in cache at a given time but (generally) - * only one of them is not expired. - * - * expireOverlap and staleTime have defaults which can be overridden - * via command line arguments. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ldapFetch.h" -#include -#include -#include -#include -#include - -#define DEFAULT_STALE_DAYS 10 -#define DEFAULT_EXPIRE_OVERLAP_SECONDS 3600 - -#define SECONDS_PER_DAY (60 * 60 * 24) - -#define CRL_CACHE_DB "/var/db/crls/crlcache.db" -#define X509_CERT_DB "/System/Library/Keychains/X509Certificates" - -#ifdef NDEBUG -#define DEBUG_PRINT 0 -#else -#define DEBUG_PRINT 1 -#endif - -#if DEBUG_PRINT -#define dprintf(args...) fprintf(stderr, args) -#else -#define dprintf(args...) -#endif - -static void usage(char **argv) -{ - printf("Usage\n"); - printf("Refresh : %s r [options]\n", argv[0]); - printf("Fetch CRL : %s f URI [options]\n", argv[0]); - printf("Fetch cert : %s F URI [options]\n", argv[0]); - printf("Refresh options:\n"); - printf(" s=stale_period in DAYS; default=%d\n", DEFAULT_STALE_DAYS); - printf(" o=expire_overlap in SECONDS; default=%d\n", - DEFAULT_EXPIRE_OVERLAP_SECONDS); - printf(" p (Purge all entries, ensuring refresh with fresh CRLs)\n"); - printf(" f (Full crypto CRL verification)\n"); - printf(" k=keychainName (default=%s\n", CRL_CACHE_DB); - printf(" v(erbose)\n"); - printf("Fetch options:\n"); - printf(" F=outFileName (default is stdout)\n"); - printf(" n (no write to cache after fetch)\n"); - exit(1); -} - -/* - * Print string. Null terminator is not assumed. - */ -static void printString( - const CSSM_DATA *str) -{ - unsigned i; - char *cp = (char *)str->Data; - for(i=0; iLength; i++) { - printf("%c", *cp++); - } -} - -/* declare a CSSM_DB_ATTRIBUTE_INFO with NAME_AS_STRING */ -#define DB_ATTRIBUTE(name, type) \ - { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ - {#name}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ - } - -/* The CRL DB attributes we care about*/ -/* Keep these positions in sync with ATTR_DEX_xxx, below */ -static const CSSM_DB_ATTRIBUTE_INFO x509CrlRecordAttrs[] = { - DB_ATTRIBUTE(CrlType, UINT32), // 0 - DB_ATTRIBUTE(CrlEncoding, UINT32), // 1 - DB_ATTRIBUTE(PrintName, BLOB), // 2 - DB_ATTRIBUTE(Issuer, BLOB), // 3 - DB_ATTRIBUTE(NextUpdate, BLOB), // 4 - DB_ATTRIBUTE(URI, BLOB), // 5 - - /* we don't use these */ - // DB_ATTRIBUTE(ThisUpdate, BLOB), // 4 - // DB_ATTRIBUTE(DeltaCrlNumber, UINT32) - // DB_ATTRIBUTE(Alias, BLOB), - // DB_ATTRIBUTE(CrlNumber, UINT32), -}; - -#define NUM_CRL_ATTRS \ - (sizeof(x509CrlRecordAttrs) / sizeof(x509CrlRecordAttrs[0])) - -#define ATTR_DEX_CRL_TYPE 0 -#define ATTR_DEX_CRL_ENC 1 -#define ATTR_DEX_PRINT_NAME 2 -#define ATTR_DEX_ISSUER 3 -#define ATTR_DEX_NEXT_UPDATE 4 -#define ATTR_DEX_URI 5 - -/* free attribute(s) allocated by DL */ -static void freeAttrs( - CSSM_DB_ATTRIBUTE_DATA *attrs, - unsigned numAttrs) -{ - unsigned i; - - for(i=0; iNumberOfValues; j++) { - CSSM_DATA_PTR data = &attrData->Value[j]; - if(data == NULL) { - /* fault of DL, who said there was a value here */ - printf("***freeAttrs screwup: NULL data\n"); - return; - } - APP_FREE(data->Data); - data->Data = NULL; - data->Length = 0; - } - APP_FREE(attrData->Value); - attrData->Value = NULL; - } -} - -/* - * Compare two CSSM_TIMESTRINGs. Returns: - * -1 if t1 < t2 - * 0 if t1 == t2 - * 1 if t1 > t2 - */ -int compareTimes( - const char *t1, - const char *t2) -{ - for(unsigned dex=0; dex *t2) { - return 1; - } - if(*t1 < *t2) { - return -1; - } - /* else same, on to next byte */ - } - /* equal */ - return 0; -} - -/* - * everything we know or care about a CRL. - */ -class CrlInfo -{ -public: - CrlInfo( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_DB_ATTRIBUTE_DATA *attrData, // [NUM_CRL_ATTRS] - CSSM_DB_UNIQUE_RECORD_PTR record, - CSSM_DATA_PTR crlBlob); // optional - ~CrlInfo(); - - CSSM_DATA_PTR fetchValidAttr( - unsigned attrDex); - int fetchIntAttr( - unsigned dex, - uint32 &rtn); - - bool isSameIssuer( - CrlInfo *other); - - /* print the printable name + '\n' to stdout */ - void printName(); - - void validateTimes( - const char *updateTime, - const char *staleTime, - unsigned dex); - - /* state inferred from attributes, and maintained by - * owner (not by us) */ - bool mIsBadlyFormed; // general parse error - bool mIsExpired; // compare to 'now' - bool mIsStale; // compared to "staleTime' - bool mRefreshed; // already refreshed - - /* - * Actual CRL, optionally fetched from DB if doing a full crypto verify - */ - CSSM_DATA mCrlBlob; - - - /* accessors for read-only member vars */ - CSSM_DL_DB_HANDLE dlDbHand() { return mDlDbHand; } - CSSM_DB_ATTRIBUTE_DATA_PTR attrData() { return &mAttrData[0]; } - CSSM_DB_UNIQUE_RECORD_PTR record() { return mRecord; }; - -private: - /* member variables which are read-only subsequent to construction */ - CSSM_DL_DB_HANDLE mDlDbHand; - - /* - * array of attr data - * contents APP_MALLOCd by DL - * contents APP_FREEd by our destructor - */ - CSSM_DB_ATTRIBUTE_DATA mAttrData[NUM_CRL_ATTRS]; - - /* - * For possible use in CSSM_DL_DataDelete - * Our destructor does CSSM_DL_FreeUniqueRecord - */ - CSSM_DB_UNIQUE_RECORD_PTR mRecord; -}; - -CrlInfo::CrlInfo( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_DB_ATTRIBUTE_DATA *attrData, // [NUM_CRL_ATTRS] - CSSM_DB_UNIQUE_RECORD_PTR record, - CSSM_DATA_PTR crlBlob) // optional - : mIsBadlyFormed(false), - mIsExpired(false), - mIsStale(false), - mRefreshed(false), - mDlDbHand(dlDbHand), - mRecord(record) -{ - if(crlBlob) { - mCrlBlob = *crlBlob; - } - else { - mCrlBlob.Data = NULL; - mCrlBlob.Length = 0; - } - memmove(mAttrData, attrData, - sizeof(CSSM_DB_ATTRIBUTE_DATA) * NUM_CRL_ATTRS); -} - -CrlInfo::~CrlInfo() -{ - freeAttrs(&mAttrData[0], NUM_CRL_ATTRS); - CSSM_DL_FreeUniqueRecord(mDlDbHand, mRecord); - if(mCrlBlob.Data) { - APP_FREE(mCrlBlob.Data); - } -} - -/* - * Is attribute at specified index present with one value? Returns the - * value if so, else returns NULL. - */ -CSSM_DATA_PTR CrlInfo::fetchValidAttr( - unsigned attrDex) -{ - if(mAttrData[attrDex].NumberOfValues != 1) { - return NULL; - } - return mAttrData[attrDex].Value; -} - -/* - * Fetch uint32 attr if it's there at specified attr index. - * Returns non zero if it's not there and flags the CRL as bad. - */ -int CrlInfo::fetchIntAttr( - unsigned dex, - uint32 &rtn) -{ - CSSM_DATA *val = fetchValidAttr(dex); - if((val == NULL) || (val->Length != sizeof(uint32))) { - dprintf("***Badly formed uint32 attr at dex %u\n", dex); - mIsBadlyFormed = true; - return 1; - } - rtn = cuDER_ToInt(val); - return 0; -} - - -/* - * See if two CRLs have same issuer. Requires (and verifies) that both - * issuer attrs are well formed. - */ -bool CrlInfo::isSameIssuer( - CrlInfo *other) -{ - CSSM_DATA_PTR thisIssuer = fetchValidAttr(ATTR_DEX_ISSUER); - if(thisIssuer == NULL) { - return false; - } - CSSM_DATA_PTR otherIssuer = other->fetchValidAttr(ATTR_DEX_ISSUER); - if(otherIssuer == NULL) { - return false; - } - return cuCompareCssmData(thisIssuer, otherIssuer) ? true : false; -} - -/* Print a CRL's PrintName attr */ -void CrlInfo::printName() -{ - CSSM_DATA_PTR val = fetchValidAttr(ATTR_DEX_PRINT_NAME); - if(val == NULL) { - printf("X509 CRL\n"); - } - else { - printString(val); - printf("\n"); - } -} - -/* - * Given time strings representing 'update time' and 'stale time', - * calculate mIsExpired and mIsStale. - */ -void CrlInfo::validateTimes( - const char *updateTime, // now - expireOverlap - const char *staleTime, // now - staleTime - unsigned dex) // for debug info -{ - CSSM_DATA *nextUpdateData = fetchValidAttr(ATTR_DEX_NEXT_UPDATE); - if((nextUpdateData == NULL) || - (nextUpdateData->Length != CSSM_TIME_STRLEN)) { - printf("***Badly formed NextUpdate attr on CRL %u\n", dex); - mIsBadlyFormed = true; - return; - } - #if DEBUG_PRINT - printf("Crl %u NextUpdate : ", dex); printString(nextUpdateData); - printf("\n"); - #endif - char *nextUpdate = (char *)nextUpdateData->Data; - if(compareTimes(nextUpdate, updateTime) < 0) { - dprintf("...CRL %u is expired\n", dex); - mIsExpired = true; - if(compareTimes(nextUpdate, staleTime) < 0) { - dprintf("...CRL %u is stale\n", dex); - mIsStale = true; - } - /* note it can't be stale and not expired */ - } -} - -/* - * Fetch attrs for all CRLs from DB. CRL blobs themselves are not fetched - * unless the fetchBlobs argument is asserted. - */ -static CSSM_RETURN fetchAllCrls( - CSSM_DL_DB_HANDLE dlDbHand, - bool fetchBlobs, // fetch actual CRL data - CrlInfo **&rtnCrlInfo, // RETURNED - unsigned &numCrls) // RETURNED -{ - CSSM_QUERY query; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - unsigned attrDex; - CSSM_DB_ATTRIBUTE_DATA attrData[NUM_CRL_ATTRS]; - CSSM_DATA_PTR crlDataPtr = NULL; - CSSM_DATA crlData; - - numCrls = 0; - rtnCrlInfo = NULL; - - /* build an ATTRIBUTE_DATA array from list attrs */ - memset(attrData, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * NUM_CRL_ATTRS); - for(attrDex=0; attrDexfetchIntAttr(ATTR_DEX_CRL_TYPE, i)) { - continue; - } - switch(i) { - case CSSM_CRL_TYPE_X_509v1: - case CSSM_CRL_TYPE_X_509v2: - /* OK */ - break; - default: - printf("***bad CRL type (%u) on CRL %u\n", (unsigned)i, dex); - crl->mIsBadlyFormed = true; - continue; - } - - /* ditto for encoding */ - if(crl->fetchIntAttr(ATTR_DEX_CRL_ENC, i)) { - continue; - } - switch(i) { - case CSSM_CRL_ENCODING_BER: - case CSSM_CRL_ENCODING_DER: - /* OK */ - break; - default: - printf("***bad CRL encoding (%u) on CRL %u\n", - (unsigned)i, dex); - crl->mIsBadlyFormed = true; - continue; - } - /* any other grounds for deletion? */ - } -} - -/* - * Perform full crypto CRL validation. - * We use the system-wide intermediate cert keychain here, but do - * NOT use the CRL cache we're working on (or any other), since - * we dont' really want to trust anything at this point. - */ -static void cryptoValidateCrls( - CrlInfo **crlInfo, - unsigned numCrls, - bool verbose, - CSSM_TP_HANDLE tpHand, - CSSM_CSP_HANDLE cspHand, - CSSM_CL_HANDLE clHand, - CSSM_DL_HANDLE dlHand) -{ - CrlInfo *crl; - const CSSM_DATA *anchors; - uint32 anchorCount; - OSStatus ortn; - - /* just snag these once */ - ortn = SecTrustGetCSSMAnchorCertificates(&anchors, &anchorCount); - if(ortn) { - printf("SecTrustGetCSSMAnchorCertificates returned %u\n", (int)ortn); - return; - } - - /* and the system-wide intermediate certs */ - CSSM_DL_DB_HANDLE certDb; - CSSM_DL_DB_HANDLE_PTR certDbPtr = NULL; - CSSM_RETURN crtn = CSSM_DL_DbOpen(dlHand, - X509_CERT_DB, - NULL, // DbLocation - CSSM_DB_ACCESS_READ, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - &certDb.DBHandle); - if(crtn) { - cuPrintError("CSSM_DL_DbOpen", crtn); - printf("***Error opening intermediate cert file %s.\n", X509_CERT_DB); - /* Oh well, keep trying */ - } - else { - certDb.DLHandle = dlHand; - certDbPtr = &certDb; - } - - for(unsigned dex=0; dexmCrlBlob, - certDbPtr, - anchors, - anchorCount); - switch(crtn) { - case CSSMERR_APPLETP_CRL_EXPIRED: - /* special case, we'll handle this via its attrs */ - case CSSM_OK: - break; - default: - if(verbose) { - printf("...CRL %u FAILED crypto verify\n", dex); - } - crl->mIsBadlyFormed = true; - break; - } - } - CSSM_DL_DbClose(certDb); -} - -/* - * Calculate expired/stale state for all CRLs. - */ -int calcCurrent( - CrlInfo **crlInfo, - unsigned numCrls, - int expireOverlapSeconds, - int staleTimeSeconds) -{ - if(expireOverlapSeconds > staleTimeSeconds) { - printf("***ExpireOverlap greater than StaleTime; aborting.\n"); - return 1; - } - char *updateTime = cuTimeAtNowPlus(expireOverlapSeconds, TIME_CSSM); - char *staleTime = cuTimeAtNowPlus(-staleTimeSeconds, TIME_CSSM); - - dprintf("updateTime : %s\n", updateTime); - dprintf("staleTime : %s\n", staleTime); - - for(unsigned dex=0; dexvalidateTimes(updateTime, staleTime, dex); - } - APP_FREE(updateTime); - APP_FREE(staleTime); - return 0; -} - -/* - * Mark all CRLs as stale (i.e., force them to be deleted later). - */ -static void purgeAllCrls( - CrlInfo **crlInfo, - unsigned numCrls, - bool verbose) -{ - for(unsigned dex=0; dexmIsExpired = true; - crl->mIsStale = true; - } -} - -/* - * Delete all stale and badly formed CRLs from cache. - */ -static void deleteBadCrls( - CrlInfo **crlInfo, - unsigned numCrls, - bool verbose) -{ - CrlInfo *crl; - - for(unsigned dex=0; dexmIsBadlyFormed || crl->mIsStale) { - if(verbose || DEBUG_PRINT) { - printf("...deleting CRL %u from ", dex); - crl->printName(); - } - CSSM_RETURN crtn = CSSM_DL_DataDelete(crl->dlDbHand(), - crl->record()); - if(crtn) { - cuPrintError("CSSM_DL_DataDelete", crtn); - } - } - } -} - -/* - * For each expired CRL, fetch a new one if we don't have a current - * CRL from the same place. - */ -static void refreshExpiredCrls( - CrlInfo **crlInfo, - unsigned numCrls, - CSSM_CL_HANDLE clHand, - bool verbose) -{ - CrlInfo *crl; - bool haveCurrent; - CSSM_DATA newCrl; - - for(unsigned dex=0; dexmIsExpired || crl->mRefreshed) { - continue; - } - - /* do we have one for the same issuer that's current? */ - haveCurrent = false; - for(unsigned i=0; imIsBadlyFormed) { - /* forget this one */ - continue; - } - if(checkCrl->mIsExpired && !checkCrl->mRefreshed) { - continue; - } - if(crl->isSameIssuer(checkCrl)) { - /* have a match; this one's OK */ - dprintf("up-to-date CRL at dex %u matching expired CRL %u\n", - i, dex); - haveCurrent = true; - break; - } - } - if(haveCurrent) { - continue; - } - - /* - * Not all CRLs have a URI attribute, which is required for - * refresh - */ - CSSM_DATA_PTR uri = crl->fetchValidAttr(ATTR_DEX_URI); - if(uri == NULL) { - dprintf("Expired CRL with no URI at dex %u\n", dex); - continue; - } - - /* fetch a new one */ - if(verbose || DEBUG_PRINT) { - printf("...fetching new CRL from net to update CRL %u from ", - dex); - crl->printName(); - } - CSSM_RETURN crtn = netFetch(*uri, LT_Crl, newCrl); - if(crtn) { - cuPrintError("netFetch", crtn); - continue; - } - - /* store it in the DB */ - crtn = cuAddCrlToDb(crl->dlDbHand(), clHand, &newCrl, uri); - - /* - * One special error case - UNIQUE_INDEX_DATA indicates that - * the CRL we just fetched is already in the cache. This - * can occur when expireOverlap is sufficiently large that - * we decide to fetch before a CRL is actually expired. In - * this case process as usual, avoiding any further updates - * from this CA/URI. - */ - switch(crtn) { - case CSSM_OK: - dprintf("...refreshed CRL added to DB to account " - "for expired CRL %u\n", dex); - break; - case CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA: - dprintf("...refreshed CRL is a dup of CRL %u; skipping\n", - dex); - break; - default: - continue; - } - - - /* - * In case there are other CRLs still to be discovered - * in our list which are a) expired, and b) from this same issuer, - * we flag the current (expired) CRL as refreshed to ensure that - * we don't do this fetch again. A lot easier than cooking up - * a new CrlInfo object for the CRL we just fetched. - */ - crl->mRefreshed = true; - } -} - -/* - * Open an existing keychain or create a new one. - * This is a known "insecure" keychain/DB, since you don't need - * to unlock it to add or remove CRLs to/from it. Thus if - * we create it we use the filename as password. - */ -CSSM_RETURN openDatabase( - CSSM_DL_HANDLE dlHand, - const char *dbFileName, - bool verbose, - CSSM_DB_HANDLE &dbHand, // RETURNED - bool &didCreate) // RETURNED -{ - didCreate = false; - - /* try to open existing DB */ - CSSM_RETURN crtn = CSSM_DL_DbOpen(dlHand, - dbFileName, - NULL, // DbLocation - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - &dbHand); - switch(crtn) { - case CSSM_OK: - return CSSM_OK; - case CSSMERR_DL_DATASTORE_DOESNOT_EXIST: - /* proceed to create it */ - break; - default: - cuPrintError("CSSM_DL_DbOpen", crtn); - return crtn; - } - - /* create new one */ - if(verbose) { - printf("...creating database %s\n", dbFileName); - } - CSSM_DBINFO dbInfo; - memset(&dbInfo, 0, sizeof(CSSM_DBINFO)); - - CssmAllocator &alloc = CssmAllocator::standard(); - CssmClient::AclFactory::PasswordChangeCredentials pCreds((StringData(dbFileName)), alloc); - const AccessCredentials* aa = pCreds; - - // @@@ Create a nice wrapper for building the default AclEntryPrototype. - TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY); - AclEntryPrototype protoType(subject); - AuthorizationGroup &authGroup = protoType.authorization(); - CSSM_ACL_AUTHORIZATION_TAG tag = CSSM_ACL_AUTHORIZATION_ANY; - authGroup.NumberOfAuthTags = 1; - authGroup.AuthTags = &tag; - - const ResourceControlContext rcc(protoType, const_cast(aa)); - - crtn = CSSM_DL_DbCreate(dlHand, - dbFileName, - NULL, // DbLocation - &dbInfo, - CSSM_DB_ACCESS_PRIVILEGED, - &rcc, // CredAndAclEntry - NULL, // OpenParameters - &dbHand); - if(crtn) { - cuPrintError("CSSM_DL_DbCreate", crtn); - return crtn; - } - else { - /* one more thing: make it world writable by convention */ - if(chmod(dbFileName, 0666)) { - perror(dbFileName); - crtn = CSSMERR_DL_DB_LOCKED; - } - didCreate = true; - } - return crtn; -} - -/* - * Add CRL fetched from net to local cache, used only by fetchItemFromNet. - * Note we're not dealing with fetched certs here; they are not - * stored on the fly. - */ -static int writeFetchedItem( - LF_Type lfType, - const CSSM_DATA *itemData, - const CSSM_DATA *uriData) -{ - if(lfType == LT_Cert) { - return 0; - } - - /* - * The awkward part of this operation is that we have to open a DLDB - * (whose filename can only be hard coded at this point) and attach - * to the CL. - */ - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - CSSM_CL_HANDLE clHand = 0; - CSSM_RETURN crtn; - bool didCreate; - int ourRtn = 0; - - clHand = cuClStartup(); - if(clHand == 0) { - return 1; - } - /* subsequent errors to done: */ - dlDbHand.DLHandle = cuDlStartup(); - if(dlDbHand.DLHandle == 0) { - ourRtn = 1; - goto done; - } - crtn = openDatabase(dlDbHand.DLHandle, - CRL_CACHE_DB, - false, // verbose - dlDbHand.DBHandle, - didCreate); - if(crtn) { - dprintf("***Error opening keychain %s. Aborting.\n", CRL_CACHE_DB); - ourRtn = 1; - goto done; - } - - /* store it in the DB */ - crtn = cuAddCrlToDb(dlDbHand, clHand, itemData, uriData); - - /* - * One special error case - UNIQUE_INDEX_DATA indicates that - * the CRL we just fetched is already in the cache. This - * can occur as a result of a race condition between searching - * for a CRL in the cache (currently done by the TP, who execs us) - * and the fetch we just completed, if multiple tasks or threads are - * searching for the same CRL. - * Eventually this will be handled more robustly by all of the searching - * and fetching being done in a daemon. - */ - switch(crtn) { - case CSSM_OK: - dprintf("...fetched CRL added to DB\n"); - break; - case CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA: - dprintf("...fetched CRL is a dup; skipping\n"); - break; - default: - /* specific error logged by cuAddCrlToDb() */ - dprintf("Error writing CRL to cache\n"); - ourRtn = 1; - break; - } -done: - if(dlDbHand.DBHandle) { - CSSM_DL_DbClose(dlDbHand); - } - if(dlDbHand.DLHandle) { - CSSM_ModuleDetach(dlDbHand.DLHandle); - } - if(clHand) { - CSSM_ModuleDetach(clHand); - } - return ourRtn; -} -/* - * Fetch a CRL or Cert from net; write it to a file. - */ -int fetchItemFromNet( - LF_Type lfType, - const char *URI, - char *outFileName, // NULL indicates write to stdout - bool writeToCache) -{ - const CSSM_DATA uriData = {strlen(URI) + 1, (uint8 *)URI}; - CSSM_DATA item; - CSSM_RETURN crtn; - int irtn; - - dprintf("fetchItemFromNet %s outFile %s\n", - URI, outFileName ? outFileName : "stdout"); - - /* netFetch deals with NULL-terminated string */ - uriData.Data[uriData.Length - 1] = 0; - crtn = netFetch(uriData, lfType, item); - if(crtn) { - cuPrintError("netFetch", crtn); - return 1; - } - dprintf("fetchItemFromNet netFetch complete, %u bytes read\n", - (unsigned)item.Length); - if(outFileName == NULL) { - irtn = write(STDOUT_FILENO, item.Data, item.Length); - if(irtn != (int)item.Length) { - irtn = errno; - perror("write"); - } - else { - irtn = 0; - } - } - else { - irtn = writeFile(outFileName, item.Data, item.Length); - if(irtn) { - perror(outFileName); - } - } - if((irtn == 0) && writeToCache) { - irtn = writeFetchedItem(lfType, &item, &uriData); - } - free(item.Data); - dprintf("fetchItemFromNet returning %d\n", irtn); - return irtn; -} - -int main(int argc, char **argv) -{ - CSSM_RETURN crtn; - CSSM_DL_DB_HANDLE dlDbHand; - CSSM_CL_HANDLE clHand; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_TP_HANDLE tpHand = 0; - int arg; - char *argp; - bool didCreate = false; - int optArg; - - /* user-specified variables */ - bool verbose = false; - bool purgeAll = false; - bool fullCryptoValidation = false; - int staleDays = DEFAULT_STALE_DAYS; - int expireOverlapSeconds = - DEFAULT_EXPIRE_OVERLAP_SECONDS; - char *dbFileName = CRL_CACHE_DB; - /* fetch options */ - LF_Type lfType = LT_Crl; - char *outFileName = NULL; - bool writeToCache = true; - char *uri = NULL; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'F': - lfType = LT_Cert; - /* and drop thru */ - case 'f': - if(argc < 3) { - usage(argv); - } - uri = argv[2]; - optArg = 3; - break; - case 'r': - optArg = 2; - break; - default: - usage(argv); - } - /* refresh options */ - for(arg=optArg; arg -#include -#include -#include -#include -#include - -#define DEBUG_PRINT 1 -#if DEBUG_PRINT -#define dprintf(args...) printf(args) -#else -#define dprintf(args...) -#endif - -/* - * LDAP attribute names, used if not present in URI. - */ -#define LDAP_ATTR_CERT "cacertificate;binary" -#define LDAP_ATTR_CRL "certificaterevocationlist;binary" - -/* - * Default LDAP options. - */ -#define LDAP_REFERRAL_DEFAULT LDAP_OPT_ON - -static CSSM_RETURN ldapRtnToCssm( - int rtn) -{ - switch(rtn) { - case LDAP_SERVER_DOWN: - case LDAP_TIMEOUT: - case LDAP_CONNECT_ERROR: - return CSSMERR_APPLETP_CRL_SERVER_DOWN; - case LDAP_PARAM_ERROR: - case LDAP_FILTER_ERROR: - return CSSMERR_APPLETP_CRL_BAD_URI; - default: - return CSSMERR_APPLETP_CRL_NOT_FOUND; - } -} - -CSSM_RETURN ldapFetch( - const CSSM_DATA &url, - LF_Type lfType, - CSSM_DATA &fetched) // mallocd and RETURNED -{ - BerValue **value = NULL; - LDAPURLDesc *urlDesc = NULL; - int rtn; - LDAPMessage *msg = NULL; - LDAP *ldap = NULL; - LDAPMessage *entry = NULL; - bool mallocdString = false; - char *urlStr; - int numEntries; - CSSM_RETURN ourRtn = CSSM_OK; - /* attr input to ldap_search_s() */ - char *attrArray[2]; - char **attrArrayP = NULL; - - /* don't assume URL string is NULL terminated */ - if(url.Data[url.Length - 1] == '\0') { - urlStr = (char *)url.Data; - } - else { - urlStr = (char *)malloc(url.Length + 1); - memmove(urlStr, url.Data, url.Length); - urlStr[url.Length] = '\0'; - mallocdString = true; - } - - /* break up the URL into something usable */ - rtn = ldap_url_parse(urlStr, &urlDesc); - if(rtn) { - dprintf("ldap_url_parse returned %d", rtn); - return CSSMERR_APPLETP_CRL_BAD_URI; - } - - /* - * Determine what attr we're looking for. - */ - if((urlDesc->lud_attrs != NULL) && // attrs present in URL - (urlDesc->lud_attrs[0] != NULL) && // at least one attr present - (urlDesc->lud_attrs[1] == NULL)) { - /* - * Exactly one attr present in the caller-specified URL; - * assume that this is exactly what we want. - */ - attrArrayP = &urlDesc->lud_attrs[0]; - } - else { - /* use caller-specified attr */ - switch(lfType) { - case LT_Crl: - attrArray[0] = (char *)LDAP_ATTR_CRL; - break; - case LT_Cert: - attrArray[0] = (char *)LDAP_ATTR_CERT; - break; - default: - printf("***ldapFetch screwup: bogus lfType (%d)\n", - (int)lfType); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - attrArray[1] = NULL; - attrArrayP = &attrArray[0]; - } - - /* establish connection */ - rtn = ldap_initialize(&ldap, urlStr); - if(rtn) { - dprintf("ldap_initialize returned %d\n", rtn); - return ldapRtnToCssm(rtn); - } - /* subsequent errors to cleanup: */ - rtn = ldap_simple_bind_s(ldap, NULL, NULL); - if(rtn) { - dprintf("ldap_simple_bind_s returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - rtn = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_REFERRAL_DEFAULT); - if(rtn) { - dprintf("ldap_set_option(referrals) returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - rtn = ldap_search_s( - ldap, - urlDesc->lud_dn, - LDAP_SCOPE_SUBTREE, - urlDesc->lud_filter, - urlDesc->lud_attrs, - 0, // attrsonly - &msg); - if(rtn) { - dprintf("ldap_search_s returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - /* - * We require exactly one entry (for now). - */ - numEntries = ldap_count_entries(ldap, msg); - if(numEntries != 1) { - dprintf("tpCrlViaLdap: numEntries %d\n", numEntries); - ourRtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - goto cleanup; - } - - entry = ldap_first_entry(ldap, msg); - value = ldap_get_values_len(ldap, msg, attrArrayP[0]); - if(value == NULL) { - dprintf("Error on ldap_get_values_len\n"); - ourRtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - goto cleanup; - } - - fetched.Length = value[0]->bv_len; - fetched.Data = (uint8 *)malloc(fetched.Length); - memmove(fetched.Data, value[0]->bv_val, fetched.Length); - - ldap_value_free_len(value); - ourRtn = CSSM_OK; -cleanup: - if(msg) { - ldap_msgfree(msg); - } - if(mallocdString) { - free(urlStr); - } - ldap_free_urldesc(urlDesc); - rtn = ldap_unbind(ldap); - if(rtn) { - dprintf("Error %d on ldap_unbind\n", rtn); - /* oh well */ - } - return ourRtn; -} - -/* fetch via HTTP */ -CSSM_RETURN httpFetch( - const CSSM_DATA &url, - CSSM_DATA &fetched) // mallocd and RETURNED -{ - /* trim off possible NULL terminator */ - CSSM_DATA theUrl = url; - if(theUrl.Data[theUrl.Length - 1] == '\0') { - theUrl.Length--; - } - CFURLRef cfUrl = CFURLCreateWithBytes(NULL, - theUrl.Data, theUrl.Length, - kCFStringEncodingUTF8, // right? - //kCFStringEncodingASCII, // right? - NULL); // this is absolute path - if(cfUrl == NULL) { - dprintf("CFURLCreateWithBytes returned NULL\n"); - return CSSMERR_APPLETP_CRL_BAD_URI; - } - CFDataRef urlData = NULL; - SInt32 errorCode; - Boolean brtn = CFURLCreateDataAndPropertiesFromResource(NULL, - cfUrl, - &urlData, - NULL, // no properties - NULL, - &errorCode); - CFRelease(cfUrl); - if(!brtn) { - dprintf("CFURLCreateDataAndPropertiesFromResource err: %d\n", - (int)errorCode); - if(urlData) { - return CSSMERR_APPLETP_CRL_BAD_URI; - } - } - if(urlData == NULL) { - dprintf("CFURLCreateDataAndPropertiesFromResource: no data\n"); - return CSSMERR_APPLETP_CRL_BAD_URI; - } - CFIndex len = CFDataGetLength(urlData); - fetched.Data = (uint8 *)malloc(len); - fetched.Length = len; - memmove(fetched.Data, CFDataGetBytePtr(urlData), len); - CFRelease(urlData); - return CSSM_OK; -} - -/* Fetch from net, we figure out the schema */ -CSSM_RETURN netFetch( - const CSSM_DATA &url, - LF_Type lfType, - CSSM_DATA &fetched) // mallocd and RETURNED -{ - if(url.Length < 5) { - return CSSMERR_APPLETP_CRL_BAD_URI; - } - if(!strncmp((char *)url.Data, "ldap:", 5)) { - return ldapFetch(url, lfType, fetched); - } - if(!strncmp((char *)url.Data, "http:", 5) || - !strncmp((char *)url.Data, "https:", 6)) { - return httpFetch(url, fetched); - } - return CSSMERR_APPLETP_CRL_BAD_URI; -} - diff --git a/CrlRefresh/ldapFetch.h b/CrlRefresh/ldapFetch.h deleted file mode 100644 index 23f36da5..00000000 --- a/CrlRefresh/ldapFetch.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * ldapFetch.h - fetch an entity via LDAP - */ - -#ifndef _LDAP_FETCH_H_ -#define _LDAP_FETCH_H_ - -#include - -typedef enum { - LT_Crl = 1, - LT_Cert -} LF_Type; - -/* fetch via LDAP */ -CSSM_RETURN ldapFetch( - const CSSM_DATA &url, - LF_Type lfType, - CSSM_DATA &fetched); // mallocd and RETURNED - -/* fetch via HTTP */ -CSSM_RETURN httpFetch( - const CSSM_DATA &url, - CSSM_DATA &fetched); // mallocd and RETURNED - -/* Fetch from net, we figure out the schema */ -CSSM_RETURN netFetch( - const CSSM_DATA &url, - LF_Type lfType, - CSSM_DATA &fetched); // mallocd and RETURNED - -#endif /* _LDAP_FETCH_H_ */ \ No newline at end of file diff --git a/Documentation/AppleCL_Spec.doc b/Documentation/AppleCL_Spec.doc deleted file mode 100644 index e66b5d5acc76241aaa547835a92548d43fe79c82..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 108032 zcmeF434C2uwg1n})TB*lOA8bzaMG4Gg(M`M2rWa?ByBo}CWSI+dz0L>p_#}{+C(D_ z6cyjY|Es{`A%cQ{5B~ZT6`u?W_*4XOKyW|?Efy3Nl}QE}^8fz!KIhzX)7+aD5%v8^ zKEHeRIcJ}}*Is+Awbx#IpL-wp;l$n7e(|s;oMC?_JDJX#LwQb4=z0d}v;Ff4jMM_$&!&ZoN^=gM-6JxlEEbCYr3}`&!sy0<@@D{p7&C}PuGv>R7yWbB9~s6>G9NxmB<#8t-w}cQxy|%HGYT?%c9s zcTQPZx!c(9Hn+F-G;Jv;C@(F`t8eP;iWL+zY-x?VZgXc-Z+onx$8CHv?U;-wWr_hY%v#8(_D0E)vC*8yDgpFCga+AcZ1v27VY6ed#PJc zFb7gX?MiNpr7j*bt#%=_C)&L^))Rx0&h63e<~YP{i?z{^?zp>sOQ*ZNwXMzVjmJz~ zRjW$fux8zZCX>P zBU)NxZB$y+)Y;zE*#W=ev#GYVNsNNJHm{%JyI9{;pWO*z{Y_fw7LJ&Sr6^6CQ<2ht$(z-K{PC6x$l_Y3>X5v2MZ2jdC~@ybL0(&1=XO;WrTDHcI@XOg zHPJ4&s5=&Io=xMLTj{G_gx<1WT&?Qu?uPwz*ZK~R+wj4cBXP10vP{p4A8}M9V85gV z?T|e1JVFuXgLv5@bFA21Rb5%<#$(;v zxK}K;Y>zdT&@~7c*+Qke(Ox*;-P+R{LpIhLI?&m;+Z{W%x3ybUh-AsH6+RM_)7je% zLnQt@A<3bsv9@?@JFJhDq9b&r<%cU0DAAYQs#RzFsE4i^UgFfXD0v z>)klbMbJa+k-p?(5X$r1daFS+G)(JKqkaVi>tZeH-Ol6=4s2ktyE@u0n}_9V+7j)8 z`nX$OW;9`LxiLkJ(Wb4NyE~yz{4mPvSs7?>UBgqONs=7jTEvn6j^6f0>ZW_PQ%6Er zLsA-QQCMAz5R6N$1Yf3(OeTJIsat8qo-$RbTH^_PF*XL}i?teElTI07MD38Bp6*_( zqx2`t%3?{&w$`Y-c6s%2r$yU(W9VWlY)BZ5Xxy!;uV1}!>GGOY)v!KsQfm0TwiUxd zlRH#~XXT7ULm484DTp#cHPP!y`fq98yEsb(6!&0eQ4{nG3o1q;JpJmF_Nb&Ujzw(5 zq;H>X6*k(`Bh?>~sj>vv*DZ*)G1s!-D&DdK)DwU@4aZJd%00Bt}dxrS7Hq;<4Rj+BdxTip+~CCS*)k2)ID8& z*(@7r$n>n_2t7z|qyI@&MZ06hV9F~9ja^oTxz*Km2?KX*OSG+Jk$R{TeppS3dKNrX zoO-uAMjJXPi|&Z-B?6|;N~<-Pctw@EvNou`8E9KHe1#vAiXEqMfl-*AZKXrIrK=bb zD~?sGHZJ8MBVh5O*)o>lOQymibU}UzBV(sOIP^pr6g9x&+`t#FgIYCG?%hMSmnF5) zc)YWz)i7&2+T+He4ArI^?YO9-!W_XH@P~71m$k7>(m+ca;8W41-LbCA#4bH+$dU^{ zmv&K^IwjV#J;te_lJU%Uo8*kh+bJ(Cck}A~(b|rPr_J>=-8MT!5u-jVqAVoA7e8d6 zIo8tZ_1cL|&GG1QeRvC8jF)aX*>(}FM~p|x+S%G17tc)A0*(3_F$(f{Vqu<)0Evwo zDDSlL;NH4e*TTH8cuTG}$GWk!^|(-&{T7T%PqEt;>(~sRVUOuzD?qEv#ey}RJ+Xy( z#@`HB+u3FPS%!!fqedR5Z5Ps_Xm4AOyUiFd1ggv}lA+ajg~js+yYks?d`o99oz)nl zYUHgup&jT%X+c3fz71Anjj`S%w$50AWrL&MLC@#2RAlnkq0#_^y(% z`0;petb0UOEjPE;MB8Ik^~ON^1bg<{U1)8b#CzkK%GEVUMsMRe%r8bP&bzli<>eJ1 z^R3OA8rim?zp)Vu_w&K2B{7@J_UK5oHY|tMVP!{Ku9oTC&$vx6bmy0xdVI0ETT)H>)m$^mOi@=T7KqNcf5!1Xv6Y0Rm>Sw6( zRTO^)!I86A>`ftg#fQxDCc1h&87*ptI9jP&3eUbZTe_*-SI_ipv06G2eIUy$AkL$oFmFh)l0f+%9GV&vMnI-Va2gUen0Xp*gT&kSiaQd;w3?FL4pdGaOIXe2Ty!WngPJlpFdc5T zE|!8HQ8P+}hOYP}nySi%8`47MGO4L!yj{1n%AGTB{t3nIJiMWzfkh-jq~bc7S*Qu1Bu7bNL9wOo8J)eC zFu&=DSqW7{r?YqS7KSCl35*`{?T!1dig5NiySXY^jStZHcuT zE6}3{60}OwnNLcy$&%RqC@vBUhTT!tR*D z&oWn@CMs^{Me~^tb$50#8^Wy)nv&=qYAeOsbJH|do#2NKLN=FRxo_=)GQ2t{z%{eS zw2czGjc+1{z7lN;6(g1?xYU~!-5;QGcyKZ$Q z4tM3c`kHD@N_u0Z44#aoCY@K8hz$kpN{E54?cSopFcmFOEWj3%w`TpSRj&HNgyKZM zuQ!I<3<{>JJ*(`g4E$NMw!!CqlE(ZK@wR47)!J&GxiDX>C{dA!}iv3(sC`R5cBsv6)7y{824PIixN#`*2h^n8z#owx0h|O zLbIM^3E1cMd-VndCZ@m9HpGT#8Y8xx-Q@X;M`vYQPr?%(L234vjAeHDS7qXqBE@!c zvy~7_?+9%0Gx*fIf4w|-{1{#`eX%4OXPL>aBe8JO6CcJBbHBoiS;w^V9pi%e z>uz0|6Sp!wwl>&p>}}Pq3dVqFu!X|fVVc8q%J@LcnV4&D_2*nM*PlRO`O&QHo!wi_ zB#ub2?0ys`KtVK)?Ajs2E~ESFDNw7?gE5w+X}i%QC=dr(;RLfrDH226aJ6V`7j>Fj zyUAoW3RoA`E5_R)LHR5xY*RDq>}Hd0+)%7fivj~h^>xeH6yt5Bu`4yL1iP7NkjE^? z4XfGbs^R}4m*+!|cgGkIEo+*PO8K(P^Vo!<&`3&)9Ky1HVlqSH}LZLMTBi`jbAtc0%aWYN5iwWzSrY3D&aLu}gLiSr=bEDQ$?LwLDDm9XR zvN3iOsbPj;duQ(ldvT(huou+VPs(i&{A z5asXL!3B<6XHs1gx~)c=Zn#tw69**T5bgI@jw#A=vnVih3L((2ew&v-18PVAFW1hy ze$U%B8ysRC#<(FZ65Zae&D}&)3?DrKFl+N>{z)K`KC!!tXl%5dcqIW;7N?BgZ{)(1 zq9@JY5PS5(f8dOrmRzR=9TGn{9(fz1FhZ z36T>FQn1`*m5AO9i9}Jj6=C}A&Jf$#X2r|Stt1g&67g~Ce$LCAG5OKHIGrii@gVGh!K<&K?ZUq7emI z8SVNjVY`l@&^kkmwsOFX~9<1Y;?ykQoO!@lKg&42)nElL1@NF87Ap? zsmoX;Z8Jt5aSGx}c3)xWS%0UY-9Bzd&AqE&0e|=&3By-^ql8<;j-n;85-o&FKd9P> zE*pjDaI@=8jv4XA&7R;69}J8l_(59fc{l#Hbp;GNB^`E=)o?Hx2yMVi$xy-<4oL-F zws(s>KABbpHYDmoaB&jr2|jwO$Lw8|HTN{Y_Ns64i+n1)kyKqGlcCPg6MNT>u5?Fj zr~2kV-H48ab)d-ZKE;RPPG!7RQL!5LA+|QR;rr*fw;kUuJ3Zt#2T` z=C27BTJWmbh>kzuZGkb}TjV*mem9#Lsh!YAyW8Xi(z^kPM(t%C_Ntnw3dG1x$X5>C zmPTs!&El1@=%x`icp6@|_cp;;-ZQ-Nl<|@{4tLG1X_cJmj@h;biT)m&<<-{KgbUYZ zHaW{o*}cs@p5-udr}nVd5qB#5jJPAa>TMG@<|D*hJAA27S=vw_7lQE<*^_RU#_YO` zXUEusW_WKn@6Aoje6ts+3l;9|Q}g@83!Z5cwxT4WH_En8&0VlU3Gp>|3@L5>Voy+F zvZ*nh=!+)gTA@rb%ta#!qU!aAH9g|%P>m$cIQyNrge|?@5v8jY#s%FHlA}PvO?_raGO8!fdgO|YMv4zs#F6ae=|6q0kdRgh1FOWK$;%8K zmjqo(S6YsTtwG2LsZpLGvW$@Anzm4DXIJ9wC9BzPVlt*D>ANKNM%O|e*xt`;AUOC5 z0@ZC@hC{;*39kL=n*ZWS>&*ir3t>ZpZP0jarv638AhgGrED7o1HHDB}Vp8I7mK-+F zNGTeib8|Oq-PWUO?bz1YwoR-yGjscXh#%pwR?G8w{V0b51&q>)L&(&r-A$eBsf}~h zxThwn;XTByAUE7i_-}}zB*YAXafOz=LEgB=_FW}U%T$SSuTuU%f`&a4ybu!b+l%X& zmyLKFG8vv*h;SH3RqOb8vdx&(=9bgo+O;ddIOWDEEwN5%h*c`T z)UDCj6MD%5Rls+p!E0Cgvn|YxOimjn2Rn-&-J_X|@);jc&imXv8mTF5a}6P(eq4X= zR4oskty^WfQBeXLqP0@%M=hfM%O_^M^+jA|c&pf!9q7BZ4JQUvz1U+cia%8;_Fj1~ zipcQL71h>8v*uA-xu$wmjbWP{X0wT(7JCkSNDn*(d%tM{Q<)Exx>b6|4BpsIO|-Z4 z{acC=1acswG|nHs#kPd&KoGc7K^yw0OGWJM&Qn8}jjBpQs#%WbL>n)G%NTWhC$WAW ztUpyVawdX2Zj!Xi+iz}6jiS=|NR+m<#A_~-9m5ulXh7(1z?ZkkNpcoqGG05}zhI@0S6gx4F4w9qxnZiVyXldu=2Rrfe>9@TaW~`*kiih7eIKo8Jw8g|;k~R_t z-A)}ia0=k#tyu18ZH23Cy~b>+04+ls;gqS;`z4JrDW8{JvoO!#dN1_ZFoO4l&9x8u zC6S+7IzMlfQKZ$;E}0WL*7U93I%OYzJW61tzG0OY@j%%W(?IUbeoOcp=$#)e(X2|r zZY#ZBH_4Eh_rWAnhHspeG9jU{HW+Q|W1XM+q0K_JFy(OlS73nZ>SL-%FpLX$C zx$}ZW-p+vfI_bOS5S`mQe0ya>wpgo$8uiU8mhoVW!PK(0iIN5$jTYRz&@nc(j^HD* z=Wl3*nJkBxJs+YyW)|k-3LipaBNbai!3i1x>8B~?9SSE>w)d8iVt%NFJWjd0-XMV} zdHXlyh#zM{=7f>uW%S`YH<;IKJKNhkS(PvZpf&MUmJQ{{QhA7devvW^nkHyiv)s3# zF7{&3c@lhocu<_qzKu+?6YCH*EVm}s$DYCpPIHXklL5u)jriv z44bu*;PJq#fMAWFMxYw%%nL=DoneE$jyD_HjPMPw!dE(;HnH=-D4D1aT@cWv;8ZrG1?Ug)sU&Yw^g<0GjW2ry+kGEO#%81rh9C!S2dL=e*c?Y2% zEL1b)@TPyS`kU7q%7`ph99LoU)U>e&TrWwR*JA^h%uTQzN0Ue9^2nUI_8D7$v)$Su zNwnH7-N5J#f1`};Qh6|f88UTfdTgeOiJ77dCH;+2F?%FTd29;M-_q7Tp5g6w77RLE zmH_PQHfxZ5`y!3CtTwYxl~gEb2d~LVQY9EDgBP)$pq*0N9AO+@28N}zMUdr!Ez6KT%6Ni6=H0guQ9>4Qiiajv!f(5WepL? zhI}ZTpI2UX+?@HA#L8xE3=3_mpBV(+SjW>U_Hm&N@s=^X4q^zfd z@Gb}5<-mS$fNyI$8AL%NXaeovk6>K3<5Z7voTXrhZ&WJGbDYO8Zm)xm1Nep|@Gy7` zH1O44jo^OpIyjZ@hwBC32KNDXqT|d09bg-{3p@l4KhSYXK`;0ycm_NRu9)OFH-W?W z_NF7jdaxP%96Syt^KDK?f*oKd(6>AN5x9K2(hP7h_$=7Nw`u(boIHhZg#wR&Uw{RC zyH+h&4px9Q;FiN3=d0l8seI!X$aWoPI`}xa8vF+Q4(u#+oDYHTf=9t=(;O!Tc7xx6 zhUt#875oCc`se4J-|_z&=g-bl&K`q3p`)Mn?E{Dlu>6x=f=vLzCEAS1`W zp279}Oz(PrW)5H9$dxVnCO^K?FVo4H;1t}Gld*fk-G#c9IfFZ>(UfKfUtIZ-2dK_ahH}_dDPE#vNb&?2R{k z`cqf^$0Z-VXyb3y9)Aa&r&e!fXT>ggc$+aPuK ztA4(31gUdg<63r3JBRF?@0ris!L&oOZ z_=b0%l5QfMo%3Duc|V`yb4vM2&D@N{)7ye``}FhvIZwYpIy=YZ`zEt<3eD%Q%;z5S zxy^k3*?iLaq3n!I2V_ieGBfD^nX>6`wSO-0?0-G>-naidN#6(jabOm*gnd)ZIbqp&<2>Aob@Ub@&VZv&RLg@*s6;km?IkgF)*2Aa!k! z`c9DgL6G`kkedCXU)#DM)gPp;4pN^AQr`(u&j+dLXt8bi(Lri!kh(ZXT^Xc45u^?d zEZ^Bds*hBm^zrTNNBMBK0r_#4Jnw?ZYlG^NT z3#R&h_h^0Q``?$-fAYa6;cNRo_=%+DhyNV-e)w2?Z~5Z?3VdJuyPiLO68^XEkDo_c zKKWbF|E_0zeb^PGZVpmk3{vC%;OCq1M?X~+q#A=%Q;_;Wka{vmIe+q>ofM=F3R0ax z>PtcDfgtrrka{#o9rUbU-i9Fc;UM+#Aa!Ms`f-ptEqwJZ|5<$nh*RrSJIH5B(14WlAcLAN&QUHowxE#>H_w$w4`iFCohB*GpU}W zlcZ;oPLi^vKJlu_ln+2!LXtqWLm-3;O>D{9HR8PQurbF7acR{M`DgTL+g4D(!by1M|YLL1$NX`GX|LlSwwK7Ou8KmwA zQcnh{Nx$)*ogAdz2vTnbsh5A}=X)hc-SB(=+Gm2)twHLxAa#3?nv8`k^kX3JM1Q}P z!E7I&Nm7l}Cx3E6f4>iHUrQ z6E7@!soo`wJLvaIz?ZcAeLF}!9i(0gQZEOoy4`+xT|w%CAa!Ao zdOS$I5u_$O;XgYuNVNp1ok8l#AoYnLbybl1Ly*b}#=rxD)Px`v3sN5mQdb12D@jfF zb=TKfUswJ98s1MAl`?*V!^#||82oGzx_u(H;Uve|1Zo!JPlC!yYy~*5nmz_apbV6Q z`QUi42JBgiKd}rM01Lq)a1uBfECE$uHCO}cz^Pyz&~KBx;r;*Fc_Hcl&))Uto__M_ zUp(!7dW!JB=`gNr#eoj10PVF-))+56A@dwH(K}n8%h~`rv^Fq&RX}S7PO0p%-`At* z<}I^`WFF%<6Tmgaj&rSmEPNW=>&eCG$2raha453j%SZ|72g_OS0ZCRg^+{^G_guIK z|M2dKlf;8CKQjFl01~O}|KYN^Z%4l#G|zDk2FD!lILCrh7CO#i@KfxAZzINFCr-si z__iWSx_WWKW}HTPF*d`u9Sy_m$6D+~FSrrB{_0CFJo|^={pQIhe(~tTKY8$n-@EUg zZ{Gd&+rN6t7e8-T2tI!KrMo`*FCV_}{PX&^d0ffPxq3)(b=C>KNrF)X@0pPUkJuYI zvU6@@5|Ev9yZQW{`TV~5l&hbeBR4-g=U(%9pZWaU)4K9s=JO8o`8D&YqO)_xn9l{~ z^LX?5eJab&`GNWT6~Tqj|I=qH8aqvFy1@J2{ zmGQX=d>Y&g9s|3<6W~`s}^hNCvX;zBLzAda`WkzV`hs^!2{SCg49bvs!T@QgETIb8p^#QsK?HW2S-WyRONev1>#2(KoY2;N~fr z1CEocAHieO!4`4%fSu#69C~Qzq46uneaFqnF3NmeSHpKBJtaKtYg`2a+ zV|kR?`!C`&Bdq2xBXdG|wli@8UIFI|Dx2Mz>q=_d3LDQ@KKqQ;1?|;sE9cCevu@o9 ztGX*T6mE(gQ&N29nS}+dMT_Sb)|^>bv97GFkk_Zyt(bAnijszN=2SEnu0O48PT|t% z>IH?HrZ1nfe8tQ)h0~{<)6%@9efqKGGg^;5x4gW*py=HCviWBm+gwsNyX4r4!c$LO z5j}Oq^z{p-AG4yReMM!oXjApN*(LKfwU$&bX=t4`qr7PDlCC9l&S;x?)|%7GrdL2 zu@zlgTbnnP&o3$4x+PlIylFvnc642=pzGK(j-9olWz*8GO-s(HFYK2$iCb|>nzaTl9`C{(SO;MhnAb2 zGET8`lv)yDTI1vdEs0Sd7L&3H?#Xqm85I|b9hck(dbveOC#CzjCl1R!)0w^a(@tSz zCQpttZP`p-7w-1L+eYs>2dd9-BF>zMsLzK7o%}kda#(6zXEhw?;$Dt3$tkIJBjRK> zoXmDgos*$wNrZ_QCcc3l=z()Fb2ixw3gaB6fk}*CU!~qufw|61KJ&?)RX8*h;mDth z9Wse5Ql5sAvc0Bj3?=#_m17dRHpZlMjgtA(H8z>(kJMO`(6wG~GD<{*8Jaa`-ufEuyKXKkiTn|F8A}I2D)U$KEYuZ(#m36JIDZ;KOt7h8rw&igt z|19#(2FHRDAnMD2G-f_n093wqXlRvID>aJNX~w2eTVRHq}?S)fx9QcbD*80W#AxWX%^6Lgl+^e&<6el zhCs$4$O$M1i@-$s>{#$9cmgyW#xvkU;9_tI_%yg4d=4CcI8iHbC%6aP4}J>vfM>vX z;WE5Oa*L9hq>1&l>j>%ke|Cdnfj)Cc|qUImAud^125SPL!( zH-O)PKY{1KpMi^l9Scf81^5WK3>;Si4WJL4555V02)8W80yW@Na3i<_JPTd~uYxR$(Hd|j=m!0uWP#(H00zJy_%3)D zyaMu%hwq>bJPv*bo&m3bzkqCpwsLS1SO?w%z6$OF-v^I?$G{U{#tGyF8^A`;1kM3h zgKNQ*h4c+r2R4Eh&;u?6{|cT0&j4o;JOL{}1GoTu1eBae)ES%zD#1$70R9tv1>6q4 z3Elu1CppeCpy<{AfP27!Co@9^9|9i(kASDZ5IEoz`Wu`J?gbBk-Qf4&dGH#@sYFk} zdJqGxpdWm32~jz)2b{(@H^!OzF5czA{{k7vq77plCY~r|f$?v9%{*bX@mHJh>SK7V zZO(hR7sZ2(;=4qRzrN9_#P{mLe_2SbPU90V#E)+eo?PfualMQ47`a^1EqpG+fA7SH z?jmjdX_cTkK%AVLDXWL`rR3c(^&*5Uw!uP^Jq5o zspjyX8Xx{sgTsHr^AA5~$zX)PL@CN25eo_N4lRxhM$9xuQ<NZ8BcY9ZRV+IPL@-id(jkT zrWr(73>&}n`wcA*J-^{Yw}NTv1!r|08o`V|-#MJKENAD0b2<8d`G))EQ7-*9sg-`7 zcaQtVfg5t}9&?Lx3tT^vNY6y)P<&`2N1(8B-%7B#2t6Q0exLYH(#6g%B11z5dKadJ zW;8By8m(JMqFOwu(n^NQOs5r1(5g$fSwm?-E4sP97AbVw)E7py4gpUomDlfVny-%X-6+OI@(kmTM{j?>4F8tv9jXI z=9zQn&+jT)HtU4tOIzyJ)vRjWR5F8Wn<{1%>TgCxVcFbit7dH~EUenFWV$ZR>RQU@ z!h({LlR|$ROUmagIALD-@$=`*Kk1~6p*trPRN3#%ELq;X&^>Wm*}OUBW#x048|Tem zF!zMUmicp=D;A$sethYiviYU+_#UL==e(zs!^y#O`URhbuD%E8IDTuqwPTU_WvG*; zE$Qv);R{_iR!6tRO1Cw&Y%HI)$o!rwUnzLfwBC40G~U$OI?Y|A@2Y8!a;=4*9Edef z3renT zvmeWKj-B=8pCgveWn`VmQBUjwlB+9#RR3Eb3p@a1WuFFPz>6RkFz9NLz?sTXa#+N1 zEXQh&<2crF%;$JE#{!PBNe6K3;i!Rpfa3&?7jm4$@nVjue*zKUBRNh7slV(;Uw5Q$ z`ElaP%cCsibhRn1I;!~!ICphx4_}wr*5*Wef;?PTTJ2b4ermxn_fkD0KFpoxm}f-e z>Q?<;LT5{ldpbYO>Qwevy!8(`A1MDu#H3%0eDudQGh92~k=&t7!C6W6nPj%QBN{aPpQ$z3~~2^E7{lN=h-^Sj8i>nLaP zMG+@Xu>Iu93!Hq8CoaCg>EZr_K?vg9;rfIfdtU3Sbq>ng#JP7bi-37Hc_$FqJ)Cli zYaJ632*x!$$D z1kH}*B`m`?dTq>3mY2MP-nzU@d<*iQ9g_b)A^+L;Lcgbj*=qYt+F2%AWd~@NtF+ox z>rB6abTRqIV^hj(o3k&p?VA1(%IX_L-?0w`;*}@&v(TBT-t_~xUhQ2MKP$XvpG)RR zt}ka(tlfe>YqPL5*^@6i$~oGzPgjkgTNim{UY%U#nEx8iXY!3;>n0qr|1y*{n2@1A zzK3o6J)Rt-;pMb5sDBtQvpjxGJBc!iFN!+xhD|vq4;<-yzKh`)e&rWsI@38$RvT@f zOq)nvCur+k*y&$7E_UrFrX5E)WerU^r>L)F&pm!Es=Ofcd$P+3y8m!Pt&{mRmDwNKl(kwIF?)MoZG8$44IQG&Qm)puCZg8Xy0|c9m}{r0oz-s z@>9;LS70cE&Y(%UZ@oBRtm=dhS%7+u}V} zBEC>}m3YN-lhqE@54}aUFHbmu{Nl&SrCud+qf@Y9K83l6>ro!kyre> zygCjVA>U8P_dtp|j4k5+%_-{mIQK3aR>vVD)NwBP+Ppf7(AOEHB^SfmG~ou@riko+ zk;<`rs3_-o-~NxliwW)CbGiO=wa)Rh-x=P1BP+=~KA!eF57535cys)1+`GkVU!ljt zL-%gq@gF1K#YH3b)A%1*+8niCecsFwpT;>mMV&R2wb-k3gtm@9-z!hN8;Ry@bW9PN z4Hbn>-9T>UXL$YW^_|}sdS&OeLoe<;f9TmYgN{3poAH@Txqd0vFXcM1nB2<>hi)GD zz~OxZpPb%Te54bB*2x?*B&RAN5zy3AK zatDW;+8cjE2yKXFGLadCcE!lJH@s}?|2x>kqo6I<(3W2Tt+md&-W{3W)VO=aU?FoW z`u}$L>hm~VpAQ~kZ7=x~;Nmk^RNK?E7WhRXFsdSH?91{gm->;&VJW*zZi)dA*an z^P5io&I>heIM)vxzPoO~IiPC*`?lk(jLD~OoUm}<1Fw|UI-5VBejSJ*o1ELWZ25?; z6*JbsyA70=rM~uL!L4=9`G)TA_@>&u+04TR&a=;RUSi72e0K5TLCUpt9I9*BJWrn@ zS=`HC^gg45xjW8&sBd8E!%pS-LuW5qjBIUuh;p3^?XxY9>)BNE{|xw)@sscWRpD{d_govWH!3M($jo`6&ly3(#C0zr(};c5ze`_X?o-?lnMB^c#WZ{5OLM z;8vjd^4;KIa4%2{-~phrhk$7E=laUy&Gq?75PsmTyVzac(NyXZE`Ys`qLexw?j03F z)A_N6SjV>T^H;>N}c7B#S)ucuW0D~&e55|Q7@+@RN(1$IVOgTlQH;~3g;0r{ZMaECN zMmiWf!s-CNThv+TT_4N!Y+d)-;g2^n)CQ0KBL`W}pw9{5UqHA75;cwu^RX!>`R6JQN3<`6+E%EW6>^zv970jEys{-=k;h&MUBw z*xySl)P~F_sM@)dYnFGJU!$Ddoew)xDJx@uje!k^AN3|Q4qkMmlMC-;Ke`6*bg~8x zEm}<7UC@#{nC;|>kKD^Y-Hx*x20k=hI$t)3WDfShJjPr-ho9{X@D+dq+0J6+SKFbZ zy5b%utBAamIYG}*f1G~(*3Mth79^bXpgrP$LL>Jxd47u8qA^qaU@mN88MZAM&#E2x zpO1-l*&)$S`S~i7>)+b>N$eoDY3H5Lbm(riXR2w>)Sx{R)E=(qF52xxPTy^Oh`J*B zt@475iy2QRdwp;seUR(%ylfDoQbBvoICleO-*9i;zzvx{rJWz6xsH4hQ|4kP;`Lh& zZFyx7g@yJhr!USqWiX59oZWTj?LPdcYUkio)4w?(`m>ZzJQQ7(7ep!sry!$@i_E_k zo4%W>zI*R_)j9A!#>m4=`-`Uj2jxNIj;e?H7zdq-Ec)|H2cgIK z5o6y-qU{=dKgQRA&m8NIv7+rgqtIr?T}#`0jPD`&mCVD736f#SFM81I$zi_Lhc{+G ztNdx~hqIUcNaauMd>lJ~f6N$ulA(Ps-|Flmbp5aQt@5mmvA$In{@FZFR;JWCjmyOo z`CPJ3>T}&Q@?_@Hjk9%s(QeN-JJQ-X@)gr&VwY$4ibhWdr(k2J?xLJazv*OsVh=H{ z51`L!{5I(;eO^Raj(jlseyY{GB3+klis*X9g-({Pdp2pepI>v7B>VjS!~1r=W?~1v zUHI`JUxTcEgXVj8-hr$mx70I;e>i#YI^% zt{i%OK0eNbOCNXUrIYFKyg8VU;LBGS8@pk-$`0xDl)(#}*G>HA8Yi3abH485dll6> z$9xbwS7h$p%{7frH*f^3gZwCz?6^|fc#|}@8nvuXP4Dw;Y=z2F zIbM5?#tu2AY~*a^(9aItv3tyX;vy5QjXwP*@j&T)sdJp z$=JYJ&D(Z71uri)V`HJQlWA<3comvI4k|ve>zB+E6)(BU#wgStY{d1&Q}I1bT;j0F zk~_}BF^S7e+=971GT6YJd6j2#W+0!dc3ilpPw|44Lk}OVI05<~TP%4!+r$wRb0H7+ zv%UMWqq=`$D4y^+&Wngs)XFcr5nFTfFOy>m@+-(A-AF(kOuCE$6;@P^v_tAIc^XDQvuFjZz z)a%%~Ce5Lp<=(Rs2Jv$SHfi2LOiXj!ui1IUj!*9C8#wZ5%`0wE`;dVko^=OwiN?YI zaT+ed7FRSmkz(fl@G8Gz_s|e!@&)&EoXf!O@@Xg&d|j^J$`@57x8V9 z=AxQ=!X5_}IFM^5v0CrW1zN8k3p7X02bz-~05r$fyj^qp1A*r5+S7j!I2dS-kBN5< z1$3R6hckvbM*vK@gDEm|;X;nnz;rMJ91Ugymh{a$VK&EOz_9@P&#czI>3AH+GEffY zfVqH|m4Y`Xk0&kL&U^1e3pp+VCxVl}$>0>Q7-)9A1XO`)Py?0%JxBlZo&awRft6qt zSPe8A*Zn$+8XvVoW;o?&{O4bEy^Av`=+v2(0&{aa57B& zl3P8-;anO)OKcx-=mp!rcJLFjym z{ssIixLC5SZ)!+zjO53hOYnV3Tn702cW^oQ4{!zeIB-7Q#m80Bw|et_w{|It_j)hI z?y}Mq|7{fV{wKH*+ywqF_$>IGbR;7pj%NX{{aA9aWz9${C{8!!jAxKZ zBJ@6A1#4t@xb2>TYz*7KR^8dutKZ%7ttRG? zf9W14OR*1-JG?Dx1`~6saCyuHv_C_0ZT#ESW}U~BcNBh{%00^9t&~S>W|djzvGbc% zKN8Jhy57n0-?{DVZ)yCG(xyQMEJ^j-G5+UJ-apg${|)FJ=;q_^H2#mJ>Tk*LGyace zS@OuH{Nq4A_($^p?}MJv=-2(X>i_Rc+54O4z0jD~8FV8UB@|78BYzkl-g_Wx7$zvS`V{YT6R zctG1nU-gS))^8Iui>HQ=2aNNjR&1CJt<^7!7 z%>MIc;_64apC@J>XI|qLXL@n>YfM~qGV24k3|!}azEsRvz&;D&-3M4 z+?&F6y|Mp0<*>jv}ub;LZfhu*9lG;2rNXRh_)tbv$) zt_b?IPGaYyxd(0HT+dYuDvrgTKtp6<9ZPrnW zbf2})$-1w1cvvIiy{lJf(-O1)L3>*bU77e^%;DI-sr|#ML*)niyP;_U*C%?{>!9;2 zu1#T{sTlS_H=pN}diS))yE=4lO6Z>Ur)wXu%JS>TN~DwaI4jSAD)W5uUI1vqzJxoS zkCN~IfPVwKz{kKPz>jy16zsf``=0<;fvdqM!Kc7A;9Br$a2>cF+yFiU{uA5?ZUX-o zd=`8T{1^B<_yV{Yd=Y#J`0>uYf}PyE9ozxF2EGpN1a|@72mc?^-vr+R-v;-9?|^$j zF8D6EAAApdAN&CP5Ig{W1nvg^T%&%1+IPSI_1*7()kG3GXBsIhpY@J@|Es_3qHBN&G}nh(AYegIwrn!)yEp#5NaCaagA2JjQzPFWTf4d|{|;?1-;-Z@NIBZf#bMf7FZ41K?m3dt_EKRcY%k%tKiTBSfvG}pdQ3QFZd|94Lk!b zAI}mNxC#6W95w;Ez8DQ z#0u?XhB5G7a2|LB%sYscT~G^_gO|X|;MpmBmnC@QQ2Sl2V-I8H1L*r&uLHM&+rWau z?RT`caQrv$MWF9$&6-NzfqL+9aNiNo0rX3Uks~PwoCadxBj6WcH~1ZhFru#m^`HT4 z1$vX^aqtW99GK`5y#a0DJn%{IGI#~#6!QJQ;5@JcTmrrX3Z}6F4rYOQU_SWrbXN1g z_?ax6foqBwIgerF1owjb!0E@bMH(DhOuqoVPO0xJeXxW+1_za~G7pZK%W66}g*BnY z;HRt${S4&b5{v<-oBOVBUyX`nBFc?|3ZPk>*6J>aw|$4p7@E@b4s3uTI+W5d$dEJ$-b!{!g? z38%wln(Gv$^22%3rc;%l>bggNxXhCGQz^C~s5ksCZwq`TNTsubh3BfmHSWvs}kD4gdN6>XqS( zgPaWReI=YFUAl{#KH|!VUDt1ne2$AVIi2HO8|^nnlz$d^X9K1MX6Nj29LoUif3Qy=#*;asVbAd$LtN%^#aQ5r|b^yt>w2)Tz0anhB&L<<5|PC&*~eO zUH0ngel?}{@x17%XDwYd+WV`_efxVtTPfi{p3q*)EoK+0z9Z4)34H^ezGqS26RuLm zhA2qXJ%Qc9QQBj_ce2)$d^+{SO^vEEFZA4*}(K(wX=^ zF{x#Bre$ht6ZaaSPn;QVevfD~yA>>FD@`u7$KKCRYUdK3?xuz6t0JDXzumN%qxh%Y zufQG;7;n+pKnV`~>65ScczHBQyXBaB{b`+4Sjl3h(C&^HI zdiWPFB{wzHCaDrdUXEM8=A*J zSts|_m^?9OLcsB;kvX+GA>E?>m=USnAMV&5P3Dm5RlD@tSyswzudbtI`aP^}+9OS| z-@tF%yV|rjxjhr0*6O!%st)nwbe^*s)Q#*UY7!+@I@WNs{nyO%nMi2^`6lzccAo1y z{W}bgmznbP%UyOyx_A@ei1UBODJrJ;cO)Nkqw@lR#zX=!n$ zS9_QWX}ek~Yh(B7$d;>5_3g9%4s}`4D*8}1R@$TAVUQ&0+d|co>R&xI&MTvfXKim= zu4S92Y~L1|{v26jtqzPnUPRE*2yc}{80#W%DZ(zQ2>Lh{YOKbpe95?IoQkxFhq5^u zeU_P)Nyno`BIht_>R%j?)FsBHF_b5()@VMXyyr6fS=lHn-Qvyryc+f{NA^2zcq$1# z0P3t(i2_NPwe?ZTkX;(NR9^x!k&4s7fs~?t(&%S(wII?^aWWOL+nEmqEQ>AlLDvs#w?5=cAl2pjS1nNDnpAR2fR-Y3Mgf)%dw)!LWHTOW}RB2Q){A91;a z=Thp!V}_TbwfzP5b)@T&ADB{F;F5laEnUuYP0pG0N(p>S*UHz)seHxkqd5TSOf6T3 zr;uQkkiKQFv!~`hG(j@*ZD>zjN4cRp)f`GC9O2I4&EE9VVM}q{OzgcZz9jf@{NctF zGHkWtKatq<<=$_oOW#)8H;0TWg*m3IqtWN7?nLK^G(6dA_?y}?SX;aW>nEG6(RXZ0 zIrLkQuCyF}^=#v)Jht>NWkjBYw>8ewLVNY6yn1;u_U%|CHIsL&)6ZV@&0y(y`Z^`) z4a*w#VrBE2%H?Y<1IV#0}6hnm+%YJn5-EI8Be*r(5t|nZ2tL#ESfdE# z{wB$P@}r>|$485_X)O6M-s*wqZ5cGCkD?sz&3pGHs-xQdxJM>4vkx%qFW_1uT(@tg zCr2vAo7thR`H?Th5j2~&QB3=*?TS=K$q|lu9z=c_}IW5+Z#5DHIZJ3nmM}SHU2!f3l6IMt%hIYJla&kMx#TT za)szn3*Pw^3nBL2|sy@6F-;D6d$NMH_W> zDa~rVdQnjlX|Q5iD>#;-?`oAIXR-!<&5E{)XOe+__#(-$v+P8SsEsy@;>koX{D@CC zx%`MmEoCS!kfcu-I{SSjV}l$vs$;KaQv1MHiV%vj$#b6i61Rn(cF zc(t(rO_V6j&Bwmz*Uu!MODW5?Ms((SQ6@{9>Ysonh}TMs&o=TY3Uo!9q{xT(ZQEW$ zE@_o!@HTR-nY8S;jcJVyG(yoq{XU%dE`P&ns@0aIl&DCnxUZ2wY3Z_BU&}q!+(C<* z>5(od@YnIe_Mm{PiuV^hiFJ)P@BBPeL)Tw_(o<+5|YAr$XNTR;6nyj`cR%%y$t>orIwQoU^EyqODt9sIp zMcZ{+^{~bdc{Eu(T}w-A@XPgUbZifn+ajMg>VOvJX!#5>yzwZ6R*)v`y4^0bC2 zerwdR>&rI&t5Oxmmwb$azp7pI+ct$blS@!G1s)~coTs_pu1oGW$onSV{|cCuhrLsY9; zv(CtlN;}ZB+4?)WV^@det!a%~G)liTuhFx6*CxGHeWhqosj(NL!+MV4HM?BXH&%Dr zx!=e-p}bQ&0}x*|M$4}ghplz8SF|o!XYRMrl6L3{Yv5*TlkW99Ii^P?1G=KML-n#a zBF_y-%==`*FMJ$B_#6x-idw`196N|1M#!?SDomknD-Btf}ld-W;5LoLvnpdCYM zpiI3fFHcnZt1yy!)h{_w-o$g-Khnl1CeO_3Zk+P0#98i0Yh^#ilE;o>vdEHAeaa%K zwc?z$FS4!ThsHJe^HF#v%@NI3{z}QKQB=9)iK*>&1=#kz>J|MR#7h!)6MHbkYjIUp z+Wuat85zA-jL+Q zJ>B)a$KigX#%A&D9P_OD-AeDsevtfHttd<8I_b%9jL~`n{#xJ|a)f{BGQzAoLR3#$ zAzRhXtn+xop|CG+Evq~VI|53Ztsg&`-zzxC8H7{(%*2T4LhpJ8da;b?;ostaEN^Sp zN3;qaZnWmGRDzZVz{xoj-7;lhhpM^yBC?$?WiTkSy+(U_D+$ zu3ctV(iue+G}{?7>^vvwZqcZGu%m^)Q%EC$9oLo8NV>P=k3`{-Myq8__TGIodYKWP z%RzD_uXaY5ho7ichOcFMEuM%a_%83aUJvJv!a|Rp4TPSt3oiSe_kH0(SzeyiD%I<*4v~8nv+dkx! zmyv4UOEz}G-uf@}Fm zp`^+8Wi@7Mbd(3OJd%Q6^O;`E(7XFKBz-&Oh27dxieXph}{7vVi_ z?VR!Xy{|i;{QU@~*OA&sSzC;wo2=J7$Np?}?^RT- zmp{qeBLf?C4%)VqQol}JS;PwGz@PigHCe`uq!g=ea(+vm#h{pHA9Vg=j@l)2DChTN z{3m^yYOVWBN=+Zl*6Neic_yW?5?V30E7xbzHpMhYwm<1s7c3>|*R}tR_9!B}i&1an z(M4mmc1-G5X+8sQR^X#gOhJuy6e!P1q$m}C{B?)a7E%%88opaV$2rbSH&sbCvYl?- zKqZtQ_vzODXF_wj)l<7hpI!n#N*U=&$>bZ1S;@tQrrHVpa@rEoJ$X+?y1EZf(NhOg zU%LIZnciqN1^;{WarIA>HWLYY5F1{IglLvv=S?H+tNxB@Yr1|r7|qbQDI02IJgIh; z%8syp>_%AI&QfcK=2>`?AmOX}r@ZP?yO! z{I(h?e}&H~zOzD~FJOJ5w8giLpX9r)?>D&~_y#d+%E;_b#3b?s`I!E7OBuPpq8LUOIhSe9*PAVPCT)Q9Y1b6TK zP_|C(EII|g&c|-2+EMf%wc-Ir=40XaWk-?fPrsu`C8oB#>e*AEOLp!RYD{ex>L{m- zHATtCDMT$s9tCW!9CAI#_q1rm?uW?4==*w(aLdrsXk=65^NdERsdyL~Vto6{Dfq+b z@@YlR()vHtKQgT@b*ArQ(LdS!U0S~Q`vL6Uk#sa6BcrZAD^EJ9lcYWBT!Q3@!{?ix zdx)`Vv~_8_tL7T=YqqPW)r*;ilh9CgjlM_0-!sz}d5}@tYL523NP^Sv zd+}>eJx=>O9&8;m-RHa=EULxdeeyZ#dMrb`Prio6q#MViF;m@Cdm+;G@GU$!n$%5k zN8@F>-6!_x7W&TLeKI=dpCWG=a}mpVpI3HwNP<_RapZA4Kh41R-UXR%4~X>I=SaFe zAXCYgUcyF`@cVdv@0}O+>b|!!_0Ee3vw{e|dxY_Fj5p8l$G!|R_Q|X7V&wE~dNo4V9B|gLK)>8cDK(6|-IffaU<~Tm>nVvLHA7wV$Y&bCb=&!iLdUj@4 zI7hhqv)6ti<%dVs2y@Eu*pZQUIFxaBESf&@zM=CeOFL(;$BIYr86vb-@1KoSRsq_& zuU>`pB244HKPmqp{N!Zj4vIIWf1^(_tzKASc7#5&bJUS7RXX~`k<|3dqqk#8gg%zHbP6&%4-Uz1QVWhU z5sQ6$3+zz03>%XC#%m^h)&z&OXR8T`O7GRFgj93IETVVWNWpc`IS*e!7U>j2V+0$X zf&bYH?F+%_oUJ2ggqX#&Q0&BiU#kO2(rQUK;`D2ePb2HKViMO8{W^FQTeZWK;>QRx z8JYjcs@|kDv6Ia_aRc$-&k-9**N?Ay^o=Y5HpXx_dv?=%Jd&bR{FV2VPPbw_o8E_$ zcFn;C$VR4~^QCL0^@&nZn9hT!GyJjpGM}dY7&dy^s59kEeBdu*uT%N`HUgqJk;bx2 ztl^{lXPAhNcs-Kepnb0z2h#0Z*IQ6Fo~YFo#WvRx%e1So*=U@ii(11QVab&%bS<9UwQ-@Z)R97|c-xn}C z7N8%B&C54%owJDwy7Zjl#`fRkuGWwGz5i+SndZ4#AJr4(SX|vNr=$Xo`c#=(B~{He zq|TS)9xt@2a&#x_$=!<4uV~E9!Gb^Wd4@Rk}@$G5F3HUI_ zCzU_dYoC9oAXKy3SqGh>T9nS=Ny~u(MoG=|t_Awf#CDyJXQt@uWcZ#c+ItwbT5kZ# zKU1`N-)w&d64imNlbt*hdwe_;W%9da>0_Sb>9rN)n{K$;Obe3N#Ac+KGy5~t|3cU7 zj`fw4q?P`W){!P~HT`>Z$Q)tC4AB&(hVY`n* z(xoR9&CE4VtA;qWYPC)~18jMA1xWiXREph;vzfBA3gho;kTuo*TCKu}M>UkP#?YZP zcI~!U1*H?QPPRs^0@}T?mTK)35rx`atM~Q&^-JZ`o~L?_+5^TrU7Rh);%UvOovW*; zSv!FGq1fINPb;ZOD|)Aqw;tFx*flDumJ)L4>5<Nj zO1tO8DcM@-=T;=!?m5!>lEx1ITPL(OrTVm+*ygmm12yI}Q@cu;NDaDY$0O;Wb|`3P zmEzL&&T-VOyms}hl9WbRf8UT@zNv%LFx&wEaZgU%KmFUZoRF!Rc0CCO}J9SK=qtel26)Q2Q> z$yShElP`IVzq--W#d4C!$3SkHb;q)%YP@YH6Bc>FlADbL>j$fUO`gBX?S5c@Q! z(|KLqpmt(8M`i>tM+!~wN$@!e`Eau6!~7&tLY_@3+bU>;o9Y> zOl{gbB=bVZ9}^=+-Lt<<&gqC2}Ez|ZuR9Ob;6 zhhJzUF9*#^$<&?FGsLHn37gf0vX;F=t{6Im_~c6YNq9$VRVTY}P|LC+tx@<>WCkAg+V91z+HqQlW@xH+G%^UzAImZPpPF0KO%cv&HkS<;GZx(L8DKL8Zqd zxe^wm!6pQG=n~GsTCcd?GPPI-fiB0JhNBr-fFsk&@V!OX^3*kLfpi&-_r^rAL@;`? z7#129U1j(-`j}S%1@XsC%fY4evqDG4RR?-bMsBcoO}YwZ!CYAJLDn6m<7Yr$@M`4+ zeUcG}H27Ed>&{cSyC&~L@mnbv^nfPE6%7H_;2I{QTcUpY0 zaKBb%gSAOsD>UdFi7oUo$ixg59BM;<%fm+FVo@2**a!h%#I)UhD%UcJY<&;*q*<7` z%xhxvE6rmLnK!0k^R351k8Op}^JatC#RIxQGbBCqmfRXNYgkc{zaQ?fmyF3G-d4BA zamb@-@)8ENi*@}fUFTWoNNp2EEv`W2l{)t89^dvCWsny1n&|?vD@=Fb(-r4I2Tg%a z$JePA4(ddcI`y*7TfsFde~IKC-hwYz`WlJLz(u@eImFZk29PmqBpL_4wp9pZg2SuC z)x%hu)epA9VX=RU@~{Hv`}~@)KrOT)Yfb1AWw3UjMG`!6e6d(hU@g+3JzCRjRNkJN z1Q|bIug%jYX9_wQk0ZP27x&QppUHlrbVAMC8Ho9la7@zVi$G%1NvIh;E z79@^3Y4uW-miCr@NTcT#eWMp9jYzA}^J2YCc~GW9?SiWfv&IXQf!vd?20r0c!v}U` zPz$=)8#;_t9c1XD+2}8M(DVYFp<%Gy?Y@oXv#?&HSy)1| z+qe+Vjy_EA)O?%hosar353pKeRjxrjVntvRZAwH6>A?35<3xCp_OO-&{}q|bdqyMm z%2d5+Qc>vX*t_O?!1v~}xnQEbdl~OH5q9p-t5!& zk-l1f-e_N*#sfEAB||Ta{@KH+PgqA+vG>vB9Os6$MtE)mUZ&`qt#b^v&SH6{mGB0! z+1M=fDtN)Z+WLT?xxj(#f)}KwNzYIRrGtIA(DsJ3_nXx!8;^mxupb=Wj@fu97jinS ze`w_}_6N)Gv#lBo*`5=Y9}b=dzxtLFK}k zE&7D&Au@trL)l0bxI{a_#Yt~*X$2*q%Zvw!ZD7IC3~(f)C~z7)sLAsDkW4HT)F77H z>1{H#bcp^Y1GQcfEE+J{xQ{uKyuDwo(yVp(b<>0$@SShFMWg6JkJ^RwTRiRn;XY`m z<+{tLn^vJm;dax^j3YyA!d5QZIGi5aC=YJ5QIn07SS11lV$v}9gsfX;*Ul!D-RjSX zZj948a@FT+>kt(fZMNwdEG~4Lsy-SH!47@gq;hSa+dTghdnc~bD5=O>0Qi8I9WqZO z@l3B-R_WOj{j4D4G^4qV8!AdcQdGVwAyZqJzTjsYJoB_wY76+@w$HgGpB~C-Xi_FTz!F$^1BP0{tPmWH)Nbhj2dd%n2m*d(VL8?OrPRwEE0v`!7%;Hl8$33(aGE14ig4E7cea!jjh93=WtJ~Tw)EFOooFiQ=O zK@~>IZEBCn3esnur0EDs=+NB|YYBEaBP`Hn$|e>CRd|Em5EUk>1XZVrPl>D8Z1Gwh zneDRpDYG_s%tTU~)PA&Jzc|=-@2J%^ycqgv_(SKQ=gb2}&*tM2UZsNREXJih!If3z928WNxI$rBdiG&>1T*?XhyZ)9WNye+Br?}H!m zlnTdSjJx20ULO@lkMesFLKCW1a$0CcI2M1CvhEpxwHL&yH1wzi4CFc?t=I z)4&YgAJ!B-VzJYMRafDvRD0KEmKcAbk--Bq-L_*4yB(b%>>QvYmLrY%sdY zR>#8~yiX}m4_$82Xh!Td=Em4J-{3Do0t0kN#6fL^D{=8?e`uC<85?2{u8)pRlhB|f*hGOgIC}*s8f6& zjYfPaM1#QrZ9yM`7sH{&egkis^uhy3Scn{%K4iRRUO`%N!}ynRaI1KtNjL>ZmTQN6 zb8f9J-V?!E$P6HwXQH^m@D0yVH=|5)3-UcNISf%)coE*=Dcd>C>=}H9r$LG6esE72 z=yGs?)CP@=Y~qno1{8-P=;^R)B4a4)4f-Z{3Ksc6cJuj#a1UIBRz^cwh6diO#VoP7 zHol@Zo*L^#wfqO)7pb+}jMi1&&U6rq6(~oyGgZ{&zxuF?*V#} zyxH(hgL17JL|42NIEG%ATCKQ8! z{Cn?V5K|tVtv9-(WHvghTE@A={ zTV1Cz$LZS5I!@DGwL7In*>C@iW_dp+9PgdwJ;^C|J1VyhnD`W3`8UXT8PqI%n+__gD?K%O7|8yms>PS(`zg zV6|3*28^&`Y?{_j?bdOU`>EElSE`IBe3p5YUrT0r<`sSgqm9dvPP75CVR{-{gFP+u z1mPikCUj)K*0zVS;$dK8l;_qhdf_?Ogeyd#?zt&st@`ukd3KuAJZB( zqxY?v-w!`F_wR{Ro_QOV`-a*qz75m`;a*NL>;AP z#Ur7<&Z7GAt9oCO&c;i{RvW+b4J*9cw{L;8*0bURsB7Li979~tY}JrB#Ck&g<=1~u zA`!;XYD1o(+Ssdk@ADk7FROWXXIJw+D?S)|HSYszT~ZviKzn|dTQB(q{~Wyc%d*e0 zn%CO;3)PQ}#v3ZmfZnEO#-eM?{aE`;l*3C{Upe+_-iK5htE1R^ztqm&JX7ATJtXb= zE%8@eJaV}|{!V`ISZf_^HSc|T9>303@jjB(6QwONdjphj&)928!z$i~)LvHc!l|s{ z<%mu%y?cGAy)^fSm8n+8z3za>_MxYiu!{E^s_SKCvCk9FlwZY*gzS`#A6-VuapkRg zb1ZJN)nesnTW$@Gz5T{k@!ATTV}uJZA8<9n(=?B(a%+ab$bym>DYuFjc@7vUM`Kn_ zm*=ptIQtVZN*K9+x?SD(UY1_P8&>WH+s4Y>-^q^Jn%$QqhYPfB$=2e+VPP$9XhGgr ze?WeBc^^HYmHG$Be@e<0<4r#rFYiq!)c3KxY1Vh%r4r|s^rfF4g97F|%R7)aR%#Cz z$|&c9Hf1Fe&*5$_^>1YL<4;xgNWZw8Kg{#x{o%W^YaPEO`n3o@`?{9#u53T?9Eoq* z%vKox;RF9KdAa60kG(qaHh1KVZ;Y`z@zdEFN7qWG$?q>q8`Gnu@KH|dtnzi+YW$DM zf+p3oX>fk5)T%!F&6=?C)y4w97ml&mwtLkA@pst0>KUD35!>D0sN~(+H;_H6*lC8n zsu)k$z7PAh;}m0)ck4asVs9vp`?fa}YwpL|8;WO$7nSlR!hQs$tra%=1dYB*m0-9l zXCWwoT~f+P;?J`DGP=)G?oC#imzEnwxX-y6(qWe0Z27B1Q}C=t&NbjMv#Zi>jVZ_8 zRq0SYUET^1y<-Fx<}C4Ih}Ge*#cc0=}=cL-CZMvO$(>^BlWsv1jcA=`C< z)!gh;SE|NoslJ!}Y$cnILjw?jLTXIPj2q0GMcRnMg@_k3MK;%i zOpF(wF~2}m%=T8t516Hh(}1GtHZMRlgOZ8;BRL7_ade8+IaOF1Ipa@l7RjRyX5;fS z;j9i?q^r!hpg$^oIm|@ZtX00fmR(?xyl&|+)A-2oQoTzbs2Tcz5fOBwavoY{1PjD|k z7f4>Otv?Mb4v0UKHN_YV4QUxEA+IaUtZ(!>J3mhsxB`EKnMLFBkXdFKfW|j@`(^9- z@^L~e9sUm%u~m{lb_t#hzr_OFkm^%M=sKJbOTf|E6ZG&(I3Mr;KWZH5Q; zwZ=MG*fz!R%$@rf!_|8nUqayGCF$PBG$*FF5?9^tI8h0LFm%{dakR!Wsx z9jL*Ik7atgLG^`<09Lyc=4xBk2t2?Vn*38{Ei7M!oChq4Nxu1N%$J&+VR4vIvESig zZU+v8r&{z07Fi)l4l=xJwu?T3)3o#|HiNRLf$PPqHjz&_yF<9J`Q?dOY=9%)p%td_ zE$h5byfNf06h1f}1ohG$JZ|V}@`3!&WAqrd)jZKwJvpFOp)oRg)^ZKH)v7`oz)QuY z7p`$3lLtId6Z7EAz8BY$mngDU>}kVVWp)HGq%m0D->2m^GO(FmFh>@L<; zr)3#AK^tIaLtbF<9b21Xt2w}`tp*tMxU>0+@p>2PQ=g3=ZTF}9C7sJXKQ`zs=#5qH z6FzOm3r$sMQ{iuP3LIK!Gg*mSDnf;y7S~(+n)Sn?$vGYuR#K^XpBLp9mLHG5B$`YV zm#k39cm>5X4FBvsOZ@1=qb}8ZfO^3UD@P(59BZ@3w`7m(EW`D~v&Xk)k4I;Z$7GL3 zWRK*g@_b$PI3s&JGka{z9?=>+w={cXZy3HeXOFGfnaB`8j9* z8IBiZkIV@3o%j$(JbsSd*&}%^d`Hi6#J}X&pFJkB$HDAzbM|;jWY4u|_fnp}BzwFt zW_f$YNpK7{4&MxJK0q1}?SbyGbu8p!nv4f-K?|{dw{X=qH;YUrZGMjgbPjsT zevQl4!J*%qb-ggx((=P-B_0woZV?Se5oE!V^MmgIy;yTk`+3&ptC#p%cpLxCei!tR z$YNha$^J#$oOYXKx61F*)8KhO?AJzABzTA;=P-}elVtxBonRzSTP*7;DV{sfeNC46 z6wRtm)^i=>>l45PlCDKV%Cre#1k=0+8eVHsSO@aTRt8 zYmTjD56?(DyTUVAOLVm9z+=Pr- zZ&++BWASe^n!jnWELM^;Qs`7I_-w|Jyc22(vW*XlO{^4^Y>gA+1{q1cQPP3w8(|5nMdpxoZWF3VtnkUZCNyYueAb zWrBAL-Y2*~kP_?={9JIyMCZOMkdbs#1?LFP7u+PcRS?_Xxp9K?1qs2|1>X^jt99;R z!4ARC1zl5|yF_rO;Cq4>1rw$^cZlGvf_n~d?mod0)0~?lIPgH{juo7LklG|j3c3W( z3x);pw>VcVm@7C{Fy#>E-XVBIuuHJ|P`xAgfZ!v7PY7-l{BObM1ScQn-06b51Um%x z3w|beO7N^;@^rOdFetc6aJAq%!50Nz6)ZU1xkkY*!LVS)5zd_;I8)Fn*eLj*;2#8c z3VtkjOz?t0YQoJBoFG^xc$eTJ!3PDm2)-)#k>F9m%Yw;~`YAY5aGoF~xKePv;4Z-r z1-}%$BzQ&enqbll;ZLwk@NU6Hf=dKf2|gmYPOx3DQ}C4FPlEl9RNDpT3I0LwWx+oQ zz9Tr}X!TdnDp)J%7F;5@Q}AuUp9EFMICr9;UeGD%7JO3hDZ$qSI|TEN)qTOvna({f z7=N5-CzvLfBS;ETf`%m!0U`6@uM@*90@>IX6?#BzTwL7Qxp9F9==~{83POl5;Br?-ry5LxS1wbnX9oZWr7s_@-cwAbz@YO9U-~ZwPh>rk>&4bioG%9~V3<_=R9t zu>S(lTX2!!yMiAHo)G+2@UMbb1=S6b6Tvxxq#z|25(j=NdjaE0K9)2P60=14hc)v$p zsy$cdJ>~W{`{n)6H|g~zAHFGHZ|aTm`f%-kaXtS=bo-lq`SaP|k#u24b&Yo_V{Uk| zPKy3m6IS|OMVWh)`Ie%x?90Sjjh(OTj7_=ny4MffQRQNtvFep)#oW6Dy))I6J6`z9 zyjrF9QFGxRoiF^O!-an%pC9>sc+|gqDLfwo_3`m;cwua7%-yCT3o!kICr@RId(QdW zo;|)cyvpr~-yDzk*>(4%ZZOU{RpXq~1uF!r1g(PAf^!60HKcb7Io|R&94~h}K5EAs zeKD82i?i2n_TRU$Mj6;+j0@rp`asu1M<0t!~k!^6+S zn_QtI5kBH|HtX)(Nh&8U?gH)MPpnb+x0NrgiiZ=YBqKqQ46A)&b!D8tlC?J|a>tBd z!8?UDjnQIZ)9M-Xou%qom!Fxy`)yZ^)-z#fVpT;&Wo2dQHZluBjF(J5r%dQdchUH( z4%P@au1HNxm)w_rd+xfQ{Oh?N0FHu+ZutaBqap{Blo6(wg1e&jA|1ouB+tP9RbBdZ zQ7^+YZyxsz126=GNU{6;vs?=4f|GtJ*5zaxG2yhyeSg9$7938 zQ?nP2EEpvb$0qU&M_D!mqdDT&%xbs!Xtk|jw>65ab!^q$bF*cY8yl9p7ur^MjGrbc zU0DBhcS`-P_(Fw>+}6t!-x+@N^b2)9OB}ZF{qE@cgga%ayZvykZQl}$*Kcw0`pb1K zcF^ryQwS=y_5Bsk*58mTufDjvN1o%kY9^*@>aXIzTT<#ubUpLtQQ_t z&NKOPVk6r1$V~<1Osn4#8&`k1p4sLWoIU*dfZDN8?>}AU{p5)EmlV8zlFD16elF*k zY*|l~DeI6CWqmMT)}CKqb3=ULWgmEIGw-WSj~3(O;m3G)+jPYh)py}|TD>l)&iHj( zV)t&>^;7Q=zK+<_rhDT#zwDd8-@G*z@2sB@zi`X=ikq+4HT>EYUmt$uiW`PsyyEiV z7glU_k?=X*7uXpSN)=nXV&bQU9~gdM^4Sx=6UD1$R=mblS>)W^Sid`A;-{A0qUoVn zEXK`aCyNN2?fn;X9YN*9D{ALfxhYcUO?vK~4IPo%IsK~XvG1xsl@0HAwd#vv_p!?D z)8QBJ`sJ@*sB86YhyLWUr(fL+ZZ7-mZ#UO(8y?=;?%dK?{pnj9+_Wv19=2KhwzU3w z7hf8ib`I}s6VJ_5)hc(6_^y6wY+;ILc}}=}P|scD%jP|Qe_FzSw|Xz(eAW@3muoM3 z>ebCl-B)IC&2SnMPGhBUIzE2$HNy2Z!u2)6^)R4>y*~9mGK3#ob^#b9g_Uz#&zD<2wE*&>-=Hc;s7jA{7um0(p8)6Hs zU9no^&iEw;zxI`zxwF#jX?{;j|ldo#(%zW3!I)v(GL3 zl5_7-UGqL;?{O4|y7y$i@9Xi?UzBL-z0c^#-@Y6*@!_ujvStWW|JApvjrxAS-XEZV z5q|*>p*H)ld?dv9N|re<|#DicK=z3l_t$)5hGBbjMWr`nR4sI9lZGwSb5a*1lF zk+17=jY#zmMZN3%#nNq_c}-*UwZ}#4dei>Fm95daQD0Z0Ul+RTqMDi$)RcmL6?ev3 zmr43wM`~z)BE3G@pHxeF2NUUzj2gEo*`WT(3NnclEb6vEoUsbmc zWHRbeZ;!Qg)v~BB-McB(p>l*2I@Q=bE9y?9db)<9l%7hayY;wrt-XK{>r%-sRXVf1 zx4W;mNBGJdr)pE}AWE(4%F-z_(AU?S?$6M_Wj)dQWKS}k=$e(SDN<|cy?WD`PUaDs znO{@WpoVt0iTvl*oiyi^sG#mlv@YG-9p!6|lAHU|Nj={|lQaFIk1!H7E^2LvMEyk6 zKh&4Z%<^>05ir@)-rE6odWECH($&;8$#iPnkcv%Z`cpmYi*85jQ=5|Ffv9hwtt-_Y zZA^;vX_YM|Nu~=Qt*cp-^mV{5eTlT{$(6Wwr_{WzuHHeaOQ`t1J`pxbw708Y(adx* z(Q%wQ*O3yf2E_D+ez4j&kWLHzBG)-RS!@drfserCDmBYf7JOtRB02QKEs_rSLGOzx z3h@9gyOZ6$=^@WM8+&>OGZDR{iQ))2P541nGX1^j#QNl{sCiMtswk68Z_>S4pk*-G zHd~|-gXyt?(xb$HFrQBKr;_50mA)O4*-Vs9UNn$OQw2?ie~tNcqH=l%(n1LAuQ%Wv zbv46YZCUMU$~YF5XD_Qsax z%yFkinSr*9nnf2<5(xi@giHcvRTh@ro#;vR4M?hs_12jKJsn-i%&96Mi|jn=ql~&M zMlV1Q@-j&ZVeW*e)g(wAEo|#zFMc&OEy;CIx3`$UIUP7FTAmm}=SlOmcP9GO`b;!; zj+cZJ=XzDtmT2F&KHaPKfe$adSuLYBM3Kj-mn1kRXp4;azh|JkO?8VrgQ_FXtOZ#ywjf^kak3V z3Q;)=ZrPMdL@SpqI(|)}Yal6EObHEnrIE-)jjgTAFIc>+sdr6ovH~@gfi>;Ro*nlFsOpUc7Ym%%+yvreI}Px_aBxOH&Q~h_=2Z``hcHwa~Hy z9qF5y)smx7P}G+E7gd!=C%wYND=4sC#>2YR*Y^n-?qp}8Yu%|(s8{$fNl9cictLSc zH=R@;dQ_Ikk=Tm`Jk9DBVN9|`)kSCo8x1uOVW`V;5wFMcI@HnnqToM2sC9 zn=e?bmpp@IW*&#KEWG3^oGDqrFOg;J4aT8AA)|ZFtqA}@HF$9bh7VS(8asHS-1cqX`d>C zD9Qf8q`vxA%AN(c31vlnlWc7t2l_gFH>?a=RNUlp| zsdid>M<#LnW_b&`n5pYL!$_pwi;YKnv^Uj}0cZZv8mvARqh^BMm_Gp}ppy&ERe5XX z=I*s5`{qw5WN-LteKIXg+bS1IYJZ)SOaH8>E7`MNcoup*iH(7p{l%IUz5U7g6TH8f zLv3%L`Li++>%16cF>NGNj}il2{m~|`z{F5fYIH$=P^i zYG?ri` zqa8t);8MZ=6uc~WMNoZ=bH@oT73?V-?i79beaSmTj}?9SbG`Eysr297xhz5_Ox6tB zwyG&t&e>D5L$T*=RU)aT_NM>2XnvXK{t3aC1QXw;Y$d_l1jh>I2~HAxS^1`~zO?(< zUp@KQgAe@R-f!J~=k42Xz4?ag|LzkXz3Pffhx&UrtnWy??|gNss`^1qqg7QushU^2f3RU3Yr!wZYXGI zkggC+T_hR{W(wvA<_b;{oGe%&cxtg`@Ro=N1oH)_3QiZCAvjaeC|E97Ay_4Nm!L&J zZ1Vr~DMwteC;R^g?Z;O5|A*}L-OoJz%;V2wKi%V5k@)LBOq_GpRQJyDmv=99mE*GK zwG|uaSoYgF<72KuPgI;V{_@F!#r<~Z#!1=^vdn7 z6>L+e@&-V>aHHV6S-x1ST<04%^r#z{}SOFAOxiiFM= zEzIkTH9B7?oe^}$>Jj>5rS!#s;19+@kbu~>CPX1@7^8Xyyu_q zyyLbn{^PB;+;rn-uKypOyyohUe)xk|UViD&rYwT0sy{tEJnU`4H+3Q_@*5qhs(;I; zw;WZ~UwxV@clyuo`OokB&pUp>^?&l8-}RsO`p?fj!}ZVm&#(E<|LZ>~x~h7d|9q$a zJlTJKUzJr=|G^@}Dp7=KK}^IsZk@PxYTq{DJdb{`2?#^F{x8`%7H^ivL{n zGUrYHbEE(4vd=$qz1x58d6o0m{pWeFbN+69y4lF&pObd47BXw;FMr&($4VFQ|G}M? z3vo~yAw>$Y@Re|0HQ9NeZ&O@8pL9V?H-c_BEXdQ-lBvU*G%qN)SnvhGlY;58&+UR6 z1=|IW3Z4+`5MeKkvhT&#UFT zv~2J{vCDt8MOVb9$Og^XgEpS)KTq(V@6=~psTJenwXV8PU+nA)xwDsYXLC^E{<-$t z*>$-O6KrxTyQAqqV4+3$J#EUKC8c~9^5-x@@(VkU!Hp@IMDO3!NbSYcSb%st+eNL9YrzI{e?G1hsQV8BiWD&4h?@pIiB?fQ)_ zxqbIcau=f=kKxfLd434T>o~S@4AUL6zvo>FTOR{W^wF`7@?1?fI{kh>q!C%jfZeZu?hYW&}mz3+Q7yhq2MVIt-KhZJZU z8XCy>orU3I$zPQp$aZh?SLAz!xwmvU*ImlybLjy;o$K+JWQy6ooZm5&>CX0MyVH79 z+nOfZ>Y<)=DdRT{_oe*#N7nlb8XFh*U7P%#!EC9!zqWRMs?o3M=*|yiYHK_Dvqirr z-#t8-$(8(`OtHI=?aCDWu6(KAFZE}1OVy}GUG_$e$d)$w`Chv@cAM)iQYOE1)x~rC z-h9DQw{`fZ`$Gfi5;q1@er;{-f>dKotar&S(M0I6>cV2I?x3MV>a#zX&gKT_UDS3} z*_G)}ug_9r(8T7BjumS=SFLT%6iO!*^20-?WeVBeO;MTk{)YZ+cfSucx`zt|h(VDm zXsD1KOcyr!bwl}LG20c~%~K;i3WyQQGF;5`h}MuVQ}7*OiuvBshIAp5^3|0v6CG+= zwOkeUWO}nXvXLVb5qdDw-Ji~7yNh8DO2!gHVu>sRlr8z$L0CoOR`e-7B0x_{!d>xY7@1h^w=>gg^lqrbqihgNB-Y=z#>xwCV zX|{mWK+sZp9h9Zt!?}E+hYs}kec}~0z8l7Iaz>K6i*#9psU;U=$QvsnnFCphB00j9 z^Or348N;4|OcBB;VX2fE9D=^3yx(2ONJ!KE`t(4yr```MRKY$&pUwHjQkps;aGB=T zQcE(FE{fGiW}=xX3}$oa08*z*l$wE>Fksp*yx5qZ2KVNN88!_?##FDrAa#T^R!62gpJUKU(w-5QMZ6W`TjPb0uDRjC zE(V2qWBOgfTz8SFdQLBf(VOE6NGbu)l7gELNVL$ph1y6%72j0CCN&0~ui0ac^7!W|&V*U)+={r8m~rTDta@&eiQJ$IMgbQZXAW zYg)OawT0PbnTct=d(hk(K4@-DKIn+DGukzT6?(ssFT=_T@{@SlisTva{v%PJgabW6k+oDYLN@v}T87Yuj5oR=0MpUDes{ zCo;5~l*~DvL~e zbwfUDzbQ-lp#qpC&q2pH{aiPYNi&5M{0xm}e#g|BQ?^es>$x>-vl$d(SezEm^tg(g zf6FRYi@vB_t`&a6-8x>3J@;-rvZF6zo?2#kAW zK?Id;!uVp2mjz+f*j(l)lk)49JL@pkb2^*N1rwf;Ei|BPR0 zR>WMsba``AXG?01P5&AlGkc)q=;Ie~?7~_-?%Xt#@oPdRjs|G$>1$z$^VZL=U%#M! z{Soi9v@N;re2=<1O8SCCC$QLkIdb62<9-0uD8Ya)yI2p@Lt*tHXO{+VXg(}LFPBVs4WG}=28nk|t zj1z>=D$FuQ%-ha@v1%69Mq|6Gt#x_x8EcoXT-p|RIkl_I=1W0R=E$~Qce%W$Y;d>= z$`mfoP)JEQy60vJc@Yj8rotl2Ma9KBv>D1{;?ntT%a;Un@$0g^H~^U<%;x6TV)k6K zk4$ z?7)q?C}}iY>}p#o(w>$c7)A-{RN2%z*9v>8sW|K{h9+F7nYm%e8QHRpi^o|WBy(5> zaNL=2jbR>k1*Y7g83`=p2UK#|T^i0w-;78En?eljU36im zCM^CJGH)Nw%CYFmbf@KJX{;n_2)4;Il-H6C~=bTZb*$Ptie;BgEgK!>&bW4LKV!2tk6G{&$ zrBSoF9*dB0Dtg-^TI^`2JK~pMrlShSE6jxh!}w@$bTE^J)saLkb1EU3HOk~)1P>#l z7-JY5Zc-jwuZ9XoqK6@shZcD83FX~zVw3qGOVXuuN?+yC+bK!bHmzFK+M?J;Q*-C? zwv{$9h%ij!Bh4p;H3BsfYAp?-F-O3a^gZlGP#%*++nTj4r>|Px-m)Z|7dG@`S>Q+3 zhqOnp7?+r2UMT9|ruM?v7svbVC?8S)b*cf!r;(GyGZ-auOhnoQft>kEg_6fygBu~V zU0_xOa_eRhbh=z8v&2y7s6!_wBh5K@EeHg}hB-ZuhmmZi>@l|qZZnOlG(n6&GiqsA z=8oe?1*&Mh3z!(k8Pls%lwsa`#?Nd_cPs7$@x%vCk;f_~0+TNw9ofGAk~7=#-KKuc z^n+BY&1o4;$~3Ex>BAZ(01ZihsrO5X}$AK-U zEnk93*0OeKTl&-G{0vX#qoTf{vw&P+4b ziykiMWvpO2l37?bX%K95k{4Bgx7UFH`gM(FDKK7vOle{iYm-&cw}?{V?9_|P7HRfi zbcTykY~rNI=Rr^!u;4QT1m6bp#4MFmfe?vGNWe4akDr>68#8+DBtgrGje^b?iO8mg zI-yguji+5`E#UHE8lH5bBIZzXqheHQ7}y~_&zr;PGVWc=2KdVowM>@&rCf z4!14Lz9ECgh>ObTV;s0C=#|VsZ+&E0y&fusl^bGn3nFzF38kBs{dVWin{!eOLUV1W z_^9u)wdE!sXd?Y5;%^|J5C(6dZxDJmGKmT5LPus!7-x(}AdAD@-4;wv`784lM#jp6 zH%ihA-RUA0bWeuJym|P{$f{8GE^aDKaPy&z>~hdt?gk?r229MA=n@B8shXsjO{LPJ z&MP?&#r$RSg0+CIAox`-djq3qW>&VOrIMgTGo#5F^PJG%zJ(@R+S_Hwg^`h_mCeiA z+ATn`&|jYDW+WeODM3|X&SteR$V?Ih#}(-x=xqqNvQ90V<2W)3d{%TDa6vUVI>NxdBCt?pWOxo>kyUX7kdf<*lpRTNe6Fu{MaV zt~1V;=*jk&%V~7ADmRT%0Icyl{q<9s13DonXOeR{*&1_WUj3kgH;`f zzKMk-W4jSe2%FyCa_Z`qj!qbQ)#}a;Gy_&-#A;59G)oz8ETyDsj`01qz#MOu3Td{g zN#X1$Er8dqk>e38w3&q@*E4jf1?q$jCq*TgehfCU$xpM^6)f_w0Q&NcSTE+$O{Z143-j}Oo4VVZ3f z=!OzT5D}cz9K{2Q`TB8;SPAOIC&~y!N zsjJuwe}pcoR{Z6cMx)JGH}$dXk(>e<)ShfFrX?eITyk>My3nXC8LJ&|rWqoPbF^NR zXepK1q7eg!-KYWZ(}P{vzTs?1F@Qj|2aGc>VCsO)O&22v8`D}vcHD^{q!^n9T-K7hN^iZc)_yjnb?D+5<&E;cq8CBOll%QBjn zq(Vn8(3PExl^KyT>0;3ppYQ;+TJWcLAdMeIzc4IAin+Ln4RzhH0uQBO*5t4)nAP)x zgABECsoD{!Y7qpx#FVBf%#HyYlOv2aD?%BfsLgctX&mX-B*WFLJeD`G zY)VdUk*E!&@u(RR34aht)1|4vjV$@d-Hw>R2GfS#si@?7xYOR6gopyGYZ^BZHi&u< zF`R=S)!lnzvUXjh@=2C5#i0dWIp;S^X!z9*O1VLAB?jQ6kuohHAo$J^Wh4(&5gP4fnoDmR9r` ztB|ZRJ37QWC;^tRFqNS<25lLqc2zjV9y9+KXGH{R#K;({T#kg5D{dUMm*zoX`Dj($ zh(e68r&}xaNN@qYMpbjm;RxACm<;ffhB2_dppmo#s=X(#O@FQzF>*5thqOoBTT*?g zdVg*zo#L)5!|aZHa7UEwN*7YS`QQ$EkVc^+3#>YZ9^YteKPIhHv9Sr5+_pDjmH6f% zhEs1#B(P2?1&c0jGoMT&4YVnddLLeNUQSu{IC0j5sI)ez1l$u}b&Y9-q#7fVfsHKP zjnSgLY35#N??%Lfw(&IXTD#z#DPJd@fqxckVF}g(oI~SVpjyF+Fi2rH8Up>%jrtIi zxsbctSumPRl1bK+X}ExEBKKc&S`=Qk@z7kkW2DT5Kjee4>}vL>CQe(EF_mb$sZ0Qw z69XkGS%^Dz8jH{!kc?o}p%b;!#3rg}1x_XR!Lb*yht}%4*a?l(y)b%)J!x{}Y%X%U zw3^K~ftgE1HEJP2lVE|69&3o?MVkYy>LM+b^4r24hosYU7GAU!M*%IjEv&oAMzcUj z+Ezr6ZN?C_l+0^Ij+(WXl{niXLrHZ(900pP`%kq<0pn>;aZp>biaF&tlL|2|joJ>w zp{w0Z_0W7LND^aj^;IgE$1H?n;;x8v;65Y<>$altJ0nbeellCmLnz~7KBpaMe&Pu$+CO~AN3DO>-MVQ-r~Owlk; zXdVq(7;w=JZ3}BuX<@BSqZPFh)!q?{sIV8($&)k|eJ``v92s&}L^O*))^h*wnqe22 zf>=fBPgs@pSmVA!!^j^Pt>Io)#9ZWyB34Y;$vp&av(%17?a&UKgkktdn?3wfaN(Al z1I(mQ2#v!~f?cGHZE394u_FimR`s?L7wtVUCROJdz_4GKc1_Y4MMB(e$B6PK>k0%V z2>oF_!)l?2olF_F3SIbTsa3VDE~fi3VMURmGl@nII2lhWyOj0E@|Bf{5yJ+eC)<}T zr3cEsB*A#-0r6VGc*R1rMWlL6M{1LKI#zCZ=->x82xzl3+mcH~c06VpGyye~wAU(; zG!*v8hHP_N_|zJCEm2!)%bLw*^M#Son{p&k(lRTG9#M-eC?VBgB54sRu|eN3MiYTC z^KIRp`6x@mD>UL_I7wWYw$MAn1>R)PRuU&A;g-n0Oiqj7r~#B4##kZCE>1ZZ44k8X z5V+~WW(YR)LNBv&OlBl0C1-b)TQm;TBfX`K z__gqh5r=Ikj@irXDT&rPzxo}lYZy;Za5Dp@QHTveZPYZLyMjYTWU#}bq{xxQX=br@ zus1gF_QIl87c*L`3C25B+a|(o$QBu`K&@D;U<@_j*F~`|QLC&Uh=S+VNl=z*szWeB zL&c^T>VPtl9mGp0a;{u>ED~H2u`Lq~>P&nFgq{_((4pmd&ePbpIR+eqdN4bXjsj&` zec`cF!5Y!gA}yNE!h)Ua4NYV1FI(ZEJvo*tR7n=RpiVcX$9L5 zIpVmF1Zmze!BnivrZTB|-h4`EUbgc=NlEdUggrS;Xu$YWh1V!;khl_D>a4eTi*{=@4$?OwucQy<>-VtLu0)jHLNN z8W5Ek7L)8pibW#7c6#j*yiK)aw3owpGT*N`$pn4C`5nx6RtIb`6znO+x?jSKJTx#& z)RR6kGVXl@q(suIZD?u;S-Xbummog>VcITR292y?3}iEcF%`woO@=0se;pOb;;c4Nn~|rargs&Up{;JsN(!fk zMT+hc`y(Ws&}4yMvm$*Cr8l#Lgg<0jsX1~aElFyAjTNRX^1(?5n`)R)ndh~j>tBjtoG!s-F7dFttqVGVq7ojw3l`ZG^6>Ne-5hv^M^ESKC zx>E2$U{k52jl?<^Mi>Rja-7i87isYas# zTBwKGU_x_fpqy@*pNbAN$6r#Rx54{kR<`z?V8}@g+n&broTbW!v-;EQwYzt+sQ~R1 zZBjG^RT_#iq`HTOuvCuVZJPypdr%LSV>!dL(YaBKp7Huk4}3(!uwGGL0gn_ifi`sG z88+Po%xvR>2Ej!;G$Tnp1WbaFU0y8^$HY~DmNt@&h>}YQgm1@b|F(&#%7z8p($R6e z)*ymvnc9N)GU%haoLpH$v}9t-%;lsCkP#lG5;dutp*N~of5W#nVhvLX19^>v_5oSq zK$lzoAabri4kM+P;evUjY<-(zX3kb*kxfN5F^oYa_A{Z2+ysL)5?gYEf0*W@O%g#R zLEJju<+!O#wpa)1v@1e(QFCiU&;ivxCp6XFD=i`~yPfn}RrnqjFS%GiAlQLXE^^_* z-VDolOEqEE)z%p4U7%50zUNxo+ISbQ*5bOhPtx|gyC;ge>)o1_Zes!B5LW0HnV9gJ zZ1*Gvx)IJq<6QBaI7gp|V;zJw;u76~Nn%l@rP1S*<2=~wZC#aVTjB+!bPw+X^`h2LR`jd{Ik1m`wuL+G0&QIBVcdgs5~_v` z#0>)txiYhHxY(fOLVv|DtH_v%>2=~5z3XY!;Ao?J&4PDZB~1&Ptxb7&y@P>wrVy=L zSx7Ft~FD20lixRjkd10UH)p#DUq^vATk`&VEhK%YyY%ETGDxIPO_bj4koWCrldJg!@HBPF)=P! zAoM4Kbw90_X3b+w^Ok#oZH2gfnl)ksh>?p|uxt*t4!S8Txp#sw4dZWcp_#<;Vgh{^ zykr)Hb%W`Jnv7JYpP{!+qdTmX_UT>hRQP^PJUDIjXx~TZy>=ClcfAaNq79}cUMxVf zs;iNNMKz%A$}N#>%JMj>riFQ>NA7Gp0U3+mvyJT(dp9K(A(ADd8OTxwY5`^?a#h62 z6cbAD@x|Q62Zqh~$-TrI&dHjH9Wl$x{$>BTe9!IAlpvrE1N)d-Xk)x2r+31=62|Np zBn_e8z*{a@gsoDoZZo4c4%nLcU?$B_FjPS}z_lLoLQ3NGbJ%F1g#2=Xo&;5f%kZ`; z32<-@q4zooX-nKBXki)zJGxA9W3I1s<3@w9aI(3Y#HOg4^NXr?_OVnVU?+=X=aZGF^@((t)u20J@43Kxuu^-u$X0IY5{lOY=VVv(= zx@OadjFjlmlq#1Twk6!v7Tb`wV`FeK^|}RJ7*V0y%2T%YgRIulBWvC~Z^1F@{?hD5 zvJ#-^PWgl+^IA%Bq|-0L#D5S#GdkT3ehxreR$^p}?*XI)_i#jm%!xF}~s%WiIdHTA;ld`Z1blKt@r<_C__L$q21tfZi#haY3-?@niSNA44EE64XnZS7g}nk~*l4gqH#)d8|4l?!_=&BF z&jbY~C@_8s@H>wuf;8v?-5>|@U<-H-%;eYf_Tv}*mV%SO71Q_?J1`S*+YO|^Ja8g- z3s~|7ek~9T@k@N~18p-sZw)vP`~$cWd=2~r{2a{KjdH-jpb@lzv%uxxb6^YD3SI;= zXL(*LI17B7pIf{V+z9Rk4}ix&A3v8k2%hDa|0eI@d9%R&VEUe(cQ{x9dO;r;1bJ{d z_-`g?c~YcsUUuLPcM1b<=it!vnyp;=J19$ zg*(kB@99m}m%e@b-q#DB?CVWe#cd}~qN+*Wa{bPy#(%W2e>OJ$yTJo3Q{e%yFFdd_ zehB#>124P_{0rC?=g6(`i!JesC*l{6#V>vnzewasT#Q{nqO@^d+#jzrktfldaXuMm zX?MpfO+9Ei=|BGc@_+mI#UK8s_ia9J{oCUd zoLV`p1qs^YLV3UpyX9_9tH?x{#g^YN&-)_y61Wmv1?~a&f<5^4+r7Z#gFWx%7oK_IvBw_!&BOQKbLUTy`)@t=b?-M{ zx%!Kr|LkY}^4$wLWD}-p`?``Uia5-5=_%o!to>=AlWlqX|rDn z({GB-E{V<#M#IgOZ2l$2Hz6Xg@5R`%{970x`XnwMj&5@@&WnWj{&IW;B=U@XF?I_Q zdCGM%qt7`1vZ}WMuL3n|*MU_aIX6AgU*U8@e??g*jL;o>$+nfe?g0)4hl1H)31|o1 zKyrK_vU?hkEN8&mK@nU6E(c!)*8|D;Y~)(Mw!I!m-X-hb0ylymfycp%U>9WnP#_&} zDi{ERAO~IoyYoxvNBKMhqv?p7x&LDj>WYUrm#%m-cnCZKs?ZzzfX(3D;4*M0corPM z&u*Up)_^=HfRBKC!OLK;L-A+8BCupOIt}!Je()ji&)}iMJnvUvzdC#ja2|LExMB`I z62NHL=56Ia|2TbWo5z1$Mi)6@$B>411T@?q8i|Id0nzXtAlk+0 z7Sc!b*hZ_P&+nr%P7(^?+4z%$)F$#IlD(FT*SECS(tMSeUVS~rR=obhx$pqE7o2st=e-qt3S0(m0KWp;z#l<7Kb7ABK9KUf z4}zb~!>#~#fM>uKux38`2K0j8fR|r*_Q~Hq^1!`!-SLwj-SGYIe)Fpj+%NZmM#el5u!h&Sh+_(h_$v6~am5<8F2^`pspLKl>6ee(kjsd3Q(tVHt%_LSW2 zhrAvJ;yf@?PTz*Ct_4?uhruJ@F)*b8+W;Jd3^#x`gLZHR_&aa~a{MFkQ*axQoX2JS zNaT7ISPf1ClKD{HU*i1cqtF|m>uAs01nvgE0=pf9eE?2B*7ME*KLd|}$HBCPo_GB5 z#I?X8a3(klWWhNgcLMW07y=i9FN5iCVg3e}HF@5r!R*D@FW_A8+h)Ö?bJl?|0 zyA)Xk?>ou!-Ve6Dux*Q`cKv(dkr%c-^1?mAKQ8X_wsE!XuH?U;+(p_g9@+T1#k)mk zw|JJuO_LTStU0I3d+_NXq8HBaE?PJ;E;xD&F|ZM=gnhka?9eQPRUxf^3$0%U7cTI; zi@@baFm~Vt@O$th#z157Fld1OX%LRd<(&Tlgky8(o0(V`hc!UsvkrU<+y-8ZG4f7) z`rpNqB`y*L{K*#y8(^HJjWbUoS>htmpTtF?1&KU~i?Q>>$!0#lZI#XkP;`)3fqVng z5B(KyJHNle+eh>2Uux_nqa$T=G4l9I@_7;Rc}*av$DAlT;JNVg)MJl6_{*RF?3Np^ z|IW2vx#~Zz_|&DBJa^%RAO7G!o`2!H-$g8-Ac9m?AIvmeRegwkFShSy`_9;RFW)vd zzJ(LgEwZ~S?0coY%Q1tQk+;2A-nQj>M|Aei={rp*^U>K0(b*9%hNYA}^mS3> zaX30#ADw+6I=eGEdptUOB0BSfaXPdgj8EMs>*h|i0ME%v-&p!rdA<6~ex zb7MG1ws8Jf%jk3EWz3hK20uTU`2ze7JPEdgH=Tkl0J7i<;65;`)$@)3r-NbeW$<6% z_h8-%;sxM?;0xe8;68BBO6&=63-}56Dfq*SFFgD7?;iX0BM;sG%lq#)a0t%0bN5}h z|MV8TitE1fUoU*)tJhpbP!W<|etDAQV_hlgR#kloHg;9@SL|D6cU86i&R13SGW&j? zeSgTle{J8>8MUhFdi(CO?@R3a=l1=Seb1Ht2{h8FcHVB^(pgR~RaKvAvHt=4{)l~l z)V{xNwS2?Ae`Mb`+xI7}p_uwxA}SjD3+%6=Ns+Gd_7OElA{f zoUw^MiHn505G9G9Xj~KWAJ-Ea`dAELZ`rSLnGEIe8RT&bcmZq$e+2giGAY@*3j8Pd z8u&W+2Dlb{8+-@c2yOy5gC7IQqU7-9t=@AOyZZOE_vE7wJ^D+a?!fp(DY#lam3078$d8zG;@pa4Trl({ynX(hy7yMbJJi2pi~H;Q zE6HldcN&4iOUa+2zYp*qdnHJx>tmd@)-IEW%t^wpf+8MCdA>QsEsn~qL)wj*_uYT}^1FxPsqmjz_}j9(Ff3XA7HFk6 ziGn9-pcg%}z0&^bZMC=3%k%eG2l;Ey13bm-fEBd3Fu1H{a-&zVsDgWq+^zAJc^Ojm zP*%?C^L%f6<@l;!AsCZN$S{6*wwosvA*02ssj;yUPiHs8~@H~GNr+bg`w&iy!{ z#O?5%&L;cpb#eDNo9yoKv?@wh9o?G}rJEYvtBKO>65X5T?os2cDXiqppf!79#jtB( z?*rJeatM(xhNFo{)^CY6`~ojVt!2+3sPH~eA@2Vr-;=z#+?nhh$~Vied{=wBa+qT0 zQ=x(QK=*e6HsR03QOEfX{)e!A;;kunp`ol{}yc+ym|h+9}%xhQRy4e}JpNNian# z_&&G^G$H~mpbe}6=Yf9!SAwsBo4~E$C*bGc*Wej&@O1KmHgFcW9DEME2(&Y|6`Tcr z1a1Yt22X>=H!#{@8R!5X2Umg{!M)%C@EDkdeC!F9f>VIxWe_|EYM7tT0PDa{!JXh) zfHC6D0{emKaME62A21j6fkE(b@G0;hcoa0u^1Mah6D&tw1)c?y;pRQS!Qd>g7W@u8 z3o^U2`v6=Ct_HLB@Vw)|Vz3N+3)~1MA=}m9RG?kHmx51${r93=@K(?dE(Vu^KY%Id zf>~gH@D*?~xE2Zg9=IF)64ao+-Uz-0z6-SL;U=&J`~jS^AFB(X2;K#DLAUGy{ta9K zz74Ji7aj;Lz@6ZJaMnTO1s5Mod%%8&uqp#`pa`x3UkClDodNJ(@Ii1H_yV{A{1{w0 zn+OT`Hn=A!GtKHyNWydHi4 z=Y#hH>C8*O{Xi>2FM-Jov>Ob8E5Nm2RtkOsv%%5e6X0_2HSk~HdT={<8A!#Q3D$vs z0v`td4!#Z^2EPHD8lf-v75Fu1Ks}uR{s~+N?gaOPk1l}Dpb3@P3f6%k@Coou@HN!n z_2AK?7(;Nu(d_I1AAd8n1)l*|gD-<`0)VX6PQFom)!BTV63(7h?%_U#xl_;O3|)rQRQkS~S z-x~4ctC871h4a_Y#{x3xd+uxKQeMUanK7+NeojjX7<}+I?wWm9l>7rBNcTj{K6nU7zZY%A) zdXwJ1`q&?<-^RIiVCCzqnJEix{dF=sGF8M|9BcNzY#4iFn>BmiN}9bdi$;%ZquI(3 zWDSWK72$f^x;@I;x}B`8+k>o1uO7QPD<)xqCO$5E<2EfzSzteyJx6iZJ$E+Ov`k4yD=tNVINriqEdB7~TKM!cQIStSLy=EE6BMbGV-=Z#qRC=s zhNT8Az2NDY(9K$U!P69b!P94RO-q$4s<%TqB1n~urh z<6~2;um)^;Srr|-jFnd7vGKF%(A21ip{W!xH1##H>F1|My!H9%6!ZD%ubE9Z&WMWI zID?`#&iIqq^y*m=PhCBW;;x?cC$s71-J>Em?@p1McYj^j^xC~6HobOlioJI4SHY$l z@sUg#PC_Buj%31cvI(D$)P?LD8|9NsrDd@AM{TI^Y9?2(%&CuD=6EPf_gorx+`eei zW)`&Sc>M-^_4X4cNjK|UpYV7gVz_#q-#dq9Vu0Q*JS>g&ldW7@7!|w`xkjHap$|cusTK*c$#+rSChT>?)n}j3_jB%cF~P%CVNkh zXnB}$;`oXb_-yrcQ@-kb)!Xdt-^j`wKe^FEp1r^kr@Uh3Sb~#`1CoO8EV2W{`^=i& zB8}4n2~LR>5S(t`&Z3)rW?Q5s+^tcvxKuoT;_nbq(w+!OpLk8Nmla&~!1Zp|fC}B2 z7rL`&u0<2ye`yN*aXTt-7gG|6s&(hV_kC*1i*5b8e(|GIy~7Xt$~~~J_c0#Gg46Sl z0I}Z3fSB$kpy};SAU=HpNbPL}aHq$XM6;lMj^aV>d`1m<%Q(s$?&LU~@3%1^}4y$vxL9*;IGK?o8A1ab1&mZX}GU*^~L?kRim!CL@gPkusKD~MV_bTjs%hz`83eVp&{etf|UvIXoXr!{G zyLFWQ)^Xx9L4gShOi*Bg0uvONpuhwLCMYmLfe8vsP+)=r6BKwQ3hd1Pue|HlyFQuP zXV;7V1^>VP#jE81^SiO;qsw>h2lC5@fc$;M1FC`I0g4e^2KE4-2l8F72D^f5f&BOD z!0teC1Nr;60r~$#qZ59;(l~FvnLm@qUs@^D`^$6PDc|#a`M>W`9-v63j*6@4cu3VQ zRxhVx9`~m~>dUK$9ZV-nC0P^#P^t%tEgq__5jVNm4hNAk z`fUEee$QRNUWP92Y!2?uhiYl|^p$rIMajo?@&>Qc>KEUt9plNw%hBE^4{|BPw`)ee zp);OxlxA=0uizNcV7&Q0v)-kwf^+nKp7uhD_WJ#lUPi?I;!gOs-q@w`I)V01n(U6Z z|0`9TgqKehT%UYL@YS{Fn1KGTrvIm@;-LNtBu_g*hxmn%F7F&Yc~zg?&|YEPs7bP`BUl_@BX!PPrTg|=YJgvR51E_t46ht)ZLoDN9+~UzhMgeKN6It#{d8T diff --git a/Documentation/Supported_CSP_Algorithms.doc b/Documentation/Supported_CSP_Algorithms.doc deleted file mode 100644 index d1dafc7ae22ac23491434e4973a79d3aeacf5cb9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 190464 zcmeF434C2uwg1n})Fe&XrUNash0_*FO6Srt3r*8>OxuvOAfT3;Y-{_~Irf+2q=2Zh0l2g-tywEKm8U+;fU3WC@2JqBJpaNvM$ zZvdOXTyAnJ|Mz!5fySVl|NbBh>Vht=y}=+YNWs;pf2Li__*o9dg9=ayCV+_m9yll{ zj`?beKT669_zZ&U+-I=PF2NyOXYOygqp|t%Z^kCTAFGSF69&QZV0#b`nuCrYVL^}J zG9MfXs=)$q6j%rrfyH16SPJj`vx-s>6OR@Hm4nNw;FusdmM_Nv{*Jdx>Qh;-|1UmP z2f^vozBgzM)^cqL27*q?Av(A}G4w_trrr$d!4|L;Yy%Ae6)T8Qog}~Wbw_Zm(hY)F z0{+gVSTAxt3%m-vda@#149-@$n_RA)P(ifcNbYT}OuEw_wDY}-purx{0Xl(hbb}s| zs30bat4>k<2ZD2gU@yP-0shpW=YrRR^T7FP&abKr`-4DnX=dNt2Si8Fa~xO=Mrr<_ ziZGMG6fhM`0|$ZWU#X0geVM!74!W zC);0*e*!oWoCID0P6nrdL!dzo*EOIPtOa#IOxp-V&$0eB5q>+^0Zs$H{mYR_JiVK zoIf^xT=~jbWs4S`S9~1&mtL;bHAU6?H`N7K?XD_7P)g4(50_0nyP~vuTEp8HO{xwW zR#%krAb1?w-&i@9uA&xJ?u3=ML5J7!WYhQ=4^2NDKB>O=)sv5?D7|u8RsHU|pP~y& zFE0o;&HBuw$wixjs)~!NE-1fu`(!vcJ^w2&*bu)lRL}Kz3R5ft4Va& zpOekX;FHTT^^cSxQZ}Jrpsc>&(}zz8jw`?5o3n4I530(F-cmpBw6_+7i^{6+tEhPH zeT$ZCsXlrt`X?j*VHu5ZL!x`&D&*nf>SCBUO#zl)x1@e@b;TL8zuN(q%=q9zvzC-p z6;D{)8vHT5f8We$AF3{^FRwfF6{q%BZwRiMb-`iM${G2ed~o%3r@o`P^s7gfZYZAq z(bA1qH@$s?A|ML49)5gLk5gU+v_&B(0>z*Nj02^h43vZMpaN6^@!~|TlcMkXJ%#U6 z!8C9Xm=0!ugFz_;n8|e(m<CQk4?F%^i704DJXRDq>+cmlP;e`SmI5&{PAGwLuTFUdJvlu4P zA9PcTLBeh)y?rhv^~`A@bIzDf_R5M59L!9LeZQ92V(X(JODT7uY`L>{{rrbTe!zJSq<<8 zPh~q;I9U+fRAnJ$;e8Q|vgi#F>ucT*y-QX*nvkED`akEQB?n7I=+xC#n4aJOaK+1+NF^ zQLgjBRp2M!r{FGdH@FAf3w{Pv{>MN$RX+)Ifo|}2@C9%UxC6u>$YO8;I1wyV`-3Km zxE&k}4XVKcZ~=H5xD;FlZUFayXTTJ6{!*|R>;sp9YrwVOHt=2WBnT_8fWda~dT<`N z7~BkV_dK93e=Vp39|X66TfqTvEGFX)a6b41_#C($ z$c#J`tOGsZJn#kZ6RnHAYmfkK;6m^%@Bk=--;M_2yValuG=mm!3HT52 zeeeW$61;m}5WELWIs)>6ST%J4hk+360Uh8na6Nb!OoyMv)2-kFa5eZbcmd2iiu!~0 zg^a4f9?$_gK^N!-=YS7`8^Dd=7Vrmf_#&)kFc(=_1&#qN%gG0P7<>dA2jka+Eg%8j z0j>ij2*U}WAG{BI2|Nmp#e_Z`ybW9fo&>Xxg-1XmXabLbAja?cLGaOI5SUTE&*~Tw zhMyzGEy!{|O5de}{EQeEIUDi*C}kT<`Trrp45N8XS=q_22v;p%abmb9F&Or>pPL9f zyIaHM$AqtVMYyc8thT9X%g&nm^&8jjT-%fkopFC%UEK*~Wlf1h*qrF--kb4k?S`^4 zQV&mhh0HJ>6X-*WR)_>>FtAOT2C%(bb;{6z|xTXzq=N?R{ZS zqPMNPw=>b|(oau4-kS*bban5g(tY83dV1SC$!f4C@!l}r)f&FXGIBSTgw-{U3Ilz8 z)LS%Bnflsybx|>B*^-FvWtN}py9fIF+FPv-eJ$NRQ9z!wcDD?4QtBlOhE;q~*xcQ} zTS;0KcgLwR#E1`c^oQrfI|dScA(f(>gW<0Bb0BJUM`BmJV?mP37P%JAAU>6hCmSw| z_xJa_ z_U(-u*X-C{w-ZL%+0eLgOWn@xXEfBE=<1Vdzn7C*?T*INEVU(JWn~TI=%lE~Ku3FD zzgor-JV|e>vt^kk3~k*Vh^(=8vH>krA`b70=1wW>ZKu6EY2J2n3HuWLa86sq>uKqU zEW6>@6HSziM1v9~pVFc*#mI|XLkum{A`|>XSNFiK-84yCw;Fe#E8f}MzH6X+pbxD8 z$9DC%w+*HdlB~NDiB`!`WhJd2I&D+k+}_`}pscLHHQjckr>v~jNvOV8mWB3r^zyQ@ zvMs2GL{}Ffw!mAvx;qoSgOy>JCCurGcEb1f!hT_O#QO_;g3DJNJ92tqD#USR(tzZf zmQwQRF%)Rn(-HDfIAi&ajD%A89KRx4h|0C?ZK%D)8_->yh=GU}iH~&gkf+sa7jH26 zl{QS5#P+Upx;xH6P!li-8ri8H)2S^^t%s-r-At2Sn1}R2^k6r_w!1S;@0qMQ@$Q1n zB&(f?c$b)nSfqmv8!4Wos5vp%O?X#=5tZ4AsADRPK5Xw7TlLW!D0H^Mgi^wZu9kRD z-#|xP-H!SoG;B{Cl^!;CbT@nbBrUEI#!dLw)@-j)RVY9|MuU1aDAc>lDe46$s!~zvE%A<)sKkkVJss^W z?fvRat+vWaiDYQZ8s8Q!S=U)Eiu603>p*W;pUX5Y;bgsdVs+qQ2OLn1F5e4RspFDP zr|DGQoKdA9(ikLC?+efdy=m2IN6STZNlPuQT2N4JIV3elxAwNME5j6U-Bxpg?kT0q zqs}JEeo44aylWOje>*%*MWY@&nNMP0%kFsBt^}sWZYt3^fC3(XNmb=O%#N(gwIp1N zvUc5E)N8BgDXK2=tku$yh^ses+}AVE3<(y|KU18pZdx4G-`m~U?z4@fJF9be|IL?Cx3;)<(RPR>*7u7!R@JoDzUj7emFqflf6) z1#C&6DHl7ri|?W6@n&p~@c3o)CWLFHLvfOI+_GiimJR2I>sN}_$wnSoI-jws!2{V>epuqDykA8(h5 zsy67BiKWscyG?1yB_VxLrIWI?iCzpLso2UgeY)SK9h0=ABS{M3#k>VW)`5|l8lPD_V4bd(ykMC^|8`N z-Ga)$B&tv}D5z`7D9q7o>zZ~Ry}9m;jJq{MLN(TAR-v(WWk&eM+Ep39Yno~^em8BX zS-xRQP3BoWzd%98K>h`)LUUM2h!zfKQgcoR6xRmC`eplPr-Nh%@C%SfFZqYY)(DzB5$WTsL zhs7AGyRF()XM}Psu--G<<8VnsUt*xOyAg5k?p!y})uMq=dQMnlz1UXjE0TGpr`EV` zrzpQuO~6PC9iQx!jU?0xJr!Bk>OF0cG=g!B=y}^3lBM`Iso0!;))=C;X-m^in9B7h zT@bNn0MaAm;@mayJ||bc8&rW@iBp|ulK!<(KT3XEchuLz%PG1?RFDv7HGRCQm#v|^ zO&2>Ra;AXMLMpr;wJMw0)K52~M6rd9^}IdoQ(F>l#G)X*-f(YsZ)@Ko=qeLMgj|Dx z;Rah#-zdfDH68g#$JEJE$8tr5s!W!U6+ypKPmtcV@&343Ay!l@xl|pNxZLQv`m6v) zQexNHq$=n%gy+;Wia~H31xY%KGgJeY7FBrpDTPt}q7IevYCy~w0)b70rtz%ao)4lP zd^8r2(nmj6RMz$m_Vjn}>W%j>To1R=MotyA`szPCmL^iPtB2z|Rk|CWlB7G3d*kwCSCWAwwW5XOu>QvZq zi<<|@4n}L)6SlPXz%Pv4DjA~aFWGaHX~43jyOmZnHG!tyvTbeM&VBp#F%nXd`%J4R zRk({%yQa1w-n#KL#wBHqI4s(GNnuFUDtYGqk^!)VqjGIL&7P7wN$nhx(1_vcYS)k@ z2_};pF+WlyWO|vC-OSFqwRNhmh~Nrlx&Pf%gq~5w7qZen$u1*M-?(A1#^|l#C@nA~ ztTiMVkK77FauV-ior&tLZYB(P$^HjOy?sSHHuW7!pnnsSd zv?O}^7r4fbMu^^_pNcRV$9V4h{4qAPoBGR(a4%2sg%(J6l6C zIz|F8>Xdzm{k-c$rK6DuPn_K}EH5{@Hq*~slA?;UjC^}C%oGV)qYj#%-gZvxV@!(- zt59x49+@#ntV>J1s3`AKawE}HO8VJ>wdoYz2rUu$U&3lL_I$4R)COFwp*)0%TqN<7 z+(f!4<%-$S(~4CS8L2f%4|w$gGwY>poDqUSpcY5lKtD$*-^VxXSW~~T)@)^Hk@>7~ z<7qWGqcNnHgj?}esc?(JAr()Vsg&6@1eR7^5T%HQM6s9llJeT3ut~PFeXIx1Ls0&lD9k+gV#* z)6^6udV66HJU)@h?dzhVAdbCEbo4sov84kCE~V^uHR)#lq!|ZynwMt?c|1i@Rg_aL ztrFQtZatz>OQYUEpX!}X;GC%?8`lPmnG_N)z~;tsb9>`^=eoAiBv2gpop{GnlPR4_ z{JXo_`{ATi07(x%4*cpiF0$DHS3>U_G?wcd=;`V1#T&{XOzwVb6VWzOpQha10FRuS zl0`_WJ7=s#R$q>uK%>ml8Ad_2Ts^{;wX4PuO0=(rF8F|%tdzc4kSkH2_u3(O^EnrA))Aac2dgBFvB}8H>}PX$d{_Fc4)bVr#4c#hJBPe{G9`?$MT@q4)Brm5I!gtnAuV>CU*bHb?k`&v~y@(r^p61v*lwUY<(o@b> z4b#1I{XNJBwMY)D-s=^(qmmMFV`<5ZyJIQ3du@?l1-%0IyFW`T!--|=P*%20Gq6mI zzanWBX9QD&!x3r0RxC5)xv~;ROxdu&a?gw$KAk_6taIel*R8LqJ!9nbwTrnVy%UNxjH`>zFmEfgVkDDfEA-WN>G9wZ?myBv=yeVAis?pE*mh_oC3(kPZ>o zdpk2JQr5DZ2KwTnQ)D#l)u5uw3len0-9c-TuUtv}noE-Zwgtn#-nK@J#x8ihsB1?C4?d9V7%F44$lqxJ6$_NxRjxnI)(RC#a(dQv^o$K{{xf$a{oM#mIWi&eI!f8XD@>G9jlbShJdZsC?8QN#InP&iYgN zRN6((<(f_)C6hEIa2ciophLRo1~mOkg`J#YJE~A_x>U1Fd-XFJ$ta!?%|aw2q^AfFy@t{^Rwx`6Cm@o(|gI;9&WYuO3_q`*gT?e zbSGiqF!s&*lFUTZ(cBnL*T${uQzgMk?EDI}N`2kVGin+ex1Am-%2a8Q7?BWC`gK8P z#IcO`YE~8V&#jQ6McVr{r$ygfiwsr(Xf@Rjq=)YTT}Q-O_B6-qcdZ8 z2pL&`VagUomf=?Q>`#mPAq=zCnCGxFI@ktxF1jgRN}WDvie@E{l73A0LFQb#J3>|m z(PdLXsfV@!F??i)JBdTpFrtil5v#T%p|hP`ITGgSbv=n0E7?nso-+~DBIMWO2MliI znB?D=)K7R4vUi}%tzJNGdb_)|o=S$5X}Gk3gJQd`$5S!6+(xcy1g<;c7mavqae#3Q z{8MZ58r4XrW5r=C1v@i-5}~ZO^R2Wix%N(!>P5HF@2N-Xaq~pI#=5rD&diyxqA_t! zyJM#f%wBi1My3+mM>p_dV*hA`jhheebDrsCOE6znE?s`y(q+raHg=&37;~^BcK@i0`x~%NjrOS_2oEpb3UJx;1acw-Uf+D-9hJ)lzr=c5ctZGa!BbU-{QxVl^ws7veELxsOv4koo0BZ zHGybQy@=)JO%O;$WtIs zfjkBB6v$H`Pk}rI@)XEZAWwlj1@aWgQy@=)JO%O;$WtIsfjkBB6v$H`Pk}rI@)XEZ zAWwlj1@aWgQy@=)JO%O;$WtIsfjkBB6v$H`Pk}rI@)XEZ;P0CP9OAGFtN}Xd;M3p- z;1RHl-PDfvRU!4yU*X9|#R_#4OG`kz9}HFk&j+=9pGEu626qC_ z58tE>uLtMR7UzSjz)!$W!Cl~Pa1Xc_{0!U&9s}j&oQwgwzzgZplJVnD=}-Qc{v+eb zQ|V708{3cHj4fD3(ixeKF`tYC{(FCnu>`K7#f3rn{9ydLn2t!Xb82D}1AmuW_Mq_a zSTOT%-TvM1z}vwWz%}3w5F3v?fD^!pU||I(qktyfUD^(&BisD_>6s@Vd-Rb9@Bi6P ze{|>fZ@c;WuYK`zpZWJIKmO4VU;2UfUhuIbnsHJ89eWrGWvKqKc35)K!(6Qksd4~&R_iF(e$JeDZg{`Sn8&+;@-D z0N=UkTi1Q<%h!JXKR@%SD?j$354`&#>45#`pF7akWn?HVm=u&;1LFsUd~?5MN*5HD z%;Hj9aIH5FzXS8Idsl&DKpi*>>;bO_7lO;c zr@(c<+sQFb-zos!UOp7t`1$mLWG`;UlMIDE#vi{+&nM%@uhXB5F}45RU=OC3Ap4K| z(u3Wb{v-W6T0Kq2J3EgP1)ZM%XtC4t?t4$E`|h5nwY%qogQZvh+HHR_?SBe*54Zu` z2%ZDWIZ16B*b6=et_HV&KYSN#?ykip+qo8( zyv}`|?>;}_KELlif9F1raJu#k_j#uKywH9A+Z zXWV_B>pm}cpPzT1U*I!XEZO{Pw9lJqqpyPJ!ImR9?--m7-0;)$afVXJ_>rLpGJcFv zBr{UW{v#u`j9}THWCY9jkr5~3M@FzQ{>ac?8F4b6Wc=`y)z!&=qzek8aUfT-0eK#S z3uj7}vbEJe(OzEz_kcqD7>j{?947$zIbH?i>$nhn5_|{z7CZ{xabys@6O=FD^ilBq zLSz;kjQ`^hkO1~8S<&+h)o^FO@fd;a$D zYjMePC(Uv9d7=CKl+!JDx=-v-r2G)~x!Qg1a-Z+#b6m*>_^gaMOYawa4aSu`=o190m8G12 zNt%Bzaq&!!*hW$L|4;IHL2jD-pOoutG@*YTk$EHhmWCu~m`19w2`?I_YXWDt*L(hu-<*{~N^heTT@8`$< zf8hhyp#AOF8R#R2@j(I?MzNBAS?-LM4)OPoCCsG+oa{5(uUNX1{M*krVN8GTA(Y4a z6$6>ltltIi!o$MP+UTCV^772dJEIYrMozMjWwqXaqJ@W~GD-t}1}A}&!D>(g)_^*o z^yT5zC|{PoEY)8SK?bdi)>nX2z*=zNz^Q1oalwwDE7$|NgS~uK@~k@;2zCWwuq9|` zEZq|94iZ5J{}Y1sK|JUU26?uId*|@Hi;(@q=n4wB8wL}Ddcq74D$cJ)KKp`Be)sX8 zAXEvzltv42nQwqOaL8(a>3s0v z8U~x)^R=YD&y{Lo&_wx_qdl*8&l}vGJ(OuOG2*1NoBAdAR~}9LR_*kw&!tkHR)SRC zlY&jeRT=wSnN+gV$*0fds65Nk;+;vj4pOd6E3xXMd{vS-pW_Ly)H5Vn^Zs-3HeDURtUu5aVPU=jH@xOQ#j zGvR)#hAQ74@=#ms=GsHJ`Jg7^5nrCP6! z+{9HXq)blvg~zb9!JT#dA8MsNuc{Y z#p90WRO=LXtMo^WSlX9D9c$4{3MpUJtI?HCHLi0lAZeB^IDm)i0G=^e7L^XLYGAAY zb`21G+z9~1eNa#wBc%Iduo#q-Ss!s7-}zf-m*5btGlL^9+ur>6H)A_vXeu-lnFh<@ zia0zZu6KWEI+`;G@EyPyL4fZ75-=$Y(0~EH0EogM9tXxht0)Dr5`Ln(RO$mxii7ayww+N_)QY;{_$1rCz*iWA-620k}}O<*&q2V1~aunjce%OHQM z47f z=m4ESH@ZQONK_CL#Z{*${{e&@Zev~t@TUen7rY*v2hLY>epO}IpDMTF>Q8hOJu#d_ zp3#~g&0xLb6t2;f9y~#>17?7Ofi*t<7rxI1hXSSt)cnC5Fc-`Nhl7{U{J}E9F9&pr z!O>tPz>VX2(qp-*{nhyD>FD%aFR30+J*9fRJl&b*cP*#`V%kQarbh(4C>$7} z`2!p%Xf4(%fbC!hI1TvrKZEaQf@I_K{WV}GI2*)4GiU*=AOYII55R8F4%GA#$MojE zfqQDNzx1zo80U|TA6LF|R@tJ3=M^6Z|D~5E#9CrdgkvG`VO~P*rhp)dl7EZl8>uk)HpRm+Y_n;unhxX0Cq!%E_H& z=U#Q&VvAXqPNt~JMFCn z;i9tY`zk7)d*7lZTdI$qivG#Se^^E%+>k0spnqmvTwM$krzybl>z33{uC6#^_IEqr zk{KU7Xx5UFs^STYTZ2D__wSoI?L*aN_2qSkzT(vW>J7nFvo1Jnypm6^|H%heUw7&| znoGZWWa)4W0qdg6F`W!1Le*@MrKMH~<35JQ=NB z&X=?3&=o;cq<%Q$hOQNkPr(Cl7qg>Gp%rWwOvT-jHQ2`%zY=tWtgUpix7#yV;uQsT>#7Ql2MW zk1>hWnLKLD(DhX%)NbNin61U2IgHqo zV~dDglBA!kO&MBMLFG-QLBai#uAAffcx*mG&y7N>9intfipL@j6J-!vY zZvjtB>>l67**%_8QT`OS%4~r^64Z{!`}COE178SVGSYbE$mH z4}lo};=+ks3SCcMd? z+8=0z^L8NLM>SXgE&y)>mx9Z{4d5Q|448t>UkWyZec&>14Y(HE2EGfP1Yrdh5ZDf0 z56%M@gPWnVX#JB()Cq`8bHS;g4_pGi1nvQU1}_5d=V_&V5?}!QEBGR~8K~Xn&49Mx z7*Ge!0(-#g!G+*5@F{Q|_$Kf^qjK7N9#EIR7Sw?cf?L3?-~c%GP%JBOKKKOq9Jn3G zj64*q13ln8@CEP_urMSZcpJDL#O6S2kN|DqLhvo{04Rgsjt1hp)u0A6gBEZJ_z&=X z@C0}gyn7yg95Cq!$OmH8@FX}4gkTTo0GEO5!NXuW{4Abs1s8y;!H>ZUVBS&GAG9xI z#RJ#_IzT7r0^Q&o@L_NRxDng}{s0bNgw+h@A}g!FF`#8R`G60DkAUM~{CcnjB)~hs zb)W=cI05v7_kk~gN5QejV8Md7fos5%V5m>;kz)fYp7Mnj@H6?BcHf5?<_kr}M)aeS z(1`b=G+jE#&xm1=vk~u)P@aDTf2^nNnCp^_=BV-!={7?6VeOcwt<9mQ(_wrTdS;_@ zdfdO|_o^)A{9Bgce=4uC+;#sy$>*c!-ZAT$|EV_pYvh}aCfIx<>db7i|JNwnU!11K zL>kp-tR#Z7io$%`hqo(m&^DDjNrg@$=?kcpr zu|4iH<&m92$+i>Q<`SBT*Fo+H7h^GZcaVb0S>gP+Hb>S+D0#YU4oM#P4fq%vDOnx! z6q>22p#&TGt+H)p#FENm8)FtdQI55)S-3IFv>l>6q@Z(O*M`*zn$jt)TS-O_TFmEqSexdnq$-K zNw*t$iyE3&(U^6&i#0w|$Bl&T;KI@{Enmfs8(17=yQCc$i~&iDOVH zhMzHphrFE9*o=+R7murqv)~rdP;*Y2LDC$jxMMF@m2m|wJN=6S;=0tlzlOB9Yt0irskt_ZXy1%@8kcUMcKwC&*zbDx=a_se^*f6>1l1G zSw261snUAArB?GZf|_B~6U|+A5?|C-c~dicmWm`%zMzDo;S}UbQgAM`k!M7)qzgs$ zwfwf3?F6N1f|r%AW?{w8Uf(ICG?H|O_pa=M%R>A(-oq{Zl;ZMA_^*I`KTD`%`Bocz z%6;C$?_+4y26B)bDn_jway`im$wj)?om*57CLRD+3qe^+FYq9gEg~r#y1rpnsMN{7wXFyaG7HM?ysPb?QThA# z)GGnSA7Zv;N{;#;aN(Y(B|n-o+^Y#^RQhyQdAQfna~ICM{OP^waPF{F!m!YBqGHuD`&B{zIx-KNRD1%C&7JP8u5`KUYHc%pR4y!W zX&r$)&kC!8**R#k$I&;tW-wj68|^2ZtlqagDdKi*GIMFm*)F!%tGU`DM#$0H zLSb^1WHiZ|ABwkzN|xOndrMSj<$d#t3?QGqj2gW6MWY*yC^g3GMXKw9n+iTo&sRiW zT*W$oN6`ox8){^um4>qGwR~id@A6V;%%ZWYjY_+)1hPwXV@x%ilOu#YKqFa87IS|1 zJgW`%VZ~?!a7E6Za1%K#qYm0|=1H_sjC6mUVL$oRu(7>7`^Oz+J(E;sRnya)2K zXf?)SXe1ATJQZ4}s}Zevt2DOU8jUT@ucH;;TF0vqwLDTbrt~A}3E0NogWx?zsgX>j z8=c#_ZBe8SDs;L$HC|2C*E}bpifW+|tvK3NntNKw2H4Hrc52X%O{A3^qJikRohQ~B z=EbU_MsYVrm%ql3gL|lh(%(a@1T>Uv^|};xIvLU!e-KVOowO^ULJg>Oez+}seL8tvR$EWfjY_m~j5EkkriQs#cVjL=r5Y)+Vk?kayKe zUQ^=@^EAlYDw?TIgV05sVWaGnkEnw>tHe{$2HxYNHLl*Hv4J$?7f9t*=IASr$a><* zf6_~f)f2mqu&TAKw%<${m9|QtwaaQ1`8>?epfQv9Wep`$3VqaJGvCa6;%lqiVF4hv@gOqU*!a^|y9?Z9#NpvjrFb(dhcS==xZ6eImL(ZP(Vq==X1;>+j|5 z^b#)#kft|z^lOksAxXV_OOh^=juPmpHqodx4yUI7@@vIK%_^7vP)^-UJaLF$gTIAT z)q?VUrP@JWdbP1+LS>R(I4#l(ri;W06_iiyZTw)q^%Vch*QR*#o2#Al2FdHlTm6yb zST?aAmnxjRUpn9|@#i|yvf8Me zrIDA(%BK7$AqlFNzDo|w^QjW(jwDH*57FD|UPmZNl}7O5Q8xB0ZnlM*3a+DzIC zBYQ)X6(yzr*11|MN6{`*>u%tga_*wWt+YrFCGhWYr0au9?#l09PkQhzG|`MjlhaM= zC+*FT^cX3rt|X*Nr}s%jGm~!7sUN+jcN?S+ys-WoE_t)SFigJf!sD%Yxt>3z}mu7p}x{f8`?B4Tf#rghlm>q%YO(N?fEMVzUn zy7Jiez;P<2O6&EVeoG&v($hOEqPKb-d%wv1ze-hpeDTM4=&RgSeyfA1Qwz0x%1YPQ zRk}`IBCQq_f189Gw}=|2laeG?eV^n;Tx(opZ;7P(KE1W1R8l%xR-I-Nlv;lzdFubv z`>CW>jyP#&(nfFlWKzZV=gQms$SSkROPNc}=HWDJF^|~|agFAAEN3h40Ie*oq5fZX zh%}T^Q!0C*rqXMLgX`Tl$x0(nRLViplRT*9toOEe#w0WS_|qjL>M2aCbP~#X6U8VdjQLo+9qqV8LJPmk)VwpM$Y zRc-I@=pC*G+RWe6yqz?dNr-Y)PK}Otl-guhXR~+o#B90Ej$VqZ*~&gQ##G$lxk+x7 z-x8!~iPIMDn1n<$d@EIo{dlQc- z$6NWk@Ry{XrryC5twmL7Y0XC&UzR$08$U{WH&fy!>S}Kwif zmP0?Qzj#t@r1mPI1-x~#9?Q{}*YmOXUb%KVtI;ey@#&ONLdqgkxN_3hytd}6{XDOz z)=0Y2e3Fhruj%knCE`D2wO1X~}dSqgexf zE^r(n+9`p;E4>(_?ik)LNriM(C!@||9fi_udDE=2D69vRG@Bhim9_TMg8fkHFk+4L zeNJ@00J&I?_wcXrUmm;@ufAr%(`&8~$w;<$0i_>`X;7gAYh_|^XxPuwR^CO3QQHFg zj3?0&X7dc42PxwDVzkE}u*!zMjX7?}+nFWsiKI{5+0EMrqtU@6#=j}5p1}HbeN#_5 zobx4BLrZw5lWJ*`;cuUgo@R`AC2+3z)kcJ6ShlK1`n|%aPE}}vTY`_{iI2ezTcdJj zzN1={q`(w>lD7qOf={~8>UquH7+O|QRy~CJ@i_nT97$RwRmT9;TCp=%#eAMrM_U>5 z1;Y5%G1u_@;89iwOr>r+gD;ICq^yi=>t2e{6Mk(@jBw+j4F(I|{sO`K$YBO9A(G|`Wa+eirYX0p}Ob&u>c^;PoY=pAE?wAEW}*KH5%} zvyC{@pDO)SpJv`3*(?1}`#SEdk=GqeaI$rx}<8WiDJ|(hQ2zC zd$KUHz3Y8;Ox|NZS{*)%s`>JV7<&|;qh5=&ts~X1kyjDE!WGcxR(DUDaVOv8t8U>< zu2`@dEF$imypyG?R>>U9^`?SP(5Bhuy3Zul+}>=Por%#l*|mgb%x&iSOzI||=E(Xd z*X)9oB=@}bMbt+g;fv|@M($nISL==W#gyVoXtN0$y(&v-w4y*^Hp4~P=;P-dve#W6 z3|MMwxuGv$YqtDHO?<9>}sTA_&88f-)&}=(l zJd-m8A2S%fc0Cr1ysq_s+uHSPkU9SB8KN;j1_TxR=@p!+UB2zc#{<8!!O47I4Qjv| zPzRKLe*YhN5Ayr}$XZMJ9%K{BE<&-ny(M_jOU%OfB(?tsijG-Ud(KM@*o4Eje{pg1 z`v&~|Qoy`QeqXC>mR)}Tr+?J_pESQLkDEq#8f!LUPuk30{{5f)`#n z`?zRG_>%l#f9>%3eHw=QXmP~-uWF;0$ph*B(e&^C2)GZ5&-0{rzBHew!smUS8mSLm!I0ncJiq68e$R8QM6i{t zT79UM4_X7HHF8>+qo>*jLL>RS&nv&@jn?@2H<IZyy<1%{$*I7`8{upTk?C} zbVn;?^LyUtJsZw@$nSZ>`wH48Df=E)`8{uj`@huhNE5GMWe$Sh1yMpESycxRRoZs_iq&3tx73A7)XJ(e&i4JlzF1hv{ zvK`!J;8z=cFS*A^Z9X>9o$OmShh330hOoUtZ6Ef`J>G66^l0-vHQ3s=Z&>a%EYc&K znG(j>&tInwJj{-MAv3a11!u?lM%^vz6jzSiyJejnJ2x2ZY`Kd_XDnySJ!*|< z5vbI+J^fKV!E;jW9Kn zA>UkT#GUKhBgwU=hHFn;KZ?C#iug2+FL0~1a&ce!te+qpDuHfy<)xH=6WTiQj?@K=;%Ii=df z4x8E18SQLT?eTdwJgI$G7rL``wF7l79WjTJW#4Tx2LBiHJax+DD!xBVKQNE_l#goH zYCq7?IXgz1*}kkJYpPu37e%s{UlzUfB{AAq*3v2P>`Evk%U3lx%XbsZ{ZWh9vAP&8_&DWUiLD@wbc!ou3>{v8{W(C{ zPXMR$tC5f~_UWCQwqLM6qr3}F(g^|SyDa}IqSMH7t$lbu&W_IqjiRgG=u+|fVi(dg z|DKa9rsUW!co#9QU=Q?9vmbD-c6=@>-^d(bYv`{FW{)C&;-YNymGzWMwi3k6ZNo{r zR-glHoM3X2-Xo`|RYAVkAzhOmuF=IJdj8qdr2iKji5meh)_fb7?b;b9E+&D7PGqtLMu} zsgkQcm8RBTDCau9y^0jGr>Eyf5z6+lT2G91v_~Vq6+a|DpIaf`7md2c;fom$t>TV` zAyobEtHtryFvn)3KP#%Ae^Qy2v+CJEIaO+vbOkYu0+sZV8tHuu=)Vx%^(HJc?KnOa zx@X(r{19}tPQ90XW-D5Ba)mf3*RFR3Jnur+Nl%`MK0cNb6$XbxxsgthXyC5)`JPCt zZ6e$}N7Ytpka^<4;bRz~UX85TDXp7HNvGS4bmI9WSB_lo_st(gciIW8I`^}QeDq#y zt~W!cI300zYzJW%Qk~N5BV&Sc~lvdK2L(&@ll$~PA+(bFHAtzP9R>tW( zv8|-4^BZOH>pX%uI!CtfX2OV5G}01xDTXvvsf(=~`p8u$RA@(9OV8fX*BL`f#m=AF zMOu1sm_#C3yVf|q_WkOL+8rqgrRy$T7`D99Odb?^B}F%Itxi9)QOThM@JM= zS_-FgzM8n|+%wKG=hsFwp3X_=wV=*1lKyLVl<9NQzLA_;&?{x=p>3QwsoHEMy)}H(iE*NobgkmL zzGD~nr5kk~gYwe}nikSd#M9GOO0QI^$U)DnKavdUR34osCcm^jSxVjtYbQq3@XdAt zwSGk{sr;?2?L0wooAOi|Ej-b4e*&PDQ71oG%kH9_wBSPJBd%{DjD^3&ZJ~xH~M}9sW)Mx zSzhUYTG=!J-F4DgJ87zIjDM86PRgUm-(g;lz~ zU8ko>UTpoG@nj!9ZuM*8uUfc6J=+diNSv-7%ebv6;v=11sxw1Vy1a&R8h6+Z7^0KW zM!K_~^2(O5Q$Rf*PNaRbBe0}IYaWePMQ8k*#GlMJ)xkK#bdTgya-_CzCzjUC>dZBx zspLtT!B#|-rRg=_uj>5IZBTwIwU_)#2G&yNMt<8VgpzderRbw?k_F?*LPBq(OcRKa zIsx`{$Jsi+OBzn6kjgqa1KLPF*OJP5?$q(W6)m7s$=0Hobh4r7r8ZP<>2e;2TO?sR zi%ObRDJ$=G@|J&EEvAvRwXB_3rSs9GL*#4PM$5@MI-NY5_@-PoW@wG{&^nPz{HVTD zlrY zsB3!?cXkKD|(5}k}`3LX}5_^vltgIA%x93$^x+6PE0Q)Dp#z$WYI5Rj36usxS!T`fJYPx|1H8h1}tfN4MRR=JZ4S!LRDNT=oMBs!hcCp~E=B{uU+Jf+iT zMNRRqXeh2x>ulqQObCu@Qo7 z5z}_%q-&>V+50`}PwJt}8=WRLyV6cg6HlmAreP%$R(kc&qxVA6)z$}1bQW7bbyI0| zo}$%O=SfNS{3*hz=l;pKq%6wX>U1>rXGhgVGNn@iecPy28@R8qYDeWZ-f_0I@;09I z^Gv@c&@z%1=`~q#A-Y36C9aZ9H*`du(&@5QOQ69L+GGi}T;h7c(@0@GaxdNzUv48M zX?pq4Ok>%(naWKRkc_F1l*SQX+sV5+{Zzavzq%i5>%?C>)pwnXrS#MbNZ+Tj_19);>zpvPlkvD@w;qW9 zbz-=Uo23QpBsZO^m`URr(lsuvB8=>Kr6!7qQg*Vr*TkZXuenAm(wOou+E~b1RGQW_ zooZ6zYN;o>FZoD+D%(_4u+|sP$lIcpuOWt7&7T6RF}{9jZL(G-YfQ6?I;YMPR-P*L z2A7I@`awp|jr>wAOd2Jv)}H4QTj{A~S}B)$7^AH5g7ssnojh%(%Z(oDN95z_M<g-R|LNt>stM6`cWi*>bXB5{%C24jW7s|3z z9m-s5&ZoUoULVZ^Y-g;hdul!TibPGxojg*agT_vNoG8kwJUTyFw3W=IETf@%Wil~M zD$*?-i)*%r_}*-m6t{Let})G2lq{d@an(xgXKyU2g=`ep?ku_Vae~f7mxO5ypc<5; zQPe_SPSw}hJE5Y#N}*Iu4kW{SDU~=?{Oeb;ckxTMOsmrqepcyqJeSn;p_vp@JJSud z)lzd%V+kz_+;~-|()rQ9oq{cnQckMz(7r;J+klfP)ol_n725hb^W~XVk~OG4TYZ-F zs_3Hr)y~BAnoBfL8savSnmWQL52Y@hs=Ko6^;_|kpN+>vIh}{Blx6LtMsxlgL#v;( zvLE}4%Hn6~5}iV5I(@v8H``4_{g3WS^2R&47bmLR>WOU3U^cF}HuDr=c}7*5eki1{ zBcE_+rQ1Llg;W{E-vdahud~`#<2&`r8gUPOYIR5tqrOm*Xsff-W@bm~)MbCBy=k3J zo~Xrirn;!EbJI<}Re$x88e54*vdDGzv9!2_PNkpfg{mm4G?&^*w!|7fRS(l=((pPd zS-oNxp2}5(@com{$`pTBAbsK>lR5Qy7FR1Y)JL>XB8~EEiMuyg>h84jOty{IH;W_8 zR#JbYvze8@#>44ny-S+?cwr(IhLury%8K+)jGHR)DsOOQ6K%G-QtaioI7Xuo>kA~2 zl3mqZqZ+g16vim6lg4FH`Eh~i&^?5YV8iVToR_KvFrz);c4`t(%l$425k~r@hl4Pyno_f|ES3;da zZoV+(wwC7_QSXTEn)O%XJPX#RwK#fpI({)5)sOl!JygYMw5=dDZ`*k;mAx%(Eh?yv zqKf?08hM{aEt_~|cAMJ9za=PZLA^%>R8TF|1~z)M(n-c_CAeuB-upCj5mt6I@+*J2qQlWt1M+-cN7E#JjVOAYZeJulWW>NTZ<{M<>V$87?15~rEvYgVdh zTFI@>nYA8DTFoeUj-!sWq39(~hMpP6if+64?Z-jld@mz9x7^pe)73AzUP#qJ7M!e?)c8ZINL%3%g^|r_<9Iz+C~=gyU%z#dylSq!ebvS)Wy)hCUxX-O zqd!To_2z2l9#YY)hB()IOf=q7A8wuk`Qv&hYZDZccHK&7wG?|Lkj{4Q?SL+NE^7MS zg-w5YnU*zVoG2f)TGPga3G!9?qJ}i2Jca9>&Tb-%{N?H)ni$(P@xKjvs7Kij7Zy^I z?R+l*(*2@?-n48aCDBK95PghlzW0{K>~)m3wm6sXolrrkZlN}n5w9wCi0yA)b+abq zJu*GyEstLMb&IEwX^NZ7S~T6El4!19n$<=jYA2;oORlw)XCtjAsgh@1tz?{}vUfl! z**uLrGpgyEMrYzDd3H^*Mk=kebUmdK-PQ84t?b>?_3pb;Fgr)HFGK646Yso#R65x6 zRJx6(F_Zd(Zg^9AR`i}gJXtj=o%EjgQ2Coxp)8dv((ZUBen4&;&{$3qPCKiTGs~VL6LV>GH#qDeI^gB=J~Dn@p>=4Rnu(|^M3R= z9nnEd8wDDN+Wc8vR5Ne=C@-~;y|Ez~SI?P%3nd@2#Lwl9=x?>{ByFWPNE>>NGktCv z)2J{x`Alhv8?8r|-qd)?^r>u(wY0W)(0F%vN(t9@+BickrSVE9c`F~aowUDrQhG@x z=ykpLCYPi1iu@ue+qj;*rL#@9_VYxub1I|Bu;rsvY&>a}mNbv?jlwAxozAYYptw?f zq1TR9D#e%8p{wM|o{MVgsVbq})t-Ojaa)qPW))N}-jf-q+&$W!V&JYw?(TQA%4{MWvNjSY9Pb_Eh*ZHGg+H z+E24x=0DY}jVxw)QtK$cYSRw~%g-Yosv`xH1EZgGj`W;az|ylRzl5}odTH^7+1`E} zD4W?zC;CsI%|uzVu($GkFSYk~OrI$YX*0Fepre&(9`kXktxcy|ynagRIneW~jeRvk zYkf(H%R%(f%v$;wOye%`K)3UXtG)XvzdVBC9(g@%e#a~Yd6{Ho$}%wNG!5G6a?+`t zvRzDK?SxC&U(%<#mvGjfdQ<5U^PSEhuidU4m9yzE)lV8%l#)g^$?)@&+BInf&!#vT zA0(FXm1&4Z;;0XnuG&PpOB{EIzDh-{XDOSut8n(I>L3mlKYIOE9&w;#ejTN^@$#YY zh-xwxO)5TAz8b5@no_@EQe|x~3u=(|&{#+Fn{ROc70&*W=1-uz7BkBs9#jq0Begr- zs9FCe>TR>2($%swHf+c8cqGA_XdjwDvR`?=wdW9->>IQlV0(F^7fu1(}x+-NO`EVU+hq7DsV7JzzbXR%mFXVm?dtxHi60ZjuMy$5#%x#nIue^bFHkQG}u>*Lh0)~W_d$x0E;RO@UzZvUC_ zUa_N~`i(Y5r9ULK7m_R4Z{=PKrOUmNU2l9!JE%@J<~Kj6*Rg7W80+ZleWPo$u142e zEu*iPJ=>)-E4-SkR*&CG+PCsuwAh?;O|ZQ+lWn!E)^Mk(t=Oyl15l zpQVH^ZI$=$pz-ik-W9BlUKY+oXUUT8qK$^0MWlGy%c`~Ax3IRmh%(O!SMrufakPR? z3uGV)Ky7x~fa@8B2@}WEv=xq=Ct@kY+DIMtUB2GU&^o~q z-eC0<(Hmn^d4K8&t`)(Lf`=%@zS#Y4m3gsym(13g7rHkXZCoztls1rTn4VT&qy9AA z5)==~W|EHVck91wEV&MjHj8{@9j!jx#+Dk(i|aL~Vttiq4&^LcL!M;WJ)-yquDxh! zS)7WaHEL$N$@c1m>t!ieD6`l#_bus_r^?1FUD!gkgfowao=ft?@ivmwm_y^&jofb` z?o{{9)}M(Y>KB#w@E%3039WCH2UfWnb-Y&9J4kneyBuF$#M*hiXFN4Lh5XdMr_jd~ z1{d)To3;0+$VqQ3e8aW#A)#7(YFI=W?sPmY?$#TX54%uLz(wn!M;+z0Rzm9AS_)%RQ1)y@A{=)_z73OQ;^I@;RCg$S!lRT@{a=o?M;Bvafal}~O=6xc1oA*)pVDz_ne?aO9IO>$(Dtf8x zn(nhMoOth7Im78~UMuS_$zOf6tf9;m&>wX*%H4~^f;)nXbJE4XUpe~QymyhG-i}&C ziZipcgu>)5(OqcQ8{n@3c;rp)`g`o)(cX2mw|Q?NyzDxAi}#*LPh{_jwKqWS@{Im2 zseg<2F3PL7c*UuDi&t0a^z3hV`rNZ~zkf5;^7u|LB|I7aUg&c1Z}DDFUeBBc$erl;k!2(oSAL3^qj8(PEtacobG?IOv0vI-y!M985l~u`_p~Z=ZJMH0u6Kq+ zkyEl#B-dNKl4nnmTy3m3r*m`IXq^4-m{QQY15>bteJ$W23Zy+0Ix8IrOs9$Yq1p!G-qDvig~qY8U^Aw1?Wox$I$u&utHXJ$l#i z2HLL?`i%8m#;-^9l;tS@rp;{m@tFG0Bgo!csn1@)=qpKGjllezrE-?9PB!}tymy*~kuPyEkYCq4va)qGs_JrnK+WW8O|@no>)aT#3mJ|( z+uFR8TGy%B5Bb_AIzPR8xYK3}{o87K zJGvLDXjVgWcYglKe0cJR$y=71-S_JiQ!@sdw@QtArE@ekmhWBjfm&CfR+sE6NMIq%P|A1QC)|cq5CFNu@34ZnWkx*WvXi-DYGUrhJdNV(FsCOBZuga}< zF+P#*(EODAd-A$#c3=KQjl1nF5>d%UIB@e1|~V67*MsaCaR z>kaO3q2&v@CpbPFA9)GB;_k{nHW-|bU4BrG()#hO=(FG14byX2A>V~RMbEY%_2%j{ zN}tQycr`j%ab!XIofJMDjP>INi(6wFE)pz_vNH*hHBHY z5h$k_V`%^{yYeqfmq{YU-&(^f$(0}7&l5>Hyb>9!e^RakXKCeR|%-R4t=aO5R+XUl(wYS z-sh0y#L?r@DVFDCs5ErOU%8nlPkCrIJ~b1r`Dd;FmF|}QD01m&9lFh0rOIn7R?L&v zi5`=z+Z$yYh^so3I4vZNr}>X6w6|JHxvLk{Jgju8)`F_v2;n8Ios;BiHMUyPym8hh zqDJbe=3NG{Q&V?rHbkvwtMf!Nuf19vt)zd8oW9hP!!l&S-Vu5!pYxEazx@9SM%XER zQ|#JJZK8K0)R*YHUk{=ghB{X(Yw<=xS-&J+O1({J{!7i{cR*v~H@!cs`CoC7dR;#c zWIc*j@22KqjR$S+$iMrdHuUW#sT)M|NRx|uM00Vi&Blmd6++KabAejdYww@>HxA@~ z*6JCJ!K5K=MT%eF;AhtNIGychuf*rRm$A2JjLZGXGP5@z!@og4MW$SxtSjbc$(z>zCv3lX`sf zj%z+HWp|i;SA$%tC)V7ND5Z6#KD?){w1DWRH5KAD@9kGRo37K`fp*hT9SdpkW@5}D zU28|Z;n6}!t&o#0uo+Ovxa^1FCwghEMXH>h60#Wmn~>#DS~@MHrPRt=ajiLlvFEsi z9(gU=Q>(#if#{^SYh@D^lK&QZ6|LD&zaW`WDOz|YJGl#*rI%3i=UUA-smIZbisp?)dE-Fw zR3kA&MZF=ZHOS&!>$_A((NybY)MqFy>%-#6WO{CrPjR;G<|5u4A5lXzQXG}SG`_7m z?;*^f>!D6y>yv!`945Pi2l9 zY{j#!$nn}h{j6UXnEAxsO|iE*L{)nmV6UT{%~zBXSFNx7Z2V}uKi!ISZgKorLoBto z`qdujX)|8ZROx-H_*+sd4o&Yf^(Jn%Ia1ka1;lz9Nx7Rg+2LqmDP^1Y`2%)g?(z83 zw8?n5WGgAlD#)B+_?ojUWk=5rJIHqmwa^T!uJUZ?Iw`tNkFMHTM)zk&*TbUg;nDSo z=z3^$)!I~rUlLvCMAtRZwKlp+Ybe}?=&HS8^t(Q~HbvJ%qU%}FRXe9B+-s2j-LP3#4+mQWSfbbr=S6)J*0c=Jr=FSG#U5YA}yr%chlc`sX>m!RekiK(igU> z*pL2vE*qVN=xqkQ`D#|NEKa?TX8B}#54@deYt^Jhrn=rvsn|*yNv40ZT+gjX)=Jvc z9tqMp(oEDAJX|1KL4>LQ~WZXO&8bxRotk(RUU_wCM|V9Uc!M{Aiwhr86GAP(@!Ne)k&RuNKnyO%|g1F|F~Q4^5}R zRqD6Yo2#$Y9-bjPyVes{y`^-t>A)l41#!J!^Q0cj!iYP1k*Y>gQok(zkgl_pJH}zk zQ&08Im+w!NujEZVwt7aD+rPo%?M?G#=}mHt6n2w~!Wc&?j?cx*wnnEaLlLcH?>K4P zU}H7w4UCJm&P}B;+tT*aP){wrpf_sQ0-vVd-b(M2y#*<6mG(VSx*A`K-qH}JSM1#q z1g{6@gZ~HK2`&cj2UF%uJ@CH$Qx4H5Ke1#2_&s1f zQ4o9vd;xqJJQoXsSV0iH8+;PHt}qDpf%k)tgHM33fYXbDU?=zn_z8Ghc@TUMTsuAp zZUuWPf}j_CcR~<60A@`Lf+Im?RS--A%fa#BM6eFL8YI9!fs4V%!Dqntz+K>R@H}`C zR7@s4a1?mYlpy#l_&T@&8~}$+C9UZ}&<8F79|HG*--3BFs5kf~_&zw{;2>BHnn4fP z2i^eQ1>Ot(3w#kg1;!l`1Y5xla4vWYxDnh2?gGz(aWknSm;vU42f=T^;#uSi)__yN ze(+ZCK5#j>6Wj$J00?04EATYe2Uml;mIT2s!K2_$0Ob&j1C8J;@YdzDC%ES5Aovlu3p@(K zl|irweD|0jxCh)19t01ACqUD&LGTC|$2cdCvC?214G;vo;1l6<5q{29cm+J+`Q|jf zUjjVe{5#(pp||KR#6b_}2Ls?{a0mDicnJIosC^32Z`m=9r{jV{fUc?k0|yW-?A6rV zq%@Z8bYWwgvv{TvQyk09G}TVDs65$y?CvV-M0WKFXfV^+(zGYgljz-X^~*_u>2g~} zPj_s-PPA9Po$|bwm#4grFuzy_Ba6H)&-YJ%y*^j_8{6LjMh2OGdPBqh4on>SAH#CV z{!D2eh@Pik3MU1@#JAjDQ1zB&f1Y+zaS*$`prpH+Y*t_ZSc1Mdsc2av1w^vo!y}c9 zkkhKtz-6X*%4}#XUt6EGuc7~aAmcCfRO!TmvZ7c)X>ee5;r>|gdqxRDc*?0Oz7+dX zOyBkAudDGATwHj1LBX=940kZJxf8TtYRde4FOUiP9q>}j&+lVa-VPoB4+5E*zXlJ3 z)d5~6K5BwX-=V^+4*u;#`~4yJyC(SF$@cs5==bhZ?DsFC-#?6gPk5)|*97lgZO>;! zzyBlpJvaJ2zs8;)<$kXY*16xSgX{O&{Y%fW>&htnd!zfuMB%^eey?;0n7r4Q zTnyz33Q7u#i;4>h8T=;sQAJBO?RLye8M`uRw{n$JKyCmz3cComigXHs0vu4OKR74- zZ@+#t;U<&&LKBq?A}#mvB}E1L%bI(QGjr9QGsw0$={co1i02U_;JB3$FUOqB>lVtH z%x~1VsoF9KW!Uh#(hC?~-(C;|yIt~=7M{^I{tvC|X8v&dTc>EW89dLZXaC{=r}=b# z6$Njer2PD!4z5d;?2(M}`Y`$H*eGyC$#vsC&ns8^gF_*F6-ysmiHOJt_amEQ|C@(H zVhFSInilc6Xtw#$R?tk6Q7ySIP%@=*+ zS6}V9=!H|ix_9B4$L`#G-_N(6+_~_=pTG9L#}eQA%GcNLysG1a4?VJOPRA2>{rdU; zeARhho&Lk>DW~0C{DJx>-@K#v(no&waL@VYe&{!E+8ciM*^;V{e*Clh6XR|xtbg#Z z-|xEceP90C8Eej}dEv_64t(XN8CP`8J7!DQV>_q4>EsW;@wgj{Kl|g0-cj|H*L-^U zGoN_jd!_epc>m7}rY<`1;9sxl`o!nfT(`cgZOQ|mKXS_@_a3`$%crKld)sIJ^`e4H zKl!@5kFGyz^{+RLYdPWVk1ss>p>>N^cOHMvh6#t?X`W+0{*~v`W`=d&=BXCL1Tnm| zMTq&M?p_hT>GJ5Ct@FB$#;s$8Rw1Kw?bEOQH03+BJv(e|pT_PQy(?u~t+levzm;@1 zvE-%JI;`2@*x%Or1+j*{t#w6kKc%y`z|z-uy_9sH9g?n3&%dqpQp-7cNP45c=cTtS za?SU}-0Y#&qV?cGQ@0@xM&_Jf7ir{9MQ_diB6>^g!4cjPd#Ux*>g4qH7`>i4M{r27NFQdfTT$RVF^mo>2wyzMt2|rLelB(EYKU>9YSzKP-I32WD(bKK><-&L}A2n z0YpR)kxkTy3kb3Zq5)(PA^-2^e(UC~>U32#&df8v=l{@oPTs0|-}f%(p6#A{?zxm$ ze2?4fiV9q%6-2n^>so;;z817B^wTHa{I2NguAg$0zEeWU2K;ICG3{%?>@h5HtzFd z=k9N{cD1^QwDRdzSBu6Idnhu7vD z!5R71Z%)j{0gpVQV6r%MzTdYq`D!rXg> z`{d9-KbN(-gJjTDwULao^(xERco)d&LvGSV!VD3qyXK-(h|wbkBj)G?Uta%18acX; z+ADK&he}yy?~`mCq2E@AmB%z!Ta3gewu*>QqDvg1xLDtb!go|4d3uT2aHOyIJ`uM; z7XDhzmAu1&+8y`gelo(|RmQnR9g+jYImUP-XW`m6d<({IGC5oHWEduMbvy^whs zDc~I!`H^Fe(epTPk`rSLPaq?Z3&)4CWVGT=thjpxS%+_@kp794;5|oWH0X(rRc*yQ+Zpd`=_bJ>FFo=@_^`KblD=6E4md<$n;7k;3Yv% z#yqEeNf7e&(mH1U;LP0JsFwFgcQTVl9!4qTI8668W;P^Ru~5SlY7)lA6a*F>f5T27 z%XRNkvIHrV9NTAOk8z~L>@zAv{Bq6-d#J~1Z1SU{o&9!!u-+>DNCsyj_}M=j+Y{qZ zp_o{nGx}QVIN~3=Vcf{bYg!p5{8BsZcOSq`t*{kKrk>bWWZh!5f=F*h+8j=ad?Tt8 z46`pc)i=;RG>0}%bszcIDFxcJjK-=X%NM1Q!4FC6ofABXMxcyFm0gIN?XeQ|IXvgR zT(sHzLhdl{&~oPRy|u{cGs0rcZm%^j6HZfS`h4Q?oc^srTh~a>vGZWNDubCH0UX~mpZ_) z?JQ?ECCe;w(l!Zoc)WL1JBhbtEEq3a)$E&b%vap?PM@(hkYMHzYNe)_qnR`7=rh{M z)}FN()|%fX)~!3td3ksH+R(<-S1mh;Ec?U~g9U2IpQ#NFQ~}pf8z-3UtdW2hz&)}E z9gSTFhAo}^%al+9_sJ&Rrt)11Bg0NG#sxcPU>H&G!Y_{DhpX9Z#M_pxoLJbQ7;{RY zKkPBIE$mo4>oT$c(9VH+my;HeVfBhZ_l`u|mw+szpW2MSBkI+?GzTx@Ub3v^Gd9l>g} zr3amkE%PK6AYWd?O82LT7GDxw_g&)V~2JzdV5f{zI<6MS6o3Be}?pAvjp@EO5>2tF(LoZ$02!Yjm~XD}t{Iz9zUvaIN4v!S#Z#3vLj6L-0+(je?s5>`(fZ;AX+M1^*@Zj^Mk3 z?+LyyxJ7WQ;5NYz1h)%*D0s6VcJ8fzd01tn{br5^NUyTJVVAH-g^^ekb_7 z;8DS2fOqu@!wQ-Y@j&j|h`cvkS7;Ln2R1%DCzRj@_yg5X8LOM<@%UKYF} zcvbM4;O~Oh1^*DdA$U`;RUk4K1;p5f7XlB}>8(x5|I_~%jH%heHGe4lChgUX<=*vA zmV2w-%a0|9<;55bx3heN0g|NDN`QRP@?n#)jm%bOW~OEj*0nM@BD;OoT-Qltfpae2 zSy3#afNYY|0GS!debVm5rDDv*L;a;A3MjF7L;+dt$Z!pBzp5Hj&w6itw@l?s74IP> z`jb7EEN^)1?-NawU)SF)J5_q7F|#UjeVFSM+XMeAwV@^C;`>R-=kUn8t+y9lcgm{H z(ql~f$7TOi5-)K*uzdDh(MZ{~K%OZ@bx_(P$)zC%J>>d+qeJ@Km~8<<}@<7Tq&54{FwA&SBjf3NF3w9cwSn4ROWObxh1| z$*o{hOI&@vR(1WRf-Jh<6UUTV3x#7QWQ(nZmRe!FNpF^;I%iuhHO8e@pJT3O?1gFS z#US}Y(v_6HbASI)&ra2jX=6U(%B#aEuF7HLx0>5vVPXd|$4M>jQft8Qb;L-iHQ)() zt~7;}qwu@+{`M=c{_Cs@NB%4jM!5xD?a-pYwiHuPb2;~ z&4e>I_6|5KH?Ntfcgs_DMq}o6_r4`nsrG}B;_YV^WL=Wc7-KEX63reW3}H7x1$)RJ zfX}f%@d7#xMKa_#(GS_X?D?tGn326JW^gQR)lovRNV_V{-Uo;Zu24Gbs6-XBVdxmA3oPx)-qS81+t zZJBJ-ujSg;Hw8HA6I##xT57 ztT=jg48MqFFS+BmgAad@I3IuSY2v2+bRYT3iVI$M$1RfO1&{H@@Z88=t2TveCBwug z_~KUUZQjBEkLQyU!Z;tB^SU|Hb#U-$vGK}UkMjnJQNhMWW8f{1cX(%r{<(xjx??+g zk)Ehk>sj9*zw!dznH1{4>rGvAll?_c!v$m27JPiHqP-`Xt^fBDkV}|46|xGDE< zFO3=VT-HZ;W11u`_ou0(5xVj}WwN5-%+8d$SBdhte}JBMzUTRB+dTQH$hXJ)S=AS7 ztCaT*Kjk3#;(S^dILr#G|8u=KLc2>2D=2?Lu7B~4&pvg{^pgyLw3?Pq*PF(`2x&=X zdS4XquTpl_xw6bEL|Nm6cl*4zpB3#QSdJnd~FX z_2p4#eS$dKQ5rS!o$Vd4+N>TF?%CL<#LPX;P_GlOdCtHYSKc(ZeMzH3J4*S(Czg?& zjz%R0l8kH<%2=&qgN#^}IZn^+U!oVr7*WB8iFYeynUuzu&j2KH8T!tT8=KTi9;K^p zNDOCMuaOKPCoXGU$SydU%#mJatO+#1IvO>`+ySPyGFVV_0S`j=J z3i;=#OP`dzP&GG6u8_lhsp9YG4JZ1}(I-~J!4$HVcTW>FFlwAeY~4W~Q{)nn7Su;H zp`Ubg5O>KXLn&ia1NW?t;2h_;2QRDva_1n`&9hDF<@WJTUWak!n3#nhiARQYG2(7wPS@RQjAyADq;xaVaeM z`0y*4L;XA0aZJ)8-Eq_e=LvXJ;TJTybtJ3eI|(;+fxc=*9cW2Tw}#TuSf;jypfxz3 zJ!ax%EaASIp!uPW!nJVD<7P~-Nw7H>!$^nZM`g{O6@S**ZK2+5X&C; z6G=la)`z;_e`tzPa@jE=V#qeR2fta$5DU3fm|vo2;a_-QuKHac-h~_Cbm$WN@Cjb9 z6;-LHIT4=h!fEzu=X)fUfpOu)bgYvTgg^Lmu1cA&Uz9pu-&W|irTQ(+^T=3HTRxvR zidx_>a+)JqDVe(0t8V<$$UjFaFtR*FX5lC&h+OlT6zSQ_bJgyAsgeIQ(Fx!V-3eyR zWBGND(!20HXI8_@y~mj73C`oNbfkaK53$PWxGd0T?~S21rd|3?ZP8{WZ?pN>x?^6z z0@?-45**)Z&OA(+1=3G2R{%g&e``$&#K?fTN6W zB77Y6h$O>Qf0is?+=o=Ff!CS z&Js3lJsP^a7DCQj2aO7ny+?hcwP}RB=d|cwB!B+>cxTWyUc}mJ3pkE(&~<@c!FHjn zU#8!AmT{yuG6M4p@?>eK$9(RSG_X{nEbyG$l8bos$h987RHkF=3=|HkH5S$CWp&Vk zoSsfTUuX-uTpDV`FB2)tF@)5XT24>{QDK&^SZVMtwpW$pHC&ACg685a&iD3g94&yn zPxpkt!O##=kyvx&8)f)BcjsrebhqRq(hF_DE*zw$byTWP%|WJzG)9+f_Kc%x9NtB~ zK>zHX@Vpr*;C)C$m?4o;9M`CYrqVHbhGIJGTW@jcN zFSdw1HH>i_&$IM4~Mh{;R*hZRSwPNuwcS<8uYl1~VEIIb8Ga5(BsJC3%L2p9eg_e%rwQY)Cv(1uH zt21v~u5vPh+lM_)uNXh#pv~2u#jOuIml!A{0rLd*hrnUX0qDU{=?O+C@+rE`d&0m! zt)Nu%0d}rW_=-8e>-7X_)X zup@w0P!m0llpA#gmK!IFIKJBZoT9F?cgRwSnFIWV&O#D`7xb&+gQMgE2R?5ga!s9{ zp$;$y_Mt*7d%pAjBGv5q7(5<#v0?3`v$+^g>i#j)j&pyw5_R(%TqZ+PelF1=_kKhxo*Bb(@uLn;pRAB7$pk>jF``{BI6y) zgAwv7V|O8s>>=z?&6Gu6^alNEe8TPSJF^;Fa*l!r)9kvyqKfkZ%TS+6!srkWgztEs zdg0x-*uQle$p!j4u+tiE=Gc;O@wZLe_to2xn zo;|vC@E8;j`%i7qO7v>Q)4R}&E*0B^{RA~C*V>%jG2ZJyo0(NoHe3ZRkxo#tPtIYi z?J>9Q1x?Z`P9ZWyGK&JI(SjN!%MZ>(LopgPy1!0Z5Gx05P^rGd1Ea(L3-v_b^FG!{ zQhmQXyie<}-o|Yw&29V9gLbtG?#FiIOsR$X-_mKZeqq*4tB|8;T1#f;k2h{X(i4k_@!HKxi{1VHK6BO6t#;k^31hCC3FOwu|F=AtbN^ur#vID z9<2$updMC+khpju>4SIN(eJoFo+#30(Fo6Avw9xSeV&4%te@Aa74>?mRkVlC(H_9m zV}maO&UZWDU~6;6xl^UEssZIfPtYUtEo2~eE@O*yWmVQb4^I4o?%CH>tIze4uZzQd zut^J`7R%4b(^x~MM10gpCbXz!AmxJ%BqW}~`9Wqk=o$RwXov>Q?HcrNsqleDSuQH9 z3|!ZsSr9qijR$sG)vF}%Lm$A8u@<#A5|fj-?Axi4^@3H{7)o8N-i*l6DsTI&ExhWs zCh#7arlRH1CA|*+b5dnKHQ8FU?4TvA^&?rWSr{iu;B2H?wP&H;hO2y6%;;2DMOGHapKF9**Sx_z1N&g#zSv)u9Ix@^Ug0_;_^{={JlHejwPBUI*ceY%ZIQC8 z)LVE3T8w^#zRqVN(+cHV8e5a*k7~XxV($lMCeR~%yYQJQ)E?HlT+hHj{s=jX2s~~s z$6v~rw~OOA%Z~A-w`qQr)MsOP4uzx38J8W@=IE`rKgSv!xk+D2(cPk|QSnaa^lvNun<|S%Ho!U=tdL+esUf*c_h806UjXz`#a?U%y zk+V<(whfq|Hq(Y}?>G-+uIJX#XYV+T7WNX=xH0D!p?B#XU!)mhMZ#tNXEf~Nw4Q{f z?N8||zlrC*sV*Vn6kIjwoz{Xm81pV@pd)z2t&2wpAK(>xHro04IT$gYDvV`d?z9AL z)BD)$Xl*EhHaZsz_80P$-#8K2+7vlr-|0@OEA9%0{`{_2mY9Db@y!{GnWF`kDI(_> zNh)|`(>A)Ygg_sogOOF<9Se2PdrD#Ss`bCU(ahLA=f>{h#IRJpaZ)Jwg6G+R?fEi0 zIcZ^kBq?-Az06h6|41xzmFXD$vq|Ft-dNu}JNz3S>@OrgbEGL@?{S=OBjb^ctdcdT z-}bIBD%NJu3Y5m^6y8Uo;nlDdwmzdR$V2dA-n8#G(x$l=8i2#1=g9Jq`I@Z)b~7{o zWggrhny3>_!I5L_;BP*=)rEVa-9lCXnJW#GO=5gQbJWc&6aReL6Z2v8!a|GC4o_iY zM|}pJVQEkzvLD=22GR^1z_qqWsK>nQ-R%C|RF%;vCMk zdtP1z_K;nrT1!XH-&t|Bc*SwE@tvBt5GVhJW_$V3?ipo9b1q6pvfm?Z(xldvj$~)Y zFVcZNdCtFmlw3yMcJDX3xo9*xyIRUe%&rRMOvqlRE79ZkXfAz^K7)&6)b~ZgEAp9@ zBruJi5zDS8@vfO-(XzyF|0C?dsMJ_IqMozoxK8^?iF*Bx_Pp}M*VV$e7UlhC;duKf z@8OAJx3l>TrU@u9qu zu-n7m*>CX|eP-_!_t>NIShzkI;@XMJXKw~^f&;ZjG-8AuW8<`cYKyMJlZUnQv`S?> z8lubxgk5=#Gp`Ig7(FkCJCO$PhUGLK4Q6WjmLN2Q&4i5X3GrXZ0Hkz{=nIRyZyBA= zEt$(BCs|XmzQH!cw}UN%C4&9zI}3Cr=Lr@k&k&<#+YQ^REl8=+VO|Zd)25iW15cIb zD@3Q%s*TJwkll4E2kDJmL@P5JW&XNQzc+~<$AwRhKLaD^Me5#OqYzDK-HHbmN;Y<) zRAmp+gM!V0E-%uqHujm1%g$1LjPESzm`d%mo{$^wYg7|E7H$pWyi1nR9+$0B8y*Za z4Rx~*^y%=_7EzJ2p#MhP%`Tl=#aGY21=;e1-pZFPwCNhrQ!Mux-T!CGy{%Wdu{?I} zq~&=%7I}>3_Z%YntDNOvuWUJKvsuv@?CRYt3O`s^$yw1ztZ!XGed(^=m&1Am6xMr( z+?LS3S>nv+L_zaXte-!06QO#P+ze^4SG#=dHUpBc6CyLo>SD55{RdAHI@orXo*~JT`vWu5%>0P|B_TtnZcc!|IyOXh5=b@&SxQq98)%A*^ z*bfoSl-|V)hdd}5-#3qxqRMOZW;tr}Zn08hTWSxE-(I6W#EAUznD-8weT54!A8|D# zjA@FiQdSTcnN<`crFQYc&k-Y78O3;zoztZ$z8qy=nxTZ=`IG%?|9e?{7jN9T8+98y zcb}IYbzX*-#fP(G0eUYk6c+d5#ulWu`a`nSOWWv;+NnQQ_EU>=G1l~NDoR_^jp}bepqGqwu?*I!#rQw9=;{F z*YOUGU%l|t-@S~tke8PDj4%B;NOISf8RUUO7p#4$C$VIv9#frS^?Zx$+ z0~F_Tqmi{_N&vuf?4r%P)Aym!o+;+iE^48A&S_MPOt zV-*Hp;uHaXU3+A)b(vLphZY`VVyanrtP68YG8Q)m+uB}A;yPIs!rx2w@^p8Dy%fv> zV~O@3;k_@ME08VG`woZF^dvl_f@aUM^6gL7lDuH*SRzDoMSyw)ps z;FH}x+_#Sizdn6#7Y%|#$3ZO7^X@5_p%(lDjJD%T*tNundnF-8fA1&EGm8cr+$&r| zjqzr2?U20;)JwY=7t;x{gY_wVro`LfpYz%-*aPQa$usiilCy{3iSChIoaORRQTcOf z?wJEsad%kCQ5`z=x9 zRmvIQQk`O0+i4Z^6$w!EV^GgcWkH=o5VA zpS3bx6kW>Oc%5W2?_fd3ObXX#``e~#v-Y9km(6BN;XS`6l)pfUq+U}kGjQ2(Em1!38KqANGR1Z7 zAT0G>@n<$~PabvPvrSjRS$}3VoD~=3M^$J$D-m9`O55w`0(B*!fA@ggqB;dNk; zLP$Jh?-)sMBoVa}v%)$oGL=|R^hQ>+MC=@#Pc$}C-rhKm3D`*QvhG6W_w*O9*D!jH z&I4yrdNl=HA%DraX$4cJp&b?b>ljaH45vZ={l@w&}&C=?+arX z#|^IAB*}v$hkC#{IQ41_^vV<5OV-GLq?;tr#=9NLP31AN%n^X5n^b>!KVRx6ga@&I(1;Df3eg}~HeHhaV1aciY#UZfp+GdW zEg|FsPZPK3I5+Pyv{gJ;B@mm027~q}(SC9)F0UI#EXVc8x%wU1z^GWua>fol8yP&< zZkM&QBNyD`fm+q%lgk;P@wZ-X6g{Ew?Hy-5F10&s-_=Mrp^34|z!W*PZQA zt;Tw(`3#N2ii*$SU~LBqgr-=_2aD{GBnBDUMMtr&iiOB%4A!S9;WujF_rhJ9@F$e* zY%b8|upBnP5%16nD1M;s(Z)_)H)-9MwPh%QHDuHHM74==HGg=Gxi-i#bgL~<*8Df9 zRY;6(J?mJ5Hnl2$44|dL(y?dLSdzFJj6PvUd+%B-1?UY?D}LHot5P|R-Wwn23tIPF zA^wi^1am}2I%WnrRXA^OoR%YUqBKCy#<;-3JKmeZ3aTm3y8$)^+*u8^{vq- z_>Qb5_lP?e2YRf@jW>F=Q)A*4FCj1! z9Su=@-RC9Qg{9}?FKbMOiAt8Jw?|8Uv-d?x=4*Oj>|E5dxoKg1P_pKDw0N?Z%y8E>xGmt1>t*T&p+WA1up z?s`Pl&($k?DbK$zcU_fn+@2{334xBoHiMeSN&+H1kUdD&)1)EMGoH6137~r{Ec7Oy z(NJh@+Y8;&p*-cN;yC+@wJelf3GG>HvGdhdF%~EL(OgfV_aNGtj#Wd7j0@V1QXENx zOo=EhaD13EBbdkS(O?!q6fFB!u^kvM_T1Bc z`tQ>Tu(0B8OT4x4=gwLCzVMR$Uew&B{O;xQwbcaLkNMj0ibM;s_ZsGYdXk+<@F6|0 z%txBFh~~yCqxNdWx*V*2lliN7IU`Hn_1neeL!~@xf7fhuhcGhR`*!!*(=&DOakE;r zT&+uOB6}{dgw7OhnJF+EeF&kK=Dqg43E3$`Es6o${8lPz*%R|dzAPwT8Q}@ z79tve81IR~>3C5UdJAoit|ewDtIV#@3>p*}ZE3o%XaTB^F;8eLKLd4iiK`q5X9`Ew z*(YWSqfSPQJzr6uQZLdOjg4k3JfqF_rhQrLB**KtPPJgOnId^7))ILe8x-51N~7dG zPRtuT2evja6?@-n%vj=l8fa?d0y}Ew3Syb;-paS!q6LY!Dm_=wb_o)~a>aW~=&|?L zz?o=1a1AfHo#4RsZ;#TTzgO@+!3PB7wKhb759 zg42d4NtfW>k;)4%m@q0y_7jX4lO*E>(*#EdjugxjoGfS&d`NJy;0nR@f}aUC3;rs2 zUGS!0_zo&haDd=rW0gN&aEss$!B)W@<5bp;NzyI2MDSU`?*z{Z_TEYT7W_bPpJ3+B zNitioTF@ytQ*gH6qk_u>-xPdX@SP3!l4QAHST;$< z0DC3Lj)MCHj|nc`S7!-;8DTjf~N&r1PzBN&%a=h<~eUe ze{nEK1CS(ZMJK?GIrzPf^>vW0{1Z>;w-gR zN}}S`?pCH(EER0*nUZFf-$>n=(kkpDM@JJY<$a9y!}%;O>f@BInVO}te~IYVbpH{1 zrtl1KA5S^8VSiz3AvMVbXRj#hG~BV~@EK`SrS%SbyH6Ugx5w#i+Qa|wHb1>BBk;?- zEz7Oh-quh5J35zK$Nt-@Swi6-yEXi`byV+v8CfsI?@?wr9V+)syi|@(l2PZ~Uoqyq zsc($Gb3l^0zhYp=BvmtA27n8U&55tbR4VpTqL=*m_Ad?W=MlUpLF&|B(Cs^W6857xI2ha_MZ}-zoR~hTQkP za^EM``2GRm`|M<1?t3^5PPfiGgZs0S+c)~T&xG%K=%X(Gce(H938-ryHn6IKzoNC*1hW|RuL-)}$*-x;7B5gM zTZ7{gbG%9I+*V)NchlZ#0;}o9>4X1GQ}g>Pl4M;#$mj!4STp*i=6SpReEIp~v|&N6 z0L_@rnUcuizN5ZXB_AA3eesV&4^vz|Q_$Y{%-h%gVc@EPw+*^Uhv1!)>^@a)2Zc>G z>qUu($`?Hxj(aYt2{a3Z>P6BY4dxfrlFU2*j2BdFzLl(y6*qZQ%w^Z{^KY2zj@`F z3oo5=$q^0roY{5C*oVIO#CMzSIPK{APaQg-`}A+m`_xlk-~GX1Z3C|V)Z@2|_;A&` zKX~u-Z~yI{H=p|B=w&~x`rfbqxZney|N5X8FMs2YtE+Z@;p(*yWG`KQ$=;`b=-7py z-t(i!p7^Vp0sryhw2@!gbx=d{u`ljCe9R|5J8s}FE*d>~@rQr)uYY{zkQZOs+PbXf z+4~{;$V#|jYpLg=FK5_HCzn?$+Yk#`>n9d)5&mq^{k7ItK0bA>a%}%%YhqyaOIfC#(#h6gL7|s{F@to_Uwl*`f0^JCrmo| z=q1m#f8^ew4}bEc$AZwb#jeq_&#m~yhesUy*S0^rWBD&v{-I&y1=m;Ko_x0R=2w1r|L4AY zapo(Jz3;9)Cf)tMyLS0`X8bp+ep~aQ3AHyKd-)?UgL6aQz}5-vzth^Jv`}EmQWsaG!HCi@y1#n&+0^^|f~%b?H|p z+&TT<{g(UOXX?|t~Q)w_=V*e3@k2Tp$N`nmdT zK(F84tyjkhhU*@stP@}ibqWyl7YhaoJ|&PFG`U=W_~UHRVS*b3^x@lrv4YzK?-1N2 z7$LY{K-rwDNt;IRmn3p6hG%LzJ6l__wH+Wh0eL-L}Z0PLl=;~={&ek?8%ht56?dV$Hv#w2nReFd9(HJ_oe0@(V z3w=2mPJj8rUsgbQay5omj>>)Kb-ACDmCF{+T{-`_g>$#{utvWw5xiIa?ppnuAUrv?AI3QXQOV29h540!6x zm!CcEl{3G4(YuO`Kka?=Ltl8|wWaGuUvr7Zf4>_yPt|W1=mz7+{fhN z>=^q;1$YUc6ATvoLoh@Dy&ycZy3+r5>Iy9^(3P=Xt}A1|O4pIPw(1H^_2??BC;y@= zv~r%V`7}{-ysDF_43%Dyb=TR+XUd-2v0-g?@%o;obuF!}NlojvXY@OtY5$UruC_)k z%a(eFv7SCP3GdLhUVM9a_0(kjZ2g{`-L{r8!{_h3r}-;CyDbww@6r;L6{DfB)5CnLYph!(Bdd`;VFjE%<21*ohlX_~ZwFwE2SP z2Rtxg)(f{CdD+zu-|+jn?>^$iRVPk=aNw>FCnvso@SFQTuw{02vbB9< z>l1HgMoru0;Gf-n>y4lI@LmW0%P{u-I;5e))ZmytMbj z|9WHf`aeB5bm2ayeE1u8oHB084^G+hs;PrE&ilv_Prv^|Kf2+S-(GR;$F6M_hj2 zSGx~<@$9ede9n#+-ca|h4}Id~YhN0?+jU>L`Rbd0^}Q#4y7QM$9Q6FV9=U48-fy3^4?ShVFf8KEQ)^pa~-2BV^j`;EA zvp)OLh41|6qzm_5RrULQ{$uIC9Qop&zZw3WAN_L04dZ|ImoL8dkwbR;;U)KeYUeK< z_2;D*yyuuH@BhW#Csy3Jhq;+E!$XIF~zmnjy56Fta1H(B3^n&-@FqMF{PC&=k|g5>O5 z@fBl`69LLPsr|;t5TZHW{`h9b5j)i9A7#)ehAkJiCKWZQdd@2;@^{c zez^#Xl~VrluZQdV+4`O5FV%ICt}_ws`uoE5T7^VRe<6Gg*Gc*~Dfhj<*WuS$JB-wo zzy4e&>$x9&T_<^~{{Q-hPg!k7&7G+g5r>F#@9@=5hCsU7+6 zXz=w*~Xr1WA==eu1(o>>({Q!wzizn(mFZYv#urE)Y#d$ zdVTBqp7kx=*^V{gx12RCD|gaq?HwE2v+G*ATGqE`8@sa~3-@FIU$%dCO-EODabwfc zhU~kmv&+}DboVN)v8!cU8=A9vU#59msN}SkP1&AJovN|1y_s^_8hiY?dz+EnxXr+> z&i3wEV{3PZ3Ut?1N_R(FOSWDAwKugk_H0nS8`rIGT9*|zHgwBi@9Egqkn9tv%X!g()BDo>0SpW)Qi;}tsr=# zsc=0k6m|$l>d=Pn#1bhR|* zmDj@1&^+pF(X^wbE8EqwMr~_v(mj1?+!!!gomDN_&JA6i9o=z2^JqepKrxr95;Y6_ z#D1>Uh=?4{Xl&gODqF7s0VykwsXJjoUCrFO`k6E5w05kfJJ~hsTUwi|vo(2bP^sB< zB9KOx+;aMc##Zni%b2rh>714Ib@S@#>z35kg?H8D{=HSRqB^@`T}!($z+f1Enu|pu zZfzAtni|`)-JLB>>(^|`cC?3X(5Ie_9of}tdXD7ISg$tf=L3#u*;FGU$gXK^TpJL} zuQkgSs+`u=?4*|Jwbhfe%QmcTUEdTR74}1i=7;g?Y0>Y?8rOGC+JAo&spg<_8)`x$ zgbIdJ2x;HYwpy*z2u4cRHQUlC0%a7yh47#;@$EiFB_c5nMEo9*I&W$H;+o}gOx&{8 z)=fF;%tq?c(5qLfDA0RjcJ2Bzgi-NJw>d8m#Ja{aTCy!?Ha7LB08kkEAU1H*srex^2xhh9-fl zwAgKrcJDuP#E^M`kF)RUMcXwiV#Al#F0Wg@vSE4s!X@)ZgtoE z>VovxD5)h~+oj^O8d(Wuq)BL@ScgK*TNY!Dot@dX#!cByc#?_(4I|yRiF(xsxeC1| zR79Sdn)Xt!MbRg*m*a;cL(j!AjT>5fkS{q71NoCvTs3Aj4pXF3I-1oiy5{%AfgRb7 z)jf?Wd|S$5vs8dOuXZ@c0@%od49elB-9IsKHQZ-$otl*JL|ex~@bd z)NZTm&_lMz7WP2j7%M=R?5l#B>l;?>t9V(#_XUp#Dkm!LR&a!1rr=1ydjuy7{$21j z!QFyq11k(J8LSmi=aiYM(}aL_XK|syq-VLDgNcP{Ktxa zc_sg`;$I31C|+stI|T)>9I)-L;7;)Z3horVQ_$*yI|cO=6wuEv+Zrj?vwYYYO-S)2 zR63R;nZS6AnUW-j3r-PyKybC-e!q5xJz)i z;3tB61osK<7yMfAh~T$^-w7Cd{KcW!RID>mE+l^8nX^T9OF2qk(VFKjccx1Z~AXrBj5h;|1btBGMO>R<2Z)! zr1>zf(FM|^_?Nsl-v0RiHU^^YhaFfoA=%@G`wz2+8V(*JDAFz*L z-y0O^K;Xo1sgTJT*@;@WXdSX@>m6I~82*(Z-^qSrz@*B5piT1c>ba>yR%!KcP7Vnf z?O7nl zvt1Cb>7A+U>-64O_E8ZI%6H1hh9`L2&$53utMzN|-)0APRyC3tf=`5F62;HnRGv$J zIrRTWYu2pjFVafCv*Gp5e)pdml(<*?Tl&0nQu_IE%CosL`LBLF$@y8F`FMix%K40( zo3}`@1>{W`5U$R@m(g>>inNYAHpNRBulyBc|GHnTnOLUXWNzWqs6lGY6hS;kX-Dm` z|AXG&SFsVqJ!JJ9dy?7N42|{ldY%l1<(?VZ=bPl9&p&B}(xG@FC7dS^>Lw(ay!vC* z^SFaK?u$;djyT|%^R?g-pQX1n*-zieFa%ALjfQ>M>%*j=BBKeRph_@6FiW@gblq3L>id3zNrL?a2M7)nOcqQLR0|FgOchKM zOcxw1I7Bc*aH!xg!Qp}<1TzIk3W)Q1m*6PDEWvC+jbM(TRxnpkCzvOgFIXU0C^%Yh zj9`&qv0#Z{sbHDlSV6s@L9kqKoZxuD3IVZ+CkRdyoFsUU;AFum0&uuW*T&puzBlW0 zi(rjltzeyCz2H;<@oTNRwh7t=9fD55>4Gl7YQaA<5Ks^MMc3rQ|5pk#A&&^Pc@KQIILsxjq)Ctaui7MaUg6OdJ!>Rm;Ci`ABEy!-#ps$OVu| zzLD&j$8SqT|Hy{Agtn5GbFuhyiGHh9TbJvK%xF*y(NL+KI&;0G)+5UK&uR5DLQT$$ zmr>s`icH)?zmYqL`rt3PtWLcm_X5&>Rfd?P<>51Zvi7KO5UT0b`A^V!b zc1u&>g`rQyOQ}rWNl7JI@k+@OO1(+W(&9bXwFuq3L+_9atoRrVN`9L3H&Zd0%gI#y zpmccoOvOJAeJzy}ip-%<1v=CxjQbQb>_>j@5??zb2y#THMr1R}T#Y>8{GF^Q=S4|{ z?y{1DlK{#|j#Zhnv}LEXB}I1d(V`JfkS=cHI4gHN4ald%yehh=O@18ye^Jt>QGJQB zk$m6x=uVyR%K0+INy5O7$RysGU_4~eq+i?6BK?N5ohN%@Ilxp)1O<=(3I@=u?M z<;7EC+|KgZ!l0y5l#!7R_6bU4b3QXOHS3dNj>v9*QjF^y5OCKh&2nc&vAn;WpdgKs znIQ?^pZv3ANiTg;3?&wqyo@ZTIx)7ds>b5dX_?BInp_^}qdzCcklDOa9C4p$qWp<5 zyJe?Jhc#waWv-W{P`nktQX5)A{`sGje2x=i+}7Jwf8QD_t2#@MG3_6h{ZmQ2JgYLu zQC$AS7|}@3>64}7b`_6$E{X)nhHqptVcl^0wb0 zElE5%=FChyIp$i`^_vQIp?psqQ%aA)F%z=?%*in~1ssFh;#B7ohDzbG)EN%(e4@8< za?BsY=^gZYRnpB$6osvJgsE6cBMnk{v54168=5N%S77vp&g#W}wmh2I@|N#5_V zIzu4#(!ch0HsY=N>Fj9Q>f<8T+WPSc!liG4Ql&L!3uq=*OM9fEc$z9(vvwn_08AL0K9XyTt3nFhf<=C*yq@m zKVj*rZiAM)q_hswu zu9lz&noHRGWXZNaG3JuRqh{GlzI42cqn;*z zJegGSX_Mi*P51rXB@Yvy;M-fR`@F*pADNKNZXXD^7vmjwe^!%g4$eB$> zV*CT?9o`wDe=cE>?%03GDoU+d&pHBr$pyMIDb#_FlDg(2a-;|N(c&1x<3Gn>3e zUcszJ4$qbUWp#J5zHiF?+e>4{JeMp&yfIDEm;2LH(giwCNx>t$vxPO42 z_o~NywQZg}oaC72{jBPXwN=Xd!mMkMd@(*D8yseZ)&IF(9HF41!wSlukn3N(GeV5Mgja-i43bInF+)X4F@cfe}1?ic!c_bI_cafW)G zcx{?wC%jUr68fGMj}Gm?n+*+9Q}6R@CYF(%w+9J>B~BLd31zI-u|Y_b<^4 zW9+$rF|wFXEQ2whdk;pTZ+L)pD^|ZI^^!-%G@6<BkANCDbFX1xz((g(?ZT~S)prO`{21{DxpEwh5Dz{r1Wi} zBpz#qNLaE|lLdT}TI_q!R*h<6mF9Ro+aO?7W@p_e#S!QEc}~z4M$pNQ=p~r(>i$A~ zYLZ;x+_I&~yF+i5sJuD)G+Y=5Q^;E0Jx$cWs5MI_S$A-D2XcwEDe5DEji1a)wt)e7 zz$>F;R0H>{kKhcS>jqv}A?40NYCSc2^|VHx(6BMTyjK~za%1fX10*taQU>`|Xcw&*yIN)RgBwV-T0oKV0q6GMJu1cA&U&!vVMEG8+e{&_7$N~($7%OVa z=krF5Djdc+UPx9-rtbBs8~-%&&#StOEKhNoPLvZ3s=?5XZZep4G%Z~Ab) zdbl1gm=~~sb^)_p!YrBTIkhF869JcSdIS`Pj3Dj;3%Xg)MeHKWEWweF*s+|HV$7pa zIz(r2B_6D!Ti|tCg+^PeH_#`X9mhRt2Vab<>xYM^pEDCVA%;?DzekGJz<>01sALk+ zEuQVR3+J5b#aR@j!=sgGBuaIx3Flnl!*H!gmnH%Fi8`Pfq_u5x`fKfz%9xa@8ic3q zM|Pz6*fQGk!TQjrJ1{fIKes5J(&2b7>g3cJ@I|?_nUmpY6`ahdSuTRjnr$sc@^pz3 zs`Q*=W$dFtj>Hio2R2yi5Y_vXw$UmZS&lUgMKiMiN0!RyPJ7qV(Y3UIyFA9*W1^5F zm_1q2GYW7NtwEYIKDH_tL1q=U^Pmp;S*a`Ys_}u6;Tw3QPQQX#dQYBk(^YC`Fuvf* z<-r5yxS{GBzhMPf`axSh6BMh=meBF~bgF)Z)_Ib+kJY*dZ;cjiz$Wwy4(SD>vsB+{ z@ma$C3Y87kh6kxoqt9?`zKt;=^w}C5zJkv@D@5X=QJKwnhJY<%X*X2mI?k;|_J#Ec zXK}n=lxg0H=O4w$D@)k4^=RnwS}4^)qk?4bQQzn@r{ub~p3|a#k^K4h zE#NrD(bVO5ic@3b*f6Tg^gGWoj?~5}IQ+sWFAepW&wY9%mP(WbL|2%LvFUoxs8gAa ztu|0NsMeTN3$N8d3m&iXIm5=Mr%@L*;+Kh(<+E?74Gh3z=wKucbWJ;ur)WvWv})Td z+~;ob*1Yf*<)Ock_xUI0I!+F$$mvGNH_G75;d=3T)U&*8$;~NXaMJi7HKA=<9QCO= z2z>B6Ha%D+W{z<*jl;Xh7wCV8FzjGn=cr!@Korq-z@ zxX>d6X3*K(<82THA5-WMJqeclaIt$iItS0~WY%n!(!wE^71(8X#J> z%<=hVOAlUMtA9|MXU1qVkK+QB7EdJN6dEic-(`&Bc%G%VDUXritT@M8fLYUm^%%Xw z(*_qte4t10@$^V0a2lsIiLF9T2&B{sy|X}VLx#b-oDPU&qrcH!1!vXzjPsdo?tAgf$>I8P*zF0r$}wq&Lt3rC}Qv-gO`HpFtN|3)6qo8x+S0 zvdrMYo-M#OwV4s)EY0z72D;hoS`S8mzcP5=zF-h4+=8RA;S=Cd6RmHl!U5`Y0mV;qKfkZ%TS-h31<)wgztEsdf`}p?B6<#0V;z1T*Lv;IO4)qp(Q4p(W>wu@AX zy^XX63-l2>#9z(K`*`(|SY_L7j1686T8p*7XvLG-7z589-8y*8I|1B(YJ*myS1X=a zjb?PIp7#w_t(<6$+}IRohI4soGj11mFjmub5LbSc0NqWV}yQWBHQQ$Pr z@<++?gEP@kj0V2cbwMXn3#U<<2Sx`@Sg0rZp7*gvlIr{AD$T7!kB!@|?Y8~sLA%-o z_uC&gR=AJSX|e7y>!wx6QK;RLnR#UNP59g-@mv1^MiG5ZD{|h zWvprLc=Z8U)UK758ogiWc`;R?HIYGa-MrA_Hd1(k(xUx`m1;=~-x4_s-YwOP!7~DO zutDH%JQ>ikDHgn~)Au+Jg7PDetQUr2ztQ#i^u94@2lyR{&$*vS8EdjQ_v4ptz2)9e z6V!m7Ye^nco6$JdF;ELQs+8c=TZnApyv zztBJaxK6c|6Ty(KoN^7_FVncz>T|v1>*8=9Y|;YyYWW#?8f(auh>tqe#>ha*2OCI8 zJcaXvjBZdJ_{-4{4Vv4LwRWlSfks&_Dy$4#*PvMtXD=BKoXA?QlE4pr06)fB)ZR!; zPM@}Kr$*KbR$*f(b+LLgB1fyd?NgfZs$=u4)ji97Fziw7l3s`ZYlZ)OYO=Lx*+ENK z>qoMB7Q#4D0_OqOsyz$!HeBTs>=|qB(sp|W(Kqp&XFf4IgP!p0nzQ<9EmC@sS_R%2 zd2D(68Rv)3lz^;nku=%9Uz|T3{iB{io2K$@H0DgmGR~Pp&QjJ$y@ypp>#%H~L+ZCx zf$x2-dcZe&2~}>;`(T%mqwm<{NG^02bOB}X-Rr?VJ=^$Q9LmA|W7O(ZwtdSJ_3jCQ zl9q^;uzZjO%n_kls1sZ?2FoYwP*g6>7Kf-TQR(L-9?ALM(cNBDN3BU7k7taZ7bfr0!HvdLdd+CEv(0kDHq1uZBk6hzbny=Lobnk% zD9iphw1wvk&={k_OnJ51V_sq8ZAnIbij9E(g|bq;j7>qCDI4Dbl*}8n7OyZ~CB|Z$ z=oG(-SBqEZ%4(PWr>xpwF)vXo>ePOuV2>!+KHAax4J(Fz8h^+fi z{0r&TbKg{#3=B_#A6C}#=U~jcpn;Cy6{lA{YCj%9s0Xiy*GO$C;AO(f#4<2xeC61rQn@CaN&Ld5gN?F~1XgYCeo!SZER2 z;VFAntk0k`EDcIT_Jez{fiwdLa4p<}PJlPD$S8vmXGEZ+cosTyDE9_=6D8*du(EYAqc(e`m$j;uXiu#&>EIYgMCh#Y%x<=ykE(if?GXHy~gz?r{FON@JI= zBiZkfHfd7pN=LG@;}hvXpFHQ^eor(f3KH>Jo7`M98l7D&oijuhVsgW~}#U zE`5(agNtKI#squUOtENLVz}7{y@SdcsQuq-bRDGMzO3swoz(uIq-b68b+z!VMS1^O zINmyppin!{6C&@fUq&?-lnLoyWrU!4TI@T>i`2uR@&QKqU-SF zVeMtFQW=kiDDwefFPY=aE5i;(&&%OXqyfBPIgPGCpXOVF&=58gGO{Pce|auBPZVv7 zyl)wu&MleCL-nkwSl?K3P&2j$o@DGEw8{cqyCkKtIC+N{HQR33UTr~2jm|w~i=DM^ zxED{A=PN{~)T$rMHIUtPDhHW{T*QK5&cXb3p?+`DyW_$q$De@_>@w=!UZW6AXx)kj zmRgOSC{@{m^q^pKpv#N2tBrlewMA6qtR=q@ce6|9R!NfQ--2v;LT}~E7TR=;=qZ-_jPCz4<=)n- z+*lqvchd5_N`^ef67?J+`l}klSnZW9Cv7%M4zjCvvnc#vT_tBlBeA}91@)!7dS4Ff z6;N2SC?MLbXyGlPeY3=w&xsBgU0df+41PiDs!gI0_k{XO@Bg4gJdAzS20t@u<#+S` zBv3?ucJpq@?dE+>bWnab??Y-`izsTA&Pyw`oA>MCIcV?6lFzZ5*KPfy>PJUo4HZT} zU#@4$jcX=(KznaX;U(^`EWev~vua~^RH@y(JX2b)ZI*PsL-bW48aX#ypO+n6Zm*+v z^ZrE7W7l~X?;|-mQCt&WR2D=1-^IIG?PV7)l*%q%uE_M_J3M3U#i>8;+4L^nyOXim zxQlml(9Tfx?W*e)MX?_unkl`D7Y=z)GQMvfDMgjn=*@D}=G|hY#)aQfiFZIbE9K%Te~F8A|BAi`T#Q zzn8^#@y4CIQMa*k_j&2jS(2nPq@&oU`-r|r3X6MjV+&GS{UO=vrET;^?bIJD`>92` z7;E}B6{W4|M)kd%HO>CcTU6q-qPFy3%8Y<*XITfb#_;80fh-MH2J7;U1fYykHfWuw z(0i8AGjG){epqGqwu?*I!#rQw9=;{F*YOUGU%l|t-@S~t7TXFt}4Sa>H zT-(m&cPHMI?6v3ZWp*ciE>~mUQpuA1o|0o@Ia&-KrKHZXP`7vEUnC96F5GcYex}&2 zzMq9R;?7sk1zr@6(b&#jHB0mzvsXQ>PiVxZPM_uHG;@ZF5Q0%rZmm7*_j*(ql%$kV#2#RYfboO-3zKWG#+?CQ0lt7l0Qk?jU z9KG~y^OSm%UFOC4h8gaklm2E^!eSYV{|lz#U-5L-V+k`t?e zpPjh{SA1~HU|B(6-s#oCxLb|g(Otp{s~W7`#q}rq@bHM?ElXGTW4xmMV9Z2Ww@PQd z$Q?yJ!#`Iu2rqo_9~d47K1NV6+`y!mcH1@=8LC{@zcRXBG`MxL3G_ z8sp94+97)xsF!v#E~XPa&a6-2-^1&Uf6i;WU=ME^Sn`a#x#aBOccOb{qWIAs5?%Jq zwWsEuIZ!1R%L9dHtuFX=E>w-hrI52Ou$!Aab;W8Nry2)J+Dyp48fb!84WdkU4ekAw zsPQW04A71}1yjvfQ%oB?5T3>t^hk0$SXgRbrdnBtMWzx9ir&bImWZ8$^NGl3 zB+(nJJ1{0-BfZPI%O=^W=`Z2qV#GCxI+F`1$oJxJqmcidxYM~|9gw8{`>!~ z(hNK0-~noN^iEX;UBdXpco0??>O!wP;`PFS^%At?-9KR0{!7;JTZLoO8~cY@|AmUs zx^W%I8ijSybRE_-=(VG`_k}Tx;|AAllH@^>Lp_WRRO{6k=#?k9m#zg8*X#YK-a&Gf z#=$WT%)yY5j!22|4RK}tv>>zN>J@YzwTySqn95^hne7cfk?Jq+=S%&B@F4aN8nHoG zAsPg|+9lZ!7Fegkwqdmt3PeNO5<))kbh~Dnj&t)a!?;t7IHfkdZS6>j_LEyOfcc2! zxE?uIr6C)*XDxf8KC@;@-fZ~7cyycj-8~+tRZTv*oB*Yq#6SQydIO}n#-C_H# zMtq4TX6*<}5oa2okJv>DfIng?ptb1jPh}lz2V~Qsb(I?N)p}!s%Jn$1!=p((B0>&X z;1y7K9Q$GW3_ZkJr0tBDz+#L$A%_a{@J3b`VU&ruW=){~HC9U_&z1Bf8oX8jp4eTB zO;oA+7fY)Uvw>cKXJ|!}?qMgl3upN)tW>>3bN0rsOBtZ{#nE8L$3i__qxxb*z$Vp` zAFJ)C5pYRFZ~ByNGRLbB^MEEX=R*xdJ(wOD0cKZ3xD&y`+71*5P1Wmvu*eQcVvwO- zbd>iPfK%dS&>8$@9o8uOGQYNl@H95@#!x!@5{wOS#5-_>CBCE1J4G9tf`-Bd$AX|< z+C!ult)sXYmLcqdNV(2u&;HWmt+@~o{zt*F&QQ*S)!8BTZJnO-w&20 zcJyx9R@FOJymIr5KDq0@x$Ew^E3v6OU!A+|nY+%( zU2Ah!qz2C|$X&?|!}mqGYeVk3OYVA7?n>qqo;yX{f4FRZK9hfj>&o1f6=A;PAL5F| z&$TUgC9Z|9&Cn#W24 zB0Z2j-h)Ierg=P43$lm(yZO6bYQ$quRkw5~^1@NYarPH$Sr{zDXfv?$)mAYUC;QP{ zPoei9+L?}3LyC+G+Ky5jNrOy@JIlF`o#aT`G)Dq52RTJ7Wg2g`eXOP9!)(Wz$L-Nz z7C{s&JF2lA7%%qRdoCQUcPy;9+mdx&_;cs1eP4LVelKe7O3swtDxFulCeVJ&*M?UF z2^95o{u<_fdXk+C_UF)qMVT>@A~cH^1-?C4-qf- z?c3dJPtVlB$IWWha@0?ZUG#i8Pd?=g zlUx`hT>`yFi65hdn7?5mqQ{8wo+zA-7geFR(B|mcBh-$pP8nIGXVI3(XiL+5MGH`U zjCn$1`5EZ3OI%g2lF-Z02eQtQJEkz|xy_K(% zqXmh#io8dZ%ls02BOxqTytjlpyuSv{MDu}bc**Sq2eyBEbgssG1@9AlK%gVAlPz2H9u-x0i)(E&ykNph*+Yl72t%F>yFPYA9M zTrK#nU`3VA&=cG$_@&^(LzCpwf}4lw{5-*FI&G;-aPLT+%O#kg0~>XMQZiypl8hHj z6C5EpQZP?&vYIC-&4O12gLYLP1v?2Q3LY2yNib!C>J`ip94k0SaK7NK^lUTE7yu*fE#o0dtHHd zi8>+$9k0)q2qFc2RiEbx^9uy^0!9L86m$xD1RDfD7Caz$Sn!14NdY5PsqrcggTkop zq7h|u(|=pHis@v{rrHg8<~$gl`JAMCNXbUob(Ui*C1de(cPsZRwhLDGOvyJ(bmZ_% z=^1u)qqT{i^3Fzk=Gec5q-FL;3G*c5iEN8jJ@XoNQDN zZn$Gz(iUo)Dm{4E+kMh_y**BE)85zHf(_Ad?Wqox^ylTaD&QCaV|VsB&Bv4`<{;c1EKUCPNML#i?rgOjbZE6>Sn zoAYI79Xp-8(lY16U%bwi58>j<6%`e&xi)a)0Zn`!6g0{F#3a2;fLVICpg$(*B$<}^ zCh2kdjv0EN;C{hlg2x4zp-%~(7R=_HNc}fESre``$!9L0rL&VS9m(%C$!Ej&n&f9k z`TLc*@9Spy`yX=Of1dk3@bU#N#atSj5z+s4K-lTSJtFP?4 zX>T>P)s$n};D6Jk{r(CcDw-st4?JPb=$D%3?fUcO=Z{ywtegazNu4uAhrKGLxsHNO zJ~*2C;vYxir7e4=puO>#x3B%fz*Pfp8+4O4bDfjyK2;701ywfdMTv^!QSos9|15rb z4~2#}xj(aYt9(4+Z>P6Bf%AK%rlh6r<*F^Xd~3~@ui5+aH+}!(Pqtj}$hWqPc>3Ef zoVzUQ|O?Qz|!AAk0&i+{M!=ciR4^|6O;IChu&1|N9a#}9t@K_7Vi z{2jKOHfQw4&#(A<_2En2+&bu~su5>=_l~7c9==b@UYAV%)8ij#_`o$Yem?q=zu)}g z+OK{6#S4}_e|_6$2EV!ANpl)Ee_+ZH&o|t7!M~sXFIT;J#@t_3`bDoa;`KmxP`P!UDFj4&k7bkcbV;bkZ3KqN2H4M7A#rMr@Drn;-` zu1<)~U>F4*i~{0?m(D~ z`|aoMYW4T`t-6nM&pqedb8pqX)xEfSLB|8Dzvx}`(Ak9Xhm<)=kF&{-kF2knuzt(Z z*_S?&AMbEsbGN;&*Y7$0%B{(9J(i!nd47M^#ci|e!nvmH}Rthb2mKuWM=Nk zH-f(5O=;kRBM6)Mw~z;qAryL?0VSwZs;o>2xLB^@40$D=%KyK(C_A%^TqLEK^%V0E zUV2CUo$nsARZD~KeyZOrL&59Itfw5iULHR3nV0(POnu^;s<&?(zk0UP4FI)a1JD!L4BP_j0*t^10MY&iAf6Hi2>9<-EsxdjmnD{?c>N(& z3Yb{F&uM1(n`Y{gB0wS4MIm)<3bT5~@p^IEYIr9YqPCDru!sD9C7?=iV#v4euy;s0r&Elz?l@Tg zWruxzMxEI_?AcZO8;<5q9C~)zq|^^P-o9U$^j%t0(mwZVgL5yxcQNk%!B>1W@`)xx zH_L5ldw0LRZqaXkHt5pumF=d^yl8vbJD@T+J+t4Oc_S8d>^{jc>B)D$8#Au#)6xgi zzy90v-z0B)c+-m4mmMCsby)lr`t#?s#?e`c>=y zwCTiu^jKgzbLMsJa+ISAKyKx-MU`S3#G}ubGGe2{pP^mnTDsOHJ%voz{>eM6AdGK z%q&>7#xZvs^V?OdU9Gya!M+5d1<0zH0Jx%fZ_@{RgdB`8Xay=kh#J)2FxV|odHjU z6f`kWWg@GV0=3NTsd6(}s+MFEQ{57Cihi-eBYRYj6l6*zj|G7c`HJwpQf^L!oT2Z0ME_|sVk0!Y# zPXNS`86s35BQz)!6ssiSdMw)Mh_o|LYbSKZswAHj5W_0aMao23R%(KpS^|<7MNcBt z5PMXogxd}&zyeYwc=I`th6}NVOVrFz3-gBpekG_YG|DDm2}I@@R06h0K6*PVpb?lu zwJ3*pWgaMmgi=1%cK;ZgHP=>}m6a_k71SJ7>5*iYnOUQF09EFOfruJq>A{dFliYP0 z*#*Vf<)yYfTdA!m$HvQo<+hcwmYG?ZTk>fVAZ2Ls!@Zbp#Ig*DI7J@|`X#5QvX&`6 z-VAD!TBEQEupTzKY7cls^uV!FtrbSVDrK>X3zlN7CHbHu%PdhcSD8($Bvc`LoO)JB zpEqbU*PkjOzC`o{5|ffNBgH*vuHDL+fG9|v5Qs12tpIn>pl<01nIytMNed(k$N@Uh zlCPl^U5L6O^lL8EyyDVAt3%g`#+fYFhOLw7)&PFWFp+YtMdkTL4%=v3Dfca4fTZd1RWVhpkYU=I;c`tjI}ME@mn82JdUG|a z@Sq{h4URY%QeA{yO+twzt7fv1tihx#V|*U($81Ck+qRbJj2GuPY>slfqcp#0v@v{G zgStR?4ImSFf{>*VvKEZS&3~!gYK)H$OEHUjGkoK9>M9wVV;@2#xSeLPww16LTdN=D z3u=G2+PwS{yJbjbt7P(Qwq`QyI{X(E7ui@M+)EPj$6qgJj8s`7dAy2RxbGyRu}Hzt zsJdyC^VO1koBe;pQy?=p7K~jc>Kl|(ma520kxOeHh)mp%R7l#;5zfh7f;Om#PN(FD zcjWa^UDq@z8}}YH@LCva10c_!SvY3$CY(cb9U`jrEzOOIen0bywaia_k}BplOx``> z>QNt=E5xfAD!Dwc+T2PM(_J6jUbsID<1I&z5ks;{{w3VQNcg5^S&0mK7>prBae*yr znpPe?P+>}iDuQ^VW;*Adr#xCQCSE%Y1n~X3FBV-cJ~%?wPQ|B6GoYvD(O37!+znVA z=r!5n9k%k4@!19WIW+u)yA@Ya%S@&D6RgM_ohw4wY&2SFqTq{Iho_SHr2uafjhp1X zDj{ghOQfKx=>YQuiX`hIg^^j1M~5(=67o9!faHXO!|=zlB^5=lBFO~>0fvI)u3~gY z(+fVM04W~?6v7xFx~fH=iWvh*o5i{b=(;PPMT7^O@GOtAws42C2a`k^z^>)BIAxy5 zM@RC5q}{O9(6ps8{9%(G-c?g1p5mHw)#%ucF zo-Eg9=egqHo}!}D5MQ1Kg;8Q^dQ4hrPO4VKVm4b+W6PE1q({;+EU7KZWkk|aGcsb* z>|?B!F@@F~mPq2I6U8UjCZX;WvpF>*GbXcD=NYw|m}O|HiCvY&o)f7nGyQ65(R|?A z5{nTR=2tN_m)fWG$6i_BP2e!l{^!_p3k(IafMLL7U<&Xg@G`I)_#8L|)DOU(X`piw zo}mI42jMv@&>Ocxw*eAR3H%eV2{;a1jK1Az{h~2CTk99+qqDVs5ksK$N?T8fAwbIk zks~IhbpkOdF=b-7j!B8BCx$>9FCt9h(KDW58*oEP&l1{eJ2!+rq>t`{1z`v<75Fu< z3itr{7P!NVB?iEmEC?<@0xE$jzzui+Kd=~h3wRsY4txpF^5$JYpH$ERl7SSUjjaE- zv&BfVbs5KG`#u-nM@iqO%-2!MY^xA;T`$G<9MXNa7WyZBOv!-mfyKacKq?-Or2%=s zXrLUJ18fAaoFk+IK42cO4)_$XWMO|k@F>s#oC10c6NIrq0Z<4W1&#q1zehXTSf(+W z^bdb=_J59@7=grCMohE8fT0Ip4(s;Vy*Re0+8(PiX7L-Bp>g>gWfej>Ebh?^z!`+I%17&=n`UB|jk^}hU{VZDac(WD(e zdgc6|5I{SFp*#6wU5C^ssUK>6FscbL9;J;JQN@2c{a+;keeOr|zz%(cyBa=7W(~(i z^lgai^s|QQc6ZNT+MyrNzX3ZPXyZgz3?U{1=80JEkmILa*?whv*VXYG*`f}K?Jv=2 z5}k^CDe=>U8-(m|n+nMWVB)CdSEEYx=$feU3jtN2%wrFZ^H@UEB z(|b zdIOuGM*3w4I-?Dj^y><=cc1b#$7KFLS~I7A(kkR{Diz>8bo$+rT -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -using namespace KeychainCore; - - -// -// The default form of a prompt selector -// -const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR ACL::defaultSelector = { - CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, 0 -}; - - -// -// Create an ACL object from the result of a CSSM ACL query -// -ACL::ACL(Access &acc, const AclEntryInfo &info, CssmAllocator &alloc) - : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL) -{ - // parse the subject - parse(info.proto().subject()); - - // fill in AclEntryInfo layer information - const AclEntryPrototype &proto = info.proto(); - mAuthorizations = proto.authorization(); - mDelegate = proto.delegate(); - mEntryTag = proto.tag(); - - // take CSSM entry handle from info layer - mCssmHandle = info.handle(); -} - -ACL::ACL(Access &acc, const AclOwnerPrototype &owner, CssmAllocator &alloc) - : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL) -{ - // parse subject - parse(owner.subject()); - - // for an owner "entry", the next-layer information is fixed (and fake) - mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_CHANGE_ACL); - mDelegate = owner.delegate(); - mEntryTag[0] = '\0'; - - // use fixed (fake) entry handle - mCssmHandle = ownerHandle; -} - - -// -// Create a new ACL that authorizes anyone to do anything. -// This constructor produces a "pure" ANY ACL, without descriptor or selector. -// To generate a "standard" form of ANY, use the appListForm constructor below, -// then change its form to allowAnyForm. -// -ACL::ACL(Access &acc, CssmAllocator &alloc) - : allocator(alloc), access(acc), mSubjectForm(NULL) -{ - mState = inserted; // new - mForm = allowAllForm; // everybody - mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything - mDelegate = false; - - //mPromptDescription stays empty - mPromptSelector = defaultSelector; - - // randomize the CSSM handle - UniformRandomBlobs().random(mCssmHandle); -} - - -// -// Create a new ACL in standard form. -// As created, it authorizes all activities. -// -ACL::ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector, - CssmAllocator &alloc) - : allocator(alloc), access(acc), mSubjectForm(NULL) -{ - mState = inserted; // new - mForm = appListForm; - mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything - mDelegate = false; - - mPromptDescription = description; - mPromptSelector = promptSelector; - - // randomize the CSSM handle - UniformRandomBlobs().random(mCssmHandle); -} - - -// -// Destroy an ACL -// -ACL::~ACL() throw() -{ - // release subject form (if any) - chunkFree(mSubjectForm, allocator); -} - - -// -// Does this ACL authorize a particular right? -// -bool ACL::authorizes(AclAuthorization right) const -{ - return mAuthorizations.find(right) != mAuthorizations.end() - || mAuthorizations.find(CSSM_ACL_AUTHORIZATION_ANY) != mAuthorizations.end() - || mAuthorizations.empty(); -} - - -// -// Add an application to the trusted-app list of this ACL. -// Will fail unless this is a standard "simple" form ACL. -// -void ACL::addApplication(TrustedApplication *app) -{ - switch (mForm) { - case appListForm: // simple... - mAppList.push_back(app); - modify(); - break; - case allowAllForm: // hmm... - if (!mPromptDescription.empty()) { - // verbose "any" form (has description, "any" override) - mAppList.push_back(app); - modify(); - break; - } - // pure "any" form without description. Cannot convert to appListForm - default: - MacOSError::throwMe(errSecACLNotSimple); - } -} - - -// -// Mark an ACL as modified. -// -void ACL::modify() -{ - if (mState == unchanged) { - secdebug("SecAccess", "ACL %p marked modified", this); - mState = modified; - } -} - - -// -// Mark an ACL as "removed" -// Removed ACLs have no valid contents (they are invalid on their face). -// When "updated" to the originating item, they will cause the corresponding -// ACL entry to be deleted. Otherwise, they are irrelevant. -// Note: Removing an ACL does not actually remove it from its Access's map. -// -void ACL::remove() -{ - mAppList.clear(); - mForm = invalidForm; - mState = deleted; -} - - -// -// Produce CSSM-layer form (ACL prototype) copies of our content. -// Note that the result is chunk-allocated, and becomes the responsibility -// of the caller. -// -void ACL::copyAclEntry(AclEntryPrototype &proto, CssmAllocator &alloc) -{ - proto.clearPod(); // preset - - // carefully copy the subject - makeSubject(); - assert(mSubjectForm); - proto = AclEntryPrototype(*mSubjectForm, mDelegate); // shares subject - ChunkCopyWalker w(alloc); - walk(w, proto.subject()); // copy subject in-place - - // the rest of a prototype - assert(mEntryTag.size() <= CSSM_MODULE_STRING_SIZE); // no kidding - strcpy(proto.tag(), mEntryTag.c_str()); - AuthorizationGroup tags(mAuthorizations, allocator); - proto.authorization() = tags; -} - -void ACL::copyAclOwner(AclOwnerPrototype &proto, CssmAllocator &alloc) -{ - proto.clearPod(); - - makeSubject(); - assert(mSubjectForm); - proto = AclOwnerPrototype(*mSubjectForm, mDelegate); // shares subject - ChunkCopyWalker w(alloc); - walk(w, proto.subject()); // copy subject in-place -} - - -// -// (Re)place this ACL's setting into the AclBearer specified. -// If update, assume this is an update operation and the ACL was -// originally derived from this object; specifically, assume the -// CSSM handle is valid. If not update, assume this is a different -// object that has no related ACL entry (yet). -// -void ACL::setAccess(AclBearer &target, bool update, - const AccessCredentials *cred) -{ - // determine what action we need to perform - State action = state(); - if (!update) - action = (action == deleted) ? unchanged : inserted; - - // the owner acl (pseudo) "entry" is a special case - if (isOwner()) { - switch (action) { - case unchanged: - secdebug("SecAccess", "ACL %p owner unchanged", this); - return; - case inserted: // means modify the initial owner - case modified: - { - secdebug("SecAccess", "ACL %p owner modified", this); - makeSubject(); - assert(mSubjectForm); - AclOwnerPrototype proto(*mSubjectForm, mDelegate); - target.changeOwner(proto, cred); - return; - } - default: - assert(false); - return; - } - } - - // simple cases - switch (action) { - case unchanged: // ignore - secdebug("SecAccess", "ACL %p handle 0x%lx unchanged", this, entryHandle()); - return; - case deleted: // delete - secdebug("SecAccess", "ACL %p handle 0x%lx deleted", this, entryHandle()); - target.deleteAcl(entryHandle(), cred); - return; - default: - break; - } - - // build the byzantine data structures that CSSM loves so much - makeSubject(); - assert(mSubjectForm); - AclEntryPrototype proto(*mSubjectForm, mDelegate); - assert(mEntryTag.size() <= CSSM_MODULE_STRING_SIZE); // no kidding - strcpy(proto.tag(), mEntryTag.c_str()); - AutoAuthorizationGroup tags(mAuthorizations, allocator); - proto.authorization() = tags; - AclEntryInput input(proto); - switch (action) { - case inserted: // insert - secdebug("SecAccess", "ACL %p inserted", this); - target.addAcl(input, cred); - break; - case modified: // update - secdebug("SecAccess", "ACL %p handle 0x%lx modified", this, entryHandle()); - target.changeAcl(entryHandle(), input, cred); - break; - default: - assert(false); - } -} - - -// -// Parse an AclEntryPrototype (presumably from a CSSM "Get" ACL operation -// into internal form. -// -void ACL::parse(const TypedList &subject) -{ - try { - switch (subject.type()) { - case CSSM_ACL_SUBJECT_TYPE_ANY: - // subsume an "any" as a standard form - mForm = allowAllForm; - return; - case CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT: - // pure keychain prompt - interpret as applist form with no apps - parsePrompt(subject); - mForm = appListForm; - return; - case CSSM_ACL_SUBJECT_TYPE_THRESHOLD: - { - // app-list format: THRESHOLD(1, n): sign(1), ..., sign(n), PROMPT - if (subject[1] != 1) - throw ParseError(); - uint32 count = subject[2]; - - // parse final (PROMPT) element - TypedList &end = subject[count + 2]; // last choice - if (end.type() != CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT) - throw ParseError(); // not PROMPT at end - parsePrompt(end); - - // check for leading ANY - TypedList &first = subject[3]; - if (first.type() == CSSM_ACL_SUBJECT_TYPE_ANY) { - mForm = allowAllForm; - return; - } - - // parse other (SIGN) elements - for (uint32 n = 0; n < count - 1; n++) - mAppList.push_back(new TrustedApplication(subject[n + 3])); - } - mForm = appListForm; - return; - default: - mForm = customForm; - mSubjectForm = chunkCopy(&subject); - return; - } - } catch (const ParseError &) { - secdebug("SecAccess", "acl compile failed; marking custom"); - mForm = customForm; - mAppList.clear(); - } -} - -void ACL::parsePrompt(const TypedList &subject) -{ - assert(subject.length() == 3); - mPromptSelector = - *subject[1].data().interpretedAs(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - mPromptDescription = subject[2].toString(); -} - - -// -// Take this ACL and produce its meaning as a CSSM ACL subject in mSubjectForm -// -void ACL::makeSubject() -{ - switch (form()) { - case allowAllForm: - chunkFree(mSubjectForm, allocator); // release previous - if (mPromptDescription.empty()) { - // no description -> pure ANY - mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY); - } else { - // have description -> threshold(1 of 2) of { ANY, PROMPT } - mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, - new(allocator) ListElement(1), - new(allocator) ListElement(2)); - *mSubjectForm += new(allocator) ListElement(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); - TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)), - new(allocator) ListElement(allocator, mPromptDescription)); - *mSubjectForm += new(allocator) ListElement(prompt); - } - return; - case appListForm: { - // threshold(1 of n+1) of { app1, ..., appn, PROMPT } - chunkFree(mSubjectForm, allocator); // release previous - uint32 appCount = mAppList.size(); - mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, - new(allocator) ListElement(1), - new(allocator) ListElement(appCount + 1)); - for (uint32 n = 0; n < appCount; n++) - *mSubjectForm += - new(allocator) ListElement(mAppList[n]->makeSubject(allocator)); - TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)), - new(allocator) ListElement(allocator, mPromptDescription)); - *mSubjectForm += new(allocator) ListElement(prompt); - } - return; - case customForm: - assert(mSubjectForm); // already set; keep it - return; - default: - assert(false); // unexpected - } -} diff --git a/Keychain/ACL.h b/Keychain/ACL.h deleted file mode 100644 index 48de787f..00000000 --- a/Keychain/ACL.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// ACL.h - ACL control wrappers -// -#ifndef _SECURITY_ACL_H_ -#define _SECURITY_ACL_H_ - -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace KeychainCore { - -using CssmClient::AclBearer; - -class Access; -class TrustedApplication; - - -// -// An ACL Entry for an Access object -// -class ACL : public SecCFObject { - NOCOPY(ACL) -public: - SECCFFUNCTIONS(ACL, SecACLRef, errSecInvalidItemRef) - - // create from CSSM layer ACL entry - ACL(Access &acc, const AclEntryInfo &info, - CssmAllocator &alloc = CssmAllocator::standard()); - // create from CSSM layer owner prototype - ACL(Access &acc, const AclOwnerPrototype &owner, - CssmAllocator &alloc = CssmAllocator::standard()); - // create an "any" ACL - ACL(Access &acc, CssmAllocator &alloc = CssmAllocator::standard()); - // create from "standard form" arguments (with empty application list) - ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector, - CssmAllocator &alloc = CssmAllocator::standard()); - virtual ~ACL() throw(); - - CssmAllocator &allocator; - - enum State { - unchanged, // unchanged from source - inserted, // new - modified, // was changed (replace) - deleted // was deleted (now invalid) - }; - State state() const { return mState; } - - enum Form { - invalidForm, // invalid - customForm, // not a recognized format (but valid) - allowAllForm, // indiscriminate - appListForm // list of apps + prompt confirm - }; - Form form() const { return mForm; } - void form(Form f) { mForm = f; } - - Access &access; // we belong to this Access - -public: - AclAuthorizationSet &authorizations() { return mAuthorizations; } - bool authorizes(AclAuthorization right) const; - void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth) - { mAuthorizations.clear(); mAuthorizations.insert(auth); } - - typedef vector< SecPointer > ApplicationList; - ApplicationList &applications() - { assert(form() == appListForm); return mAppList; } - void addApplication(TrustedApplication *app); - - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector() { return mPromptSelector; } - string &promptDescription() { return mPromptDescription; } - - CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; } - - static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; // pseudo-handle for owner ACL - bool isOwner() const { return mCssmHandle == ownerHandle; } - void makeOwner() { mCssmHandle = ownerHandle; } - - void modify(); // mark modified (update on commit) - void remove(); // mark removed (delete on commit) - - // produce chunk copies of CSSM forms; caller takes ownership - void copyAclEntry(AclEntryPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard()); - void copyAclOwner(AclOwnerPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard()); - -public: - void setAccess(AclBearer &target, bool update = false, - const AccessCredentials *cred = NULL); - -public: - struct ParseError { }; - -public: - static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector; - -private: - void parse(const TypedList &subject); - void parsePrompt(const TypedList &subject); - void makeSubject(); - void clearSubjects(Form newForm); - -private: - State mState; // change state - Form mForm; // format type - - // AclEntryPrototype fields (minus subject, which is virtually constructed) - CSSM_ACL_HANDLE mCssmHandle; // CSSM entry handle (for updates) - string mEntryTag; // CSSM entry tag (64 bytes or so, they say) - bool mDelegate; // CSSM delegate flag - AclAuthorizationSet mAuthorizations; // rights for this ACL entry - - // composite AclEntryPrototype (constructed when needed) - TypedList *mSubjectForm; - - // following values valid only if form() == appListForm - ApplicationList mAppList; // list of trusted applications - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; // selector field of PROMPT subject - string mPromptDescription; // description field of PROMPT subject -}; - - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_ACL_H_ diff --git a/Keychain/Access.cpp b/Keychain/Access.cpp deleted file mode 100644 index 54bea152..00000000 --- a/Keychain/Access.cpp +++ /dev/null @@ -1,347 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Access.cpp -// -#include -#include -#include "SecBridge.h" -#include -#include -#include -#include - -using namespace KeychainCore; -using namespace CssmClient; - - -// -// Create a completely open Access (anyone can do anything) -// Note that this means anyone can *change* the ACL at will, too. -// These ACL entries contain no descriptor names. -// -Access::Access() -{ - SecPointer owner = new ACL(*this); - owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL); - addOwner(owner); - - SecPointer any = new ACL(*this); - add(any); -} - - -// -// Create a default Access object. -// This construct an Access with "default form", whatever that happens to be -// in this release. -// -Access::Access(const string &descriptor, const ACL::ApplicationList &trusted) -{ - makeStandard(descriptor, trusted); -} - -Access::Access(const string &descriptor) -{ - ACL::ApplicationList trusted; - trusted.push_back(new TrustedApplication); - makeStandard(descriptor, trusted); -} - -Access::Access(const string &descriptor, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights) -{ - makeStandard(descriptor, trusted, limitedRights, freeRights); -} - -void Access::makeStandard(const string &descriptor, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights) -{ - // owner "entry" - SecPointer owner = new ACL(*this, descriptor, ACL::defaultSelector); - owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL); - addOwner(owner); - - // unlimited entry - SecPointer unlimited = new ACL(*this, descriptor, ACL::defaultSelector); - if (freeRights.empty()) { - unlimited->authorizations().clear(); - unlimited->authorizations().insert(CSSM_ACL_AUTHORIZATION_ENCRYPT); - } else - unlimited->authorizations() = freeRights; - unlimited->form(ACL::allowAllForm); - add(unlimited); - - // limited entry - SecPointer limited = new ACL(*this, descriptor, ACL::defaultSelector); - if (limitedRights.empty()) { - limited->authorizations().clear(); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_DECRYPT); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_SIGN); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_MAC); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_DERIVE); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR); - limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED); - } else - limited->authorizations() = limitedRights; - limited->applications() = trusted; - add(limited); -} - - -// -// Create an Access object whose initial value is taken -// from a CSSM ACL bearing object. -// -Access::Access(AclBearer &source) -{ - // retrieve and set - AutoAclOwnerPrototype owner; - source.getOwner(owner); - AutoAclEntryInfoList acls; - source.getAcl(acls); - compile(*owner, acls.count(), acls.entries()); -} - - -// -// Create an Access object from CSSM-layer access controls -// -Access::Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls) -{ - compile(owner, aclCount, acls); -} - - -Access::~Access() throw() -{ -} - - -// Convert a SecPointer to a SecACLRef. -static SecACLRef -convert(const SecPointer &acl) -{ - return *acl; -} - -// -// Return all ACL components in a newly-made CFArray. -// -CFArrayRef Access::copySecACLs() const -{ - return makeCFArray(convert, mAcls); -} - -CFArrayRef Access::copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const -{ - list choices; - for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) - if (it->second->authorizes(action)) - choices.push_back(it->second); - return choices.empty() ? NULL : makeCFArray(convert, choices); -} - - -// -// Enter the complete access configuration into a AclBearer. -// If update, skip any part marked unchanged. (If not update, skip -// any part marked deleted.) -// -void Access::setAccess(AclBearer &target, bool update /* = false */) -{ - AclFactory factory; - editAccess(target, update, factory.promptCred()); -} - -void Access::setAccess(AclBearer &target, Maker &maker) -{ - // remove initial-setup ACL - target.deleteAcl(Maker::creationEntryTag, maker.cred()); - - // insert our own ACL entries - editAccess(target, false, maker.cred()); -} - -void Access::editAccess(AclBearer &target, bool update, const AccessCredentials *cred) -{ - assert(mAcls[ownerHandle]); // have owner - - // apply all non-owner ACLs first - for (Map::iterator it = mAcls.begin(); it != mAcls.end(); it++) - if (!it->second->isOwner()) - it->second->setAccess(target, update, cred); - - // finally, apply owner - mAcls[ownerHandle]->setAccess(target, update, cred); -} - - -// -// A convenience function to add one application to a standard ("simple") form -// ACL entry. This will only work if -// -- there is exactly one ACL entry authorizing the right -// -- that entry is in simple form -// -void Access::addApplicationToRight(AclAuthorization right, TrustedApplication *app) -{ - vector acls; - findAclsForRight(right, acls); - if (acls.size() != 1) - MacOSError::throwMe(errSecACLNotSimple); // let's not guess here... - (*acls.begin())->addApplication(app); -} - - -// -// Yield new (copied) CSSM level owner and acls values, presumably -// for use at CSSM layer operations. -// Caller is responsible for releasing the beasties when done. -// -void Access::copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &ownerResult, - uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &aclsResult) -{ - CssmAllocator& alloc = CssmAllocator::standard(); - int count = mAcls.size() - 1; // one will be owner, others are acls - AclOwnerPrototype owner; - CssmAutoPtr acls = new(alloc) AclEntryInfo[count]; - AclEntryInfo *aclp = acls; // -> next unfilled acl element - for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) { - SecPointer acl = it->second; - if (acl->isOwner()) { - acl->copyAclOwner(owner, alloc); - } else { - aclp->handle() = acl->entryHandle(); - acl->copyAclEntry(*aclp, alloc); - ++aclp; - } - } - assert((aclp - acls) == count); // all ACL elements filled - - // commit output - ownerResult = new(alloc) AclOwnerPrototype(owner); - aclCount = count; - aclsResult = acls.release(); -} - - -// -// Retrieve the description from a randomly chosen ACL within this Access. -// In the conventional case where all ACLs have the same descriptor, this -// is deterministic. But you have been warned. -// -string Access::promptDescription() const -{ - for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) { - ACL *acl = it->second; - switch (acl->form()) { - case ACL::allowAllForm: - case ACL::appListForm: - { - string descr = acl->promptDescription(); - if (!descr.empty()) - return descr; - } - default: - break; - } - } - // couldn't find suitable ACL (no description anywhere) - CssmError::throwMe(errSecACLNotSimple); -} - - -// -// Add a new ACL to the resident set. The ACL must have been -// newly made for this Access. -// -void Access::add(ACL *newAcl) -{ - if (&newAcl->access != this) - MacOSError::throwMe(paramErr); - assert(!mAcls[newAcl->entryHandle()]); - mAcls[newAcl->entryHandle()] = newAcl; -} - - -// -// Add the owner ACL to the resident set. The ACL must have been -// newly made for this Access. -// Since an Access must have exactly one owner ACL, this call -// should only be made (exactly once) for a newly created Access. -// -void Access::addOwner(ACL *newAcl) -{ - newAcl->makeOwner(); - assert(mAcls.find(ownerHandle) == mAcls.end()); // no owner yet - add(newAcl); -} - - -// -// Compile a set of ACL entries and owner into internal form. -// -void Access::compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls) -{ - // add owner acl - mAcls[ownerHandle] = new ACL(*this, AclOwnerPrototype::overlay(owner)); - - // add acl entries - const AclEntryInfo *acl = AclEntryInfo::overlay(acls); - for (uint32 n = 0; n < aclCount; n++) { - secdebug("SecAccess", "%p compiling entry %ld", this, acl[n].handle()); - mAcls[acl[n].handle()] = new ACL(*this, acl[n]); - } - secdebug("SecAccess", "%p %ld entries compiled", this, mAcls.size()); -} - - -// -// Creation helper objects -// -const char Access::Maker::creationEntryTag[] = "___setup___"; - -Access::Maker::Maker(CssmAllocator &alloc) - : allocator(alloc), mKey(alloc), mCreds(allocator) -{ - // generate random key - mKey.malloc(keySize); - UniformRandomBlobs().random(mKey.get()); - - // create entry info for resource creation - mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(allocator) ListElement(mKey.get()))); - mInput.proto().tag(creationEntryTag); - - // create credential sample for access - mCreds += TypedList(allocator, CSSM_SAMPLE_TYPE_PASSWORD, new(allocator) ListElement(mKey.get())); -} - -void Access::Maker::initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds) -{ - //@@@ make up ctx.entry-info - ctx.input() = mInput; - ctx.credentials(creds); -} - -const AccessCredentials *Access::Maker::cred() -{ - return &mCreds; -} diff --git a/Keychain/Access.h b/Keychain/Access.h deleted file mode 100644 index ca2acd7b..00000000 --- a/Keychain/Access.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Access.h - Access control wrappers -// -#ifndef _SECURITY_ACCESS_H_ -#define _SECURITY_ACCESS_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace KeychainCore { - -using CssmClient::AclBearer; - - -class Access : public SecCFObject { - NOCOPY(Access) -public: - SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef) - - class Maker { - NOCOPY(Maker) - static const size_t keySize = 16; // number of (random) bytes - friend class Access; - public: - Maker(CssmAllocator &alloc = CssmAllocator::standard()); - - void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); - const AccessCredentials *cred(); - - TrackingAllocator allocator; - - static const char creationEntryTag[]; - - private: - CssmAutoData mKey; - AclEntryInput mInput; - AutoCredentials mCreds; - }; - -public: - // make default forms - Access(const string &description); - Access(const string &description, const ACL::ApplicationList &trusted); - Access(const string &description, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights); - - // make a completely open Access (anyone can do anything) - Access(); - - // retrieve from an existing AclBearer - Access(AclBearer &source); - - // make from CSSM layer information (presumably retrieved by caller) - Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); - virtual ~Access() throw(); - -public: - CFArrayRef copySecACLs() const; - CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; - - void add(ACL *newAcl); - void addOwner(ACL *newOwnerAcl); - - void setAccess(AclBearer &target, bool update = false); - void setAccess(AclBearer &target, Maker &maker); - - template - void findAclsForRight(AclAuthorization right, Container &cont) - { - cont.clear(); - for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) - if (it->second->authorizes(right)) - cont.push_back(it->second); - } - - std::string promptDescription() const; // from any one of the ACLs contained - - void addApplicationToRight(AclAuthorization right, TrustedApplication *app); - - void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner, - uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls); - -protected: - void makeStandard(const string &description, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights = AclAuthorizationSet(), - const AclAuthorizationSet &freeRights = AclAuthorizationSet()); - void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); - - void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); - -private: - static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; - typedef map > Map; - - Map mAcls; // set of ACL entries -}; - - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_ACCESS_H_ diff --git a/Keychain/CCallbackMgr.cp b/Keychain/CCallbackMgr.cp deleted file mode 100644 index 6e549b35..00000000 --- a/Keychain/CCallbackMgr.cp +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: CCallbackMgr.cp - - Contains: Code that communicates with processes that install a callback - with the Keychain Manager to receive keychain events. - -*/ - -#include "CCallbackMgr.h" - -#include -#include - -#include -#include "Globals.h" -#include -#include -//#include - -using namespace KeychainCore; -using namespace CssmClient; - -#pragma mark ÑÑÑÑ CallbackInfo ÑÑÑÑ - -CallbackInfo::CallbackInfo() : mCallback(NULL),mEventMask(0),mContext(NULL) -{ -} - -CallbackInfo::CallbackInfo(SecKeychainCallback inCallbackFunction, - SecKeychainEventMask inEventMask, void *inContext) - : mCallback(inCallbackFunction), mEventMask(inEventMask), mContext(inContext) -{ -} - -CallbackInfo::~CallbackInfo() -{ -} - -bool CallbackInfo::operator==(const CallbackInfo& other) const -{ - return mCallback==other.mCallback; -} - -bool CallbackInfo::operator!=(const CallbackInfo& other) const -{ - return !(*this==other); -} - - -#pragma mark ÑÑÑÑ CCallbackMgr ÑÑÑÑ - -CCallbackMgr *CCallbackMgr::mCCallbackMgr; - -CCallbackMgr::CCallbackMgr() : - // register for receiving Keychain events via CF - Observer(Listener::databaseNotifications, Listener::allEvents) -{ -} - -CCallbackMgr::~CCallbackMgr() -{ -} - -CCallbackMgr& CCallbackMgr::Instance() -{ - if (!mCCallbackMgr) - mCCallbackMgr = new CCallbackMgr(); - - return *mCCallbackMgr; -} - -void CCallbackMgr::AddCallback( SecKeychainCallback inCallbackFunction, - SecKeychainEventMask inEventMask, - void* inContext) - -{ - CallbackInfo info( inCallbackFunction, inEventMask, inContext ); - CallbackInfo existingInfo; - - - CallbackInfoListIterator ix = find( CCallbackMgr::Instance().mEventCallbacks.begin(), - CCallbackMgr::Instance().mEventCallbacks.end(), info ); - - // make sure it is not already there - if ( ix!=CCallbackMgr::Instance().mEventCallbacks.end() ) - { - // It's already there. This could mean that the old process died unexpectedly, - // so we need to validate the process ID of the existing callback. - // On Mac OS X this list is per process so this is always a duplicate - MacOSError::throwMe(errSecDuplicateCallback); - } - - CCallbackMgr::Instance().mEventCallbacks.push_back(info); -} - - -class Predicate -{ - SecKeychainCallback mCallbackFunction; -public: - Predicate(SecKeychainCallback inCallbackFunction) : mCallbackFunction(inCallbackFunction) {} - bool operator()(const CallbackInfo &cbInfo) { return cbInfo.mCallback == mCallbackFunction; } -}; - -void CCallbackMgr::RemoveCallback(SecKeychainCallback inCallbackFunction) -{ - size_t oldSize = CCallbackMgr::Instance().mEventCallbacks.size(); - Predicate predicate(inCallbackFunction); - CCallbackMgr::Instance().mEventCallbacks.remove_if(predicate); - - if (oldSize == CCallbackMgr::Instance().mEventCallbacks.size()) - MacOSError::throwMe(errSecInvalidCallback); -} - -void CCallbackMgr::AlertClients(const list &eventCallbacks, - SecKeychainEvent inEvent, - pid_t inPid, - const Keychain &inKeychain, - const Item &inItem) -{ - secdebug("kcnotify", "dispatch event %ld pid %d keychain %p item %p", - inEvent, inPid, &inKeychain, !!inItem ? &*inItem : NULL); - - // Iterate through callbacks, looking for those registered for inEvent - const SecKeychainEventMask theMask = 1U << inEvent; - - for (ConstCallbackInfoListIterator ix = eventCallbacks.begin(); ix != eventCallbacks.end(); ++ix) - { - if (!(ix->mEventMask & theMask)) - continue; - - SecKeychainCallbackInfo cbInfo; - cbInfo.version = 0; // @@@ kKeychainAPIVersion; - cbInfo.item = inItem ? inItem->handle() : 0; - cbInfo.keychain = inKeychain ? inKeychain->handle() : 0; - cbInfo.pid = inPid; - - ix->mCallback(inEvent, &cbInfo, ix->mContext); - if (cbInfo.item) CFRelease(cbInfo.item); - if (cbInfo.keychain) CFRelease(cbInfo.keychain); - } -} - -/*********************************************************************************** -* Event() - Overriden function of the KCEventObserver object. -* Each instance of KeychainCore will receive events from CF -* that was initiated by another KeychainCore instance that -* triggered the event. -* -* We care about which KeychainCore posted the event: -* Example (KCDeleteItem event): -* If it was 'us', we don't do anything; we already processed the event. -* If it wasn't 'us', we should remove our cached reference to the item that was deleted. -* -***********************************************************************************/ -void CCallbackMgr::Event(Listener::Domain domain, Listener::Event whichEvent, NameValueDictionary &dictionary) -{ - // Decode from userInfo the event type, 'keychain' CFDict, and 'item' CFDict - SecKeychainEvent thisEvent = whichEvent; - - pid_t thisPid; - const NameValuePair* pidRef = dictionary.FindByName(PID_KEY); - if (pidRef == 0) - { - thisPid = 0; - } - else - { - thisPid = *reinterpret_cast(pidRef->Value().data()); - } - - Keychain thisKeychain = 0; - Item thisItem; - list eventCallbacks; - - { - // Lock the global API lock before doing stuff with StorageManager. - StLock _(globals().apiLock); - - // make sure we have a database identifier - if (dictionary.FindByName (SSUID_KEY) != 0) - { - DLDbIdentifier dbid = NameValueDictionary::MakeDLDbIdentifierFromNameValueDictionary (dictionary); - thisKeychain = globals().storageManager.keychain(dbid); - } - - const NameValuePair* item = dictionary.FindByName(ITEM_KEY); - - if (item && thisKeychain) - { - PrimaryKey pk(item->Value()); - thisItem = thisKeychain->item(pk); - } - - // Deal with events that we care about ourselves first. - if (thisEvent == kSecDeleteEvent && thisKeychain.get() && thisItem.get()) - thisKeychain->didDeleteItem(thisItem.get()); - - eventCallbacks = CCallbackMgr::Instance().mEventCallbacks; - // We can safely release the global API lock now since thisKeychain and thisItem - // are CFRetained and will be until they go out of scope. - } - - // Notify our process of this event. - CCallbackMgr::AlertClients(eventCallbacks, thisEvent, thisPid, thisKeychain, thisItem); -} diff --git a/Keychain/CCallbackMgr.h b/Keychain/CCallbackMgr.h deleted file mode 100644 index 972fd955..00000000 --- a/Keychain/CCallbackMgr.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 1998-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * CCallbackMgr.h -- Code that communicates with processes that install a callback - * with the Keychain Manager to receive keychain events. - */ -#ifndef _SECURITY_CCALLBACKMGR_H_ -#define _SECURITY_CCALLBACKMGR_H_ - -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class CallbackInfo; -class CCallbackMgr; - -class CallbackInfo -{ -public: - ~CallbackInfo(); - CallbackInfo(); - CallbackInfo(SecKeychainCallback inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext); - - bool operator ==(const CallbackInfo& other) const; - bool operator !=(const CallbackInfo& other) const; - - SecKeychainCallback mCallback; - SecKeychainEventMask mEventMask; - void *mContext; -}; - -// typedefs -typedef CallbackInfo *CallbackInfoPtr; -typedef CallbackInfo const *ConstCallbackInfoPtr; - -typedef list::iterator CallbackInfoListIterator; -typedef list::const_iterator ConstCallbackInfoListIterator; - - -class CCallbackMgr : private Observer -{ -public: - - CCallbackMgr(); - ~CCallbackMgr(); - - static CCallbackMgr& Instance(); - - static void AddCallback( SecKeychainCallback inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext); - //static void AddCallbackUPP(KCCallbackUPP inCallbackFunction, KCEventMask inEventMask, void* inContext); - - static void RemoveCallback( SecKeychainCallback inCallbackFunction ); - //static void RemoveCallbackUPP(KCCallbackUPP inCallbackFunction); - static bool HasCallbacks() - { return CCallbackMgr::Instance().mEventCallbacks.size() > 0; }; - -private: - - void Event (Listener::Domain domain, Listener::Event whichEvent, NameValueDictionary &dictionary); - - static void AlertClients(const list &eventCallbacks, SecKeychainEvent inEvent, pid_t inPid, - const Keychain& inKeychain, const Item &inItem); - - list mEventCallbacks; - static CCallbackMgr* mCCallbackMgr; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_CCALLBACKMGR_H_ diff --git a/Keychain/Certificate.cpp b/Keychain/Certificate.cpp deleted file mode 100644 index 60129d9d..00000000 --- a/Keychain/Certificate.cpp +++ /dev/null @@ -1,884 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Certificate.cpp -// -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CLFieldsCommon.h" - - -using namespace KeychainCore; - -CL -Certificate::clForType(CSSM_CERT_TYPE type) -{ - return CL(gGuidAppleX509CL); -} - -Certificate::Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding) : - ItemImpl(CSSM_DL_DB_RECORD_X509_CERTIFICATE, reinterpret_cast(NULL), UInt32(data.Length), reinterpret_cast(data.Data)), - mHaveTypeAndEncoding(true), - mType(type), - mEncoding(encoding), - mCL(clForType(type)), - mCertHandle(0), - mV1SubjectPublicKeyCStructValue(NULL) -{ -} - -// db item contstructor -Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) : - ItemImpl(keychain, primaryKey, uniqueId), - mHaveTypeAndEncoding(false), - mCL(NULL), - mCertHandle(0), - mV1SubjectPublicKeyCStructValue(NULL) -{ -} - -// PrimaryKey item contstructor -Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey) : - ItemImpl(keychain, primaryKey), - mHaveTypeAndEncoding(false), - mCL(NULL), - mCertHandle(0), - mV1SubjectPublicKeyCStructValue(NULL) -{ - // @@@ In this case we don't know the type... -} - -Certificate::Certificate(Certificate &certificate) : - ItemImpl(certificate), - mHaveTypeAndEncoding(certificate.mHaveTypeAndEncoding), - mType(certificate.mType), - mEncoding(certificate.mEncoding), - mCL(certificate.mCL), - mCertHandle(0), - mV1SubjectPublicKeyCStructValue(NULL) -{ -} - -Certificate::~Certificate() throw() -{ - if (mV1SubjectPublicKeyCStructValue) - releaseFieldValue(CSSMOID_X509V1SubjectPublicKeyCStruct, mV1SubjectPublicKeyCStructValue); - - if (mCertHandle && mCL) - CSSM_CL_CertAbortCache(mCL->handle(), mCertHandle); -} - -CSSM_HANDLE -Certificate::certHandle() -{ - const CSSM_DATA *cert = &data(); - if (!mCertHandle) - { - if (CSSM_RETURN retval = CSSM_CL_CertCache(clHandle(), cert, &mCertHandle)) - CssmError::throwMe(retval); - } - - return mCertHandle; -} - -/* Return a zero terminated list of CSSM_DATA_PTR's with the values of the field specified by field. Caller must call releaseFieldValues to free the storage allocated by this call. */ -CSSM_DATA_PTR * -Certificate::copyFieldValues(const CSSM_OID &field) -{ - CSSM_CL_HANDLE clh = clHandle(); - CSSM_DATA_PTR fieldValue, *fieldValues; - CSSM_HANDLE resultsHandle = 0; - uint32 numberOfFields = 0; - CSSM_RETURN result; - - result = CSSM_CL_CertGetFirstCachedFieldValue(clh, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue); - if (result) - { - if (result == CSSMERR_CL_NO_FIELD_VALUES) - return NULL; - - CssmError::throwMe(result); - } - - fieldValues = new CSSM_DATA_PTR[numberOfFields + 1]; - fieldValues[0] = fieldValue; - fieldValues[numberOfFields] = NULL; - - for (uint32 value = 1; value < numberOfFields; ++value) - { - CSSM_RETURN cresult = CSSM_CL_CertGetNextCachedFieldValue(clh, resultsHandle, &fieldValues[value]); - if (cresult) - { - fieldValues[value] = NULL; - result = cresult; - break; // No point in continuing really. - } - } - - if (result) - { - releaseFieldValues(field, fieldValues); - CssmError::throwMe(result); - } - - return fieldValues; -} - -void -Certificate::releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues) -{ - if (fieldValues) - { - CSSM_CL_HANDLE clh = clHandle(); - - for (int ix = 0; fieldValues[ix]; ++ix) - CSSM_CL_FreeFieldValue(clh, &field, fieldValues[ix]); - - delete[] fieldValues; - } -} - -void -Certificate::addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field) -{ - CSSM_DATA_PTR *fieldValues = copyFieldValues(field); - if (fieldValues) - { - CssmDbAttributeData &anAttr = mDbAttributes->add(info); - for (int ix = 0; fieldValues[ix]; ++ix) - anAttr.add(*fieldValues[ix], *mDbAttributes); - - releaseFieldValues(field, fieldValues); - } -} - -/* Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call releaseFieldValue to free the storage allocated by this call. */ -CSSM_DATA_PTR -Certificate::copyFirstFieldValue(const CSSM_OID &field) -{ - CSSM_CL_HANDLE clh = clHandle(); - CSSM_DATA_PTR fieldValue; - CSSM_HANDLE resultsHandle = 0; - uint32 numberOfFields = 0; - CSSM_RETURN result; - - result = CSSM_CL_CertGetFirstCachedFieldValue(clh, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue); - if (result) - { - if (result == CSSMERR_CL_NO_FIELD_VALUES) - return NULL; - - CssmError::throwMe(result); - } - - result = CSSM_CL_CertAbortQuery(clh, resultsHandle); - - if (result) - { - releaseFieldValue(field, fieldValue); - CssmError::throwMe(result); - } - - return fieldValue; -} - -void -Certificate::releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue) -{ - if (fieldValue) - { - CSSM_CL_HANDLE clh = clHandle(); - CSSM_CL_FreeFieldValue(clh, &field, fieldValue); - } -} - - - -/* - This method computes the keyIdentifier for the public key in the cert as - described below: - - The keyIdentifier is composed of the 160-bit SHA-1 hash of the - value of the BIT STRING subjectPublicKey (excluding the tag, - length, and number of unused bits). -*/ -const CssmData & -Certificate::publicKeyHash() -{ - if (mPublicKeyHash.Length) - return mPublicKeyHash; - - CSSM_DATA_PTR keyPtr = copyFirstFieldValue(CSSMOID_CSSMKeyStruct); - if (keyPtr && keyPtr->Data) - { - CssmClient::CSP csp(gGuidAppleCSP); - CssmClient::PassThrough passThrough(csp); - CSSM_KEY *key = reinterpret_cast(keyPtr->Data); - void *outData; - CssmData *cssmData; - - /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the - * associated key blob. - * Key is specified in CSSM_CSP_CreatePassThroughContext. - * Hash is allocated by the CSP, in the App's memory, and returned - * in *outData. */ - passThrough.key(key); - passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); - cssmData = reinterpret_cast(outData); - - assert(cssmData->Length <= sizeof(mPublicKeyHashBytes)); - mPublicKeyHash.Data = mPublicKeyHashBytes; - mPublicKeyHash.Length = cssmData->Length; - memcpy(mPublicKeyHash.Data, cssmData->Data, cssmData->Length); - csp.allocator().free(cssmData->Data); - csp.allocator().free(cssmData); - } - - releaseFieldValue(CSSMOID_CSSMKeyStruct, keyPtr); - - return mPublicKeyHash; -} - -/* - * Given an CSSM_X509_NAME, Find the first name/value pair with - * a printable value which matches the specified OID (e.g., CSSMOID_CommonName). - * Returns NULL if none found. - */ -static const CSSM_DATA * -findPrintableField( - const CSSM_X509_NAME &x509Name, - const CSSM_OID *tvpType) // NULL means "any printable field" -{ - for(uint32 rdnDex=0; rdnDexnumberOfPairs; tvpDex++) { - const CSSM_X509_TYPE_VALUE_PAIR *tvpPtr = - &rdnPtr->AttributeTypeAndValue[tvpDex]; - - /* type/value pair: match caller's specified type? */ - if((tvpType != NULL) && - ((tvpPtr->type.Length != tvpType->Length) || - memcmp(tvpPtr->type.Data, tvpType->Data, tvpType->Length))) { - continue; - } - - /* printable? */ - switch(tvpPtr->valueType) { - case BER_TAG_PRINTABLE_STRING: - case BER_TAG_IA5_STRING: - case BER_TAG_T61_STRING: - case BER_TAG_PKIX_UTF8_STRING: - /* success */ - return &tvpPtr->value; - default: - break; - } - } /* for each pair */ - } /* for each RDN */ - - /* no printable component of specified type found */ - return NULL; -} - -/* - * Infer printable label for a given an CSSM_X509_NAME. Returns NULL - * if no appropriate printable name found. - */ -const CSSM_DATA *SecInferLabelFromX509Name( - const CSSM_X509_NAME *x509Name) -{ - const CSSM_DATA *printValue; - /* - * Search order (take the first one found with a printable - * value): - * -- common name - * -- Orgnaizational Unit - * -- Organization - * -- field of any kind - */ - printValue = findPrintableField(*x509Name, &CSSMOID_CommonName); - if(printValue != NULL) { - return printValue; - } - printValue = findPrintableField(*x509Name, &CSSMOID_OrganizationalUnitName); - if(printValue != NULL) { - return printValue; - } - printValue = findPrintableField(*x509Name, &CSSMOID_OrganizationName); - if(printValue != NULL) { - return printValue; - } - /* take anything */ - return findPrintableField(*x509Name, NULL); -} - -void -Certificate::inferLabel(bool addLabel, CFStringRef *rtnString) -{ - // Set PrintName and optionally the Alias attribute for this certificate, based on the - // X509 SubjectAltName and SubjectName. - const CSSM_DATA *printName = NULL; - std::vector emailAddresses; - CSSM_DATA puntData; - - // Find the SubjectAltName fields, if any, and extract all the GNT_RFC822Name entries from all of them - const CSSM_OID &sanOid = CSSMOID_SubjectAltName; - CSSM_DATA_PTR *sanValues = copyFieldValues(sanOid); - const CSSM_OID &snOid = CSSMOID_X509V1SubjectNameCStruct; - CSSM_DATA_PTR snValue = copyFirstFieldValue(snOid); - - getEmailAddresses(sanValues, snValue, emailAddresses); - - if (snValue && snValue->Data) - { - const CSSM_X509_NAME &x509Name = *(const CSSM_X509_NAME *)snValue->Data; - printName = SecInferLabelFromX509Name(&x509Name); - } - - if (printName == NULL) - { - /* If the we couldn't find a label use the emailAddress instead. */ - if (!emailAddresses.empty()) - printName = &emailAddresses[0]; - else - { - /* punt! */ - puntData.Data = (uint8 *)"X509 Certificate"; - puntData.Length = 16; - printName = &puntData; - } - } - - /* If we couldn't find an email address just use the printName which might be the url or something else useful. */ - if (emailAddresses.empty()) - emailAddresses.push_back(CssmData::overlay(*printName)); - - /* Do a check to see if a '\0' was at the end of printName and strip it. */ - CssmData cleanedUpPrintName(printName->Data, printName->Length); - if (cleanedUpPrintName.Length && cleanedUpPrintName.Data[cleanedUpPrintName.Length - 1] == '\0') - cleanedUpPrintName.Length--; - - /* What do we do with the inferred label - return it or add it mDbAttributes? */ - if (addLabel) - { - mDbAttributes->add(Schema::kX509CertificatePrintName, cleanedUpPrintName); - CssmDbAttributeData &attrData = mDbAttributes->add(Schema::kX509CertificateAlias); - - /* Add the email addresses to attrData and normalize them. */ - uint32 ix = 0; - for (std::vector::const_iterator it = emailAddresses.begin(); it != emailAddresses.end(); ++it, ++ix) - { - /* Add the email address using the allocator from mDbAttributes. */ - attrData.add(*it, *mDbAttributes); - /* Normalize the emailAddresses in place since attrData already copied it. */ - normalizeEmailAddress(attrData.Value[ix]); - } - } - - if (rtnString) - { - /* Encoding is kCFStringEncodingUTF8 since the string is either - PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */ - *rtnString = CFStringCreateWithBytes(NULL, cleanedUpPrintName.Data, - (CFIndex)cleanedUpPrintName.Length, kCFStringEncodingUTF8, true); - } - - // Clean up - if (snValue) - releaseFieldValue(snOid, snValue); - if (sanValues) - releaseFieldValues(sanOid, sanValues); -} - -void -Certificate::populateAttributes() -{ - addParsedAttribute(Schema::attributeInfo(kSecSubjectItemAttr), CSSMOID_X509V1SubjectName); - addParsedAttribute(Schema::attributeInfo(kSecIssuerItemAttr), CSSMOID_X509V1IssuerName); - addParsedAttribute(Schema::attributeInfo(kSecSerialNumberItemAttr), CSSMOID_X509V1SerialNumber); - - addParsedAttribute(Schema::attributeInfo(kSecSubjectKeyIdentifierItemAttr), CSSMOID_SubjectKeyIdentifier); - - if(!mHaveTypeAndEncoding) - MacOSError::throwMe(errSecDataNotAvailable); // @@@ Or some other error. - - // Adjust mType based on the actual version of the cert. - CSSM_DATA_PTR versionPtr = copyFirstFieldValue(CSSMOID_X509V1Version); - if (versionPtr && versionPtr->Data && versionPtr->Length == sizeof(uint32)) - { - mType = CSSM_CERT_X_509v1 + (*reinterpret_cast(versionPtr->Data)); - } - else - mType = CSSM_CERT_X_509v1; - - releaseFieldValue(CSSMOID_X509V1Version, versionPtr); - - mDbAttributes->add(Schema::attributeInfo(kSecCertTypeItemAttr), mType); - mDbAttributes->add(Schema::attributeInfo(kSecCertEncodingItemAttr), mEncoding); - mDbAttributes->add(Schema::attributeInfo(kSecPublicKeyHashItemAttr), publicKeyHash()); - inferLabel(true); -} - -const CssmData & -Certificate::data() -{ - CssmDataContainer *data = mData.get(); - if (!data && mKeychain) - { - // Make sure mUniqueId is set. - dbUniqueRecord(); - data = new CssmDataContainer(); - mData.reset(data); - mUniqueId->get(NULL, data); - } - - // If the data hasn't been set we can't return it. - if (!data) - MacOSError::throwMe(errSecDataNotAvailable); - - return *data; -} - -CSSM_CERT_TYPE -Certificate::type() -{ - if (!mHaveTypeAndEncoding) - { - SecKeychainAttribute attr; - attr.tag = kSecCertTypeItemAttr; - attr.data = &mType; - attr.length = sizeof(mType); - getAttribute(attr, NULL); - } - - return mType; -} - -CSSM_CERT_ENCODING -Certificate::encoding() -{ - if (!mHaveTypeAndEncoding) - { - SecKeychainAttribute attr; - attr.tag = kSecCertEncodingItemAttr; - attr.data = &mEncoding; - attr.length = sizeof(mEncoding); - getAttribute(attr, NULL); - } - - return mEncoding; -} - -const CSSM_X509_ALGORITHM_IDENTIFIER * -Certificate::algorithmID() -{ - if (!mV1SubjectPublicKeyCStructValue) - mV1SubjectPublicKeyCStructValue = copyFirstFieldValue(CSSMOID_X509V1SubjectPublicKeyCStruct); - - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *info = (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)mV1SubjectPublicKeyCStructValue->Data; - CSSM_X509_ALGORITHM_IDENTIFIER *algid = &info->algorithm; - return algid; -} - -CFStringRef -Certificate::commonName() -{ - CFStringRef rtnString; - const CSSM_OID &fieldOid = CSSMOID_X509V1SubjectNameCStruct; - CSSM_DATA_PTR fieldValue = copyFirstFieldValue(fieldOid); - CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue->Data; - const CSSM_DATA *printValue = NULL; - if (fieldValue && fieldValue->Data) - printValue = findPrintableField(*x509Name, &CSSMOID_CommonName); - - if (printValue == NULL) - rtnString = NULL; - else - { - /* Encoding is kCFStringEncodingUTF8 since the string is either - PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */ - rtnString = CFStringCreateWithBytes(NULL, printValue->Data, - (CFIndex)printValue->Length, kCFStringEncodingUTF8, true); - } - - releaseFieldValue(CSSMOID_X509V1SubjectNameCStruct, fieldValue); - - return rtnString; -} - -/* - * Return a CFString containing the first email addresses for this certificate, based on the - * X509 SubjectAltName and SubjectName. - */ -CFStringRef -Certificate::copyFirstEmailAddress() -{ - CFStringRef rtnString; - - const CSSM_OID &sanOid = CSSMOID_SubjectAltName; - CSSM_DATA_PTR *sanValues = copyFieldValues(sanOid); - const CSSM_OID &snOid = CSSMOID_X509V1SubjectNameCStruct; - CSSM_DATA_PTR snValue = copyFirstFieldValue(snOid); - std::vector emailAddresses; - - getEmailAddresses(sanValues, snValue, emailAddresses); - if (emailAddresses.empty()) - rtnString = NULL; - else - { - /* Encoding is kCFStringEncodingUTF8 since the string is either - PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */ - rtnString = CFStringCreateWithBytes(NULL, emailAddresses[0].Data, - (CFIndex)emailAddresses[0].Length, kCFStringEncodingUTF8, true); - } - - // Clean up - if (snValue) - releaseFieldValue(snOid, snValue); - if (sanValues) - releaseFieldValues(sanOid, sanValues); - - return rtnString; -} - -/* - * Return a CFArray containing the email addresses for this certificate, based on the - * X509 SubjectAltName and SubjectName. - */ -CFArrayRef -Certificate::copyEmailAddresses() -{ - CFMutableArrayRef array = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - std::vector emailAddresses; - - // Find the SubjectAltName fields, if any, and extract all the GNT_RFC822Name entries from all of them - const CSSM_OID &sanOid = CSSMOID_SubjectAltName; - CSSM_DATA_PTR *sanValues = copyFieldValues(sanOid); - - const CSSM_OID &snOid = CSSMOID_X509V1SubjectNameCStruct; - CSSM_DATA_PTR snValue = copyFirstFieldValue(snOid); - - getEmailAddresses(sanValues, snValue, emailAddresses); - - for (std::vector::const_iterator it = emailAddresses.begin(); it != emailAddresses.end(); ++it) - { - /* Encoding is kCFStringEncodingUTF8 since the string is either - PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */ - CFStringRef string = CFStringCreateWithBytes(NULL, it->Data, static_cast(it->Length), kCFStringEncodingUTF8, true); - CFArrayAppendValue(array, string); - CFRelease(string); - } - - // Clean up - if (snValue) - releaseFieldValue(snOid, snValue); - if (sanValues) - releaseFieldValues(sanOid, sanValues); - - return array; -} - -void -Certificate::getSubject(CSSM_X509_NAME &outSubject) -{ -} - -void -Certificate::getIssuer(CSSM_X509_NAME &outName) -{ -} - -CSSM_CL_HANDLE -Certificate::clHandle() -{ - if (!mCL) - mCL = clForType(type()); - - return mCL->handle(); -} - -bool -Certificate::operator < (Certificate &other) -{ - return data() < other.data(); -} - -bool -Certificate::operator == (Certificate &other) -{ - return data() == other.data(); -} - -void -Certificate::update() -{ - ItemImpl::update(); -} - -Item -Certificate::copyTo(const Keychain &keychain, Access *newAccess) -{ - /* Certs can't have access controls. */ - if (newAccess) - MacOSError::throwMe(errSecNoAccessForItem); - - Item item(new Certificate(data(), type(), encoding())); - keychain->add(item); - return item; -} - -void -Certificate::didModify() -{ -} - -PrimaryKey -Certificate::add(Keychain &keychain) -{ - // If we already have a Keychain we can't be added. - if (mKeychain) - MacOSError::throwMe(errSecDuplicateItem); - - populateAttributes(); - - CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); - - Db db(keychain->database()); - // add the item to the (regular) db - try - { - mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); - } - catch (const CssmError &e) - { - if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE) - throw; - - // Create the cert relation and try again. - db->createRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE, "CSSM_DL_DB_RECORD_X509_CERTIFICATE", - Schema::X509CertificateSchemaAttributeCount, - Schema::X509CertificateSchemaAttributeList, - Schema::X509CertificateSchemaIndexCount, - Schema::X509CertificateSchemaIndexList); - keychain->resetSchema(); - - mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); - } - - mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); - mKeychain = keychain; - - return mPrimaryKey; -} - -SecPointer -Certificate::publicKey() -{ - SecPointer keyItem; - // Return a CSSM_DATA_PTR with the value of the first field specified by field. - // Caller must call releaseFieldValue to free the storage allocated by this call. - // call OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey); to retrieve - - CSSM_DATA_PTR keyPtr = copyFirstFieldValue(CSSMOID_CSSMKeyStruct); - if (keyPtr && keyPtr->Data) - { - CssmClient::CSP csp(gGuidAppleCSP); - CssmKey *cssmKey = reinterpret_cast(keyPtr->Data); - CssmClient::Key key(csp, *cssmKey); - keyItem = new KeyItem(key); - // Clear out KeyData since KeyItem() takes over ownership of the key, and we don't want it getting released. - cssmKey->KeyData.Data = NULL; - cssmKey->KeyData.Length = 0; - } - - releaseFieldValue(CSSMOID_CSSMKeyStruct, keyPtr); - - return keyItem; -} - -KCCursor -Certificate::cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber) -{ - CssmAutoData fieldValue(CssmAllocator::standard(CssmAllocator::normal)); - uint32 numFields; - - // We need to decode issuer, normalize it, then re-encode it - if (!getField_normRDN_NSS(issuer, numFields, fieldValue)) - MacOSError::throwMe(errSecDataNotAvailable); - - // Code basically copied from SecKeychainSearchCreateFromAttributes and SecKeychainSearchCopyNext: - KCCursor cursor(keychains, kSecCertificateItemClass, NULL); - cursor->conjunctive(CSSM_DB_AND); - cursor->add(CSSM_DB_EQUAL, Schema::kX509CertificateIssuer, fieldValue.get()); - cursor->add(CSSM_DB_EQUAL, Schema::kX509CertificateSerialNumber, serialNumber); - - return cursor; -} - -KCCursor -Certificate::cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID) -{ - KCCursor cursor(keychains, kSecCertificateItemClass, NULL); - cursor->conjunctive(CSSM_DB_AND); - cursor->add(CSSM_DB_EQUAL, Schema::kX509CertificateSubjectKeyIdentifier, subjectKeyID); - - return cursor; -} - -KCCursor -Certificate::cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress) -{ - KCCursor cursor(keychains, kSecCertificateItemClass, NULL); - if (emailAddress) - { - cursor->conjunctive(CSSM_DB_AND); - CssmSelectionPredicate &pred = cursor->add(CSSM_DB_EQUAL, Schema::kX509CertificateAlias, emailAddress); - /* Normalize the emailAddresses in place since cursor already copied it. */ - normalizeEmailAddress(pred.Attribute.Value[0]); - } - - return cursor; -} - -SecPointer -Certificate::findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber) -{ - Item item; - if (!cursorForIssuerAndSN(keychains, issuer, serialNumber)->next(item)) - CssmError::throwMe(errSecItemNotFound); - - return static_cast(&*item); -} - -SecPointer -Certificate::findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID) -{ - Item item; - if (!cursorForSubjectKeyID(keychains, subjectKeyID)->next(item)) - CssmError::throwMe(errSecItemNotFound); - - return static_cast(&*item); -} - -SecPointer -Certificate::findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress) -{ - Item item; - if (!cursorForEmail(keychains, emailAddress)->next(item)) - CssmError::throwMe(errSecItemNotFound); - - return static_cast(&*item); -} - -/* Normalize emailAddresses in place. */ -void -Certificate::normalizeEmailAddress(CSSM_DATA &emailAddress) -{ - /* Do a check to see if a '\0' was at the end of emailAddress and strip it. */ - if (emailAddress.Length && emailAddress.Data[emailAddress.Length - 1] == '\0') - emailAddress.Length--; - bool foundAt = false; - for (uint32 ix = 0; ix < emailAddress.Length; ++ix) - { - uint8 ch = emailAddress.Data[ix]; - if (foundAt) - { - if ('A' <= ch && ch <= 'Z') - emailAddress.Data[ix] = ch + 'a' - 'A'; - } - else if (ch == '@') - foundAt = true; - } -} - -void -Certificate::getEmailAddresses(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, std::vector &emailAddresses) -{ - // Get the email addresses for this certificate, based on the - // X509 SubjectAltName and SubjectName. - - // Find the SubjectAltName fields, if any, and extract all the GNT_RFC822Name entries from all of them - if (sanValues) - { - for (CSSM_DATA_PTR *sanIx = sanValues; *sanIx; ++sanIx) - { - CSSM_DATA_PTR sanValue = *sanIx; - if (sanValue && sanValue->Data) - { - CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)sanValue->Data; - CE_GeneralNames *parsedValue = (CE_GeneralNames *)cssmExt->value.parsedValue; - - /* Grab all the values that are of type GNT_RFC822Name. */ - for (uint32 i = 0; i < parsedValue->numNames; ++i) - { - if (parsedValue->generalName[i].nameType == GNT_RFC822Name) - { - if (parsedValue->generalName[i].berEncoded) // can't handle this - continue; - - emailAddresses.push_back(CssmData::overlay(parsedValue->generalName[i].name)); - } - } - } - } - } - - if (emailAddresses.empty() && snValue && snValue->Data) - { - const CSSM_X509_NAME &x509Name = *(const CSSM_X509_NAME *)snValue->Data; - for (uint32 rdnDex = 0; rdnDex < x509Name.numberOfRDNs; rdnDex++) - { - const CSSM_X509_RDN *rdnPtr = - &x509Name.RelativeDistinguishedName[rdnDex]; - for (uint32 tvpDex = 0; tvpDex < rdnPtr->numberOfPairs; tvpDex++) - { - const CSSM_X509_TYPE_VALUE_PAIR *tvpPtr = - &rdnPtr->AttributeTypeAndValue[tvpDex]; - - /* type/value pair: match caller's specified type? */ - if (((tvpPtr->type.Length != CSSMOID_EmailAddress.Length) || - memcmp(tvpPtr->type.Data, CSSMOID_EmailAddress.Data, CSSMOID_EmailAddress.Length))) { - continue; - } - - /* printable? */ - switch (tvpPtr->valueType) - { - case BER_TAG_PRINTABLE_STRING: - case BER_TAG_IA5_STRING: - case BER_TAG_T61_STRING: - case BER_TAG_PKIX_UTF8_STRING: - /* success */ - emailAddresses.push_back(CssmData::overlay(tvpPtr->value)); - break; - default: - break; - } - } /* for each pair */ - } /* for each RDN */ - } -} diff --git a/Keychain/Certificate.h b/Keychain/Certificate.h deleted file mode 100644 index ed052059..00000000 --- a/Keychain/Certificate.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Certificate.h - Certificate objects -// -#ifndef _SECURITY_CERTIFICATE_H_ -#define _SECURITY_CERTIFICATE_H_ - -#include - -#include -// @@@ This should not be here. -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class KeyItem; - -class Certificate : public ItemImpl -{ - NOCOPY(Certificate) -public: - SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef) - - static CL clForType(CSSM_CERT_TYPE type); - - // new item constructor - Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding); - - // db item contstructor - Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); - - // PrimaryKey item contstructor - Certificate(const Keychain &keychain, const PrimaryKey &primaryKey); - - Certificate(Certificate &certificate); - virtual ~Certificate() throw(); - - virtual void update(); - virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL); - virtual void didModify(); // Forget any attributes and data we just wrote to the db - - const CssmData &data(); - CSSM_CERT_TYPE type(); - CSSM_CERT_ENCODING encoding(); - CFStringRef commonName(); - CFStringRef copyFirstEmailAddress(); - CFArrayRef copyEmailAddresses(); - void getSubject(CSSM_X509_NAME &outSubject); - void getIssuer(CSSM_X509_NAME &outName); - const CSSM_X509_ALGORITHM_IDENTIFIER *algorithmID(); - CSSM_CL_HANDLE clHandle(); - void inferLabel(bool addLabel, CFStringRef *rtnString = NULL); - SecPointer publicKey(); - const CssmData &publicKeyHash(); - - static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber); - static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID); - static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress); - - static SecPointer findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber); - static SecPointer findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID); - static SecPointer findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress); - - static void normalizeEmailAddress(CSSM_DATA &emailAddress); - static void getEmailAddresses(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, std::vector &emailAddresses); - - bool operator < (Certificate &other); - bool operator == (Certificate &other); - -public: - CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field); - void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue); - - CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field); - void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues); - -protected: - virtual PrimaryKey add(Keychain &keychain); - CSSM_HANDLE certHandle(); - - void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field); - - void populateAttributes(); - -private: - bool mHaveTypeAndEncoding; - CSSM_CERT_TYPE mType; - CSSM_CERT_ENCODING mEncoding; - CssmClient::CL mCL; - CSSM_HANDLE mCertHandle; - CssmData mPublicKeyHash; - uint8 mPublicKeyHashBytes[20]; - CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking. -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_CERTIFICATE_H_ diff --git a/Keychain/CertificateRequest.cpp b/Keychain/CertificateRequest.cpp deleted file mode 100644 index 6ea5c5bc..00000000 --- a/Keychain/CertificateRequest.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// CertificateRequest.cpp -// -#include - -using namespace KeychainCore; - -CertificateRequest::CertificateRequest(int a) -{ -} - -CertificateRequest::~CertificateRequest() throw() -{ -} diff --git a/Keychain/CertificateRequest.h b/Keychain/CertificateRequest.h deleted file mode 100644 index 9718f227..00000000 --- a/Keychain/CertificateRequest.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// CertificateRequest.h -// -#ifndef _SECURITY_CERTIFICATEREQUEST_H_ -#define _SECURITY_CERTIFICATEREQUEST_H_ - -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class CertificateRequest : public SecCFObject -{ - NOCOPY(CertificateRequest) -public: - SECCFFUNCTIONS(CertificateRequest, SecCertificateRequestRef, errSecInvalidItemRef) - - CertificateRequest(int a); - virtual ~CertificateRequest() throw(); - -private: -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_CERTIFICATEREQUEST_H_ diff --git a/Keychain/Certificates.cpp b/Keychain/Certificates.cpp deleted file mode 100644 index f8f60fff..00000000 --- a/Keychain/Certificates.cpp +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: Certificates.cpp - - Contains: Working with Certificates - - Copyright: 2002 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#include -#include //%%%should be included in Certificates.h - -using namespace KeychainCore; - -void CertificateImpl::CertificateImplCommonInit(CSSM_CERT_TYPE type) -{ - mType = type; - mCLReference = NULL; - // - // Create a CL reference for this certificate type. - // %%%find us the 1st CL reference we can find for this cert type (this can change) - // - CertLibCursorImpl* cursor = NULL; - cursor = new CertLibCursorImpl(type); - if (!cursor) - MacOSError::throwMe(errSecItemNotFound/*%%%*/); - - CertLib certLib;//%%%allocated on the stack?! - if (!cursor->next(certLib)) - { - delete cursor; - MacOSError::throwMe(errSecItemNotFound/*%%%*/); - } - delete cursor; - - mCLReference = CertLibRef::handle(certLib); // 'tis a SecCertificateLibraryRef -} - -CertificateImpl::CertificateImpl(const CSSM_DATA* data, CSSM_CERT_TYPE type): - mItem(NULL) -{ - CertificateImplCommonInit(type); - (void*)mData.Data = malloc(data->Length); - memcpy(mData.Data, data->Data, data->Length); - mData.Length = data->Length; -} - -CertificateImpl::CertificateImpl(SecKeychainItemRef item, CSSM_CERT_TYPE type) -{ - CertificateImplCommonInit(type); - mItem = item; - SecRetain(item); - mData.Data = NULL; - mData.Length = 0; -} - -CertificateImpl::~CertificateImpl() -{ - if (mData.Data) - { - if (mItem) - SecKeychainItemFreeContent(NULL, mData.Data); // free if copied via SecKeychainItemCopyContent. - else - free(mData.Data); // free if copied from the caller when cert ref was created. - } - if (mItem) - SecRelease(mItem); - - if (mCLReference) - SecRelease(mCLReference); -} - -CSSM_DATA* CertificateImpl::getData() -{ - if (mItem) - { - if (mData.Data) - SecKeychainItemFreeContent(NULL, mData.Data); - - OSStatus result = SecKeychainItemCopyContent(mItem, NULL, NULL, &mData.Length, (void**)&(mData.Data)); - if (result) - MacOSError::throwMe(result); - } // otherwise, return the data originally specified when the cert ref was created. - return &mData; -} - -CSSM_X509_NAME* CertificateImpl::getSubject() -{ - return NULL;//%%%use mCLReference to get subject -} - -CSSM_X509_NAME* CertificateImpl::getIssuer() -{ - return NULL;//%%%use mCLReference to get issuer -} diff --git a/Keychain/DLDBListCFPref.cpp b/Keychain/DLDBListCFPref.cpp deleted file mode 100644 index 5bce8449..00000000 --- a/Keychain/DLDBListCFPref.cpp +++ /dev/null @@ -1,842 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - DLDBListCFPref.cpp -*/ - -#include "DLDBListCFPref.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace CssmClient; - -static const double kDLDbListCFPrefRevertInterval = 30.0; - -// normal debug calls, which get stubbed out for deployment builds -#define x_debug(str) secdebug("KClogin",(str)) -#define x_debug1(fmt,arg1) secdebug("KClogin",(fmt),(arg1)) -#define x_debug2(fmt,arg1,arg2) secdebug("KClogin",(fmt),(arg1),(arg2)) - -#define kKeyGUID CFSTR("GUID") -#define kKeySubserviceId CFSTR("SubserviceId") -#define kKeySubserviceType CFSTR("SubserviceType") -#define kKeyDbName CFSTR("DbName") -#define kKeyDbLocation CFSTR("DbLocation") -#define kKeyActive CFSTR("Active") -#define kKeyMajorVersion CFSTR("MajorVersion") -#define kKeyMinorVersion CFSTR("MinorVersion") -#define kDefaultDLDbListKey CFSTR("DLDBSearchList") -#define kDefaultKeychainKey CFSTR("DefaultKeychain") -#define kLoginKeychainKey CFSTR("LoginKeychain") -#define kUserDefaultPath "~/Library/Preferences/com.apple.security.plist" -#define kSystemDefaultPath "/Library/Preferences/com.apple.security.plist" -#define kCommonDefaultPath "/Library/Preferences/com.apple.security-common.plist" -#define kLoginKeychainPathPrefix "~/Library/Keychains/" -#define kUserLoginKeychainPath "~/Library/Keychains/login.keychain" -#define kSystemLoginKeychainPath "/Library/Keychains/System.keychain" - - -// A utility class for managing password database lookups - -const time_t kPasswordCacheExpire = 30; // number of seconds cached password db info is valid - -PasswordDBLookup::PasswordDBLookup () : mValid (false), mCurrent (0), mTime (0) -{ -} - -void PasswordDBLookup::lookupInfoOnUID (uid_t uid) -{ - time_t currentTime = time (NULL); - - if (!mValid || uid != mCurrent || currentTime - mTime >= kPasswordCacheExpire) - { - struct passwd* pw = getpwuid(uid); - if (pw == NULL) - { - UnixError::throwMe (EPERM); - } - - mDirectory = pw->pw_dir; - mName = pw->pw_name; - mValid = true; - mCurrent = uid; - mTime = currentTime; - - x_debug2("PasswordDBLookup::lookupInfoOnUID: uid=%d caching home=%s", uid, pw->pw_dir); - - endpwent(); - } -} - -PasswordDBLookup *DLDbListCFPref::mPdbLookup = NULL; - -//------------------------------------------------------------------------------------- -// -// Lists of DL/DBs, with CFPreferences backing store -// -//------------------------------------------------------------------------------------- - -DLDbListCFPref::DLDbListCFPref(SecPreferencesDomain domain) : mDomain(domain), mPropertyList(NULL), mChanged(false), - mSearchListSet(false), mDefaultDLDbIdentifierSet(false), mLoginDLDbIdentifierSet(false) -{ - x_debug2("New DLDbListCFPref %p for domain %d", this, domain); - loadPropertyList(true); -} - -void DLDbListCFPref::set(SecPreferencesDomain domain) -{ - save(); - - mDomain = domain; - - x_debug2("DLDbListCFPref %p domain set to %d", this, domain); - - if (loadPropertyList(true)) - resetCachedValues(); -} - -DLDbListCFPref::~DLDbListCFPref() -{ - save(); - - x_debug1("~DLDbListCFPref %p", this); - - if (mPropertyList) - CFRelease(mPropertyList); -} - -bool -DLDbListCFPref::loadPropertyList(bool force) -{ - string prefsPath; - - switch (mDomain) - { - case kSecPreferencesDomainUser: - prefsPath = ExpandTildesInPath(kUserDefaultPath); - break; - case kSecPreferencesDomainSystem: - prefsPath = kSystemDefaultPath; - break; - case kSecPreferencesDomainCommon: - prefsPath = kCommonDefaultPath; - break; - default: - MacOSError::throwMe(errSecInvalidPrefsDomain); - } - - x_debug2("DLDbListCFPref::loadPropertyList: force=%s prefsPath=%s", force ? "true" : "false", - prefsPath.c_str()); - - CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); - - // If for some reason the prefs file path has changed, blow away the old plist and force an update - if (mPrefsPath != prefsPath) - { - mPrefsPath = prefsPath; - if (mPropertyList) - { - CFRelease(mPropertyList); - mPropertyList = NULL; - } - - mPrefsTimeStamp = now; - } - else if (!force) - { - if (now - mPrefsTimeStamp < kDLDbListCFPrefRevertInterval) - return false; - - mPrefsTimeStamp = now; - } - - struct stat st; - if (stat(mPrefsPath.c_str(), &st)) - { - if (errno == ENOENT) - { - if (mPropertyList) - { - if (CFDictionaryGetCount(mPropertyList) == 0) - return false; - CFRelease(mPropertyList); - } - - mPropertyList = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - return true; - } - } - else - { - if (mPropertyList) - { - if (mTimespec.tv_sec == st.st_mtimespec.tv_sec - && mTimespec.tv_nsec == st.st_mtimespec.tv_nsec) - return false; - } - - mTimespec = st.st_mtimespec; - } - - CFMutableDictionaryRef thePropertyList = NULL; - CFMutableDataRef xmlData = NULL; - CFStringRef errorString = NULL; - int fd = -1; - - do - { - fd = open(mPrefsPath.c_str(), O_RDONLY, 0); - if (fd < 0) - break; - - off_t theSize = lseek(fd, 0, SEEK_END); - if (theSize <= 0) - break; - - if (lseek(fd, 0, SEEK_SET)) - break; - - xmlData = CFDataCreateMutable(NULL, CFIndex(theSize)); - if (!xmlData) - break; - CFDataSetLength(xmlData, CFIndex(theSize)); - void *buffer = reinterpret_cast(CFDataGetMutableBytePtr(xmlData)); - if (!buffer) - break; - ssize_t bytesRead = read(fd, buffer, theSize); - if (bytesRead != theSize) - break; - - thePropertyList = CFMutableDictionaryRef(CFPropertyListCreateFromXMLData(NULL, xmlData, kCFPropertyListMutableContainers, &errorString)); - if (!thePropertyList) - break; - - if (CFGetTypeID(thePropertyList) != CFDictionaryGetTypeID()) - { - CFRelease(thePropertyList); - thePropertyList = NULL; - break; - } - } while (0); - - if (fd >= 0) - close(fd); - if (xmlData) - CFRelease(xmlData); - if (errorString) - CFRelease(errorString); - - if (!thePropertyList) - { - thePropertyList = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - } - - if (mPropertyList) - { - if (CFEqual(mPropertyList, thePropertyList)) - { - // The new property list is the same as the old one, so nothing has changed. - CFRelease(thePropertyList); - return false; - } - CFRelease(mPropertyList); - } - - mPropertyList = thePropertyList; - return true; -} - -void -DLDbListCFPref::writePropertyList() -{ - if (!mPropertyList || CFDictionaryGetCount(mPropertyList) == 0) - { - // There is nothing in the mPropertyList dictionary, - // so we don't need a prefs file. - unlink(mPrefsPath.c_str()); - } - else - { - CFDataRef xmlData = CFPropertyListCreateXMLData(NULL, mPropertyList); - if (!xmlData) - return; // Bad out of memory or something evil happened let's act like CF and do nothing. - - mode_t mode = 0666; - int fd = open(mPrefsPath.c_str(), O_WRONLY|O_CREAT|O_TRUNC, mode); - if (fd >= 0) - { - const void *buffer = CFDataGetBytePtr(xmlData); - size_t toWrite = CFDataGetLength(xmlData); - /* ssize_t bytesWritten = */ write(fd, buffer, toWrite); - // Emulate CFPreferences by not checking for any errors. - - fsync(fd); - struct stat st; - if (!fstat(fd, &st)) - mTimespec = st.st_mtimespec; - - close(fd); - } - - CFRelease(xmlData); - } - - mPrefsTimeStamp = CFAbsoluteTimeGetCurrent(); -} - -void -DLDbListCFPref::resetCachedValues() -{ - // Unset the login and default Keychain. - mLoginDLDbIdentifier = mDefaultDLDbIdentifier = DLDbIdentifier(); - - // Clear the searchList. - mSearchList.clear(); - - changed(false); - - // Note that none of our cached values are valid - mSearchListSet = mDefaultDLDbIdentifierSet = mLoginDLDbIdentifierSet = false; - - mPrefsTimeStamp = CFAbsoluteTimeGetCurrent(); -} - -void DLDbListCFPref::save() -{ - if (!hasChanged()) - return; - - // Resync from disc to make sure we don't clobber anyone elses changes. - // @@@ This is probably already done by the next layer up so we don't - // really need to do it here again. - loadPropertyList(true); - - // Do the searchList first since it might end up invoking defaultDLDbIdentifier() which can set - // mLoginDLDbIdentifierSet and mDefaultDLDbIdentifierSet to true. - if (mSearchListSet) - { - // Make a temporary CFArray with the contents of the vector - if (mSearchList.size() == 1 && mSearchList[0] == defaultDLDbIdentifier() && mSearchList[0] == LoginDLDbIdentifier()) - { - // The only element in the search list is the default keychain, which is a - // post Jaguar style login keychain, so omit the entry from the prefs file. - CFDictionaryRemoveValue(mPropertyList, kDefaultDLDbListKey); - } - else - { - CFMutableArrayRef searchArray = CFArrayCreateMutable(kCFAllocatorDefault, mSearchList.size(), &kCFTypeArrayCallBacks); - for (DLDbList::const_iterator ix=mSearchList.begin();ix!=mSearchList.end();ix++) - { - CFDictionaryRef aDict = dlDbIdentifierToCFDictionaryRef(*ix); - CFArrayAppendValue(searchArray, aDict); - CFRelease(aDict); - } - - CFDictionarySetValue(mPropertyList, kDefaultDLDbListKey, searchArray); - CFRelease(searchArray); - } - } - - if (mLoginDLDbIdentifierSet) - { - // Make a temporary CFArray with the login keychain - CFArrayRef loginArray = NULL; - if (!mLoginDLDbIdentifier) - { - loginArray = CFArrayCreate(kCFAllocatorDefault, NULL, 0, &kCFTypeArrayCallBacks); - } - else if (!(mLoginDLDbIdentifier == LoginDLDbIdentifier()) - && !(mLoginDLDbIdentifier == JaguarLoginDLDbIdentifier())) - { - CFDictionaryRef aDict = dlDbIdentifierToCFDictionaryRef(mLoginDLDbIdentifier); - const void *value = reinterpret_cast(aDict); - loginArray = CFArrayCreate(kCFAllocatorDefault, &value, 1, &kCFTypeArrayCallBacks); - CFRelease(aDict); - } - - if (loginArray) - { - CFDictionarySetValue(mPropertyList, kLoginKeychainKey, loginArray); - CFRelease(loginArray); - } - else - CFDictionaryRemoveValue(mPropertyList, kLoginKeychainKey); - } - - if (mDefaultDLDbIdentifierSet) - { - // Make a temporary CFArray with the default keychain - CFArrayRef defaultArray = NULL; - if (!mDefaultDLDbIdentifier) - { - defaultArray = CFArrayCreate(kCFAllocatorDefault, NULL, 0, &kCFTypeArrayCallBacks); - } - else if (!(mDefaultDLDbIdentifier == LoginDLDbIdentifier())) - { - CFDictionaryRef aDict = dlDbIdentifierToCFDictionaryRef(mDefaultDLDbIdentifier); - const void *value = reinterpret_cast(aDict); - defaultArray = CFArrayCreate(kCFAllocatorDefault, &value, 1, &kCFTypeArrayCallBacks); - CFRelease(aDict); - } - - if (defaultArray) - { - CFDictionarySetValue(mPropertyList, kDefaultKeychainKey, defaultArray); - CFRelease(defaultArray); - } - else - CFDictionaryRemoveValue(mPropertyList, kDefaultKeychainKey); - } - - writePropertyList(); - changed(false); -} - - -//---------------------------------------------------------------------- -// Conversions -//---------------------------------------------------------------------- - -DLDbIdentifier DLDbListCFPref::LoginDLDbIdentifier() -{ - CSSM_VERSION theVersion={}; - CssmSubserviceUid ssuid(gGuidAppleCSPDL,&theVersion,0,CSSM_SERVICE_DL|CSSM_SERVICE_CSP); - CssmNetAddress *dbLocation=NULL; - - switch (mDomain) { - case kSecPreferencesDomainUser: - return DLDbIdentifier(ssuid, ExpandTildesInPath(kUserLoginKeychainPath).c_str(), dbLocation); - default: - assert(false); - case kSecPreferencesDomainSystem: - case kSecPreferencesDomainCommon: - return DLDbIdentifier(ssuid, kSystemLoginKeychainPath, dbLocation); - } -} - -DLDbIdentifier DLDbListCFPref::JaguarLoginDLDbIdentifier() -{ - CSSM_VERSION theVersion={}; - CssmSubserviceUid ssuid(gGuidAppleCSPDL,&theVersion,0,CSSM_SERVICE_DL|CSSM_SERVICE_CSP); - CssmNetAddress *dbLocation=NULL; - - switch (mDomain) { - case kSecPreferencesDomainUser: - { - string basepath = ExpandTildesInPath(kLoginKeychainPathPrefix) + getPwInfo(kUsername); - return DLDbIdentifier(ssuid,basepath.c_str(),dbLocation); - } - case kSecPreferencesDomainSystem: - case kSecPreferencesDomainCommon: - return DLDbIdentifier(ssuid, kSystemLoginKeychainPath, dbLocation); - default: - assert(false); - return DLDbIdentifier(); - } -} - -DLDbIdentifier DLDbListCFPref::cfDictionaryRefToDLDbIdentifier(CFDictionaryRef theDict) -{ - // We must get individual values from the dictionary and store in basic types - if (CFGetTypeID(theDict) != CFDictionaryGetTypeID()) - throw std::logic_error("wrong type in property list"); - - // GUID - CCFValue vGuid(::CFDictionaryGetValue(theDict,kKeyGUID)); - string guidStr=vGuid; - const Guid guid(guidStr.c_str()); - - //CSSM_VERSION - CSSM_VERSION theVersion={0,}; - CCFValue vMajor(::CFDictionaryGetValue(theDict,kKeyMajorVersion)); - theVersion.Major = vMajor; - CCFValue vMinor(::CFDictionaryGetValue(theDict,kKeyMinorVersion)); - theVersion.Minor = vMinor; - - //subserviceId - CCFValue vSsid(::CFDictionaryGetValue(theDict,kKeySubserviceId)); - uint32 subserviceId=sint32(vSsid); - - //CSSM_SERVICE_TYPE - CSSM_SERVICE_TYPE subserviceType=CSSM_SERVICE_DL; - CCFValue vSsType(::CFDictionaryGetValue(theDict,kKeySubserviceType)); - subserviceType=vSsType; - - // Get DbName from dictionary - CCFValue vDbName(::CFDictionaryGetValue(theDict,kKeyDbName)); - string dbName=vDbName; - - // jch Get DbLocation from dictionary - CssmNetAddress *dbLocation=NULL; - - // Create a local CssmSubserviceUid - CssmSubserviceUid ssuid(guid,&theVersion,subserviceId,subserviceType); - - return DLDbIdentifier(ssuid,ExpandTildesInPath(dbName).c_str(),dbLocation); -} - -void DLDbListCFPref::clearPWInfo () -{ - if (mPdbLookup != NULL) - { - delete mPdbLookup; - mPdbLookup = NULL; - } -} - -string DLDbListCFPref::getPwInfo(PwInfoType type) -{ - // Get our effective uid - uid_t uid = geteuid(); - // If we are setuid root use the real uid instead - if (!uid) uid = getuid(); - - // get the password entries - if (mPdbLookup == NULL) - { - mPdbLookup = new PasswordDBLookup (); - } - - mPdbLookup->lookupInfoOnUID (uid); - - string result; - switch (type) - { - case kHomeDir: - result = mPdbLookup->getDirectory (); - break; - case kUsername: - result = mPdbLookup->getName (); - break; - } - - return result; -} - -string DLDbListCFPref::ExpandTildesInPath(const string &inPath) -{ - if ((short)inPath.find("~/",0,2) == 0) - return getPwInfo(kHomeDir) + inPath.substr(1); - else - return inPath; -} - -string DLDbListCFPref::StripPathStuff(const string &inPath) -{ - if (inPath.find("/private/var/automount/Network/",0,31) == 0) - return inPath.substr(22); - if (inPath.find("/private/automount/Servers/",0,27) == 0) - return "/Network" + inPath.substr(18); - if (inPath.find("/automount/Servers/",0,19) == 0) - return "/Network" + inPath.substr(10); - if (inPath.find("/private/automount/Network/",0,27) == 0) - return inPath.substr(18); - if (inPath.find("/automount/Network/",0,19) == 0) - return inPath.substr(10); - if (inPath.find("/private/Network/",0,17) == 0) - return inPath.substr(8); - return inPath; -} - -string DLDbListCFPref::AbbreviatedPath(const string &inPath) -{ - string path = StripPathStuff(inPath); - string home = StripPathStuff(getPwInfo(kHomeDir) + "/"); - size_t homeLen = home.length(); - - if (homeLen > 1 && path.find(home.c_str(), 0, homeLen) == 0) - return "~" + path.substr(homeLen - 1); - else - return path; -} - -CFDictionaryRef DLDbListCFPref::dlDbIdentifierToCFDictionaryRef(const DLDbIdentifier& dldbIdentifier) -{ - CFRef aDict(CFDictionaryCreateMutable(kCFAllocatorDefault,0, - &kCFTypeDictionaryKeyCallBacks,&kCFTypeDictionaryValueCallBacks)); - if (!aDict) - throw ::std::bad_alloc(); - - // Put SUBSERVICE_UID in dictionary - char buffer[Guid::stringRepLength+1]; - const CssmSubserviceUid& ssuid=dldbIdentifier.ssuid(); - const Guid &theGuid = Guid::overlay(ssuid.Guid); - CFRef stringGuid(::CFStringCreateWithCString(kCFAllocatorDefault, - theGuid.toString(buffer),kCFStringEncodingMacRoman)); - if (stringGuid) - ::CFDictionarySetValue(aDict,kKeyGUID,stringGuid); - - if (ssuid.SubserviceId!=0) - { - CFRef subserviceId(::CFNumberCreate(kCFAllocatorDefault,kCFNumberSInt32Type,&ssuid.SubserviceId)); - if (subserviceId) - ::CFDictionarySetValue(aDict,kKeySubserviceId,subserviceId); - } - if (ssuid.SubserviceType!=0) - { - CFRef subserviceType(CFNumberCreate(kCFAllocatorDefault,kCFNumberSInt32Type,&ssuid.SubserviceType)); - if (subserviceType) - ::CFDictionarySetValue(aDict,kKeySubserviceType,subserviceType); - } - if (ssuid.Version.Major!=0 && ssuid.Version.Minor!=0) - { - CFRef majorVersion(::CFNumberCreate(kCFAllocatorDefault,kCFNumberSInt32Type,&ssuid.Version.Major)); - if (majorVersion) - ::CFDictionarySetValue(aDict,kKeyMajorVersion,majorVersion); - CFRef minorVersion(::CFNumberCreate(kCFAllocatorDefault,kCFNumberSInt32Type,&ssuid.Version.Minor)); - if (minorVersion) - ::CFDictionarySetValue(aDict,kKeyMinorVersion,minorVersion); - } - - // Put DbName in dictionary - const char *dbName=dldbIdentifier.dbName(); - if (dbName) - { - CFRef theDbName(::CFStringCreateWithCString(kCFAllocatorDefault,AbbreviatedPath(dbName).c_str(),kCFStringEncodingMacRoman)); - ::CFDictionarySetValue(aDict,kKeyDbName,theDbName); - } - // Put DbLocation in dictionary - const CSSM_NET_ADDRESS *dbLocation=dldbIdentifier.dbLocation(); - if (dbLocation!=NULL && dbLocation->AddressType!=CSSM_ADDR_NONE) - { - CFRef theData(::CFDataCreate(kCFAllocatorDefault,dbLocation->Address.Data,dbLocation->Address.Length)); - if (theData) - ::CFDictionarySetValue(aDict,kKeyDbLocation,theData); - } - - ::CFRetain(aDict); - return aDict; -} - -bool DLDbListCFPref::revert(bool force) -{ - // If the prefs have not been refreshed in the last kDLDbListCFPrefRevertInterval - // seconds or we are asked to force a reload, then reload. - if (!loadPropertyList(force)) - return false; - - resetCachedValues(); - return true; -} - -void -DLDbListCFPref::add(const DLDbIdentifier &dldbIdentifier) -{ - for (vector::const_iterator ix = searchList().begin(); ix != mSearchList.end(); ++ix) - { - if (*ix==dldbIdentifier) // already in list - return; - } - - mSearchList.push_back(dldbIdentifier); - changed(true); -} - -void -DLDbListCFPref::remove(const DLDbIdentifier &dldbIdentifier) -{ - // Make sure mSearchList is set - searchList(); - for (vector::iterator ix = mSearchList.begin(); ix != mSearchList.end(); ++ix) - { - if (*ix==dldbIdentifier) // found in list - { - mSearchList.erase(ix); - changed(true); - break; - } - } -} - -const vector & -DLDbListCFPref::searchList() -{ - if (!mSearchListSet) - { - CFArrayRef searchList = reinterpret_cast(CFDictionaryGetValue(mPropertyList, kDefaultDLDbListKey)); - if (searchList && CFGetTypeID(searchList) != CFArrayGetTypeID()) - searchList = NULL; - - if (searchList) - { - CFIndex top = CFArrayGetCount(searchList); - // Each entry is a CFDictionary; peel it off & add it to the array - for (CFIndex idx = 0; idx < top; ++idx) - { - CFDictionaryRef theDict = reinterpret_cast(CFArrayGetValueAtIndex(searchList, idx)); - try - { - mSearchList.push_back(cfDictionaryRefToDLDbIdentifier(theDict)); - } - catch (...) - { - // Drop stuff that doesn't parse on the floor. - } - } - - // If there were entries specified, but they were invalid revert to using the - // default keychain in the searchlist. - if (top > 0 && mSearchList.size() == 0) - searchList = NULL; - } - - // The default when no search list is specified is to only search the - // default keychain. - if (!searchList && static_cast(defaultDLDbIdentifier())) - mSearchList.push_back(mDefaultDLDbIdentifier); - - mSearchListSet = true; - } - - return mSearchList; -} - -void -DLDbListCFPref::searchList(const vector &searchList) -{ - vector newList(searchList); - mSearchList.swap(newList); - mSearchListSet = true; - changed(true); -} - -void -DLDbListCFPref::defaultDLDbIdentifier(const DLDbIdentifier &dlDbIdentifier) -{ - if (!(defaultDLDbIdentifier() == dlDbIdentifier)) - { - mDefaultDLDbIdentifier = dlDbIdentifier; - changed(true); - } -} - -const DLDbIdentifier & -DLDbListCFPref::defaultDLDbIdentifier() -{ - if (!mDefaultDLDbIdentifierSet) - { - CFArrayRef defaultArray = reinterpret_cast(CFDictionaryGetValue(mPropertyList, kDefaultKeychainKey)); - if (defaultArray && CFGetTypeID(defaultArray) != CFArrayGetTypeID()) - defaultArray = NULL; - - if (defaultArray && CFArrayGetCount(defaultArray) > 0) - { - CFDictionaryRef defaultDict = reinterpret_cast(CFArrayGetValueAtIndex(defaultArray, 0)); - try - { - x_debug("Getting default DLDbIdentifier from defaultDict"); - mDefaultDLDbIdentifier = cfDictionaryRefToDLDbIdentifier(defaultDict); - x_debug1("Now we think the default keychain is %s", (mDefaultDLDbIdentifier) ? mDefaultDLDbIdentifier.dbName() : ""); - } - catch (...) - { - // If defaultArray doesn't parse fall back on the default way of getting the default keychain - defaultArray = NULL; - } - } - - if (!defaultArray) - { - // If the Panther style login keychain actually exists we use that otherwise no - // default is set. - mDefaultDLDbIdentifier = loginDLDbIdentifier(); - x_debug1("Now we think the default keychain is %s", (mDefaultDLDbIdentifier) ? mDefaultDLDbIdentifier.dbName() : ""); - - struct stat st; - int st_result = stat(mDefaultDLDbIdentifier.dbName(), &st); - if (st_result) - { - x_debug2("stat() of %s returned %d", mDefaultDLDbIdentifier.dbName(), st_result); - mDefaultDLDbIdentifier = DLDbIdentifier(); - x_debug1("After DLDbIdentifier(), we think the default keychain is %s", static_cast(mDefaultDLDbIdentifier) ? mDefaultDLDbIdentifier.dbName() : ""); - } - } - - mDefaultDLDbIdentifierSet = true; - } - - return mDefaultDLDbIdentifier; -} - -void -DLDbListCFPref::loginDLDbIdentifier(const DLDbIdentifier &dlDbIdentifier) -{ - if (!(loginDLDbIdentifier() == dlDbIdentifier)) - { - mLoginDLDbIdentifier = dlDbIdentifier; - changed(true); - } -} - -const DLDbIdentifier & -DLDbListCFPref::loginDLDbIdentifier() -{ - if (!mLoginDLDbIdentifierSet) - { - CFArrayRef loginArray = reinterpret_cast(CFDictionaryGetValue(mPropertyList, kLoginKeychainKey)); - if (loginArray && CFGetTypeID(loginArray) != CFArrayGetTypeID()) - loginArray = NULL; - - if (loginArray && CFArrayGetCount(loginArray) > 0) - { - CFDictionaryRef loginDict = reinterpret_cast(CFArrayGetValueAtIndex(loginArray, 0)); - try - { - x_debug("Getting login DLDbIdentifier from loginDict"); - mLoginDLDbIdentifier = cfDictionaryRefToDLDbIdentifier(loginDict); - x_debug1("We think the login keychain is %s", static_cast(mLoginDLDbIdentifier) ? mLoginDLDbIdentifier.dbName() : ""); - } - catch (...) - { - // If loginArray doesn't parse fall back on the default way of getting the login keychain. - loginArray = NULL; - } - } - - if (!loginArray) - { - // If the jaguar login keychain actually exists we use that otherwise no - // login keychain is set. - x_debug("No loginDict found, calling JaguarLoginDLDbIdentifier()"); - mLoginDLDbIdentifier = JaguarLoginDLDbIdentifier(); - x_debug1("After JaguarLoginDLDbIdentifier(), we think the login keychain is %s", static_cast(mLoginDLDbIdentifier) ? mLoginDLDbIdentifier.dbName() : ""); - - struct stat st; - int st_result = stat(mLoginDLDbIdentifier.dbName(), &st); - if (st_result) - { - // Jaguar login Keychain didn't exist, so assume new style one. - x_debug2("stat() of %s returned %d", mLoginDLDbIdentifier.dbName(), st_result); - mLoginDLDbIdentifier = LoginDLDbIdentifier(); - x_debug1("After LoginDLDbIdentifier(), we think the login keychain is %s", static_cast(mLoginDLDbIdentifier) ? mLoginDLDbIdentifier.dbName() : ""); - } - } - - mLoginDLDbIdentifierSet = true; - } - - return mLoginDLDbIdentifier; -} diff --git a/Keychain/DLDBListCFPref.h b/Keychain/DLDBListCFPref.h deleted file mode 100644 index c3199500..00000000 --- a/Keychain/DLDBListCFPref.h +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * DLDBListCFPref.h - */ -#ifndef _SECURITY_DLDBLISTCFPREF_H_ -#define _SECURITY_DLDBLISTCFPREF_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Security -{ - -class PasswordDBLookup -{ -protected: - string mDirectory; - string mName; - bool mValid; - uid_t mCurrent; - time_t mTime; - -public: - PasswordDBLookup (); - - void lookupInfoOnUID (uid_t uid); - const string& getDirectory () {return mDirectory;} - const string& getName () {return mName;} -}; - -class DLDbListCFPref -{ -public: - DLDbListCFPref(SecPreferencesDomain domain = kSecPreferencesDomainUser); - ~DLDbListCFPref(); - - void set(SecPreferencesDomain domain); - - void save(); - vector& list() { return mSearchList; } - - static DLDbIdentifier cfDictionaryRefToDLDbIdentifier(CFDictionaryRef theDict); - static CFDictionaryRef dlDbIdentifierToCFDictionaryRef(const DLDbIdentifier& dldbIdentifier); - bool revert(bool force); - - void add(const DLDbIdentifier &); - void remove(const DLDbIdentifier &); - const vector &searchList(); - void searchList(const vector &); - void defaultDLDbIdentifier(const DLDbIdentifier &); - const DLDbIdentifier &defaultDLDbIdentifier(); - void loginDLDbIdentifier(const DLDbIdentifier &); - const DLDbIdentifier &loginDLDbIdentifier(); - - DLDbIdentifier LoginDLDbIdentifier(); - DLDbIdentifier JaguarLoginDLDbIdentifier(); - - static string ExpandTildesInPath(const string &inPath); - static string StripPathStuff(const string &inPath); - static string AbbreviatedPath(const string &inPath); - -protected: - SecPreferencesDomain mDomain; - bool hasChanged() const { return mChanged; } - void changed(bool hasChanged) { mChanged = hasChanged; } - - enum PwInfoType - { - kHomeDir, - kUsername - }; - - static PasswordDBLookup *mPdbLookup; - static string getPwInfo(PwInfoType type); - static void clearPWInfo (); - - void resetCachedValues(); - bool loadPropertyList(bool force); - void writePropertyList(); - - -private: - CFAbsoluteTime mPrefsTimeStamp; - struct timespec mTimespec; - CFMutableDictionaryRef mPropertyList; - - string mPrefsPath, mHomeDir, mUserName; - vector mSearchList; - DLDbIdentifier mDefaultDLDbIdentifier; - DLDbIdentifier mLoginDLDbIdentifier; - bool mChanged, mSearchListSet, mDefaultDLDbIdentifierSet, mLoginDLDbIdentifierSet; -}; - -class CCFValue -{ -public: - template - T cfref() const { return reinterpret_cast(CFTypeRef(mRef)); } - - CCFValue() {} - CCFValue(CFTypeRef ref) : mRef(ref) {} - CCFValue &operator =(CFTypeRef ref) { mRef = ref; return *this; } - - CCFValue &operator = (bool value) - { - mRef = value?kCFBooleanTrue:kCFBooleanFalse; - return *this; - } - -/* - CCFValue &operator = (const string &value) { string(value); return *this; } - - void string(const string &value, CFStringEncoding encoding=kCFStringEncodingMacRoman) - { - mRef = CFStringCreate(); -CFStringRef CFStringCreateWithBytes(CFAllocatorRef alloc, const UInt8 *bytes, CFIndex numBytes, CFStringEncoding encoding, Boolean isExternalRepresentation); - if (!mRef) throw std::bad_alloc; - CFRelease(mRef); - } -*/ - - bool hasValue() const { return mRef; } - - operator bool() const - { - if (!mRef) return false; - if (::CFGetTypeID(mRef) != ::CFBooleanGetTypeID()) - throw std::logic_error("wrong type in property list"); - - return ::CFBooleanGetValue(cfref()); - } - - operator sint32() const - { - if (!mRef) return 0; - if (::CFGetTypeID(mRef) != ::CFNumberGetTypeID()) - throw std::logic_error("wrong type in property list"); - - sint32 val; - ::CFNumberGetValue(cfref(),kCFNumberSInt32Type,&val); - return val; - } - - operator uint32() const { return uint32(sint32(*this)); } - - operator const string() const { return getString(); } - - const string getString(CFStringEncoding encoding=kCFStringEncodingMacRoman) const - { - if (!mRef) - throw std::logic_error("missing string in property list"); - if (::CFGetTypeID(mRef) != ::CFStringGetTypeID()) - throw std::logic_error("wrong type in property list"); - - const char *tmpStr=::CFStringGetCStringPtr(cfref(),encoding); - if (tmpStr == NULL) - { - CFIndex maxLen = CFStringGetMaximumSizeForEncoding(CFStringGetLength(cfref()), encoding); - auto_array buffer(maxLen + 1); - - if (!::CFStringGetCString(cfref(),buffer.get(),maxLen + 1,encoding)) - throw std::logic_error("could not convert string from property list"); - - tmpStr=buffer.get(); - return string(tmpStr?tmpStr:""); - } - return string(tmpStr?tmpStr:""); - } -private: - CFCopyRefmRef; -}; - -} // end namespace Security - -#endif /* !_SECURITY_DLDBLISTCFPREF_H_ */ diff --git a/Keychain/ExecCLITool.cpp b/Keychain/ExecCLITool.cpp deleted file mode 100644 index b2e94ec5..00000000 --- a/Keychain/ExecCLITool.cpp +++ /dev/null @@ -1,313 +0,0 @@ - -#include -#include "ExecCLITool.h" -#include -#include - -#pragma mark -------------------- ExecCLITool implementation -------------------- - -ExecCLITool::ExecCLITool() : dataRead(NULL),dataLength(0),dataToWrite(NULL),dataToWriteLength(0) -{ - stdinpipe[0]=0, stdinpipe[1]=0; - stdoutpipe [0]=0, stdoutpipe [1]=0; -} - -ExecCLITool::~ExecCLITool() -{ - if (dataRead) - free(dataRead); - reset(); -} - -int ExecCLITool::run(const char *toolPath, const char *toolEnvVar, ...) -{ - try - { - reset(); - initialize(); - - // try to run the tool - switch (pid_t pid = fork()) - { - case 0: // child - { - VAArgList arglist; - va_list params; - va_start(params, toolEnvVar); - arglist.set(toolPath,params); - va_end(params); - child(toolPath,toolEnvVar,arglist); - } - break; - case -1: // error (in parent) - UnixError::throwMe(); - break; - default: // parent - parent(pid); - break; - } - } - catch (...) - { - closeAllPipes(); - return errno; - } - - closeAllPipes(); - return 0; -} - -void ExecCLITool::reset() -{ - closeAllPipes(); -#if 0 - if (dataToWrite) - { - free(dataToWrite); - dataToWrite = NULL; - } - dataToWriteLength = 0; -#endif -} - -void ExecCLITool::input(const char *data,unsigned int length) -{ - if (dataToWrite) - { - ::free(dataToWrite); - dataToWrite = NULL; - } - dataToWriteLength=length; - if (!data) - return; - - dataToWrite=reinterpret_cast(malloc(length)); - ::memmove(dataToWrite, data, dataToWriteLength); -} - -void ExecCLITool::input(CFStringRef theString, bool appendNULL) -{ - // Used mainly for preserving UTF-8 passwords - // hdiutil et al require the NULL to be sent as part of the password string from STDIN - Boolean isExternalRepresentation = false; - CFStringEncoding encoding = kCFStringEncodingUTF8; - CFIndex usedBufLen = 0; - UInt8 lossByte = 0; - - if (!theString) - MacOSError::throwMe(paramErr); - - CFRange stringRange = CFRangeMake(0,CFStringGetLength(theString)); - // Call once first just to get length - CFIndex length = CFStringGetBytes(theString, stringRange, encoding, lossByte, - isExternalRepresentation, NULL, 0, &usedBufLen); - - if (dataToWrite) - ::free(dataToWrite); - dataToWriteLength=usedBufLen; - if (appendNULL) - { - dataToWriteLength++; - dataToWriteLength++; -} - - dataToWrite=reinterpret_cast(malloc(dataToWriteLength)); - length = CFStringGetBytes(theString, stringRange, encoding, lossByte, isExternalRepresentation, - reinterpret_cast(dataToWrite), dataToWriteLength, &usedBufLen); - - if (appendNULL) - { - dataToWrite[dataToWriteLength-1]=0; - dataToWrite[dataToWriteLength]='\n'; - } -} - -void ExecCLITool::initialize() -{ - dataLength = 0; // ignore any previous output on new run - - if (!dataRead) // Allocate buffer for child's STDOUT return - { - dataRead = (char *)malloc(256); - if (!dataRead) - UnixError::throwMe(); - } - - // Create pipe to catch tool output - if (pipe(stdoutpipe)) // for reading data from child into parent - UnixError::throwMe(); - - if (pipe(stdinpipe)) // for writing data from parent to child - UnixError::throwMe(); -} - -void ExecCLITool::child(const char *toolPath, const char *toolEnvVar, VAArgList& arglist) -{ - // construct path to tool - try - { - char toolExecutable[PATH_MAX + 1]; - const char *path = toolEnvVar ? getenv(toolEnvVar) : NULL; - if (!path) - path = toolPath; - snprintf(toolExecutable, sizeof(toolExecutable), "%s", toolPath); - - close(stdoutpipe[0]); // parent read - close(STDOUT_FILENO); - if (dup2(stdoutpipe[1], STDOUT_FILENO) < 0) - UnixError::throwMe(); - close(stdoutpipe[1]); - - close(stdinpipe[1]); // parent write - close(STDIN_FILENO); - if (dup2(stdinpipe[0], STDIN_FILENO) < 0) - UnixError::throwMe(); - close(stdinpipe[0]); - - // std::cerr << "execl(\"" << toolExecutable << "\")" << std::endl; - execv(toolPath, const_cast(arglist.get())); - // std::cerr << "execl of " << toolExecutable << " failed, errno=" << errno << std::endl; - } - catch (...) - { - int err = errno; -// closeAllPipes(); - _exit(err); - } - - // Unconditional suicide follows. - _exit(1); -} - -void ExecCLITool::parent(pid_t pid) -{ - static const int timeout = 300; - static const bool dontNeedToWait = false; - - close(stdinpipe[0]); // child read - close(stdoutpipe[1]); // child write - - parentWriteInput(); - - parentReadOutput(); - - struct timespec rqtp = {0,}; - rqtp.tv_nsec = 100000000; // 10^8 nanoseconds = 1/10th of a second - for (int nn = timeout; nn > 0; nanosleep(&rqtp, NULL), nn--) - { - if (dontNeedToWait) - break; - int status; - switch (waitpid(pid, &status, WNOHANG)) - { - case 0: // child still running - break; - case -1: // error - switch (errno) - { - case EINTR: - case EAGAIN: // transient - continue; - case ECHILD: // no such child (dead; already reaped elsewhere) - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - default: - UnixError::throwMe(); - } - default: - // std::cerr << "waitpid succeeded, pid=" << rc << std::endl; - return; - } - } -} - -void ExecCLITool::parentReadOutput() -{ - // parent - resulting blob comes in on stdoutpipe[0] - unsigned int totalRead = 0; - char buffer[kReadBufSize]; - - for (;;) - { - int thisRead = read(stdoutpipe[0], buffer, kReadBufSize); - if (thisRead < 0) - { - if (errno==EINTR) // try some more - continue; -// std::cerr << "abnormal read end:" << errno << std::endl; - break; - } - if (thisRead == 0) // normal termination - { - dataLength = totalRead; -// std::cerr << "Normal read end" << std::endl; - break; - } - - // Resize dataRead if necessary - if (kReadBufSize < (totalRead + (unsigned int)thisRead)) - { - uint32 newLen = dataLength + kReadBufSize; - dataRead = (char *)realloc(dataRead, newLen); - dataLength = newLen; - } - - // Append the data to dataRead - memmove(dataRead + totalRead, buffer, thisRead); - totalRead += thisRead; - } - close(stdoutpipe[0]); - -} - -void ExecCLITool::parentWriteInput() -{ - if (dataToWriteLength>0) - { - int bytesWritten = write(stdinpipe[1],dataToWrite,dataToWriteLength); - if (bytesWritten < 0) - UnixError::throwMe(); - } - close(stdinpipe[1]); -} - -void ExecCLITool::closeAllPipes() -{ - for (int ix=0;ix<2;ix++) - if (stdoutpipe[ix]) - { - close(stdoutpipe[ix]); - stdoutpipe[ix]=0; - } - - for (int ix=0;ix<2;ix++) - if (stdinpipe[ix]) - { - close(stdinpipe[ix]); - stdinpipe[ix]=0; - } -} - -#pragma mark -------------------- VAArgList implementation -------------------- - -int VAArgList::set(const char *path,va_list params) -{ - va_list params2; - va_copy(params2, params); - - // Count up the number of arguments - int nn = 1; - while (va_arg(params,const char *) != NULL) - nn++; - argn = nn; - argv = (ArgvArgPtr *)malloc((nn + 1) * sizeof(*argv)); - if (argv == NULL) - return 0; - - nn = 1; - argv[0]=path; - while ((argv[nn]=va_arg(params2,const char *)) != NULL) - nn++; - mSet = true; - return 0; -} - diff --git a/Keychain/ExecCLITool.h b/Keychain/ExecCLITool.h deleted file mode 100644 index 4bf91fe8..00000000 --- a/Keychain/ExecCLITool.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifndef _H_EXECCLITOOL -#define _H_EXECCLITOOL - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -class VAArgList -{ -public: - VAArgList() {}; - ~VAArgList() { if (argv) free(argv); } - - typedef const char * ArgvArgPtr; - - int VAArgList::set(const char *path,va_list params); - - const char* const*get() { return argv; } - - int size() { return argn; } - -private: - ArgvArgPtr *argv; // array for list of pointers - int argn; // count of elements in argv - bool mSet; // params have been passed in -}; - -class ExecCLITool -{ -public: - ExecCLITool(); - ~ExecCLITool(); - - int run(const char *toolPath, const char *toolEnvVar, ...); - void input(const char *data,unsigned int length); - void input(CFStringRef theString, bool appendNULL=false); - const char * data() const { return dataRead; } - unsigned int length() const { return dataLength; } - -protected: - - void child(const char *toolPath, const char *toolEnvVar, VAArgList& arglist); - void parent(pid_t pid); - void parentReadOutput(); - void parentWriteInput(); - void closeAllPipes(); - void initialize(); - void reset(); - - int stdoutpipe[2]; // for reading data from child into parent (child uses stdout) - int stdinpipe [2]; // for writing data from parent to child (child uses stdin) - - char *dataRead; - unsigned int dataLength; - - char *dataToWrite; - unsigned int dataToWriteLength; - - static const unsigned int kReadBufSize = 1024; - -}; - - -#endif //_H_EXECCLITOOL - - diff --git a/Keychain/FileVaultSPI.cpp b/Keychain/FileVaultSPI.cpp deleted file mode 100644 index 34329b5c..00000000 --- a/Keychain/FileVaultSPI.cpp +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ -/* - * FileVaultSPI.cpp - * Security - * - * Created by john on Wed Jul 09 2003. - * Copyright (c) 2003 Apple. All rights reserved. - * - */ - -#include "FileVaultSPI.h" -#include "SFFileVault.h" -#include -#include - -#pragma mark -------------------- SecFileVault implementation -------------------- - -OSStatus SecFileVaultCreate (CFStringRef password, bool enableMasterPassword, CFURLRef dmgout, CFStringRef volumeName, - CFStringRef sizeSpec) -{ - // Note that we do not need the master keychain password, since we can encrypt the - // image key with the public key. - BEGIN_SECAPI - - SFFileVault sffv; - CFURLRef certificate = NULL; - if (enableMasterPassword) - sffv.getCertificate(&certificate); - - sffv.create(password, certificate, dmgout, volumeName, sizeSpec); - if (certificate) //@@@ leak if error thrown - CFRelease(certificate); - - END_SECAPI -} - -OSStatus SecFileVaultUserMount (CFStringRef password, CFURLRef dmgin, CFURLRef mountpoint, CFStringRef *devicepath) -{ - BEGIN_SECAPI - - SFFileVault sffv; - sffv.mount(password, NULL, dmgin, mountpoint, devicepath); - - END_SECAPI -} - -OSStatus SecFileVaultMasterMount(CFURLRef dmgin, CFURLRef mountpoint, CFStringRef *devicepath) -{ - BEGIN_SECAPI - - SFFileVault sffv; - sffv.mastermount(dmgin,mountpoint,devicepath); - - END_SECAPI -} - -OSStatus SecFileVaultUnmount(CFURLRef mountpoint, CFStringRef devicepath) -{ - BEGIN_SECAPI - - SFFileVault sffv; - sffv.unmount(mountpoint,devicepath); - - END_SECAPI -} - -OSStatus SecFileVaultUserChangePassword(CFStringRef password, CFStringRef devicepath) -{ - BEGIN_SECAPI - - SFFileVault fv; - fv.userChangePassword(password, devicepath); - - END_SECAPI -} - -OSStatus SecFileVaultMakeMasterPassword(CFStringRef masterPasswordPassword) -{ - BEGIN_SECAPI - - SFFileVault fv; - SecKeychainRef keychainRef; - fv.makeMasterPassword(masterPasswordPassword,&keychainRef); - - END_SECAPI -} - -Boolean SecFileVaultMasterPasswordEnabled(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - SFFileVault fv; - return fv.masterPasswordEnabled(keychainRef); - - END_SECAPI1(false) -} - -OSStatus SecFileVaultChangeMasterPasswordPassword(CFStringRef oldPassword,CFStringRef newPassword) -{ - BEGIN_SECAPI - - SFFileVault fv; - fv.changeMasterPasswordPassword(oldPassword,newPassword); - - END_SECAPI -} - -#pragma mark -------------------- SecFileVault extended implementation -------------------- - -OSStatus SecFileVaultMount(CFStringRef password, CFURLRef certificate, CFURLRef dmgin, CFURLRef mountpoint, - CFStringRef *devicepath) -{ - BEGIN_SECAPI - - SFFileVault sffv; - sffv.mount(password, certificate, dmgin, mountpoint, devicepath); - - END_SECAPI -} - - -OSStatus SecFileVaultCreateUsingCertificate (CFStringRef password, CFURLRef certificate, CFURLRef dmgout, CFStringRef volumeName, - CFStringRef sizeSpec) -{ - BEGIN_SECAPI - - SFFileVault sffv; - sffv.create(password, certificate, dmgout, volumeName, sizeSpec); - - END_SECAPI -} - - diff --git a/Keychain/FileVaultSPI.h b/Keychain/FileVaultSPI.h deleted file mode 100644 index bd50492b..00000000 --- a/Keychain/FileVaultSPI.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header FileVaultSPI - The functions provided in FileVaultSPI implement code for Loginwindow to use when mounting - FileVault home directories. Functions are also provided to allow recovery of an image with - a recovery key pair (Master "Password") -*/ - -#ifndef _SECURITY_FILEVAULTSPI_H_ -#define _SECURITY_FILEVAULTSPI_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -#pragma mark -------------------- SecFileVault functions -------------------- - -/*! - @function SecFileVaultCreate - @abstract Creates a FileVault disk image. If you want to enable a recovery key and already have a certificate to use, you can call SecFileVaultCreateUsingCertificate. - @param password The password for the image. This should be the same as the user's login password. - @param enableMasterPassword If set, the first identity in the special keychain will be used as the master key for the disk image. - @param dmgout The file name and path for the FileVault disk image. - @param volumeName The volume name for the mounted FileVault disk image (e.g. MYVOL). - @param sizeSpec The size of the resulting FileVault disk image. See man hdiutil (e.g. CFSTR("20g")). - @result A result code. See "Security Error Codes" (SecBase.h). -*/ - -OSStatus SecFileVaultCreate (CFStringRef password, bool enableMasterPassword, CFURLRef dmgout, CFStringRef volumeName, - CFStringRef sizeSpec); - -/*! - @function SecFileVaultMount - @abstract Used when logging in to mount a FileVault disk image. - @param password The password for the image. This will be the same as the user's login password. - @param enableMasterPassword If set, the first identity in the special keychain will be used as the master key for the disk image. - @param dmgout The file name for the FileVault disk image. This will be the same as was specified with SecFileVaultCreate. - @param mountpoint The mountpoint for the mounted FileVault disk image. This will be passed to "hdiutil mount" as the mountpoint parameter - @param devicepath The devicepath for the mounted FileVault disk image. Caller is responsible for freeing this string - @result A result code. See "Security Error Codes" (SecBase.h). -*/ - -OSStatus SecFileVaultUserMount (CFStringRef password, CFURLRef dmgin, CFURLRef mountpoint,CFStringRef *devicepath); - -/*! - @function SecFileVaultMasterMount - @abstract To change the password for a FileVault disk image, the image must be mounted. After calling this, you can call SecFileVaultUserChangePassword to change the user's password. This is the same as SecFileVaultMount, except that the master key identity will be used to unlock the image. - @param dmgin The file name for the FileVault disk image. - @param mountpoint The mountpoint for the mounted FileVault disk image. This will be passed to "hdiutil mount" as the mountpoint parameter - @param devicepath The devicepath for the mounted FileVault disk image. Caller is responsible for freeing this string - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecFileVaultMasterMount(CFURLRef dmgin, CFURLRef mountpoint,CFStringRef *devicepath); - -/*! - @function SecFileVaultUnmount - @abstract Unmount a FileVault disk image. This will be called on logout. This is the inverse operation to SecFileVaultMount or SecFileVaultMasterMount. Essentially "hdiutil unmount -force ", followed by "hdiutil detach ". - @param mountpoint The mountpoint for the mounted FileVault disk image. - @param devicepath The devicepath for the mounted FileVault disk image. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecFileVaultUnmount(CFURLRef mountpoint,CFStringRef devicepath); - -/*! - @function SecFileVaultUserChangePassword - @abstract Change the user password for a FileVault disk image to that given as the parameter. This should be called when changing the user's account password info, or when resetting a user's forgotten password with . The image must have already been mounted with either SecFileVaultMount or SecFileVaultMasterMount. - @param mountpoint The mountpoint for the mounted FileVault disk image. - @param devicepath The devicepath for the mounted FileVault disk image. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecFileVaultUserChangePassword(CFStringRef password, CFStringRef devicepath); - -/*! - @function SecFileVaultMakeMasterPassword - @abstract This will create a special keychain in a special location if necessary and will generate a self-signed public/private key pair. This is what to call if the user pushes an "Enable Master Password" button (irrevocable). - @param masterPasswordPassword The password to use for the special keychain that will contain the key pair. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecFileVaultMakeMasterPassword(CFStringRef masterPasswordPassword); - -/*! - @function SecFileVaultMasterPasswordEnabled - @abstract This will return "true" if FileVault Master recovery keychain exists, and false if not. Note that this a machine-wide setting. - @param keychainRef Returns a reference to the keychain, which you must release. Pass in NULL if you do not need a reference to the keychain - @result "true" or "false". -*/ -Boolean SecFileVaultMasterPasswordEnabled(SecKeychainRef *keychainRef); - -/*! - @function SecFileVaultChangeMasterPasswordPassword - @abstract This will change the keychain password for the special Master Password keychain. This has the same effect as changing the password for this keychain with Keychain Access. - @param oldPassword The current password for the special Master Password keychain containing the recovery key pair. - @param newPassword The new password for the special Master Password keychain containing the recovery key pair. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecFileVaultChangeMasterPasswordPassword(CFStringRef oldPassword,CFStringRef newPassword); - -#pragma mark -------------------- SecFileVault extended functions -------------------- - -/*! - @function SecFileVaultMount - @abstract Used when logging in to mount a FileVault disk image. - @param password The password for the image. This will be the same as the user's login password. - @param certificate A certificate file in DER encoding (.cer extension). - @param dmgout The file name for the FileVault disk image. This will be the same as was specified with SecFileVaultCreate. - @param mountpoint The mountpoint for the mounted FileVault disk image. This will be passed to "hdiutil mount" as the mountpoint parameter - @param devicepath The devicepath for the mounted FileVault disk image. Caller is responsible for freeing this string - @result A result code. See "Security Error Codes" (SecBase.h). -*/ - -OSStatus SecFileVaultMount (CFStringRef password, CFURLRef certificate, CFURLRef dmgin, CFURLRef mountpoint, - CFStringRef *devicepath); - -/*! - @function SecFileVaultCreateUsingCertificate - @abstract Creates a FileVault disk image. - @param password The password for the image. This should be the same as the user's login password. - @param certificate A certificate file in DER encoding (.cer extension). - @param dmgout The file name and path for the FileVault disk image. - @param volumeName The volume name for the mounted FileVault disk image (e.g. MYVOL). - @param sizeSpec The size of the resulting FileVault disk image. See man hdiutil (e.g. CFSTR("20g")). - @result A result code. See "Security Error Codes" (SecBase.h). -*/ - -OSStatus SecFileVaultCreateUsingCertificate (CFStringRef password, CFURLRef certificate, CFURLRef dmgout, - CFStringRef volumeName, CFStringRef sizeSpec); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_FILEVAULTSPI_H_ */ diff --git a/Keychain/Globals.cpp b/Keychain/Globals.cpp deleted file mode 100644 index ff89e0b7..00000000 --- a/Keychain/Globals.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: Globals.cpp - - Contains: Private "globals" and interfaces for KeychainCore - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: - - Notes: Many functions moved from CKeychainMgr.h -*/ - -#include "Globals.h" -#include "KCExceptions.h" - - -using namespace KeychainCore; -using namespace CssmClient; - -ModuleNexus KeychainCore::globals; - -#pragma mark ÑÑÑÑ Constructor/Destructor ÑÑÑÑ - -Globals::Globals() : -apiLock(Mutex::recursive), -mUI(true) -{ -} - -const AccessCredentials * Globals::credentials() -{ - return (mUI ? mACLFactory.promptCred() : mACLFactory.nullCred()); -} diff --git a/Keychain/Globals.h b/Keychain/Globals.h deleted file mode 100644 index a094dcea..00000000 --- a/Keychain/Globals.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// DefaultKeychain.h - Private "globals" and interfaces for KeychainCore -// -#ifndef _SECURITY_GLOBALS_H_ -#define _SECURITY_GLOBALS_H_ - -#ifdef check -#undef check -#endif -#include -#include - - -namespace Security -{ - -namespace KeychainCore -{ - -class Globals -{ -public: - Globals(); - const AccessCredentials *credentials(); - void setUserInteractionAllowed(bool bUI) { mUI=bUI; } - bool getUserInteractionAllowed() const { return mUI; } - - // Public globals - StorageManager storageManager; - //DefaultKeychain defaultKeychain; - Mutex apiLock; -private: - - // Other "globals" - bool mUI; - CssmClient::AclFactory mACLFactory; -}; - -extern ModuleNexus globals; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_GLOBALS_H_ diff --git a/Keychain/Identity.cpp b/Keychain/Identity.cpp deleted file mode 100644 index 46d6d9ba..00000000 --- a/Keychain/Identity.cpp +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Identity.cpp - Working with Identities -// -#include - -#include -#include - -using namespace KeychainCore; - -Identity::Identity(const SecPointer &privateKey, - const SecPointer &certificate) : - mPrivateKey(privateKey), - mCertificate(certificate) -{ -} - -Identity::Identity(const StorageManager::KeychainList &keychains, const SecPointer &certificate) : - mCertificate(certificate) -{ - // Find a key whose label matches the publicKeyHash of the public key in the certificate. - KCCursor keyCursor(keychains, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL); - keyCursor->add(CSSM_DB_EQUAL, KeySchema::Label, certificate->publicKeyHash()); - - Item key; - if (!keyCursor->next(key)) - MacOSError::throwMe(errSecItemNotFound); - - SecPointer keyItem(static_cast(&*key)); - mPrivateKey = keyItem; -} - -Identity::~Identity() throw() -{ -} - -SecPointer -Identity::privateKey() const -{ - return mPrivateKey; -} - -SecPointer -Identity::certificate() const -{ - return mCertificate; -} diff --git a/Keychain/Identity.h b/Keychain/Identity.h deleted file mode 100644 index 107b6547..00000000 --- a/Keychain/Identity.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Identity.h - Working with Identities -// -#ifndef _SECURITY_IDENTITY_H_ -#define _SECURITY_IDENTITY_H_ - -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class Identity : public SecCFObject -{ - NOCOPY(Identity) -public: - SECCFFUNCTIONS(Identity, SecIdentityRef, errSecInvalidItemRef) - - Identity(const SecPointer &privateKey, - const SecPointer &certificate); - Identity(const StorageManager::KeychainList &keychains, const SecPointer &certificate); - virtual ~Identity() throw(); - - SecPointer privateKey() const; - SecPointer certificate() const; - -private: - SecPointer mPrivateKey; - SecPointer mCertificate; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_IDENTITY_H_ diff --git a/Keychain/IdentityCursor.cpp b/Keychain/IdentityCursor.cpp deleted file mode 100644 index 92907dad..00000000 --- a/Keychain/IdentityCursor.cpp +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: IdentityCursor.cpp - - Contains: Working with IdentityCursor - - Copyright: 2002 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#include -#include -#include -#include -#include -#include - -// From AppleCSPDL -#include - -using namespace KeychainCore; - -IdentityCursor::IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage) : - mSearchList(searchList), - mKeyCursor(mSearchList, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL) -{ - // If keyUsage is CSSM_KEYUSE_ANY then we need a key that can do everything - if (keyUsage & CSSM_KEYUSE_ANY) - keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT - | CSSM_KEYUSE_DERIVE | CSSM_KEYUSE_SIGN - | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_SIGN_RECOVER - | CSSM_KEYUSE_VERIFY_RECOVER | CSSM_KEYUSE_WRAP - | CSSM_KEYUSE_UNWRAP; - - if (keyUsage & CSSM_KEYUSE_ENCRYPT) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Encrypt, true); - if (keyUsage & CSSM_KEYUSE_DECRYPT) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Decrypt, true); - if (keyUsage & CSSM_KEYUSE_DERIVE) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Derive, true); - if (keyUsage & CSSM_KEYUSE_SIGN) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Sign, true); - if (keyUsage & CSSM_KEYUSE_VERIFY) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Verify, true); - if (keyUsage & CSSM_KEYUSE_SIGN_RECOVER) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::SignRecover, true); - if (keyUsage & CSSM_KEYUSE_VERIFY_RECOVER) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::VerifyRecover, true); - if (keyUsage & CSSM_KEYUSE_WRAP) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Wrap, true); - if (keyUsage & CSSM_KEYUSE_UNWRAP) - mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Unwrap, true); -} - -IdentityCursor::~IdentityCursor() throw() -{ -} - -bool -IdentityCursor::next(SecPointer &identity) -{ - for (;;) - { - if (!mCertificateCursor) - { - Item key; - if (!mKeyCursor->next(key)) - return false; - - mCurrentKey = static_cast(key.get()); - - CssmClient::DbUniqueRecord uniqueId = mCurrentKey->dbUniqueRecord(); - CssmClient::DbAttributes dbAttributes(uniqueId->database(), 1); - dbAttributes.add(KeySchema::Label); - uniqueId->get(&dbAttributes, NULL); - const CssmData &keyHash = dbAttributes[0]; - - mCertificateCursor = KCCursor(mSearchList, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); - mCertificateCursor->add(CSSM_DB_EQUAL, Schema::kX509CertificatePublicKeyHash, keyHash); - } - - Item cert; - if (mCertificateCursor->next(cert)) - { - SecPointer certificate(static_cast(cert.get())); - identity = new Identity(mCurrentKey, certificate); - return true; - } - else - mCertificateCursor = KCCursor(); - } -} diff --git a/Keychain/IdentityCursor.h b/Keychain/IdentityCursor.h deleted file mode 100644 index baee33ef..00000000 --- a/Keychain/IdentityCursor.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// IdentityCursor.h - Working with IdentityCursors -// -#ifndef _SECURITY_IDENTITYCURSOR_H_ -#define _SECURITY_IDENTITYCURSOR_H_ - -#include -#include -#include -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class Identity; -class KeyItem; - -class IdentityCursor : public SecCFObject -{ - NOCOPY(IdentityCursor) -public: - SECCFFUNCTIONS(IdentityCursor, SecIdentitySearchRef, errSecInvalidSearchRef) - - IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage); - virtual ~IdentityCursor() throw(); - bool next(SecPointer &identity); - -private: - StorageManager::KeychainList mSearchList; - KCCursor mKeyCursor; - KCCursor mCertificateCursor; - SecPointer mCurrentKey; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_IDENTITYCURSOR_H_ diff --git a/Keychain/Item.cpp b/Keychain/Item.cpp deleted file mode 100644 index a8c89692..00000000 --- a/Keychain/Item.cpp +++ /dev/null @@ -1,1111 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Item.cpp -// - -#include "Item.h" - -#include "Certificate.h" -#include "KeyItem.h" - -#include "Globals.h" -#include "Schema.h" -#include "KCEventNotifier.h" -#include "cssmdatetime.h" -#include -#include -#include -#include - -#define SENDACCESSNOTIFICATIONS 1 - -using namespace KeychainCore; -using namespace CSSMDateTimeUtils; - -// -// ItemImpl -// - -// NewItemImpl constructor -ItemImpl::ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data) -: mDbAttributes(new DbAttributes()) -{ - if (length && data) - mData.reset(new CssmDataContainer(data, length)); - - mDbAttributes->recordType(Schema::recordTypeFor(itemClass)); - - if (itemCreator) - mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator); -} - -ItemImpl::ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data) -: mDbAttributes(new DbAttributes()) -{ - if (length && data) - mData.reset(new CssmDataContainer(data, length)); - - - mDbAttributes->recordType(Schema::recordTypeFor(itemClass)); - - if(attrList) - { - for(UInt32 i=0; i < attrList->count; i++) - { - mDbAttributes->add(Schema::attributeInfo(attrList->attr[i].tag), CssmData(attrList->attr[i].data, attrList->attr[i].length)); - } - } -} - -// DbItemImpl constructor -ItemImpl::ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const DbUniqueRecord &uniqueId) -: mUniqueId(uniqueId), mKeychain(keychain), mPrimaryKey(primaryKey) -{ - mKeychain->addItem(mPrimaryKey, this); -} - -// PrimaryKey ItemImpl constructor -ItemImpl::ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey) -: mKeychain(keychain), mPrimaryKey(primaryKey) -{ - mKeychain->addItem(mPrimaryKey, this); -} - -// Constructor used when copying an item to a keychain. - -ItemImpl::ItemImpl(ItemImpl &item) : - mData(item.modifiedData() ? NULL : new CssmDataContainer()), - mDbAttributes(new DbAttributes()) -{ - mDbAttributes->recordType(item.recordType()); - CSSM_DB_RECORD_ATTRIBUTE_INFO *schemaAttributes = NULL; - - if (item.mKeychain) { - // get the entire source item from its keychain. This requires figuring - // out the schema for the item based on its record type. - - for (uint32 i = 0; i < Schema::DBInfo.NumberOfRecordTypes; i++) - if (item.recordType() == Schema::DBInfo.RecordAttributeNames[i].DataRecordType) { - schemaAttributes = &Schema::DBInfo.RecordAttributeNames[i]; - break; - } - - if (schemaAttributes == NULL) - // the source item is invalid - MacOSError::throwMe(errSecInvalidItemRef); - - for (uint32 i = 0; i < schemaAttributes->NumberOfAttributes; i++) - mDbAttributes->add(schemaAttributes->AttributeInfo[i]); - - item.getContent(mDbAttributes.get(), mData.get()); - } - - // @@@ We don't deal with modified attributes. - - if (item.modifiedData()) - // the copied data comes from the source item - mData.reset(new CssmDataContainer(item.modifiedData()->Data, - item.modifiedData()->Length)); -} - -ItemImpl::~ItemImpl() throw() -{ - if (mKeychain && *mPrimaryKey) - mKeychain->removeItem(*mPrimaryKey, this); -} - -void -ItemImpl::didModify() -{ - mData.reset(NULL); - mDbAttributes.reset(NULL); -} - -const CSSM_DATA & -ItemImpl::defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info) -{ - static const uint32 zeroInt = 0; - static const double zeroDouble = 0.0; - static const char timeBytes[] = "20010101000000Z"; - - static const CSSM_DATA defaultFourBytes = { 4, (uint8 *) &zeroInt }; - static const CSSM_DATA defaultEightBytes = { 8, (uint8 *) &zeroDouble }; - static const CSSM_DATA defaultTime = { 16, (uint8 *) timeBytes }; - static const CSSM_DATA defaultZeroBytes = { 0, NULL }; - - switch (info.AttributeFormat) - { - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - return defaultFourBytes; - - case CSSM_DB_ATTRIBUTE_FORMAT_REAL: - return defaultEightBytes; - - case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE: - return defaultTime; - - default: - return defaultZeroBytes; - } -} - - - -PrimaryKey -ItemImpl::add(Keychain &keychain) -{ - // If we already have a Keychain we can't be added. - if (mKeychain) - MacOSError::throwMe(errSecDuplicateItem); - - // If we don't have any attributes we can't be added. - // (this might occur if attempting to add the item twice, since our attributes - // and data are set to NULL at the end of this function.) - if (!mDbAttributes.get()) - MacOSError::throwMe(errSecDuplicateItem); - - CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); - - // update the creation and update dates on the new item - KeychainSchema schema = keychain->keychainSchema(); - SInt64 date; - GetCurrentMacLongDateTime(date); - if (schema->hasAttribute(recordType, kSecCreationDateItemAttr)) - { - setAttribute(schema->attributeInfoFor(recordType, kSecCreationDateItemAttr), date); - } - - if (schema->hasAttribute(recordType, kSecModDateItemAttr)) - { - setAttribute(schema->attributeInfoFor(recordType, kSecModDateItemAttr), date); - } - - // If the label (PrintName) attribute isn't specified, set a default label. - if (!mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr))) - { - CssmDbAttributeData *label = NULL; - switch (recordType) - { - case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: - label = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr)); - break; - - case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: - case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: - label = mDbAttributes->find(Schema::attributeInfo(kSecServerItemAttr)); - // if AppleShare server name wasn't specified, try the server address - if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAddressItemAttr)); - break; - - default: - break; - } - // if all else fails, use the account name. - if (!label) - label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr)); - - if (label && label->size()) - setAttribute (Schema::attributeInfo(kSecLabelItemAttr), label->at(0)); - } - - // get the attributes that are part of the primary key - const CssmAutoDbRecordAttributeInfo &primaryKeyInfos = - keychain->primaryKeyInfosFor(recordType); - - // make sure each primary key element has a value in the item, otherwise - // the database will complain. we make a set of the provided attribute infos - // to avoid O(N^2) behavior. - - DbAttributes *attributes = mDbAttributes.get(); - typedef set InfoSet; - InfoSet infoSet; - - // make a set of all the attributes in the key - for (uint32 i = 0; i < attributes->size(); i++) - infoSet.insert(attributes->at(i).Info); - - for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { // check to make sure all required attributes are in the key - InfoSet::const_iterator it = infoSet.find(primaryKeyInfos.at(i)); - - if (it == infoSet.end()) { // not in the key? add the default - // we need to add a default value to the item attributes - attributes->add(primaryKeyInfos.at(i), defaultAttributeValue(primaryKeyInfos.at(i))); - } - } - - Db db(keychain->database()); - if (useSecureStorage(db)) - { - // Add the item to the secure storage db - SSDb ssDb(safe_cast(&(*db))); - - TrackingAllocator allocator(CssmAllocator::standard()); - - // hhs replaced with the new aclFactory class - AclFactory aclFactory; - const AccessCredentials *nullCred = aclFactory.nullCred(); - - SecPointer access = mAccess; - if (!access) { - // create default access controls for the new item - CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)); - string printName = data ? CssmData::overlay(data->Value[0]).toString() : "keychain item"; - access = new Access(printName); - - // special case for "iTools" password - allow anyone to decrypt the item - if (recordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD) - { - CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr)); - if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6)) - { - typedef vector > AclSet; - AclSet acls; - access->findAclsForRight(CSSM_ACL_AUTHORIZATION_DECRYPT, acls); - for (AclSet::const_iterator it = acls.begin(); it != acls.end(); it++) - (*it)->form(ACL::allowAllForm); - } - } - } - - // Create a new SSGroup with temporary access controls - Access::Maker maker; - ResourceControlContext prototype; - maker.initialOwner(prototype, nullCred); - SSGroup ssGroup(ssDb, &prototype); - - try - { - // Insert the record using the newly created group. - mUniqueId = ssDb->insert(recordType, mDbAttributes.get(), - mData.get(), ssGroup, maker.cred()); - } - catch(...) - { - ssGroup->deleteKey(nullCred); - throw; - } - - // now finalize the access controls on the group - access->setAccess(*ssGroup, maker); - mAccess = NULL; // use them and lose them - } - else - { - // add the item to the (regular) db - mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); - } - - mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); - mKeychain = keychain; - - // Forget our data and attributes. - mData.reset(NULL); - mDbAttributes.reset(NULL); - - return mPrimaryKey; -} - -Item -ItemImpl::copyTo(const Keychain &keychain, Access *newAccess) -{ - Item item(*this); - if (newAccess) - item->setAccess(newAccess); - else - { - /* Attempt to copy the access from the current item to the newly created one. */ - SSGroup myGroup = group(); - if (myGroup) - { - SecPointer access = new Access(*myGroup); - item->setAccess(access); - } - } - - keychain->add(item); - return item; -} - -void -ItemImpl::update() -{ - if (!mKeychain) - MacOSError::throwMe(errSecNoSuchKeychain); - - // Don't update if nothing changed. - if (!isModified()) - return; - - CSSM_DB_RECORDTYPE aRecordType = recordType(); - KeychainSchema schema = mKeychain->keychainSchema(); - - // Update the modification date on the item if there is a mod date attribute. - if (schema->hasAttribute(aRecordType, kSecModDateItemAttr)) - { - SInt64 date; - GetCurrentMacLongDateTime(date); - setAttribute(schema->attributeInfoFor(aRecordType, kSecModDateItemAttr), date); - } - - // Make sure that we have mUniqueId - dbUniqueRecord(); - Db db(mUniqueId->database()); - if (useSecureStorage(db)) - { - // Add the item to the secure storage db - SSDbUniqueRecord ssUniqueId(safe_cast - (&(*mUniqueId))); - - // @@@ Share this instance - const AccessCredentials *autoPrompt = globals().credentials(); - - - // Only call this is user interaction is enabled. - ssUniqueId->modify(aRecordType, - mDbAttributes.get(), - mData.get(), - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE, - autoPrompt); - } - else - { - mUniqueId->modify(aRecordType, - mDbAttributes.get(), - mData.get(), - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - } - - PrimaryKey oldPK = mPrimaryKey; - mPrimaryKey = mKeychain->makePrimaryKey(aRecordType, mUniqueId); - - // Forget our data and attributes. - mData.reset(NULL); - mDbAttributes.reset(NULL); - - // Let the Keychain update what it needs to. - mKeychain->didUpdate(this, oldPK, mPrimaryKey); -} - -void -ItemImpl::getClass(SecKeychainAttribute &attr, UInt32 *actualLength) -{ - if (actualLength) - *actualLength = sizeof(SecItemClass); - - if (attr.length < sizeof(SecItemClass)) - MacOSError::throwMe(errSecBufferTooSmall); - - SecItemClass aClass = Schema::itemClassFor(recordType()); - memcpy(attr.data, &aClass, sizeof(SecItemClass)); -} - -void -ItemImpl::setAttribute(SecKeychainAttribute& attr) -{ - setAttribute(Schema::attributeInfo(attr.tag), CssmData(attr.data, attr.length)); -} - -CSSM_DB_RECORDTYPE -ItemImpl::recordType() const -{ - if (mDbAttributes.get()) - return mDbAttributes->recordType(); - - return mPrimaryKey->recordType(); -} - -const DbAttributes * -ItemImpl::modifiedAttributes() const -{ - return mDbAttributes.get(); -} - -const CssmData * -ItemImpl::modifiedData() const -{ - return mData.get(); -} - -void -ItemImpl::setData(UInt32 length,const void *data) -{ - mData.reset(new CssmDataContainer(data, length)); -} - -void -ItemImpl::setAccess(Access *newAccess) -{ - mAccess = newAccess; -} - -CssmClient::DbUniqueRecord -ItemImpl::dbUniqueRecord() -{ - if (!isPersistant()) // is there no database attached? - { - MacOSError::throwMe(errSecNotAvailable); - } - - if (!mUniqueId) - { - DbCursor cursor(mPrimaryKey->createCursor(mKeychain)); - if (!cursor->next(NULL, NULL, mUniqueId)) - MacOSError::throwMe(errSecInvalidItemRef); - } - - return mUniqueId; -} - -PrimaryKey -ItemImpl::primaryKey() const -{ - return mPrimaryKey; -} - -bool -ItemImpl::isPersistant() const -{ - return mKeychain; -} - -bool -ItemImpl::isModified() const -{ - return mData.get() || mDbAttributes.get(); -} - -Keychain -ItemImpl::keychain() const -{ - return mKeychain; -} - -bool -ItemImpl::operator <(const ItemImpl &other) const -{ - - if (*mData) - { - // Pointer compare - return this < &other; - } - - // XXX Deal with not having a mPrimaryKey - return *mPrimaryKey < *(other.mPrimaryKey); - -} - -void -ItemImpl::setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data) -{ - if (!mDbAttributes.get()) - { - mDbAttributes.reset(new DbAttributes()); - mDbAttributes->recordType(mPrimaryKey->recordType()); - } - - uint32 length = data.Length; - const void *buf = reinterpret_cast(data.Data); - uint8 timeString[16]; - - // XXX This code is duplicated in KCCursorImpl::KCCursorImpl() - // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE - // style attribute value. - if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE) - { - if (length == sizeof(UInt32)) - { - MacSecondsToTimeString(*reinterpret_cast(buf), 16, &timeString); - buf = &timeString; - length = 16; - } - else if (length == sizeof(SInt64)) - { - MacLongDateTimeToTimeString(*reinterpret_cast(buf), 16, &timeString); - buf = &timeString; - length = 16; - } - } - - mDbAttributes->add(info, CssmData(const_cast(buf), length)); -} - -void -ItemImpl::modifyContent(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData) -{ - if (!mDbAttributes.get()) - { - mDbAttributes.reset(new DbAttributes()); - mDbAttributes->recordType(mPrimaryKey->recordType()); - } - - if(attrList) // optional - { - for(UInt32 ix=0; ix < attrList->count; ix++) - { - mDbAttributes->add(Schema::attributeInfo(attrList->attr[ix].tag), CssmData(attrList->attr[ix].data, attrList->attr[ix].length)); - } - } - - if(inData) - { - mData.reset(new CssmDataContainer(inData, dataLength)); - } - - update(); -} - -void -ItemImpl::getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) -{ - - // If the data hasn't been set we can't return it. - if (!mKeychain && outData) - { - CssmData *data = mData.get(); - if (!data) - MacOSError::throwMe(errSecDataNotAvailable); - } - // TODO: need to check and make sure attrs are valid and handle error condition - - - if(itemClass) - *itemClass = Schema::itemClassFor(recordType()); - - bool getDataFromDatabase = mKeychain && mPrimaryKey; - - if (getDataFromDatabase) // are we attached to a database? - - { - dbUniqueRecord(); - } - - // get the number of attributes requested by the caller - UInt32 attrCount = attrList ? attrList->count : 0; - - if (getDataFromDatabase) - { - // make a DBAttributes structure and populate it - DbAttributes dbAttributes(mUniqueId->database(), attrCount); - for (UInt32 ix = 0; ix < attrCount; ++ix) - { - dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag)); - } - - // request the data from the database (since we are a reference "item" and the data is really stored there) - CssmDataContainer itemData; - if (getDataFromDatabase) - { - getContent(&dbAttributes, outData ? &itemData : NULL); - } - - // retrieve the data from result - for (UInt32 ix = 0; ix < attrCount; ++ix) - { - if (dbAttributes.at(ix).NumberOfValues > 0) - { - attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data; - attrList->attr[ix].length = dbAttributes.at(ix).Value[0].Length; - - // We don't want the data released, it is up the client - dbAttributes.at(ix).Value[0].Data = NULL; - dbAttributes.at(ix).Value[0].Length = 0; - } - else - { - attrList->attr[ix].data = NULL; - attrList->attr[ix].length = 0; - } - } - - // clean up - if (outData) - { - *outData=itemData.data(); - itemData.Data=NULL; - - if (length) *length=itemData.length(); - itemData.Length=0; - } - } - else if (attrList != NULL) - { - getLocalContent (*attrList); - if (outData) *outData = NULL; - if (length) *length = 0; - } - - // inform anyone interested that we are doing this -#if SENDACCESSNOTIFICATIONS - if (outData) - { - secdebug("kcnotify", "ItemImpl::getContent(0x%x, 0x%x, 0x%x, 0x%x) retrieved content", - (unsigned int)itemClass, (unsigned int)attrList, (unsigned int)length, (unsigned int)outData); - - KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this); - } -#endif -} - -void -ItemImpl::freeContent(SecKeychainAttributeList *attrList, void *data) -{ - CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally - if (data) - allocator.free(data); - - UInt32 attrCount = attrList ? attrList->count : 0; - for (UInt32 ix = 0; ix < attrCount; ++ix) - { - allocator.free(attrList->attr[ix].data); - attrList->attr[ix].data = NULL; - } -} - -void -ItemImpl::modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData) -{ - if (!mKeychain) - MacOSError::throwMe(errSecNoSuchKeychain); - - if (!mDbAttributes.get()) - { - mDbAttributes.reset(new DbAttributes()); - mDbAttributes->recordType(mPrimaryKey->recordType()); - } - - CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); - UInt32 attrCount = attrList ? attrList->count : 0; - for (UInt32 ix = 0; ix < attrCount; ix++) - { - CssmDbAttributeInfo info=mKeychain->attributeInfoFor(recordType, attrList->attr[ix].tag); - - if (attrList->attr[ix].length || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BLOB - || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM - || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32) - mDbAttributes->add(info, CssmData(attrList->attr[ix].data, attrList->attr[ix].length)); - else - mDbAttributes->add(info); - } - - if(inData) - { - mData.reset(new CssmDataContainer(inData, dataLength)); - } - - update(); -} - -void -ItemImpl::getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData) -{ - // If the data hasn't been set we can't return it. - if (!mKeychain && outData) - { - CssmData *data = mData.get(); - if (!data) - MacOSError::throwMe(errSecDataNotAvailable); - } - // TODO: need to check and make sure attrs are valid and handle error condition - - - if(itemClass) - *itemClass = Schema::itemClassFor(recordType()); - - dbUniqueRecord(); - - UInt32 attrCount = info ? info->count : 0; - DbAttributes dbAttributes(mUniqueId->database(), attrCount); - for (UInt32 ix = 0; ix < attrCount; ix++) - { - CssmDbAttributeData &record = dbAttributes.add(); - record.Info.AttributeNameFormat=CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - record.Info.Label.AttributeID=info->tag[ix]; - } - - CssmDataContainer itemData; - getContent(&dbAttributes, outData ? &itemData : NULL); - - if(info && attrList) - { - SecKeychainAttributeList *theList=reinterpret_cast(malloc(sizeof(SecKeychainAttributeList))); - SecKeychainAttribute *attr=reinterpret_cast(malloc(sizeof(SecKeychainAttribute)*attrCount)); - theList->count=attrCount; - theList->attr=attr; - - for (UInt32 ix = 0; ix < attrCount; ++ix) - { - attr[ix].tag=info->tag[ix]; - - if (dbAttributes.at(ix).NumberOfValues > 0) - { - attr[ix].data = dbAttributes.at(ix).Value[0].Data; - attr[ix].length = dbAttributes.at(ix).Value[0].Length; - - // We don't want the data released, it is up the client - dbAttributes.at(ix).Value[0].Data = NULL; - dbAttributes.at(ix).Value[0].Length = 0; - } - else - { - attr[ix].data = NULL; - attr[ix].length = 0; - } - } - *attrList=theList; - } - - if (outData) - { - *outData=itemData.data(); - itemData.Data=NULL; - - if (length) *length=itemData.length(); - itemData.Length=0; - -#if SENDACCESSNOTIFICATIONS - secdebug("kcnotify", "ItemImpl::getAttributesAndData(0x%x, 0x%x, 0x%x, 0x%x, 0x%x) retrieved data", - (unsigned int)info, (unsigned int)itemClass, (unsigned int)attrList, (unsigned int)length, (unsigned int)outData); - - KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this); -#endif - } - -} - -void -ItemImpl::freeAttributesAndData(SecKeychainAttributeList *attrList, void *data) -{ - CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally - - if (data) - allocator.free(data); - - if(attrList) - { - for (UInt32 ix = 0; ix < attrList->count; ++ix) - { - allocator.free(attrList->attr[ix].data); - } - free(attrList->attr); - free(attrList); - } -} - -void -ItemImpl::getAttribute(SecKeychainAttribute& attr, UInt32 *actualLength) -{ - if (attr.tag == kSecClassItemAttr) - return getClass(attr, actualLength); - - if (mDbAttributes.get()) - { - CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(attr.tag)); - if (data) - { - getAttributeFrom(data, attr, actualLength); - return; - } - } - - if (!mKeychain) - MacOSError::throwMe(errSecNoSuchAttr); - - dbUniqueRecord(); - DbAttributes dbAttributes(mUniqueId->database(), 1); - dbAttributes.add(Schema::attributeInfo(attr.tag)); - mUniqueId->get(&dbAttributes, NULL); - getAttributeFrom(&dbAttributes.at(0), attr, actualLength); -} - -void -ItemImpl::getAttributeFrom(CssmDbAttributeData *data, SecKeychainAttribute &attr, UInt32 *actualLength) -{ - static const uint32 zero = 0; - uint32 length; - const void *buf = NULL; - - // Temporary storage for buf. - SInt64 macLDT; - UInt32 macSeconds; - sint16 svalue16; - uint16 uvalue16; - sint8 svalue8; - uint8 uvalue8; - - if (!data) - length = 0; - else if (data->size() < 1) // Attribute has no values. - { - if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32 - || data->format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32) - { - length = sizeof(zero); - buf = &zero; - } - else if (CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE) - length = 0; // Should we throw here? - else // All other formats - length = 0; - } - else // Get the first value - { - length = data->Value[0].Length; - buf = data->Value[0].Data; - - if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32) - { - if (attr.length == sizeof(sint8)) - { - length = attr.length; - svalue8 = sint8(*reinterpret_cast(buf)); - buf = &svalue8; - } - else if (attr.length == sizeof(sint16)) - { - length = attr.length; - svalue16 = sint16(*reinterpret_cast(buf)); - buf = &svalue16; - } - } - else if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32) - { - if (attr.length == sizeof(uint8)) - { - length = attr.length; - uvalue8 = uint8(*reinterpret_cast(buf)); - buf = &uvalue8; - } - else if (attr.length == sizeof(uint16)) - { - length = attr.length; - uvalue16 = uint16(*reinterpret_cast(buf)); - buf = &uvalue16; - } - } - else if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE) - { - if (attr.length == sizeof(UInt32)) - { - TimeStringToMacSeconds(data->Value[0], macSeconds); - buf = &macSeconds; - length = attr.length; - } - else if (attr.length == sizeof(SInt64)) - { - TimeStringToMacLongDateTime(data->Value[0], macLDT); - buf = &macLDT; - length = attr.length; - } - } - } - - if (actualLength) - *actualLength = length; - - if (length) - { - if (attr.length < length) - MacOSError::throwMe(errSecBufferTooSmall); - - memcpy(attr.data, buf, length); - } -} - -void -ItemImpl::getData(CssmDataContainer& outData) -{ - if (!mKeychain) - { - CssmData *data = mData.get(); - // If the data hasn't been set we can't return it. - if (!data) - MacOSError::throwMe(errSecDataNotAvailable); - - outData = *data; - return; - } - - getContent(NULL, &outData); - -#if SENDACCESSNOTIFICATIONS - secdebug("kcnotify", "ItemImpl::getData retrieved data"); - - //%%% be done elsewhere, but here is good for now - KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this); -#endif -} - -SSGroup -ItemImpl::group() -{ - SSGroup group; - if (!!mUniqueId) - { - Db db(mKeychain->database()); - if (useSecureStorage(db)) - { - group = safer_cast(*mUniqueId).group(); - } - } - - return group; -} - -void ItemImpl::getLocalContent(SecKeychainAttributeList &attributeList) -{ - CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally - - // pull attributes out of a "floating" item, i.e. one that isn't attached to a database - unsigned int i; - for (i = 0; i < attributeList.count; ++i) - { - // get the size of the attribute - UInt32 actualLength; - SecKeychainAttribute attribute; - attribute.tag = attributeList.attr[i].tag; - attribute.length = 0; - attribute.data = NULL; - getAttribute (attribute, &actualLength); - - // if we didn't get the actual length, mark zeros. - if (actualLength == 0) - { - attributeList.attr[i].length = 0; - attributeList.attr[i].data = NULL; - } - else - { - // make room in the item data - attributeList.attr[i].length = actualLength; - attributeList.attr[i].data = allocator.malloc(actualLength); - getAttribute(attributeList.attr[i], &actualLength); - } - } -} - -void -ItemImpl::getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData) -{ - // Make sure mUniqueId is set. - dbUniqueRecord(); - if (itemData) - { - Db db(mUniqueId->database()); - if (useSecureStorage(db)) - { - SSDbUniqueRecord ssUniqueId(safe_cast(&(*mUniqueId))); - const AccessCredentials *autoPrompt = globals().credentials(); - ssUniqueId->get(dbAttributes, itemData, autoPrompt); - return; - } - } - - mUniqueId->get(dbAttributes, itemData); -} - -bool -ItemImpl::useSecureStorage(const Db &db) -{ - switch (recordType()) - { - case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: - case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: - case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: - if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) - return true; - break; - default: - break; - } - return false; -} - - -// -// Item -- This class is here to magically create the right subclass of ItemImpl -// when constructing new items. -// -Item::Item() -{ -} - -Item::Item(ItemImpl *impl) : SecPointer(impl) -{ -} - -Item::Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data) -{ - if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE - || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY - || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY - || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */ - - *this = new ItemImpl(itemClass, itemCreator, length, data); -} - -Item::Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data) -{ - if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE - || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY - || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY - || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */ - - *this = new ItemImpl(itemClass, attrList, length, data); -} - -Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) - : SecPointer( - primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE - ? new Certificate(keychain, primaryKey, uniqueId) - : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY - || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY - || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - ? new KeyItem(keychain, primaryKey, uniqueId) - : new ItemImpl(keychain, primaryKey, uniqueId)) -{ -} - -Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey) - : SecPointer( - primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE - ? new Certificate(keychain, primaryKey) - : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY - || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY - || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - ? new KeyItem(keychain, primaryKey) - : new ItemImpl(keychain, primaryKey)) -{ -} - -Item::Item(ItemImpl &item) - : SecPointer( - item.recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE - ? new Certificate(safer_cast(item)) - : (item.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY - || item.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY - || item.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) - ? new KeyItem(safer_cast(item)) - : new ItemImpl(item)) -{ -} diff --git a/Keychain/Item.h b/Keychain/Item.h deleted file mode 100644 index 1ce52279..00000000 --- a/Keychain/Item.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Item.h -// -#ifndef _SECURITY_ITEM_H_ -#define _SECURITY_ITEM_H_ - -#include -#include -#include -#include - -namespace Security -{ - -using namespace CssmClient; - -namespace KeychainCore -{ -class Keychain; - -class ItemImpl : public SecCFObject -{ -public: - SECCFFUNCTIONS(ItemImpl, SecKeychainItemRef, errSecInvalidItemRef) - - friend class Item; - friend class KeychainImpl; -protected: - - // new item constructors - ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data); - - ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data); - - // db item contstructor - ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); - - // PrimaryKey item contstructor - ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey); - - ItemImpl(ItemImpl &item); - - void getAttributeFrom(CssmDbAttributeData *data, SecKeychainAttribute &attr, UInt32 *actualLength); - void getClass(SecKeychainAttribute &attr, UInt32 *actualLength); - -protected: - // Methods called by KeychainImpl; - - // Add the receiver to keychain - virtual PrimaryKey add(Keychain &keychain); - - // Get the default value for an attribute - static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info); - -public: - virtual ~ItemImpl() throw(); - bool isPersistant() const; - bool isModified() const; - - virtual void update(); - - // put a copy of the item into a given keychain - virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL); - - CSSM_DB_RECORDTYPE recordType() const; - - // Used for writing the record to the database. - CssmClient::DbUniqueRecord dbUniqueRecord(); - const CssmClient::DbAttributes *modifiedAttributes() const; - const CssmData *modifiedData() const; - virtual void didModify(); // Forget any attributes and data we just wrote to the db - - Keychain keychain() const; - PrimaryKey primaryKey() const; - bool operator <(const ItemImpl &other) const; - - void getAttribute(SecKeychainAttribute& attr, UInt32 *actualLength); - void getData(CssmDataContainer& outData); - - void modifyContent(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData); - void getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData); - static void freeContent(SecKeychainAttributeList *attrList, void *data); - static void freeAttributesAndData(SecKeychainAttributeList *attrList, void *data); - - void getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData); - void modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData); - - void setAttribute(SecKeychainAttribute& attr); - void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data); - void setData(UInt32 length,const void *data); - void setAccess(Access *newAccess); - - SSGroup group(); - -protected: - void getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData); - void getLocalContent(SecKeychainAttributeList &attributeList); - - bool useSecureStorage(const CssmClient::Db &db); - - // new item members - auto_ptr mData; - auto_ptr mDbAttributes; - SecPointer mAccess; - - // db item members - CssmClient::DbUniqueRecord mUniqueId; - Keychain mKeychain; - PrimaryKey mPrimaryKey; -}; - - -class Item : public SecPointer -{ -public: - Item(); - Item(ItemImpl *impl); - Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data); - Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data); - Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); - Item(const Keychain &keychain, const PrimaryKey &primaryKey); - Item(ItemImpl &item); -}; - - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_ITEM_H_ \ No newline at end of file diff --git a/Keychain/KCCursor.cpp b/Keychain/KCCursor.cpp deleted file mode 100644 index f602a0e5..00000000 --- a/Keychain/KCCursor.cpp +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// KCCursor.cpp -// - -#include "KCCursor.h" - -#include "Item.h" -#include "Schema.h" -#include "cssmdatetime.h" -#include "Globals.h" -#include "StorageManager.h" -#include -#include - -using namespace KeychainCore; -using namespace CssmClient; -using namespace CSSMDateTimeUtils; - -// -// KCCursorImpl -// -KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList) : - mSearchList(searchList), - mCurrent(mSearchList.begin()), - mAllFailed(true) -{ - recordType(Schema::recordTypeFor(itemClass)); - - if (!attrList) // No additional selectionPredicates: we are done - return; - - conjunctive(CSSM_DB_AND); - const SecKeychainAttribute *end=&attrList->attr[attrList->count]; - // Add all the attrs in attrs list to the cursor. - for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr) - { - const CssmDbAttributeInfo &info = Schema::attributeInfo(attr->tag); - void *buf = attr->data; - UInt32 length = attr->length; - uint8 timeString[16]; - - // XXX This code is duplicated in NewItemImpl::setAttribute() - // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE - // style attribute value. - if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE) - { - if (length == sizeof(UInt32)) - { - MacSecondsToTimeString(*reinterpret_cast(buf), - 16, &timeString); - buf = &timeString; - length = 16; - } - else if (length == sizeof(SInt64)) - { - MacLongDateTimeToTimeString(*reinterpret_cast(buf), - 16, &timeString); - buf = &timeString; - length = 16; - } - } - add(CSSM_DB_EQUAL,info, CssmData(buf,length)); - } -} - -KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) : - mSearchList(searchList), - mCurrent(mSearchList.begin()), - mAllFailed(true) -{ - if (!attrList) // No additional selectionPredicates: we are done - return; - - conjunctive(CSSM_DB_AND); - bool foundClassAttribute=false; - const SecKeychainAttribute *end=&attrList->attr[attrList->count]; - // Add all the attrs in attrs list to the cursor. - for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr) - { - if (attr->tag!=kSecClassItemAttr) // a regular attribute - { - const CssmDbAttributeInfo &info = Schema::attributeInfo(attr->tag); - void *buf = attr->data; - UInt32 length = attr->length; - uint8 timeString[16]; - - // XXX This code is duplicated in NewItemImpl::setAttribute() - // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE - // style attribute value. - if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE) - { - if (length == sizeof(UInt32)) - { - MacSecondsToTimeString(*reinterpret_cast(buf), - 16, &timeString); - buf = &timeString; - length = 16; - } - else if (length == sizeof(SInt64)) - { - MacLongDateTimeToTimeString(*reinterpret_cast(buf), - 16, &timeString); - buf = &timeString; - length = 16; - } - } - add(CSSM_DB_EQUAL,info, CssmData(buf,length)); - - continue; - } - - // the class attribute - if (foundClassAttribute || attr->length != sizeof(SecItemClass)) - MacOSError::throwMe(paramErr); // We have 2 different 'clas' attributes - - recordType(Schema::recordTypeFor(*reinterpret_cast(attr->data))); - foundClassAttribute=true; - } -} - -KCCursorImpl::~KCCursorImpl() throw() -{ -} - -bool -KCCursorImpl::next(Item &item) -{ - DbAttributes dbAttributes; - DbUniqueRecord uniqueId; - OSStatus status = 0; - - for (;;) - { - if (!mDbCursor) - { - if (mCurrent == mSearchList.end()) - { - // If we got always failed when calling mDbCursor->next return the error from - // the last call to mDbCursor->next now - if (mAllFailed && status) - CssmError::throwMe(status); - - // No more keychains to search so we are done. - return false; - } - - mDbCursor = DbCursor((*mCurrent)->database(), *this); - } - - bool gotRecord; - try - { - gotRecord = mDbCursor->next(&dbAttributes, NULL, uniqueId); - mAllFailed = false; - } - catch(const CssmCommonError &err) - { - // Catch the last error we get and move on to the next keychain - // This error will be returned when we reach the end of our keychain list - // iff all calls to KCCursorImpl::next failed - status = err.osStatus(); - gotRecord = false; - } - - // If we did not get a record from the current keychain or the current - // keychain did not exist skip to the next keychain in the list. - if (!gotRecord) - { - ++mCurrent; - mDbCursor = DbCursor(); - continue; - } - - // If doing a search for all records skip the db blob added by the - // CSP/DL and skip symmetric key items. - // @@@ This is wrong since we should only skip symmetric keys that are - // group keys and not user generated symmetric keys. - if (mDbCursor->recordType() == CSSM_DL_DB_RECORD_ANY && - (dbAttributes.recordType() == 0x80008000 - || dbAttributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)) - continue; - - break; - } - - // Go though Keychain since item might already exist. - item = (*mCurrent)->item(dbAttributes.recordType(), uniqueId); - return true; -} diff --git a/Keychain/KCCursor.h b/Keychain/KCCursor.h deleted file mode 100644 index b0827b19..00000000 --- a/Keychain/KCCursor.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// KCCursor.h -// -#ifndef _SECURITY_KCCURSOR_H_ -#define _SECURITY_KCCURSOR_H_ - -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class KCCursorImpl : public SecCFObject, public CssmAutoQuery -{ - NOCOPY(KCCursorImpl) -public: - SECCFFUNCTIONS(KCCursorImpl, SecKeychainSearchRef, errSecInvalidSearchRef) - - friend class KCCursor; -protected: - KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList); - KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList); - -public: - virtual ~KCCursorImpl() throw(); - bool next(Item &item); - -private: - StorageManager::KeychainList mSearchList; - StorageManager::KeychainList::iterator mCurrent; - CssmClient::DbCursor mDbCursor; - bool mAllFailed; -}; - - -class KCCursor : public SecPointer -{ -public: - KCCursor() {} - - KCCursor(KCCursorImpl *impl) : SecPointer(impl) {} - - KCCursor(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) - : SecPointer(new KCCursorImpl(searchList, attrList)) {} - - KCCursor(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList) - : SecPointer(new KCCursorImpl(searchList, itemClass, attrList)) {} - - typedef KCCursorImpl Impl; -}; - - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_KCCURSOR_H_ diff --git a/Keychain/KCEventNotifier.cpp b/Keychain/KCEventNotifier.cpp deleted file mode 100644 index 384a210d..00000000 --- a/Keychain/KCEventNotifier.cpp +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: KCEventNotifier.cpp - - Contains: OS X CF Notifier for Keychain Events - - Written by: Craig Mortensen - - Copyright: 2000 by Apple Computer, Inc., All rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#include "ssclient.h" -#include "KCEventNotifier.h" -#include "KCExceptions.h" -#include "Keychains.h" - -using namespace KeychainCore; - -void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, const Keychain &keychain, const Item &kcItem) -{ - DLDbIdentifier dlDbIdentifier; - PrimaryKey primaryKey; - - if (keychain) - dlDbIdentifier = keychain->dLDbIdentifier(); - - if (kcItem) - primaryKey = kcItem->primaryKey(); - - PostKeychainEvent(whichEvent, dlDbIdentifier, primaryKey); -} - - -void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, - const DLDbIdentifier &dlDbIdentifier, - const PrimaryKey &primaryKey) -{ - NameValueDictionary nvd; - - pid_t thePid = getpid(); - nvd.Insert (new NameValuePair (PID_KEY, CssmData (reinterpret_cast(&thePid), sizeof (pid_t)))); - - if (dlDbIdentifier) - { - NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier (dlDbIdentifier, nvd); - } - - CssmData* pKey = primaryKey; - - if (primaryKey) - { - nvd.Insert (new NameValuePair (ITEM_KEY, *pKey)); - } - - // flatten the dictionary - CssmData data; - nvd.Export (data); - - SecurityServer::ClientSession cs (CssmAllocator::standard(), CssmAllocator::standard()); - cs.postNotification (Listener::databaseNotifications, whichEvent, data); - - secdebug("kcnotify", "KCEventNotifier::PostKeychainEvent posted event %u", (unsigned int) whichEvent); - - free (data.data ()); -} diff --git a/Keychain/KCEventNotifier.h b/Keychain/KCEventNotifier.h deleted file mode 100644 index 7eb92393..00000000 --- a/Keychain/KCEventNotifier.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * KCEventNotifier.h -- OS X CF Notifier for Keychain Events - */ -#ifndef _SECURITY_KCEVENTNOTIFIER_H_ -#define _SECURITY_KCEVENTNOTIFIER_H_ - -#include -#include -#include -#include "dictionary.h" - -namespace Security -{ - -namespace KeychainCore -{ - -class Keychain; - -class KCEventNotifier -{ -public: - static void PostKeychainEvent(SecKeychainEvent kcEvent, - const Keychain& keychain, - const Item &item = Item()); - static void PostKeychainEvent(SecKeychainEvent kcEvent, - const DLDbIdentifier &dlDbIdentifier = DLDbIdentifier(), - const PrimaryKey &primaryKey = PrimaryKey()); -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif /* _SECURITY_KCEVENTNOTIFIER_H_ */ diff --git a/Keychain/KCEventObserver.cpp b/Keychain/KCEventObserver.cpp deleted file mode 100644 index 416c2637..00000000 --- a/Keychain/KCEventObserver.cpp +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: KCEventObserver.cpp - - Contains: OS X CF Observer for Keychain Events - - Written by: Craig Mortensen - - Copyright: 2000 by Apple Computer, Inc., All rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#include "KCEventObserver.h" - -using namespace Security; - -void Observer::EventReceived (Listener::Domain domain, Listener::Event event, const void* data, size_t dataLength) -{ - secdebug("kcnotify", "Security::Observer::EventReceived got event %u", (unsigned int) event); - - // make a NameValueDictionary from the data we received - CssmData dt ((void*) data, dataLength); - NameValueDictionary nvd (dt); - Event (domain, event, nvd); -} - - - -Observer::Observer (Listener::Domain whichDomain, Listener::EventMask whichEvents) -{ - RequestEvents (whichDomain, whichEvents); -} - - - -Observer::~Observer () -{ -} diff --git a/Keychain/KCEventObserver.h b/Keychain/KCEventObserver.h deleted file mode 100644 index cfe58f95..00000000 --- a/Keychain/KCEventObserver.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * KCEventObserver.h -- OS X CF Observer for Keychain Events - */ -#ifndef _SECURITY_KCEVENTOBSERVER_H_ -#define _SECURITY_KCEVENTOBSERVER_H_ - -#include "dictionary.h" -#include "eventlistener.h" -#include "notifications.h" - - -namespace Security -{ - -class Observer : private SecurityServer::EventListener -{ -protected: - void EventReceived (Listener::Domain domain, Listener::Event event, const void* data, size_t dataLength); - -public: - Observer (Listener::Domain whichDomain, Listener::EventMask whichEvents); - virtual ~Observer (); - virtual void Event (Listener::Domain domain, Listener::Event whichEvent, NameValueDictionary &dictionary) = 0; -}; - -} // end namespace Security - -#endif // !_SECURITY_KCEVENTOBSERVER_H_ diff --git a/Keychain/KCExceptions.h b/Keychain/KCExceptions.h deleted file mode 100644 index 1d1974e3..00000000 --- a/Keychain/KCExceptions.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * KCExceptions.h - */ -#ifndef _SECURITY_KCEXCEPTIONS_H_ -#define _SECURITY_KCEXCEPTIONS_H_ - -#include - -#ifdef lock -#undef lock -#endif -#include - -#ifdef check -#undef check -#endif - -namespace Security -{ - -namespace KeychainCore -{ - -// -// Helpers for memory pointer validation -// - -/* remove RequiredParam when cdsa does namespaces -template -inline T &Required(T *ptr,OSStatus err = paramErr) -{ - return Required(ptr,err); -} -*/ - -template -inline void KCThrowIfMemFail_(const T *ptr) -{ - if (ptr==NULL) - MacOSError::throwMe(memFullErr); -} - -inline void KCThrowIf_(OSStatus theErr) -{ - // will also work for OSErr - if (theErr!=noErr) - MacOSError::throwMe(theErr); -} - -inline void KCThrowIf_(bool test,OSStatus theErr) -{ - // will also work for OSErr - if (test) - MacOSError::throwMe(theErr); -} - -inline void KCThrowParamErrIf_(bool test) -{ - if (test) - MacOSError::throwMe(paramErr); -} - -inline void KCUnimplemented_() -{ - MacOSError::throwMe(unimpErr); -} - -} // end namespace KeychainCore - -} // end namespace Security - -#endif /* !_SECURITY_KCEXCEPTIONS_H_ */ diff --git a/Keychain/KCUtilities.cpp b/Keychain/KCUtilities.cpp deleted file mode 100644 index fe01edf2..00000000 --- a/Keychain/KCUtilities.cpp +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifdef __MWERKS__ -#define _KC_UTILITIES -#endif - -#include -#include - -namespace Security -{ - -OSStatus GetKeychainErrFromCSSMErr( OSStatus cssmError ) -{ - if (CSSM_ERR_IS_CONVERTIBLE(cssmError)) - { - switch (CSSM_ERRCODE(cssmError)) - { - // CONVERTIBLE ERROR CODES. - case CSSM_ERRCODE_SERVICE_NOT_AVAILABLE: - return errSecNotAvailable; - case CSSM_ERRCODE_USER_CANCELED: - return userCanceledErr; - case CSSM_ERRCODE_OPERATION_AUTH_DENIED: - return errSecAuthFailed; - case CSSM_ERRCODE_NO_USER_INTERACTION: - return errSecInteractionNotAllowed; - case CSSM_ERRCODE_OS_ACCESS_DENIED: - return wrPermErr; - default: - return cssmError; - } - } - else - { - switch (cssmError) - { - // DL SPECIFIC ERROR CODES - case CSSMERR_DL_OS_ACCESS_DENIED: - return wrPermErr; - case CSSMERR_DL_RECORD_NOT_FOUND: - return errSecItemNotFound; - case CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA: - return errSecDuplicateItem; - case CSSMERR_DL_DATABASE_CORRUPT: - return errSecInvalidKeychain; - case CSSMERR_DL_DATASTORE_DOESNOT_EXIST: - return errSecNoSuchKeychain; - case CSSMERR_DL_DATASTORE_ALREADY_EXISTS: - return errSecDuplicateKeychain; - case CSSMERR_DL_INVALID_FIELD_NAME: - return errSecNoSuchAttr; - default: - return cssmError; - } - } -} - -StKCAttribute::StKCAttribute( SecKeychainAttribute* inPtr ) : - fAttr( inPtr ) -{ -} - -StKCAttribute::~StKCAttribute( ) -{ - delete fAttr; -} - -StKCItem::StKCItem( SecKeychainItemRef* inItem, OSStatus* result ) : - fItem( inItem ), - fResult( result ) -{ -} - -StKCItem::~StKCItem( ) -{ - // if an error occured and the item is valid, release the item - // - if ( *fResult != noErr && *fItem != NULL ) - CFRelease(*fItem ); -} - -} // end namespace Security diff --git a/Keychain/KCUtilities.h b/Keychain/KCUtilities.h deleted file mode 100644 index af086871..00000000 --- a/Keychain/KCUtilities.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifndef _SECURITY_KCUTILITIES_H_ -#define _SECURITY_KCUTILITIES_H_ - -#include -#include -#include -#include - -namespace Security -{ - -OSStatus GetKeychainErrFromCSSMErr(OSStatus cssmError); - -// -// Helpers for memory pointer validation -// -template -inline T &RequiredParam(T *ptr,OSStatus err = paramErr) -{ - if (ptr == NULL) - MacOSError::throwMe(err); - return *ptr; -} - -class StKCAttribute -{ -public: - StKCAttribute( SecKeychainAttribute* attr ); - virtual ~StKCAttribute( void ); -private: - SecKeychainAttribute* fAttr; -}; - -// Class for cleaning up a KCItemRef when finished with it -// if an error occurs at any time when dealing with the item. -// -class StKCItem -{ -public: - StKCItem( SecKeychainItemRef* item, OSStatus* result ); - virtual ~StKCItem( void ); -private: - SecKeychainItemRef* fItem; - OSStatus* fResult; -}; - -} // end namespace Security - -#endif // !_SECURITY_KCUTILITIES_H_ diff --git a/Keychain/KeyItem.cpp b/Keychain/KeyItem.cpp deleted file mode 100644 index 5e41c74f..00000000 --- a/Keychain/KeyItem.cpp +++ /dev/null @@ -1,759 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// KeyItem.cpp -// -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "clNssUtils.h" -#include "KCEventNotifier.h" - -// @@@ This needs to be shared. -static CSSM_DB_NAME_ATTR(kSecKeyPrintName, 1, "PrintName", 0, NULL, BLOB); -static CSSM_DB_NAME_ATTR(kSecKeyLabel, 6, "Label", 0, NULL, BLOB); -static CSSM_DB_NAME_ATTR(kSecApplicationTag, 7, "ApplicationTag", 0, NULL, BLOB); - -using namespace KeychainCore; - -KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) : - ItemImpl(keychain, primaryKey, uniqueId), - mKey() -{ -} - -KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey) : - ItemImpl(keychain, primaryKey), - mKey() -{ -} - -KeyItem::KeyItem(KeyItem &keyItem) : - ItemImpl(keyItem), - mKey() -{ - // @@@ this doesn't work for keys that are not in a keychain. -} - -KeyItem::KeyItem(const CssmClient::Key &key) : - ItemImpl(key->keyClass() + CSSM_DL_DB_RECORD_PUBLIC_KEY, (OSType)0, (UInt32)0, (const void*)NULL), - mKey(key) -{ - if (key->keyClass() > CSSM_KEYCLASS_SESSION_KEY) - MacOSError::throwMe(paramErr); -} - -KeyItem::~KeyItem() throw() -{ -} - -void -KeyItem::update() -{ - ItemImpl::update(); -} - -Item -KeyItem::copyTo(const Keychain &keychain, Access *newAccess) -{ - if (!keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP) - MacOSError::throwMe(errSecInvalidKeychain); - - /* Get the destination keychains db. */ - SSDb ssDb(safe_cast(&(*keychain->database()))); - - /* Make sure mKey is valid. */ - key(); - - // Generate a random label to use initially - CssmClient::CSP appleCsp(gGuidAppleCSP); - CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW); - uint8 labelBytes[20]; - CssmData label(labelBytes, sizeof(labelBytes)); - random.generate(label, label.Length); - - /* Set up the ACL for the new key. */ - SecPointer access; - if (newAccess) - access = newAccess; - else - access = new Access(*mKey); - - /* Generate a random 3DES wrapping Key. */ - CssmClient::GenerateKey genKey(csp(), CSSM_ALGID_3DES_3KEY, 192); - CssmClient::Key wrappingKey(genKey(KeySpec(CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, - CSSM_KEYATTR_EXTRACTABLE /* | CSSM_KEYATTR_RETURN_DATA */))); - - /* Extract the key by wrapping it with the wrapping key. */ - CssmClient::WrapKey wrap(csp(), CSSM_ALGID_3DES_3KEY_EDE); - wrap.key(wrappingKey); - wrap.cred(getCredentials(CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED, kSecCredentialTypeDefault)); - wrap.mode(CSSM_ALGMODE_ECBPad); - wrap.padding(CSSM_PADDING_PKCS7); - CssmClient::Key wrappedKey(wrap(mKey)); - - /* Unwrap the new key into the new Keychain. */ - CssmClient::UnwrapKey unwrap(keychain->csp(), CSSM_ALGID_3DES_3KEY_EDE); - unwrap.key(wrappingKey); - unwrap.mode(CSSM_ALGMODE_ECBPad); - unwrap.padding(CSSM_PADDING_PKCS7); - - /* Setup the dldbHandle in the context. */ - unwrap.add(CSSM_ATTRIBUTE_DL_DB_HANDLE, ssDb->handle()); - - /* Set up an initial aclEntry so we can change it after the unwrap. */ - Access::Maker maker; - ResourceControlContext rcc; - maker.initialOwner(rcc, NULL); - unwrap.aclEntry(rcc.input()); - - /* Unwrap the key. */ - uint32 usage = mKey->usage(); - /* Work around csp brokeness where it sets all usage bits in the Keyheader when CSSM_KEYUSE_ANY is set. */ - if (usage & CSSM_KEYUSE_ANY) - usage = CSSM_KEYUSE_ANY; - - CssmClient::Key unwrappedKey(unwrap(wrappedKey, KeySpec(usage, - (mKey->attributes() | CSSM_KEYATTR_PERMANENT) & ~(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE), - label))); - - /* Look up unwrapped key in the DLDB. */ - DbUniqueRecord uniqueId; - SSDbCursor dbCursor(ssDb, 1); - dbCursor->recordType(recordType()); - dbCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, label); - CssmClient::Key copiedKey; - if (!dbCursor->nextKey(NULL, copiedKey, uniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - /* Copy the Label, PrintName and ApplicationTag attributes from the old key to the new one. */ - dbUniqueRecord(); - DbAttributes oldDbAttributes(mUniqueId->database(), 3); - oldDbAttributes.add(kSecKeyLabel); - oldDbAttributes.add(kSecKeyPrintName); - oldDbAttributes.add(kSecApplicationTag); - mUniqueId->get(&oldDbAttributes, NULL); - uniqueId->modify(recordType(), &oldDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - - /* Set the acl and owner on the unwrapped key. */ - access->setAccess(*unwrappedKey, maker); - - /* Return a keychain items which represents the new key. */ - Item item(keychain->item(recordType(), uniqueId)); - - KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, item); - - return item; -} - -void -KeyItem::didModify() -{ -} - -PrimaryKey -KeyItem::add(Keychain &keychain) -{ - MacOSError::throwMe(unimpErr); -} - -CssmClient::SSDbUniqueRecord -KeyItem::ssDbUniqueRecord() -{ - DbUniqueRecordImpl *impl = &*dbUniqueRecord(); - return CssmClient::SSDbUniqueRecord(safe_cast(impl)); -} - -CssmClient::Key & -KeyItem::key() -{ - if (!mKey) - { - CssmClient::SSDbUniqueRecord uniqueId(ssDbUniqueRecord()); - CssmDataContainer dataBlob(uniqueId->allocator()); - uniqueId->get(NULL, &dataBlob); - mKey = CssmClient::Key(uniqueId->database()->csp(), *reinterpret_cast(dataBlob.Data)); - } - - return mKey; -} - -CssmClient::CSP -KeyItem::csp() -{ - return key()->csp(); -} - - -const CSSM_X509_ALGORITHM_IDENTIFIER& -KeyItem::algorithmIdentifier() -{ -#if 0 - CssmKey *mKey; - CSSM_KEY_TYPE algorithm - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)thisData->Data; -cssmKey->KeyHeader - static void printKeyHeader( - const CSSM_KEYHEADER &hdr) -{ - printf(" Algorithm : "); - switch(hdr.AlgorithmId) { -CSSM_X509_ALGORITHM_IDENTIFIER algID; - -CSSM_OID *CL_algToOid( - CSSM_ALGORITHMS algId) -typedef struct cssm_x509_algorithm_identifier { - CSSM_OID algorithm; - CSSM_DATA parameters; -} CSSM_X509_ALGORITHM_IDENTIFIER, *CSSM_X509_ALGORITHM_IDENTIFIER_PTR; -#endif - - abort(); -} - -unsigned int -KeyItem::strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER *algid) -{ - // @@@ Make a context with key based on algid and use that to get the effective keysize and not just the logical one. - CSSM_KEY_SIZE keySize = {}; - CSSM_RETURN rv = CSSM_QueryKeySizeInBits (csp()->handle(), - NULL, - key(), - &keySize); - if (rv) - return 0; - - return keySize.LogicalKeySizeInBits; -} - -const AccessCredentials * -KeyItem::getCredentials( - CSSM_ACL_AUTHORIZATION_TAG operation, - SecCredentialType credentialType) -{ - // @@@ Fix this to actually examine the ACL for this key and consider operation and do the right thing. - //AutoAclEntryInfoList aclInfos; - //key()->getAcl(aclInfos); - - AclFactory factory; - switch (credentialType) - { - case kSecCredentialTypeDefault: - return globals().credentials(); - case kSecCredentialTypeWithUI: - return factory.promptCred(); - case kSecCredentialTypeNoUI: - return factory.nullCred(); - default: - MacOSError::throwMe(paramErr); - } -} - -void -KeyItem::createPair( - Keychain keychain, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE publicKeyUsage, - uint32 publicKeyAttr, - CSSM_KEYUSE privateKeyUsage, - uint32 privateKeyAttr, - SecPointer initialAccess, - SecPointer &outPublicKey, - SecPointer &outPrivateKey) -{ - bool freeKeys = false; - bool deleteContext = false; - - if (!keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP) - MacOSError::throwMe(errSecInvalidKeychain); - - SSDb ssDb(safe_cast(&(*keychain->database()))); - CssmClient::CSP csp(keychain->csp()); - CssmClient::CSP appleCsp(gGuidAppleCSP); - - // Generate a random label to use initially - CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW); - uint8 labelBytes[20]; - CssmData label(labelBytes, sizeof(labelBytes)); - random.generate(label, label.Length); - - // Create a Access::Maker for the initial owner of the private key. - ResourceControlContext rcc; - memset(&rcc, 0, sizeof(rcc)); - Access::Maker maker; - // @@@ Potentially provide a credential argument which allows us to generate keys in the csp. Currently the CSP let's anyone do this, but we might restrict this in the future, f.e. a smartcard could require out of band pin entry before a key can be generated. - maker.initialOwner(rcc); - // Create the cred we need to manipulate the keys until we actually set a new access control for them. - const AccessCredentials *cred = maker.cred(); - - CSSM_KEY publicCssmKey, privateCssmKey; - memset(&publicCssmKey, 0, sizeof(publicCssmKey)); - memset(&privateCssmKey, 0, sizeof(privateCssmKey)); - - CSSM_CC_HANDLE ccHandle = 0; - - try - { - CSSM_RETURN status; - if (contextHandle) - ccHandle = contextHandle; - else - { - status = CSSM_CSP_CreateKeyGenContext(csp->handle(), algorithm, keySizeInBits, NULL, NULL, NULL, NULL, NULL, &ccHandle); - if (status) - CssmError::throwMe(status); - deleteContext = true; - } - - CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle(); - CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle; - CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } }; - status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes); - if (status) - CssmError::throwMe(status); - - // Generate the keypair - status = CSSM_GenerateKeyPair(ccHandle, publicKeyUsage, publicKeyAttr, &label, &publicCssmKey, privateKeyUsage, privateKeyAttr, &label, &rcc, &privateCssmKey); - if (status) - CssmError::throwMe(status); - freeKeys = true; - - // Find the keys we just generated in the DL to get SecKeyRef's to them - // so we can change the label to be the hash of the public key, and - // fix up other attributes. - - // Look up public key in the DLDB. - DbAttributes pubDbAttributes; - DbUniqueRecord pubUniqueId; - SSDbCursor dbPubCursor(ssDb, 1); - dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY); - dbPubCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, label); - CssmClient::Key publicKey; - if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - // Look up private key in the DLDB. - DbAttributes privDbAttributes; - DbUniqueRecord privUniqueId; - SSDbCursor dbPrivCursor(ssDb, 1); - dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY); - dbPrivCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, label); - CssmClient::Key privateKey; - if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - // Convert reference public key to a raw key so we can use it - // in the appleCsp. - CssmClient::WrapKey wrap(csp, CSSM_ALGID_NONE); - wrap.cred(cred); - CssmClient::Key rawPubKey = wrap(publicKey); - - // Calculate the hash of the public key using the appleCSP. - CssmClient::PassThrough passThrough(appleCsp); - void *outData; - CssmData *cssmData; - - /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the - * associated key blob. - * Key is specified in CSSM_CSP_CreatePassThroughContext. - * Hash is allocated bythe CSP, in the App's memory, and returned - * in *outData. */ - passThrough.key(rawPubKey); - passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); - cssmData = reinterpret_cast(outData); - CssmData &pubKeyHash = *cssmData; - - std::string description(initialAccess->promptDescription()); - // Set the label of the public key to the public key hash. - // Set the PrintName of the public key to the description in the acl. - pubDbAttributes.add(kSecKeyLabel, pubKeyHash); - pubDbAttributes.add(kSecKeyPrintName, description); - pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - - // Set the label of the private key to the public key hash. - // Set the PrintName of the private key to the description in the acl. - privDbAttributes.add(kSecKeyLabel, pubKeyHash); - privDbAttributes.add(kSecKeyPrintName, description); - privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - - // @@@ Not exception safe! - csp.allocator().free(cssmData->Data); - csp.allocator().free(cssmData); - - // Finally fix the acl and owner of the private key to the specified access control settings. - initialAccess->setAccess(*privateKey, maker); - - // Make the public key acl completely open - Access pubKeyAccess; - pubKeyAccess.setAccess(*publicKey, maker); - - // Create keychain items which will represent the keys. - outPublicKey = safe_cast(&(*keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId))); - outPrivateKey = safe_cast(&(*keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId))); - } - catch (...) - { - if (freeKeys) - { - // Delete the keys if something goes wrong so we don't end up with inaccesable keys in the database. - CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE); - CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE); - } - - if (deleteContext) - CSSM_DeleteContext(ccHandle); - - throw; - } - - if (freeKeys) - { - CSSM_FreeKey(csp->handle(), NULL, &publicCssmKey, FALSE); - CSSM_FreeKey(csp->handle(), NULL, &privateCssmKey, FALSE); - } - - if (deleteContext) - CSSM_DeleteContext(ccHandle); -} - -void -KeyItem::importPair( - Keychain keychain, - const CSSM_KEY &publicWrappedKey, - const CSSM_KEY &privateWrappedKey, - SecPointer initialAccess, - SecPointer &outPublicKey, - SecPointer &outPrivateKey) -{ - bool freePublicKey = false; - bool freePrivateKey = false; - bool deleteContext = false; - - if (!keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP) - MacOSError::throwMe(errSecInvalidKeychain); - - SSDb ssDb(safe_cast(&(*keychain->database()))); - CssmClient::CSP csp(keychain->csp()); - CssmClient::CSP appleCsp(gGuidAppleCSP); - - // Create a Access::Maker for the initial owner of the private key. - ResourceControlContext rcc; - memset(&rcc, 0, sizeof(rcc)); - Access::Maker maker; - // @@@ Potentially provide a credential argument which allows us to unwrap keys in the csp. Currently the CSP let's anyone do this, but we might restrict this in the future, f.e. a smartcard could require out of band pin entry before a key can be generated. - maker.initialOwner(rcc); - // Create the cred we need to manipulate the keys until we actually set a new access control for them. - const AccessCredentials *cred = maker.cred(); - - CSSM_KEY publicCssmKey, privateCssmKey; - memset(&publicCssmKey, 0, sizeof(publicCssmKey)); - memset(&privateCssmKey, 0, sizeof(privateCssmKey)); - - CSSM_CC_HANDLE ccHandle = 0; - - try - { - CSSM_RETURN status; - - // Calculate the hash of the public key using the appleCSP. - CssmClient::PassThrough passThrough(appleCsp); - void *outData; - CssmData *cssmData; - - /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the - * associated key blob. - * Key is specified in CSSM_CSP_CreatePassThroughContext. - * Hash is allocated bythe CSP, in the App's memory, and returned - * in *outData. */ - passThrough.key(&publicWrappedKey); - passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); - cssmData = reinterpret_cast(outData); - CssmData &pubKeyHash = *cssmData; - - status = CSSM_CSP_CreateSymmetricContext(csp->handle(), publicWrappedKey.KeyHeader.WrapAlgorithmId, CSSM_ALGMODE_NONE, NULL, NULL, NULL, CSSM_PADDING_NONE, NULL, &ccHandle); - if (status) - CssmError::throwMe(status); - deleteContext = true; - - CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle(); - CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle; - CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } }; - status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes); - if (status) - CssmError::throwMe(status); - - // Unwrap the the keys - CSSM_DATA descriptiveData = {0, NULL}; - - status = CSSM_UnwrapKey( - ccHandle, - NULL, - &publicWrappedKey, - publicWrappedKey.KeyHeader.KeyUsage, - publicWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT, - &pubKeyHash, - &rcc, - &publicCssmKey, - &descriptiveData); - - if (status) - CssmError::throwMe(status); - freePublicKey = true; - - if (descriptiveData.Data != NULL) - free (descriptiveData.Data); - - status = CSSM_UnwrapKey( - ccHandle, - NULL, - &privateWrappedKey, - privateWrappedKey.KeyHeader.KeyUsage, - privateWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT, - &pubKeyHash, - &rcc, - &privateCssmKey, - &descriptiveData); - - if (status) - CssmError::throwMe(status); - - if (descriptiveData.Data != NULL) - free (descriptiveData.Data); - - freePrivateKey = true; - - // Find the keys we just generated in the DL to get SecKeyRef's to them - // so we can change the label to be the hash of the public key, and - // fix up other attributes. - - // Look up public key in the DLDB. - DbAttributes pubDbAttributes; - DbUniqueRecord pubUniqueId; - SSDbCursor dbPubCursor(ssDb, 1); - dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY); - dbPubCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, pubKeyHash); - CssmClient::Key publicKey; - if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - // Look up private key in the DLDB. - DbAttributes privDbAttributes; - DbUniqueRecord privUniqueId; - SSDbCursor dbPrivCursor(ssDb, 1); - dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY); - dbPrivCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, pubKeyHash); - CssmClient::Key privateKey; - if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - // @@@ Not exception safe! - csp.allocator().free(cssmData->Data); - csp.allocator().free(cssmData); - - std::string description(initialAccess->promptDescription()); - // Set the label of the public key to the public key hash. - // Set the PrintName of the public key to the description in the acl. - pubDbAttributes.add(kSecKeyPrintName, description); - pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - - // Set the label of the private key to the public key hash. - // Set the PrintName of the private key to the description in the acl. - privDbAttributes.add(kSecKeyPrintName, description); - privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - - // Finally fix the acl and owner of the private key to the specified access control settings. - initialAccess->setAccess(*privateKey, maker); - - // Make the public key acl completely open - Access pubKeyAccess; - pubKeyAccess.setAccess(*publicKey, maker); - - // Create keychain items which will represent the keys. - outPublicKey = safe_cast(&(*keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId))); - outPrivateKey = safe_cast(&(*keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId))); - } - catch (...) - { - if (freePublicKey) - CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE); - if (freePrivateKey) - CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE); - - if (deleteContext) - CSSM_DeleteContext(ccHandle); - - throw; - } - - if (freePublicKey) - CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, FALSE); - if (freePrivateKey) - CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, FALSE); - - if (deleteContext) - CSSM_DeleteContext(ccHandle); -} - -KeyItem * -KeyItem::generate(Keychain keychain, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE keyUsage, - uint32 keyAttr, - SecPointer initialAccess) -{ - CssmClient::CSP appleCsp(gGuidAppleCSP); - CssmClient::CSP csp(NULL); - SSDb ssDb(NULL); - uint8 labelBytes[20]; - CssmData label(labelBytes, sizeof(labelBytes)); - bool freeKey = false; - bool deleteContext = false; - const CSSM_DATA *plabel = NULL; - KeyItem *outKey; - - if (keychain) - { - if (!keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP) - MacOSError::throwMe(errSecInvalidKeychain); - - ssDb = SSDb(safe_cast(&(*keychain->database()))); - csp = keychain->csp(); - - // Generate a random label to use initially - CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW); - random.generate(label, label.Length); - plabel = &label; - } - else - { - // Not a persistant key so create it in the regular csp - csp = appleCsp; - } - - // Create a Access::Maker for the initial owner of the private key. - ResourceControlContext *prcc = NULL, rcc; - const AccessCredentials *cred = NULL; - Access::Maker maker; - if (keychain && initialAccess) - { - memset(&rcc, 0, sizeof(rcc)); - // @@@ Potentially provide a credential argument which allows us to generate keys in the csp. Currently the CSP let's anyone do this, but we might restrict this in the future, f.e. a smartcard could require out of band pin entry before a key can be generated. - maker.initialOwner(rcc); - // Create the cred we need to manipulate the keys until we actually set a new access control for them. - cred = maker.cred(); - prcc = &rcc; - } - - CSSM_KEY cssmKey; - - CSSM_CC_HANDLE ccHandle = 0; - - try - { - CSSM_RETURN status; - if (contextHandle) - ccHandle = contextHandle; - else - { - status = CSSM_CSP_CreateKeyGenContext(csp->handle(), algorithm, keySizeInBits, NULL, NULL, NULL, NULL, NULL, &ccHandle); - if (status) - CssmError::throwMe(status); - deleteContext = true; - } - - if (ssDb) - { - CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle(); - CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle; - CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } }; - status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes); - if (status) - CssmError::throwMe(status); - - keyAttr |= CSSM_KEYATTR_PERMANENT; - } - - // Generate the key - status = CSSM_GenerateKey(ccHandle, keyUsage, keyAttr, plabel, prcc, &cssmKey); - if (status) - CssmError::throwMe(status); - - if (ssDb) - { - freeKey = true; - // Find the keys we just generated in the DL to get SecKeyRef's to them - // so we can change the label to be the hash of the public key, and - // fix up other attributes. - - // Look up key in the DLDB. - DbAttributes dbAttributes; - DbUniqueRecord uniqueId; - SSDbCursor dbCursor(ssDb, 1); - dbCursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - dbCursor->add(CSSM_DB_EQUAL, kSecKeyLabel, label); - CssmClient::Key key; - if (!dbCursor->nextKey(&dbAttributes, key, uniqueId)) - MacOSError::throwMe(errSecItemNotFound); - - // Finally fix the acl and owner of the key to the specified access control settings. - if (initialAccess) - initialAccess->setAccess(*key, maker); - - // Create keychain items which will represent the keys. - outKey = safe_cast(&(*keychain->item(CSSM_DL_DB_RECORD_SYMMETRIC_KEY, uniqueId))); - } - else - { - CssmClient::Key tempKey(csp, cssmKey); - outKey = new KeyItem(tempKey); - } - } - catch (...) - { - if (freeKey) - { - // Delete the keys if something goes wrong so we don't end up with inaccesable keys in the database. - CSSM_FreeKey(csp->handle(), cred, &cssmKey, TRUE); - } - - if (deleteContext) - CSSM_DeleteContext(ccHandle); - - throw; - } - - if (freeKey) - { - CSSM_FreeKey(csp->handle(), NULL, &cssmKey, FALSE); - } - - if (deleteContext) - CSSM_DeleteContext(ccHandle); - - return outKey; -} diff --git a/Keychain/KeyItem.h b/Keychain/KeyItem.h deleted file mode 100644 index 386c461a..00000000 --- a/Keychain/KeyItem.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// KeyItem.h -// -#ifndef _SECURITY_KEYITEM_H_ -#define _SECURITY_KEYITEM_H_ - -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class KeyItem : public ItemImpl -{ - NOCOPY(KeyItem) -public: - SECCFFUNCTIONS(KeyItem, SecKeyRef, errSecInvalidItemRef) - - // db item contstructor - KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); - - // PrimaryKey item contstructor - KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey); - - KeyItem(KeyItem &keyItem); - - KeyItem(const CssmClient::Key &key); - - virtual ~KeyItem() throw(); - - virtual void update(); - virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL); - virtual void didModify(); - - CssmClient::SSDbUniqueRecord ssDbUniqueRecord(); - CssmClient::Key &key(); - CssmClient::CSP csp(); - - const CSSM_X509_ALGORITHM_IDENTIFIER& algorithmIdentifier(); - unsigned int strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER *algid); - - const AccessCredentials *getCredentials( - CSSM_ACL_AUTHORIZATION_TAG operation, - SecCredentialType credentialType); - - static void createPair( - Keychain keychain, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE publicKeyUsage, - uint32 publicKeyAttr, - CSSM_KEYUSE privateKeyUsage, - uint32 privateKeyAttr, - SecPointer initialAccess, - SecPointer &outPublicKey, - SecPointer &outPrivateKey); - - static void importPair( - Keychain keychain, - const CSSM_KEY &publicCssmKey, - const CSSM_KEY &privateCssmKey, - SecPointer initialAccess, - SecPointer &outPublicKey, - SecPointer &outPrivateKey); - - static KeyItem *generate( - Keychain keychain, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE keyUsage, - uint32 keyAttr, - SecPointer initialAccess); - -protected: - virtual PrimaryKey add(Keychain &keychain); -private: - CssmClient::Key mKey; - const CSSM_X509_ALGORITHM_IDENTIFIER *algid; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_KEYITEM_H_ diff --git a/Keychain/Keychains.cpp b/Keychain/Keychains.cpp deleted file mode 100644 index ae053cf8..00000000 --- a/Keychain/Keychains.cpp +++ /dev/null @@ -1,702 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Keychains.cpp -// - -#include "Keychains.h" -#include "KCEventNotifier.h" - -#include "Item.h" -#include "KCCursor.h" -#include "Globals.h" -#include "Schema.h" -#include -#include -#include -#include -#include -#include - -using namespace KeychainCore; -using namespace CssmClient; - - -// -// KeychainSchemaImpl -// -KeychainSchemaImpl::KeychainSchemaImpl(const Db &db) -{ - DbCursor relations(db); - relations->recordType(CSSM_DL_DB_SCHEMA_INFO); - DbAttributes relationRecord(db, 1); - relationRecord.add(Schema::RelationID); - DbUniqueRecord outerUniqueId(db); - - while (relations->next(&relationRecord, NULL, outerUniqueId)) - { - DbUniqueRecord uniqueId(db); - - uint32 relationID = relationRecord.at(0); - if (CSSM_DB_RECORDTYPE_SCHEMA_START <= relationID && relationID < CSSM_DB_RECORDTYPE_SCHEMA_END) - continue; - - // Create a cursor on the SCHEMA_ATTRIBUTES table for records with RelationID == relationID - DbCursor attributes(db); - attributes->recordType(CSSM_DL_DB_SCHEMA_ATTRIBUTES); - attributes->add(CSSM_DB_EQUAL, Schema::RelationID, relationID); - - // Set up a record for retriving the SCHEMA_ATTRIBUTES - DbAttributes attributeRecord(db, 2); - attributeRecord.add(Schema::AttributeFormat); - attributeRecord.add(Schema::AttributeID); - attributeRecord.add(Schema::AttributeNameFormat); - - - RelationInfoMap &rim = mDatabaseInfoMap[relationID]; - while (attributes->next(&attributeRecord, NULL, uniqueId)) - { - // @@@ this if statement was blocking tags of different naming conventions - //if(CSSM_DB_ATTRIBUTE_FORMAT(attributeRecord.at(2))==CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER) - rim[attributeRecord.at(1)] = attributeRecord.at(0); - } - - // Create a cursor on the CSSM_DL_DB_SCHEMA_INDEXES table for records with RelationID == relationID - DbCursor indexes(db); - indexes->recordType(CSSM_DL_DB_SCHEMA_INDEXES); - indexes->conjunctive(CSSM_DB_AND); - indexes->add(CSSM_DB_EQUAL, Schema::RelationID, relationID); - indexes->add(CSSM_DB_EQUAL, Schema::IndexType, uint32(CSSM_DB_INDEX_UNIQUE)); - - // Set up a record for retriving the SCHEMA_INDEXES - DbAttributes indexRecord(db, 1); - indexRecord.add(Schema::AttributeID); - - CssmAutoDbRecordAttributeInfo &infos = *new CssmAutoDbRecordAttributeInfo(); - mPrimaryKeyInfoMap.insert(PrimaryKeyInfoMap::value_type(relationID, &infos)); - infos.DataRecordType = relationID; - while (indexes->next(&indexRecord, NULL, uniqueId)) - { - CssmDbAttributeInfo &info = infos.add(); - info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - info.Label.AttributeID = indexRecord.at(0); - info.AttributeFormat = rim[info.Label.AttributeID]; // @@@ Might insert bogus value if DB is corrupt - } - } -} - -KeychainSchemaImpl::~KeychainSchemaImpl() -{ - for_each_map_delete(mPrimaryKeyInfoMap.begin(), mPrimaryKeyInfoMap.end()); -} - -const KeychainSchemaImpl::RelationInfoMap & -KeychainSchemaImpl::relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const -{ - DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.find(recordType); - if (dit == mDatabaseInfoMap.end()) - MacOSError::throwMe(errSecNoSuchClass); - return dit->second; -} - -bool -KeychainSchemaImpl::hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const -{ - const RelationInfoMap &rmap = relationInfoMapFor(recordType); - RelationInfoMap::const_iterator rit = rmap.find(attributeId); - return rit != rmap.end(); -} - -CSSM_DB_ATTRIBUTE_FORMAT -KeychainSchemaImpl::attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const -{ - const RelationInfoMap &rmap = relationInfoMapFor(recordType); - RelationInfoMap::const_iterator rit = rmap.find(attributeId); - if (rit == rmap.end()) - MacOSError::throwMe(errSecNoSuchAttr); - - return rit->second; -} - -CssmDbAttributeInfo -KeychainSchemaImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const -{ - CSSM_DB_ATTRIBUTE_INFO info; - info.AttributeFormat = attributeFormatFor(recordType, attributeId); - info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - info.Label.AttributeID = attributeId; - - return info; -} - -void -KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const -{ - const RelationInfoMap &rmap = relationInfoMapFor(recordType); - - SecKeychainAttributeInfo *theList=reinterpret_cast(malloc(sizeof(SecKeychainAttributeInfo))); - - UInt32 capacity=rmap.size(); - UInt32 *tagBuf=reinterpret_cast(malloc(capacity*sizeof(UInt32))); - UInt32 *formatBuf=reinterpret_cast(malloc(capacity*sizeof(UInt32))); - UInt32 i=0; - - - for (RelationInfoMap::const_iterator rit = rmap.begin(); rit != rmap.end(); ++rit) - { - if (i>=capacity) - { - capacity *= 2; - if (capacity <= i) capacity = i + 1; - tagBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); - formatBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); - } - tagBuf[i]=rit->first; - formatBuf[i++]=rit->second; - } - - theList->count=i; - theList->tag=tagBuf; - theList->format=formatBuf; - *Info=theList; -} - - -const CssmAutoDbRecordAttributeInfo & -KeychainSchemaImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const -{ - PrimaryKeyInfoMap::const_iterator it; - it = mPrimaryKeyInfoMap.find(recordType); - - if (it == mPrimaryKeyInfoMap.end()) - MacOSError::throwMe(errSecNoSuchClass); // @@@ Not really but whatever. - - return *it->second; -} - -bool -KeychainSchemaImpl::operator <(const KeychainSchemaImpl &other) const -{ - return mDatabaseInfoMap < other.mDatabaseInfoMap; -} - -bool -KeychainSchemaImpl::operator ==(const KeychainSchemaImpl &other) const -{ - return mDatabaseInfoMap == other.mDatabaseInfoMap; -} - - -// -// KeychainImpl -// -KeychainImpl::KeychainImpl(const Db &db) -: mDb(db) -{ -} - -KeychainImpl::~KeychainImpl() throw() -{ - globals().storageManager.removeKeychain(dLDbIdentifier(), this); -} - -bool -KeychainImpl::operator ==(const KeychainImpl &keychain) const -{ - return dLDbIdentifier() == keychain.dLDbIdentifier(); -} - -KCCursor -KeychainImpl::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList) -{ - StorageManager::KeychainList keychains; - keychains.push_back(Keychain(this)); - return KCCursor(keychains, itemClass, attrList); -} - -KCCursor -KeychainImpl::createCursor(const SecKeychainAttributeList *attrList) -{ - StorageManager::KeychainList keychains; - keychains.push_back(Keychain(this)); - return KCCursor(keychains, attrList); -} - -void -KeychainImpl::create(UInt32 passwordLength, const void *inPassword) -{ - if (!inPassword) - { - create(); - return; - } - - CssmAllocator &alloc = CssmAllocator::standard(); - - // @@@ Share this instance - - const CssmData password(const_cast(inPassword), passwordLength); - AclFactory::PasswordChangeCredentials pCreds (password, alloc); - AclFactory::AnyResourceContext rcc(pCreds); - create(&rcc); -} - -void KeychainImpl::create(ConstStringPtr inPassword) -{ - if ( inPassword ) - create(static_cast(inPassword[0]), &inPassword[1]); - else - create(); -} - -void -KeychainImpl::create() -{ - AclFactory aclFactory; - AclFactory::AnyResourceContext rcc(aclFactory.unlockCred()); - create(&rcc); -} - -void -KeychainImpl::create(const ResourceControlContext *rcc) -{ - mDb->dbInfo(&Schema::DBInfo); // Set the schema (to force a create) - mDb->resourceControlContext(rcc); - try - { - mDb->create(); - } - catch (...) - { - mDb->resourceControlContext(NULL); - mDb->dbInfo(NULL); // Clear the schema (to not break an open call later) - throw; - } - mDb->resourceControlContext(NULL); - mDb->dbInfo(NULL); // Clear the schema (to not break an open call later) - globals().storageManager.created(Keychain(this)); - - KCEventNotifier::PostKeychainEvent (kSecKeychainListChangedEvent, this, NULL); -} - -void -KeychainImpl::open() -{ - mDb->open(); -} - -void -KeychainImpl::lock() -{ - mDb->lock(); -} - -void -KeychainImpl::unlock() -{ - mDb->unlock(); -} - -void -KeychainImpl::unlock(const CssmData &password) -{ - mDb->unlock(password); -} - -void -KeychainImpl::unlock(ConstStringPtr password) -{ - if (password) - { - const CssmData data(const_cast(&password[1]), password[0]); - unlock(data); - } - else - unlock(); -} - -void -KeychainImpl::getSettings(uint32 &outIdleTimeOut, bool &outLockOnSleep) -{ - mDb->getSettings(outIdleTimeOut, outLockOnSleep); -} - -void -KeychainImpl::setSettings(uint32 inIdleTimeOut, bool inLockOnSleep) -{ - mDb->setSettings(inIdleTimeOut, inLockOnSleep); -} -void -KeychainImpl::changePassphrase(UInt32 oldPasswordLength, const void *oldPassword, - UInt32 newPasswordLength, const void *newPassword) -{ - // @@@ When AutoCredentials is actually finished we should no logner use a tracking allocator. - TrackingAllocator allocator(CssmAllocator::standard()); - AutoCredentials cred = AutoCredentials(allocator); - if (oldPassword) - { - const CssmData &oldPass = *new(allocator) CssmData(const_cast(oldPassword), oldPasswordLength); - TypedList &oldList = *new(allocator) TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK); - oldList.append(new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD)); - oldList.append(new(allocator) ListElement(oldPass)); - cred += oldList; - } - - if (newPassword) - { - const CssmData &newPass = *new(allocator) CssmData(const_cast(newPassword), newPasswordLength); - TypedList &newList = *new(allocator) TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK); - newList.append(new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD)); - newList.append(new(allocator) ListElement(newPass)); - cred += newList; - } - - mDb->changePassphrase(&cred); -} - -void -KeychainImpl::changePassphrase(ConstStringPtr oldPassword, ConstStringPtr newPassword) -{ - const void *oldPtr, *newPtr; - UInt32 oldLen, newLen; - if (oldPassword) - { - oldLen = oldPassword[0]; - oldPtr = oldPassword + 1; - } - else - { - oldLen = 0; - oldPtr = NULL; - } - - if (newPassword) - { - newLen = newPassword[0]; - newPtr = newPassword + 1; - } - else - { - newLen = 0; - newPtr = NULL; - } - - changePassphrase(oldLen, oldPtr, newLen, newPtr); -} - -void -KeychainImpl::authenticate(const CSSM_ACCESS_CREDENTIALS *cred) -{ - // @@@ This should do an authenticate which is not the same as unlock. - if (!exists()) - MacOSError::throwMe(errSecNoSuchKeychain); - - MacOSError::throwMe(unimpErr); -} - -UInt32 -KeychainImpl::status() const -{ - // @@@ We should figure out the read/write status though a DL passthrough or some other way. - // @@@ Also should locked be unlocked read only or just read-only? - return (mDb->isLocked() ? 0 : kSecUnlockStateStatus | kSecWritePermStatus) | kSecReadPermStatus; -} - -bool -KeychainImpl::exists() -{ - bool exists = true; - try - { - open(); - // Ok to leave the mDb open since it will get closed when it goes away. - } - catch (const CssmError &e) - { - if (e.cssmError() != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) - throw; - exists = false; - } - - return exists; -} - -bool -KeychainImpl::isActive() const -{ - return mDb->isActive(); -} - -void -KeychainImpl::add(Item &inItem) -{ - Keychain keychain(this); - PrimaryKey primaryKey = inItem->add(keychain); - { - StLock _(mDbItemMapLock); - mDbItemMap[primaryKey] = inItem.get(); - } - - KCEventNotifier::PostKeychainEvent(kSecAddEvent, this, inItem); -} - -void -KeychainImpl::didUpdate(ItemImpl *inItemImpl, PrimaryKey &oldPK, - PrimaryKey &newPK) -{ - // Make sure we only hold mDbItemMapLock as long as we need to. - { - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(oldPK); - if (it != mDbItemMap.end() && it->second == inItemImpl) - mDbItemMap.erase(it); - mDbItemMap[newPK] = inItemImpl; - } - - KCEventNotifier::PostKeychainEvent( kSecUpdateEvent, this, inItemImpl ); -} - -void -KeychainImpl::deleteItem(Item &inoutItem) -{ - // item must be persistant. - if (!inoutItem->isPersistant()) - MacOSError::throwMe(errSecInvalidItemRef); - - DbUniqueRecord uniqueId = inoutItem->dbUniqueRecord(); - PrimaryKey primaryKey = inoutItem->primaryKey(); - uniqueId->deleteRecord(); - - // Don't kill the ref or clear the Item() since this potentially - // messes up things for the receiver of the kSecDeleteEvent notification. - //inoutItem->killRef(); - //inoutItem = Item(); - - // Post the notification for the item deletion with - // the primaryKey obtained when the item still existed - KCEventNotifier::PostKeychainEvent(kSecDeleteEvent, dLDbIdentifier(), primaryKey); -} - - -CssmClient::CSP -KeychainImpl::csp() -{ - if (!mDb->dl()->subserviceMask() & CSSM_SERVICE_CSP) - MacOSError::throwMe(errSecInvalidKeychain); - - SSDb ssDb(safe_cast(&(*mDb))); - return ssDb->csp(); -} - -PrimaryKey -KeychainImpl::makePrimaryKey(CSSM_DB_RECORDTYPE recordType, DbUniqueRecord &uniqueId) -{ - DbAttributes primaryKeyAttrs(uniqueId->database()); - primaryKeyAttrs.recordType(recordType); - gatherPrimaryKeyAttributes(primaryKeyAttrs); - uniqueId->get(&primaryKeyAttrs, NULL); - return PrimaryKey(primaryKeyAttrs); -} - -const CssmAutoDbRecordAttributeInfo & -KeychainImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) -{ - try { - return keychainSchema()->primaryKeyInfosFor(recordType); - } catch (const CssmCommonError &error) { - switch (error.cssmError()) { - case errSecNoSuchClass: - case CSSMERR_DL_INVALID_RECORDTYPE: - resetSchema(); - return keychainSchema()->primaryKeyInfosFor(recordType); - default: - throw; - } - } -} - -void KeychainImpl::gatherPrimaryKeyAttributes(DbAttributes& primaryKeyAttrs) -{ - const CssmAutoDbRecordAttributeInfo &infos = - primaryKeyInfosFor(primaryKeyAttrs.recordType()); - - // @@@ fix this to not copy info. - for (uint32 i = 0; i < infos.size(); i++) - primaryKeyAttrs.add(infos.at(i)); -} - -Item -KeychainImpl::item(const PrimaryKey& primaryKey) -{ - // @@@ This retry code isn't really the right way to do this, - // we need to redo the locking structure here in the future. - bool tried = false; - for (;;) - { - { - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(primaryKey); - if (it != mDbItemMap.end()) - { - return Item(it->second); - } - } - - try - { - // Create an item with just a primary key - return Item(this, primaryKey); - } - catch (const MacOSError &e) - { - if (tried || e.osStatus() != errSecDuplicateItem) - throw; - tried = true; - } - } -} - -Item -KeychainImpl::item(CSSM_DB_RECORDTYPE recordType, DbUniqueRecord &uniqueId) -{ - PrimaryKey primaryKey = makePrimaryKey(recordType, uniqueId); - { - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(primaryKey); - if (it != mDbItemMap.end()) - { - return Item(it->second); - } - } - - // Create a new item - return Item(this, primaryKey, uniqueId); -} - -KeychainSchema -KeychainImpl::keychainSchema() -{ - if (!mKeychainSchema) - { - // @@@ Use cache in storageManager - mKeychainSchema = KeychainSchema(mDb); - } - - return mKeychainSchema; -} - -void KeychainImpl::resetSchema() -{ - mKeychainSchema = NULL; // re-fetch it from db next time -} - - -// Called from DbItemImpl's constructor (so it is only paritally constructed), add it to the map. -void -KeychainImpl::addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl) -{ - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(primaryKey); - if (it != mDbItemMap.end()) - { - // @@@ There is a race condition here when being called in multiple threads - // We might have added an item using add and received a notification at the same time - //assert(true); - MacOSError::throwMe(errSecDuplicateItem); - //mDbItemMap.erase(it); - // @@@ What to do here? - } - - mDbItemMap.insert(DbItemMap::value_type(primaryKey, dbItemImpl)); -} - -void -KeychainImpl::didDeleteItem(const ItemImpl *inItemImpl) -{ - // Sent sent by CCallbackMgr. - secdebug("kcnotify", "%p notified that item %p was deleted", this, inItemImpl); - PrimaryKey primaryKey = inItemImpl->primaryKey(); - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(primaryKey); - if (it != mDbItemMap.end()) - mDbItemMap.erase(it); -} - -void -KeychainImpl::removeItem(const PrimaryKey &primaryKey, const ItemImpl *inItemImpl) -{ - // Sent from DbItemImpl's destructor, remove it from the map. - StLock _(mDbItemMapLock); - DbItemMap::iterator it = mDbItemMap.find(primaryKey); - if (it != mDbItemMap.end() && it->second == inItemImpl) - mDbItemMap.erase(it); -} - -void -KeychainImpl::getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info) -{ - try { - keychainSchema()->getAttributeInfoForRecordType(itemID, Info); - } catch (const CssmCommonError &error) { - switch (error.cssmError()) { - case errSecNoSuchClass: - case CSSMERR_DL_INVALID_RECORDTYPE: - resetSchema(); - keychainSchema()->getAttributeInfoForRecordType(itemID, Info); - default: - throw; - } - } -} - -void -KeychainImpl::freeAttributeInfo(SecKeychainAttributeInfo *Info) -{ - free(Info->tag); - free(Info->format); - free(Info); -} - -CssmDbAttributeInfo -KeychainImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag) -{ - try { - return keychainSchema()->attributeInfoFor(recordType, tag); - } catch (const CssmCommonError &error) { - switch (error.cssmError()) { - case errSecNoSuchClass: - case CSSMERR_DL_INVALID_RECORDTYPE: - resetSchema(); - return keychainSchema()->attributeInfoFor(recordType, tag); - default: - throw; - } - } - -} - -Keychain -Keychain::optional(SecKeychainRef handle) -{ - if (handle) - return KeychainImpl::required(handle); - else - return globals().storageManager.defaultKeychain(); -} - diff --git a/Keychain/Keychains.h b/Keychain/Keychains.h deleted file mode 100644 index 4d585c1d..00000000 --- a/Keychain/Keychains.h +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Keychains.h - The Keychain class -// -#ifndef _SECURITY_KEYCHAINS_H_ -#define _SECURITY_KEYCHAINS_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class KCCursor; -class Item; -class PrimaryKey; -class StorageManager; - - -class KeychainSchemaImpl : public RefCount -{ - NOCOPY(KeychainSchemaImpl) -public: - friend class KeychainSchema; -protected: - KeychainSchemaImpl(const CssmClient::Db &db); -public: - ~KeychainSchemaImpl(); - - CSSM_DB_ATTRIBUTE_FORMAT attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; - const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const; - - bool operator <(const KeychainSchemaImpl &other) const; - bool operator ==(const KeychainSchemaImpl &other) const; - - void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const; - CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; - bool hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; - -private: - typedef map PrimaryKeyInfoMap; - PrimaryKeyInfoMap mPrimaryKeyInfoMap; - - typedef map RelationInfoMap; - typedef map DatabaseInfoMap; - DatabaseInfoMap mDatabaseInfoMap; -private: - const RelationInfoMap &relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const; -}; - - -class KeychainSchema : public RefPointer -{ -public: - KeychainSchema() {} - KeychainSchema(KeychainSchemaImpl *impl) : RefPointer(impl) {} - KeychainSchema(const CssmClient::Db &db) : RefPointer(new KeychainSchemaImpl(db)) {} - - bool operator <(const KeychainSchema &other) const - { return ptr && other.ptr ? *ptr < *other.ptr : ptr < other.ptr; } - bool operator ==(const KeychainSchema &other) const - { return ptr && other.ptr ? *ptr == *other.ptr : ptr == other.ptr; } - -private: - typedef KeychainSchemaImpl Impl; -}; - - -class KeychainImpl : public SecCFObject -{ - NOCOPY(KeychainImpl) -public: - SECCFFUNCTIONS(KeychainImpl, SecKeychainRef, errSecInvalidKeychain) - - friend class Keychain; - friend class ItemImpl; -protected: - KeychainImpl(const CssmClient::Db &db); - -protected: - // Methods called by ItemImpl; - void didUpdate(ItemImpl *inItemImpl, PrimaryKey &oldPK, - PrimaryKey &newPK); - -public: - virtual ~KeychainImpl() throw(); - - bool operator ==(const KeychainImpl &) const; - - // Item calls - void add(Item &item); // item must not be persistant. Item will change. - void deleteItem(Item &item); // item must be persistant. - - // Keychain calls - void create(UInt32 passwordLength, const void *inPassword); - void create(ConstStringPtr inPassword); - void create(); - void create(const ResourceControlContext *rcc); - void open(); // There is no close since the client lib deals with that itself. might throw - - // Locking and unlocking a keychain. - void lock(); - void unlock(); - void unlock(const CssmData &password); - void unlock(ConstStringPtr password); // @@@ This has a length limit, we should remove it. - - void getSettings(uint32 &outIdleTimeOut, bool &outLockOnSleep); - void setSettings(uint32 inIdleTimeOut, bool inLockOnSleep); - - // Passing in NULL for either oldPassword or newPassword will cause them to be prompted for. - // To specify a zero length password in either case the oldPasswordLength or newPasswordLength - // value must be 0 and the oldPassword or newPassword must not be NULL. - void changePassphrase(UInt32 oldPasswordLength, const void *oldPassword, - UInt32 newPasswordLength, const void *newPassword); - void changePassphrase(ConstStringPtr oldPassword, ConstStringPtr newPassword); - - void authenticate(const CSSM_ACCESS_CREDENTIALS *cred); // Does not do an unlock. - - const char *name() const { return mDb->name(); } - UInt32 status() const; - bool exists(); - bool isActive() const; - - KCCursor createCursor(const SecKeychainAttributeList *attrList); - KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList); - CssmClient::Db database() { return mDb; } - DLDbIdentifier dLDbIdentifier() const { return mDb->dlDbIdentifier(); } - - CssmClient::CSP csp(); - - PrimaryKey makePrimaryKey(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId); - void gatherPrimaryKeyAttributes(CssmClient::DbAttributes& primaryKeyAttrs); - - const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType); - - Item item(const PrimaryKey& primaryKey); - Item item(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId); - - CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag); - void getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info); - static void freeAttributeInfo(SecKeychainAttributeInfo *Info); - KeychainSchema keychainSchema(); - void resetSchema(); - void didDeleteItem(const ItemImpl *inItemImpl); - -private: - void addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl); - void removeItem(const PrimaryKey &primaryKey, const ItemImpl *inItemImpl); - - CssmClient::Db mDb; - Mutex mDbItemMapLock; - typedef map DbItemMap; - DbItemMap mDbItemMap; - - KeychainSchema mKeychainSchema; -}; - - -class Keychain : public SecPointer -{ -public: - Keychain() {} - Keychain(KeychainImpl *impl) : SecPointer(impl) {} - - static Keychain optional(SecKeychainRef handle); - -private: - friend class StorageManager; - Keychain(const CssmClient::Db &db) - : SecPointer(new KeychainImpl(db)) {} - - typedef KeychainImpl Impl; -}; - - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_KEYCHAINS_H_ diff --git a/Keychain/Policies.cpp b/Keychain/Policies.cpp deleted file mode 100644 index 85006650..00000000 --- a/Keychain/Policies.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Policy.cpp - Working with Policies -// -#include - -using namespace KeychainCore; - -Policy::Policy(TP supportingTp, const CssmOid &policyOid) - : mTp(supportingTp), - mOid(CssmAllocator::standard(), policyOid), - mValue(CssmAllocator::standard()) -{ - // value is as yet unimplemented -} - -Policy::~Policy() throw() -{ -} - -bool Policy::operator < (const Policy& other) const -{ - //@@@ inefficient - return oid() < other.oid() || - oid() == other.oid() && value() < other.value(); -} - -bool Policy::operator == (const Policy& other) const -{ - return oid() == other.oid() && value() == other.value(); -} diff --git a/Keychain/Policies.h b/Keychain/Policies.h deleted file mode 100644 index 4ea7cfc3..00000000 --- a/Keychain/Policies.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Policies.h -// -#ifndef _SECURITY_POLICY_H_ -#define _SECURITY_POLICY_H_ - -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -using namespace CssmClient; - -// -// A Policy[Impl] represents a particular -// CSSM "policy" managed by a particular TP. -// -class Policy : public SecCFObject -{ - NOCOPY(Policy) -public: - SECCFFUNCTIONS(Policy, SecPolicyRef, errSecInvalidItemRef) - - Policy(TP supportingTp, const CssmOid &policyOid); - -public: - virtual ~Policy() throw(); - - TP &tp() { return mTp; } - const TP &tp() const { return mTp; } - const CssmOid &oid() const { return mOid; } - const CssmData &value() const { return mValue; } - CssmOwnedData &value() { return mValue; } - - bool operator < (const Policy& other) const; - bool operator == (const Policy& other) const; - -private: - TP mTp; // TP module for this Policy - CssmAutoData mOid; // OID for this policy - CssmAutoData mValue; // value for this policy -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_POLICY_H_ diff --git a/Keychain/PolicyCursor.cpp b/Keychain/PolicyCursor.cpp deleted file mode 100644 index 8532f1c5..00000000 --- a/Keychain/PolicyCursor.cpp +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// PolicyCursor.cpp -// -#include -#include -#include -#include - -using namespace KeychainCore; -using namespace CssmClient; - - -// -// This preliminary implementation bypasses MDS and uses -// a fixed set of policies known to exist in the one known TP. -// -struct TheOneTP : public TP { - TheOneTP() : TP(gGuidAppleX509TP) { } -}; - -static ModuleNexus theOneTP; -static const CssmOid *theOidList[] = { - static_cast(&CSSMOID_APPLE_ISIGN), - static_cast(&CSSMOID_APPLE_X509_BASIC), - static_cast(&CSSMOID_APPLE_TP_SSL), - static_cast(&CSSMOID_APPLE_TP_SMIME), - static_cast(&CSSMOID_APPLE_TP_EAP), - static_cast(&CSSMOID_APPLE_TP_REVOCATION_CRL), - NULL // sentinel -}; - - -// -// Canonical Construction -// -PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value) - : mOid(CssmAllocator::standard()), mOidGiven(false) -{ - if (oid) { - mOid = CssmOid::required(oid); - mOidGiven = true; - } - mSearchPos = 0; -} - - -// -// Destroy -// -PolicyCursor::~PolicyCursor() throw() -{ -} - - -// -// Crank the iterator -// -bool PolicyCursor::next(SecPointer &policy) -{ - while (theOidList[mSearchPos]) { - if (mOidGiven && mOid != *theOidList[mSearchPos]) { - mSearchPos++; - continue; // no oid match - } - // ignoring mValue - not used by current TP - policy = new Policy(theOneTP(), *theOidList[mSearchPos]); - mSearchPos++; // advance cursor - return true; // return next match - } - return false; // end of table, no more matches -} diff --git a/Keychain/PolicyCursor.h b/Keychain/PolicyCursor.h deleted file mode 100644 index 7cd349ba..00000000 --- a/Keychain/PolicyCursor.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// PolicyCursor.h -// -#ifndef _SECURITY_POLICYCURSOR_H_ -#define _SECURITY_POLICYCURSOR_H_ - -#include -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class Policy; - -class PolicyCursor : public SecCFObject -{ - NOCOPY(PolicyCursor) -public: - SECCFFUNCTIONS(PolicyCursor, SecPolicySearchRef, errSecInvalidSearchRef) - - PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value); - virtual ~PolicyCursor() throw(); - bool next(SecPointer &policy); - -private: - //CFArrayRef mKeychainSearchList; - //SecKeyUsage mKeyUsage; - //SecPolicyRef mPolicy; - CssmAutoData mOid; - bool mOidGiven; - // value ignored (for now?) - -#if 1 // quick version -- using built-in policy list - - int mSearchPos; // next untried table entry - -#else // MDS version -- later - bool mFirstLookup; - - // - // Initialization - // - MDS_HANDLE mMdsHand; - CSSM_DB_HANDLE mDbHand; - // - // Used for searching (lookups) - // - MDS_DB_HANDLE mObjDlDb; - MDS_DB_HANDLE mCdsaDlDb; - MDS_FUNCS* mMdsFuncs; -#endif -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_POLICYCURSOR_H_ diff --git a/Keychain/PrimaryKey.cpp b/Keychain/PrimaryKey.cpp deleted file mode 100644 index b2a04a5d..00000000 --- a/Keychain/PrimaryKey.cpp +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// PrimaryKey.cpp -// - -#include "PrimaryKey.h" - -using namespace KeychainCore; -using namespace CssmClient; - - -PrimaryKeyImpl::PrimaryKeyImpl(const CSSM_DATA &data) -: CssmDataContainer(data.Data, data.Length) -{ - -//@@@ do bounds checking here, throw if invalid - -} - -PrimaryKeyImpl::PrimaryKeyImpl(const DbAttributes &primaryKeyAttrs) -{ - Length = sizeof(uint32); - for (uint32 ix = 0; ix < primaryKeyAttrs.size(); ++ix) - { - if (primaryKeyAttrs.at(ix).size() == 0) - MacOSError::throwMe(errSecInvalidKeychain); - - Length += sizeof(uint32) + primaryKeyAttrs.at(ix).Value[0].Length; - } - - // Careful with exceptions - Data = mAllocator.alloc(Length); - uint8 *p = Data; - - putUInt32(p, primaryKeyAttrs.recordType()); - for (uint32 ix = 0; ix < primaryKeyAttrs.size(); ++ix) - { - uint32 len = primaryKeyAttrs.at(ix).Value[0].Length; - putUInt32(p, len); - memcpy(p, primaryKeyAttrs.at(ix).Value[0].Data, len); - p += len; - } -} - -CssmClient::DbCursor -PrimaryKeyImpl::createCursor(const Keychain &keychain) -{ - DbCursor cursor(keychain->database()); - - // @@@ Set up cursor to find item with this. - uint8 *p = Data; - uint32 left = Length; - if (left < sizeof(*p)) - MacOSError::throwMe(errSecNoSuchAttr); // XXX Not really but whatever. - - CSSM_DB_RECORDTYPE rt = getUInt32(p, left); - const CssmAutoDbRecordAttributeInfo &infos = keychain->primaryKeyInfosFor(rt); - - cursor->recordType(rt); - cursor->conjunctive(CSSM_DB_AND); - for (uint32 ix = 0; ix < infos.size(); ++ix) - { - uint32 len = getUInt32(p, left); - - if (left < len) - MacOSError::throwMe(errSecNoSuchAttr); // XXX Not really but whatever. - - CssmData value(p, len); - left -= len; - p += len; - - cursor->add(CSSM_DB_EQUAL, infos.at(ix), value); - } - - return cursor; -} - - -void -PrimaryKeyImpl::putUInt32(uint8 *&p, uint32 value) -{ - *p++ = (value >> 24); - *p++ = (value >> 16) & 0xff; - *p++ = (value >> 8) & 0xff; - *p++ = value & 0xff; -} - -uint32 -PrimaryKeyImpl::getUInt32(uint8 *&p, uint32 &left) const -{ - if (left < sizeof(uint32)) - MacOSError::throwMe(errSecNoSuchAttr); // XXX Not really but whatever. - - - // @@@ Assumes data written in big endian. - uint32 value = (p[0] << 24) + (p[1] << 16) + (p[2] << 8) + p[3]; - p += sizeof(uint32); - left -= sizeof(uint32); - return value; -} - - - -CSSM_DB_RECORDTYPE -PrimaryKeyImpl::recordType() const -{ - uint8 *data = Data; - uint32 length = Length; - return getUInt32(data, length); -} diff --git a/Keychain/PrimaryKey.h b/Keychain/PrimaryKey.h deleted file mode 100644 index 16d9046a..00000000 --- a/Keychain/PrimaryKey.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// PrimaryKey.h -// -#ifndef _SECURITY_PRIMARYKEY_H_ -#define _SECURITY_PRIMARYKEY_H_ - -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class PrimaryKeyImpl : public CssmDataContainer -{ -public: - PrimaryKeyImpl(const CSSM_DATA &data); - PrimaryKeyImpl(const CssmClient::DbAttributes &primaryKeyAttrs); - ~PrimaryKeyImpl() {} - - void putUInt32(uint8 *&p, uint32 value); - uint32 getUInt32(uint8 *&p, uint32 &left) const; - - CssmClient::DbCursor createCursor(const Keychain &keychain); - - CSSM_DB_RECORDTYPE recordType() const; -private: -}; - - -class PrimaryKey : public RefPointer -{ -public: - PrimaryKey() {} - PrimaryKey(PrimaryKeyImpl *impl) : RefPointer(impl) {} - PrimaryKey(const CSSM_DATA &data) - : RefPointer(new PrimaryKeyImpl(data)) {} - PrimaryKey(const CssmClient::DbAttributes &primaryKeyAttrs) - : RefPointer(new PrimaryKeyImpl(primaryKeyAttrs)) {} - - bool operator <(const PrimaryKey &other) const { return **this < *other; } -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_PRIMARYKEY_H_ diff --git a/Keychain/RootCertBlobs.h b/Keychain/RootCertBlobs.h deleted file mode 100644 index 69a6ec2b..00000000 --- a/Keychain/RootCertBlobs.h +++ /dev/null @@ -1,1413 +0,0 @@ -// This file is automatically generated, temporary, and ugly. -// Don't even THINK of editing this. -static const unsigned char cert_0 [] = { -0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5f,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, -0x00,0x00,0xb9,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x30,0x5a,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, -0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, -0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, -0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, -0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, -0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e, -0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5a,0x17, -0x0d,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x5a, -0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30, -0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72, -0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65, -0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13, -0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72, -0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01, -0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa3,0x04,0xbb,0x22,0xab, -0x98,0x3d,0x57,0xe8,0x26,0x72,0x9a,0xb5,0x79,0xd4,0x29,0xe2,0xe1,0xe8,0x95,0x80, -0xb1,0xb0,0xe3,0x5b,0x8e,0x2b,0x29,0x9a,0x64,0xdf,0xa1,0x5d,0xed,0xb0,0x09,0x05, -0x6d,0xdb,0x28,0x2e,0xce,0x62,0xa2,0x62,0xfe,0xb4,0x88,0xda,0x12,0xeb,0x38,0xeb, -0x21,0x9d,0xc0,0x41,0x2b,0x01,0x52,0x7b,0x88,0x77,0xd3,0x1c,0x8f,0xc7,0xba,0xb9, -0x88,0xb5,0x6a,0x09,0xe7,0x73,0xe8,0x11,0x40,0xa7,0xd1,0xcc,0xca,0x62,0x8d,0x2d, -0xe5,0x8f,0x0b,0xa6,0x50,0xd2,0xa8,0x50,0xc3,0x28,0xea,0xf5,0xab,0x25,0x87,0x8a, -0x9a,0x96,0x1c,0xa9,0x67,0xb8,0x3f,0x0c,0xd5,0xf7,0xf9,0x52,0x13,0x2f,0xc2,0x1b, -0xd5,0x70,0x70,0xf0,0x8f,0xc0,0x12,0xca,0x06,0xcb,0x9a,0xe1,0xd9,0xca,0x33,0x7a, -0x77,0xd6,0xf8,0xec,0xb9,0xf1,0x68,0x44,0x42,0x48,0x13,0xd2,0xc0,0xc2,0xa4,0xae, -0x5e,0x60,0xfe,0xb6,0xa6,0x05,0xfc,0xb4,0xdd,0x07,0x59,0x02,0xd4,0x59,0x18,0x98, -0x63,0xf5,0xa5,0x63,0xe0,0x90,0x0c,0x7d,0x5d,0xb2,0x06,0x7a,0xf3,0x85,0xea,0xeb, -0xd4,0x03,0xae,0x5e,0x84,0x3e,0x5f,0xff,0x15,0xed,0x69,0xbc,0xf9,0x39,0x36,0x72, -0x75,0xcf,0x77,0x52,0x4d,0xf3,0xc9,0x90,0x2c,0xb9,0x3d,0xe5,0xc9,0x23,0x53,0x3f, -0x1f,0x24,0x98,0x21,0x5c,0x07,0x99,0x29,0xbd,0xc6,0x3a,0xec,0xe7,0x6e,0x86,0x3a, -0x6b,0x97,0x74,0x63,0x33,0xbd,0x68,0x18,0x31,0xf0,0x78,0x8d,0x76,0xbf,0xfc,0x9e, -0x8e,0x5d,0x2a,0x86,0xa7,0x4d,0x90,0xdc,0x27,0x1a,0x39,0x02,0x03,0x01,0x00,0x01, -0xa3,0x45,0x30,0x43,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xe5, -0x9d,0x59,0x30,0x82,0x47,0x58,0xcc,0xac,0xfa,0x08,0x54,0x36,0x86,0x7b,0x3a,0xb5, -0x04,0x4d,0xf0,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30, -0x06,0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, -0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, -0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0c,0x5d,0x8e,0xe4, -0x6f,0x51,0x68,0x42,0x05,0xa0,0xdd,0xbb,0x4f,0x27,0x25,0x84,0x03,0xbd,0xf7,0x64, -0xfd,0x2d,0xd7,0x30,0xe3,0xa4,0x10,0x17,0xeb,0xda,0x29,0x29,0xb6,0x79,0x3f,0x76, -0xf6,0x19,0x13,0x23,0xb8,0x10,0x0a,0xf9,0x58,0xa4,0xd4,0x61,0x70,0xbd,0x04,0x61, -0x6a,0x12,0x8a,0x17,0xd5,0x0a,0xbd,0xc5,0xbc,0x30,0x7c,0xd6,0xe9,0x0c,0x25,0x8d, -0x86,0x40,0x4f,0xec,0xcc,0xa3,0x7e,0x38,0xc6,0x37,0x11,0x4f,0xed,0xdd,0x68,0x31, -0x8e,0x4c,0xd2,0xb3,0x01,0x74,0xee,0xbe,0x75,0x5e,0x07,0x48,0x1a,0x7f,0x70,0xff, -0x16,0x5c,0x84,0xc0,0x79,0x85,0xb8,0x05,0xfd,0x7f,0xbe,0x65,0x11,0xa3,0x0f,0xc0, -0x02,0xb4,0xf8,0x52,0x37,0x39,0x04,0xd5,0xa9,0x31,0x7a,0x18,0xbf,0xa0,0x2a,0xf4, -0x12,0x99,0xf7,0xa3,0x45,0x82,0xe3,0x3c,0x5e,0xf5,0x9d,0x9e,0xb5,0xc8,0x9e,0x7c, -0x2e,0xc8,0xa4,0x9e,0x4e,0x08,0x14,0x4b,0x6d,0xfd,0x70,0x6d,0x6b,0x1a,0x63,0xbd, -0x64,0xe6,0x1f,0xb7,0xce,0xf0,0xf2,0x9f,0x2e,0xbb,0x1b,0xb7,0xf2,0x50,0x88,0x73, -0x92,0xc2,0xe2,0xe3,0x16,0x8d,0x9a,0x32,0x02,0xab,0x8e,0x18,0xdd,0xe9,0x10,0x11, -0xee,0x7e,0x35,0xab,0x90,0xaf,0x3e,0x30,0x94,0x7a,0xd0,0x33,0x3d,0xa7,0x65,0x0f, -0xf5,0xfc,0x8e,0x9e,0x62,0xcf,0x47,0x44,0x2c,0x01,0x5d,0xbb,0x1d,0xb5,0x32,0xd2, -0x47,0xd2,0x38,0x2e,0xd0,0xfe,0x81,0xdc,0x32,0x6a,0x1e,0xb5,0xee,0x3c,0xd5,0xfc, -0xe7,0x81,0x1d,0x19,0xc3,0x24,0x42,0xea,0x63,0x39,0xa9,}; -static const unsigned char cert_1 [] = { -0x30,0x82,0x03,0xa6,0x30,0x82,0x02,0x8e,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, -0x00,0x00,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x30,0x67,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, -0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, -0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, -0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03, -0x55,0x04,0x03,0x13,0x26,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, -0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53, -0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30, -0x30,0x30,0x35,0x31,0x37,0x31,0x34,0x30,0x31,0x30,0x30,0x5a,0x17,0x0d,0x32,0x35, -0x30,0x35,0x31,0x37,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x67,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03, -0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13, -0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72, -0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,0x04,0x03,0x13,0x26,0x42,0x61, -0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75, -0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20, -0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, -0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, -0x02,0x82,0x01,0x01,0x00,0xc8,0x71,0x9a,0x18,0x12,0x8e,0x7a,0xdb,0xf9,0x9a,0xfc, -0x41,0xaf,0xd8,0xf2,0xf4,0x09,0x8e,0xad,0x3f,0xfe,0x67,0x37,0x3c,0xda,0xc9,0x26, -0x50,0xb1,0xb1,0x3e,0xcb,0xe8,0x4e,0x73,0x00,0xf2,0xb2,0xdc,0xf3,0xc5,0x46,0xfb, -0x09,0xef,0x18,0x96,0xce,0xa7,0xe0,0x9c,0x84,0x5d,0x20,0x0e,0x7a,0xa0,0xaa,0x36, -0x8b,0xfa,0x28,0xb6,0x78,0x2e,0xb3,0xec,0xe8,0x47,0xf3,0x04,0xf0,0x90,0x23,0xb4, -0xea,0xaf,0xe5,0x53,0xb8,0x05,0xf7,0x47,0x5d,0x2b,0x86,0xf1,0xa7,0xa4,0xc6,0x3b, -0x35,0xb6,0xd2,0x0d,0x52,0x41,0xd7,0xf4,0x92,0x75,0xe1,0xa2,0x0a,0x50,0x56,0x87, -0xbe,0x97,0x0b,0x7b,0x33,0x85,0x10,0xb9,0x28,0x18,0xee,0x33,0xea,0x48,0x11,0xd7, -0x5b,0x91,0x47,0x76,0x22,0xd4,0xee,0xcf,0x5d,0xe7,0xa8,0x4e,0x1c,0x9d,0x96,0x91, -0xdd,0x9c,0xbd,0x74,0x09,0xa8,0x72,0x61,0xaa,0xb0,0x21,0x3a,0xf1,0x3d,0x2c,0x03, -0x56,0x09,0xd2,0xc1,0xdc,0xc3,0xb5,0xc7,0x54,0x37,0xab,0xe6,0x26,0xa2,0xb2,0x46, -0x71,0x73,0xca,0x11,0x88,0xee,0xbc,0xe7,0x64,0xf7,0xd0,0x11,0x1a,0x73,0x40,0x5a, -0xc8,0x49,0x2c,0x0f,0xb7,0xef,0x90,0x7f,0x68,0x80,0x04,0x38,0x0b,0x1b,0x0f,0x3b, -0xd4,0xf5,0xa0,0xb3,0xc2,0x8e,0xe1,0x34,0xb4,0x80,0x99,0x6d,0x9e,0x76,0xd4,0x92, -0x29,0x40,0xb1,0x95,0xd2,0x37,0xa4,0x67,0x12,0x7f,0xe0,0x62,0xbb,0xae,0x35,0xc5, -0x99,0x36,0x82,0x44,0xb8,0xe6,0x78,0x18,0x33,0x61,0x71,0x93,0x5b,0x2d,0x8d,0x9f, -0x78,0x95,0x82,0xeb,0x6d,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x13, -0x06,0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05, -0x07,0x03,0x03,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc8,0x41, -0x34,0x5c,0x15,0x15,0x04,0xe5,0x40,0xf2,0xd1,0xab,0x9a,0x6f,0x24,0x92,0x7a,0x87, -0x42,0x5a,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06, -0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff, -0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x52,0x74,0xaa,0x95,0x4b,0x22, -0x8c,0xc7,0x3d,0x96,0xa4,0xfe,0x5d,0xfa,0x2f,0xb5,0xbc,0xeb,0xf0,0x0b,0xe9,0x56, -0x38,0x1d,0xd1,0x6d,0x0d,0xa1,0xbc,0x68,0x8b,0xf0,0xc5,0x80,0xa5,0x24,0x34,0xfd, -0xf2,0x96,0x18,0x11,0x86,0xa1,0x36,0xf5,0x37,0xe7,0x54,0x40,0xd5,0x64,0x1f,0xc3, -0x5f,0x70,0x42,0x6b,0x2d,0x39,0xc7,0x9e,0x52,0x05,0xce,0xe7,0x6a,0x72,0xd2,0x8d, -0x72,0x3f,0x47,0x50,0x83,0xab,0xc7,0x8d,0x25,0xc9,0xb0,0xe3,0xa7,0x53,0x16,0x95, -0xa6,0x6a,0x53,0xea,0x18,0x9d,0x8f,0x78,0xa9,0x77,0x77,0x1a,0xf9,0xb4,0x97,0x47, -0x59,0x88,0x27,0x28,0xb5,0xca,0xe1,0x2e,0xd7,0x3e,0x0e,0xa2,0x0d,0xb8,0x22,0x44, -0x03,0xe3,0xd1,0x63,0xb0,0x41,0x3a,0xa1,0xf5,0xa4,0x2d,0xf7,0x76,0x1e,0x04,0x54, -0x99,0x78,0x32,0x40,0xd7,0x2b,0x7c,0x4d,0xba,0xa6,0x9c,0xb0,0x79,0x6e,0x07,0xbe, -0x8c,0xec,0xee,0xd7,0x38,0x69,0x5b,0xc1,0x0c,0x56,0x68,0x9f,0xfe,0xeb,0xd1,0xe1, -0xc8,0x88,0xf9,0xf2,0xcd,0x7f,0xbe,0x85,0xb4,0x44,0x67,0x00,0x50,0x3e,0xf4,0x26, -0x03,0x64,0xea,0x77,0x7d,0xe8,0x5e,0x3e,0x1c,0x37,0x47,0xc8,0xd6,0xea,0xa4,0xf3, -0x36,0x3c,0x97,0xc2,0x39,0x72,0x05,0x94,0x19,0x25,0xc3,0xd7,0x37,0x41,0x0f,0xc1, -0x1f,0x87,0x8a,0xfd,0xaa,0xbe,0xe9,0xb1,0x64,0x57,0xe4,0xdb,0x92,0xa1,0xcf,0xe1, -0x49,0xe8,0x3b,0x1f,0x91,0x13,0x5a,0xc3,0x8f,0xd9,0x25,0x58,0x49,0x80,0x47,0x0f, -0xc6,0x03,0xae,0xac,0xe3,0xbf,0xb7,0xc0,0xaa,0x2a,}; -static const unsigned char cert_2 [] = { -0x30,0x82,0x02,0x7d,0x30,0x82,0x01,0xe6,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, -0x00,0x00,0xb8,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, -0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, -0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, -0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30,0x27,0x06,0x03, -0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, -0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62,0x69,0x6c,0x65, -0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31, -0x38,0x32,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x30,0x35,0x31,0x32,0x32,0x33, -0x35,0x39,0x30,0x30,0x5a,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06, -0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42, -0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, -0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30, -0x27,0x06,0x03,0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72, -0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62, -0x69,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a, -0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81, -0x89,0x02,0x81,0x81,0x00,0xa3,0x6d,0xb1,0x38,0x56,0xac,0xfc,0xb5,0x56,0x21,0xde, -0xc0,0x90,0x5d,0x26,0x47,0x82,0xc6,0x7d,0x8f,0x1f,0xa0,0x85,0x8f,0x2f,0xbb,0xd4, -0xe1,0x1c,0x1d,0xf2,0x24,0x1f,0x28,0xb0,0x2f,0xb9,0xa4,0xa5,0x6f,0xa2,0x22,0x20, -0x64,0xfe,0x84,0x47,0x3c,0x7e,0x2b,0x6c,0x69,0x6a,0xb8,0xd4,0xc0,0x96,0x8e,0x8c, -0x52,0x0d,0xcd,0x6f,0x41,0xd4,0xbf,0x04,0xae,0xa7,0x81,0x2f,0x2d,0x98,0x48,0xd2, -0xc1,0x94,0xa3,0xb5,0x19,0x5d,0x5d,0x51,0x64,0xf4,0x8e,0x41,0xb0,0x9b,0xc0,0x2d, -0x22,0xa0,0x5e,0xc6,0xd8,0x5a,0x12,0x63,0xbc,0x11,0x4a,0x5e,0x26,0x12,0x1d,0xe2, -0x26,0x05,0xe6,0x0f,0x5f,0x22,0x1f,0x7a,0x5f,0x76,0x94,0xae,0xcf,0x5a,0x28,0x0e, -0xab,0x45,0xda,0x22,0x31,0x02,0x03,0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x1d, -0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc9,0xe2,0x8f,0xc0,0x02,0x26,0x5a, -0xb6,0xc0,0x07,0xe3,0x7f,0x94,0x07,0x18,0xdb,0x2e,0xa5,0x9a,0x70,0x30,0x0f,0x06, -0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e, -0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81, -0x00,0x53,0x08,0x0b,0x26,0x09,0x78,0x42,0x73,0xd4,0xec,0x7a,0x77,0x47,0x0d,0xe3, -0x0b,0x33,0x71,0xef,0xae,0x33,0x14,0x4d,0xfb,0xfa,0xfd,0x1a,0xb7,0x51,0xf5,0xe4, -0x99,0x1c,0x06,0x71,0xd7,0x29,0x19,0xd7,0xe6,0x15,0x20,0x51,0x51,0x46,0x6d,0x4f, -0xde,0x18,0x49,0x98,0xd0,0xf8,0x78,0xbb,0x71,0xe8,0x8d,0x01,0x06,0xd5,0xd7,0x64, -0x8f,0x94,0xdf,0x47,0xfe,0xa0,0x85,0x69,0x36,0xa9,0x2f,0x42,0x7a,0x68,0x4a,0x12, -0xd6,0x8b,0x0b,0x70,0x44,0x0a,0xa4,0x04,0xef,0x26,0x88,0xc1,0x35,0x71,0x38,0x5d, -0x1b,0x5b,0x48,0x42,0xf0,0xe7,0x94,0x1c,0x70,0x95,0x34,0xa8,0xab,0xf5,0xab,0xe2, -0x78,0xad,0xf5,0xf0,0x52,0xfd,0x9b,0xea,0x42,0x0c,0xe8,0xd8,0x54,0xbe,0x53,0x66, -0xf5,}; -static const unsigned char cert_3 [] = { -0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x4c,0xc7,0xea,0xaa,0x98,0x3e, -0x71,0xd3,0x93,0x10,0xf8,0x3d,0x3a,0x89,0x91,0x92,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, -0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, -0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, -0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, -0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, -0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, -0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, -0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, -0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, -0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, -0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, -0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, -0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, -0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, -0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, -0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, -0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, -0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, -0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xaa,0xd0, -0xba,0xbe,0x16,0x2d,0xb8,0x83,0xd4,0xca,0xd2,0x0f,0xbc,0x76,0x31,0xca,0x94,0xd8, -0x1d,0x93,0x8c,0x56,0x02,0xbc,0xd9,0x6f,0x1a,0x6f,0x52,0x36,0x6e,0x75,0x56,0x0a, -0x55,0xd3,0xdf,0x43,0x87,0x21,0x11,0x65,0x8a,0x7e,0x8f,0xbd,0x21,0xde,0x6b,0x32, -0x3f,0x1b,0x84,0x34,0x95,0x05,0x9d,0x41,0x35,0xeb,0x92,0xeb,0x96,0xdd,0xaa,0x59, -0x3f,0x01,0x53,0x6d,0x99,0x4f,0xed,0xe5,0xe2,0x2a,0x5a,0x90,0xc1,0xb9,0xc4,0xa6, -0x15,0xcf,0xc8,0x45,0xeb,0xa6,0x5d,0x8e,0x9c,0x3e,0xf0,0x64,0x24,0x76,0xa5,0xcd, -0xab,0x1a,0x6f,0xb6,0xd8,0x7b,0x51,0x61,0x6e,0xa6,0x7f,0x87,0xc8,0xe2,0xb7,0xe5, -0x34,0xdc,0x41,0x88,0xea,0x09,0x40,0xbe,0x73,0x92,0x3d,0x6b,0xe7,0x75,0x02,0x03, -0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x03,0x81,0x81,0x00,0xa9,0x4f,0xc3,0x0d,0xc7,0x67,0xbe,0x2c,0xcb,0xd9, -0xa8,0xcd,0x2d,0x75,0xe7,0x7e,0x15,0x9e,0x3b,0x72,0xeb,0x7e,0xeb,0x5c,0x2d,0x09, -0x87,0xd6,0x6b,0x6d,0x60,0x7c,0xe5,0xae,0xc5,0x90,0x23,0x0c,0x5c,0x4a,0xd0,0xaf, -0xb1,0x5d,0xf3,0xc7,0xb6,0x0a,0xdb,0xe0,0x15,0x93,0x0d,0xdd,0x03,0xbc,0xc7,0x76, -0x8a,0xb5,0xdd,0x4f,0xc3,0x9b,0x13,0x75,0xb8,0x01,0xc0,0xe6,0xc9,0x5b,0x6b,0xa5, -0xb8,0x89,0xdc,0xac,0xa4,0xdd,0x72,0xed,0x4e,0xa1,0xf7,0x4f,0xbc,0x06,0xd3,0xea, -0xc8,0x64,0x74,0x7b,0xc2,0x95,0x41,0x9c,0x65,0x73,0x58,0xf1,0x90,0x9a,0x3c,0x6a, -0xb1,0x98,0xc9,0xc4,0x87,0xbc,0xcf,0x45,0x6d,0x45,0xe2,0x6e,0x22,0x3f,0xfe,0xbc, -0x0f,0x31,0x5c,0xe8,0xf2,0xd9,}; -static const unsigned char cert_4 [] = { -0x30,0x82,0x03,0x03,0x30,0x82,0x02,0x6c,0x02,0x11,0x00,0xb9,0x2f,0x60,0xcc,0x88, -0x9f,0xa1,0x7a,0x46,0x09,0xb8,0x5b,0x70,0x6c,0x8a,0xaf,0x30,0x0d,0x06,0x09,0x2a, -0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, -0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c, -0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69, -0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, -0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47, -0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20, -0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, -0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72, -0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30, -0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17, -0x0d,0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81, -0xc1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, -0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67, -0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b, -0x13,0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63, -0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69, -0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79, -0x20,0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31, -0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67, -0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75, -0x74,0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c, -0x79,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69, -0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f, -0x72,0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xa7, -0x88,0x01,0x21,0x74,0x2c,0xe7,0x1a,0x03,0xf0,0x98,0xe1,0x97,0x3c,0x0f,0x21,0x08, -0xf1,0x9c,0xdb,0x97,0xe9,0x9a,0xfc,0xc2,0x04,0x06,0x13,0xbe,0x5f,0x52,0xc8,0xcc, -0x1e,0x2c,0x12,0x56,0x2c,0xb8,0x01,0x69,0x2c,0xcc,0x99,0x1f,0xad,0xb0,0x96,0xae, -0x79,0x04,0xf2,0x13,0x39,0xc1,0x7b,0x98,0xba,0x08,0x2c,0xe8,0xc2,0x84,0x13,0x2c, -0xaa,0x69,0xe9,0x09,0xf4,0xc7,0xa9,0x02,0xa4,0x42,0xc2,0x23,0x4f,0x4a,0xd8,0xf0, -0x0e,0xa2,0xfb,0x31,0x6c,0xc9,0xe6,0x6f,0x99,0x27,0x07,0xf5,0xe6,0xf4,0x4c,0x78, -0x9e,0x6d,0xeb,0x46,0x86,0xfa,0xb9,0x86,0xc9,0x54,0xf2,0xb2,0xc4,0xaf,0xd4,0x46, -0x1c,0x5a,0xc9,0x15,0x30,0xff,0x0d,0x6c,0xf5,0x2d,0x0e,0x6d,0xce,0x7f,0x77,0x02, -0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x72,0x2e,0xf9,0x7f,0xd1,0xf1,0x71,0xfb,0xc4, -0x9e,0xf6,0xc5,0x5e,0x51,0x8a,0x40,0x98,0xb8,0x68,0xf8,0x9b,0x1c,0x83,0xd8,0xe2, -0x9d,0xbd,0xff,0xed,0xa1,0xe6,0x66,0xea,0x2f,0x09,0xf4,0xca,0xd7,0xea,0xa5,0x2b, -0x95,0xf6,0x24,0x60,0x86,0x4d,0x44,0x2e,0x83,0xa5,0xc4,0x2d,0xa0,0xd3,0xae,0x78, -0x69,0x6f,0x72,0xda,0x6c,0xae,0x08,0xf0,0x63,0x92,0x37,0xe6,0xbb,0xc4,0x30,0x17, -0xad,0x77,0xcc,0x49,0x35,0xaa,0xcf,0xd8,0x8f,0xd1,0xbe,0xb7,0x18,0x96,0x47,0x73, -0x6a,0x54,0x22,0x34,0x64,0x2d,0xb6,0x16,0x9b,0x59,0x5b,0xb4,0x51,0x59,0x3a,0xb3, -0x0b,0x14,0xf4,0x12,0xdf,0x67,0xa0,0xf4,0xad,0x32,0x64,0x5e,0xb1,0x46,0x72,0x27, -0x8c,0x12,0x7b,0xc5,0x44,0xb4,0xae,}; -static const unsigned char cert_5 [] = { -0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x7d,0xd9,0xfe,0x07,0xcf,0xa8, -0x1e,0xb7,0x10,0x79,0x67,0xfb,0xa7,0x89,0x34,0xc6,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, -0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, -0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, -0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, -0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, -0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, -0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, -0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, -0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, -0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, -0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, -0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, -0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, -0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, -0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, -0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, -0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, -0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, -0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xcc,0x5e, -0xd1,0x11,0x5d,0x5c,0x69,0xd0,0xab,0xd3,0xb9,0x6a,0x4c,0x99,0x1f,0x59,0x98,0x30, -0x8e,0x16,0x85,0x20,0x46,0x6d,0x47,0x3f,0xd4,0x85,0x20,0x84,0xe1,0x6d,0xb3,0xf8, -0xa4,0xed,0x0c,0xf1,0x17,0x0f,0x3b,0xf9,0xa7,0xf9,0x25,0xd7,0xc1,0xcf,0x84,0x63, -0xf2,0x7c,0x63,0xcf,0xa2,0x47,0xf2,0xc6,0x5b,0x33,0x8e,0x64,0x40,0x04,0x68,0xc1, -0x80,0xb9,0x64,0x1c,0x45,0x77,0xc7,0xd8,0x6e,0xf5,0x95,0x29,0x3c,0x50,0xe8,0x34, -0xd7,0x78,0x1f,0xa8,0xba,0x6d,0x43,0x91,0x95,0x8f,0x45,0x57,0x5e,0x7e,0xc5,0xfb, -0xca,0xa4,0x04,0xeb,0xea,0x97,0x37,0x54,0x30,0x6f,0xbb,0x01,0x47,0x32,0x33,0xcd, -0xdc,0x57,0x9b,0x64,0x69,0x61,0xf8,0x9b,0x1d,0x1c,0x89,0x4f,0x5c,0x67,0x02,0x03, -0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x03,0x81,0x81,0x00,0x51,0x4d,0xcd,0xbe,0x5c,0xcb,0x98,0x19,0x9c,0x15, -0xb2,0x01,0x39,0x78,0x2e,0x4d,0x0f,0x67,0x70,0x70,0x99,0xc6,0x10,0x5a,0x94,0xa4, -0x53,0x4d,0x54,0x6d,0x2b,0xaf,0x0d,0x5d,0x40,0x8b,0x64,0xd3,0xd7,0xee,0xde,0x56, -0x61,0x92,0x5f,0xa6,0xc4,0x1d,0x10,0x61,0x36,0xd3,0x2c,0x27,0x3c,0xe8,0x29,0x09, -0xb9,0x11,0x64,0x74,0xcc,0xb5,0x73,0x9f,0x1c,0x48,0xa9,0xbc,0x61,0x01,0xee,0xe2, -0x17,0xa6,0x0c,0xe3,0x40,0x08,0x3b,0x0e,0xe7,0xeb,0x44,0x73,0x2a,0x9a,0xf1,0x69, -0x92,0xef,0x71,0x14,0xc3,0x39,0xac,0x71,0xa7,0x91,0x09,0x6f,0xe4,0x71,0x06,0xb3, -0xba,0x59,0x57,0x26,0x79,0x00,0xf6,0xf8,0x0d,0xa2,0x33,0x30,0x28,0xd4,0xaa,0x58, -0xa0,0x9d,0x9d,0x69,0x91,0xfd,}; -static const unsigned char cert_6 [] = { -0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x32,0x88,0x8e,0x9a,0xd2,0xf5, -0xeb,0x13,0x47,0xf8,0x7f,0xc4,0x20,0x37,0x25,0xf8,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, -0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, -0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, -0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, -0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, -0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, -0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, -0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, -0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, -0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, -0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, -0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, -0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, -0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, -0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, -0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, -0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, -0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, -0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, -0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xba,0xf0, -0xe4,0xcf,0xf9,0xc4,0xae,0x85,0x54,0xb9,0x07,0x57,0xf9,0x8f,0xc5,0x7f,0x68,0x11, -0xf8,0xc4,0x17,0xb0,0x44,0xdc,0xe3,0x30,0x73,0xd5,0x2a,0x62,0x2a,0xb8,0xd0,0xcc, -0x1c,0xed,0x28,0x5b,0x7e,0xbd,0x6a,0xdc,0xb3,0x91,0x24,0xca,0x41,0x62,0x3c,0xfc, -0x02,0x01,0xbf,0x1c,0x16,0x31,0x94,0x05,0x97,0x76,0x6e,0xa2,0xad,0xbd,0x61,0x17, -0x6c,0x4e,0x30,0x86,0xf0,0x51,0x37,0x2a,0x50,0xc7,0xa8,0x62,0x81,0xdc,0x5b,0x4a, -0xaa,0xc1,0xa0,0xb4,0x6e,0xeb,0x2f,0xe5,0x57,0xc5,0xb1,0x2b,0x40,0x70,0xdb,0x5a, -0x4d,0xa1,0x8e,0x1f,0xbd,0x03,0x1f,0xd8,0x03,0xd4,0x8f,0x4c,0x99,0x71,0xbc,0xe2, -0x82,0xcc,0x58,0xe8,0x98,0x3a,0x86,0xd3,0x86,0x38,0xf3,0x00,0x29,0x1f,0x02,0x03, -0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, -0x05,0x00,0x03,0x81,0x81,0x00,0x85,0x8c,0x12,0xc1,0xa7,0xb9,0x50,0x15,0x7a,0xcb, -0x3e,0xac,0xb8,0x43,0x8a,0xdc,0xaa,0xdd,0x14,0xba,0x89,0x81,0x7e,0x01,0x3c,0x23, -0x71,0x21,0x88,0x2f,0x82,0xdc,0x63,0xfa,0x02,0x45,0xac,0x45,0x59,0xd7,0x2a,0x58, -0x44,0x5b,0xb7,0x9f,0x81,0x3b,0x92,0x68,0x3d,0xe2,0x37,0x24,0xf5,0x7b,0x6c,0x8f, -0x76,0x35,0x96,0x09,0xa8,0x59,0x9d,0xb9,0xce,0x23,0xab,0x74,0xd6,0x83,0xfd,0x32, -0x73,0x27,0xd8,0x69,0x3e,0x43,0x74,0xf6,0xae,0xc5,0x89,0x9a,0xe7,0x53,0x7c,0xe9, -0x7b,0xf6,0x4b,0xf3,0xc1,0x65,0x83,0xde,0x8d,0x8a,0x9c,0x3c,0x88,0x8d,0x39,0x59, -0xfc,0xaa,0x3f,0x22,0x8d,0xa1,0xc1,0x66,0x50,0x81,0x72,0x4c,0xed,0x22,0x64,0x4f, -0x4f,0xca,0x80,0x91,0xb6,0x29,}; -static const unsigned char cert_7 [] = { -0x30,0x82,0x02,0x5a,0x30,0x82,0x01,0xc3,0x02,0x02,0x01,0xa5,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x75,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, -0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, -0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x23,0x30, -0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, -0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c,0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f, -0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x30,0x30,0x32,0x39, -0x30,0x30,0x5a,0x17,0x0d,0x31,0x38,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30, -0x30,0x5a,0x30,0x75,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, -0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, -0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06, -0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, -0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20, -0x49,0x6e,0x63,0x2e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c, -0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30, -0x81,0x89,0x02,0x81,0x81,0x00,0x95,0x0f,0xa0,0xb6,0xf0,0x50,0x9c,0xe8,0x7a,0xc7, -0x88,0xcd,0xdd,0x17,0x0e,0x2e,0xb0,0x94,0xd0,0x1b,0x3d,0x0e,0xf6,0x94,0xc0,0x8a, -0x94,0xc7,0x06,0xc8,0x90,0x97,0xc8,0xb8,0x64,0x1a,0x7a,0x7e,0x6c,0x3c,0x53,0xe1, -0x37,0x28,0x73,0x60,0x7f,0xb2,0x97,0x53,0x07,0x9f,0x53,0xf9,0x6d,0x58,0x94,0xd2, -0xaf,0x8d,0x6d,0x88,0x67,0x80,0xe6,0xed,0xb2,0x95,0xcf,0x72,0x31,0xca,0xa5,0x1c, -0x72,0xba,0x5c,0x02,0xe7,0x64,0x42,0xe7,0xf9,0xa9,0x2c,0xd6,0x3a,0x0d,0xac,0x8d, -0x42,0xaa,0x24,0x01,0x39,0xe6,0x9c,0x3f,0x01,0x85,0x57,0x0d,0x58,0x87,0x45,0xf8, -0xd3,0x85,0xaa,0x93,0x69,0x26,0x85,0x70,0x48,0x80,0x3f,0x12,0x15,0xc7,0x79,0xb4, -0x1f,0x05,0x2f,0x3b,0x62,0x99,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a, -0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x6d,0xeb, -0x1b,0x09,0xe9,0x5e,0xd9,0x51,0xdb,0x67,0x22,0x61,0xa4,0x2a,0x3c,0x48,0x77,0xe3, -0xa0,0x7c,0xa6,0xde,0x73,0xa2,0x14,0x03,0x85,0x3d,0xfb,0xab,0x0e,0x30,0xc5,0x83, -0x16,0x33,0x81,0x13,0x08,0x9e,0x7b,0x34,0x4e,0xdf,0x40,0xc8,0x74,0xd7,0xb9,0x7d, -0xdc,0xf4,0x76,0x55,0x7d,0x9b,0x63,0x54,0x18,0xe9,0xf0,0xea,0xf3,0x5c,0xb1,0xd9, -0x8b,0x42,0x1e,0xb9,0xc0,0x95,0x4e,0xba,0xfa,0xd5,0xe2,0x7c,0xf5,0x68,0x61,0xbf, -0x8e,0xec,0x05,0x97,0x5f,0x5b,0xb0,0xd7,0xa3,0x85,0x34,0xc4,0x24,0xa7,0x0d,0x0f, -0x95,0x93,0xef,0xcb,0x94,0xd8,0x9e,0x1f,0x9d,0x5c,0x85,0x6d,0xc7,0xaa,0xae,0x4f, -0x1f,0x22,0xb5,0xcd,0x95,0xad,0xba,0xa7,0xcc,0xf9,0xab,0x0b,0x7a,0x7f,}; -static const unsigned char cert_8 [] = { -0x30,0x82,0x01,0xfa,0x30,0x82,0x01,0x63,0x02,0x02,0x01,0xa3,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x45,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, -0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06,0x03,0x55,0x04,0x03,0x13,0x13,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f, -0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x30,0x31, -0x30,0x30,0x5a,0x17,0x0d,0x30,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x35,0x39,0x30, -0x30,0x5a,0x30,0x45,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, -0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, -0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06, -0x03,0x55,0x04,0x03,0x13,0x13,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, -0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30, -0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0xe6,0x4f,0xba,0xdb,0x98,0x7c,0x71,0x7c,0xaf, -0x44,0xb7,0xd3,0x0f,0x46,0xd9,0x64,0xe5,0x93,0xc1,0x42,0x8e,0xc7,0xba,0x49,0x8d, -0x35,0x2d,0x7a,0xe7,0x8b,0xbd,0xe5,0x05,0x31,0x59,0xc6,0xb1,0x2f,0x0a,0x0c,0xfb, -0x9f,0xa7,0x3f,0xa2,0x09,0x66,0x84,0x56,0x1e,0x37,0x29,0x1b,0x87,0xe9,0x7e,0x0c, -0xca,0x9a,0x9f,0xa5,0x7f,0xf5,0x15,0x94,0xa3,0xd5,0xa2,0x46,0x82,0xd8,0x68,0x4c, -0xd1,0x37,0x15,0x06,0x68,0xaf,0xbd,0xf8,0xb0,0xb3,0xf0,0x29,0xf5,0x95,0x5a,0x09, -0x16,0x61,0x77,0x0a,0x22,0x25,0xd4,0x4f,0x45,0xaa,0xc7,0xbd,0xe5,0x96,0xdf,0xf9, -0xd4,0xa8,0x8e,0x42,0xcc,0x24,0xc0,0x1e,0x91,0x27,0x4a,0xb5,0x6d,0x06,0x80,0x63, -0x39,0xc4,0xa2,0x5e,0x38,0x03,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a, -0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x12,0xb3, -0x75,0xc6,0x5f,0x1d,0xe1,0x61,0x55,0x80,0x00,0xd4,0x81,0x4b,0x7b,0x31,0x0f,0x23, -0x63,0xe7,0x3d,0xf3,0x03,0xf9,0xf4,0x36,0xa8,0xbb,0xd9,0xe3,0xa5,0x97,0x4d,0xea, -0x2b,0x29,0xe0,0xd6,0x6a,0x73,0x81,0xe6,0xc0,0x89,0xa3,0xd3,0xf1,0xe0,0xa5,0xa5, -0x22,0x37,0x9a,0x63,0xc2,0x48,0x20,0xb4,0xdb,0x72,0xe3,0xc8,0xf6,0xd9,0x7c,0xbe, -0xb1,0xaf,0x53,0xda,0x14,0xb4,0x21,0xb8,0xd6,0xd5,0x96,0xe3,0xfe,0x4e,0x0c,0x59, -0x62,0xb6,0x9a,0x4a,0xf9,0x42,0xdd,0x8c,0x6f,0x81,0xa9,0x71,0xff,0xf4,0x0a,0x72, -0x6d,0x6d,0x44,0x0e,0x9d,0xf3,0x74,0x74,0xa8,0xd5,0x34,0x49,0xe9,0x5e,0x9e,0xe9, -0xb4,0x7a,0xe1,0xe5,0x5a,0x1f,0x84,0x30,0x9c,0xd3,0x9f,0xa5,0x25,0xd8,}; -static const unsigned char cert_9 [] = { -0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x9b,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, -0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, -0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, -0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, -0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x33,0x35,0x30,0x37,0x5a,0x17,0x0d, -0x30,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x32,0x32,0x31,0x36,0x5a,0x30,0x70,0x31, -0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, -0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, -0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, -0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, -0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, -0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30, -0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, -0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd9,0x2c,0x4c,0x4e, -0x2f,0x69,0x1a,0x23,0xe3,0x56,0xba,0xf3,0xce,0x84,0xc0,0x09,0xc0,0x79,0xf1,0x44, -0x5f,0x33,0x1f,0x15,0x91,0x7f,0x8a,0x88,0x28,0xb8,0x24,0x45,0xcc,0x8f,0x18,0xcd, -0x1f,0x74,0xd1,0xb5,0x8f,0x71,0x4c,0xd6,0x31,0xf6,0x73,0x96,0x84,0x94,0x40,0xc5, -0xa9,0x83,0x60,0x24,0x7d,0xaf,0x6f,0x34,0xb7,0x4b,0x4c,0xc2,0x09,0x80,0x3b,0x45, -0x04,0x9e,0xc4,0x3c,0xc4,0x27,0x75,0x7b,0x00,0x0c,0xa1,0x64,0x47,0xb5,0x14,0x5d, -0x82,0x4b,0x51,0x3a,0x58,0xbb,0x44,0x4c,0x3d,0xd3,0xe5,0x06,0x38,0xe8,0x61,0x5c, -0x98,0x78,0xbb,0x80,0xb3,0x9c,0xda,0x72,0x82,0x62,0xa0,0xdf,0x9c,0x5f,0xeb,0xf9, -0x4f,0x77,0xc2,0xcc,0x60,0x18,0x00,0x6b,0x34,0x82,0x25,0xb3,0x02,0x03,0x01,0x00, -0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00, -0x03,0x81,0x81,0x00,0xa3,0x64,0x91,0x6f,0x10,0xed,0xe7,0x6e,0xa2,0x42,0x40,0x94, -0x78,0xce,0xf8,0x14,0x08,0xd1,0xfa,0x43,0x85,0xeb,0x46,0xcd,0x92,0x14,0xd0,0xef, -0x2e,0x2d,0x36,0x39,0x18,0xd9,0xba,0xc9,0x27,0x88,0x29,0xe9,0x48,0x17,0x6f,0xf8, -0xc1,0xaa,0xc8,0x61,0x6d,0x2d,0xfd,0x40,0x2d,0x75,0x43,0x30,0x97,0x39,0xf8,0x14, -0x64,0xbd,0x6f,0xef,0x63,0xa8,0x2b,0x42,0xdf,0xb2,0x5a,0x0d,0x25,0xec,0x7b,0x37, -0xd8,0xce,0x91,0x29,0x82,0x16,0xf9,0xe8,0x62,0xa2,0xe1,0x76,0xc4,0x02,0x7d,0xdd, -0x25,0x8b,0x98,0xe1,0xf6,0x0d,0x60,0x8c,0xf6,0x59,0x90,0x40,0x51,0x44,0xd1,0xc2, -0xfb,0x19,0x24,0x1e,0x17,0x39,0x6b,0x74,0x21,0x15,0x33,0xd6,0x55,0xd7,0x82,0x1e, -0x70,0x2c,0x27,0xa8,}; -static const unsigned char cert_10 [] = { -0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x97,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, -0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, -0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, -0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, -0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x35,0x39,0x30,0x38,0x5a,0x17,0x0d, -0x30,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x33,0x36,0x33,0x39,0x5a,0x30,0x70,0x31, -0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, -0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, -0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, -0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, -0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, -0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30, -0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, -0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe1,0xf3,0xb1,0x2b, -0x0b,0xce,0xdc,0x14,0xd9,0x34,0x97,0x62,0x50,0x12,0x56,0x63,0x84,0x4c,0x53,0xfa, -0xc0,0x85,0xcf,0xfa,0xc1,0xdd,0x0f,0xde,0x79,0x13,0x7f,0x53,0xfb,0xaa,0x0e,0x60, -0xdd,0xe2,0x62,0xbf,0xc6,0xee,0x4e,0x99,0x34,0xaa,0x68,0x43,0x35,0x99,0xf8,0xa3, -0xfd,0xf3,0x63,0xbd,0x01,0x54,0x6a,0x9e,0xb2,0x3a,0x96,0x2c,0x7b,0x78,0x28,0xc6, -0x5a,0xb5,0x8d,0x1a,0x15,0x18,0xfd,0xe3,0x8c,0x2e,0xa2,0x50,0x09,0x5b,0x71,0xd6, -0x0d,0xb5,0x18,0x1f,0x19,0x8e,0x04,0x29,0x93,0x93,0x78,0xab,0x5f,0x14,0xe7,0x73, -0x42,0xf2,0x03,0x0c,0x57,0xa2,0x1b,0x50,0x3b,0x0b,0xbb,0x59,0xe0,0xa0,0x3a,0x03, -0xee,0x27,0x1b,0x5a,0x4c,0xb9,0xb0,0x08,0xca,0xb9,0x1a,0x89,0x02,0x03,0x01,0x00, -0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, -0x03,0x81,0x81,0x00,0x85,0xeb,0xad,0x94,0x20,0x06,0xe9,0xb2,0xa2,0x6b,0x3b,0xf2, -0x66,0xeb,0xe3,0x4b,0xb8,0x12,0x26,0x05,0xe5,0xf4,0x91,0xa8,0xdc,0x87,0xdc,0x98, -0xf4,0x94,0xc1,0xf4,0x61,0xbd,0xd5,0x9c,0x6c,0x51,0x73,0x95,0x5e,0xd0,0xbd,0xd7, -0xe6,0x45,0xdc,0x3c,0xcf,0x46,0x84,0xd5,0xe7,0xb9,0xec,0xe4,0x67,0x63,0x6e,0x00, -0x28,0x77,0x71,0x5d,0x4a,0x05,0xe9,0xb9,0x7c,0x86,0xcc,0xc2,0x44,0xbb,0xde,0x29, -0x48,0xda,0xea,0xdd,0xbd,0x17,0x9f,0x1d,0x51,0x01,0xa8,0xe8,0x14,0x5e,0xb1,0x57, -0xf7,0xff,0xda,0x8f,0xce,0x95,0xfe,0x2d,0xed,0x32,0x12,0x77,0xff,0x7c,0x6a,0x61, -0x95,0xae,0x31,0x72,0x06,0x08,0xf0,0xf9,0xf3,0x0d,0x8e,0xe2,0xef,0xa8,0x53,0x5d, -0x91,0x03,0x83,0xde,}; -static const unsigned char cert_11 [] = { -0x30,0x82,0x03,0x55,0x30,0x82,0x02,0x3d,0x02,0x02,0x01,0xa8,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, -0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, -0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, -0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, -0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30,0x1e,0x17, -0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x31,0x33,0x35,0x31,0x30,0x30,0x5a,0x17,0x0d, -0x31,0x33,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x70,0x31, -0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, -0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, -0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, -0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, -0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, -0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30, -0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01, -0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00, -0xba,0x9d,0x22,0x6e,0x7f,0xda,0x66,0x3c,0x39,0x42,0xb1,0xa3,0x2a,0x6f,0xd3,0xf7, -0xbc,0xae,0xac,0x31,0x5a,0xd7,0x11,0x90,0x47,0xb9,0x9d,0x19,0x2e,0xf9,0xf3,0x1b, -0x22,0xa0,0xc3,0xe1,0xa7,0xba,0xc4,0xfc,0x5e,0x0a,0x94,0x4b,0x98,0x5a,0x4b,0x26, -0xe4,0x1f,0xf4,0xdc,0xf3,0xfe,0x8e,0x88,0xdc,0x6c,0x2d,0x7c,0x77,0x87,0x26,0x50, -0xc0,0x5e,0x4e,0xa8,0x28,0xa1,0xea,0x17,0x69,0x4f,0x4d,0xc6,0x01,0x0e,0xda,0x9a, -0x0d,0x06,0x56,0x26,0x15,0xb6,0xa4,0x5d,0x7a,0x35,0xaf,0x8d,0xed,0x78,0x52,0x86, -0xf9,0x38,0xab,0xb3,0x01,0xd3,0xda,0x05,0x96,0xb1,0xb6,0x50,0xab,0xc0,0xa1,0xae, -0x17,0x53,0xfa,0x43,0x39,0x20,0x71,0x65,0x23,0xdb,0x6d,0xc4,0xb6,0xed,0x98,0x45, -0x83,0xd7,0xd2,0xf6,0xe2,0xa9,0x6b,0xfb,0xf9,0x75,0xcc,0xef,0xc5,0xab,0x71,0x96, -0x35,0xe8,0xdf,0x8e,0x91,0x9b,0xa8,0x10,0x75,0x1f,0xb7,0xce,0x13,0x8e,0x6b,0xb3, -0x96,0x77,0x97,0x1a,0x91,0x2f,0xc7,0x2c,0x69,0x99,0xf0,0x0f,0x2a,0x68,0x00,0x98, -0x76,0x44,0x1b,0x8c,0x28,0xd2,0xeb,0x8e,0xf4,0x83,0xb4,0x7f,0xa4,0x25,0x5e,0x6c, -0x3b,0xd9,0xc6,0x68,0xd5,0x61,0xb8,0xd4,0x5e,0x31,0x07,0xb5,0x5b,0x90,0x35,0x52, -0x57,0x7b,0x17,0x20,0xed,0x2d,0xb8,0x1e,0x8e,0x88,0x39,0x3e,0x52,0xcb,0xdf,0xf0, -0x5c,0xb1,0x65,0xbb,0xa5,0x12,0xb4,0x90,0x63,0xbf,0x71,0x9d,0x32,0xc1,0xda,0xbf, -0x50,0x4a,0x95,0xbe,0x06,0x3a,0xc4,0x2b,0xeb,0xcd,0x98,0x76,0x44,0x4d,0x0b,0xe5, -0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x43,0xaf,0x1c,0x87,0xc9,0x49,0xba, -0x65,0x89,0x34,0x49,0x3c,0xea,0x07,0x3b,0x47,0xa2,0x79,0xd4,0xa0,0x3b,0x90,0x6c, -0xde,0x7f,0xa8,0x54,0xc3,0xe8,0x4c,0x40,0x32,0xbc,0xc8,0xec,0x1c,0xe5,0xd9,0xac, -0x40,0xba,0xfc,0x8c,0x3f,0xc2,0x73,0x9c,0xf4,0x64,0xea,0xdf,0xa9,0xed,0x4e,0x5b, -0xc8,0x01,0x60,0xee,0x39,0x6d,0x43,0x27,0xf3,0x7f,0xaa,0x08,0xd2,0xfe,0x4e,0x6f, -0x14,0x32,0x4d,0x7d,0xe4,0x34,0x80,0xa5,0x35,0xc4,0xd6,0x46,0x50,0xb4,0x3b,0xa0, -0x2d,0x65,0x1f,0x4f,0x65,0x7e,0x34,0x28,0x2d,0xc0,0xa7,0x76,0x7d,0x31,0xc9,0x0d, -0x33,0x16,0xf6,0x20,0x19,0x20,0x11,0x50,0xbb,0x03,0xcc,0x70,0x6d,0x96,0xb7,0xef, -0x4c,0xa7,0xda,0x36,0x15,0xcf,0xbb,0x4d,0xd4,0x96,0xdc,0x88,0x4d,0x6c,0x98,0xed, -0xb9,0x73,0xfe,0x28,0x57,0xa0,0xed,0x64,0xf8,0x0a,0x81,0x29,0x73,0xf6,0xf6,0x97, -0x32,0x87,0x39,0xb4,0x81,0xef,0xd9,0x4d,0x1a,0x07,0x34,0xf7,0xba,0x42,0x35,0xde, -0x57,0xdc,0x5c,0xd6,0xf7,0xc5,0xeb,0x0a,0x27,0x0c,0x81,0xa6,0xc2,0xd0,0x68,0x4e, -0xfd,0x92,0x5b,0x48,0x83,0xf6,0x16,0x8a,0x8f,0x36,0x5b,0xed,0x31,0x6c,0x3f,0x41, -0x7a,0x71,0xf7,0x92,0x3f,0x31,0xa4,0x0a,0x40,0x4c,0xf3,0x86,0xe2,0x61,0xc1,0x3c, -0x49,0x81,0x2d,0xa5,0xb8,0xef,0xba,0x97,0x0f,0xbc,0x2b,0x1d,0x9b,0x89,0xf2,0xd2, -0x8e,0x1e,0x4d,0x86,0xf2,0xc2,0xab,0xf6,0x2d,0x99,0xc0,0x1b,0x2a,0x0d,0xa1,0xb6, -0x4f,0xf9,0x2c,0x58,0x4d,0x3d,0x7d,0x37,0x0a,}; -static const unsigned char cert_12 [] = { -0x30,0x82,0x03,0xb6,0x30,0x82,0x02,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x02,0x01, -0xb6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, -0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, -0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f, -0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55, -0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75, -0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45, -0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74, -0x20,0x35,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x34,0x31,0x34,0x35,0x30, -0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x30,0x38,0x31,0x34,0x32,0x33,0x35,0x39,0x30, -0x30,0x5a,0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, -0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, -0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06, -0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, -0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20, -0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47, -0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f, -0x6f,0x74,0x20,0x35,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, -0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, -0x02,0x82,0x01,0x01,0x00,0xbc,0x12,0x6e,0x3f,0x8a,0x7c,0x7a,0x97,0x01,0xec,0x1e, -0xbb,0x39,0x5a,0x02,0xf4,0x78,0x44,0xa2,0x48,0x1b,0x8e,0x7b,0x49,0x52,0x7a,0xb8, -0x7b,0x47,0xb3,0xaf,0x94,0x9b,0x6f,0xbb,0x96,0xfa,0x2b,0x6a,0x65,0x5c,0xb8,0x1c, -0x94,0x73,0xbe,0xbf,0x89,0x0a,0x22,0x80,0xee,0x57,0xfc,0x8c,0x05,0xbb,0x70,0x9f, -0x97,0x39,0x04,0xda,0xa3,0x87,0x5c,0xa8,0xe5,0xca,0xaf,0xc0,0x33,0x9a,0xd5,0x37, -0x5c,0x4b,0xac,0xe4,0x80,0xd0,0xa6,0x23,0x60,0xfb,0xfd,0x72,0x2e,0x94,0x9d,0xc7, -0xce,0xc2,0x04,0x32,0xef,0x78,0x60,0x5d,0xed,0xad,0x87,0x0f,0x45,0x65,0x1e,0x3c, -0x9a,0x0a,0x9a,0xbe,0x5d,0x1d,0x99,0xec,0xe7,0xf2,0xd1,0xc6,0x7a,0x17,0xd9,0xad, -0x9b,0x54,0x96,0x7f,0xc4,0x7c,0x60,0xbf,0x85,0xaa,0x15,0x35,0x1d,0x40,0xda,0x11, -0xbc,0xec,0x54,0x21,0x28,0x2d,0x23,0xa1,0xa8,0xf0,0xcf,0x2d,0xcd,0xdd,0xfc,0x7e, -0x0f,0x5e,0xe1,0x65,0x07,0x56,0xcb,0x07,0xb4,0xd2,0x56,0xe8,0x5e,0x31,0xcc,0x18, -0x63,0xc4,0x86,0xd2,0x2d,0x85,0xcf,0x93,0x92,0xab,0x6d,0xfe,0x68,0x39,0xfb,0xde, -0x73,0xbd,0x86,0xf8,0xe4,0x46,0x7a,0xea,0x9f,0x0c,0xcb,0xf4,0x19,0xfe,0x63,0xbc, -0xd1,0x2c,0x7b,0x88,0x33,0x36,0xf6,0xe4,0xe1,0x9c,0x0c,0x53,0x81,0x60,0x1c,0xda, -0x2e,0xab,0x96,0xa9,0x16,0x88,0x13,0x50,0x99,0xb2,0xbd,0x55,0xdf,0x15,0x30,0x7e, -0xe8,0xe5,0x98,0xfb,0x70,0x7e,0x6c,0xb5,0x07,0xfc,0xfc,0x46,0xb7,0xd0,0xed,0x37, -0x96,0x7e,0x32,0xfe,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x12, -0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02, -0x01,0x05,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02, -0x01,0x06,0x30,0x17,0x06,0x03,0x55,0x1d,0x20,0x04,0x10,0x30,0x0e,0x30,0x0c,0x06, -0x0a,0x2a,0x86,0x48,0x86,0xf8,0x63,0x01,0x02,0x01,0x03,0x30,0x19,0x06,0x03,0x55, -0x1d,0x0e,0x04,0x12,0x04,0x10,0x76,0x0a,0x49,0x21,0x38,0x4c,0x9f,0xde,0xf8,0xc4, -0x49,0xc7,0x71,0x71,0x91,0x9d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x41,0x3a,0xd4,0x18,0x5b,0xda, -0xb8,0xde,0x21,0x1c,0xe1,0x8e,0x09,0xe5,0xf1,0x68,0x34,0xff,0xde,0x96,0xf4,0x07, -0xf5,0xa7,0x3c,0xf3,0xac,0x4a,0xb1,0x9b,0xfa,0x92,0xfa,0x9b,0xed,0xe6,0x32,0x21, -0xaa,0x4a,0x76,0xc5,0xdc,0x4f,0x38,0xe5,0xdf,0xd5,0x86,0xe4,0xd5,0xc8,0x76,0x7d, -0x98,0xd7,0xb1,0xcd,0x8f,0x4d,0xb5,0x91,0x23,0x6c,0x8b,0x8a,0xeb,0xea,0x7c,0xef, -0x14,0x94,0xc4,0xc6,0xf0,0x1f,0x4a,0x2d,0x32,0x71,0x63,0x2b,0x63,0x91,0x26,0x02, -0x09,0xb6,0x80,0x1d,0xed,0xe2,0xcc,0xb8,0x7f,0xdb,0x87,0x63,0xc8,0xe1,0xd0,0x6c, -0x26,0xb1,0x35,0x1d,0x40,0x66,0x10,0x1b,0xcd,0x95,0x54,0x18,0x33,0x61,0xec,0x13, -0x4f,0xda,0x13,0xf7,0x99,0xaf,0x3e,0xd0,0xcf,0x8e,0xa6,0x72,0xa2,0xb3,0xc3,0x05, -0x9a,0xc9,0x27,0x7d,0x92,0xcc,0x7e,0x52,0x8d,0xb3,0xab,0x70,0x6d,0x9e,0x89,0x9f, -0x4d,0xeb,0x1a,0x75,0xc2,0x98,0xaa,0xd5,0x02,0x16,0xd7,0x0c,0x8a,0xbf,0x25,0xe4, -0xeb,0x2d,0xbc,0x98,0xe9,0x58,0x38,0x19,0x7c,0xb9,0x37,0xfe,0xdb,0xe2,0x99,0x08, -0x73,0x06,0xc7,0x97,0x83,0x6a,0x7d,0x10,0x01,0x2f,0x32,0xb9,0x17,0x05,0x4a,0x65, -0xe6,0x2f,0xce,0xbe,0x5e,0x53,0xa6,0x82,0xe9,0x9a,0x53,0x0a,0x84,0x74,0x2d,0x83, -0xca,0xc8,0x94,0x16,0x76,0x5f,0x94,0x61,0x28,0xf0,0x85,0xa7,0x39,0xbb,0xd7,0x8b, -0xd9,0xa8,0xb2,0x13,0x1d,0x54,0x09,0x34,0x24,0x7d,0x20,0x81,0x7d,0x66,0x7e,0xa2, -0x90,0x74,0x5c,0x10,0xc6,0xbd,0xec,0xab,0x1b,0xc2,}; -static const unsigned char cert_13 [] = { -0x30,0x82,0x02,0x3d,0x30,0x82,0x01,0xa6,0x02,0x11,0x00,0xcd,0xba,0x7f,0x56,0xf0, -0xdf,0xe4,0xbc,0x54,0xfe,0x22,0xac,0xb3,0x72,0xaa,0x55,0x30,0x0d,0x06,0x09,0x2a, -0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, -0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39, -0x36,0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38, -0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30, -0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03, -0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, -0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c, -0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69, -0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, -0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30, -0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81, -0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe5,0x19,0xbf,0x6d,0xa3,0x56,0x61, -0x2d,0x99,0x48,0x71,0xf6,0x67,0xde,0xb9,0x8d,0xeb,0xb7,0x9e,0x86,0x80,0x0a,0x91, -0x0e,0xfa,0x38,0x25,0xaf,0x46,0x88,0x82,0xe5,0x73,0xa8,0xa0,0x9b,0x24,0x5d,0x0d, -0x1f,0xcc,0x65,0x6e,0x0c,0xb0,0xd0,0x56,0x84,0x18,0x87,0x9a,0x06,0x9b,0x10,0xa1, -0x73,0xdf,0xb4,0x58,0x39,0x6b,0x6e,0xc1,0xf6,0x15,0xd5,0xa8,0xa8,0x3f,0xaa,0x12, -0x06,0x8d,0x31,0xac,0x7f,0xb0,0x34,0xd7,0x8f,0x34,0x67,0x88,0x09,0xcd,0x14,0x11, -0xe2,0x4e,0x45,0x56,0x69,0x1f,0x78,0x02,0x80,0xda,0xdc,0x47,0x91,0x29,0xbb,0x36, -0xc9,0x63,0x5c,0xc5,0xe0,0xd7,0x2d,0x87,0x7b,0xa1,0xb7,0x32,0xb0,0x7b,0x30,0xba, -0x2a,0x2f,0x31,0xaa,0xee,0xa3,0x67,0xda,0xdb,0x02,0x03,0x01,0x00,0x01,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81, -0x00,0x4c,0x3f,0xb8,0x8b,0xc6,0x68,0xdf,0xee,0x43,0x33,0x0e,0x5d,0xe9,0xa6,0xcb, -0x07,0x84,0x4d,0x7a,0x33,0xff,0x92,0x1b,0xf4,0x36,0xad,0xd8,0x95,0x22,0x36,0x68, -0x11,0x6c,0x7c,0x42,0xcc,0xf3,0x9c,0x2e,0xc4,0x07,0x3f,0x14,0xb0,0x0f,0x4f,0xff, -0x90,0x92,0x76,0xf9,0xe2,0xbc,0x4a,0xe9,0x8f,0xcd,0xa0,0x80,0x0a,0xf7,0xc5,0x29, -0xf1,0x82,0x22,0x5d,0xb8,0xb1,0xdd,0x81,0x23,0xa3,0x7b,0x25,0x15,0x46,0x30,0x79, -0x16,0xf8,0xea,0x05,0x4b,0x94,0x7f,0x1d,0xc2,0x1c,0xc8,0xe3,0xb7,0xf4,0x10,0x40, -0x3c,0x13,0xc3,0x5f,0x1f,0x53,0xe8,0x48,0xe4,0x86,0xb4,0x7b,0xa1,0x35,0xb0,0x7b, -0x25,0xba,0xb8,0xd3,0x8e,0xab,0x3f,0x38,0x9d,0x00,0x34,0x00,0x98,0xf3,0xd1,0x71, -0x94,}; -static const unsigned char cert_14 [] = { -0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x2d,0x1b,0xfc,0x4a,0x17,0x8d, -0xa3,0x91,0xeb,0xe7,0xff,0xf5,0x8b,0x45,0xbe,0x0b,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, -0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04, -0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63, -0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73, -0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61, -0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, -0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36, -0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30, -0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, -0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, -0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0x5a,0x8b,0xa3,0x0d,0x6a,0x23,0x83, -0x80,0x6b,0xcf,0x39,0x87,0xf4,0x21,0x13,0x33,0x06,0x4c,0x25,0xa2,0xed,0x55,0x12, -0x97,0xc5,0xa7,0x80,0xb9,0xfa,0x83,0xc1,0x20,0xa0,0xfa,0x2f,0x15,0x0d,0x7c,0xa1, -0x60,0x6b,0x7e,0x79,0x2c,0xfa,0x06,0x0f,0x3a,0xae,0xf6,0x1b,0x6f,0xb1,0xd2,0xff, -0x2f,0x28,0x52,0x5f,0x83,0x7d,0x4b,0xc4,0x7a,0xb7,0xf8,0x66,0x1f,0x80,0x54,0xfc, -0xb7,0xc2,0x8e,0x59,0x4a,0x14,0x57,0x46,0xd1,0x9a,0x93,0xbe,0x41,0x91,0x03,0xbb, -0x15,0x80,0x93,0x5c,0xeb,0xe7,0xcc,0x08,0x6c,0x3f,0x3e,0xb3,0x4a,0xfc,0xff,0x4b, -0x6c,0x23,0xd5,0x50,0x82,0x26,0x44,0x19,0x8e,0x23,0xc3,0x71,0xea,0x19,0x24,0x47, -0x04,0x9e,0x75,0xbf,0xc8,0xa6,0x00,0x1f,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06, -0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00, -0x8a,0x1b,0x2b,0xfa,0x39,0xc1,0x74,0xd7,0x5e,0xd8,0x19,0x64,0xa2,0x58,0x4a,0x2d, -0x37,0xe0,0x33,0x47,0x0f,0xac,0xed,0xf7,0xaa,0xdb,0x1e,0xe4,0x8b,0x06,0x5c,0x60, -0x27,0xca,0x45,0x52,0xce,0x16,0xef,0x3f,0x06,0x64,0xe7,0x94,0x68,0x7c,0x60,0x33, -0x15,0x11,0x69,0xaf,0x9d,0x62,0x8d,0xa3,0x03,0x54,0x6b,0xa6,0xbe,0xe5,0xee,0x05, -0x18,0x60,0x04,0xbf,0x42,0x80,0xfd,0xd0,0xa8,0xa8,0x1e,0x01,0x3b,0xf7,0xa3,0x5c, -0xaf,0xa3,0xdc,0xe6,0x26,0x80,0x23,0x3c,0xb8,0x44,0x74,0xf7,0x0a,0xae,0x49,0x8b, -0x61,0x78,0xcc,0x24,0xbf,0x88,0x8a,0xa7,0x0e,0xea,0x73,0x19,0x41,0xfd,0x4d,0x03, -0xf0,0x88,0xd1,0xe5,0x78,0x8d,0xa5,0x2a,0x4f,0xf6,0x97,0x0d,0x17,0x77,0xca,0xd8, -}; -static const unsigned char cert_15 [] = { -0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9, -0x29,0x34,0xb6,0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, -0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04, -0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63, -0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73, -0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61, -0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, -0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36, -0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30, -0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, -0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, -0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, -0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, -0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, -0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc9,0x5c,0x59,0x9e,0xf2,0x1b,0x8a,0x01, -0x14,0xb4,0x10,0xdf,0x04,0x40,0xdb,0xe3,0x57,0xaf,0x6a,0x45,0x40,0x8f,0x84,0x0c, -0x0b,0xd1,0x33,0xd9,0xd9,0x11,0xcf,0xee,0x02,0x58,0x1f,0x25,0xf7,0x2a,0xa8,0x44, -0x05,0xaa,0xec,0x03,0x1f,0x78,0x7f,0x9e,0x93,0xb9,0x9a,0x00,0xaa,0x23,0x7d,0xd6, -0xac,0x85,0xa2,0x63,0x45,0xc7,0x72,0x27,0xcc,0xf4,0x4c,0xc6,0x75,0x71,0xd2,0x39, -0xef,0x4f,0x42,0xf0,0x75,0xdf,0x0a,0x90,0xc6,0x8e,0x20,0x6f,0x98,0x0f,0xf8,0xac, -0x23,0x5f,0x70,0x29,0x36,0xa4,0xc9,0x86,0xe7,0xb1,0x9a,0x20,0xcb,0x53,0xa5,0x85, -0xe7,0x3d,0xbe,0x7d,0x9a,0xfe,0x24,0x45,0x33,0xdc,0x76,0x15,0xed,0x0f,0xa2,0x71, -0x64,0x4c,0x65,0x2e,0x81,0x68,0x45,0xa7,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06, -0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00, -0xbb,0x4c,0x12,0x2b,0xcf,0x2c,0x26,0x00,0x4f,0x14,0x13,0xdd,0xa6,0xfb,0xfc,0x0a, -0x11,0x84,0x8c,0xf3,0x28,0x1c,0x67,0x92,0x2f,0x7c,0xb6,0xc5,0xfa,0xdf,0xf0,0xe8, -0x95,0xbc,0x1d,0x8f,0x6c,0x2c,0xa8,0x51,0xcc,0x73,0xd8,0xa4,0xc0,0x53,0xf0,0x4e, -0xd6,0x26,0xc0,0x76,0x01,0x57,0x81,0x92,0x5e,0x21,0xf1,0xd1,0xb1,0xff,0xe7,0xd0, -0x21,0x58,0xcd,0x69,0x17,0xe3,0x44,0x1c,0x9c,0x19,0x44,0x39,0x89,0x5c,0xdc,0x9c, -0x00,0x0f,0x56,0x8d,0x02,0x99,0xed,0xa2,0x90,0x45,0x4c,0xe4,0xbb,0x10,0xa4,0x3d, -0xf0,0x32,0x03,0x0e,0xf1,0xce,0xf8,0xe8,0xc9,0x51,0x8c,0xe6,0x62,0x9f,0xe6,0x9f, -0xc0,0x7d,0xb7,0x72,0x9c,0xc9,0x36,0x3a,0x6b,0x9f,0x4e,0xa8,0xff,0x64,0x0d,0x64, -}; -static const unsigned char cert_16 [] = { -0x30,0x82,0x02,0x34,0x30,0x82,0x01,0xa1,0x02,0x10,0x02,0xad,0x66,0x7e,0x4e,0x45, -0xfe,0x5e,0x57,0x6f,0x3c,0x98,0x19,0x5e,0xdd,0xc0,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, -0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55,0x04, -0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63,0x75, -0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06,0x03, -0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76, -0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, -0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x34, -0x31,0x31,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x30,0x30, -0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, -0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55, -0x04,0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63, -0x75,0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06, -0x03,0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72, -0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9b,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x89, -0x00,0x30,0x81,0x85,0x02,0x7e,0x00,0x92,0xce,0x7a,0xc1,0xae,0x83,0x3e,0x5a,0xaa, -0x89,0x83,0x57,0xac,0x25,0x01,0x76,0x0c,0xad,0xae,0x8e,0x2c,0x37,0xce,0xeb,0x35, -0x78,0x64,0x54,0x03,0xe5,0x84,0x40,0x51,0xc9,0xbf,0x8f,0x08,0xe2,0x8a,0x82,0x08, -0xd2,0x16,0x86,0x37,0x55,0xe9,0xb1,0x21,0x02,0xad,0x76,0x68,0x81,0x9a,0x05,0xa2, -0x4b,0xc9,0x4b,0x25,0x66,0x22,0x56,0x6c,0x88,0x07,0x8f,0xf7,0x81,0x59,0x6d,0x84, -0x07,0x65,0x70,0x13,0x71,0x76,0x3e,0x9b,0x77,0x4c,0xe3,0x50,0x89,0x56,0x98,0x48, -0xb9,0x1d,0xa7,0x29,0x1a,0x13,0x2e,0x4a,0x11,0x59,0x9c,0x1e,0x15,0xd5,0x49,0x54, -0x2c,0x73,0x3a,0x69,0x82,0xb1,0x97,0x39,0x9c,0x6d,0x70,0x67,0x48,0xe5,0xdd,0x2d, -0xd6,0xc8,0x1e,0x7b,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, -0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x7e,0x00,0x65,0xdd,0x7e,0xe1,0xb2, -0xec,0xb0,0xe2,0x3a,0xe0,0xec,0x71,0x46,0x9a,0x19,0x11,0xb8,0xd3,0xc7,0xa0,0xb4, -0x03,0x40,0x26,0x02,0x3e,0x09,0x9c,0xe1,0x12,0xb3,0xd1,0x5a,0xf6,0x37,0xa5,0xb7, -0x61,0x03,0xb6,0x5b,0x16,0x69,0x3b,0xc6,0x44,0x08,0x0c,0x88,0x53,0x0c,0x6b,0x97, -0x49,0xc7,0x3e,0x35,0xdc,0x6c,0xb9,0xbb,0xaa,0xdf,0x5c,0xbb,0x3a,0x2f,0x93,0x60, -0xb6,0xa9,0x4b,0x4d,0xf2,0x20,0xf7,0xcd,0x5f,0x7f,0x64,0x7b,0x8e,0xdc,0x00,0x5c, -0xd7,0xfa,0x77,0xca,0x39,0x16,0x59,0x6f,0x0e,0xea,0xd3,0xb5,0x83,0x7f,0x4d,0x4d, -0x42,0x56,0x76,0xb4,0xc9,0x5f,0x04,0xf8,0x38,0xf8,0xeb,0xd2,0x5f,0x75,0x5f,0xcd, -0x7b,0xfc,0xe5,0x8e,0x80,0x7c,0xfc,0x50,}; -static const unsigned char cert_17 [] = { -0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, -0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, -0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, -0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, -0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, -0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, -0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, -0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30, -0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, -0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x17, -0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x30,0x81, -0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, -0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, -0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, -0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, -0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, -0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, -0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, -0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, -0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30,0x20, -0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, -0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, -0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xdf,0x7d,0xe6,0xbe,0xbf,0xd5, -0xf0,0x2f,0x6d,0x4e,0x0e,0xd1,0xe0,0x8d,0x0b,0x7f,0x3b,0x54,0xe8,0x8a,0xe2,0xb0, -0x9f,0x28,0xc5,0x8a,0xc6,0xb9,0xb3,0x33,0x27,0xf5,0x27,0xca,0x1a,0x4c,0x54,0x12, -0x6b,0xb4,0xb2,0x46,0xb3,0x1d,0x4b,0xb3,0xf4,0x21,0x0b,0x4b,0x02,0x2e,0xa1,0xc2, -0x34,0x9c,0x85,0xa0,0xc4,0x78,0x11,0xdb,0xdb,0x6b,0x27,0x2b,0x09,0x2a,0x18,0x4e, -0x40,0xcc,0x9f,0x71,0x19,0x67,0x99,0x74,0xa2,0x7c,0x3f,0xc1,0xd8,0x8b,0x23,0xc8, -0x63,0x3b,0x8a,0x21,0xab,0x5c,0xde,0x1e,0xf4,0x8d,0xdc,0xb4,0x18,0xc3,0x05,0x73, -0xf4,0x6a,0xb4,0xa1,0xfa,0x01,0x08,0x2b,0x01,0x0f,0x6d,0x37,0x5b,0xaa,0x38,0x86, -0x67,0x39,0xd7,0xe5,0x5f,0xfa,0xe4,0x7e,0xcc,0xa3,0x02,0x03,0x01,0x00,0x01,0xa3, -0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, -0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, -0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, -0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, -0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, -0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, -0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, -0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, -0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, -0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, -0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, -0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, -0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, -0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, -0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30, -0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, -0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x4d,0x07,0x7f,0x5f,0x09,0x30,0x19, -0x92,0xaa,0x05,0x47,0x7a,0x94,0x75,0x54,0x2a,0xae,0xcf,0xfc,0xd8,0x0c,0x42,0xe1, -0x45,0x38,0x2b,0x24,0x95,0xb2,0xca,0x87,0xca,0x79,0xc4,0xc3,0x97,0x90,0x5e,0x62, -0x18,0xc6,0xc9,0x38,0x61,0x4c,0x68,0x35,0xd3,0x4c,0x14,0x11,0xeb,0xc4,0xcd,0xa1, -0xa9,0xd8,0xc5,0x9e,0x68,0x27,0x32,0x07,0x35,0x45,0x04,0xf8,0x5f,0x21,0xa0,0x60, -0x1e,0x1c,0x00,0x48,0x04,0x58,0xd2,0xc5,0xcb,0xae,0x6d,0x32,0x6e,0x3d,0x77,0x95, -0x8c,0x85,0xc7,0xe5,0xae,0x50,0x9d,0x75,0x4a,0x7b,0xff,0x0b,0x27,0x79,0xea,0x4d, -0xa4,0x59,0xff,0xec,0x5a,0xea,0x26,0xa5,0x39,0x83,0xa4,0xd1,0x78,0xce,0xa7,0xa9, -0x7e,0xbc,0xdd,0x2b,0xca,0x12,0x93,0x03,0x4a,}; -static const unsigned char cert_18 [] = { -0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x02, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, -0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, -0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, -0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, -0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, -0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, -0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, -0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31, -0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, -0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x17, -0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x30,0x81, -0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, -0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, -0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, -0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, -0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, -0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, -0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, -0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, -0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20, -0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, -0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, -0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb0,0x29,0xeb,0xb4,0x76,0xb3, -0xae,0xd7,0xb6,0x5b,0xb4,0x5e,0xe7,0xbd,0xe3,0xb1,0x9c,0x49,0x04,0x57,0x5b,0xa1, -0xab,0xd9,0x7f,0x13,0x1b,0xfd,0xba,0x61,0xab,0xd8,0xe7,0x71,0xdf,0x2d,0x00,0x94, -0x5d,0x51,0x48,0x7d,0x23,0xef,0x75,0x62,0x84,0x90,0x3c,0x0a,0x1f,0x59,0x11,0x74, -0x2f,0x8e,0x80,0xa5,0xfd,0x30,0x02,0x3d,0x29,0x52,0xcd,0x72,0x1a,0x49,0x21,0x9c, -0xbc,0xcb,0x52,0x8e,0x48,0xa1,0x63,0x96,0xc8,0x10,0x85,0x30,0x69,0x57,0x74,0x45, -0xc0,0x5a,0x86,0xc6,0xd5,0x3d,0xe0,0x68,0x57,0x7d,0x31,0x6a,0x24,0x8d,0x45,0x97, -0x3e,0x31,0x7e,0x68,0x66,0x32,0x6e,0x24,0x6d,0xec,0x32,0x36,0xc9,0x41,0xca,0xf0, -0x31,0x44,0xc8,0xa3,0x61,0xca,0x1b,0xa0,0x36,0x1f,0x02,0x03,0x01,0x00,0x01,0xa3, -0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, -0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, -0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, -0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, -0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, -0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, -0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, -0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, -0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, -0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, -0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, -0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, -0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, -0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, -0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31, -0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, -0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x05,0x42,0x52,0x26,0xa4,0x0c,0x27, -0x01,0x44,0xac,0x5c,0x25,0x28,0xc2,0x44,0x42,0x54,0x08,0xb9,0x1d,0xc5,0x3e,0x6c, -0x59,0x66,0xc4,0xb3,0x4e,0x50,0xa7,0xf8,0xf8,0x96,0x75,0xa1,0x96,0x75,0xe8,0x16, -0x38,0xa0,0xcd,0x5d,0x6e,0xfa,0x79,0xa7,0x1b,0x7b,0x1d,0x1e,0xc3,0x00,0xb9,0x66, -0xbe,0x5a,0xd6,0x62,0x0f,0xe7,0xf2,0x7b,0xb8,0xef,0x4c,0xe0,0xc0,0x3f,0x59,0xae, -0x39,0xb7,0x84,0x09,0x9e,0xab,0xf1,0xa9,0x2e,0x6b,0x69,0xe2,0xad,0xcc,0xf2,0xea, -0x78,0x09,0x05,0x20,0x38,0x42,0x71,0x18,0x7e,0xc7,0xb2,0x97,0xe6,0xd5,0x02,0x05, -0x06,0x56,0xa3,0x5f,0xf1,0xaa,0xc2,0xc4,0x4f,0xfe,0xf7,0xef,0x16,0x0f,0x9d,0xec, -0xaa,0x85,0xcf,0x3d,0x29,0x24,0xf1,0x04,0xcd,}; -static const unsigned char cert_19 [] = { -0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x03, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, -0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, -0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, -0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, -0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, -0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, -0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, -0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32, -0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, -0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x17, -0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x30,0x81, -0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, -0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, -0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, -0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, -0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, -0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, -0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, -0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, -0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20, -0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, -0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, -0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xda,0x38,0xe8,0xed,0x32,0x00, -0x29,0x71,0x83,0x01,0x0d,0xbf,0x8c,0x01,0xdc,0xda,0xc6,0xad,0x39,0xa4,0xa9,0x8a, -0x2f,0xd5,0x8b,0x5c,0x68,0x5f,0x50,0xc6,0x62,0xf5,0x66,0xbd,0xca,0x91,0x22,0xec, -0xaa,0x1d,0x51,0xd7,0x3d,0xb3,0x51,0xb2,0x83,0x4e,0x5d,0xcb,0x49,0xb0,0xf0,0x4c, -0x55,0xe5,0x6b,0x2d,0xc7,0x85,0x0b,0x30,0x1c,0x92,0x4e,0x82,0xd4,0xca,0x02,0xed, -0xf7,0x6f,0xbe,0xdc,0xe0,0xe3,0x14,0xb8,0x05,0x53,0xf2,0x9a,0xf4,0x56,0x8b,0x5a, -0x9e,0x85,0x93,0xd1,0xb4,0x82,0x56,0xae,0x4d,0xbb,0xa8,0x4b,0x57,0x16,0xbc,0xfe, -0xf8,0x58,0x9e,0xf8,0x29,0x8d,0xb0,0x7b,0xcd,0x78,0xc9,0x4f,0xac,0x8b,0x67,0x0c, -0xf1,0x9c,0xfb,0xfc,0x57,0x9b,0x57,0x5c,0x4f,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3, -0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, -0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, -0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, -0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, -0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, -0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, -0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, -0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, -0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, -0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, -0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, -0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, -0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, -0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, -0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32, -0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, -0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x89,0x1b,0xf4,0xef,0xe9,0x38,0xe2, -0x6c,0x0c,0xf6,0xcd,0x6f,0x49,0xce,0x29,0xcc,0xfb,0xa6,0x0f,0xf9,0x8d,0x3e,0x95, -0x46,0xd6,0xfc,0x47,0x32,0x89,0xb2,0xc8,0x06,0x61,0x7a,0xd2,0xe7,0x0d,0x13,0x02, -0x94,0x0b,0xd9,0x8b,0x56,0x47,0xf4,0xbb,0xe7,0xc5,0x5f,0x7b,0xf4,0x63,0x4c,0xae, -0x7c,0x34,0xea,0x0d,0xa2,0xa9,0xb3,0x2c,0x85,0xf3,0xe3,0xfe,0x27,0x54,0x10,0x92, -0xb0,0x8f,0x92,0xc1,0x98,0x42,0x18,0x70,0x48,0xdb,0x4e,0x2c,0xeb,0x0d,0x24,0x68, -0xe4,0xd1,0xf7,0xbe,0x09,0xa9,0x29,0x87,0xbb,0xe8,0xda,0xdc,0x3e,0xa3,0x88,0x42, -0x31,0xf5,0xd1,0xe3,0x7f,0xae,0xd8,0x8e,0x00,0x5a,0x74,0x98,0xb0,0x4f,0xc6,0xff, -0x23,0x7b,0x5c,0x73,0x00,0x78,0xc9,0xdb,0x4e,}; -static const unsigned char cert_20 [] = { -0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x04, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, -0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, -0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, -0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, -0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, -0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, -0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, -0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33, -0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, -0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x17, -0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x30,0x81, -0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, -0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, -0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, -0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, -0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, -0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, -0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, -0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, -0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20, -0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, -0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, -0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0xb4,0xc1,0x35,0x05,0x2e, -0x0d,0x8d,0xec,0xa0,0x40,0x6a,0x1c,0x0e,0x27,0xa6,0x50,0x92,0x6b,0x50,0x1b,0x07, -0xde,0x2e,0xe7,0x76,0xcc,0xe0,0xda,0xfc,0x84,0xa8,0x5e,0x8c,0x63,0x6a,0x2b,0x4d, -0xd9,0x4e,0x02,0x76,0x11,0xc1,0x0b,0xf2,0x8d,0x79,0xca,0x00,0xb6,0xf1,0xb0,0x0e, -0xd7,0xfb,0xa4,0x17,0x3d,0xaf,0xab,0x69,0x7a,0x96,0x27,0xbf,0xaf,0x33,0xa1,0x9a, -0x2a,0x59,0xaa,0xc4,0xb5,0x37,0x08,0xf2,0x12,0xa5,0x31,0xb6,0x43,0xf5,0x32,0x96, -0x71,0x28,0x28,0xab,0x8d,0x28,0x86,0xdf,0xbb,0xee,0xe3,0x0c,0x7d,0x30,0xd6,0xc3, -0x52,0xab,0x8f,0x5d,0x27,0x9c,0x6b,0xc0,0xa3,0xe7,0x05,0x6b,0x57,0x49,0x44,0xb3, -0x6e,0xea,0x64,0xcf,0xd2,0x8e,0x7a,0x50,0x77,0x77,0x02,0x03,0x01,0x00,0x01,0xa3, -0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, -0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, -0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, -0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, -0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, -0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, -0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, -0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, -0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, -0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, -0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, -0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, -0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, -0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, -0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33, -0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, -0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x84,0x86,0x50,0x62,0x79,0xa0,0x27, -0xe1,0x25,0xba,0x09,0xb1,0x34,0x0f,0x13,0x09,0xed,0x2d,0xca,0xa3,0xe6,0x95,0xf9, -0x30,0xac,0xcd,0x17,0xa5,0xce,0x3d,0x97,0x9d,0xec,0x7c,0x8f,0x26,0x7f,0xc0,0x61, -0xca,0x22,0xf7,0x91,0xdd,0x3c,0x36,0x59,0x9a,0x9b,0x75,0xf7,0xbc,0xe4,0xc8,0xed, -0xec,0x02,0xb6,0x22,0xa7,0xf3,0x2c,0xf1,0xc8,0x92,0x78,0x6d,0xb6,0xee,0xc5,0x28, -0xec,0x80,0x20,0x4f,0xb9,0x6b,0x08,0xe7,0x2f,0xa7,0x86,0x1e,0x7d,0xb1,0x08,0x9f, -0x54,0xb9,0x00,0x37,0x3c,0xa0,0xd8,0x1a,0xc8,0x96,0x1c,0xf4,0x32,0x14,0x9c,0x39, -0x95,0xb7,0xee,0xf0,0x43,0x49,0xc2,0x5e,0xe8,0xcb,0x79,0x6f,0x53,0xbf,0xfb,0x49, -0x8a,0x2c,0xd8,0x4b,0xd9,0x55,0xf2,0x12,0x70,}; -static const unsigned char cert_21 [] = { -0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x05, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, -0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, -0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, -0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, -0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, -0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, -0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, -0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34, -0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, -0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, -0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x17, -0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x30,0x81, -0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, -0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, -0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, -0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, -0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, -0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, -0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, -0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, -0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20, -0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, -0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, -0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbf,0x2f,0x63,0xd6,0x36,0x7b, -0xb2,0x0d,0xd3,0x55,0xf5,0x64,0x6c,0xe6,0x25,0x5d,0xc6,0xb4,0xc8,0x14,0xba,0x25, -0x38,0x83,0xeb,0x56,0x62,0xa5,0x55,0xa9,0x65,0xa3,0xf4,0x23,0x99,0xc2,0x4b,0xb9, -0xd0,0xcd,0x54,0x67,0xa6,0xa3,0xa0,0xa3,0xa9,0x33,0x2b,0x76,0xe4,0xbd,0xad,0x77, -0xb2,0xed,0x5c,0x12,0x74,0xc3,0xc5,0xb6,0x0f,0x52,0x9a,0x72,0x93,0x43,0x90,0x62, -0x66,0x15,0x0f,0x45,0xa5,0xdd,0xe0,0xdd,0xb8,0x6f,0x40,0x6e,0x57,0xc1,0x79,0x72, -0xa3,0x60,0xaa,0xba,0x76,0x1d,0x12,0x89,0x53,0x5a,0xfc,0x02,0xbe,0xe1,0x09,0x13, -0xc5,0x4a,0x2f,0xdc,0x3d,0x8b,0x19,0xad,0xd7,0x8b,0x24,0x45,0xfb,0x4c,0xf4,0xcd, -0x5c,0x35,0x1d,0x29,0x4c,0x51,0xf3,0xf2,0x6c,0x55,0x02,0x03,0x01,0x00,0x01,0xa3, -0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, -0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, -0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, -0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, -0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, -0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, -0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, -0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, -0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, -0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, -0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, -0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, -0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, -0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, -0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, -0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, -0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34, -0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, -0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x94,0x68,0x14,0x1b,0x25,0x9e,0x29, -0x99,0xb1,0xb2,0x23,0xd2,0x44,0xb3,0x95,0x9f,0xd1,0x9e,0x55,0x04,0xdd,0xe3,0x2f, -0x82,0x33,0x55,0x96,0x77,0x19,0x9d,0x2b,0x9e,0x65,0x1c,0xfa,0x8a,0xe3,0xc7,0x8f, -0x25,0xfc,0xb1,0x1e,0x55,0x46,0x0f,0x8f,0xff,0x4f,0x37,0x2f,0xa4,0x76,0x59,0xa6, -0x64,0xeb,0xd5,0x16,0x70,0xbd,0xdd,0x95,0x33,0x0c,0xa4,0x0d,0x24,0xeb,0x64,0x50, -0xb4,0x43,0x11,0xf2,0x43,0xbe,0x0d,0x71,0x98,0x22,0xec,0x01,0xaf,0xec,0xf7,0xc7, -0x5c,0x71,0xc3,0x75,0x91,0x58,0x19,0xe8,0xdd,0xa0,0xf4,0xb4,0xf1,0xbc,0x10,0x4a, -0xf3,0x93,0xb4,0x06,0x49,0xbb,0x1f,0x66,0xd2,0xbd,0x74,0x47,0xe1,0x9a,0xf9,0xeb, -0xd7,0xab,0x6d,0x1f,0xba,0xe1,0x1d,0x2c,0xda,}; -static const unsigned char cert_22 [] = { -0x30,0x82,0x03,0x21,0x30,0x82,0x02,0x8a,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xcb,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, -0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, -0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, -0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, -0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, -0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, -0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, -0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74, -0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63, -0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, -0x09,0x01,0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73, -0x69,0x63,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17, -0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, -0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xcb, -0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30, -0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20, -0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43, -0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,0x55,0x04, -0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c, -0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43, -0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72, -0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x21, -0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74,0x65,0x20, -0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x43, -0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01, -0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73,0x69,0x63, -0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, -0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbc,0xbc,0x93,0x53,0x6d,0xc0,0x50,0x4f, -0x82,0x15,0xe6,0x48,0x94,0x35,0xa6,0x5a,0xbe,0x6f,0x42,0xfa,0x0f,0x47,0xee,0x77, -0x75,0x72,0xdd,0x8d,0x49,0x9b,0x96,0x57,0xa0,0x78,0xd4,0xca,0x3f,0x51,0xb3,0x69, -0x0b,0x91,0x76,0x17,0x22,0x07,0x97,0x6a,0xc4,0x51,0x93,0x4b,0xe0,0x8d,0xef,0x37, -0x95,0xa1,0x0c,0x4d,0xda,0x34,0x90,0x1d,0x17,0x89,0x97,0xe0,0x35,0x38,0x57,0x4a, -0xc0,0xf4,0x08,0x70,0xe9,0x3c,0x44,0x7b,0x50,0x7e,0x61,0x9a,0x90,0xe3,0x23,0xd3, -0x88,0x11,0x46,0x27,0xf5,0x0b,0x07,0x0e,0xbb,0xdd,0xd1,0x7f,0x20,0x0a,0x88,0xb9, -0x56,0x0b,0x2e,0x1c,0x80,0xda,0xf1,0xe3,0x9e,0x29,0xef,0x14,0xbd,0x0a,0x44,0xfb, -0x1b,0x5b,0x18,0xd1,0xbf,0x23,0x93,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30, -0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01, -0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05, -0x00,0x03,0x81,0x81,0x00,0x2d,0xe2,0x99,0x6b,0xb0,0x3d,0x7a,0x89,0xd7,0x59,0xa2, -0x94,0x01,0x1f,0x2b,0xdd,0x12,0x4b,0x53,0xc2,0xad,0x7f,0xaa,0xa7,0x00,0x5c,0x91, -0x40,0x57,0x25,0x4a,0x38,0xaa,0x84,0x70,0xb9,0xd9,0x80,0x0f,0xa5,0x7b,0x5c,0xfb, -0x73,0xc6,0xbd,0xd7,0x8a,0x61,0x5c,0x03,0xe3,0x2d,0x27,0xa8,0x17,0xe0,0x84,0x85, -0x42,0xdc,0x5e,0x9b,0xc6,0xb7,0xb2,0x6d,0xbb,0x74,0xaf,0xe4,0x3f,0xcb,0xa7,0xb7, -0xb0,0xe0,0x5d,0xbe,0x78,0x83,0x25,0x94,0xd2,0xdb,0x81,0x0f,0x79,0x07,0x6d,0x4f, -0xf4,0x39,0x15,0x5a,0x52,0x01,0x7b,0xde,0x32,0xd6,0x4d,0x38,0xf6,0x12,0x5c,0x06, -0x50,0xdf,0x05,0x5b,0xbd,0x14,0x4b,0xa1,0xdf,0x29,0xba,0x3b,0x41,0x8d,0xf7,0x63, -0x56,0xa1,0xdf,0x22,0xb1,}; -static const unsigned char cert_23 [] = { -0x30,0x82,0x03,0x2d,0x30,0x82,0x02,0x96,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, -0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, -0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, -0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, -0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, -0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, -0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, -0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54,0x68,0x61,0x77,0x74, -0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46,0x72,0x65,0x65,0x6d, -0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09,0x2a,0x86,0x48,0x86, -0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d, -0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e, -0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30, -0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39, -0x35,0x39,0x5a,0x30,0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, -0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65, -0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03, -0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a, -0x30,0x18,0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20, -0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03, -0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, -0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69, -0x73,0x69,0x6f,0x6e,0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54, -0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46, -0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f, -0x6e,0x61,0x6c,0x2d,0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61, -0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, -0x02,0x81,0x81,0x00,0xd4,0x69,0xd7,0xd4,0xb0,0x94,0x64,0x5b,0x71,0xe9,0x47,0xd8, -0x0c,0x51,0xb6,0xea,0x72,0x91,0xb0,0x84,0x5e,0x7d,0x2d,0x0d,0x8f,0x7b,0x12,0xdf, -0x85,0x25,0x75,0x28,0x74,0x3a,0x42,0x2c,0x63,0x27,0x9f,0x95,0x7b,0x4b,0xef,0x7e, -0x19,0x87,0x1d,0x86,0xea,0xa3,0xdd,0xb9,0xce,0x96,0x64,0x1a,0xc2,0x14,0x6e,0x44, -0xac,0x7c,0xe6,0x8f,0xe8,0x4d,0x0f,0x71,0x1f,0x40,0x38,0xa6,0x00,0xa3,0x87,0x78, -0xf6,0xf9,0x94,0x86,0x5e,0xad,0xea,0xc0,0x5e,0x76,0xeb,0xd9,0x14,0xa3,0x5d,0x6e, -0x7a,0x7c,0x0c,0xa5,0x4b,0x55,0x7f,0x06,0x19,0x29,0x7f,0x9e,0x9a,0x26,0xd5,0x6a, -0xbb,0x38,0x24,0x08,0x6a,0x98,0xc7,0xb1,0xda,0xa3,0x98,0x91,0xfd,0x79,0xdb,0xe5, -0x5a,0xc4,0x1c,0xb9,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06, -0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d, -0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81, -0x00,0xc7,0xec,0x92,0x7e,0x4e,0xf8,0xf5,0x96,0xa5,0x67,0x62,0x2a,0xa4,0xf0,0x4d, -0x11,0x60,0xd0,0x6f,0x8d,0x60,0x58,0x61,0xac,0x26,0xbb,0x52,0x35,0x5c,0x08,0xcf, -0x30,0xfb,0xa8,0x4a,0x96,0x8a,0x1f,0x62,0x42,0x23,0x8c,0x17,0x0f,0xf4,0xba,0x64, -0x9c,0x17,0xac,0x47,0x29,0xdf,0x9d,0x98,0x5e,0xd2,0x6c,0x60,0x71,0x5c,0xa2,0xac, -0xdc,0x79,0xe3,0xe7,0x6e,0x00,0x47,0x1f,0xb5,0x0d,0x28,0xe8,0x02,0x9d,0xe4,0x9a, -0xfd,0x13,0xf4,0xa6,0xd9,0x7c,0xb1,0xf8,0xdc,0x5f,0x23,0x26,0x09,0x91,0x80,0x73, -0xd0,0x14,0x1b,0xde,0x43,0xa9,0x83,0x25,0xf2,0xe6,0x9c,0x2f,0x15,0xca,0xfe,0xa6, -0xab,0x8a,0x07,0x75,0x8b,0x0c,0xdd,0x51,0x84,0x6b,0xe4,0xf8,0xd1,0xce,0x77,0xa2, -0x81,}; -static const unsigned char cert_24 [] = { -0x30,0x82,0x03,0x29,0x30,0x82,0x02,0x92,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, -0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, -0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, -0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, -0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, -0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, -0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, -0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, -0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61,0x77,0x74, -0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65,0x6d,0x69, -0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, -0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x70, -0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f, -0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, -0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39, -0x5a,0x30,0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a, -0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74, -0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04, -0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18, -0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f, -0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04, -0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, -0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69, -0x6f,0x6e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61, -0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65, -0x6d,0x69,0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48, -0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c, -0x2d,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e, -0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, -0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00, -0xc9,0x66,0xd9,0xf8,0x07,0x44,0xcf,0xb9,0x8c,0x2e,0xf0,0xa1,0xef,0x13,0x45,0x6c, -0x05,0xdf,0xde,0x27,0x16,0x51,0x36,0x41,0x11,0x6c,0x6c,0x3b,0xed,0xfe,0x10,0x7d, -0x12,0x9e,0xe5,0x9b,0x42,0x9a,0xfe,0x60,0x31,0xc3,0x66,0xb7,0x73,0x3a,0x48,0xae, -0x4e,0xd0,0x32,0x37,0x94,0x88,0xb5,0x0d,0xb6,0xd9,0xf3,0xf2,0x44,0xd9,0xd5,0x88, -0x12,0xdd,0x76,0x4d,0xf2,0x1a,0xfc,0x6f,0x23,0x1e,0x7a,0xf1,0xd8,0x98,0x45,0x4e, -0x07,0x10,0xef,0x16,0x42,0xd0,0x43,0x75,0x6d,0x4a,0xde,0xe2,0xaa,0xc9,0x31,0xff, -0x1f,0x00,0x70,0x7c,0x66,0xcf,0x10,0x25,0x08,0xba,0xfa,0xee,0x00,0xe9,0x46,0x03, -0x66,0x27,0x11,0x15,0x3b,0xaa,0x5b,0xf2,0x98,0xdd,0x36,0x42,0xb2,0xda,0x88,0x75, -0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13, -0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86, -0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x69,0x36,0x89, -0xf7,0x34,0x2a,0x33,0x72,0x2f,0x6d,0x3b,0xd4,0x22,0xb2,0xb8,0x6f,0x9a,0xc5,0x36, -0x66,0x0e,0x1b,0x3c,0xa1,0xb1,0x75,0x5a,0xe6,0xfd,0x35,0xd3,0xf8,0xa8,0xf2,0x07, -0x6f,0x85,0x67,0x8e,0xde,0x2b,0xb9,0xe2,0x17,0xb0,0x3a,0xa0,0xf0,0x0e,0xa2,0x00, -0x9a,0xdf,0xf3,0x14,0x15,0x6e,0xbb,0xc8,0x85,0x5a,0x98,0x80,0xf9,0xff,0xbe,0x74, -0x1d,0x3d,0xf3,0xfe,0x30,0x25,0xd1,0x37,0x34,0x67,0xfa,0xa5,0x71,0x79,0x30,0x61, -0x29,0x72,0xc0,0xe0,0x2c,0x4c,0xfb,0x56,0xe4,0x3a,0xa8,0x6f,0xe5,0x32,0x59,0x52, -0xdb,0x75,0x28,0x50,0x59,0x0c,0xf8,0x0b,0x19,0xe4,0xac,0xd9,0xaf,0x96,0x8d,0x2f, -0x50,0xdb,0x07,0xc3,0xea,0x1f,0xab,0x33,0xe0,0xf5,0x2b,0x31,0x89,}; -static const unsigned char cert_25 [] = { -0x30,0x82,0x03,0x13,0x30,0x82,0x02,0x7c,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, -0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, -0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, -0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03, -0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, -0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55, -0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73, -0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x54,0x68, -0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x26, -0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x17,0x73, -0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72,0x74,0x73,0x40,0x74,0x68,0x61,0x77, -0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31, -0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32, -0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, -0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13, -0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30, -0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77, -0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77, -0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63, -0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69, -0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65, -0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03, -0x55,0x04,0x03,0x13,0x10,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76, -0x65,0x72,0x20,0x43,0x41,0x31,0x26,0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, -0x0d,0x01,0x09,0x01,0x16,0x17,0x73,0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72, -0x74,0x73,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, -0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xa4,0x50,0x6e,0xc8,0xff, -0x56,0x6b,0xe6,0xcf,0x5d,0xb6,0xea,0x0c,0x68,0x75,0x47,0xa2,0xaa,0xc2,0xda,0x84, -0x25,0xfc,0xa8,0xf4,0x47,0x51,0xda,0x85,0xb5,0x20,0x74,0x94,0x86,0x1e,0x0f,0x75, -0xc9,0xe9,0x08,0x61,0xf5,0x06,0x6d,0x30,0x6e,0x15,0x19,0x02,0xe9,0x52,0xc0,0x62, -0xdb,0x4d,0x99,0x9e,0xe2,0x6a,0x0c,0x44,0x38,0xcd,0xfe,0xbe,0xe3,0x64,0x09,0x70, -0xc5,0xfe,0xb1,0x6b,0x29,0xb6,0x2f,0x49,0xc8,0x3b,0xd4,0x27,0x04,0x25,0x10,0x97, -0x2f,0xe7,0x90,0x6d,0xc0,0x28,0x42,0x99,0xd7,0x4c,0x43,0xde,0xc3,0xf5,0x21,0x6d, -0x54,0x9f,0x5d,0xc3,0x58,0xe1,0xc0,0xe4,0xd9,0x5b,0xb0,0xb8,0xdc,0xb4,0x7b,0xdf, -0x36,0x3a,0xc2,0xb5,0x66,0x22,0x12,0xd6,0x87,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3, -0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30, -0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x07,0xfa,0x4c,0x69,0x5c,0xfb,0x95,0xcc,0x46, -0xee,0x85,0x83,0x4d,0x21,0x30,0x8e,0xca,0xd9,0xa8,0x6f,0x49,0x1a,0xe6,0xda,0x51, -0xe3,0x60,0x70,0x6c,0x84,0x61,0x11,0xa1,0x1a,0xc8,0x48,0x3e,0x59,0x43,0x7d,0x4f, -0x95,0x3d,0xa1,0x8b,0xb7,0x0b,0x62,0x98,0x7a,0x75,0x8a,0xdd,0x88,0x4e,0x4e,0x9e, -0x40,0xdb,0xa8,0xcc,0x32,0x74,0xb9,0x6f,0x0d,0xc6,0xe3,0xb3,0x44,0x0b,0xd9,0x8a, -0x6f,0x9a,0x29,0x9b,0x99,0x18,0x28,0x3b,0xd1,0xe3,0x40,0x28,0x9a,0x5a,0x3c,0xd5, -0xb5,0xe7,0x20,0x1b,0x8b,0xca,0xa4,0xab,0x8d,0xe9,0x51,0xd9,0xe2,0x4c,0x2c,0x59, -0xa9,0xda,0xb9,0xb2,0x75,0x1b,0xf6,0x42,0xf2,0xef,0xc7,0xf2,0x18,0xf9,0x89,0xbc, -0xa3,0xff,0x8a,0x23,0x2e,0x70,0x47,}; -static const unsigned char cert_26 [] = { -0x30,0x82,0x03,0x27,0x30,0x82,0x02,0x90,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, -0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, -0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, -0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, -0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03, -0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, -0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55, -0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, -0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73, -0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68, -0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65,0x72, -0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86, -0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d,0x73, -0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d, -0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30, -0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a, -0x30,0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41, -0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65, -0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07, -0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06, -0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e, -0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03, -0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, -0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69, -0x73,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54, -0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65, -0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48, -0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d, -0x73,0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f, -0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, -0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd2,0x36, -0x36,0x6a,0x8b,0xd7,0xc2,0x5b,0x9e,0xda,0x81,0x41,0x62,0x8f,0x38,0xee,0x49,0x04, -0x55,0xd6,0xd0,0xef,0x1c,0x1b,0x95,0x16,0x47,0xef,0x18,0x48,0x35,0x3a,0x52,0xf4, -0x2b,0x6a,0x06,0x8f,0x3b,0x2f,0xea,0x56,0xe3,0xaf,0x86,0x8d,0x9e,0x17,0xf7,0x9e, -0xb4,0x65,0x75,0x02,0x4d,0xef,0xcb,0x09,0xa2,0x21,0x51,0xd8,0x9b,0xd0,0x67,0xd0, -0xba,0x0d,0x92,0x06,0x14,0x73,0xd4,0x93,0xcb,0x97,0x2a,0x00,0x9c,0x5c,0x4e,0x0c, -0xbc,0xfa,0x15,0x52,0xfc,0xf2,0x44,0x6e,0xda,0x11,0x4a,0x6e,0x08,0x9f,0x2f,0x2d, -0xe3,0xf9,0xaa,0x3a,0x86,0x73,0xb6,0x46,0x53,0x58,0xc8,0x89,0x05,0xbd,0x83,0x11, -0xb8,0x73,0x3f,0xaa,0x07,0x8d,0xf4,0x42,0x4d,0xe7,0x40,0x9d,0x1c,0x37,0x02,0x03, -0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, -0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, -0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x26,0x48,0x2c,0x16,0xc2, -0x58,0xfa,0xe8,0x16,0x74,0x0c,0xaa,0xaa,0x5f,0x54,0x3f,0xf2,0xd7,0xc9,0x78,0x60, -0x5e,0x5e,0x6e,0x37,0x63,0x22,0x77,0x36,0x7e,0xb2,0x17,0xc4,0x34,0xb9,0xf5,0x08, -0x85,0xfc,0xc9,0x01,0x38,0xff,0x4d,0xbe,0xf2,0x16,0x42,0x43,0xe7,0xbb,0x5a,0x46, -0xfb,0xc1,0xc6,0x11,0x1f,0xf1,0x4a,0xb0,0x28,0x46,0xc9,0xc3,0xc4,0x42,0x7d,0xbc, -0xfa,0xab,0x59,0x6e,0xd5,0xb7,0x51,0x88,0x11,0xe3,0xa4,0x85,0x19,0x6b,0x82,0x4c, -0xa4,0x0c,0x12,0xad,0xe9,0xa4,0xae,0x3f,0xf1,0xc3,0x49,0x65,0x9a,0x8c,0xc5,0xc8, -0x3e,0x25,0xb7,0x94,0x99,0xbb,0x92,0x32,0x71,0x07,0xf0,0x86,0x5e,0xed,0x50,0x27, -0xa6,0x0d,0xa6,0x23,0xf9,0xbb,0xcb,0xa6,0x07,0x14,0x42,}; -static const CSSM_DATA rootCertificates[] = { -{ 891, (unsigned char *)cert_0 }, -{ 938, (unsigned char *)cert_1 }, -{ 641, (unsigned char *)cert_2 }, -{ 774, (unsigned char *)cert_3 }, -{ 775, (unsigned char *)cert_4 }, -{ 774, (unsigned char *)cert_5 }, -{ 774, (unsigned char *)cert_6 }, -{ 606, (unsigned char *)cert_7 }, -{ 510, (unsigned char *)cert_8 }, -{ 596, (unsigned char *)cert_9 }, -{ 596, (unsigned char *)cert_10 }, -{ 857, (unsigned char *)cert_11 }, -{ 954, (unsigned char *)cert_12 }, -{ 577, (unsigned char *)cert_13 }, -{ 576, (unsigned char *)cert_14 }, -{ 576, (unsigned char *)cert_15 }, -{ 568, (unsigned char *)cert_16 }, -{ 1081, (unsigned char *)cert_17 }, -{ 1081, (unsigned char *)cert_18 }, -{ 1081, (unsigned char *)cert_19 }, -{ 1081, (unsigned char *)cert_20 }, -{ 1081, (unsigned char *)cert_21 }, -{ 805, (unsigned char *)cert_22 }, -{ 817, (unsigned char *)cert_23 }, -{ 813, (unsigned char *)cert_24 }, -{ 791, (unsigned char *)cert_25 }, -{ 811, (unsigned char *)cert_26 }, -}; -static const int rootCertificateCount = 27; diff --git a/Keychain/SFFileVault.cpp b/Keychain/SFFileVault.cpp deleted file mode 100644 index bb740ab7..00000000 --- a/Keychain/SFFileVault.cpp +++ /dev/null @@ -1,408 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * SFFileVault.cpp - * testFileVaultSPI - * - * Created by john on Mon Jul 14 2003. - * - */ - -//#include - -#include "SFFileVault.h" -#include "ExecCLITool.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "SecFileVaultCert.h" - -#pragma mark -------------------- Environment Variables -------------------- - -#define HDIUTIL_PATH "/usr/bin/hdiutil" // environment var -> HDIUTIL_PATH -#define HDID_PATH "/usr/bin/hdid" // environment var -> HDID_PATH -#define MOUNT_HFS_PATH "/sbin/mount_hfs" // environment var -> MOUNT_HFS_PATH -#define UMOUNT_PATH "/sbin/umount" // environment var -> UMOUNT_PATH - -// _defaultMasterKeychainPath // environment var -> FILEVAULT_MASTER_PATH - -const char * const SFFileVault:: _defaultMasterKeychainPath = "/System/Library/Keychains/"; -const char * const SFFileVault::_masterKeychainName = "FileVaultMaster"; - -#pragma mark -------------------- SFFileVault implementation -------------------- - -OSStatus SFFileVault::mount(CFStringRef password, CFURLRef certificate, CFURLRef dmgin, - CFURLRef mountpoint, CFStringRef *devicepath) -{ - // /usr/bin/hdid -nomount -stdinpass -plist thevol.dmg - // /sbin/mount_hfs /dev/disk3s2 /tmp/THEVOL - - const Boolean resolveAgainstBase = true; - char imageFileString[PATH_MAX + 1]; - if (!CFURLGetFileSystemRepresentation(dmgin, resolveAgainstBase, reinterpret_cast(imageFileString), PATH_MAX)) - MacOSError::throwMe(paramErr); - - // @@@ Not implemented yet - if (certificate) - MacOSError::throwMe(unimpErr); - - ExecCLITool rt; - rt.input(password,true); // include trailing NULL - rt.run(HDID_PATH,"HDID_PATH", "-nomount", "-stdinpass", "-plist", imageFileString, NULL); - - CFRef devicePathString = extractDevicepath(rt); // parse stdout from hdid --> should be plist - if (!devicePathString) - MacOSError::throwMe(paramErr); - const char *devpath = CFStringGetCStringPtr(devicePathString, kCFStringEncodingMacRoman); - if (!devpath) - MacOSError::throwMe(ioErr); - - char mountpointString[PATH_MAX + 1]; - if (!CFURLGetFileSystemRepresentation(mountpoint, resolveAgainstBase, reinterpret_cast(mountpointString), PATH_MAX)) - MacOSError::throwMe(paramErr); - - rt.run(MOUNT_HFS_PATH,"MOUNT_HFS_PATH", devpath, mountpointString, NULL); - *devicepath = CFStringCreateCopy(NULL, devicePathString); - - return noErr; -} - -OSStatus SFFileVault::mastermount(CFURLRef dmgin, CFURLRef mountpoint, CFStringRef *devicepath) -{ - // convenience call to call mount with master cert - CFStringRef password = NULL; - CFURLRef certificate = NULL; - getCertificate(&certificate); - OSStatus status = mount(password, certificate, dmgin, mountpoint, devicepath); - return status; -} - -OSStatus SFFileVault::unmount(CFURLRef mountpoint, CFStringRef devicepath) -{ - // To unmount, we do: - // /sbin/umount -f /sbin/umount -f /tmp/THEVOL - // /usr/bin/hdiutil detach /usr/bin/hdiutil detach /dev/disk3s2 - - ExecCLITool rt; - - Boolean resolveAgainstBase = true; - char mountpointString[PATH_MAX + 1]; - if (!CFURLGetFileSystemRepresentation(mountpoint, resolveAgainstBase, reinterpret_cast(mountpointString), PATH_MAX)) - MacOSError::throwMe(paramErr); - -// OSStatus status = rt.run(HDIUTIL_PATH,"HDIUTIL_PATH", "unmount", "-force", mtpt, NULL); - /* OSStatus status = */ rt.run(UMOUNT_PATH,"UMOUNT_PATH", "-f", mountpointString, NULL); - - const char *devpath = CFStringGetCStringPtr(devicepath, kCFStringEncodingMacRoman); - if (!devpath) - MacOSError::throwMe(paramErr); - - return rt.run(HDIUTIL_PATH,"HDIUTIL_PATH", "detach", devpath, NULL); -} - -OSStatus SFFileVault::userChangePassword(CFStringRef password, CFStringRef devicepath) -{ - // @@@ Not implemented yet, but code will be something like below - MacOSError::throwMe(unimpErr); - - ExecCLITool rt; - - const char *devpath = CFStringGetCStringPtr(devicepath, kCFStringEncodingMacRoman); - if (!devpath) - MacOSError::throwMe(paramErr); - - rt.input(password,true); // include trailing NULL - return rt.run(HDIUTIL_PATH,"HDIUTIL_PATH", "chpass", devpath, NULL); - - return noErr; -} - -OSStatus SFFileVault::makeMasterPassword(CFStringRef masterPasswordPassword, SecKeychainRef *keychainRef) -{ - /* - OSStatus SecFileVaultMakeMasterPassword(CFStringRef masterPasswordPassword); - - *** In the real code, this will be done directly rather than exec'ing a tool, since there are too many parameters to specify - *** this needs to be done as root, since the keychain will be a system keychain - /usr/bin/certtool y c k=/System/Library/Keychains/FileVaultMaster.keychain p= - /usr/bin/certtool c k=/System/Library/Keychains/FileVaultMaster.keychain o=/System/Library/Keychains/FileVaultMaster.cer - Two steps: create the keychain, then create the keypair - */ - - char masterKeychainPath[PATH_MAX + 1]; - const char *envPath = getenv("FILEVAULT_MASTER_PATH"); // must set to full path or kc will end up in ~/Library/Keychains/ - if (!envPath) - envPath = _defaultMasterKeychainPath; - snprintf(masterKeychainPath, sizeof(masterKeychainPath), "%s%s.keychain", envPath, _masterKeychainName); -// std::cout << "Masterkeychain path: " << masterKeychainPath << std::endl; - - const char *mpass = CFStringGetCStringPtr(masterPasswordPassword, kCFStringEncodingMacRoman); - if (!mpass) - MacOSError::throwMe(paramErr); - const UInt32 passwordLength = strlen(mpass); - - // don't add to searchlist - KeychainCore::Keychain keychain = KeychainCore::globals().storageManager.make(Required(&masterKeychainPath),false); - - try - { - keychain->create(passwordLength, mpass); - } - catch (const MacOSError &err) - { - if (err.osStatus()!=errSecDuplicateKeychain) - throw; - } - catch (const CssmCommonError &err) - { - if (err.cssmError()!=CSSMERR_DL_DATASTORE_ALREADY_EXISTS) - throw; - } - - RequiredParam(keychainRef)=keychain->handle(); - - // @@@ Need better identification for the certificate - SecFileVaultCert fvc; - CFStringRef hostName = CFSTR("com.apple.fv"); - CFStringRef userName = CFSTR("User Name"); - CFDataRef certData = NULL; //CFRef<> - OSStatus status = fvc.createPair(hostName,userName,*keychainRef,&certData); - if (status) - MacOSError::throwMe(status); - // Write out cert file - status = writeCertificateFile(certData); - if (status) - MacOSError::throwMe(status); - - return noErr; -} - -OSStatus SFFileVault::create(CFStringRef password, CFURLRef certificate, CFURLRef dmgout, - CFStringRef volumeName, CFStringRef sizeSpec) -{ - // /usr/bin/hdiutil create -encryption -stdinpass -type SPARSE -fs "HFS+" -volname -size 20g - - ExecCLITool rt; - - // Construct the "-volname" parameter - if (!volumeName) - MacOSError::throwMe(paramErr); - const char *volname = CFStringGetCStringPtr(volumeName, kCFStringEncodingMacRoman); - if (!volname) - MacOSError::throwMe(paramErr); - - // Construct the "-size" parameter - if (!sizeSpec) - MacOSError::throwMe(paramErr); - const char *sizestr = CFStringGetCStringPtr(sizeSpec, kCFStringEncodingMacRoman); - if (!sizestr) - MacOSError::throwMe(paramErr); - - // Construct the file name parameter - CFRef fileString = CFURLCopyFileSystemPath(dmgout, kCFURLPOSIXPathStyle); - if (!fileString) - MacOSError::throwMe(paramErr); - const char *fname = CFStringGetCStringPtr(fileString, kCFStringEncodingMacRoman); - if (!fname) - MacOSError::throwMe(paramErr); - - // Construct the "-certificate" parameter - const char *certificateParamString = certificate?"-certificate":"-layout"; // @@@ what is a safe empty param? - CFStringRef certificateFileString = certificate?CFURLCopyFileSystemPath(certificate, kCFURLPOSIXPathStyle):NULL; - if (certificate && !certificateFileString) - MacOSError::throwMe(paramErr); - const char *certFileString = certificate?CFStringGetCStringPtr(certificateFileString, kCFStringEncodingMacRoman):"SPUD"; - if (certificate && !certFileString) - MacOSError::throwMe(paramErr); - - rt.input(password,true); // include trailing NULL - OSStatus status = rt.run(HDIUTIL_PATH,"HDIUTIL_PATH", "create", "-encryption", "CEncryptedEncoding", - "-stdinpass", "-type", "SPARSE", "-fs", "HFS+", "-volname", volname, "-size", sizestr, - certificateParamString, certFileString, fname, NULL); - - if (certificateFileString) - CFRelease(certificateFileString); - - return status; -} - -Boolean SFFileVault::masterPasswordEnabled(SecKeychainRef *keychainRef) -{ - char masterKeychain[PATH_MAX + 1]; - snprintf(masterKeychain, sizeof(masterKeychain), "%s.keychain", getKeychainPath()); //@@@ leak - - SecKeychainRef tmpKeychainRef=KeychainCore::globals().storageManager.make(masterKeychain, false)->handle(); - if (tmpKeychainRef == NULL) - return false; - - if (keychainRef) - *keychainRef = tmpKeychainRef; - else - CFRelease(tmpKeychainRef); - return true; -} - -OSStatus SFFileVault::changeMasterPasswordPassword(CFStringRef oldPassword,CFStringRef newPassword) -{ - // Essentially SecKeychainChangePassword for the FileVault Master Password keychain - SecKeychainRef keychainRef; - if (!masterPasswordEnabled(&keychainRef)) - MacOSError::throwMe(errSecNoSuchKeychain); - - std::string oldpw = cfString(oldPassword); //UInt32 - std::string newpw = cfString(newPassword); - - KeychainCore::Keychain keychain = KeychainCore::Keychain::optional(keychainRef); - keychain->changePassphrase (oldpw.length(), oldpw.c_str(), newpw.length(), newpw.c_str()); - CFRelease(keychainRef); - return noErr; -} - -/* - Shouldn't cfString being using code like this? - - const Boolean isExternalRepresentation = false; - const CFStringEncoding encoding = kCFStringEncodingUTF8; - CFIndex usedBufLen = 0; - UInt8 lossByte = 0; - - if (!theString) - MacOSError::throwMe(paramErr); - - CFRange stringRange = CFRangeMake(0,CFStringGetLength(theString)); - // Call once first just to get length - CFIndex length = CFStringGetBytes(theString, stringRange, encoding, lossByte, - isExternalRepresentation, NULL, 0, &usedBufLen); -*/ - -#pragma mark -------------------- Helpers -------------------- - -#define SYSTEM_ENTITIES_KEY CFSTR("system-entities") -#define CONTENT_HINT_KEY CFSTR("content-hint") -#define DEV_ENTRY_KEY CFSTR("dev-entry") -#define APPLE_HFS_KEY CFSTR("Apple_HFS") - -CFStringRef SFFileVault::extractDevicepath(const ExecCLITool& rt) -{ - CFRef tableData = CFDataCreate(NULL,reinterpret_cast(rt.data()),rt.length()); - CFStringRef errorString = NULL; - CFRef devTable = static_cast(CFPropertyListCreateFromXMLData(NULL, - tableData, kCFPropertyListImmutable, &errorString)); - if (errorString != NULL) - { - CFRelease(errorString); - return NULL; - } - - CFRef sysEntities = static_cast(CFDictionaryGetValue(devTable,SYSTEM_ENTITIES_KEY)); - if (sysEntities == NULL) - return NULL; - - CFIndex dictionaryCount = CFArrayGetCount(sysEntities); - for (CFIndex ix=0;ix < dictionaryCount;ix++) - { - CFRef dict = static_cast(CFArrayGetValueAtIndex(sysEntities, ix)); - CFRef deviceEntryString = static_cast(CFDictionaryGetValue(dict,CONTENT_HINT_KEY)); - if (CFEqual(deviceEntryString, APPLE_HFS_KEY)) // found it - return static_cast(CFDictionaryGetValue(dict,DEV_ENTRY_KEY)); - } - return NULL; -} - -OSStatus SFFileVault::getCertificate(CFURLRef *certificateFile) -{ - //@@@ to be done - MacOSError::throwMe(unimpErr); - // do a find in the master keychain - char masterKeychain[PATH_MAX + 1]; - snprintf(masterKeychain, sizeof(masterKeychain), "%s.keychain", getKeychainPath()); //@@@ leak - - // don't add to searchlist - KeychainCore::Keychain keychain = KeychainCore::globals().storageManager.make(Required(&masterKeychain),false); - KeychainCore::StorageManager::KeychainList keychains; - KeychainCore::globals().storageManager.optionalSearchList(keychain, keychains); - - // Code basically copied from SecKeychainSearchCreateFromAttributes and SecKeychainSearchCopyNext: - KeychainCore::KCCursor cursor(keychains, kSecCertificateItemClass, NULL); - KeychainCore::Item item; - if (!cursor->next(item)) - CssmError::throwMe(errSecItemNotFound); - -// KeychainCore::Certificate *certificate = static_cast(&*item); -// CSSM_DATA_PTR certData = static_cast(certificate->data()); - - return noErr; -} - -OSStatus SFFileVault::writeCertificateFile(CFDataRef certData) -{ - const char *certFile = getCertificateFileName(); - OSStatus status = writeFile(certFile, CFDataGetBytePtr(certData), CFDataGetLength(certData)); - if (certFile) - ::free(const_cast(certFile)); - return status; -} - -const char *SFFileVault::getKeychainPath() -{ - // Append ".keychain to get keychain name; append .cer to get certificate - char masterKeychainPath[PATH_MAX + 1]; - const char *envPath = getenv("FILEVAULT_MASTER_PATH"); // must set to full path or kc will end up in ~/Library/Keychains/ - if (!envPath) - envPath = _defaultMasterKeychainPath; - snprintf(masterKeychainPath, sizeof(masterKeychainPath), "%s%s", envPath, _masterKeychainName); -// std::cout << "Masterkeychain path: " << masterKeychainPath << std::endl; - size_t sz = strlen(masterKeychainPath)+1; - char *path = static_cast(malloc(sz)); - strncpy(path,masterKeychainPath,sz); - return static_cast(path); -} - -const char *SFFileVault::getCertificateFileName() -{ - char certFile[PATH_MAX + 1]; - snprintf(certFile, sizeof(certFile), "%s.cer", getKeychainPath()); - size_t sz = strlen(certFile)+1; - char *path = static_cast(malloc(sz)); - strncpy(path,certFile,sz); - return static_cast(path); -} - -int SFFileVault::writeFile(const char *fileName, const unsigned char *bytes, unsigned int numBytes) -{ - int fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600); - if (fd <= 0) - return errno; - - if (lseek(fd, 0, SEEK_SET) < 0) - return errno; - - int rtn = write(fd, bytes, (size_t)numBytes); - rtn = (rtn != static_cast(numBytes))?EIO:0; - close(fd); - return rtn; -} - -#pragma mark -------------------- Unused -------------------- - diff --git a/Keychain/SFFileVault.h b/Keychain/SFFileVault.h deleted file mode 100644 index 71e2a8cc..00000000 --- a/Keychain/SFFileVault.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * SFFileVault.h - * testFileVaultSPI - * - * Created by john on Mon Jul 14 2003. - * - */ - -#include -#include - -class ExecCLITool; - -class SFFileVault -{ -public: - SFFileVault() {}; - ~SFFileVault() {}; - - OSStatus mount(CFStringRef password, CFURLRef certificate, CFURLRef dmgin, - CFURLRef mountpoint,CFStringRef *devicepath); - OSStatus mastermount(CFURLRef dmgin, CFURLRef mountpoint, CFStringRef *devicepath); - OSStatus unmount(CFURLRef mountpoint,CFStringRef devicepath); - - OSStatus userChangePassword(CFStringRef password, CFStringRef devicepath); - OSStatus makeMasterPassword(CFStringRef masterPasswordPassword, SecKeychainRef *keychain); - OSStatus create(CFStringRef password, CFURLRef certificate, CFURLRef dmgout, - CFStringRef volumeName, CFStringRef sizeSpec); - Boolean masterPasswordEnabled(SecKeychainRef *keychainRef); - OSStatus changeMasterPasswordPassword(CFStringRef oldPassword,CFStringRef newPassword); - - OSStatus getCertificate(CFURLRef *certificate); - -private: - CFStringRef extractDevicepath(const ExecCLITool& rt); - const char *getKeychainPath(); - const char *getCertificateFileName(); - OSStatus writeCertificateFile(CFDataRef certData); - int writeFile(const char *fileName, const unsigned char *bytes, unsigned int numBytes); - - static const char * const _defaultMasterKeychainPath; - static const char * const _masterKeychainName ; -}; diff --git a/Keychain/Schema.h b/Keychain/Schema.h deleted file mode 100644 index 6c22aa07..00000000 --- a/Keychain/Schema.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Schema.h -// -#ifndef _SECURITY_SCHEMA_H_ -#define _SECURITY_SCHEMA_H_ - -#include - -namespace Security { - -namespace KeychainCore { - -namespace Schema { - -CSSM_DB_RECORDTYPE recordTypeFor(SecItemClass itemClass); -SecItemClass itemClassFor(CSSM_DB_RECORDTYPE recordType); -const CSSM_DB_ATTRIBUTE_INFO &attributeInfo(SecKeychainAttrType attrType); - -extern const CSSM_DB_ATTRIBUTE_INFO RelationID; -extern const CSSM_DB_ATTRIBUTE_INFO RelationName; -extern const CSSM_DB_ATTRIBUTE_INFO AttributeID; -extern const CSSM_DB_ATTRIBUTE_INFO AttributeNameFormat; -extern const CSSM_DB_ATTRIBUTE_INFO AttributeName; -extern const CSSM_DB_ATTRIBUTE_INFO AttributeNameID; -extern const CSSM_DB_ATTRIBUTE_INFO AttributeFormat; -extern const CSSM_DB_ATTRIBUTE_INFO IndexType; - -extern const CSSM_DBINFO DBInfo; - -// Certificate attributes and schema -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertType; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertEncoding; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePrintName; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateAlias; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubject; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateIssuer; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSerialNumber; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubjectKeyIdentifier; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePublicKeyHash; - -extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO X509CertificateSchemaAttributeList[]; -extern const CSSM_DB_SCHEMA_INDEX_INFO X509CertificateSchemaIndexList[]; -extern const uint32 X509CertificateSchemaAttributeCount; -extern const uint32 X509CertificateSchemaIndexCount; - -// CRL attributes and schema -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlCrlType; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlCrlEncoding; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlPrintName; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlAlias; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlIssuer; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlSerialNumber; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlThisUpdate; -extern const CSSM_DB_ATTRIBUTE_INFO kX509CrlNextUpdate; - -extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO X509CrlSchemaAttributeList[]; -extern const CSSM_DB_SCHEMA_INDEX_INFO X509CrlSchemaIndexList[]; -extern const uint32 X509CrlSchemaAttributeCount; -extern const uint32 X509CrlSchemaIndexCount; - -// UserTrust records attributes and schema -extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedCertificate; -extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedPolicy; - -extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO UserTrustSchemaAttributeList[]; -extern const CSSM_DB_SCHEMA_INDEX_INFO UserTrustSchemaIndexList[]; -extern const uint32 UserTrustSchemaAttributeCount; -extern const uint32 UserTrustSchemaIndexCount; - -} // end namespace Schema - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_SCHEMA_H_ diff --git a/Keychain/Schema.m4 b/Keychain/Schema.m4 deleted file mode 100644 index 82696d6d..00000000 --- a/Keychain/Schema.m4 +++ /dev/null @@ -1,418 +0,0 @@ -divert(-1) -changecom(/*, */) -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -define(`startClass', -`define(`arrayIndex', 0)dnl -define(`class', $1)dnl -divert(0)dnl -// $1 password attributes -static const CSSM_DB_ATTRIBUTE_INFO $1Attributes[] = -{ -divert(1)dnl -// $1 password indices -static const CSSM_DB_INDEX_INFO $1Indices[] = -{') - -define(`endClass', -`divert(0)dnl -}; - -divert(1)dnl -` // Unique (primary) index' -undivert(3) -` // Secondary indices' -undivert(4)dnl -}; - -divert(-1)') - -define(`attributeBody', -` { -ifelse(index(`$1',`s'),-1, -` CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - {(char *)$3},', -` CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {$4},') - CSSM_DB_ATTRIBUTE_FORMAT_$7 - }') - -define(`simpleAttribute', -`const CSSM_DB_ATTRIBUTE_INFO $2 = -attributeBody($*); -') - -define(`attribute', -`ifelse(index(`$1',`U'),-1,`', -`divert(3)dnl - { - CSSM_DB_INDEX_UNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE, -attributeBody($*) - }, -')dnl -ifelse(index(`$1',`I'),-1,`', -`divert(4)dnl - { - CSSM_DB_INDEX_NONUNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE, -attributeBody($*) - }, -')dnl -divert(2)dnl -dnl const CSSM_DB_ATTRIBUTE_INFO &`k'class()$2 = class()Attributes[arrayIndex()]; -`#define k'class()$2 class()Attributes[arrayIndex()]; -divert(0)dnl -attributeBody($*),dnl -define(`arrayIndex', incr(arrayIndex))dnl -') - -define(`attrInfo', -`{ - $1, - sizeof($2Attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), - const_cast($2Attributes) - }') - -define(`indexInfo', -`{ - $1, - sizeof($2Indices) / sizeof(CSSM_DB_INDEX_INFO), - const_cast($2Indices) - }') - -define(`parseInfo', -`{ - CSSM_DB_RECORDTYPE_APP_DEFINED_START, - { - {0,0,0,{0}}, - {0,0}, - 0, - 0 - } - }') - -define(`startNewClass', -`define(`indexIndex', 0)dnl -define(`class', $1)dnl -divert(2)dnl -// $1 attributes -const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] = -{ -divert(3)dnl -// $1 indices -const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] = -{') - -define(`endNewClass', -`divert(2)dnl -}; - -const uint32 class()SchemaAttributeCount = sizeof(class()SchemaAttributeList) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO); - -divert(3)dnl -` // Unique (primary) index' -undivert(5) -` // Secondary indices' -undivert(6)dnl -}; - -const uint32 class()SchemaIndexCount = sizeof(class()SchemaIndexList) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO); - -undivert(4)dnl -divert(0)dnl -undivert(2)dnl -undivert(3)dnl') - -define(`newAttributeBody', -`{ -ifelse(index(`$1',`s'),-1, -` CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - {(char *)$3},', -` CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {$4},') - CSSM_DB_ATTRIBUTE_FORMAT_$7 -}') - -define(`simpleNewAttribute', -`const CSSM_DB_ATTRIBUTE_INFO `k'class()$2 = -newAttributeBody($*); -') - -define(`newAttribute', -`divert(2)dnl - { $3, $4, { $5, $6 }, CSSM_DB_ATTRIBUTE_FORMAT_$7 }, -divert(-1) -ifelse(index(`$1',`S'),-1,`', -`divert(4)dnl -simpleNewAttribute($*) -divert(-1)')dnl - -ifelse(index(`$1',`U'),-1,`', -`divert(5)dnl - { $3, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, -divert(-1)')dnl -ifelse(index(`$1',`I'),-1,`', -`define(`indexIndex', incr(indexIndex))dnl -divert(6)dnl - { $3, indexIndex(), CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, -divert(-1)')') - -/* Start of actual output */ -divert(0)dnl -/* - * Generated by m4 from Schema.m4 please do not edit this file. - */ - -`#include ' - -`#include ' -`#include ' -`#include ' -`#include ' -`#include ' - -namespace Security { - -namespace KeychainCore { - -namespace Schema { - -// Meta attributes -simpleAttribute(` s', RelationID, 0, "RelationID", 0, NULL, UINT32) -simpleAttribute(` s', RelationName, 1, "RelationName", 0, NULL, STRING) -simpleAttribute(` s', AttributeID, 1, "AttributeID", 0, NULL, UINT32) -simpleAttribute(` s', AttributeNameFormat, 2, "AttributeNameFormat", 0, NULL, UINT32) -simpleAttribute(` s', AttributeName, 3, "AttributeName", 0, NULL, STRING) -simpleAttribute(` s', AttributeNameID, 4, "AttributeNameID", 0, NULL, BLOB) -simpleAttribute(` s', AttributeFormat, 5, "AttributeFormat", 0, NULL, UINT32) -simpleAttribute(` s', IndexType, 3, "IndexType", 0, NULL, UINT32) - -divert(-1) -startClass(Generic) -attribute(` i', CreationDate, kSecCreationDateItemAttr, "CreationDate", 0, NULL, TIME_DATE) -attribute(` i', ModDate, kSecModDateItemAttr, "ModDate", 0, NULL, TIME_DATE) -attribute(` i', Description, kSecDescriptionItemAttr, "Description", 0, NULL, BLOB) -attribute(` i', Comment, kSecCommentItemAttr, "Comment", 0, NULL, BLOB) -attribute(` i', Creator, kSecCreatorItemAttr, "Creator", 0, NULL, UINT32) -attribute(` i', Type, kSecTypeItemAttr, "Type", 0, NULL, UINT32) -attribute(` i', ScriptCode, kSecScriptCodeItemAttr, "ScriptCode", 0, NULL, SINT32) -attribute(` s', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -attribute(` s', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) -attribute(` i', Invisible, kSecInvisibleItemAttr, "Invisible", 0, NULL, SINT32) -attribute(` i', Negative, kSecNegativeItemAttr, "Negative", 0, NULL, SINT32) -attribute(` i', CustomIcon, kSecCustomIconItemAttr, "CustomIcon", 0, NULL, SINT32) -attribute(` i', Protected, kSecProtectedDataItemAttr, "Protected", 0, NULL, BLOB) -attribute(`UIi', Account, kSecAccountItemAttr, "Account", 0, NULL, BLOB) -attribute(`UIi', Service, kSecServiceItemAttr, "Service", 0, NULL, BLOB) -attribute(` i', Generic, kSecGenericItemAttr, "Generic", 0, NULL, BLOB) -endClass() - -startClass(Appleshare) -attribute(` i', CreationDate, kSecCreationDateItemAttr, "CreationDate", 0, NULL, TIME_DATE) -attribute(` i', ModDate, kSecModDateItemAttr, "ModDate", 0, NULL, TIME_DATE) -attribute(` i', Description, kSecDescriptionItemAttr, "Description", 0, NULL, BLOB) -attribute(` i', Comment, kSecCommentItemAttr, "Comment", 0, NULL, BLOB) -attribute(` i', Creator, kSecCreatorItemAttr, "Creator", 0, NULL, UINT32) -attribute(` i', Type, kSecTypeItemAttr, "Type", 0, NULL, UINT32) -attribute(` i', ScriptCode, kSecScriptCodeItemAttr, "ScriptCode", 0, NULL, SINT32) -attribute(` s', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -attribute(` s', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) -attribute(` i', Invisible, kSecInvisibleItemAttr, "Invisible", 0, NULL, SINT32) -attribute(` i', Negative, kSecNegativeItemAttr, "Negative", 0, NULL, SINT32) -attribute(` i', CustomIcon, kSecCustomIconItemAttr, "CustomIcon", 0, NULL, SINT32) -attribute(` i', Protected, kSecProtectedDataItemAttr, "Protected", 0, NULL, BLOB) -attribute(`UIi', Account, kSecAccountItemAttr, "Account", 0, NULL, BLOB) -attribute(`UIi', Volume, kSecVolumeItemAttr, "Volume", 0, NULL, BLOB) -attribute(` i', Server, kSecServerItemAttr, "Server", 0, NULL, BLOB) -attribute(` i', Protocol, kSecProtocolItemAttr, "Protocol", 0, NULL, UINT32) -attribute(`UIi', Address, kSecAddressItemAttr, "Address", 0, NULL, BLOB) -attribute(`UIi', Signature, kSecSignatureItemAttr, "Signature", 0, NULL, BLOB) -endClass() - -startClass(Internet) -attribute(` i', CreationDate, kSecCreationDateItemAttr, "CreationDate", 0, NULL, TIME_DATE) -attribute(` i', ModDate, kSecModDateItemAttr, "ModDate", 0, NULL, TIME_DATE) -attribute(` i', Description, kSecDescriptionItemAttr, "Description", 0, NULL, BLOB) -attribute(` i', Comment, kSecCommentItemAttr, "Comment", 0, NULL, BLOB) -attribute(` i', Creator, kSecCreatorItemAttr, "Creator", 0, NULL, UINT32) -attribute(` i', Type, kSecTypeItemAttr, "Type", 0, NULL, UINT32) -attribute(` i', ScriptCode, kSecScriptCodeItemAttr, "ScriptCode", 0, NULL, SINT32) -attribute(` s', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -attribute(` s', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) -attribute(` i', Invisible, kSecInvisibleItemAttr, "Invisible", 0, NULL, SINT32) -attribute(` i', Negative, kSecNegativeItemAttr, "Negative", 0, NULL, SINT32) -attribute(` i', CustomIcon, kSecCustomIconItemAttr, "CustomIcon", 0, NULL, SINT32) -attribute(` i', Protected, kSecProtectedDataItemAttr, "Protected", 0, NULL, BLOB) -attribute(`UIi', Account, kSecAccountItemAttr, "Account", 0, NULL, BLOB) -attribute(`UIi', SecurityDomain, kSecSecurityDomainItemAttr, "SecurityDomain", 0, NULL, BLOB) -attribute(`UIi', Server, kSecServerItemAttr, "Server", 0, NULL, BLOB) -attribute(`UIi', Protocol, kSecProtocolItemAttr, "Protocol", 0, NULL, UINT32) -attribute(`UIi', AuthType, kSecAuthenticationTypeItemAttr, "AuthType", 0, NULL, BLOB) -attribute(`UIi', Port, kSecPortItemAttr, "Port", 0, NULL, UINT32) -attribute(`UIi', Path, kSecPathItemAttr, "Path", 0, NULL, BLOB) -endClass() - -startNewClass(X509Certificate) -newAttribute(`UISs', CertType, kSecCertTypeItemAttr, "CertType", 0, NULL, UINT32) -newAttribute(` Ss', CertEncoding, kSecCertEncodingItemAttr, "CertEncoding", 0, NULL, UINT32) -newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -newAttribute(` ISs', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) -newAttribute(` ISs', Subject, kSecSubjectItemAttr, "Subject", 0, NULL, BLOB) -newAttribute(`UISs', Issuer, kSecIssuerItemAttr, "Issuer", 0, NULL, BLOB) -newAttribute(`UISs', SerialNumber, kSecSerialNumberItemAttr, "SerialNumber", 0, NULL, BLOB) -newAttribute(` ISs', SubjectKeyIdentifier, kSecSubjectKeyIdentifierItemAttr, "SubjectKeyIdentifier", 0, NULL, BLOB) -newAttribute(` ISs', PublicKeyHash, kSecPublicKeyHashItemAttr, "PublicKeyHash", 0, NULL, BLOB) -endNewClass() - -startNewClass(X509Crl) -newAttribute(`UISs', CrlType, kSecCrlTypeItemAttr, "CrlType", 0, NULL, UINT32) -newAttribute(` Ss', CrlEncoding, kSecCrlEncodingItemAttr, "CrlEncoding", 0, NULL, UINT32) -newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -newAttribute(` Ss', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) -newAttribute(`UISs', Issuer, kSecIssuerItemAttr, "Issuer", 0, NULL, BLOB) -newAttribute(`UISs', ThisUpdate, kSecThisUpdateItemAttr, "ThisUpdate", 0, NULL, BLOB) -newAttribute(`UISs', NextUpdate, kSecNextUpdateItemAttr, "NextUpdate", 0, NULL, BLOB) -newAttribute(` Ss', URI, kSecUriItemAttr, "URI", 0, NULL, BLOB) -newAttribute(` ISs', CrlNumber, kSecCrlNumberItemAttr, "CrlNumber", 0, NULL, UINT32) -newAttribute(` ISs', DeltaCrlNumber, kSecDeltaCrlNumberItemAttr, "DeltaCrlNumber", 0, NULL, UINT32) -endNewClass() - -startNewClass(UserTrust) -newAttribute(`UISs', TrustedCertificate, kSecTrustCertAttr, "TrustedCertificate", 0, NULL, BLOB) -newAttribute(`UISs', TrustedPolicy, kSecTrustPolicyAttr, "TrustedPolicy", 0, NULL, BLOB) -newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) -endNewClass() - - -divert(3) -static const CSSM_DB_RECORD_ATTRIBUTE_INFO Attributes[] = -{ - attrInfo(CSSM_DL_DB_RECORD_GENERIC_PASSWORD, Generic), - attrInfo(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD, Appleshare), - attrInfo(CSSM_DL_DB_RECORD_INTERNET_PASSWORD, Internet) -}; - -static const CSSM_DB_RECORD_INDEX_INFO Indices[] = -{ - indexInfo(CSSM_DL_DB_RECORD_GENERIC_PASSWORD, Generic), - indexInfo(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD, Appleshare), - indexInfo(CSSM_DL_DB_RECORD_INTERNET_PASSWORD, Internet) -}; - -static const CSSM_DB_PARSING_MODULE_INFO ParseInfos[] = -{ - parseInfo(), - parseInfo(), - parseInfo() -}; - -// -// Public stuff -// -const CSSM_DBINFO DBInfo = -{ - sizeof(Attributes) / sizeof(CSSM_DB_RECORD_ATTRIBUTE_INFO), - const_cast(ParseInfos), - const_cast(Attributes), - const_cast(Indices), - CSSM_TRUE, - NULL, - NULL -}; - -// -// Schema methods -// -CSSM_DB_RECORDTYPE -recordTypeFor(SecItemClass itemClass) -{ - switch (itemClass) - { - case kSecGenericPasswordItemClass: return CSSM_DL_DB_RECORD_GENERIC_PASSWORD; - case kSecInternetPasswordItemClass: return CSSM_DL_DB_RECORD_INTERNET_PASSWORD; - case kSecAppleSharePasswordItemClass: return CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD; - default: return CSSM_DB_RECORDTYPE(itemClass); - } -} - -SecItemClass -itemClassFor(CSSM_DB_RECORDTYPE recordType) -{ - switch (recordType) - { - case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: return kSecGenericPasswordItemClass; - case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: return kSecInternetPasswordItemClass; - case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: return kSecAppleSharePasswordItemClass; - default: return SecItemClass(recordType); - } -} - -const CSSM_DB_ATTRIBUTE_INFO & -attributeInfo(SecKeychainAttrType attrType) -{ - switch (attrType) - { - case kSecCreationDateItemAttr: return kGenericCreationDate; - case kSecModDateItemAttr: return kGenericModDate; - case kSecDescriptionItemAttr: return kGenericDescription; - case kSecCommentItemAttr: return kGenericComment; - case kSecCreatorItemAttr: return kGenericCreator; - case kSecTypeItemAttr: return kGenericType; - case kSecScriptCodeItemAttr: return kGenericScriptCode; - case kSecLabelItemAttr: return kGenericPrintName; - case kSecAliasItemAttr: return kGenericAlias; - case kSecInvisibleItemAttr: return kGenericInvisible; - case kSecNegativeItemAttr: return kGenericNegative; - case kSecCustomIconItemAttr: return kGenericCustomIcon; - /* Unique Generic password attributes */ - case kSecAccountItemAttr: return kGenericAccount; - case kSecServiceItemAttr: return kGenericService; - case kSecGenericItemAttr: return kGenericGeneric; - /* Unique Appleshare password attributes */ - case kSecVolumeItemAttr: return kAppleshareVolume; - case kSecAddressItemAttr: return kAppleshareAddress; - case kSecSignatureItemAttr: return kAppleshareSignature; - /* Unique AppleShare and Internet attributes */ - case kSecServerItemAttr: return kAppleshareServer; - case kSecProtocolItemAttr: return kAppleshareProtocol; - /* Unique Internet password attributes */ - case kSecSecurityDomainItemAttr: return kInternetSecurityDomain; - case kSecAuthenticationTypeItemAttr: return kInternetAuthType; - case kSecPortItemAttr: return kInternetPort; - case kSecPathItemAttr: return kInternetPath; - /* Unique Certificate attributes */ - case kSecCertTypeItemAttr: return kX509CertificateCertType; - case kSecCertEncodingItemAttr: return kX509CertificateCertEncoding; - case kSecSubjectItemAttr: return kX509CertificateSubject; - case kSecIssuerItemAttr: return kX509CertificateIssuer; - case kSecSerialNumberItemAttr: return kX509CertificateSerialNumber; - case kSecSubjectKeyIdentifierItemAttr: return kX509CertificateSubjectKeyIdentifier; - case kSecPublicKeyHashItemAttr: return kX509CertificatePublicKeyHash; - /* Unique UserTrust attributes */ - case kSecTrustCertAttr: return kUserTrustTrustedCertificate; - case kSecTrustPolicyAttr: return kUserTrustTrustedPolicy; - default: MacOSError::throwMe(errSecNoSuchAttr); // @@@ Not really but whatever. - } -} - -} // end namespace Schema - -} // end namespace KeychainCore - -} // end namespace Security diff --git a/Keychain/SecACL.cpp b/Keychain/SecACL.cpp deleted file mode 100644 index d0dc80c1..00000000 --- a/Keychain/SecACL.cpp +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include - -#include "SecBridge.h" - - -// -// Local functions -// -static void setApplications(ACL *acl, CFArrayRef applicationList); - - -CFTypeID -SecACLGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().ACL.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -/*! - */ -OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef, - CFArrayRef applicationList, - CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector, - SecACLRef *newAcl) -{ - BEGIN_SECAPI - SecPointer access = Access::required(accessRef); - SecPointer acl = new ACL(*access, cfString(description), *promptSelector); - if (applicationList) { - // application-list + prompt - acl->form(ACL::appListForm); - setApplications(acl, applicationList); - } else { - // allow-any - acl->form(ACL::allowAllForm); - } - access->add(acl.get()); - Required(newAcl) = acl->handle(); - END_SECAPI -} - - -/*! - */ -OSStatus SecACLRemove(SecACLRef aclRef) -{ - BEGIN_SECAPI - ACL::required(aclRef)->remove(); - END_SECAPI -} - - -static SecTrustedApplicationRef -convert(const SecPointer &trustedApplication) -{ - return *trustedApplication; -} - -/*! - */ -OSStatus SecACLCopySimpleContents(SecACLRef aclRef, - CFArrayRef *applicationList, - CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) -{ - BEGIN_SECAPI - SecPointer acl = ACL::required(aclRef); - switch (acl->form()) { - case ACL::allowAllForm: - Required(applicationList) = NULL; - Required(promptDescription) = - acl->promptDescription().empty() ? NULL - : makeCFString(acl->promptDescription()); - Required(promptSelector) = acl->promptSelector(); - break; - case ACL::appListForm: - Required(applicationList) = - makeCFArray(convert, acl->applications()); - Required(promptDescription) = makeCFString(acl->promptDescription()); - Required(promptSelector) = acl->promptSelector(); - break; - default: - return errSecACLNotSimple; // custom or unknown - } - END_SECAPI -} - -OSStatus SecACLSetSimpleContents(SecACLRef aclRef, - CFArrayRef applicationList, - CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) -{ - BEGIN_SECAPI - SecPointer acl = ACL::required(aclRef); - acl->promptDescription() = description ? cfString(description) : ""; - acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector; - if (applicationList) { - // application-list + prompt - acl->form(ACL::appListForm); - setApplications(acl, applicationList); - } else { - // allow-any - acl->form(ACL::allowAllForm); - } - acl->modify(); - END_SECAPI -} - - -// -// Stuff a CFArray-of-SecTrustedApplications into an ACL object -// -static void setApplications(ACL *acl, CFArrayRef applicationList) -{ - ACL::ApplicationList &appList = acl->applications(); - appList.clear(); - //@@@ should really use STL iterator overlay on CFArray. By hand... - CFIndex count = CFArrayGetCount(applicationList); - for (CFIndex n = 0; n < count; n++) - appList.push_back(TrustedApplication::required( - SecTrustedApplicationRef(CFArrayGetValueAtIndex(applicationList, n)))); -} - - -// -// Set and get the authorization tags of an ACL entry -// -OSStatus SecACLGetAuthorizations(SecACLRef acl, - CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount) -{ - BEGIN_SECAPI - AclAuthorizationSet auths = ACL::required(acl)->authorizations(); - if (Required(tagCount) < auths.size()) { // overflow - *tagCount = auths.size(); // report size required - CssmError::throwMe(paramErr); - } - *tagCount = auths.size(); - copy(auths.begin(), auths.end(), tags); - END_SECAPI -} - -OSStatus SecACLSetAuthorizations(SecACLRef aclRef, - CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount) -{ - BEGIN_SECAPI - SecPointer acl = ACL::required(aclRef); - if (acl->isOwner()) // can't change rights of the owner ACL - MacOSError::throwMe(errSecInvalidOwnerEdit); - AclAuthorizationSet &auths = acl->authorizations(); - auths.clear(); - copy(tags, tags + tagCount, insert_iterator(auths, auths.begin())); - acl->modify(); - END_SECAPI -} diff --git a/Keychain/SecACL.h b/Keychain/SecACL.h deleted file mode 100644 index 169e28c4..00000000 --- a/Keychain/SecACL.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecACL - The functions provided in SecACL are for managing entries in the access control list. -*/ - -#ifndef _SECURITY_SECACL_H_ -#define _SECURITY_SECACL_H_ - -#include -#include -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecACLGetTypeID - @abstract Returns the type identifier of SecACL instances. - @result The CFTypeID of SecACL instances. -*/ -CFTypeID SecACLGetTypeID(void); - -/*! - @function SecACLCreateFromSimpleContents - @abstract Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item's access. - @param access An access reference. - @param applicationList An array of SecTrustedApplication instances that will be allowed access without prompting. - @param description The human readable name that will be used to refer to this item when the user is prompted. - @param promptSelector A pointer to a CSSM prompt selector. - @param newAcl A pointer to an access control list entry. On return, this points to the reference of the new access control list entry. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecACLCreateFromSimpleContents(SecAccessRef access, - CFArrayRef applicationList, - CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector, - SecACLRef *newAcl); - -/*! - @function SecACLRemove - @abstract Removes the access control list entry specified. - @param aclRef The reference to the access control list entry to remove. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecACLRemove(SecACLRef aclRef); - -/*! - @function SecACLGetSimpleContents - @abstract Returns the application list, description, and CSSM prompt selector for a given access control list entry. - @param acl An access control list entry reference. - @param applicationList On return, An array of SecTrustedApplication instances that will be allowed access without prompting, for the given access control list entry. The caller needs to call CFRelease on this array when it's no longer needed. - @param description On return, the human readable name that will be used to refer to this item when the user is prompted, for the given access control list entry. The caller needs to call CFRelease on this string when it's no longer needed. - @param promptSelector A pointer to a CSSM prompt selector. On return, this points to the CSSM prompt selector for the given access control list entry. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecACLCopySimpleContents(SecACLRef acl, - CFArrayRef *applicationList, - CFStringRef *description, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector); - -/*! - @function SecACLSetSimpleContents - @abstract Sets the application list, description, and CSSM prompt selector for a given access control list entry. - @param acl A reference to the access control list entry to edit. - @param applicationList An application list reference. - @param description The human readable name that will be used to refer to this item when the user is prompted. - @param promptSelector A pointer to a CSSM prompt selector. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecACLSetSimpleContents(SecACLRef acl, - CFArrayRef applicationList, - CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector); - -/*! - @function SecACLGetAuthorizations - @abstract Retrieve the CSSM authorization tags of a given access control list entry. - @param acl An access control list entry reference. - @param tags On return, this points to the first item in an array of CSSM authorization tags. - @param tagCount On return, this points to the number of tags in the CSSM authorization tag array. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecACLGetAuthorizations(SecACLRef acl, - CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount); - -/*! - @function SecACLSetAuthorizations - @abstract Sets the CSSM authorization tags of a given access control list entry. - @param acl An access control list entry reference. - @param tags A pointer to the first item in an array of CSSM authorization tags. - @param tagCount The number of tags in the CSSM authorization tag array. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecACLSetAuthorizations(SecACLRef acl, - CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECACL_H_ */ \ No newline at end of file diff --git a/Keychain/SecAccess.cpp b/Keychain/SecAccess.cpp deleted file mode 100644 index f71cd286..00000000 --- a/Keychain/SecAccess.cpp +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include "SecBridge.h" - - -// -// CF boilerplate -// -CFTypeID SecAccessGetTypeID(void) -{ - BEGIN_SECAPI - return gTypes().Access.typeID; - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -// -// API bridge calls -// -/*! - * Create a new SecAccessRef that is set to the default configuration - * of a (newly created) security object. - */ -OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedList, SecAccessRef *accessRef) -{ - BEGIN_SECAPI - Required(descriptor); - SecPointer access; - if (trustedList) { - CFIndex length = CFArrayGetCount(trustedList); - ACL::ApplicationList trusted; - for (CFIndex n = 0; n < length; n++) - trusted.push_back(TrustedApplication::required( - SecTrustedApplicationRef(CFArrayGetValueAtIndex(trustedList, n)))); - access = new Access(cfString(descriptor), trusted); - } else { - access = new Access(cfString(descriptor)); - } - Required(accessRef) = access->handle(); - END_SECAPI -} - - -/*! - */ -OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, - SecAccessRef *accessRef) -{ - BEGIN_SECAPI - Required(accessRef); // preflight - SecPointer access = new Access(Required(owner), aclCount, &Required(acls)); - *accessRef = access->handle(); - END_SECAPI -} - - -/*! - */ -OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, - CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, - uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls) -{ - BEGIN_SECAPI - Access::required(accessRef)->copyOwnerAndAcl( - Required(owner), Required(aclCount), Required(acls)); - END_SECAPI -} - - -/*! - */ -OSStatus SecAccessCopyACLList(SecAccessRef accessRef, - CFArrayRef *aclList) -{ - BEGIN_SECAPI - Required(aclList) = Access::required(accessRef)->copySecACLs(); - END_SECAPI -} - - -/*! - */ -OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, - CSSM_ACL_AUTHORIZATION_TAG action, - CFArrayRef *aclList) -{ - BEGIN_SECAPI - Required(aclList) = Access::required(accessRef)->copySecACLs(action); - END_SECAPI -} diff --git a/Keychain/SecAccess.h b/Keychain/SecAccess.h deleted file mode 100644 index 13c02ebf..00000000 --- a/Keychain/SecAccess.h +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecAccess - SecAccess implements a way to set and manipulate access control rules and - restrictions on SecKeychainItems. -*/ - -#ifndef _SECURITY_SECACCESS_H_ -#define _SECURITY_SECACCESS_H_ - -#include -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecAccessGetTypeID - @abstract Returns the type identifier of SecAccess instances. - @result The CFTypeID of SecAccess instances. -*/ -CFTypeID SecAccessGetTypeID(void); - -/*! - @function SecAccessCreate - @abstract Creates a new SecAccessRef that is set to the currently designated system default - configuration of a (newly created) security object. Note that the precise nature of - this default may change between releases. - @param descriptor The name of the item as it should appear in security dialogs - @param trustedlist A CFArray of TrustedApplicationRefs, specifying which applications - should be allowed to access an item without triggering confirmation dialogs. - If NULL, defaults to (just) the application creating the item. To set no applications, - pass a CFArray with no elements. - NOTE: This argument is not yet implemented. It is currently always treated as NULL. - @param accessRef On return, a pointer to the new access reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedlist, SecAccessRef *accessRef); - -/*! - @function SecAccessCreateFromOwnerAndACL - @abstract Creates a new SecAccessRef using the owner and access control list you provide. - @param owner A pointer to a CSSM access control list owner. - @param aclCount An unsigned 32-bit integer representing the number of items in the access control list. - @param acls A pointer to the access control list. - @param On return, a pointer to the new access reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, SecAccessRef *accessRef); - -/*! - @function SecAccessGetOwnerAndACL - @abstract Retrieves the owner and the access control list of a given access. - @param accessRef A reference to the access from which to retrieve the information. - @param owner On return, a pointer to the access control list owner. - @param aclCount On return, a pointer to an unsigned 32-bit integer representing the number of items in the access control list. - @param acls On return, a pointer to the access control list. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls); - -/*! - @function SecAccessCopyACLList - @abstract Copies all the access control lists of a given access. - @param accessRef A reference to the access from which to retrieve the information. - @param aclList On return, a pointer to a new created CFArray of SecACL instances. The caller is responsible for calling CFRelease on this array. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecAccessCopyACLList(SecAccessRef accessRef, CFArrayRef *aclList); - -/*! - @function SecAccessCopySelectedACLList - @abstract Copies selected access control lists from a given access. - @param accessRef A reference to the access from which to retrieve the information. - @param action An authorization tag specifying what action with which to select the action control lists. - @param aclList On return, a pointer to the selected access control lists. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, CSSM_ACL_AUTHORIZATION_TAG action, CFArrayRef *aclList); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECACCESS_H_ */ diff --git a/Keychain/SecAccessPriv.h b/Keychain/SecAccessPriv.h deleted file mode 100644 index 46e418fc..00000000 --- a/Keychain/SecAccessPriv.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecAccessPriv - SecAccessPriv implements a way to set and manipulate access control rules and - restrictions on SecKeychainItems. The functions here are private. -*/ - -#ifndef _SECURITY_SECACCESS_PRIV_H_ -#define _SECURITY_SECACCESS_PRIV_H_ - -#include -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecKeychainAddIToolsPassword - @abstract Creates a new iTools password using the access control list from iToolsTrustedApps.plist. - @param keychain A reference to the keychain to which to add the password. Pass NULL to add the password to the default keychain. - @param accountNameLength The length of the buffer pointed to by accountName. - @param accountName A pointer to a string containing the account name associated with this password. - @param passwordLength The length of the buffer pointed to by passwordData. - @param passwordData A pointer to a buffer containing the password data to be stored in the keychain. - @param itemRef On return, a reference to the new keychain item. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The SecKeychainAddIToolsPassword function adds a new iTools password to the specified keychain with an ACL composed of a list of trusted applications. A required parameter to identify the password is the accountName, which is an application-defined string. The servicename will always be "iTools". SecKeychainAddIToolsPassword optionally returns a reference to the newly added item. -*/ - -OSStatus SecKeychainAddIToolsPassword(SecKeychainRef keychain, UInt32 accountNameLength, const char *accountName, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECACCESS_PRIV_H_ */ diff --git a/Keychain/SecBase.h b/Keychain/SecBase.h deleted file mode 100644 index f9acecfc..00000000 --- a/Keychain/SecBase.h +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecBase - SecBase contains common declarations for the Security functions. -*/ - -#ifndef _SECURITY_SECBASE_H_ -#define _SECURITY_SECBASE_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -#ifndef __SEC_TYPES__ -#define __SEC_TYPES__ - -/*! - @typedef SecKeychainRef - @abstract Contains information about a keychain. -*/ -typedef struct OpaqueSecKeychainRef *SecKeychainRef; - -/*! - @typedef SecKeychainItemRef - @abstract Contains information about a keychain item. -*/ -typedef struct OpaqueSecKeychainItemRef *SecKeychainItemRef; - -/*! - @typedef SecKeychainSearchRef - @abstract Contains information about a keychain search. -*/ -typedef struct OpaqueSecKeychainSearchRef *SecKeychainSearchRef; - -/*! - @typedef SecKeychainAttrType - @abstract Represents a keychain attribute type. -*/ -typedef OSType SecKeychainAttrType; - -/*! - @struct SecKeychainAttribute - @abstract Contains keychain attributes. - @field tag A 4-byte attribute tag. - @field length The length of the buffer pointed to by data. - @field data A pointer to the attribute data. -*/ -struct SecKeychainAttribute -{ - SecKeychainAttrType tag; - UInt32 length; - void *data; -}; -typedef struct SecKeychainAttribute SecKeychainAttribute; - -/*! - @typedef SecKeychainAttributePtr - @abstract Represents a pointer to a keychain attribute structure. -*/ -typedef SecKeychainAttribute *SecKeychainAttributePtr; - -/*! - @typedef SecKeychainAttributeList - @abstract Represents a list of keychain attributes. - @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array. - @field attr A pointer to the first keychain attribute in the array. -*/ -struct SecKeychainAttributeList -{ - UInt32 count; - SecKeychainAttribute *attr; -}; -typedef struct SecKeychainAttributeList SecKeychainAttributeList; - -/*! - @typedef SecKeychainStatus - @abstract Represents the status of a keychain. -*/ -typedef UInt32 SecKeychainStatus; -#endif - -/*! - @typedef SecTrustedApplicationRef - @abstract Contains information about a trusted application. -*/ -typedef struct OpaqueSecTrustedApplicationRef *SecTrustedApplicationRef; - -/*! - @typedef SecPolicyRef - @abstract Contains information about a policy. -*/ -typedef struct OpaqueSecPolicyRef *SecPolicyRef; - -/*! - @typedef SecCertificateRef - @abstract Contains information about a certificate. -*/ -typedef struct OpaqueSecCertificateRef *SecCertificateRef; - -/*! - @typedef SecAccessRef - @abstract Contains information about an access. -*/ -typedef struct OpaqueSecAccessRef *SecAccessRef; - -/*! - @typedef SecIdentityRef - @abstract Contains information about an identity. -*/ -typedef struct OpaqueSecIdentityRef *SecIdentityRef; - -/*! - @typedef SecKeyRef - @abstract Contains information about a key. -*/ -typedef struct OpaqueSecKeyRef *SecKeyRef; - -/*! - @typedef SecACLRef - @abstract Contains information about an access control list (ACL) entry. -*/ -typedef struct OpaqueSecTrustRef *SecACLRef; - -/*! - @typedef SecKeychainAttributeInfo - @abstract Represents an attribute. - @field count The number of tag-format pairs in the respective arrays. - @field tag A pointer to the first attribute tag in the array. - @field format A pointer to the first attribute format in the array. - @discussion Each tag and format item form a pair. -*/ -struct SecKeychainAttributeInfo -{ - UInt32 count; - UInt32 *tag; - UInt32 *format; -}; -typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo; - -/*! -@enum Security Error Codes -@abstract Represents the result codes. -@constant errSecNotAvailable No keychain is available. -@constant errSecReadOnly Read only error. -@constant errSecAuthFailed Authorization/Authentication failed. -@constant errSecNoSuchKeychain The keychain does not exist. -@constant errSecInvalidKeychain The keychain is not valid. -@constant errSecDuplicateKeychain A keychain with the same name already exists. -@constant errSecDuplicateCallback The specified callback is already installed. -@constant errSecInvalidCallback The specified callback is not valid. -@constant errSecDuplicateItem The item already exists. -@constant errSecItemNotFound The item cannot be found. -@constant errSecBufferTooSmall The buffer is too small. -@constant errSecDataTooLarge The data is too large. -@constant errSecNoSuchAttr The attribute does not exist. -@constant errSecInvalidItemRef The item reference is invalid. -@constant errSecInvalidSearchRef The search reference is invalid. -@constant errSecNoSuchClass The keychain item class does not exist. -@constant errSecNoDefaultKeychain A default keychain does not exist. -@constant errSecInteractionNotAllowed Interaction is not allowed with the Security Server. -@constant errSecReadOnlyAttr The attribute is read only. -@constant errSecWrongSecVersion The version is incorrect. -@constant errSecKeySizeNotAllowed The key size is not allowed. -@constant errSecNoStorageModule There is no storage module available. -@constant errSecNoCertificateModule There is no certificate module available. -@constant errSecNoPolicyModule There is no policy module available. -@constant errSecInteractionRequired User interaction is required. -@constant errSecDataNotAvailable The data is not available. -@constant errSecDataNotModifiable The data is not modifiable. -@constant errSecCreateChainFailed The attempt to create a certificate chain failed. -@constant errSecACLNotSimple The access control list is not in standard simple form. -@constant errSecPolicyNotFound The policy specified cannot be found. -@constant errSecInvalidTrustSetting The trust setting is invalid. -@constant errSecNoAccessForItem The specified item has no access control. -@constant errSecInvalidOwnerEdit Invalid attempt to change the owner of this item. -@constant errSecTrustNotAvailable No trust results are available. -@discussion The assigned error space is discontinuous: -25240..-25279, -25290..25329. -*/ - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -enum -{ - errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */ - errSecReadOnly = -25292, /* This keychain cannot be modified. */ - errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */ - errSecNoSuchKeychain = -25294, /* The specified keychain could not be found. */ - errSecInvalidKeychain = -25295, /* The specified keychain is not a valid keychain file. */ - errSecDuplicateKeychain = -25296, /* A keychain with the same name already exists. */ - errSecDuplicateCallback = -25297, /* The specified callback function is already installed. */ - errSecInvalidCallback = -25298, /* The specified callback function is not valid. */ - errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */ - errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */ - errSecBufferTooSmall = -25301, /* There is not enough memory available to use the specified item. */ - errSecDataTooLarge = -25302, /* This item contains information which is too large or in a format that cannot be displayed. */ - errSecNoSuchAttr = -25303, /* The specified attribute does not exist. */ - errSecInvalidItemRef = -25304, /* The specified item is no longer valid. It may have been deleted from the keychain. */ - errSecInvalidSearchRef = -25305, /* Unable to search the current keychain. */ - errSecNoSuchClass = -25306, /* The specified item does not appear to be a valid keychain item. */ - errSecNoDefaultKeychain = -25307, /* A default keychain could not be found. */ - errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */ - errSecReadOnlyAttr = -25309, /* The specified attribute could not be modified. */ - errSecWrongSecVersion = -25310, /* This keychain was created by a different version of the system software and cannot be opened. */ - errSecKeySizeNotAllowed = -25311, /* This item specifies a key size which is too large. */ - errSecNoStorageModule = -25312, /* A required component (data storage module) could not be loaded. You may need to restart your computer. */ - errSecNoCertificateModule = -25313, /* A required component (certificate module) could not be loaded. You may need to restart your computer. */ - errSecNoPolicyModule = -25314, /* A required component (policy module) could not be loaded. You may need to restart your computer. */ - errSecInteractionRequired = -25315, /* User interaction is required, but is currently not allowed. */ - errSecDataNotAvailable = -25316, /* The contents of this item cannot be retrieved. */ - errSecDataNotModifiable = -25317, /* The contents of this item cannot be modified. */ - errSecCreateChainFailed = -25318, /* One or more certificates required to validate this certificate cannot be found. */ - errSecInvalidPrefsDomain = -25319, /* The specified preferences domain is not valid. */ - - errSecACLNotSimple = -25240, /* The specified access control list is not in standard (simple) form. */ - errSecPolicyNotFound = -25241, /* The specified policy cannot be found. */ - errSecInvalidTrustSetting = -25242, /* The specified trust setting is invalid. */ - errSecNoAccessForItem = -25243, /* The specified item has no access control. */ - errSecInvalidOwnerEdit = -25244, /* Invalid attempt to change the owner of this item. */ - errSecTrustNotAvailable = -25245 /* No trust results are available. */ -}; - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECBASE_H_ */ diff --git a/Keychain/SecBridge.h b/Keychain/SecBridge.h deleted file mode 100644 index 8cf93d6c..00000000 --- a/Keychain/SecBridge.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifndef _SECURITY_SECBRIDGE_H_ -#define _SECURITY_SECBRIDGE_H_ - -#include -#include -#include - -using namespace KeychainCore; - -// -// API boilerplate macros. These provide a frame for C++ code that is impermeable to exceptions. -// Usage: -// BEGIN_API -// ... your C++ code here ... -// END_API // returns CSSM_RETURN on exception -// END_API0 // returns nothing (void) on exception -// END_API1(bad) // return (bad) on exception -// -#define BEGIN_SECAPI \ - try { \ - StLock _(globals().apiLock); -#define END_SECAPI \ - } \ - catch (const MacOSError &err) { return err.osStatus(); } \ - catch (const CssmCommonError &err) { return GetKeychainErrFromCSSMErr(err.cssmError())/*err.cssmError(CSSM_CSSM_BASE_ERROR)*/; } \ - catch (const std::bad_alloc &) { return memFullErr; } \ - catch (...) { return internalComponentErr; } \ - return noErr; -#define END_SECAPI0 } catch (...) { return; } -#define END_SECAPI1(bad) } catch (...) { return bad; } - -#endif /* !_SECURITY_SECBRIDGE_H_ */ diff --git a/Keychain/SecCFTypes.cpp b/Keychain/SecCFTypes.cpp deleted file mode 100644 index 1d1a342d..00000000 --- a/Keychain/SecCFTypes.cpp +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// SecCFTypes.cpp - CF runtime interface -// - -#include -#include -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -SecCFTypes & -gTypes() -{ - static ModuleNexus nexus; - - return nexus(); -} - -} // end namespace KeychainCore - -} // end namespace Security - -using namespace KeychainCore; - -SecCFTypes::SecCFTypes() : - Access("SecAccess"), - ACL("SecACL"), - Certificate("SecCertificate"), - CertificateRequest("SecCertificateRequest"), - Identity("SecIdentity"), - IdentityCursor("SecIdentitySearch"), - ItemImpl("SecKeychainItem"), - KCCursorImpl("SecKeychainSearch"), - KeychainImpl("SecKeychain"), - KeyItem("SecKey"), - Policy("SecPolicy"), - PolicyCursor("SecPolicySearch"), - Trust("SecTrust"), - TrustedApplication("SecTrustedApplication"), - allocator(CFAllocatorCreate(NULL, &CFClass::allocatorContext)) -{ -} - -// -// CFClass -// -CFAllocatorContext CFClass::allocatorContext = -{ - 0, - NULL, - NULL, /* retain */ - NULL, /* release */ - NULL, /* copyDescription */ - allocatorAllocate, /* allocate */ - allocatorReallocate, /* reallocate */ - allocatorDeallocate, /* deallocate */ - allocatorPreferredSize /* preferredSize */ -}; - -CFClass::CFClass(const char *name) -{ - // initialize the CFRuntimeClass structure - version = 0; - className = name; - init = NULL; - copy = NULL; - finalize = NULL; - equal = equalType; - hash = hashType; - copyFormattingDesc = copyFormattingDescType; - copyDebugDesc = copyDebugDescType; - - // register - typeID = _CFRuntimeRegisterClass(this); - assert(typeID != _kCFRuntimeNotATypeID); -} - -Boolean -CFClass::equalType(CFTypeRef cf1, CFTypeRef cf2) -{ - // CF checks for pointer equality and ensures type equality already - return SecCFObject::optional(cf1)->equal(*SecCFObject::optional(cf2)); -} - -CFHashCode -CFClass::hashType(CFTypeRef cf) -{ - return SecCFObject::optional(cf)->hash(); -} - -CFStringRef -CFClass::copyFormattingDescType(CFTypeRef cf, CFDictionaryRef dict) -{ - return SecCFObject::optional(cf)->copyFormattingDesc(dict); -} - -CFStringRef -CFClass::copyDebugDescType(CFTypeRef cf) -{ - return SecCFObject::optional(cf)->copyDebugDesc(); -} - -// -// CFAllocatorContext callbacks. -// -void * -CFClass::allocatorAllocate(CFIndex allocSize, CFOptionFlags hint, void *info) -{ - return malloc(allocSize); -} - -void * -CFClass::allocatorReallocate(void *ptr, CFIndex newsize, CFOptionFlags hint, void *info) -{ - return realloc(ptr, newsize); -} - -void -CFClass::allocatorDeallocate(void *ptr, void *info) -{ - /* - * Called on a CFRelease of any Sec object: single thread through - * same lock held by public API calls. This is a recursive lock - * so it's safe to do this for CF objects allocated and released - * within the Sec layer. - */ - StLock _(globals().apiLock); - CFTypeRef cf = reinterpret_cast(reinterpret_cast(ptr) + sizeof(CFAllocatorRef)); - CFIndex rc = CFGetRetainCount(cf); - if (rc == 1) - { - SecCFObject *obj = SecCFObject::optional(cf); - if (!obj->isNew()) - obj->~SecCFObject(); - free(ptr); - } - else if (rc > 1) - { - // Since CFRelease did nothing other than call CFAllocatorDeallocate() followed - // by a CFRelease() of the allocator we need to counter that here. - CFRetain(CFGetAllocator(cf)); - CFRelease(cf); - } - else - { - // Something bad happened we're screwed - } -} - -CFIndex -CFClass::allocatorPreferredSize(CFIndex size, CFOptionFlags hint, void *info) -{ - return size; -} diff --git a/Keychain/SecCFTypes.h b/Keychain/SecCFTypes.h deleted file mode 100644 index 63873e83..00000000 --- a/Keychain/SecCFTypes.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// SecCFTypes.h - CF runtime interface -// -#ifndef _SECURITY_SECCFTYPES_H_ -#define _SECURITY_SECCFTYPES_H_ - -#include -#include - -namespace Security -{ - -namespace KeychainCore -{ - -class CFClass : protected CFRuntimeClass -{ -public: - CFClass(const char *name); - -private: - static Boolean equalType(CFTypeRef cf1, CFTypeRef cf2); - static CFHashCode hashType(CFTypeRef cf); - static CFStringRef copyFormattingDescType(CFTypeRef cf, CFDictionaryRef dict); - static CFStringRef copyDebugDescType(CFTypeRef cf); - - // CFAllocatorContext callbacks. - static void *allocatorAllocate(CFIndex allocSize, CFOptionFlags hint, void *info); - static void *allocatorReallocate(void *ptr, CFIndex newsize, CFOptionFlags hint, void *info); - static void allocatorDeallocate(void *ptr, void *info); - static CFIndex allocatorPreferredSize(CFIndex size, CFOptionFlags hint, void *info); - -public: - CFTypeID typeID; - static CFAllocatorContext allocatorContext; -}; - -/* Singleton that registers all the CFClass instances with the CFRuntime. - - To make something a CFTypeRef you need to make the actual object inheirit from SecCFObject and provide implementation of the virtual functions in that class. - - In addition to that you need to define an opque type for the C API like: - typedef struct __OpaqueYourObject *YourObjectRef; - - Add an instance of CFClass to the public section of SecCFTypes below to get it registered with the CFRuntime. - CFClass yourObject; - - XXX - In your C++ code you should use SecPointer to refer to instances of your class. SecPointers are just like autopointers and implement * and -> semantics. They refcount the underlying object. So to create an instance or your new object you would do something like: - - SecPointer instance(new YourObject()); - - SecPointers have copy semantics and if you subclass SecPointer and define a operator < on the subclass you can even safely store instances of your class in stl containers. - - Use then like this: - instance->somemethod(); - or if you want a reference to the underlying object: - YourObject &object = *instance; - if you want a pointer to the underlying object: - YourObject *object = instance.get(); - - In the API glue you will need to use: - SecPointer instance; - [...] get the instance somehow - return instance->handle(); - to return an opaque handle (the is a CFTypeRef) to your object. - - when you obtain an object as input use: - SecYourObjectRef ref; - SecPointer instance = YourObject::required(ref); - to get a SecPointer to an instance of your object from the external CFTypeRef. -*/ -class SecCFTypes -{ -public: - SecCFTypes(); - -public: - /* Add new instances of CFClass here that you want registered with the CF runtime. */ - CFClass Access; - CFClass ACL; - CFClass Certificate; - CFClass CertificateRequest; - CFClass Identity; - CFClass IdentityCursor; - CFClass ItemImpl; - CFClass KCCursorImpl; - CFClass KeychainImpl; - CFClass KeyItem; - CFClass Policy; - CFClass PolicyCursor; - CFClass Trust; - CFClass TrustedApplication; - - CFAllocatorRef allocator; -}; - -extern SecCFTypes &gTypes(); - -} // end namespace KeychainCore - -} // end namespace Security - - -#endif // !_SECURITY_SECCFTYPES_H_ diff --git a/Keychain/SecCertificate.cpp b/Keychain/SecCertificate.cpp deleted file mode 100644 index de95f462..00000000 --- a/Keychain/SecCertificate.cpp +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include -#include - -#include "SecBridge.h" - -CFTypeID -SecCertificateGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().Certificate.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate) -{ - BEGIN_SECAPI - - SecPointer certificatePtr(new Certificate(Required(data), type, encoding)); - Required(certificate) = certificatePtr->handle(); - - END_SECAPI -} - - -OSStatus -SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain) -{ - BEGIN_SECAPI - - Item item(Certificate::required(certificate)); - Keychain::optional(keychain)->add(item); - - END_SECAPI -} - -OSStatus -SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) -{ - BEGIN_SECAPI - - Required(data) = Certificate::required(certificate)->data(); - - END_SECAPI -} - - -OSStatus -SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType) -{ - BEGIN_SECAPI - - Required(certificateType) = Certificate::required(certificate)->type(); - - END_SECAPI -} - - -OSStatus -SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME* subject) -{ - BEGIN_SECAPI - - Certificate::required(certificate)->getSubject(Required(subject)); - - END_SECAPI -} - - -OSStatus -SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME* issuer) -{ - BEGIN_SECAPI - - Certificate::required(certificate)->getIssuer(Required(issuer)); - - END_SECAPI -} - - -OSStatus -SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) -{ - BEGIN_SECAPI - - Required(clHandle) = Certificate::required(certificate)->clHandle(); - - END_SECAPI -} - -/* - * Private API to infer a display name for a SecCertificateRef which - * may or may not be in a keychain. - */ -OSStatus -SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label) -{ - BEGIN_SECAPI - - Certificate::required(certificate)->inferLabel(false, - &Required(label)); - - END_SECAPI -} - -OSStatus -SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef *key) -{ - BEGIN_SECAPI - - Required(key) = Certificate::required(certificate)->publicKey()->handle(); - - END_SECAPI -} - -OSStatus -SecCertificateGetAlgorithmID(SecCertificateRef certificate, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) -{ - BEGIN_SECAPI - - Required(algid) = Certificate::required(certificate)->algorithmID(); - - END_SECAPI -} - -OSStatus -SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName) -{ - BEGIN_SECAPI - - Required(commonName) = Certificate::required(certificate)->commonName(); - - END_SECAPI -} - -OSStatus -SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress) -{ - BEGIN_SECAPI - - Required(emailAddress) = Certificate::required(certificate)->copyFirstEmailAddress(); - - END_SECAPI -} - -OSStatus -SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef *emailAddresses) -{ - BEGIN_SECAPI - - Required(emailAddresses) = Certificate::required(certificate)->copyEmailAddresses(); - - END_SECAPI -} - -OSStatus -SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray,const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecCertificateRef *certificate) -{ - BEGIN_SECAPI - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - Required(certificate) = Certificate::findByIssuerAndSN(keychains, CssmData::required(issuer), CssmData::required(serialNumber))->handle(); - - END_SECAPI -} - -OSStatus -SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecCertificateRef *certificate) -{ - BEGIN_SECAPI - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - Required(certificate) = Certificate::findBySubjectKeyID(keychains, CssmData::required(subjectKeyID))->handle(); - - END_SECAPI -} - -OSStatus -SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, SecCertificateRef *certificate) -{ - BEGIN_SECAPI - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - Required(certificate) = Certificate::findByEmail(keychains, emailAddress)->handle(); - - END_SECAPI -} - -OSStatus -SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchCreateForCertificateByIssuerAndSN(%p)", - keychainOrArray); - Required(searchRef); - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(Certificate::cursorForIssuerAndSN(keychains, CssmData::required(issuer), CssmData::required(serialNumber))); - *searchRef = cursor->handle(); - - END_SECAPI -} - -OSStatus -SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecKeychainSearchRef *searchRef) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchCreateForCertificateBySubjectKeyID(%p)", - keychainOrArray); - Required(searchRef); - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(Certificate::cursorForSubjectKeyID(keychains, CssmData::required(subjectKeyID))); - *searchRef = cursor->handle(); - - END_SECAPI -} - -OSStatus -SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecKeychainSearchRef *searchRef) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchCreateForCertificateByEmail(%p, %s)", - keychainOrArray, emailAddress); - Required(searchRef); - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(Certificate::cursorForEmail(keychains, emailAddress)); - *searchRef = cursor->handle(); - - END_SECAPI -} diff --git a/Keychain/SecCertificate.h b/Keychain/SecCertificate.h deleted file mode 100644 index 84806e21..00000000 --- a/Keychain/SecCertificate.h +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecCertificate - The functions provided in SecCertificate implement and manage a particular type of keychain item that represents a certificate. You can store a certificate in a keychain, but a certificate can also be a transient object. - - You can use a certificate as a keychain item in most functions. -*/ - -#ifndef _SECURITY_SECCERTIFICATE_H_ -#define _SECURITY_SECCERTIFICATE_H_ - -#include -#include - -// @@@ Here for X509 specific defines -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @enum CertificateItemAttributes - @abstract Indicates the type of a certificate item attribute. - @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name. - @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name. - @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number. - @constant kSecPublicKeyHashItemAttr Indicates a public key hash. - @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier. - @constant kSecCertTypeItemAttr Indicates a certificate type. - @constant kSecCertEncodingItemAttr Indicates a certificate encoding. -*/ -enum -{ - kSecSubjectItemAttr = 'subj', - kSecIssuerItemAttr = 'issu', - kSecSerialNumberItemAttr = 'snbr', - kSecPublicKeyHashItemAttr = 'hpky', - kSecSubjectKeyIdentifierItemAttr = 'skid', - kSecCertTypeItemAttr = 'ctyp', - kSecCertEncodingItemAttr = 'cenc' -}; - -/*! - @function SecCertificateGetTypeID - @abstract Returns the type identifier of SecCertificate instances. - @result The CFTypeID of SecCertificate instances. -*/ -CFTypeID SecCertificateGetTypeID(void); - -#pragma mark ÑÑÑÑ Certificate Operations ÑÑÑÑ - -/*! - @function SecCertificateCreateFromData - @abstract Creates a certificate based on the input data, type, and encoding. - @param data A pointer to the certificate data. - @param type The certificate type as defined in cssmtype.h. - @param encoding The certificate encoding as defined in cssmtype.h. - @param certificate On return, a pointer to the newly created certificate reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate); - -/*! - @function SecCertificateAddToKeychain - @abstract Adds a certificate to the keychain specified. - @param certificate A reference to the certificate to add to the keychain. - @param keychain A reference to the keychain to which to add the certificate. Pass NULL to add the certificate to the default keychain. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function call only works if the certificate was created using the SecCertificateCreateFromData function and the certificate has not yet been added to a keychain. -*/ -OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain); - -/*! - @function SecCertificateGetData - @abstract Retrieves the data for a given certificate. - @param certificate A reference to the certificate from which to retrieve the data. - @param data On return, a pointer to the data for the certificate specified. The caller must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data); - -/*! - @function SecCertificateGetItem - @abstract Retrieves the keychain item reference for a given certificate. - @param certificate A reference to the certificate from which to obtain the keychain item reference. - @param item On return, a pointer to the keychain item reference of the certificate specified. If the certificate is not based on a keychain item, the value of item is NULL. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetItem(SecCertificateRef certificate, SecKeychainItemRef *item); - -/*! - @function SecCertificateGetType - @abstract Retrieves the type for a given certificate. - @param certificate A reference to the certificate from which to obtain the type. - @param certificateType On return, a pointer to the certificate type of the certificate specified. Certificate types are defined in cssmtype.h - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType); - -/*! - @function SecCertificateGetSubject - @abstract Retrieves the subject for a given certificate. - @param certificate A reference to the certificate from which to obtain the subject. - @param subject On return, a pointer to the subject of the given certificate. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME *subject); - -/*! - @function SecCertificateGetIssuer - @abstract Retrieves the issuer of a given certificate. - @param certificate A reference to the certificate from which to obtain the issuer. - @param issuer On return, a pointer to the issuer of the given certificate. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME *issuer); - -/*! - @function SecCertificateGetCLHandle - @abstract Retrieves the certificate library handle for a given certificate. - @param certificate A reference to the certificate from which to obtain the certificate library handle. - @param clHandle On return, a pointer to the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATE_H_ */ diff --git a/Keychain/SecCertificateBundle.cpp b/Keychain/SecCertificateBundle.cpp deleted file mode 100644 index 53774477..00000000 --- a/Keychain/SecCertificateBundle.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include - -#include "SecBridge.h" - - -OSStatus -SecCertificateBundleImport( - SecKeychainRef keychain, - const CSSM_CERT_BUNDLE* bundle, - CSSM_CERT_BUNDLE_TYPE type, - CSSM_CERT_BUNDLE_ENCODING encodingType, - CFArrayRef keychainListToSkipDuplicates) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertifcateBundleExport( - CFArrayRef itemList, - CSSM_CERT_BUNDLE_TYPE type, - CSSM_CERT_BUNDLE_ENCODING encodingType, - CSSM_DATA* data) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} diff --git a/Keychain/SecCertificateBundle.h b/Keychain/SecCertificateBundle.h deleted file mode 100644 index f97f07ae..00000000 --- a/Keychain/SecCertificateBundle.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecCertificateBundle - The functions provided in SecCertificateBundle implement a way to issue a certificate request to a - certificate authority. -*/ - -#ifndef _SECURITY_SECCERTIFICATEBUNDLE_H_ -#define _SECURITY_SECCERTIFICATEBUNDLE_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecCertificateBundleImport - @abstract Imports one or more certificates into a keychain with the specified encoding and bundle type. - @param keychain The destination keychain for the import. Specify NULL for the default keychain. - @param bundle A pointer to the bundle data. - @param type The bundle type as defined in cssmtype.h. - @param encodingType The bundle encoding type as defined in cssmtype.h. - @param keychainListToSkipDuplicates A reference to an array of keychains. These keychains contain certificates that shouldn't be duplicated during the import. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateBundleImport( - SecKeychainRef keychain, - const CSSM_CERT_BUNDLE* bundle, - CSSM_CERT_BUNDLE_TYPE type, - CSSM_CERT_BUNDLE_ENCODING encodingType, - CFArrayRef keychainListToSkipDuplicates); - -/*! - @function SecCertifcateBundleExport - @abstract Exports one or more certificates into a bundle with the specified encoding and bundle type. - @param certificates An array of certificate and keychain items used to help build the bundle. - @param type The bundle type as defined in cssmtype.h. If the bundle type is unknown, an attempt will be made to determine the type for you. - @param encodingType The encoding type as defined in cssmtype.h. - @param data A pointer to data. On return, this points to the bundle data. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertifcateBundleExport( - CFArrayRef certificates, - CSSM_CERT_BUNDLE_TYPE type, - CSSM_CERT_BUNDLE_ENCODING encodingType, - CSSM_DATA* data); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEBUNDLE_H_ */ diff --git a/Keychain/SecCertificatePriv.h b/Keychain/SecCertificatePriv.h deleted file mode 100644 index 645660cf..00000000 --- a/Keychain/SecCertificatePriv.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ -#define _SECURITY_SECCERTIFICATEPRIV_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecCertificateGetPublicKey - @abstract Retrieves the public key for a given certificate. - @param certificate A reference to the certificate from which to retrieve the data. - @param data On return, a pointer to the data for the certificate specified. The caller must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef *key); - -OSStatus SecCertificateGetAlgorithmID(SecCertificateRef certificate,const CSSM_X509_ALGORITHM_IDENTIFIER **algid); - -OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName); - -/* @@@ Obsoleted by SecCertificateCopyEmailAddresses(), also really should of been named - SecCertificateCopyEmailAddress() since the returned address is not autoreleased. */ -OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress); - -OSStatus SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef *emailAddresses); - -/* - * Private API to infer a display name for a SecCertificateRef which - * may or may not be in a keychain. - */ -OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label); - - -/* - * Subset of the above, useful for both certs and CRLs. - * Infer printable label for a given an CSSM_X509_NAME. Returns NULL - * if no appropriate printable name found. - */ -const CSSM_DATA *SecInferLabelFromX509Name( - const CSSM_X509_NAME *x509Name); - -/* Convenience functions for searching -*/ - -OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecCertificateRef *certificate); - -OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecCertificateRef *certificate); - -OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecCertificateRef *certificate); - - -/* These should go to SecKeychainSearchPriv.h. */ -OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecKeychainSearchRef *searchRef); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */ diff --git a/Keychain/SecCertificateRequest.cpp b/Keychain/SecCertificateRequest.cpp deleted file mode 100644 index bab12cc5..00000000 --- a/Keychain/SecCertificateRequest.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include - -#include "SecBridge.h" - - -CFTypeID -SecCertificateRequestGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().CertificateRequest.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecCertificateRequestCreate( - SecPolicyRef policy, - CSSM_CERT_TYPE certificateType, - CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, - SecCertificateRequestRef* certRequest) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestSetPrivateKey( - SecCertificateRequestRef certRequest, - SecKeychainItemRef privateKeyItemRef) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestSetAttribute( - SecCertificateRequestRef certRequest, - const CSSM_OID* oid, - const CSSM_DATA* value) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestSubmit( - SecCertificateRequestRef certRequest, - SecKeychainRef keychain, - sint32* estimatedTime, - SecKeychainItemRef* certRequestItemRef) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestCreateFromItem( - SecKeychainItemRef certRequestItemRef, - SecCertificateRequestRef* certRequestRef) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestGetType( - SecCertificateRequestRef certRequestRef, - CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecCertificateRequestGetResult( - SecCertificateRequestRef certRequestRef, - sint32* estimatedTime, - SecCertificateRef* certificateRef) -{ - BEGIN_SECAPI - - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} diff --git a/Keychain/SecCertificateRequest.h b/Keychain/SecCertificateRequest.h deleted file mode 100644 index e932b253..00000000 --- a/Keychain/SecCertificateRequest.h +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecCertificateRequest - SecCertificateRequest implements a way to issue a certificate request to a - certificate authority. -*/ - -#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_ -#define _SECURITY_SECCERTIFICATEREQUEST_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecCertificateRequestRef - @abstract Contains information about a certificate request. -*/ -typedef struct OpaqueSecCertificateRequestRef *SecCertificateRequestRef; - -/*! - @function SecCertificateRequestGetTypeID - Returns the type identifier of all SecCertificateRequest instances. -*/ -CFTypeID SecCertificateRequestGetTypeID(void); - -/*! - @function SecCertificateRequestCreate - Create a certificate request operation based on a policy and certificate type. If a policy is not specified, one will be chosen for the caller. Once the requeste is created, a request reference is returned. For this request reference, you can set attributes for it by using SecCertificateRequestSetAttribute(). To submit the request call SecCertificateRequestSubmit(). - @param certificateType The certificate type (i.e. X509, PGP, etc). These types are in cssmtype.h - @param requestType The identifier to the type of request to submit (i.e. issue, verify, revoke, etc.). These are defined in cssmtype.h - @param certRequest A returned reference to the certificate request. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestCreate( - SecPolicyRef policy, - CSSM_CERT_TYPE certificateType, - CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, - SecCertificateRequestRef* certRequest); - -/*! - @function SecCertificateRequestSetPrivateKey - For a given certificate request, set the private key for which the assocaited public key will be certified. - @param certRequest A reference to the certificate request. - @param privateKeyItemRef The keychain item private key to be used for this certificate request. The private key item must be of class type kSecAppleKeyItemClass. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestSetPrivateKey( - SecCertificateRequestRef certRequest, - SecKeychainItemRef privateKeyItemRef); - -/*! - @function SecCertificateRequestSetAttribute - For a given certificate request, set an optional attribute for the request. For example, an attribute can be the caller credentials or any other attribute needed for the certificate request operation. - @param oid An BER-encoded oid that defines the attribute (i.e. CSSMOID_CommonName, CSSMOID_SerialNumber, etc.) - @param value The value for the attribute. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestSetAttribute( - SecCertificateRequestRef certRequest, - const CSSM_OID* oid, - const CSSM_DATA* value); - -/*! - @function SecCertificateRequestSubmit - Submit a certificate request to be processed by the Security framework. Once the request is submitted, an estimated time is returned indicating when the request results can be retrieved. Once the estimated time has elapsed, obtain the result by calling SecCertificateRequestGetResult(). - @param certRequest A reference to the certificate request. - @param keychain The keychain in which to store the new certificate (for a new cert request) and the cert request item reference. - @param estimatedTime The number of estimated seconds before the result can be retrieved. - @param certRequestItemRef The returned persistent reference for the submitted request. This item is stored in the keychain specified by the keychain parameter. This item can be viewed as an certificate request operation that is still pending. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestSubmit( - SecCertificateRequestRef certRequest, - SecKeychainRef keychain, - sint32* estimatedTime, - SecKeychainItemRef* certRequestItemRef); - -/*! - @function SecCertificateRequestCreateFromItem - Given a keychain item reference (a persistent reference for a certificate request), create a certificate request reference to be used by subsuequent calls that take a SecCertificateRequestRef. The keychain item must be obtained by calling SecKeychainSearchCreateFromAttributes() and SecKeychainCopySearchNextItem() for an item with the class of kSecAppleCertificateRequestItemClass. - @param certRequestItemRef A keychain item reference for the certificate request(%%%kSecGenericPasswordItemClass?) - @param certRequestRef The returned certificate request reference. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestCreateFromItem( - SecKeychainItemRef certRequestItemRef, - SecCertificateRequestRef* certRequestRef); - -/*! - @function SecCertificateRequestGetType - Returns the certificate request type (i.e. issue, revoke, etc) for a given certificate request item reference. - @param certRequestRef A reference to a submitted request. - @param requestType The returned request type. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestGetType( - SecCertificateRequestRef certRequestRef, - CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType); - -/*! - @function SecCertificateRequestGetResult - Get the results of a certificate request. If the request is still pending, the estimated time will be returned which indicates when to call this function again. - @param certRequestRef A reference for the submitted request. - @param estimatedTime The number of estimated seconds before the result can be retrieved. - @param certficateRef The returned certificate reference for a CSSM_TP_AUTHORITY_REQUEST_CERTISSUE only. All other request types return NULL here. - @result noErr 0 No error. -*/ -OSStatus SecCertificateRequestGetResult( - SecCertificateRequestRef certRequestRef, - sint32* estimatedTime, - SecCertificateRef* certificateRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEREQUEST_H_ */ diff --git a/Keychain/SecFileVaultCert.cpp b/Keychain/SecFileVaultCert.cpp deleted file mode 100644 index 02a27529..00000000 --- a/Keychain/SecFileVaultCert.cpp +++ /dev/null @@ -1,564 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * SecFileVaultCert.cpp - Certificate support for FileVault - */ - -#include "SecFileVaultCert.h" -#include "srCdsaUtils.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace KeychainCore; - -#pragma mark -------------------- SecFileVaultCert public implementation -------------------- - -SecFileVaultCert::SecFileVaultCert() -{ -} - -SecFileVaultCert::~SecFileVaultCert() -{ -} - -OSStatus SecFileVaultCert::createPair(CFStringRef hostName,CFStringRef userName,SecKeychainRef keychainRef, CFDataRef *cert) -{ - SecCertificateRef certRef = NULL; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_TP_HANDLE tpHand = 0; - CSSM_CL_HANDLE clHand = 0; - CSSM_KEY_PTR pubKey = NULL; - CSSM_KEY_PTR privKey = NULL; - CSSM_DATA certData = {0, NULL}; - char *hostStr = NULL; - char *userStr = NULL; - OSStatus ortn; - CSSM_OID algOid = SR_CERT_SIGNATURE_ALG_OID; - - KeychainCore::Keychain keychain = KeychainCore::Keychain::optional(keychainRef); - - hostStr = srCfStrToCString(hostName); - userStr = srCfStrToCString(userName); - if (!hostStr || !userStr) // probably not ASCII capable - MacOSError::throwMe(paramErr); - - // open keychain, connect to all the CDSA modules we'll need - - dlDbHand = keychain->database()->handle(); - cspHand = keychain->csp()->handle(); - - tpHand = srTpStartup(); - if (tpHand == 0) - MacOSError::throwMe(ioErr); - - clHand = srClStartup(); - if (clHand == 0) - MacOSError::throwMe(ioErr); - - // generate key pair, private key stored in keychain - ortn = generateKeyPair(cspHand, dlDbHand, SR_KEY_ALGORITHM, SR_KEY_SIZE_IN_BITS, - "FileVault Master Password Key", &pubKey, &privKey); - if (ortn) - MacOSError::throwMe(ortn); - - // generate the cert - ortn = createRootCert(tpHand,clHand,cspHand,pubKey,privKey,hostStr,userStr, - SR_CERT_SIGNATURE_ALGORITHM,&algOid,&certData); - if (ortn) - MacOSError::throwMe(ortn); - - // store the cert in the same DL/DB as the key pair [see SecCertificateCreateFromData] - - SecPointer certificatePtr(new Certificate(Required(&certData), CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER)); - Required(&certRef) = certificatePtr->handle(); - - // Add the certificate item to the keychain [see SecCertificateAddToKeychain] - KeychainCore::Item item(Certificate::required(certRef)); - keychain->add(item); - - CFRelease(certRef); - - // return the cert to caller - *cert = CFDataCreate(NULL, certData.Data, certData.Length); - - // cleanup - if (hostStr) - free(hostStr); - if (userStr) - free(userStr); - if (tpHand) - CSSM_ModuleDetach(tpHand); - if (clHand) - CSSM_ModuleDetach(clHand); - if (pubKey) - { - CSSM_FreeKey(cspHand, - NULL, // access cred - pubKey, - CSSM_FALSE); // delete - APP_FREE(pubKey); - } - if (privKey) - { - CSSM_FreeKey(cspHand, - NULL, // access cred - privKey, - CSSM_FALSE); // delete - APP_FREE(privKey); - } - - return ortn; -} - -#pragma mark -------------------- SecFileVaultCert private implementation -------------------- - -OSStatus SecFileVaultCert::createRootCert( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR subjPubKey, - CSSM_KEY_PTR signerPrivKey, - const char *hostName, // CSSMOID_CommonName - const char *userName, // CSSMOID_Description - CSSM_ALGORITHMS sigAlg, - const CSSM_OID *sigOid, - CSSM_DATA_PTR certData) // mallocd and RETURNED -{ - CE_DataAndType exts[2]; - CE_DataAndType *extp = exts; - unsigned numExts; - CSSM_DATA refId; // mallocd by - // CSSM_TP_SubmitCredRequest - CSSM_APPLE_TP_CERT_REQUEST certReq; - CSSM_TP_REQUEST_SET reqSet; - sint32 estTime; - CSSM_BOOL confirmRequired; - CSSM_TP_RESULT_SET_PTR resultSet; - CSSM_ENCODED_CERT *encCert; - CSSM_APPLE_TP_NAME_OID subjectNames[2]; - CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext; - CSSM_FIELD policyId; - - numExts = 0; - - certReq.challengeString = NULL; - - /* KeyUsage extension */ - extp->type = DT_KeyUsage; - extp->critical = CSSM_FALSE; - extp->extension.keyUsage = CE_KU_DigitalSignature | - CE_KU_KeyCertSign | - CE_KU_KeyEncipherment | - CE_KU_DataEncipherment; - extp++; - numExts++; - - /* BasicConstraints */ - extp->type = DT_BasicConstraints; - extp->critical = CSSM_TRUE; - extp->extension.basicConstraints.cA = CSSM_TRUE; - extp->extension.basicConstraints.pathLenConstraintPresent = CSSM_FALSE; - extp++; - numExts++; - - /* name array */ - subjectNames[0].string = hostName; - subjectNames[0].oid = &CSSMOID_CommonName; - subjectNames[1].string = userName; - subjectNames[1].oid = &CSSMOID_Description; - - /* certReq */ - certReq.cspHand = cspHand; - certReq.clHand = clHand; - randUint32(certReq.serialNumber); // random serial number - certReq.numSubjectNames = 2; - certReq.subjectNames = subjectNames; - - certReq.numIssuerNames = 0; // root for now - certReq.issuerNames = NULL; - certReq.issuerNameX509 = NULL; - certReq.certPublicKey = subjPubKey; - certReq.issuerPrivateKey = signerPrivKey; - certReq.signatureAlg = sigAlg; - certReq.signatureOid = *sigOid; - certReq.notBefore = 0; - certReq.notAfter = 60 * 60 * 24 * 365; // seconds from now, one year - certReq.numExtensions = numExts; - certReq.extensions = exts; - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - - /* a CSSM_TP_CALLERAUTH_CONTEXT to specify an OID */ - memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - memset(&policyId, 0, sizeof(CSSM_FIELD)); - policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN; - - CallerAuthContext.Policy.NumberOfPolicyIds = 1; - CallerAuthContext.Policy.PolicyIds = &policyId; - - CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tpHand, - NULL, // PreferredAuthority - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - &reqSet, - &CallerAuthContext, - &estTime, - &refId); - - if(crtn) { - printError("***Error submitting credential request", - "CSSM_TP_SubmitCredRequest", crtn); - return crtn; - } - crtn = CSSM_TP_RetrieveCredResult(tpHand, - &refId, - NULL, // CallerAuthCredentials - &estTime, - &confirmRequired, - &resultSet); - if(crtn) { - printError("***Error retreiving credential request", - "CSSM_TP_RetrieveCredResult", crtn); - return crtn; - } - if(resultSet == NULL) { - printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n"); - return ioErr; - } - encCert = (CSSM_ENCODED_CERT *)resultSet->Results; - *certData = encCert->CertBlob; - - /* free resources allocated by TP */ - APP_FREE(refId.Data); - APP_FREE(encCert); - APP_FREE(resultSet); - return noErr; -} - -/* Convert a reference key to a raw key. */ -CSSM_RETURN SecFileVaultCert::refKeyToRaw( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey) // RETURNED -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(rawKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, // passPhrase - NULL, // wrapping key - NULL, // init vector - CSSM_PADDING_NONE, // Padding - 0, // Params - &ccHand); - if(crtn) { - printError("refKeyToRaw: context err", - "CSSM_CSP_CreateSymmetricContext", crtn); - return crtn; - } - - crtn = CSSM_WrapKey(ccHand, - &creds, - refKey, - NULL, // DescriptiveData - rawKey); - if(crtn != CSSM_OK) { - printError("refKeyToRaw: wrap err", "CSSM_WrapKey", crtn); - return crtn; - } - CSSM_DeleteContext(ccHand); - return CSSM_OK; -} - -/* - * Find private key by label, modify its Label attr to be the - * hash of the associated public key. - */ -CSSM_RETURN SecFileVaultCert::setPubKeyHash( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - const CSSM_KEY *pubOrPrivKey, // to get hash; raw or ref/CSPDL - const char *keyLabel) // look up by this -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_DATA labelData; - CSSM_HANDLE resultHand; - - labelData.Data = (uint8 *)keyLabel; - labelData.Length = strlen(keyLabel) + 1; // incl. NULL - query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - predicate.DbOperator = CSSM_DB_EQUAL; - - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = "Label"; - predicate.Attribute.Info.AttributeFormat = - CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - predicate.Attribute.Value = &labelData; - query.SelectionPredicate = &predicate; - - query.QueryLimits.TimeLimit = 0; - query.QueryLimits.SizeLimit = 1; - query.QueryFlags = 0; - - /* build Record attribute with one attr */ - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA attr; - attr.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr.Info.Label.AttributeName = "Label"; - attr.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - recordAttrs.NumberOfAttributes = 1; - recordAttrs.AttributeData = &attr; - - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - NULL, // hopefully optional ...theData, - &record); - /* abort only on success */ - if(crtn != CSSM_OK) { - printError("***setPubKeyHash: can't find private key", - "CSSM_DL_DataGetFirst", crtn); - return crtn; - } - - /* - * If specified key is a ref key, do NULL unwrap for use with raw CSP. - * If the CSPDL and SecurityServer support the key digest passthrough - * this is unnecessary. - */ - CSSM_KEY rawKeyToDigest; - if(pubOrPrivKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) { - crtn = refKeyToRaw(cspHand, pubOrPrivKey, &rawKeyToDigest); - if(crtn) { - printError("***Error converting public key to raw format", - "setPubKeyHash", crtn); - return crtn; - } - } - else { - /* use as is */ - rawKeyToDigest = *pubOrPrivKey; - } - - /* connect to raw CSP */ - CSSM_CSP_HANDLE rawCspHand = srCspStartup(CSSM_TRUE); - if(rawCspHand == 0) { - printf("***Error connecting to raw CSP; aborting.\n"); - return -1; - } - - /* calculate hash of pub key from private or public part */ - CSSM_DATA_PTR keyDigest = NULL; - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreatePassThroughContext(rawCspHand, - &rawKeyToDigest, - &ccHand); - if(ccHand == 0) { - printError("***Error calculating public key hash. Aborting:", - "CSSM_CSP_CreatePassThroughContext", crtn); - return -1; - } - crtn = CSSM_CSP_PassThrough(ccHand, - CSSM_APPLECSP_KEYDIGEST, - NULL, - (void **)&keyDigest); - if(crtn) { - printError("***Error calculating public key hash. Aborting:", - "CSSM_CSP_PassThrough(PUBKEYHASH)", crtn); // <<<<<<<<<<<<<<<<<<< - return crtn; - } - if(pubOrPrivKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) { - /* created in refKeyToRaw().... */ - CSSM_FreeKey(cspHand, NULL, &rawKeyToDigest, CSSM_FALSE); - } - CSSM_DeleteContext(ccHand); - CSSM_ModuleDetach(rawCspHand); - - /* - * Replace Label attr data with hash. - * NOTE: the module which allocated this attribute data - a DL - - * was loaded and attached by the Sec layer, not by us. Thus - * we can't use the memory allocator functions *we* used when - * attaching to the CSPDL - we have to use the ones - * which the Sec layer registered with the DL. - */ - CSSM_API_MEMORY_FUNCS memFuncs; - crtn = CSSM_GetAPIMemoryFunctions(dlDbHand.DLHandle, &memFuncs); - if(crtn) { - printError("***Error ", "CSSM_GetAPIMemoryFunctions(DLHandle)", - crtn); - /* oh well, leak and continue */ - } - else { - memFuncs.free_func(attr.Value->Data, memFuncs.AllocRef); - memFuncs.free_func(attr.Value, memFuncs.AllocRef); - } - attr.Value = keyDigest; - - /* modify key attributes */ - crtn = CSSM_DL_DataModify(dlDbHand, - CSSM_DL_DB_RECORD_PRIVATE_KEY, - record, - &recordAttrs, - NULL, // DataToBeModified - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - if(crtn) { - printError("***Error setting public key hash. Aborting", - "CSSM_DL_DataModify(PUBKEYHASH)", crtn); - return crtn; - } - crtn = CSSM_DL_DataAbortQuery(dlDbHand, resultHand); - if(crtn) { - printError("***Error while stopping query", - "CSSM_DL_DataAbortQuery", crtn); - /* let's keep going in this case */ - } - crtn = CSSM_DL_FreeUniqueRecord(dlDbHand, record); - if(crtn) { - printError("***Error while freeing record", - "CSSM_DL_FreeUniqueRecord", crtn); - /* let's keep going in this case */ - crtn = CSSM_OK; - } - - /* free resources */ - srAppFree(keyDigest->Data, NULL); //*** - return CSSM_OK; -} - -/* - * Generate a key pair using the CSPDL. - */ -OSStatus SecFileVaultCert::generateKeyPair( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA - uint32 keySizeInBits, - const char *keyLabel, // C string - CSSM_KEY_PTR *pubKeyPtr, // mallocd, created, RETURNED - CSSM_KEY_PTR *privKeyPtr) // mallocd, created, RETURNED -{ - CSSM_KEY_PTR pubKey = reinterpret_cast( - APP_MALLOC(sizeof(CSSM_KEY))); - CSSM_KEY_PTR privKey = reinterpret_cast( - APP_MALLOC(sizeof(CSSM_KEY))); - if((pubKey == NULL) || (privKey == NULL)) { - return memFullErr; - } - - CSSM_RETURN crtn; - CSSM_KEYUSE pubKeyUse; - CSSM_KEYUSE privKeyUse; - - pubKeyUse = CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_ENCRYPT | - CSSM_KEYUSE_WRAP; - privKeyUse = CSSM_KEYUSE_SIGN | CSSM_KEYUSE_DECRYPT | - CSSM_KEYUSE_UNWRAP; - - crtn = srCspGenKeyPair(cspHand, - &dlDbHand, - keyAlg, - keyLabel, - strlen(keyLabel) + 1, - keySizeInBits, - pubKey, - pubKeyUse, - CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF, - privKey, - privKeyUse, - CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF | - CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE); - - if(crtn) { - APP_FREE(pubKey); - APP_FREE(privKey); - return paramErr; - } - - /* bind private key to cert by public key hash */ - crtn = setPubKeyHash(cspHand, - dlDbHand, - pubKey, - keyLabel); - if(crtn) { - printError("***Error setting public key hash. Continuing at peril", - "setPubKeyHash", crtn); - } - - *pubKeyPtr = pubKey; - *privKeyPtr = privKey; - return noErr; -} - -#pragma mark -------------------- utility functions -------------------- - -void SecFileVaultCert::printError(const char *errDescription,const char *errLocation,OSStatus crtn) -{ - int len = 1; // trailing NULL in any case - if(errDescription) { - len += strlen(errDescription); - } - if(errLocation) { - len += strlen(errLocation); - } - char *buf = (char *)malloc(len); - buf[0] = 0; - if(errDescription) { - strcpy(buf, errDescription); - } - if(errLocation) { - strcat(buf, errLocation); - } - cssmPerror(buf, crtn); - free(buf); -} - -// Fill a uint32 with random data -void SecFileVaultCert::randUint32(uint32 &u) -{ - int dev = open("/dev/random", O_RDONLY); - if(dev < 0) { - return; - } - read(dev, &u, sizeof(u)); - close(dev); -} diff --git a/Keychain/SecFileVaultCert.h b/Keychain/SecFileVaultCert.h deleted file mode 100644 index 64f3a44d..00000000 --- a/Keychain/SecFileVaultCert.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * SecFileVaultCert.h - */ - -#ifndef _SEC_FILEVAULTCERT_H_ -#define _SEC_FILEVAULTCERT_H_ - -#include -#include - -#include -#include - -class SecFileVaultCert -{ -public: - SecFileVaultCert(); - ~SecFileVaultCert(); - - OSStatus createPair(CFStringRef hostName,CFStringRef userName,SecKeychainRef kcRef, CFDataRef *cert); - -private: - - OSStatus generateKeyPair( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA - uint32 keySizeInBits, - const char *keyLabel, // C string - CSSM_KEY_PTR *pubKeyPtr, // mallocd, created, RETURNED - CSSM_KEY_PTR *privKeyPtr); - - OSStatus createRootCert( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR subjPubKey, - CSSM_KEY_PTR signerPrivKey, - const char *hostName, // CSSMOID_CommonName - const char *userName, // CSSMOID_Description - CSSM_ALGORITHMS sigAlg, - const CSSM_OID *sigOid, - CSSM_DATA_PTR certData); // mallocd and RETURNED - void printError(const char *errDescription,const char *errLocation,OSStatus crtn); - void randUint32(uint32 &u); - - CSSM_RETURN refKeyToRaw( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey); - - CSSM_RETURN setPubKeyHash( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - const CSSM_KEY *pubOrPrivKey, // to get hash; raw or ref/CSPDL - const char *keyLabel); // look up by this -}; - -#pragma mark ----- Certificate Management ----- - -/* - * Create a key pair and a self-signed certificate. The private key and - * the cert are stored in the specified keychain; a copy of the cert is - * also returned. - * - * Arguments - * --------- - * - * hostName : The name of this host, e.g., "crypto.apple.com". This - * must match exactly the string later passed as peerHostName - * to SR_SecureTransportConfigure() (see below). This must be - * convertable to an ASCII C string. - * - * userName : e.g., "James P. Sullivan". Must be convertable to an - * ASCII C string. - * - * keychainName : the keychain where the certificate will be stored. - * - * cert : the root cert which can be distributed to peers (where it will be - * imported via SR_CertificateImport(), below). This is not sensitive - * data; it can be bandied about freely. Caller must CFRelease this. - */ -OSStatus SR_CertificateAndKeyCreate( - CFStringRef hostName, - CFStringRef userName, - SecKeychainRef keychain, - CFDataRef *cert); // RETURNED - -/* - * Import a peer's certificate into specified keychain. - */ -OSStatus SR_CertificateImport( - SecKeychainRef keychain, - CFDataRef cert); - -#pragma mark ----- Operating parameters ----- - -/* - * These are some constants which are used in the SecRendezvous - * library. Clients of the library don't have to know about these, - * but they might be useful or interesting. - */ - -/* - * The two TLS ciphersuites we support - the first one for - * authenticated connections, the second for unauthenticated. - * - * Subsequent to calling SR_SecureTransportConfigure(), an app - * can determine which of these ciphersuites was actually - * negotiated by calling SSLGetNegotiatedCipher(). - */ -#define SR_CIPHER_AUTHENTICATED SSL_RSA_WITH_RC4_128_SHA -#define SR_CIPHER_UNAUTHENTICATED SSL_DH_anon_WITH_RC4_128_MD5 - -/* - * Parameters used to create key pairs and certificates in - * SR_CertificateAndKeyCreate(). - */ -#define SR_KEY_ALGORITHM CSSM_ALGID_RSA -#define SR_KEY_SIZE_IN_BITS 1024 - -/* - * The CSSM_ALGORITHMS and OID values defining the signature - * algorithm in the generated certificate. - */ -#define SR_CERT_SIGNATURE_ALGORITHM CSSM_ALGID_SHA1WithRSA -#define SR_CERT_SIGNATURE_ALG_OID CSSMOID_SHA1WithRSA - -#endif /* _SEC_FILEVAULTCERT_H_ */ - diff --git a/Keychain/SecIdentity.cpp b/Keychain/SecIdentity.cpp deleted file mode 100644 index acfd73b5..00000000 --- a/Keychain/SecIdentity.cpp +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include - -#include "SecBridge.h" -#include -#include -#include - -CFTypeID -SecIdentityGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().Identity.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecIdentityCopyCertificate( - SecIdentityRef identityRef, - SecCertificateRef *certificateRef) -{ - BEGIN_SECAPI - - SecPointer certificatePtr(Identity::required(identityRef)->certificate()); - Required(certificateRef) = certificatePtr->handle(); - - END_SECAPI -} - - -OSStatus -SecIdentityCopyPrivateKey( - SecIdentityRef identityRef, - SecKeyRef *privateKeyRef) -{ - BEGIN_SECAPI - - SecPointer keyItemPtr(Identity::required(identityRef)->privateKey()); - Required(privateKeyRef) = keyItemPtr->handle(); - - END_SECAPI -} - -OSStatus -SecIdentityCreateWithCertificate(CFTypeRef keychainOrArray, SecCertificateRef certificateRef, - SecIdentityRef *identityRef) -{ - BEGIN_SECAPI - - SecPointer certificatePtr(Certificate::required(certificateRef)); - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - SecPointer identityPtr(new Identity(keychains, certificatePtr)); - Required(identityRef) = identityPtr->handle(); - - END_SECAPI -} diff --git a/Keychain/SecIdentity.h b/Keychain/SecIdentity.h deleted file mode 100644 index cc6bcce0..00000000 --- a/Keychain/SecIdentity.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecIdentity - The functions provided in SecIdentity implement a convenient way to match private keys with certificates. -*/ - -#ifndef _SECURITY_SECIDENTITY_H_ -#define _SECURITY_SECIDENTITY_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecIdentityGetTypeID - @abstract Returns the type identifier of SecIdentity instances. - @result The CFTypeID of SecIdentity instances. -*/ -CFTypeID SecIdentityGetTypeID(void); - -/*! - @function SecIdentityGetCertificate - @abstract Returns a reference to a certificate for the given identity reference. - @param identityRef An identity reference. - @param certificateRef On return, a pointer to the found certificate reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecIdentityCopyCertificate( - SecIdentityRef identityRef, - SecCertificateRef *certificateRef); - -/*! - @function SecIdentityGetPrivateKey - @abstract Returns the private key associated with an identity. - @param identityRef An identity reference. - @param privateKeyRef On return, a pointer to the private key for the given identity. The private key must be of class type kSecAppleKeyItemClass. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecIdentityCopyPrivateKey( - SecIdentityRef identityRef, - SecKeyRef *privateKeyRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECIDENTITY_H_ */ diff --git a/Keychain/SecIdentityPriv.h b/Keychain/SecIdentityPriv.h deleted file mode 100644 index e879e15e..00000000 --- a/Keychain/SecIdentityPriv.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#ifndef _SECURITY_SECIDENTITYPRIV_H_ -#define _SECURITY_SECIDENTITYPRIV_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -OSStatus SecIdentityCreateWithCertificate(CFTypeRef keychainOrArray, SecCertificateRef certificateRef, - SecIdentityRef *identityRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECIDENTITYPRIV_H_ */ diff --git a/Keychain/SecIdentitySearch.cpp b/Keychain/SecIdentitySearch.cpp deleted file mode 100644 index bd95b1d9..00000000 --- a/Keychain/SecIdentitySearch.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include - -#include "SecBridge.h" - - -CFTypeID -SecIdentitySearchGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().IdentityCursor.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecIdentitySearchCreate( - CFTypeRef keychainOrArray, - CSSM_KEYUSE keyUsage, - SecIdentitySearchRef *searchRef) -{ - BEGIN_SECAPI - - Required(searchRef); - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - SecPointer identityCursor(new IdentityCursor (keychains, keyUsage)); - *searchRef = identityCursor->handle(); - - END_SECAPI -} - - -OSStatus -SecIdentitySearchCopyNext( - SecIdentitySearchRef searchRef, - SecIdentityRef *identityRef) -{ - BEGIN_SECAPI - - RequiredParam(identityRef); - SecPointer identityPtr; - if (!IdentityCursor::required(searchRef)->next(identityPtr)) - return errSecItemNotFound; - - *identityRef = identityPtr->handle(); - - END_SECAPI -} diff --git a/Keychain/SecIdentitySearch.h b/Keychain/SecIdentitySearch.h deleted file mode 100644 index 038af2f4..00000000 --- a/Keychain/SecIdentitySearch.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecIdentitySearch - The functions provided in SecIdentitySearch implement a query for SecIdentity objects. -*/ - -#ifndef _SECURITY_SECIDENTITYSEARCH_H_ -#define _SECURITY_SECIDENTITYSEARCH_H_ - -#include -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecIdentitySearchRef - @abstract Contains information about an identity search. -*/ -typedef struct OpaqueSecIdentitySearchRef *SecIdentitySearchRef; - -/*! - @function SecIdentitySearchGetTypeID - @abstract Returns the type identifier of SecIdentitySearch instances. - @result The CFTypeID of SecIdentitySearch instances. -*/ -CFTypeID SecIdentitySearchGetTypeID(void); - -/*! - @function SecIdentitySearchCreate - @abstract Creates a search reference for finding identities. - @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. - @param keyUsage A CSSM_KEYUSE value as defined in cssmtype.h. Control the search by specifying the key usage for the identity. Pass in 0 if you want all identities returned by this search. Passing in CSSM_KEYUSE_ANY will limit the identities returned to those that can be used for every operation. - @param searchRef On return, a pointer to the identity search reference. You must release the identity search reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion You can set values for key usage, and one or more policies, to control the search for identities. You can use the returned search reference to obtain the remaining identities in subsequent calls to the SecIentitySearchCopyNext function. You must release the identity search reference by calling the CFRelease function. -*/ -OSStatus SecIdentitySearchCreate(CFTypeRef keychainOrArray, CSSM_KEYUSE keyUsage, SecIdentitySearchRef *searchRef); - -/*! - @function SecIdentitySearchCopyNext - @abstract Finds the next identity matching the given search criteria, as previously specified by a call to SecKeychainIdentitySearchCreate. - @param searchRef A reference to the current identity search. You create the identity search reference by calling the SecIdentitySearchCreate function. - @param identity On return, a pointer to an identity reference of the next matching identity, if any. You must call the CFRelease function when finished with the identity search reference. - @result A result code. When there are no more identities that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecIdentitySearchCopyNext(SecIdentitySearchRef searchRef, SecIdentityRef *identity); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECIDENTITYSEARCH_H_ */ diff --git a/Keychain/SecKey.cpp b/Keychain/SecKey.cpp deleted file mode 100644 index 1bba809a..00000000 --- a/Keychain/SecKey.cpp +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include - -#include "SecBridge.h" - -#include -#include -#include - -CFTypeID -SecKeyGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().KeyItem.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - -OSStatus -SecKeyCreatePair( - SecKeychainRef keychainRef, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE publicKeyUsage, - uint32 publicKeyAttr, - CSSM_KEYUSE privateKeyUsage, - uint32 privateKeyAttr, - SecAccessRef initialAccess, - SecKeyRef* publicKeyRef, - SecKeyRef* privateKeyRef) -{ - BEGIN_SECAPI - - Keychain keychain = Keychain::optional(keychainRef); - SecPointer theAccess(initialAccess ? Access::required(initialAccess) : new Access("")); - SecPointer pubItem, privItem; - - KeyItem::createPair(keychain, - algorithm, - keySizeInBits, - contextHandle, - publicKeyUsage, - publicKeyAttr, - privateKeyUsage, - privateKeyAttr, - theAccess, - pubItem, - privItem); - - // Return the generated keys. - if (publicKeyRef) - *publicKeyRef = pubItem->handle(); - if (privateKeyRef) - *privateKeyRef = privItem->handle(); - - END_SECAPI -} - -OSStatus -SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey) -{ - BEGIN_SECAPI - - Required(cssmKey) = KeyItem::required(key)->key(); - - END_SECAPI -} - - -// -// Private APIs -// - -OSStatus -SecKeyGetCSPHandle(SecKeyRef keyRef, CSSM_CSP_HANDLE *cspHandle) -{ - BEGIN_SECAPI - - SecPointer keyItem(KeyItem::required(keyRef)); - Required(cspHandle) = keyItem->csp()->handle(); - - END_SECAPI -} - -OSStatus -SecKeyGetAlgorithmID(SecKeyRef keyRef, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) -{ - BEGIN_SECAPI - - SecPointer keyItem(KeyItem::required(keyRef)); - Required(algid) = &keyItem->algorithmIdentifier(); - - END_SECAPI -} - -OSStatus -SecKeyGetStrengthInBits(SecKeyRef keyRef, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength) -{ - BEGIN_SECAPI - - SecPointer keyItem(KeyItem::required(keyRef)); - Required(strength) = keyItem->strengthInBits(algid); - - END_SECAPI -} - -OSStatus -SecKeyGetCredentials( - SecKeyRef keyRef, - CSSM_ACL_AUTHORIZATION_TAG operation, - SecCredentialType credentialType, - const CSSM_ACCESS_CREDENTIALS **outCredentials) -{ - BEGIN_SECAPI - - SecPointer keyItem(KeyItem::required(keyRef)); - Required(outCredentials) = keyItem->getCredentials(operation, credentialType); - - END_SECAPI -} - -OSStatus -SecKeyImportPair( - SecKeychainRef keychainRef, - const CSSM_KEY *publicCssmKey, - const CSSM_KEY *privateCssmKey, - SecAccessRef initialAccess, - SecKeyRef* publicKey, - SecKeyRef* privateKey) -{ - BEGIN_SECAPI - - Keychain keychain = Keychain::optional(keychainRef); - SecPointer theAccess(initialAccess ? Access::required(initialAccess) : new Access("")); - SecPointer pubItem, privItem; - - KeyItem::importPair(keychain, - Required(publicCssmKey), - Required(privateCssmKey), - theAccess, - pubItem, - privItem); - - // Return the generated keys. - if (publicKey) - *publicKey = pubItem->handle(); - if (privateKey) - *privateKey = privItem->handle(); - - END_SECAPI -} - -OSStatus -SecKeyGenerate( - SecKeychainRef keychainRef, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE keyUsage, - uint32 keyAttr, - SecAccessRef initialAccess, - SecKeyRef* keyRef) -{ - BEGIN_SECAPI - - Keychain keychain; - SecPointer theAccess; - - if (keychainRef) - keychain = KeychainImpl::required(keychainRef); - if (initialAccess) - theAccess = Access::required(initialAccess); - - KeyItem *item = KeyItem::generate(keychain, - algorithm, - keySizeInBits, - contextHandle, - keyUsage, - keyAttr, - theAccess); - - // Return the generated key. - if (keyRef) - *keyRef = item->handle(); - - END_SECAPI -} - - -OSStatus SecKeyCreate(const CSSM_KEY *cssmKey, - SecKeyRef* keyRef) -{ - BEGIN_SECAPI - - Required(cssmKey); - CssmClient::CSP csp(cssmKey->KeyHeader.CspId); - CssmClient::Key key(csp, *cssmKey); - KeyItem *item = new KeyItem(key); - - // Return the generated key. - if (keyRef) - *keyRef = item->handle(); - - END_SECAPI -} diff --git a/Keychain/SecKey.h b/Keychain/SecKey.h deleted file mode 100644 index cea93f77..00000000 --- a/Keychain/SecKey.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKey - The functions provided in SecKey implement a particular type of SecKeychainItem which represents a key. SecKeys might be stored in a SecKeychain, but can also be used as transient object representing keys. - - Most SecKeychainItem* functions will work on an SecKeyRef. -*/ - -#ifndef _SECURITY_SECKEY_H_ -#define _SECURITY_SECKEY_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecKeyGetTypeID - @abstract Returns the type identifier of SecKey instances. - @result The CFTypeID of SecKey instances. -*/ -CFTypeID SecKeyGetTypeID(void); - -/*! - @function SecKeyCreatePair - @abstract Creates an asymmetric key pair and stores it in the keychain specified by the keychain parameter. - @param keychainRef A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain. - @param algorithm An algorithm for the key pair. This parameter is ignored if contextHandle is non 0. - @param keySizeInBits A key size for the key pair. This parameter is ignored if contextHandle is non 0. - @param contextHandle An optional CSSM_CC_HANDLE or 0. If this argument is not 0 the algorithm and keySizeInBits parameters are ignored. If extra parameters are need to generate a key (some algortihms require this) you should create a context using CSSM_CSP_CreateKeyGenContext(), using the CSPHandle obtained by calling SecKeychainGetCSPHandle(). Then use CSSM_UpdateContextAttributes() to add additional parameters and dispose of the context using CSSM_DeleteContext after calling this function. - @param publicKeyUsage A bit mask indicating all permitted uses for the new public key. The bit mask values are defined in cssmtype.h - @param publicKeyAttr A bit mask defining attribute values for the new public key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h - @param privateKeyUsage A bit mask indicating all permitted uses for the new private key. The bit mask values are defined in cssmtype.h - @param privateKeyAttr A bit mask defining attribute values for the new private key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h - @param initialAccess A SecAccess object that determines the initial access rights to the private key. The public key is given an any/any acl by default. - @param publicKey Optional output pointer to the keychain item reference of the imported public key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The caller must call CFRelease on this value if it is returned. - @param privateKey Optional output pointer to the keychain item reference of the imported private key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The caller must call CFRelease on this value if it is returned. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeyCreatePair( - SecKeychainRef keychainRef, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE publicKeyUsage, - uint32 publicKeyAttr, - CSSM_KEYUSE privateKeyUsage, - uint32 privateKeyAttr, - SecAccessRef initialAccess, - SecKeyRef* publicKey, - SecKeyRef* privateKey); - -/*! - @function SecKeyGetCSSMKey - @abstract Returns a pointer to the CSSM_KEY for the given key item reference. - @param key A keychain key item reference. The key item must be of class type kSecAppleKeyItemClass. - @param cssmKey A pointer to a CSSM_KEY structure for the given key. The caller should not modify or free this data as it is owned by the library. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The CSSM_KEY is valid until the key item reference is released. -*/ -OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEY_H_ */ diff --git a/Keychain/SecKeyPriv.h b/Keychain/SecKeyPriv.h deleted file mode 100644 index 971c0179..00000000 --- a/Keychain/SecKeyPriv.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * SecKeyPriv.h - * Security - * - * Created by Michael Brouwer on Fri Nov 08 2002. - * Copyright (c) 2002 __MyCompanyName__. All rights reserved. - * - */ - -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKeyPriv - The functions provided in SecKeyPriv implement a particular type of SecKeychainItem which represents a key. SecKeys might be stored in a SecKeychain, but can also be used as transient object representing keys. - - Most SecKeychainItem* functions will work on an SecKeyRef. -*/ - -#ifndef _SECURITY_SECKEYPRIV_H_ -#define _SECURITY_SECKEYPRIV_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecCredentialType - @abstract Determines the type of credential returned by SecKeyGetCredentials. -*/ -typedef uint32 SecCredentialType; - -/*! - @enum SecCredentialType - @abstract Determines the type of credential returned by SecKeyGetCredentials. - @constant kSecCredentialTypeWithUI will cause UI to happen if needed. - @constant kSecCredentialTypeNoUI will fail if UI would of been required. - @constant kSecCredentialTypeDefault will choose to do UI when other SecKeychain calls currently do. -*/ -enum -{ - kSecCredentialTypeDefault = 0, - kSecCredentialTypeWithUI, - kSecCredentialTypeNoUI -}; - - -/*! - @function SecKeyGetCSPHandle - @abstract Returns the CSSM_CSP_HANDLE attachment for the given key reference. The handle is valid until the key reference is released. - @param keyRef A key reference. - @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus -SecKeyGetCSPHandle(SecKeyRef keyRef, CSSM_CSP_HANDLE *cspHandle); - -OSStatus -SecKeyGetAlgorithmID(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER **algid); - -OSStatus -SecKeyGetStrengthInBits(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength); - - -/*! - @function SecKeyGetCredentials - @abstract For a given key return a const CSSM_ACCESS_CREDENTIALS * which will allow the key to be used. - @param keyRef The key for which a credential is requested. - @param operation the type of operation which is going to be perform on this key. Examples are: CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED. - @param credentialType The type of credential requested. - @param outCredentials Output a pointer to a const CSSM_ACCESS_CREDENTIALS * is returned here which remains valid at least as long as the keyRef itself remains valid, which can be used in CDSA calls. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeyGetCredentials( - SecKeyRef keyRef, - CSSM_ACL_AUTHORIZATION_TAG operation, - SecCredentialType credentialType, - const CSSM_ACCESS_CREDENTIALS **outCredentials); - -/*! - @function SecKeyImportPair - @abstract Takes an asymmetric key pair and stores it in the keychain specified by the keychain parameter. - @param keychainRef A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain. - @param publicCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. - @param privateCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. - @param initialAccess A SecAccess object that determines the initial access rights to the private key. The public key is given an any/any acl by default. - @param publicKey Optional output pointer to the keychain item reference of the imported public key. The caller must call CFRelease on this value if it is returned. - @param privateKey Optional output pointer to the keychain item reference of the imported private key. The caller must call CFRelease on this value if it is returned. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeyImportPair( - SecKeychainRef keychainRef, - const CSSM_KEY *publicCssmKey, - const CSSM_KEY *privateCssmKey, - SecAccessRef initialAccess, - SecKeyRef* publicKey, - SecKeyRef* privateKey); - -/*! - @function SecKeyGenerate - @abstract Generate a symmetric key and optionally stores it in the keychain specified by the keychainRef parameter. - @param keychainRef(optional) A reference to the keychain in which to store the private and public key items. Specify NULL to generate a transient key. - @param algorithm An algorithm for the key pair. This parameter is ignored if contextHandle is non 0. - @param keySizeInBits A key size for the key pair. This parameter is ignored if contextHandle is non 0. - @param contextHandle(optional) An optional CSSM_CC_HANDLE or 0. If this argument is not 0 the algorithm and keySizeInBits parameters are ignored. If extra parameters are needed to generate a key (some algortihms require this) you should create a context using CSSM_CSP_CreateKeyGenContext(), using the CSPHandle obtained by calling SecKeychainGetCSPHandle(). Then use CSSM_UpdateContextAttributes() to add additional parameters and dispose of the context using CSSM_DeleteContext after calling this function. - @param keyUsage A bit mask indicating all permitted uses for the new key. The bit mask values are defined in cssmtype.h - @param keyAttr A bit mask defining attribute values for the new key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h - @param initialAccess(optional) A SecAccess object that determines the initial access rights to the key. This parameter is ignored if the keychainRef is NULL. - @param key Output pointer to the keychain item reference of the geerated key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The caller must call CFRelease on this value if it is returned. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeyGenerate( - SecKeychainRef keychainRef, - CSSM_ALGORITHMS algorithm, - uint32 keySizeInBits, - CSSM_CC_HANDLE contextHandle, - CSSM_KEYUSE keyUsage, - uint32 keyAttr, - SecAccessRef initialAccess, - SecKeyRef* keyRef); - -OSStatus SecKeyCreate(const CSSM_KEY *key, - SecKeyRef* keyRef); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYPRIV_H_ */ - diff --git a/Keychain/SecKeychain.cpp b/Keychain/SecKeychain.cpp deleted file mode 100644 index 53d05c19..00000000 --- a/Keychain/SecKeychain.cpp +++ /dev/null @@ -1,872 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include -#include -#include "SecBridge.h" -#include "CCallbackMgr.h" -#include "Schema.h" -#include -#include - -CFTypeID -SecKeychainGetTypeID(void) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetTypeID()"); - return gTypes().KeychainImpl.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecKeychainGetVersion(UInt32 *returnVers) -{ - secdebug("kc", "SecKeychainGetVersion(%p)", returnVers); - if (!returnVers) - return noErr; - - *returnVers = 0x02028000; - return noErr; -} - - -OSStatus -SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainOpen(\"%s\", %p)", pathName, keychainRef); - RequiredParam(keychainRef)=globals().storageManager.make(pathName, false)->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, - Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCreate(\"%s\", %lu, %p, %d, %p, %p)", pathName, passwordLength, password, promptUser, initialAccess, keychainRef); - KCThrowParamErrIf_(!pathName); - Keychain keychain = globals().storageManager.make(pathName); - - // @@@ the call to StorageManager::make above leaves keychain the the cache. - // If the create below fails we should probably remove it. - if(promptUser) - keychain->create(); - else - { - KCThrowParamErrIf_(!password); - keychain->create(passwordLength, password); - } - RequiredParam(keychainRef)=keychain->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainDelete(SecKeychainRef keychainOrArray) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainDelete(%p)", keychainOrArray); - KCThrowIf_(!keychainOrArray, errSecInvalidKeychain); - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - globals().storageManager.remove(keychains, true); - - END_SECAPI -} - - -OSStatus -SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetSettings(%p, %p)", keychainRef, newSettings); - Keychain keychain = Keychain::optional(keychainRef); - if (newSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) - { - UInt32 lockInterval=newSettings->lockInterval; - bool lockOnSleep=newSettings->lockOnSleep; - keychain->setSettings(lockInterval, lockOnSleep); - } - - END_SECAPI -} - - -OSStatus -SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopySettings(%p, %p)", keychainRef, outSettings); - Keychain keychain = Keychain::optional(keychainRef); - if (outSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) - { - UInt32 lockInterval; - bool lockOnSleep; - - keychain->getSettings(lockInterval, lockOnSleep); - outSettings->lockInterval=lockInterval; - outSettings->lockOnSleep=lockOnSleep; - } - - END_SECAPI -} - - -OSStatus -SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainUnlock(%p, %lu, %p, %d)", keychainRef, passwordLength, password, usePassword); - Keychain keychain = Keychain::optional(keychainRef); - - if (usePassword) - keychain->unlock(CssmData(password,passwordLength)); - else - keychain->unlock(); - - END_SECAPI -} - - -OSStatus -SecKeychainLock(SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainLock(%p)", keychainRef); - Keychain keychain = Keychain::optional(keychainRef); - keychain->lock(); - - END_SECAPI -} - - -OSStatus -SecKeychainLockAll(void) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainLockAll()"); - globals().storageManager.lockAll(); - - END_SECAPI -} - - -OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Boolean resetSearchList) -{ - BEGIN_SECAPI - KCThrowParamErrIf_(password==NULL); - // - // Get the current user (using fallback method if necessary) - // - char* uName = getenv("USER"); - string userName = uName ? uName : ""; - if ( userName.length() == 0 ) - { - uid_t uid = geteuid(); - if (!uid) uid = getuid(); - struct passwd *pw = getpwuid(uid); // fallback case... - if (pw) - userName = pw->pw_name; - endpwent(); - } - if ( userName.length() == 0 ) // did we ultimately get one? - MacOSError::throwMe(errAuthorizationInternal); - // - // Clears the plist and moves aside (renames) an existing login.keychain - // - globals().storageManager.resetKeychain(resetSearchList); - // - // Creates a login keychain and sets it to the default. - // - globals().storageManager.login(userName.length(), userName.c_str(), passwordLength, password); - Keychain keychain = globals().storageManager.loginKeychain(); - globals().storageManager.defaultKeychain(keychain); - END_SECAPI -} - -OSStatus -SecKeychainCopyDefault(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopyDefault(%p)", keychainRef); - RequiredParam(keychainRef)=globals().storageManager.defaultKeychain()->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainSetDefault(SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetDefault(%p)", keychainRef); - globals().storageManager.defaultKeychain(Keychain::optional(keychainRef)); - - END_SECAPI -} - -OSStatus SecKeychainCopySearchList(CFArrayRef *searchList) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopySearchList(%p)", searchList); - RequiredParam(searchList); - StorageManager &smr = globals().storageManager; - StorageManager::KeychainList keychainList; - smr.getSearchList(keychainList); - *searchList = smr.convertFromKeychainList(keychainList); - - END_SECAPI -} - -OSStatus SecKeychainSetSearchList(CFArrayRef searchList) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetSearchList(%p)", searchList); - RequiredParam(searchList); - StorageManager &smr = globals().storageManager; - StorageManager::KeychainList keychainList; - smr.convertToKeychainList(searchList, keychainList); - smr.setSearchList(keychainList); - - END_SECAPI -} - -OSStatus SecKeychainCopyDomainDefault(SecPreferencesDomain domain, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopyDefault(%p)", keychainRef); - RequiredParam(keychainRef)=globals().storageManager.defaultKeychain(domain)->handle(); - - END_SECAPI -} - -OSStatus SecKeychainSetDomainDefault(SecPreferencesDomain domain, SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetDefault(%p)", keychainRef); - globals().storageManager.defaultKeychain(domain, Keychain::optional(keychainRef)); - - END_SECAPI -} - -OSStatus SecKeychainCopyDomainSearchList(SecPreferencesDomain domain, CFArrayRef *searchList) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopyDomainSearchList(%p)", searchList); - RequiredParam(searchList); - StorageManager &smr = globals().storageManager; - StorageManager::KeychainList keychainList; - smr.getSearchList(domain, keychainList); - *searchList = smr.convertFromKeychainList(keychainList); - - END_SECAPI -} - -OSStatus SecKeychainSetDomainSearchList(SecPreferencesDomain domain, CFArrayRef searchList) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetDomainSearchList(%p)", searchList); - RequiredParam(searchList); - StorageManager &smr = globals().storageManager; - StorageManager::KeychainList keychainList; - smr.convertToKeychainList(searchList, keychainList); - smr.setSearchList(domain, keychainList); - - END_SECAPI -} - -OSStatus SecKeychainSetPreferenceDomain(SecPreferencesDomain domain) -{ - BEGIN_SECAPI - - globals().storageManager.domain(domain); - - END_SECAPI -} - -OSStatus SecKeychainGetPreferenceDomain(SecPreferencesDomain *domain) -{ - BEGIN_SECAPI - - *domain = globals().storageManager.domain(); - - END_SECAPI -} - - -OSStatus -SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus *keychainStatus) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetStatus(%p): %p", keychainRef, keychainStatus); - RequiredParam(keychainStatus) = (SecKeychainStatus)Keychain::optional(keychainRef)->status(); - - END_SECAPI -} - - -OSStatus -SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 *ioPathLength, char *pathName) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetPath(%p, %p, %p)", keychainRef, ioPathLength, pathName); - RequiredParam(pathName); - RequiredParam(ioPathLength); - - const char *name = Keychain::optional(keychainRef)->name(); - UInt32 nameLen = strlen(name); - if (nameLen+1 > *ioPathLength) // if the client's buffer is too small (including null-termination), throw - CssmError::throwMe(CSSMERR_CSSM_BUFFER_TOO_SMALL); - strncpy(pathName, name, nameLen); - pathName[nameLen] = 0; - *ioPathLength = nameLen; // set the length. - - END_SECAPI -} - - -// @@@ Depricated -UInt16 -SecKeychainListGetCount(void) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainListGetCount()"); - return globals().storageManager.size(); - - END_SECAPI1(0) -} - - -// @@@ Depricated -OSStatus -SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainListCopyKeychainAtIndex(%d, %p)", index, keychainRef); - KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager; - RequiredParam(keychainRef)=smgr[index]->handle(); - - END_SECAPI -} - - -// @@@ Depricated -OSStatus -SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainListRemoveKeychain(%p)", keychainRef); - Required(keychainRef); - Keychain keychain = Keychain::optional(*keychainRef); - StorageManager::KeychainList keychainList; - keychainList.push_back(keychain); - globals().storageManager.remove(keychainList); - *keychainRef = NULL; - - END_SECAPI -} - - -OSStatus -SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainAttributeInfoForItemID(%p, %lu, %p)", keychainRef, itemID, info); - Keychain keychain = Keychain::optional(keychainRef); - keychain->getAttributeInfoForItemID(itemID, info); - - END_SECAPI -} - - -OSStatus -SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainFreeAttributeInfo(%p)", info); - KeychainImpl::freeAttributeInfo(info); - - END_SECAPI -} - - -pascal OSStatus -SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainAddCallback(%p, %08lx, %p)", callbackFunction, eventMask, userContext); - RequiredParam(callbackFunction); - CCallbackMgr::AddCallback(callbackFunction,eventMask,userContext); - - END_SECAPI -} - - -OSStatus -SecKeychainRemoveCallback(SecKeychainCallback callbackFunction) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainRemoveCallback(%p)", callbackFunction); - RequiredParam(callbackFunction); - CCallbackMgr::RemoveCallback(callbackFunction); - - END_SECAPI -} - -OSStatus -SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainAddInternetPassword(%p)", keychainRef); - KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); - // @@@ Get real itemClass - Item item(kSecInternetPasswordItemClass, 'aapl', passwordLength, passwordData); - - if (serverName && serverNameLength) - { - CssmData server(const_cast(reinterpret_cast(serverName)), serverNameLength); - item->setAttribute(Schema::attributeInfo(kSecServerItemAttr), server); - // use server name as default label - item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), server); - } - - if (accountName && accountNameLength) - { - CssmData account(const_cast(reinterpret_cast(accountName)), accountNameLength); - item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); - } - - if (securityDomain && securityDomainLength) - item->setAttribute(Schema::attributeInfo(kSecSecurityDomainItemAttr), - CssmData(const_cast(reinterpret_cast(securityDomain)), securityDomainLength)); - - item->setAttribute(Schema::attributeInfo(kSecPortItemAttr), UInt32(port)); - item->setAttribute(Schema::attributeInfo(kSecProtocolItemAttr), protocol); - item->setAttribute(Schema::attributeInfo(kSecAuthenticationTypeItemAttr), authenticationType); - - if (path && pathLength) - item->setAttribute(Schema::attributeInfo(kSecPathItemAttr), - CssmData(const_cast(reinterpret_cast(path)), pathLength)); - - Keychain keychain = nil; - try - { - keychain = Keychain::optional(keychainRef); - if ( !keychain->exists() ) - { - MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time. - } - } - catch(...) - { - keychain = globals().storageManager.defaultKeychainUI(item); - } - - keychain->add(item); - - if (itemRef) - *itemRef = item->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) - -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainFindInternetPassword(%p)", keychainOrArray); - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(keychains, kSecInternetPasswordItemClass, NULL); - - if (serverName && serverNameLength) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecServerItemAttr), - CssmData(const_cast(serverName), serverNameLength)); - } - - if (securityDomain && securityDomainLength) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecSecurityDomainItemAttr), - CssmData (const_cast(securityDomain), securityDomainLength)); - } - - if (accountName && accountNameLength) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr), - CssmData (const_cast(accountName), accountNameLength)); - } - - if (port) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPortItemAttr), - UInt32(port)); - } - - if (protocol) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecProtocolItemAttr), - protocol); - } - - if (authenticationType) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAuthenticationTypeItemAttr), - authenticationType); - } - - if (path && pathLength) - { - cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPathItemAttr), path); - } - - Item item; - if (!cursor->next(item)) - return errSecItemNotFound; - - // Get its data (only if necessary) - if (passwordData || passwordLength) - { - CssmDataContainer outData; - item->getData(outData); - *passwordLength=outData.length(); - outData.Length=0; - *passwordData=outData.data(); - outData.Data=NULL; - } - - if (itemRef) - *itemRef=item->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainAddGenericPassword(%p)", keychainRef); - KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); - // @@@ Get real itemClass - Item item(kSecGenericPasswordItemClass, 'aapl', passwordLength, passwordData); - - if (serviceName && serviceNameLength) - { - CssmData service(const_cast(reinterpret_cast(serviceName)), serviceNameLength); - item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), service); - // use service name as default label - item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), service); - } - - if (accountName && accountNameLength) - { - CssmData account(const_cast(reinterpret_cast(accountName)), accountNameLength); - item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); - } - - Keychain keychain = nil; - try - { - keychain = Keychain::optional(keychainRef); - if ( !keychain->exists() ) - { - MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time. - } - } - catch(...) - { - keychain = globals().storageManager.defaultKeychainUI(item); - } - - keychain->add(item); - if (itemRef) - *itemRef = item->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) - -{ - Debug::trace (kSecTraceSecurityFrameworkSecKeychainFindGenericPasswordBegin); - - BEGIN_SECAPI - - secdebug("kc", "SecKeychainFindGenericPassword(%p)", keychainOrArray); - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(keychains, kSecGenericPasswordItemClass, NULL); - - if (serviceName && serviceNameLength) - { - cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecServiceItemAttr), - const_cast(serviceName)); - } - - if (accountName && accountNameLength) - { - cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr), - const_cast(accountName)); - } - - Item item; - if (!cursor->next(item)) - return errSecItemNotFound; - - // Get its data (only if necessary) - if (passwordData || passwordLength) - { - CssmDataContainer outData; - item->getData(outData); - *passwordLength=outData.length(); - outData.Length=0; - *passwordData=outData.data(); - outData.Data=NULL; - } - - if (itemRef) - *itemRef=item->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainSetUserInteractionAllowed(Boolean state) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetUserInteractionAllowed(%d)", state); - globals().setUserInteractionAllowed(state); - - END_SECAPI -} - - -OSStatus -SecKeychainGetUserInteractionAllowed(Boolean *state) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetUserInteractionAllowed()"); - Required(state)=globals().getUserInteractionAllowed(); - - END_SECAPI -} - - -OSStatus -SecKeychainGetDLDBHandle(SecKeychainRef keychainRef, CSSM_DL_DB_HANDLE *dldbHandle) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetDLDBHandle(%p, %p)", keychainRef, dldbHandle); - RequiredParam(dldbHandle); - - Keychain keychain = Keychain::optional(keychainRef); - *dldbHandle = keychain->database()->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainGetCSPHandle(SecKeychainRef keychainRef, CSSM_CSP_HANDLE *cspHandle) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainGetCSPHandle(%p, %p)", keychainRef, cspHandle); - RequiredParam(cspHandle); - - Keychain keychain = Keychain::optional(keychainRef); - *cspHandle = keychain->csp()->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainCopyAccess(SecKeychainRef keychainRef, SecAccessRef *accessRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopyAccess(%p, %p)", keychainRef, accessRef); - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -OSStatus -SecKeychainSetAccess(SecKeychainRef keychainRef, SecAccessRef accessRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainSetAccess(%p, %p)", keychainRef, accessRef); - MacOSError::throwMe(unimpErr);//%%%for now - - END_SECAPI -} - - -#pragma mark ---- Private API ---- - - -OSStatus -SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainChangePassword(%p, %lu, %p, %lu, %p)", keychainRef, - oldPasswordLength, oldPassword, newPasswordLength, newPassword); - Keychain keychain = Keychain::optional(keychainRef); - keychain->changePassphrase (oldPasswordLength, oldPassword, newPasswordLength, newPassword); - - END_SECAPI -} - - -OSStatus -SecKeychainCopyLogin(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainCopyLogin(%p)", keychainRef); - RequiredParam(keychainRef)=globals().storageManager.loginKeychain()->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password) -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainLogin(%lu, %p, %lu, %p)", nameLength, name, passwordLength, password); - globals().storageManager.login(nameLength, name, passwordLength, password); - - END_SECAPI -} - - -OSStatus -SecKeychainLogout() -{ - BEGIN_SECAPI - - secdebug("kc", "SecKeychainLogout()"); - globals().storageManager.logout(); - - END_SECAPI -} - -static CFStringRef copyErrorMessageFromBundle(OSStatus status,CFStringRef tableName); - -// caller MUST release the string, since it is gotten with "CFCopyLocalizedStringFromTableInBundle" -// intended use of reserved param is to pass in CFStringRef with name of the Table for lookup -// Will look by default in "SecErrorMessages.strings" in the resources of Security.framework. - - -CFStringRef SecCopyErrorMessageString(OSStatus status, void *reserved) -{ - BEGIN_SECAPI - - return copyErrorMessageFromBundle(status,CFSTR("SecErrorMessages")); - - END_SECAPI1(NULL) -} - -CFStringRef copyErrorMessageFromBundle(OSStatus status,CFStringRef tableName) -{ - CFStringRef errorString = nil; - CFStringRef keyString = nil; - CFURLRef bundleURL = NULL; - CFBundleRef secBundle = NULL; - - // Make a CFURLRef from the CFString representation of the bundleÕs path. - bundleURL = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, - CFSTR("/System/Library/Frameworks/Security.framework/"),kCFURLPOSIXPathStyle,true); // Resources/ - if (!bundleURL) - goto xit; - - // Make a bundle instance using the URLRef. - secBundle = CFBundleCreate(kCFAllocatorDefault,bundleURL); - if (!secBundle) - goto xit; - - // Convert status to Int32 string representation, e.g. "-25924" - keyString = CFStringCreateWithFormat (kCFAllocatorDefault,NULL,CFSTR("%d"),status); - if (!keyString) - goto xit; - - errorString = CFCopyLocalizedStringFromTableInBundle(keyString,tableName,secBundle,NULL); - -xit: - if (bundleURL) - CFRelease(bundleURL); - if (secBundle) - CFRelease(secBundle); - if (keyString) - CFRelease(keyString); - - return errorString; -} - diff --git a/Keychain/SecKeychain.h b/Keychain/SecKeychain.h deleted file mode 100644 index 3edd1dba..00000000 --- a/Keychain/SecKeychain.h +++ /dev/null @@ -1,623 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKeychain - SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items. -*/ - -#ifndef _SECURITY_SECKEYCHAIN_H_ -#define _SECURITY_SECKEYCHAIN_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @enum KeychainStatus - @abstract Defines the current status of a keychain. - @constant kSecUnlockStateStatus Indicates the keychain is unlocked. - @constant kSecReadPermStatus Indicates the keychain is readable. - @constant kSecWritePermStatus Indicates the keychain is writable. -*/ -enum -{ - kSecUnlockStateStatus = 1, - kSecReadPermStatus = 2, - kSecWritePermStatus = 4 -}; - -#define SEC_KEYCHAIN_SETTINGS_VERS1 1 - - -/*! - @typedef SecKeychainSettings - @abstract Contains keychain settings. - @field version An unsigned 32-bit integer representing the keychain version. - @field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps. - @field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time. - @field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks. -*/ -struct SecKeychainSettings -{ - UInt32 version; - Boolean lockOnSleep; - Boolean useLockInterval; - UInt32 lockInterval; -}; -typedef struct SecKeychainSettings SecKeychainSettings; - -/*! - @typedef SecAuthenticationType - @abstract Represents the type of authentication to use for an Internet password. -*/ -typedef FourCharCode SecAuthenticationType; - -/*! - @enum AuthenticationConstants - @abstract Defines constants you can use to identify the type of authentication to use for an Internet password. - @constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication. - @constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication. - @constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication. - @constant kSecAuthenticationTypeRPA Specifies Remote Password authentication. - @constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication. - @constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication. - @constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication. - @constant kSecAuthenticationTypeDefault Specifies the default authentication type. -*/ -#ifdef __LITTLE_ENDIAN__ -#define AUTH_TYPE_FIX_(x) \ - ((x >> 24) | ((x >> 8) & 0xff00) | ((x << 8) & 0xff0000) | (x & 0xff) << 24) -#else -#define AUTH_TYPE_FIX_(x) (x) -#endif - -enum -{ - kSecAuthenticationTypeNTLM = AUTH_TYPE_FIX_ ('ntlm'), - kSecAuthenticationTypeMSN = AUTH_TYPE_FIX_ ('msna'), - kSecAuthenticationTypeDPA = AUTH_TYPE_FIX_ ('dpaa'), - kSecAuthenticationTypeRPA = AUTH_TYPE_FIX_ ('rpaa'), - kSecAuthenticationTypeHTTPBasic = AUTH_TYPE_FIX_ ('http'), - kSecAuthenticationTypeHTTPDigest = AUTH_TYPE_FIX_ ('httd'), - kSecAuthenticationTypeHTMLForm = AUTH_TYPE_FIX_ ('form'), - kSecAuthenticationTypeDefault = AUTH_TYPE_FIX_ ('dflt') -}; - -/*! - @typedef SecProtocolType - @abstract Represents the protocol type associated with an AppleShare or Internet password. -*/ -typedef FourCharCode SecProtocolType; - -/*! - @enum ProtocolTypeConstants - @abstract Defines the protocol type associated with an AppleShare or Internet password. - @constant kSecProtocolTypeFTP Indicates FTP. - @constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated. - @constant kSecProtocolTypeHTTP Indicates HTTP. - @constant kSecProtocolTypeIRC Indicates IRC. - @constant kSecProtocolTypeNNTP Indicates NNTP. - @constant kSecProtocolTypePOP3 Indicates POP3. - @constant kSecProtocolTypeSMTP Indicates SMTP. - @constant kSecProtocolTypeSOCKS Indicates SOCKS. - @constant kSecProtocolTypeIMAP Indicates IMAP. - @constant kSecProtocolTypeLDAP Indicates LDAP. - @constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk. - @constant kSecProtocolTypeAFP Indicates AFP over TCP. - @constant kSecProtocolTypeTelnet Indicates Telnet. - @constant kSecProtocolTypeSSH Indicates SSH. - @constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL). - @constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL). - @constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy. - @constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy. - @constant kSecProtocolTypeFTPProxy Indicates FTP proxy. - @constant kSecProtocolTypeSMB Indicates SMB. - @constant kSecProtocolTypeRTSP Indicates RTSP. - @constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy. - @constant kSecProtocolTypeDAAP Indicates DAAP. - @constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events). - @constant kSecProtocolTypeIPP Indicates IPP. - @constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL). - @constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL). - @constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL. - @constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL). - @constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL). - @constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL). -*/ -enum -{ - kSecProtocolTypeFTP = 'ftp ', - kSecProtocolTypeFTPAccount = 'ftpa', - kSecProtocolTypeHTTP = 'http', - kSecProtocolTypeIRC = 'irc ', - kSecProtocolTypeNNTP = 'nntp', - kSecProtocolTypePOP3 = 'pop3', - kSecProtocolTypeSMTP = 'smtp', - kSecProtocolTypeSOCKS = 'sox ', - kSecProtocolTypeIMAP = 'imap', - kSecProtocolTypeLDAP = 'ldap', - kSecProtocolTypeAppleTalk = 'atlk', - kSecProtocolTypeAFP = 'afp ', - kSecProtocolTypeTelnet = 'teln', - kSecProtocolTypeSSH = 'ssh ', - kSecProtocolTypeFTPS = 'ftps', - kSecProtocolTypeHTTPS = 'htps', - kSecProtocolTypeHTTPProxy = 'htpx', - kSecProtocolTypeHTTPSProxy = 'htsx', - kSecProtocolTypeFTPProxy = 'ftpx', - kSecProtocolTypeSMB = 'smb ', - kSecProtocolTypeRTSP = 'rtsp', - kSecProtocolTypeRTSPProxy = 'rtsx', - kSecProtocolTypeDAAP = 'daap', - kSecProtocolTypeEPPC = 'eppc', - kSecProtocolTypeIPP = 'ipp ', - kSecProtocolTypeNNTPS = 'ntps', - kSecProtocolTypeLDAPS = 'ldps', - kSecProtocolTypeTelnetS = 'tels', - kSecProtocolTypeIMAPS = 'imps', - kSecProtocolTypeIRCS = 'ircs', - kSecProtocolTypePOP3S = 'pops' -}; - -/*! - @typedef SecKeychainEvent - @abstract Represents an event in which the state of a keychain or one of its items changed. -*/ -typedef UInt32 SecKeychainEvent; - -/*! - @enum KeychainEventConstants - @abstract Defines the keychain-related event. - @constant kSecLockEvent Indicates a keychain was locked. - @constant kSecUnlockEvent Indicates a keychain was unlocked. - @constant kSecAddEvent Indicates an item was added to a keychain. - @constant kSecDeleteEvent Indicates an item was deleted from a keychain. - @constant kSecUpdateEvent Indicates a keychain item was updated. - @constant kSecPasswordChangedEvent Indicates the keychain password was changed. - @constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default. - @constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data. - @constant kSecKeychainListChangedEvent Indicates the list of keychains has changed. -*/ -enum -{ - kSecLockEvent = 1, - kSecUnlockEvent = 2, - kSecAddEvent = 3, - kSecDeleteEvent = 4, - kSecUpdateEvent = 5, - kSecPasswordChangedEvent = 6, - kSecDefaultChangedEvent = 9, - kSecDataAccessEvent = 10, - kSecKeychainListChangedEvent = 11 -}; - -/*! - @typedef SecKeychainEventMask - @abstract Represents a bit mask of keychain events -*/ -typedef UInt32 SecKeychainEventMask; - -/*! - @enum KeychainEventConstants - @abstract Defines keychain event constants - @constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked. - @constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked. - @constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain. - @constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain. - @constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated. - @constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed. - @constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default. - @constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data. - @constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs. -*/ -enum -{ - kSecLockEventMask = 1 << kSecLockEvent, - kSecUnlockEventMask = 1 << kSecUnlockEvent, - kSecAddEventMask = 1 << kSecAddEvent, - kSecDeleteEventMask = 1 << kSecDeleteEvent, - kSecUpdateEventMask = 1 << kSecUpdateEvent, - kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent, - kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent, - kSecDataAccessEventMask = 1 << kSecDataAccessEvent, - kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent, - kSecEveryEventMask = 0xffffffff -}; - -/*! - @typedef SecKeychainCallbackInfo - @abstract Contains information about a keychain event. - @field version The version of this structure. - @field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item. - @field keychain A reference to the keychain in which the event occurred. - @field pid The id of the process that generated this event. - @discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback. -*/ -struct SecKeychainCallbackInfo -{ - UInt32 version; - SecKeychainItemRef item; - SecKeychainRef keychain; - pid_t pid; -}; -typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo; - -/*! - @function SecKeychainGetTypeID - @abstract Returns the type identifier of SecKeychain instances. - @result The CFTypeID of SecKeychain instances. -*/ -CFTypeID SecKeychainGetTypeID(void); - -/*! - @function SecKeychainGetVersion - @abstract Determines the version of the Keychain Manager installed on the userÕs system. - @param returnVers On return, a pointer to the version number of the Keychain Manager installed on the current system. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetVersion(UInt32 *returnVers); - -#pragma mark ÑÑÑÑ Keychain Management ÑÑÑÑ -/*! - @function SecKeychainOpen - @abstract Create a SecKeychainRef for a keychain at pathName. This keychain might - not currently exist, use SecKeychainGetStatus if you want to confirm the existence - of this keychain. - @param pathName The POSIX path to a keychain. - @param keychain On return, a pointer to the keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychain); - -/*! - @function SecKeychainCreate - @abstract Creates a new keychain. - @param pathName The POSIX path to a keychain file. - @param passwordLength An unsigned 32-bit integer representing the length of the password buffer. - @param password A pointer to the buffer containing the password. The password must be in canonical UTF8 encoding. - @param promptUser A boolean representing whether to display a password dialog to the user. - @param initialAccess An access reference. - @param keychain On return, a pointer to a keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychain); - -/*! - @function SecKeychainDelete - @abstract Removes one or more keychains from the current keychain searchlist, and deletes the keychain storage (if the keychains are file-based). - @param keychainOrArray A single keychain reference or a reference to an array of keychains to delete. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecInvalidKeychain (-25295) may be returned if the keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainDelete(SecKeychainRef keychainOrArray); - -/*! - @function SecKeychainSetSettings - @abstract Changes the settings of a keychain. - @param keychain A reference to a keychain. - @param newSettings A pointer to the new keychain settings. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainSetSettings(SecKeychainRef keychain, const SecKeychainSettings *newSettings); - -/*! - @function SecKeychainCopySettings - @abstract Copy the keychain settings. - @param keychain A reference to the keychain from which to copy its settings. - @param outSettings A pointer to a keychain settings structure. Since this structure is versioned, you must preallocate it and fill in the version of the structure. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainCopySettings(SecKeychainRef keychain, SecKeychainSettings *outSettings); - -/*! - @function SecKeychainUnlock - @abstract Unlocks the specified keychain. - @param keychain A reference to the keychain to unlock. Pass NULL to specify the default keychain. If you pass NULL and the default keychain is currently locked, the keychain will appear as the default choice. If you pass a locked keychain, SecKeychainUnlock will use the password provided to unlock it. If the default keychain is currently unlocked, SecKeychainUnlock returns noErr. - @param passwordLength An unsigned 32-bit integer representing the length of the password buffer. - @param password A buffer containing the password for the keychain. Pass NULL if the user password is unknown. In this case, SecKeychainUnlock displays the Unlock Keychain dialog box, and the authentication user interface associated with the keychain about to be unlocked. - @param usePassword A boolean indicating whether the password parameter is used. You should pass TRUE if it is used or FALSE if it is ignored. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion In most cases, your application does not need to call the SecKeychainUnlock function directly, since most Keychain Manager functions that require an unlocked keychain call SecKeychainUnlock automatically. If your application needs to verify that a keychain is unlocked, call the function SecKeychainGetStatus. -*/ -OSStatus SecKeychainUnlock(SecKeychainRef keychain, UInt32 passwordLength, void *password, Boolean usePassword); - -/*! - @function SecKeychainLock - @abstract Locks the specified keychain. - @param keychain A reference to the keychain to lock. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainLock(SecKeychainRef keychain); - -/*! - @function SecKeychainLockAll - @abstract Locks all keychains belonging to the current user. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainLockAll(void); - -/*! - @function SecKeychainCopyDefault - @abstract Retrieves a reference to the default keychain. - @param keychain On return, a pointer to the default keychain reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain); - -/*! - @function SecKeychainSetDefault - @abstract Sets the default keychain. - @param keychain A reference to the keychain to set as default. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainSetDefault(SecKeychainRef keychain); - -/*! - @function SecKeychainCopySearchList - @abstract Retrieves a keychain search list. - @param searchList The returned list of keychains to search. When finished with the array, you must call CFRelease() to release the memory. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL). -*/ -OSStatus SecKeychainCopySearchList(CFArrayRef *searchList); - -/*! - @function SecKeychainSetSearchList - @abstract Specifies the list of keychains to use in a keychain search list. - @param searchList The list of keychains to use in a search list when the SecKeychainCopySearchList function is called. An empty array clears the search list. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL). -*/ -OSStatus SecKeychainSetSearchList(CFArrayRef searchList); - - -/* - * New versions of {Copy,Get}{SearchList,Default} that address multiple preference domains. - * These calls subsume the old forms with domain == kPreferenceDomainUser. - */ -typedef enum { - kSecPreferencesDomainUser, // user domain - kSecPreferencesDomainSystem, // system (daemon) domain - kSecPreferencesDomainCommon, // preferences to be merged to everyone - kSecPreferencesDomainAlternate // alternate user -} SecPreferencesDomain; - -OSStatus SecKeychainCopyDomainDefault(SecPreferencesDomain domain, SecKeychainRef *keychain); -OSStatus SecKeychainSetDomainDefault(SecPreferencesDomain domain, SecKeychainRef keychain); -OSStatus SecKeychainCopyDomainSearchList(SecPreferencesDomain domain, CFArrayRef *searchList); -OSStatus SecKeychainSetDomainSearchList(SecPreferencesDomain domain, CFArrayRef searchList); -OSStatus SecKeychainSetPreferenceDomain(SecPreferencesDomain domain); -OSStatus SecKeychainGetPreferenceDomain(SecPreferencesDomain *domain); - - -/*! - @function SecKeychainGetStatus - @abstract Retrieves status information for the specified keychain. - @param keychain A keychain reference. Pass NULL to specify the default keychain. - @param keychainStatus On return, a pointer to the status of the specified keychain. See KeychainStatus for valid status constants. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetStatus(SecKeychainRef keychain, SecKeychainStatus *keychainStatus); - -/*! - @function SecKeychainGetPath - @abstract Get the path of the specified keychain. - @param keychain A reference to a keychain. - @param ioPathLength On input, a pointer to the size or the buffer pointed to by pathName. On return, the size of the buffer without the zero termination. - @param pathName On return, the POSIX path to the keychain. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetPath(SecKeychainRef keychain, UInt32 *ioPathLength, char *pathName); - -#pragma mark ÑÑÑÑ Keychain Item Attribute Information ÑÑÑÑ -/*! - @function SecKeychainAttributeInfoForItemID - @abstract Obtains tags for all possible attributes for a given item class. - @param keychain A keychain reference. - @param itemID The relation identifier of the item tags (an itemID is a CSSM_DB_RECORDTYPE defined in cssmtype.h). - @param info On return, a pointer to the keychain attribute information. User should call the SecKeychainFreeAttributeInfo function to release the structure when done with it. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL). - @discussion Warning, this call returns more attributes than are support by the old style Keychain API and passing them into older calls will yield an invalid attribute error. The recommended call to retrieve the attribute values is the SecKeychainItemCopyAttributesAndData function. -*/ -OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychain, UInt32 itemID, SecKeychainAttributeInfo **info); - -/*! - @function SecKeychainFreeAttributeInfo - @abstract Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function. - @param info A pointer to the keychain attribute information to release. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL). -*/ -OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info); - -#pragma mark ÑÑÑÑ Keychain Manager Callbacks ÑÑÑÑ - -/*! - @typedef SecKeychainCallback - @abstract Defines a pointer to a customized callback function. You supply the customized callback function to do a callback tailored to your application's needs. - @param keychainEvent The keychain event that your application wishes to be notified of. See SecKeychainEvent for a description of possible values. The type of event that can trigger your callback depends on the bit mask you passed in the eventMask parameter of the function SecKeychainAddCallback. For more information, see the discussion. - @param info A pointer to a structure of type SecKeychainCallbackInfo. On return, the structure contains information about the keychain event that occurred. The Keychain Manager passes this information to your callback function via the info parameter. - @param context A pointer to application-defined storage that your application previously passed to the function SecKeychainAddCallback. You can use this value to perform operations like track which instance of a function is operating. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If you name your function MyKeychainEventCallback, you would declare it like this: - OSStatus MyKeychainEventCallback ( - SecKeychainEvent keychainEvent, - SecKeychainCallbackInfo *info, - void *context); - - To add your callback function, use the SecKeychainAddCallback function. To remove your callback function, use the SecKeychainRemoveCallback function. -*/ -typedef OSStatus (*SecKeychainCallback)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo *info, void *context); - -/*! - @function SecKeychainAddCallback - @abstract Registers your keychain event callback function - @param callbackFunction A pointer to your keychain event callback function, described in SecKeychainCallback. You indicate the type of keychain events you want to receive by passing a bit mask of the desired events in the eventMask parameter. - @param eventMask A bit mask indicating the keychain events that your application wishes to be notified of. See SecKeychainEventMask for a description of this bit mask. The Keychain Manager tests this mask to determine the keychain events that you wish to receive, and passes these events in the keychainEvent parameter of your callback function. See SecKeychainEvent for a description of these events. - @param userContext A pointer to application-defined storage that will be passed to your callback function. Your application can use this to associate any particular call of SecKeychainAddCallback with any particular call of your keychain event callback function. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext); - -/*! - @function SecKeychainRemoveCallback - @abstract Unregisters your keychain event callback function. Once removed, keychain events won't be sent to the owner of the callback. - @param callbackFunction The callback function pointer to remove - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainRemoveCallback(SecKeychainCallback callbackFunction); - -#pragma mark ÑÑÑÑ High Level Keychain Manager Calls ÑÑÑÑ -/*! - @function SecKeychainAddInternetPassword - @abstract Adds an Internet password to the specified keychain. - @param keychain A reference to a keychain in which to store an Internet password. Pass NULL to specify the user's default keychain. - @param serverNameLength The length of the buffer pointed to by serverName. - @param serverName A pointer to a string containing the server name associated with this password. - @param securityDomainLength The length of the buffer pointed to by securityDomain. - @param securityDomain A pointer to a string containing the security domain associated with this password, or NULL if there is no relevant security domain. - @param accountNameLength The length of the buffer pointed to by accountName. - @param accountName A pointer to a string containing the account name associated with this password. - @param pathLength The length of the buffer pointed to by path. - @param path A pointer to a string containing the path associated with this password, or NULL if there is no relevant path string. - @param port The TCP/IP port number. If no specific port number is associated with this item, pass 0. - @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values. - @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault to specify the default authentication scheme. - @param passwordLength The length of the buffer pointed to by passwordData. - @param passwordData A pointer to a buffer containing the password data to be stored in the keychain. - @param itemRef On return, a reference to the new keychain item. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The SecKeychainAddInternetPassword function adds a new Internet server password to the specified keychain. Required parameters to identify the password are serverName and accountName (you cannot pass NULL for both parameters). In addition, some protocols may require an optional securityDomain when authentication is requested. SecKeychainAddInternetPassword optionally returns a reference to the newly added item. -*/ -OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychain, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainFindInternetPassword - @abstract Finds an Internet password based on the attributes passed. - @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list. - @param serverNameLength The length of the buffer pointed to by serverName. - @param serverName A pointer to a string containing the server name. - @param securityDomainLength The length of the buffer pointed to by securityDomain. - @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it. - @param accountNameLength The length of the buffer pointed to by accountName. - @param accountName A pointer to a string containing the account name. - @param pathLength The length of the buffer pointed to by path. - @param path A pointer to a string containing the path. - @param port The TCP/IP port number. Pass 0 to ignore the port number. - @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values. - @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault to specify the default authentication scheme. - @param passwordLength On return, the length of the buffer pointed to by passwordData. - @param passwordData On return, a pointer to a data buffer containing the password. Your application must call SecKeychainItemFreeContent(NULL, passwordData) to release this data buffer when it is no longer needed. Pass NULL if you are not interested in retrieving the password data at this time, but simply want to find the item reference. - @param itemRef On return, a reference to the keychain item which was found. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The SecKeychainFindInternetPassword function finds the first Internet password item which matches the attributes you provide. Most attributes are optional; you should pass only as many as you need to narrow the search sufficiently for your application's intended use. SecKeychainFindInternetPassword optionally returns a reference to the found item. -*/ -OSStatus SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainAddGenericPassword - @abstract Adds a generic password to the specified keychain. - @param keychain A reference to the keychain in which to store a generic password. Pass NULL to specify the user's default keychain. - @param serviceNameLength The length of the buffer pointed to by serviceName. - @param serviceName A pointer to a string containing the service name associated with this password. - @param accountNameLength The length of the buffer pointed to by accountName. - @param accountName A pointer to a string containing the account name associated with this password. - @param passwordLength The length of the buffer pointed to by passwordData. - @param passwordData A pointer to a buffer containing the password data to be stored in the keychain. - @param itemRef On return, a reference to the new keychain item. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The SecKeychainAddGenericPassword function adds a new generic password to the default keychain. Required parameters to identify the password are serviceName and accountName, which are application-defined strings. SecKeychainAddGenericPassword optionally returns a reference to the newly added item. -*/ -OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychain, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainFindGenericPassword - @abstract Find a generic password based on the attributes passed. - @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list. - @param serviceNameLength The length of the buffer pointed to by serviceName. - @param serviceName A pointer to a string containing the service name. - @param accountNameLength The length of the buffer pointed to by accountName. - @param accountName A pointer to a string containing the account name. - @param passwordLength On return, the length of the buffer pointed to by passwordData. - @param passwordData On return, a pointer to a data buffer containing the password. Your application must call SecKeychainItemFreeContent(NULL, passwordData) to release this data buffer when it is no longer needed. Pass NULL if you are not interested in retrieving the password data at this time, but simply want to find the item reference. - @param itemRef On return, a reference to the keychain item which was found. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The SecKeychainFindGenericPassword function finds the first generic password item which matches the attributes you provide. Most attributes are optional; you should pass only as many as you need to narrow the search sufficiently for your application's intended use. SecKeychainFindGenericPassword optionally returns a reference to the found item. -*/ -OSStatus SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); - -#pragma mark ÑÑÑÑ Managing User Interaction ÑÑÑÑ -/*! - @function SecKeychainSetUserInteractionAllowed - @abstract Turns on or off any optional user interaction - @param state A boolean representing the state of user interaction. You should pass TRUE to allow user interaction, and FALSE to disallow user interaction - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainSetUserInteractionAllowed(Boolean state); - -/*! - @function SecKeychainGetUserInteractionAllowed - @abstract Retrieves the current state of user interaction. - @param state On return, a pointer to the current state of user interaction. If this is TRUE then user interaction is allowed, if it is FALSE, then user interaction is not allowed. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state); - -#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ -/*! - @function SecKeychainGetCSPHandle - @abstract Returns the CSSM_CSP_HANDLE attachment for the given keychain reference. The handle is valid until the keychain reference is released. - @param keychain A keychain reference. - @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetCSPHandle(SecKeychainRef keychain, CSSM_CSP_HANDLE *cspHandle); - -/*! - @function SecKeychainGetDLDBHandle - @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain reference. The handle is valid until the keychain reference is released. - @param keychain A keychain reference. - @param dldbHandle On return, a pointer to the CSSM_DL_DB_HANDLE for the given keychain. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainGetDLDBHandle(SecKeychainRef keychain, CSSM_DL_DB_HANDLE *dldbHandle); - -#pragma mark ÑÑÑÑ Keychain Access Management ÑÑÑÑ -/*! - @function SecKeychainCopyAccess - @abstract Retrieves the access for a keychain. - @param keychain A reference to the keychain from which to copy the access. - @param accessRef On return, a pointer to the access reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainCopyAccess(SecKeychainRef keychain, SecAccessRef *access); - -/*! - @function SecKeychainSetAccess - @abstract Sets the access for a keychain. - @param keychain A reference to the keychain for which to set the access. - @param accessRef An access reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainSetAccess(SecKeychainRef keychain, SecAccessRef access); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYCHAIN_H_ */ diff --git a/Keychain/SecKeychainAPI.cpp b/Keychain/SecKeychainAPI.cpp deleted file mode 100644 index aad191ef..00000000 --- a/Keychain/SecKeychainAPI.cpp +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * SecKeychainAPI.h - * SecurityCore - * - * Copyright: (c) 2000-2002 by Apple Computer, Inc., all rights reserved - * - */ - -/*! - @header SecKeychainAPI The Security Keychain API contains all the APIs need to create a client and Keychain management application. It also contains a certificate, policy, identity and trust management API. - - NOTE: Any function with Create or Copy in the name returns an object that must be released. -*/ - -#if !defined(SECURITY_USE_LEGACY_HEADER) -#define SECURITY_USE_LEGACY_HEADER -#define UNDEFINE_SECURITY_USE_LEGACY_HEADER -#endif - -#include - -#ifdef UNDEFINE_SECURITY_USE_LEGACY_HEADER -#undef SECURITY_USE_LEGACY_HEADER -#undef UNDEFINE_SECURITY_USE_LEGACY_HEADER -#endif - -#include -#include - -OSStatus SecKeychainRelease(SecKeychainRef keychainRef) -{ - if (!keychainRef) - return errSecInvalidKeychain; - - CFRelease(keychainRef); - return noErr; -} - -OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef) -{ - if (!itemRef) - return errSecInvalidItemRef; - - CFRelease(itemRef); - return noErr; -} - -OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef) -{ - if (!searchRef) - return errSecInvalidSearchRef; - - CFRelease(searchRef); - return noErr; -} - -OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef) -{ - static bool warnonce; - if (!warnonce) - { - warnonce = true; - Syslog::warning("Calling OBSOLETE SecKeychainCopySearchNextItem please use SecKeychainSearchCopyNext instead"); - } - - return SecKeychainSearchCopyNext(searchRef, itemRef); -} - diff --git a/Keychain/SecKeychainAPI.h b/Keychain/SecKeychainAPI.h deleted file mode 100644 index 5070fbc9..00000000 --- a/Keychain/SecKeychainAPI.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKeychainAPI - The Security Keychain API contains all the APIs need to create a client and - Keychain management application. It also contains a certificate, policy, - identity and trust management API. - - NOTE: Any function with Create or Copy in the name returns an object that - must be released. -*/ -#ifndef _SECURITY_SECKEYCHAINAPI_H_ -#define _SECURITY_SECKEYCHAINAPI_H_ - -#if !defined(SECURITY_USE_LEGACY_HEADER) -#warning including obsolete header file SecKeychainAPI.h Use #include instead -#endif - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -OSStatus SecKeychainRelease(SecKeychainRef keychainRef); -OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef); -OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef); - -/* OBSOLETE Please use SecKeychainSearchCopyNext instead. */ -OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYCHAINAPI_H_ */ diff --git a/Keychain/SecKeychainAPIPriv.h b/Keychain/SecKeychainAPIPriv.h deleted file mode 100644 index 4328555e..00000000 --- a/Keychain/SecKeychainAPIPriv.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * SecKeychainAPIPriv.h - */ -#ifndef _SECURITY_KEYCHAINAPIPRIV_H_ -#define _SECURITY_KEYCHAINAPIPRIV_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/* Private keychain item attributes */ -enum -{ - kSecClassItemAttr = 'clas', /* Item class (KCItemClass) */ - kSecAliasItemAttr = 'alis', /* Alias attribute (required by CDSA). */ - kSecProtectedDataItemAttr = 'prot', /* Item's data is protected (encrypted) (Boolean) */ -}; - -/* Temporary: CRL attributes */ -enum -{ - kSecCrlTypeItemAttr = 'crtp', - kSecCrlEncodingItemAttr = 'cren', - kSecThisUpdateItemAttr = 'crtu', - kSecNextUpdateItemAttr = 'crnu', - kSecUriItemAttr = 'curi', // URI from which it came - kSecCrlNumberItemAttr = 'crnm', - kSecDeltaCrlNumberItemAttr = 'dlcr' -}; - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -/* Definitions for miscellaneous OS errors that can be returned (with appropriate error strings) */ -enum -{ - errSecMisc_dskFulErr = -34, /* The disk is full. */ - errSecMisc_nsvErr = -35, /* The disk couldn't be found. It may have been ejected. */ - errSecMisc_bdNamErr = -37, /* Tried to open a file whose name contains an illegal character. */ - errSecMisc_fnfErr = -43, /* The file could not be found. */ - errSecMisc_wPrErr = -44, /* The disk is write-protected. */ - errSecMisc_fLckdErr = -45, /* The file is locked. */ - errSecMisc_vLckdErr = -46, /* The volume is locked. */ - errSecMisc_fBsyErr = -47, /* The file is busy. It may be in use by another application. */ - errSecMisc_dupFNErr = -48, /* A file with the same name already exists. */ - errSecMisc_opWrErr = -49, /* The file is already open with write permission. */ - errSecMisc_volOffLinErr = -53, /* The volume is no longer available. It may have been ejected. */ - errSecMisc_permErr = -54, /* The file could not be opened. It may be in use by another application. */ - errSecMisc_extFSErr = -58, /* This volume does not appear to be compatible. */ - errSecMisc_wrPermErr = -61, /* Could not write to the file. It may have been opened with insufficient access privileges. */ - errSecMisc_offLinErr = -65, /* The storage device is no longer available. It may have been ejected. */ - errSecMisc_memFullErr = -108, /* There was not enough memory to perform the operation. */ - errSecMisc_dirNFErr = -120, /* The directory could not be found. */ - errSecMisc_volGoneErr = -124, /* The server volume is no longer available. It may have been disconnected. */ - errSecMisc_resNotFound = -192, /* A required resource could not be found. */ - errSecMisc_resFNotFound = -193, /* A required resource is missing or damaged. */ - errSecMisc_icNoURLErr = -673, /* The specified location (URL) is an unknown type, or does not contain enough information. */ - errSecMisc_icConfigNotFoundErr = -674, /* A helper application to open the specified URL could not be found. */ - errSecMisc_cantGetFlavorErr = -1854, /* The location (URL) of this item is missing or improperly formatted. */ - errSecMisc_afpAccessDenied = -5000, /* Access to this item was denied. */ - errSecMisc_afpUserNotAuth = -5023, /* Authentication failed. The password for this server may have changed since the item was added to the keychain. */ - errSecMisc_afpPwdPolicyErr = -5046 /* This AppleShare IP server is configured to not allow users to save passwords for automatic login. Contact the server administrator for more information. */ -}; - -UInt16 -SecKeychainListGetCount(void); - -OSStatus -SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef); - -OSStatus -SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef); - -OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword); - -OSStatus SecKeychainCopyLogin(SecKeychainRef *keychainRef); - -OSStatus SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password); - -OSStatus SecKeychainLogout(); - -OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Boolean resetSearchList); - -CFStringRef SecCopyErrorMessageString(OSStatus status, void *reserved); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_KEYCHAINAPIPRIV_H_ */ diff --git a/Keychain/SecKeychainAddIToolsPassword.c b/Keychain/SecKeychainAddIToolsPassword.c deleted file mode 100644 index 523b649a..00000000 --- a/Keychain/SecKeychainAddIToolsPassword.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * SecKeychainAddIToolsPassword.c - * - * Created by jhurley on Thu Jun 19 2003. - * Copyright (c) 2003 Apple. All rights reserved. - * - * Based on Keychain item access control example - * Created by Perry Kiehtreiber on Wed Jun 19 2002 - * Modified by Ken McLeod, Mon Apr 21 2003 -- added "always allow" ACL support - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -static CFArrayRef CopyTrustedAppListFromBundle(); -static SecAccessRef createAccess(CFStringRef accessLabel,const int allowAny); - -OSStatus SecKeychainAddIToolsPassword(SecKeychainRef keychain, UInt32 accountNameLength, const char *accountName, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) -{ - OSStatus err; - SecKeychainItemRef item = nil; - const char *serviceUTF8 = "iTools"; - CFStringRef itemLabel = CFSTR("iTools"); - const int allowAny = 0; - - // create initial access control settings for the item - SecAccessRef access = createAccess(itemLabel, allowAny); - - // below is the lower-layer equivalent to the SecKeychainAddGenericPassword() function; - // it does the same thing (except specify the access controls) - - // set up attribute vector (each attribute consists of {tag, length, pointer}) - SecKeychainAttribute attrs[] = - { - { kSecLabelItemAttr, strlen(serviceUTF8), (char *)serviceUTF8 }, // use the service string as the name of this item for display purposes - { kSecAccountItemAttr, accountNameLength, (char *)accountName }, - { kSecServiceItemAttr, strlen(serviceUTF8), (char *)serviceUTF8 } - }; - SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - err = SecKeychainItemCreateFromContent(kSecGenericPasswordItemClass, - &attributes, - passwordLength, - (const char *)passwordData, - keychain, - access, - &item); - - if (access) - CFRelease(access); - if (item) - CFRelease(item); - return noErr; -} - -SecAccessRef createAccess(CFStringRef accessLabel,const int allowAny) -{ - OSStatus err; - SecAccessRef access=nil; - CFMutableArrayRef trustedApplications=nil; - - if (!allowAny) // use default access ("confirm access") - { - // make an exception list of applications you want to trust, - // which are allowed to access the item without requiring user confirmation - SecTrustedApplicationRef myself=NULL, someOther=NULL; - CFArrayRef trustedAppListFromBundle=NULL; - - trustedApplications=CFArrayCreateMutable(kCFAllocatorDefault,0,&kCFTypeArrayCallBacks); - err = SecTrustedApplicationCreateFromPath(NULL, &myself); - if (!err) - CFArrayAppendValue(trustedApplications,myself); - - trustedAppListFromBundle=CopyTrustedAppListFromBundle(); - if (trustedAppListFromBundle) - { - int ix,top; - char buffer[MAXPATHLEN]; - top = CFArrayGetCount(trustedAppListFromBundle); - for (ix=0;ix - -#include -#include -#include - -#include "SecBridge.h" -#include "KCExceptions.h" -#include "Access.h" - - -// -// Given a polymorphic Sec type object, return -// its AclBearer component. -// Note: Login ACLs are not hooked into this layer; -// modules or attachments have no Sec* layer representation. -// -RefPointer aclBearer(CFTypeRef itemRef) -{ - // well, exactly what kind of something are you? - CFTypeID id = CFGetTypeID(itemRef); - if (id == gTypes().ItemImpl.typeID) { - // keychain item. If it's in a protected group, return the group key - if (SSGroup group = ItemImpl::required(SecKeychainItemRef(itemRef))->group()) - return &*group; - } else if (id == gTypes().KeyItem.typeID) { - // key item, return the key itself. - if (CssmClient::Key key = KeyItem::required(SecKeyRef(itemRef))->key()) - return &*key; - } else if (id == gTypes().KeychainImpl.typeID) { - // keychain (this yields the database ACL) - //@@@ not hooked up yet - } - // Guess not. Bummer - MacOSError::throwMe(errSecNoAccessForItem); -} - - -CFTypeID -SecKeychainItemGetTypeID(void) -{ - BEGIN_SECAPI - - secdebug("kcitem", "SecKeychainItemGetTypeID()"); - return gTypes().ItemImpl.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, - UInt32 length, const void *data, SecKeychainRef keychainRef, - SecAccessRef initialAccess, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemCreateFromContent(%lu, %p, %lu, %p, %p, %p)", - itemClass, attrList, length, data, keychainRef, initialAccess); - KCThrowParamErrIf_(length!=0 && data==NULL); - Item item(itemClass, attrList, length, data); - if (initialAccess) - item->setAccess(Access::required(initialAccess)); - - Keychain keychain = nil; - try - { - keychain = Keychain::optional(keychainRef); - if ( !keychain->exists() ) - { - MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time. - } - } - catch(...) - { - keychain = globals().storageManager.defaultKeychainUI(item); - } - - keychain->add(item); - if (itemRef) - *itemRef = item->handle(); - END_SECAPI -} - - -OSStatus -SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemModifyContent(%p, %p, %lu, %p)", itemRef, attrList, length, data); - Item item = ItemImpl::required(itemRef); - item->modifyContent(attrList, length, data); - END_SECAPI -} - - -OSStatus -SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemCopyContent(%p, %p, %p, %p, %p)", - itemRef, itemClass, attrList, length, outData); - Item item = ItemImpl::required(itemRef); - item->getContent(itemClass, attrList, length, outData); - END_SECAPI -} - - -OSStatus -SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemFreeContent(%p, %p)", attrList, data); - ItemImpl::freeContent(attrList, data); - END_SECAPI -} - - -OSStatus -SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemModifyAttributesAndData(%p, %p, %lu, %p)", itemRef, attrList, length, data); - Item item = ItemImpl::required(itemRef); - item->modifyAttributesAndData(attrList, length, data); - END_SECAPI -} - - -OSStatus -SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemCopyAttributesAndData(%p, %p, %p, %p, %p, %p)", itemRef, info, itemClass, attrList, length, outData); - Item item = ItemImpl::required(itemRef); - item->getAttributesAndData(info, itemClass, attrList, length, outData); - END_SECAPI -} - - -OSStatus -SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemFreeAttributesAndData(%p, %p)", attrList, data); - ItemImpl::freeAttributesAndData(attrList, data); - END_SECAPI -} - - -OSStatus -SecKeychainItemDelete(SecKeychainItemRef itemRef) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemFreeAttributesAndData(%p)", itemRef); - Item item = ItemImpl::required( itemRef ); - Keychain keychain = item->keychain(); - KCThrowIf_( !keychain, errSecInvalidItemRef ); - - keychain->deleteItem( item ); // item must be persistant. - END_SECAPI -} - - -OSStatus -SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemCopyKeychain(%p, %p)", itemRef, keychainRef); - Required(keychainRef) = ItemImpl::required(itemRef)->keychain()->handle(); - END_SECAPI -} - - -OSStatus -SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef, - SecAccessRef initialAccess, SecKeychainItemRef *itemCopy) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemCreateCopy(%p, %p, %p, %p)", - itemRef, destKeychainRef, initialAccess, itemCopy); - - Item copy = ItemImpl::required(itemRef)->copyTo(Keychain::optional(destKeychainRef), Access::optional(initialAccess)); - if (itemCopy) - *itemCopy = copy->handle(); - END_SECAPI -} - - -OSStatus -SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, const CSSM_DB_UNIQUE_RECORD **uniqueRecordID) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemGetUniqueRecordID(%p, %p)", itemRef, uniqueRecordID); - Required(uniqueRecordID) = ItemImpl::required(itemRef)->dbUniqueRecord(); - END_SECAPI -} - - -OSStatus -SecKeychainItemGetDLDBHandle(SecKeychainItemRef itemRef, CSSM_DL_DB_HANDLE* dldbHandle) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecKeychainItemGetDLDBHandle(%p, %p)", itemRef, dldbHandle); - *dldbHandle = ItemImpl::required(itemRef)->keychain()->database()->handle(); - END_SECAPI -} - - -OSStatus SecAccessCreateFromObject(CFTypeRef sourceRef, - SecAccessRef *accessRef) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecAccessCreateFromObject(%p, %p)", sourceRef, accessRef); - Required(accessRef); // preflight - SecPointer access = new Access(*aclBearer(sourceRef)); - *accessRef = access->handle(); - END_SECAPI -} - - -/*! - */ -OSStatus SecAccessModifyObject(SecAccessRef accessRef, CFTypeRef sourceRef) -{ - BEGIN_SECAPI - secdebug("kcitem", "SecAccessModifyObject(%p, %p)", accessRef, sourceRef); - Access::required(accessRef)->setAccess(*aclBearer(sourceRef), true); - END_SECAPI -} - -OSStatus -SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef* accessRef) -{ - BEGIN_SECAPI - - secdebug("kcitem", "SecKeychainItemCopyAccess(%p, %p)", itemRef, accessRef); - Required(accessRef); // preflight - SecPointer access = new Access(*aclBearer(reinterpret_cast(itemRef))); - *accessRef = access->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef) -{ - BEGIN_SECAPI - - secdebug("kcitem", "SecKeychainItemSetAccess(%p, %p)", itemRef, accessRef); - Access::required(accessRef)->setAccess(*aclBearer(reinterpret_cast(itemRef)), true); - - END_SECAPI -} diff --git a/Keychain/SecKeychainItem.h b/Keychain/SecKeychainItem.h deleted file mode 100644 index f6f0612a..00000000 --- a/Keychain/SecKeychainItem.h +++ /dev/null @@ -1,304 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKeychainItem - SecKeychainItem implements an item which may be stored in a SecKeychain, with publicly - visible attributes and encrypted data. The access to the data of an item is protected - using strong cryptographic algorithms. -*/ - -#ifndef _SECURITY_SECKEYCHAINITEM_H_ -#define _SECURITY_SECKEYCHAINITEM_H_ - -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecItemClass - @abstract Represents a keychain item's class. -*/ -typedef FourCharCode SecItemClass; - -/*! - @enum ItemClassConstants - @abstract Specifies a keychain item's class code. - @constant kSecInternetPasswordItemClass Indicates that the item is an internet password. - @constant kSecGenericPasswordItemClass Indicates that the item is a generic password. - @constant kSecAppleSharePasswordItemClass Indicates that the item is an AppleShare password. - @constant kSecCertificateItemClass Indicates that the item is a digital certificate. - @discussion The SecItemClass enumeration defines constants your application can use to specify the type of the keychain item you wish to create, dispose, add, delete, update, copy, or locate. You can also use these constants with the tag constant SecItemAttr. -*/ -enum -{ - kSecInternetPasswordItemClass = 'inet', - kSecGenericPasswordItemClass = 'genp', - kSecAppleSharePasswordItemClass = 'ashp', - kSecCertificateItemClass = CSSM_DL_DB_RECORD_X509_CERTIFICATE, -}; - -/*! - @typedef SecItemAttr - @abstract Represents a keychain item's attributes. - -*/ -typedef FourCharCode SecItemAttr; - -/*! - @enum ItemAttributeConstants - @abstract Specifies keychain item attributes. - @constant kSecCreationDateItemAttr Identifies the creation date attribute. You use this tag to set or get a value of type UInt32 that indicates the date the item was created. - @constant kSecModDateItemAttr Identifies the modification date attribute. You use this tag to set or get a value of type UInt32 that indicates the last time the item was updated. - @constant kSecDescriptionItemAttr Identifies the description attribute. You use this tag to set or get a value of type string that represents a user-visible string describing this particular kind of item (e.g. "disk image password"). - @constant kSecCommentItemAttr Identifies the comment attribute. You use this tag to set or get a value of type string that represents a user-editable string containing comments for this item. - @constant kSecCreatorItemAttr Identifies the creator attribute. You use this tag to set or get a value that represents the itemÕs creator. - @constant kSecTypeItemAttr Identifies the type attribute. You use this tag to set or get a value that represents the itemÕs type. - @constant kSecScriptCodeItemAttr Identifies the script code attribute. You use this tag to set or get a value of type ScriptCode that represents the script code for all strings. (Note: use of this attribute is deprecated; string attributes should be stored in UTF-8 encoding.) - @constant kSecLabelItemAttr Identifies the label attribute. You use this tag to set or get a value of type string that represents a user-editable string containing the label for this item. - @constant kSecInvisibleItemAttr Identifies the invisible attribute. You use this tag to set or get a value of type Boolean that indicates whether the item is invisible. - @constant kSecNegativeItemAttr Identifies the negative attribute. You use this tag to set or get a value of type Boolean that indicates whether there is a valid password associated with this keychain item. This is useful if your application doesn't want a password for some particular service to be stored in the keychain, but prefers that it always be entered by the user. The item (typically invisible and with zero-length data) acts as a placeholder to say Ã’don't use me.Ó - @constant kSecCustomIconItemAttr Identifies the custom icon attribute. You use this tag to set or get a value of type Boolean that indicates whether the item has an application-specific icon. To do this, you must also set the attribute value identified by the tag kSecTypeItemAttr to a file type for which there is a corresponding icon in the desktop database, and set the attribute value identified by the tag kSecCreatorItemAttr to an appropriate application creator type. If a custom icon corresponding to the item's type and creator can be found in the desktop database, it will be displayed by Keychain Access. Otherwise, default icons are used. - @constant kSecAccountItemAttr Identifies the account attribute. You use this tag to set or get a string that represents the user account. It also applies to generic and AppleShare passwords. - @constant kSecServiceItemAttr Identifies the service attribute. You use this tag to set or get a string that represents the service associated with this item (e.g. "iTools"). This is unique to generic password attributes. - @constant kSecGenericItemAttr Identifies the generic attribute. You use this tag to set or get a value of untyped bytes that represents a user-defined attribute. This is unique to generic password attributes. - @constant kSecSecurityDomainItemAttr Identifies the security domain attribute. You use this tag to set or get a value that represents the Internet security domain. This is unique to Internet password attributes. - @constant kSecServerItemAttr Identifies the server attribute. You use this tag to set or get a value of type string that represents the Internet serverÕs domain name or IP address. This is unique to Internet password attributes. - @constant kSecAuthenticationTypeItemAttr Identifies the authentication type attribute. You use this tag to set or get a value of type SecAuthenticationType that represents the Internet authentication scheme. This is unique to Internet password attributes. - @constant kSecPortItemAttr Identifies the port attribute. You use this tag to set or get a value of type UInt32 that represents the Internet port number. This is unique to Internet password attributes. - @constant kSecPathItemAttr Identifies the path attribute. You use this tag to set or get a value that represents the path. This is unique to Internet password attributes. - @constant kSecVolumeItemAttr Identifies the volume attribute. You use this tag to set or get a value that represents the AppleShare volume. This is unique to AppleShare password attributes. - @constant kSecAddressItemAttr Identifies the address attribute. You use this tag to set or get a value of type string that represents the AppleTalk zone name, or the IP or domain name that represents the server address. This is unique to AppleShare password attributes. - @constant kSecSignatureItemAttr Identifies the server signature attribute. You use this tag to set or get a value of type SecAFPServerSignature that represents the server signature block. This is unique to AppleShare password attributes. - @constant kSecProtocolItemAttr Identifies the protocol attribute. You use this tag to set or get a value of type SecProtocolType that represents the Internet protocol. This is unique to AppleShare and Internet password attributes. - @constant kSecCertificateType Indicates a CSSM_CERT_TYPE type. - @constant kSecCertificateEncoding Indicates a CSSM_CERT_ENCODING type. - @constant kSecCrlType Indicates a CSSM_CRL_TYPE type. - @constant kSecCrlEncoding Indicates a CSSM_CRL_ENCODING type. - @constant kSecAlias Indicates an alias. - @discussion To obtain information about a certificate, use the CDSA Certificate Library (CL) API. To obtain information about a key, use the SecKeyGetCSSMKey function and the CDSA Cryptographic Service Provider (CSP) API. -*/ -enum -{ - kSecCreationDateItemAttr = 'cdat', - kSecModDateItemAttr = 'mdat', - kSecDescriptionItemAttr = 'desc', - kSecCommentItemAttr = 'icmt', - kSecCreatorItemAttr = 'crtr', - kSecTypeItemAttr = 'type', - kSecScriptCodeItemAttr = 'scrp', - kSecLabelItemAttr = 'labl', - kSecInvisibleItemAttr = 'invi', - kSecNegativeItemAttr = 'nega', - kSecCustomIconItemAttr = 'cusi', - kSecAccountItemAttr = 'acct', - kSecServiceItemAttr = 'svce', - kSecGenericItemAttr = 'gena', - kSecSecurityDomainItemAttr = 'sdmn', - kSecServerItemAttr = 'srvr', - kSecAuthenticationTypeItemAttr = 'atyp', - kSecPortItemAttr = 'port', - kSecPathItemAttr = 'path', - kSecVolumeItemAttr = 'vlme', - kSecAddressItemAttr = 'addr', - kSecSignatureItemAttr = 'ssig', - kSecProtocolItemAttr = 'ptcl', - kSecCertificateType = 'ctyp', - kSecCertificateEncoding = 'cenc', - kSecCrlType = 'crtp', - kSecCrlEncoding = 'crnc', - kSecAlias = 'alis' -}; - -/*! - @typedef SecAFPServerSignature - @abstract Represents a 16-byte Apple File Protocol server signature block. -*/ -typedef UInt8 SecAFPServerSignature[16]; - -/*! - @typedef SecPublicKeyHash - @abstract Represents a 20-byte public key hash. -*/ -typedef UInt8 SecPublicKeyHash[20]; - -#pragma mark ÑÑÑÑ Keychain Item Management ÑÑÑÑ -/*! - @function SecKeychainItemGetTypeID - @abstract Returns the type identifier of SecKeychainItem instances. - @result The CFTypeID of SecKeychainItem instances. -*/ -CFTypeID SecKeychainItemGetTypeID(void); - -/*! - @function SecKeychainItemModifyAttributesAndData - @abstract Updates an existing keychain item after changing its attributes or data. - @param itemRef A reference to the keychain item to modify. - @param attrList The list of attributes to set. - @param length The length of the buffer pointed to by data. - @param data Pointer to a buffer containing the data to store. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns noErr. -*/ -OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); - -/*! - @function SecKeychainItemCreateFromContent - @abstract Creates a new keychain item from the supplied parameters. - @param itemClass A constant identifying the class of item to create. - @param attrList The list of attributes of the item to create. - @param length The length of the buffer pointed to by data. - @param data A pointer to a buffer containing the data to store. - @param initialAccess A reference to the access for this keychain item. - @param keychainRef A reference to the keychain in which to add the item. - @param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied, or memFullErr (-108) if there is not enough memory in the current heap zone to create the object. -*/ -OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, - UInt32 length, const void *data, SecKeychainRef keychainRef, - SecAccessRef initialAccess, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainItemModifyContent - @abstract Updates an existing keychain item after changing its attributes or data. This call should only be used in conjunction with SecKeychainItemCopyContent(). - @param itemRef A reference to the keychain item to modify. - @param attrList The list of attributes to set. - @param length The length of the buffer pointed to by data. - @param data A pointer to a buffer containing the data to store. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); - -/*! - @function SecKeychainItemCopyContent - @abstract Copies the data and/or attributes stored in the given keychain item. It is recommended that you use SecKeychainItemCopyAttributesAndData(). You must call SecKeychainItemFreeContent when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyContent(). - @param itemRef A reference to the keychain item to modify. - @param itemClass The item's class. You should pass NULL if it is not required. - @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. You must call SecKeychainItemFreeContent when you no longer need the attributes. - @param length On return, the length of the buffer pointed to by outData. - @param outData On return, a pointer to a buffer containing the data in this item. You must call SecKeychainItemFreeContent when you no longer need the data. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied. -*/ -OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData); - -/*! - @function SecKeychainItemFreeContent - @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyContent. - @param attrList A pointer to the attribute list to release. - @param data A pointer to the data buffer to release. -*/ -OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data); - -/*! - @function SecKeychainItemCopyAttributesAndData - @abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyAttributesAndData(). - @param itemRef A reference to the keychain item to copy. - @param info List of tags of attributes to retrieve. - @param itemClass The item's class. You should pass NULL if not required. - @param attrList on output, an attribute list with the attributes specified by info. You must call SecKeychainItemFreeAttributesAndData() when you no longer need this list. - @param length on output the actual length of the data. - @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the data. - @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied. -*/ -OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData); - -/*! - @function SecKeychainItemFreeAttributesAndData - @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyAttributesAndData. - @param attrList A pointer to the attribute list to release. - @param data A pointer to the data buffer to release. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data); - -/*! - @function SecKeychainItemDelete - @abstract Deletes a keychain item from the default keychain's permanent data store. - @param itemRef A keychain item reference of the item to delete. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If itemRef has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns noErr. IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself; use the CFRelease function when you are completely finished with an item. -*/ -OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef); - -/*! - @function SecKeychainItemCopyKeychain - @abstract Copies an existing keychain reference from a keychain item. - @param itemRef A keychain item reference of the item to update. - @param keychainRef On return, a pointer to a keychain reference. Release this by calling CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef *keychainRef); - -/*! - @function SecKeychainItemCreateCopy - @abstract Copies a keychain item. - @param itemRef A reference to the keychain item to copy. - @param destKeychainRef A reference to the keychain in which to insert the copied keychain item. - @param initialAccess The initial access for the copied keychain item. - @param itemCopy On return, a pointer to a copy of the keychain item referenced by itemRef. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef, - SecAccessRef initialAccess, SecKeychainItemRef *itemCopy); - - -#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ -/*! - @function SecKeychainItemGetDLDBHandle - @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain item reference. - @param keyItemRef A keychain item reference. - @param dldbHandle On return, a CSSM_DL_DB_HANDLE for the keychain database containing the given item. The handle is valid until the keychain reference is released. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemGetDLDBHandle(SecKeychainItemRef keyItemRef, CSSM_DL_DB_HANDLE *dldbHandle); - -/*! - @function SecKeychainItemGetUniqueRecordID - @abstract Returns a CSSM_DB_UNIQUE_RECORD for the given keychain item reference. - @param itemRef A keychain item reference. - @param uniqueRecordID On return, a pointer to a CSSM_DB_UNIQUE_RECORD structure for the given item. The unique record is valid until the item reference is released. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, const CSSM_DB_UNIQUE_RECORD **uniqueRecordID); - -#pragma mark ÑÑÑÑ Keychain Item Access Management ÑÑÑÑ -/*! - @function SecKeychainItemCopyAccess - @abstract Copies the access of a given keychain item. - @param itemRef A reference to a keychain item. - @param access On return, a pointer to the keychain item's access. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef *access); - -/*! - @function SecKeychainItemSetAccess - @abstract Sets the access of a given keychain item. - @param itemRef A reference to a keychain item. - @param access A reference to an access to replace the keychain item's current access. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef access); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYCHAINITEM_H_ */ diff --git a/Keychain/SecKeychainSearch.cpp b/Keychain/SecKeychainSearch.cpp deleted file mode 100644 index 3e36bdd6..00000000 --- a/Keychain/SecKeychainSearch.cpp +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include - -#include "SecBridge.h" - -CFTypeID -SecKeychainSearchGetTypeID(void) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchGetTypeID()"); - return gTypes().KCCursorImpl.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchCreateFromAttributes(%p, %lu, %p, %p)", - keychainOrArray, itemClass, attrList, searchRef); - Required(searchRef); // Make sure that searchRef is an invalid SearchRef - - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - KCCursor cursor(keychains, itemClass, attrList); - *searchRef = cursor->handle(); - - END_SECAPI -} - - -OSStatus -SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - - secdebug("kcsearch", "SecKeychainSearchCopyNext(%p, %p)", searchRef, itemRef); - RequiredParam(itemRef); - Item item; - if (!KCCursorImpl::required(searchRef)->next(item)) - return errSecItemNotFound; - - *itemRef=item->handle(); - - END_SECAPI -} diff --git a/Keychain/SecKeychainSearch.h b/Keychain/SecKeychainSearch.h deleted file mode 100644 index dd7b081b..00000000 --- a/Keychain/SecKeychainSearch.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecKeychainSearch - The functions provided in SecKeychainSearch implement a query of one or more keychains to search for a particular SecKeychainItem. -*/ - -#ifndef _SECURITY_SECKEYCHAINSEARCH_H_ -#define _SECURITY_SECKEYCHAINSEARCH_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecKeychainSearchGetTypeID - @abstract Returns the type identifier of SecKeychainSearch instances. - @result The CFTypeID of SecKeychainSearch instances. -*/ -CFTypeID SecKeychainSearchGetTypeID(void); - -/*! - @function SecKeychainSearchCreateFromAttributes - @abstract Creates a search reference matching a list of zero or more specified attributes in the specified keychain. - @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. - @param itemClass The keychain item class. - @param attrList A pointer to a list of zero or more keychain attribute records to match. Pass NULL to match any keychain attribute. - @param searchRef On return, a pointer to the current search reference. You are responsible for calling the CFRelease function to release this reference when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef); - -/*! - @function SecKeychainSearchCopyNext - @abstract Finds the next keychain item matching the given search criteria. - @param searchRef A reference to the current search criteria. The search reference is created in the SecKeychainSearchCreateFromAttributes function and must be released by calling the CFRelease function when you are done with it. - @param itemRef On return, a pointer to a keychain item reference of the next matching keychain item, if any. - @result A result code. When there are no more items that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYCHAINSEARCH_H_ */ diff --git a/Keychain/SecPolicy.cpp b/Keychain/SecPolicy.cpp deleted file mode 100644 index e4e6627a..00000000 --- a/Keychain/SecPolicy.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include "SecBridge.h" - - -// -// CF boilerplate -// -CFTypeID -SecPolicyGetTypeID(void) -{ - BEGIN_SECAPI - return gTypes().Policy.typeID; - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -// -// Sec API bridge functions -// -OSStatus -SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid) -{ - BEGIN_SECAPI - Required(oid) = Policy::required(policyRef)->oid(); - END_SECAPI -} - - -OSStatus -SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value) -{ - BEGIN_SECAPI - Required(value) = Policy::required(policyRef)->value(); - END_SECAPI -} - -OSStatus -SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) -{ - BEGIN_SECAPI - Policy::required(policyRef)->value() = value ? (*value) : CssmData(); - END_SECAPI -} - - -OSStatus -SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE* tpHandle) -{ - BEGIN_SECAPI - Required(tpHandle) = Policy::required(policyRef)->tp()->handle(); - END_SECAPI -} diff --git a/Keychain/SecPolicy.h b/Keychain/SecPolicy.h deleted file mode 100644 index 3ab86e7e..00000000 --- a/Keychain/SecPolicy.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecPolicy - The functions provided in SecPolicy implement a representation of a particular trust policy. -*/ - -#ifndef _SECURITY_SECPOLICY_H_ -#define _SECURITY_SECPOLICY_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecPolicyGetTypeID - @abstract Returns the type identifier of SecPolicy instances. - @result The CFTypeID of SecPolicy instances. -*/ -CFTypeID SecPolicyGetTypeID(void); - -/*! - @function SecPolicyGetOID - @abstract Returns a policy's object identifier. - @param policyRef A policy reference. - @param oid On return, a pointer to the policy's object identifier. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID *oid); - -/*! - @function SecPolicyGetValue - @abstract Returns a policy's value. - @param policyRef A policy reference. - @param value On return, a pointer to the policy's value. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA *value); - -/*! - @function SecPolicyGetTPHandle - @abstract Returns the CSSM trust policy handle for the given policy. - @param policyRef A policy reference. - @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE *tpHandle); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECPOLICY_H_ */ diff --git a/Keychain/SecPolicyPriv.h b/Keychain/SecPolicyPriv.h deleted file mode 100644 index c8682dc2..00000000 --- a/Keychain/SecPolicyPriv.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecPolicy - The functions provided in SecPolicy implement a representation of a particular trust policy. -*/ - -#ifndef _SECURITY_SECPOLICYPRIV_H_ -#define _SECURITY_SECPOLICYPRIV_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @function SecPolicySetValue - @abstract Sets a policy's value. - @param policyRef A policy reference. - @param value The value to be set into the policy object, replacing any previous value. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECPOLICYPRIV_H_ */ diff --git a/Keychain/SecPolicySearch.cpp b/Keychain/SecPolicySearch.cpp deleted file mode 100644 index 6fbf8613..00000000 --- a/Keychain/SecPolicySearch.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include "SecBridge.h" - - -// -// CF Boilerplate -CFTypeID -SecPolicySearchGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().PolicyCursor.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecPolicySearchCreate( - CSSM_CERT_TYPE certType, - const CSSM_OID* oid, - const CSSM_DATA* value, - SecPolicySearchRef* searchRef) -{ - BEGIN_SECAPI - Required(searchRef); // preflight - SecPointer cursor(new PolicyCursor(oid, value)); - *searchRef = cursor->handle(); - END_SECAPI -} - - -OSStatus -SecPolicySearchCopyNext( - SecPolicySearchRef searchRef, - SecPolicyRef* policyRef) -{ - BEGIN_SECAPI - - RequiredParam(policyRef); - SecPointer policy; - if (!PolicyCursor::required(searchRef)->next(policy)) - return errSecPolicyNotFound; - *policyRef = policy->handle(); - END_SECAPI -} diff --git a/Keychain/SecPolicySearch.h b/Keychain/SecPolicySearch.h deleted file mode 100644 index 765765fe..00000000 --- a/Keychain/SecPolicySearch.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecPolicySearch - The functions provided in SecPolicySearch implement a query for SecPolicy objects. -*/ - -#ifndef _SECURITY_SECPOLICYSEARCH_H_ -#define _SECURITY_SECPOLICYSEARCH_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecPolicySearchRef - @abstract A reference to an opaque policy search structure. -*/ -typedef struct OpaquePolicySearchRef *SecPolicySearchRef; - -/*! - @function SecPolicySearchGetTypeID - @abstract Returns the type identifier of SecPolicySearch instances. - @result The CFTypeID of SecPolicySearch instances. -*/ -CFTypeID SecPolicySearchGetTypeID(void); - -/*! - @function SecPolicySearchCreate - @abstract Creates a search reference for finding a policy by specifying its object identifier. - @param certType The type of certificates a policy uses. - @param policyOID A pointer to a BER-encoded policy object identifier that uniquely specifies the policy. - @param value A pointer to an optional policy-defined value. The contents of this value depend on the policy object identifier defined. - @param searchRef On return, a pointer to a policy search reference. The policy search reference is used for subsequent calls to the SecCopyNextPolicy function to obtain the remaining trust policies. You are responsible for releasing the search reference by calling the CFRelease function when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicySearchCreate(CSSM_CERT_TYPE certType, const CSSM_OID *policyOID, const CSSM_DATA *value, SecPolicySearchRef *searchRef); - -/*! - @function SecPolicySearchCopyNext - @abstract Finds the next policy matching the given search criteria - @param searchRef A reference to the current policy search criteria. You create the policy search reference by a calling the SecPolicySearchCreate function. You are responsible for releasing the policy by calling the CFRelease function when finished with it. - @param policyRef On return, a pointer to a policy reference. - @result A result code. When there are no more policies that match the parameters specified to SecPolicySearchCreate, errSecPolicyNotFound is returned. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecPolicySearchCopyNext(SecPolicySearchRef searchRef, SecPolicyRef *policyRef); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECPOLICY_H_ */ diff --git a/Keychain/SecRuntime.cpp b/Keychain/SecRuntime.cpp deleted file mode 100644 index 8033967d..00000000 --- a/Keychain/SecRuntime.cpp +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// SecRuntime.cpp - CF runtime interface -// - -#include - -#ifndef NDEBUG -#include -#endif - -using namespace KeychainCore; - -// -// SecCFObject -// -SecCFObject * -SecCFObject::optional(CFTypeRef cfTypeRef) throw() -{ - if (!cfTypeRef) - return NULL; - - return const_cast(reinterpret_cast(reinterpret_cast(cfTypeRef) + kAlignedRuntimeSize)); -} - -SecCFObject * -SecCFObject::required(CFTypeRef cfTypeRef, OSStatus error) -{ - SecCFObject *object = optional(cfTypeRef); - if (!object) - MacOSError::throwMe(error); - - return object; -} - -void * -SecCFObject::allocate(size_t size, CFTypeID typeID) throw(std::bad_alloc) -{ - void *p = const_cast(_CFRuntimeCreateInstance(gTypes().allocator, typeID, - size + kAlignedRuntimeSize - sizeof(CFRuntimeBase), NULL)); - if (p == NULL) - throw std::bad_alloc(); - - reinterpret_cast(p)->isNew = true; - - void *q = reinterpret_cast(reinterpret_cast(p) + kAlignedRuntimeSize); - - secdebug("sec", "SecCFObject allocated %p of type %lu", q, typeID); - - return q; -} - -void -SecCFObject::operator delete(void *object) throw() -{ - secdebug("sec", "SecCFObject operator delete %p", object); - CFTypeRef cfType = reinterpret_cast(reinterpret_cast(object) - kAlignedRuntimeSize); - CFRelease(cfType); -} - -SecCFObject::~SecCFObject() throw() -{ - secdebug("sec", "SecCFObject::~SecCFObject %p", this); -} - -bool -SecCFObject::equal(SecCFObject &other) -{ - return this == &other; -} - -CFHashCode -SecCFObject::hash() -{ - return CFHashCode(this); -} - -CFStringRef -SecCFObject::copyFormattingDesc(CFDictionaryRef dict) -{ - return NULL; -} - -CFStringRef -SecCFObject::copyDebugDesc() -{ - return NULL; -} - -CFTypeRef -SecCFObject::handle(bool retain) throw() -{ - CFTypeRef cfType = *this; - if (retain && !isNew()) CFRetain(cfType); - return cfType; -} diff --git a/Keychain/SecRuntime.h b/Keychain/SecRuntime.h deleted file mode 100644 index cec4b74a..00000000 --- a/Keychain/SecRuntime.h +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// SecRuntime.h - CF runtime interface -// -#ifndef _SECURITY_SECRUNTIME_H_ -#define _SECURITY_SECRUNTIME_H_ - -#include -#include - -#include - -namespace Security -{ - -namespace KeychainCore -{ - -#define SECCFFUNCTIONS(OBJTYPE, APIPTR, ERRCODE) \ -\ -void *operator new(size_t size) throw(std::bad_alloc) \ -{ return SecCFObject::allocate(size, gTypes().OBJTYPE.typeID); } \ -\ -operator APIPTR() const \ -{ return (APIPTR)(this->operator CFTypeRef()); } \ -\ -APIPTR handle(bool retain = true) \ -{ return (APIPTR)SecCFObject::handle(retain); } \ -\ -static OBJTYPE *required(APIPTR ptr) \ -{ return static_cast(SecCFObject::required(ptr, ERRCODE)); } \ -\ -static OBJTYPE *optional(APIPTR ptr) \ -{ return static_cast(SecCFObject::optional(ptr)); } - -#define SECALIGNUP(SIZE, ALIGNMENT) (((SIZE - 1) & ~(ALIGNMENT - 1)) + ALIGNMENT) - -struct SecRuntimeBase: CFRuntimeBase -{ - bool isNew; -}; - -class SecCFObject -{ -private: - void *operator new(size_t) throw(std::bad_alloc); - - // Align up to a multiple of 16 bytes - static const size_t kAlignedRuntimeSize = SECALIGNUP(sizeof(SecRuntimeBase), 16); - -public: - // For use by SecPointer only. Returns true once the first time it's called after the object has been created. - bool isNew() - { - SecRuntimeBase *base = reinterpret_cast(reinterpret_cast(this) - kAlignedRuntimeSize); - bool isNew = base->isNew; - base->isNew = false; - return isNew; - } - - static SecCFObject *optional(CFTypeRef) throw(); - static SecCFObject *required(CFTypeRef, OSStatus error); - static void *allocate(size_t size, CFTypeID typeID) throw(std::bad_alloc); - - virtual ~SecCFObject() throw(); - - void operator delete(void *object) throw(); - operator CFTypeRef() const throw() - { - return reinterpret_cast(reinterpret_cast(this) - kAlignedRuntimeSize); - } - - // This bumps up the retainCount by 1, by calling CFRetain(), iff retain is true - CFTypeRef handle(bool retain = true) throw(); - - virtual bool equal(SecCFObject &other); - virtual CFHashCode hash(); - virtual CFStringRef copyFormattingDesc(CFDictionaryRef dict); - virtual CFStringRef copyDebugDesc(); -}; - -// -// A pointer type for SecCFObjects. -// T must be derived from SecCFObject. -// -class SecPointerBase -{ -public: - SecPointerBase() : ptr(NULL) - {} - SecPointerBase(const SecPointerBase& p) - { - if (p.ptr) - CFRetain(p.ptr->operator CFTypeRef()); - ptr = p.ptr; - } - SecPointerBase(SecCFObject *p) - { - if (p && !p->isNew()) - CFRetain(p->operator CFTypeRef()); - ptr = p; - } - ~SecPointerBase() - { - if (ptr) - CFRelease(ptr->operator CFTypeRef()); - } - SecPointerBase& operator = (const SecPointerBase& p) - { - if (p.ptr) - CFRetain(p.ptr->operator CFTypeRef()); - if (ptr) - CFRelease(ptr->operator CFTypeRef()); - ptr = p.ptr; - return *this; - } - -protected: - void assign(SecCFObject * p) - { - if (p && !p->isNew()) - CFRetain(p->operator CFTypeRef()); - if (ptr) - CFRelease(ptr->operator CFTypeRef()); - ptr = p; - } - - SecCFObject *ptr; -}; - -template -class SecPointer : public SecPointerBase -{ -public: - SecPointer() : SecPointerBase() {} - SecPointer(const SecPointer& p) : SecPointerBase(p) {} - SecPointer(T *p): SecPointerBase(p) {} - SecPointer &operator =(T *p) { this->assign(p); return *this; } - - // dereference operations - T* get () const { return static_cast(ptr); } // mimic auto_ptr - operator T * () const { return static_cast(ptr); } - T * operator -> () const { return static_cast(ptr); } - T & operator * () const { return *static_cast(ptr); } -}; - -template -bool operator <(const SecPointer &r1, const SecPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 < *p2 : p1 < p2; -} - -template -bool operator ==(const SecPointer &r1, const SecPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 == *p2 : p1 == p2; -} - -template -bool operator !=(const SecPointer &r1, const SecPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 != *p2 : p1 != p2; -} - - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_SECRUNTIME_H_ diff --git a/Keychain/SecTrust.cpp b/Keychain/SecTrust.cpp deleted file mode 100644 index 61d60f94..00000000 --- a/Keychain/SecTrust.cpp +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include "SecBridge.h" - -// -// CF boilerplate -// -CFTypeID SecTrustGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().Trust.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -// -// Sec* API bridge functions -// -OSStatus SecTrustCreateWithCertificates( - CFArrayRef certificates, - CFTypeRef policies, - SecTrustRef *trustRef) -{ - BEGIN_SECAPI - Required(trustRef); - *trustRef = (new Trust(certificates, policies))->handle(); - END_SECAPI -} - - -OSStatus -SecTrustSetPolicies(SecTrustRef trustRef, CFTypeRef policies) -{ - BEGIN_SECAPI - Trust::required(trustRef)->policies(policies); - END_SECAPI -} - - -OSStatus SecTrustSetParameters( - SecTrustRef trustRef, - CSSM_TP_ACTION action, - CFDataRef actionData) -{ - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - trust->action(action); - trust->actionData(actionData); - END_SECAPI -} - - -OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates) -{ - BEGIN_SECAPI - Trust::required(trust)->anchors(anchorCertificates); - END_SECAPI -} - - -OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray) -{ - BEGIN_SECAPI - StorageManager::KeychainList keychains; - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - Trust::required(trust)->searchLibs() = keychains; - END_SECAPI -} - - -OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate) -{ - BEGIN_SECAPI - Trust::required(trust)->time(verifyDate); - END_SECAPI -} - - -OSStatus SecTrustEvaluate(SecTrustRef trustRef, SecTrustResultType *resultP) -{ - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - trust->evaluate(); - if (resultP) - *resultP = trust->result(); - END_SECAPI -} - - -// -// Construct the "official" result evidence and return it -// -OSStatus SecTrustGetResult( - SecTrustRef trustRef, - SecTrustResultType *result, - CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain) -{ - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - if (result) - *result = trust->result(); - if (certChain && statusChain) - trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain)); - END_SECAPI -} - - -// -// Retrieve CSSM-level information for those who want to dig down -// -OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result) -{ - BEGIN_SECAPI - Required(result) = Trust::required(trust)->cssmResult(); - END_SECAPI -} - -// -// Retrieve CSSM_LEVEL TP return code -// -OSStatus SecTrustGetCssmResultCode(SecTrustRef trustRef, OSStatus *result) -{ - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - if (trust->result() == kSecTrustResultInvalid) - return paramErr; - else - Required(result) = trust->cssmResultCode(); - END_SECAPI -} - -OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle) -{ - BEGIN_SECAPI - Required(handle) = Trust::required(trust)->getTPHandle(); - END_SECAPI -} - - -// -// Get the user's default anchor certificate set -// -OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchorCertificates) -{ - BEGIN_SECAPI - Required(anchorCertificates) = Trust::gStore().copyRootCertificates(); - END_SECAPI -} - -OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, - uint32 *cssmAnchorCount) -{ - BEGIN_SECAPI - CertGroup certs; - Trust::gStore().getCssmRootCertificates(certs); - Required(cssmAnchors) = certs.blobCerts(); - Required(cssmAnchorCount) = certs.count(); - END_SECAPI -} - - -// -// Get and set user trust settings -// -OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, - SecPolicyRef policy, SecTrustUserSetting *trustSetting) -{ - BEGIN_SECAPI - Required(trustSetting) = Trust::gStore().find( - Certificate::required(certificate), - Policy::required(policy)); - END_SECAPI -} - -OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, - SecPolicyRef policy, SecTrustUserSetting trustSetting) -{ - BEGIN_SECAPI - switch (trustSetting) { - case kSecTrustResultProceed: - case kSecTrustResultConfirm: - case kSecTrustResultDeny: - case kSecTrustResultUnspecified: - break; - default: - MacOSError::throwMe(errSecInvalidTrustSetting); - } - Trust::gStore().assign( - Certificate::required(certificate), - Policy::required(policy), - trustSetting); - END_SECAPI -} - diff --git a/Keychain/SecTrust.h b/Keychain/SecTrust.h deleted file mode 100644 index 523da7c4..00000000 --- a/Keychain/SecTrust.h +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecTrust - The functions and data types in SecTrust implement trust computation and allows the user to apply trust decisions to the trust configuration. -*/ - -#ifndef _SECURITY_SECTRUST_H_ -#define _SECURITY_SECTRUST_H_ - -#include -#include -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @typedef SecTrustResultType - @abstract Specifies the trust result type. - @constant kSecTrustResultInvalid Indicates an invalid setting or result. - @constant kSecTrustResultProceed Indicates you may proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. - @constant kSecTrustResultConfirm Indicates confirmation with the user is required before proceeding. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. - @constant kSecTrustResultDeny Indicates a user-configured deny; do not proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. - @constant kSecTrustResultUnspecified Indicates user intent is unknown. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. - @constant kSecTrustResultRecoverableTrustFailure Indicates a trust framework failure; retry after fixing inputs. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. - @constant kSecTrustResultFatalTrustFailure Indicates a trust framework failure; no "easy" fix. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. - @constant kSecTrustResultOtherError Indicates a failure other than that of trust evaluation. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. - */ -typedef enum { - kSecTrustResultInvalid, - kSecTrustResultProceed, - kSecTrustResultConfirm, - kSecTrustResultDeny, - kSecTrustResultUnspecified, - kSecTrustResultRecoverableTrustFailure, - kSecTrustResultFatalTrustFailure, - kSecTrustResultOtherError -} SecTrustResultType; - -/*! - @typedef SecTrustUserSetting - @abstract Specifies user-specified trust settings. -*/ -typedef SecTrustResultType SecTrustUserSetting; - -/*! - @typedef SecTrustRef - @abstract A pointer to an opaque trust management structure. -*/ -typedef struct OpaqueSecTrustRef *SecTrustRef; - -/*! - @function SecTrustGetTypeID - @abstract Returns the type identifier of SecTrust instances. - @result The CFTypeID of SecTrust instances. -*/ -CFTypeID SecTrustGetTypeID(void); - -/*! - @function SecTrustCreateWithCertificates - @abstract Creates a trust based on the given certificates and policies. - @param certificates The group of certificates to verify. - @param policies An array of one or more policies. You may pass a SecPolicyRef - to represent a single policy. - @param trustRef On return, a pointer to the trust management reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustCreateWithCertificates(CFArrayRef certificates, CFTypeRef policies, SecTrustRef *trustRef); - -/*! - @function SecTrustSetParameters - @abstract Sets the action and action data for a trust. - @param trustRef The reference to the trust to change. - @param action A CSSM trust action. - @param actionData A reference to action data. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecTrustSetParameters(SecTrustRef trustRef, CSSM_TP_ACTION action, CFDataRef actionData); - -/*! - @function SecTrustSetAnchorCertificates - @abstract Sets the anchor certificates for a given trust. - @param trust A reference to a trust. - @param anchorCertificates An array of anchor certificates. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates); - -/*! - @function SecTrustSetKeychains - @abstract Sets the keychains for a given trust. - @param trust A reference to a trust. - @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray); - -/*! - @function SecTrustSetVerifyDate - @abstract Verifies the date of a given trust. - @param trust A reference to the trust to verify. - @param verifyDate The date to verify. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate); - -/*! - @function SecTrustEvaluate - @abstract Evaluates a trust. - @param trust A reference to the trust to evaluate. - @param result A pointer to a result type. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result); - -/*! - @function SecTrustGetResult - @abstract Returns detail information on the outcome of a call to SecTrustEvaluate. - @param trustRef A reference to a trust. - @param result A pointer to the result from the call to SecTrustEvaluate. - @param certChain On return, a pointer to the certificate chain used to validate the input certificate. - @param statusChain On return, a pointer to the status of the certificate chain. Do not attempt to free this pointer; it remains valid until the trust is destroyed or the next call to SecTrustEvaluate. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType *result, CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain); - -/*! - @function SecTrustGetCssmResult - @abstract Gets the CSSM trust result. - @param trust A reference to a trust. - @param result On return, a pointer to the CSSM trust result. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result); - -/*! - @function SecTrustGetTPHandle - @abstract Gets the CSSM trust handle - @param trust A reference to a trust. - @param handle On return, a pointer to a CSSM trust handle. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle); - -/*! - @function SecTrustCopyAnchorCertificates - @abstract Returns the anchor (root) certificates. - @param anchors On return, a pointer to the anchors (roots). This may be used with the function SecCertificateGroupVerify. Call the CFRelease function to release this pointer. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchors); - -/*! - @function SecTrustGetCSSMAnchorCertificates - @abstract Retrieves the CSSM anchor certificates. - @param cssmAnchors A pointer to an array of anchor certificates. - @param cssmAnchorCount A pointer to the number of certificates in anchors. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount); - -/*! - @function SecTrustGetUserTrust - @abstract Gets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting On return, a pointer to the user specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting); - -/*! - @function SecTrustSetUserTrust - @abstract Sets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting The user-specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECTRUST_H_ */ diff --git a/Keychain/SecTrustPriv.h b/Keychain/SecTrustPriv.h deleted file mode 100644 index 0f1c6e23..00000000 --- a/Keychain/SecTrustPriv.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecTrustPriv - Private part of SecTrust.h -*/ - -#ifndef _SECURITY_SECTRUST_PRIV_H_ -#define _SECURITY_SECTRUST_PRIV_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecTrustSetPolicies - @abstract Set (replace) set of policies to evaluate - @param trust The SecTrust object to manipulate - @param policies An array of one or more policies. A Single SecPolicyRef may also - be passed, representing an array of one policy. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustSetPolicies(SecTrustRef trust, CFTypeRef policies); - - -/*! - @function SecTrustGetCssmVerifyResult - @abstract Gets the actual CSSM return code from the last attempted SecTrustEvaluate call. - @param trust A reference to a trust. - @param result On return, the CSSM_RETURN produced by the last invocation of the TP. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustGetCssmResultCode(SecTrustRef trust, OSStatus *result); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECTRUST_PRIV_H_ */ diff --git a/Keychain/SecTrustedApplication.cpp b/Keychain/SecTrustedApplication.cpp deleted file mode 100644 index 1ab4cec5..00000000 --- a/Keychain/SecTrustedApplication.cpp +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include - -#include "SecBridge.h" - - -CFTypeID -SecTrustedApplicationGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().TrustedApplication.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} - - -OSStatus -SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef) -{ - BEGIN_SECAPI - SecPointer app = - path ? new TrustedApplication(path) : new TrustedApplication; - Required(appRef) = app->handle(); - END_SECAPI -} - -/*! - */ -OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, - CFDataRef *dataRef) -{ - BEGIN_SECAPI - const CssmData &data = TrustedApplication::required(appRef)->data(); - Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)data.data(), data.length()); - END_SECAPI -} - -OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, - CFDataRef dataRef) -{ - BEGIN_SECAPI - TrustedApplication::required(appRef)->data(cfData(dataRef)); - END_SECAPI -} - - -OSStatus -SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path) -{ - BEGIN_SECAPI - TrustedApplication &app = *TrustedApplication::required(appRef); - if (!app.sameSignature(path ? path : app.path())) - return CSSMERR_CSP_VERIFY_FAILED; - END_SECAPI -} - - -OSStatus -SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef, - SecTrustedApplicationRef newRef, UInt32 flags) -{ - BEGIN_SECAPI - if (flags & ~kSecApplicationValidFlags) - return paramErr; - SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - TrustedApplication *oldApp = TrustedApplication::required(oldRef); - TrustedApplication *newApp = TrustedApplication::required(newRef); - ss.addCodeEquivalence(oldApp->signature(), newApp->signature(), oldApp->path(), - flags & kSecApplicationFlagSystemwide); - END_SECAPI -} - -OSStatus -SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags) -{ - BEGIN_SECAPI - if (flags & ~kSecApplicationValidFlags) - return paramErr; - SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - TrustedApplication *app = TrustedApplication::required(appRef); - ss.removeCodeEquivalence(app->signature(), app->path(), - flags & kSecApplicationFlagSystemwide); - END_SECAPI -} - - -/* - * Check to see if an application at a given path is a candidate for - * pre-emptive code equivalency establishment - */ -OSStatus -SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path) -{ - BEGIN_SECAPI - - // strip installroot - if (installroot) { - size_t rootlen = strlen(installroot); - if (!strncmp(installroot, path, rootlen)) - path += rootlen - 1; // keep the slash - } - - // look up in database - static ModuleNexus paths; - if (!paths()[path]) - return CSSMERR_DL_RECORD_NOT_FOUND; // whatever - END_SECAPI -} - - -/* - * Point the system at another system root for equivalence use. - * This is for system update installers (only)! - */ -OSStatus -SecTrustedApplicationUseAlternateSystem(const char *systemRoot) -{ - BEGIN_SECAPI - Required(systemRoot); - SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - ss.setAlternateSystemRoot(systemRoot); - END_SECAPI -} diff --git a/Keychain/SecTrustedApplication.h b/Keychain/SecTrustedApplication.h deleted file mode 100644 index a9c482d6..00000000 --- a/Keychain/SecTrustedApplication.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecTrustedApplication - The functions provided in SecTrustedApplication implement an object representing an application in a - SecAccess object. -*/ - -#ifndef _SECURITY_SECTRUSTEDAPPLICATION_H_ -#define _SECURITY_SECTRUSTEDAPPLICATION_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @function SecTrustedApplicationGetTypeID - @abstract Returns the type identifier of SecTrustedApplication instances. - @result The CFTypeID of SecTrustedApplication instances. -*/ -CFTypeID SecTrustedApplicationGetTypeID(void); - -/*! - @function SecTrustedApplicationCreateFromPath - @abstract Creates a trusted application reference based on the trusted application specified by path. - @param path The path to the application or tool to trust. For application bundles, use the - path to the bundle directory. Pass NULL to refer to yourself, i.e. the application or tool - making this call. - @param app On return, a pointer to the trusted application reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *app); - -/*! - @function SecTrustedApplicationCopyData - @abstract Retrieves the data of a given trusted application reference - @param appRef A trusted application reference to retrieve data from - @param data On return, a pointer to a data reference of the trusted application. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, CFDataRef *data); - -/*! - @function SecTrustedApplicationSetData - @abstract Sets the data of a given trusted application reference - @param appRef A trusted application reference. - @param data A reference to the data to set in the trusted application. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, CFDataRef data); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECTRUSTEDAPPLICATION_H_ */ diff --git a/Keychain/SecTrustedApplicationPriv.h b/Keychain/SecTrustedApplicationPriv.h deleted file mode 100644 index 945a64a3..00000000 --- a/Keychain/SecTrustedApplicationPriv.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/*! - @header SecTrustedApplicationPriv - Not (yet?) public functions related to SecTrustedApplicationRef objects -*/ - -#ifndef _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_ -#define _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_ - -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - - -/* - * Determine whether the application at path satisfies the trust expressed in appRef. - */ -OSStatus -SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path); - - -/* - * Administrative editing of the system's application equivalence database - */ -enum { - kSecApplicationFlagSystemwide = 0x1, - kSecApplicationValidFlags = kSecApplicationFlagSystemwide -}; - -OSStatus -SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef, - SecTrustedApplicationRef newRef, UInt32 flags); - -OSStatus -SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags); - - -/* - * Check to see if an application at a given path is a candidate for - * pre-emptive code equivalency establishment - */ -OSStatus -SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path); - - -/* - * Point the system at another system root for equivalence use. - * This is for system update installers (only)! - */ -OSStatus -SecTrustedApplicationUseAlternateSystem(const char *systemRoot); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_ */ diff --git a/Keychain/Security.h b/Keychain/Security.h deleted file mode 100644 index 38fcbae3..00000000 --- a/Keychain/Security.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include diff --git a/Keychain/StorageManager.cpp b/Keychain/StorageManager.cpp deleted file mode 100644 index 8a1a72df..00000000 --- a/Keychain/StorageManager.cpp +++ /dev/null @@ -1,1149 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: StorageManager.cpp - - Contains: Working with multiple keychains - -*/ - -#include "StorageManager.h" -#include "KCEventNotifier.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "KCCursor.h" -#include "Globals.h" - -using namespace CssmClient; -using namespace KeychainCore; - -// normal debug calls, which get stubbed out for deployment builds -#define x_debug(str) secdebug("KClogin",(str)) -#define x_debug1(fmt,arg1) secdebug("KClogin",(fmt),(arg1)) -#define x_debug2(fmt,arg1,arg2) secdebug("KClogin",(fmt),(arg1),(arg2)) - -//----------------------------------------------------------------------------------- - -StorageManager::StorageManager() : - mSavedList(kSecPreferencesDomainUser), - mCommonList(kSecPreferencesDomainCommon), - mDomain(kSecPreferencesDomainUser), - mKeychains() -{ - // get session attributes - SessionAttributeBits sessionAttrs; - if (OSStatus err = SessionGetInfo(callerSecuritySession, - NULL, &sessionAttrs)) - CssmError::throwMe(err); - - // If this is the root session, switch to system preferences. - // (In SecurityServer debug mode, you'll get a (fake) root session - // that has graphics access. Ignore that to help testing.) - if ((sessionAttrs & sessionIsRoot) - IFDEBUG( && !(sessionAttrs & sessionHasGraphicAccess))) { - secdebug("storagemgr", "switching to system preferences"); - mDomain = kSecPreferencesDomainSystem; - mSavedList.set(kSecPreferencesDomainSystem); - } -} - -// Create KC if it doesn't exist -Keychain -StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier) -{ - StLock _(mLock); - return _keychain(dLDbIdentifier); -} - -Keychain -StorageManager::_keychain(const DLDbIdentifier &dLDbIdentifier) -{ - if (!dLDbIdentifier) - return Keychain(); - - KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); - if (it != mKeychains.end()) - return it->second; - - // The keychain is not in our cache. Create it. - Module module(dLDbIdentifier.ssuid().guid()); - DL dl; - if (dLDbIdentifier.ssuid().subserviceType() & CSSM_SERVICE_CSP) - dl = SSCSPDL(module); - else - dl = DL(module); - - dl->subserviceId(dLDbIdentifier.ssuid().subserviceId()); - dl->version(dLDbIdentifier.ssuid().version()); - Db db(dl, dLDbIdentifier.dbName()); - - Keychain keychain(db); - // Add the keychain to the cache. - mKeychains.insert(KeychainMap::value_type(dLDbIdentifier, &*keychain)); - - return keychain; -} - -// Called from KeychainImpl's destructor remove it from the map. -void -StorageManager::removeKeychain(const DLDbIdentifier &dLDbIdentifier, KeychainImpl *keychainImpl) -{ - // @@@ Work out locking StLock _(mLock); - KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); - if (it != mKeychains.end() && it->second == keychainImpl) - mKeychains.erase(it); -} - -// if a database is key-unlockable, authenticate it with any matching unlock keys found in the KC list -void StorageManager::setDefaultCredentials(const Db &db) -{ - try { - CssmAutoData index(db->allocator()); - if (!db->getUnlockKeyIndex(index.get())) - return; // no suggested index (probably not a CSPDL) - - TrackingAllocator alloc(CssmAllocator::standard()); - - KCCursor search(createCursor(CSSM_DL_DB_RECORD_SYMMETRIC_KEY, NULL)); - CssmAutoData keyLabel(CssmAllocator::standard()); - keyLabel = StringData("SYSKC**"); - keyLabel.append(index); - static const CSSM_DB_ATTRIBUTE_INFO infoLabel = { - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"Label"}, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB - }; - search->add(CSSM_DB_EQUAL, infoLabel, keyLabel.get()); - - // could run a loop below to catch *all* eligible keys, - // but that's stretching it; and beware CSP scope if you add this... - AutoCredentials cred(alloc); - Item keyItem; - if (search->next(keyItem)) { - CssmClient::Key key = dynamic_cast(*keyItem).key(); - - // create AccessCredentials from that key. Still allow interactive unlock - const CssmKey &masterKey = key; - CSSM_CSP_HANDLE cspHandle = key->csp()->handle(); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_WORDID_SYMMETRIC_KEY), - new(alloc) ListElement(CssmData::wrap(cspHandle)), - new(alloc) ListElement(CssmData::wrap(masterKey))); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)); - - secdebug("storagemgr", "authenticating %s for default key credentials", db->name()); - db->authenticate(db->accessRequest(), &cred); - } - } catch (...) { - secdebug("storagemgr", "setDefaultCredentials for %s abandoned due to exception", db->name()); - } -} - -// Create KC if it doesn't exist, add it to the search list if it exists and is not already on it. -Keychain -StorageManager::makeKeychain(const DLDbIdentifier &dLDbIdentifier, bool add) -{ - Keychain keychain; - bool post = false; - - { - StLock _(mLock); - keychain = _keychain(dLDbIdentifier); - - if (add) - { - mSavedList.revert(false); - DLDbList searchList = mSavedList.searchList(); - if (find(searchList.begin(), searchList.end(), dLDbIdentifier) != searchList.end()) - return keychain; // Keychain is already in the searchList. - - mCommonList.revert(false); - searchList = mCommonList.searchList(); - if (find(searchList.begin(), searchList.end(), dLDbIdentifier) != searchList.end()) - return keychain; // Keychain is already in the commonList don't add it to the searchList. - - // If the keychain doesn't exist don't bother adding it to the search list yet. - if (!keychain->exists()) - return keychain; - - // The keychain exists and is not in our search list add it to the search - // list and the cache. - mSavedList.revert(true); - mSavedList.add(dLDbIdentifier); - mSavedList.save(); - post = true; - } - } - - if (post) - { - // Make sure we are not holding mLock when we post this event. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - } - - return keychain; -} - -void -StorageManager::created(const Keychain &keychain) // Be notified a Keychain just got created. -{ - DLDbIdentifier dLDbIdentifier = keychain->dLDbIdentifier(); - bool defaultChanged = false; - - { - StLock _(mLock); - - mSavedList.revert(true); - // If we don't have a default Keychain yet. Make the newly created keychain the default. - if (!mSavedList.defaultDLDbIdentifier()) - { - mSavedList.defaultDLDbIdentifier(dLDbIdentifier); - defaultChanged = true; - } - - // Add the keychain to the search list prefs. - mSavedList.add(dLDbIdentifier); - mSavedList.save(); - } - - // Make sure we are not holding mLock when we post these events. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - - if (defaultChanged) - { - KCEventNotifier::PostKeychainEvent(kSecDefaultChangedEvent, dLDbIdentifier); - } -} - -KCCursor -StorageManager::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList) -{ - KeychainList searchList; - getSearchList(searchList); - return KCCursor(searchList, itemClass, attrList); -} - -KCCursor -StorageManager::createCursor(const SecKeychainAttributeList *attrList) -{ - KeychainList searchList; - getSearchList(searchList); - return KCCursor(searchList, attrList); -} - -void -StorageManager::lockAll() -{ - SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - ss.lockAll (false); -} - -Keychain -StorageManager::defaultKeychain() -{ - Keychain theKeychain; - { - StLock _(mLock); - mSavedList.revert(false); - DLDbIdentifier defaultDLDbIdentifier(mSavedList.defaultDLDbIdentifier()); - if (defaultDLDbIdentifier) - { - theKeychain = _keychain(defaultDLDbIdentifier); - } - } - - if (theKeychain /* && theKeychain->exists() */) - return theKeychain; - - MacOSError::throwMe(errSecNoDefaultKeychain); -} - -void -StorageManager::defaultKeychain(const Keychain &keychain) -{ - DLDbIdentifier oldDefaultId; - DLDbIdentifier newDefaultId(keychain->dLDbIdentifier()); - { - StLock _(mLock); - oldDefaultId = mSavedList.defaultDLDbIdentifier(); - mSavedList.revert(true); - mSavedList.defaultDLDbIdentifier(newDefaultId); - mSavedList.save(); - } - - if (!(oldDefaultId == newDefaultId)) - { - // Make sure we are not holding mLock when we post this event. - KCEventNotifier::PostKeychainEvent(kSecDefaultChangedEvent, newDefaultId); - } -} - -Keychain -StorageManager::defaultKeychain(SecPreferencesDomain domain) -{ - if (domain == mDomain) - return defaultKeychain(); - else - { - DLDbIdentifier defaultDLDbIdentifier(DLDbListCFPref(domain).defaultDLDbIdentifier()); - if (defaultDLDbIdentifier) - return keychain(defaultDLDbIdentifier); - - MacOSError::throwMe(errSecNoDefaultKeychain); - } -} - -void -StorageManager::defaultKeychain(SecPreferencesDomain domain, const Keychain &keychain) -{ - if (domain == mDomain) - defaultKeychain(keychain); - else - DLDbListCFPref(domain).defaultDLDbIdentifier(keychain->dLDbIdentifier()); -} - -Keychain -StorageManager::loginKeychain() -{ - Keychain theKeychain; - { - StLock _(mLock); - mSavedList.revert(false); - DLDbIdentifier loginDLDbIdentifier(mSavedList.loginDLDbIdentifier()); - if (loginDLDbIdentifier) - { - theKeychain = _keychain(loginDLDbIdentifier); - } - } - - if (theKeychain && theKeychain->exists()) - return theKeychain; - - MacOSError::throwMe(errSecNoSuchKeychain); -} - -void -StorageManager::loginKeychain(Keychain keychain) -{ - StLock _(mLock); - mSavedList.revert(true); - mSavedList.loginDLDbIdentifier(keychain->dLDbIdentifier()); - mSavedList.save(); -} - -size_t -StorageManager::size() -{ - StLock _(mLock); - mSavedList.revert(false); - mCommonList.revert(false); - return mSavedList.searchList().size() + mCommonList.searchList().size(); -} - -Keychain -StorageManager::at(unsigned int ix) -{ - StLock _(mLock); - mSavedList.revert(false); - DLDbList dLDbList = mSavedList.searchList(); - if (ix < dLDbList.size()) - { - return _keychain(dLDbList[ix]); - } - else - { - ix -= dLDbList.size(); - mCommonList.revert(false); - DLDbList commonList = mCommonList.searchList(); - if (ix >= commonList.size()) - MacOSError::throwMe(errSecInvalidKeychain); - - return _keychain(commonList[ix]); - } -} - -Keychain -StorageManager::operator[](unsigned int ix) -{ - return at(ix); -} - -void StorageManager::rename(Keychain keychain, const char* newName) -{ - // This is not a generic purpose rename method for keychains. - // The keychain doesn't remain in the cache. - // - bool changedDefault = false; - DLDbIdentifier newDLDbIdentifier; - { - StLock _(mLock); - mSavedList.revert(true); - DLDbIdentifier defaultId = mSavedList.defaultDLDbIdentifier(); - - // Find the keychain object for the given ref - DLDbIdentifier dLDbIdentifier = keychain->dLDbIdentifier(); - - // Remove it from the saved list - mSavedList.remove(dLDbIdentifier); - if (dLDbIdentifier == defaultId) - changedDefault=true; - - // Actually rename the database on disk. - keychain->database()->rename(newName); - - newDLDbIdentifier = keychain->dLDbIdentifier(); - - // Now update the keychain map to use the newDLDbIdentifier - KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); - if (it != mKeychains.end()) - { - mKeychains.erase(it); - mKeychains.insert(KeychainMap::value_type(newDLDbIdentifier, keychain)); - } - - // If this was the default keychain change it accordingly - if (changedDefault) - mSavedList.defaultDLDbIdentifier(newDLDbIdentifier); - - mSavedList.save(); - } - - // @@@ We need a kSecKeychainRenamedEvent so other clients can close this keychain and move on with life. - //KCEventNotifier::PostKeychainEvent(kSecKeychainRenamedEvent); - - // Make sure we are not holding mLock when we post these events. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - - if (changedDefault) - KCEventNotifier::PostKeychainEvent(kSecDefaultChangedEvent, newDLDbIdentifier); -} - -void StorageManager::renameUnique(Keychain keychain, CFStringRef newName) -{ - bool doneCreating = false; - int index = 1; - do - { - char newNameCString[MAXPATHLEN]; - if ( CFStringGetCString(newName, newNameCString, MAXPATHLEN, kCFStringEncodingUTF8) ) // make sure it fits in MAXPATHLEN, etc. - { - // Construct the new name... - // - CFMutableStringRef newNameCFStr = NULL; - newNameCFStr = CFStringCreateMutable(NULL, MAXPATHLEN); - if ( newNameCFStr ) - { - CFStringAppendFormat(newNameCFStr, NULL, CFSTR("%s%d"), &newNameCString, index); - CFStringAppend(newNameCFStr, CFSTR(kKeychainSuffix)); // add .keychain - char toUseBuff2[MAXPATHLEN]; - if ( CFStringGetCString(newNameCFStr, toUseBuff2, MAXPATHLEN, kCFStringEncodingUTF8) ) // make sure it fits in MAXPATHLEN, etc. - { - struct stat filebuf; - if ( lstat(toUseBuff2, &filebuf) ) - { - rename(keychain, toUseBuff2); - doneCreating = true; - } - else - index++; - } - else - doneCreating = true; // failure to get c string. - CFRelease(newNameCFStr); - } - else - doneCreating = false; // failure to create mutable string. - } - else - doneCreating = false; // failure to get the string (i.e. > MAXPATHLEN?) - } - while (!doneCreating && index != INT_MAX); -} - -void StorageManager::remove(const KeychainList &kcsToRemove, bool deleteDb) -{ - bool unsetDefault = false; - { - StLock _(mLock); - mSavedList.revert(true); - DLDbIdentifier defaultId = mSavedList.defaultDLDbIdentifier(); - for (KeychainList::const_iterator ix = kcsToRemove.begin(); ix != kcsToRemove.end(); ++ix) - { - // Find the keychain object for the given ref - Keychain keychainToRemove = *ix; - DLDbIdentifier dLDbIdentifier = keychainToRemove->dLDbIdentifier(); - - // Remove it from the saved list - mSavedList.remove(dLDbIdentifier); - if (dLDbIdentifier == defaultId) - unsetDefault=true; - - if (deleteDb) - { - keychainToRemove->database()->deleteDb(); - // Now remove it from the map - KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); - if (it == mKeychains.end()) - continue; - mKeychains.erase(it); - } - } - - if (unsetDefault) - mSavedList.defaultDLDbIdentifier(DLDbIdentifier()); - - mSavedList.save(); - } - - // Make sure we are not holding mLock when we post these events. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - - if (unsetDefault) - KCEventNotifier::PostKeychainEvent(kSecDefaultChangedEvent); -} - -void -StorageManager::getSearchList(KeychainList &keychainList) -{ - StLock _(mLock); - mSavedList.revert(false); - mCommonList.revert(false); - - // Merge mSavedList and common list - DLDbList dLDbList = mSavedList.searchList(); - DLDbList commonList = mCommonList.searchList(); - KeychainList result; - result.reserve(dLDbList.size() + commonList.size()); - - for (DLDbList::const_iterator it = dLDbList.begin(); it != dLDbList.end(); ++it) - { - Keychain keychain(_keychain(*it)); - result.push_back(keychain); - } - - for (DLDbList::const_iterator it = commonList.begin(); it != commonList.end(); ++it) - { - Keychain keychain(_keychain(*it)); - result.push_back(keychain); - } - - keychainList.swap(result); -} - -void -StorageManager::setSearchList(const KeychainList &keychainList) -{ - DLDbList commonList = mCommonList.searchList(); - - // Strip out the common list part from the end of the search list. - KeychainList::const_iterator it_end = keychainList.end(); - DLDbList::const_reverse_iterator end_common = commonList.rend(); - for (DLDbList::const_reverse_iterator it_common = commonList.rbegin(); it_common != end_common; ++it_common) - { - // Eliminate common entries from the end of the passed in keychainList. - if (it_end == keychainList.begin()) - break; - - --it_end; - if (!((*it_end)->dLDbIdentifier() == *it_common)) - { - ++it_end; - break; - } - } - - /* it_end now points one past the last element in keychainList which is not in commonList. */ - DLDbList searchList, oldSearchList(mSavedList.searchList()); - for (KeychainList::const_iterator it = keychainList.begin(); it != it_end; ++it) - { - searchList.push_back((*it)->dLDbIdentifier()); - } - - { - // Set the current searchlist to be what was passed in, the old list will be freed - // upon exit of this stackframe. - StLock _(mLock); - mSavedList.revert(true); - mSavedList.searchList(searchList); - mSavedList.save(); - } - - if (!(oldSearchList == searchList)) - { - // Make sure we are not holding mLock when we post this event. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - } -} - -void -StorageManager::getSearchList(SecPreferencesDomain domain, KeychainList &keychainList) -{ - if (domain == mDomain) - { - StLock _(mLock); - mSavedList.revert(false); - convertList(keychainList, mSavedList.searchList()); - } - else - { - convertList(keychainList, DLDbListCFPref(domain).searchList()); - } -} - -void -StorageManager::setSearchList(SecPreferencesDomain domain, const KeychainList &keychainList) -{ - DLDbList searchList; - convertList(searchList, keychainList); - - if (domain == mDomain) - { - DLDbList oldSearchList(mSavedList.searchList()); - { - // Set the current searchlist to be what was passed in, the old list will be freed - // upon exit of this stackframe. - StLock _(mLock); - mSavedList.revert(true); - mSavedList.searchList(searchList); - mSavedList.save(); - } - - if (!(oldSearchList == searchList)) - { - // Make sure we are not holding mLock when we post this event. - KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); - } - } - else - { - DLDbListCFPref(domain).searchList(searchList); - } -} - -void -StorageManager::domain(SecPreferencesDomain domain) -{ - StLock _(mLock); - if (domain == mDomain) - return; // no change - -#if !defined(NDEBUG) - switch (domain) - { - case kSecPreferencesDomainSystem: - secdebug("storagemgr", "switching to system domain"); break; - case kSecPreferencesDomainUser: - secdebug("storagemgr", "switching to user domain (uid %d)", getuid()); break; - default: - secdebug("storagemgr", "switching to weird prefs domain %d", domain); break; - } -#endif - - mDomain = domain; - mSavedList.set(domain); -} - -void -StorageManager::optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList) -{ - if (!keychainOrArray) - getSearchList(keychainList); - else - { - CFTypeID typeID = CFGetTypeID(keychainOrArray); - if (typeID == CFArrayGetTypeID()) - convertToKeychainList(CFArrayRef(keychainOrArray), keychainList); - else if (typeID == gTypes().KeychainImpl.typeID) - keychainList.push_back(KeychainImpl::required(SecKeychainRef(keychainOrArray))); - else - MacOSError::throwMe(paramErr); - } -} - -// static methods. -void -StorageManager::convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList) -{ - assert(keychainArray); - CFIndex count = CFArrayGetCount(keychainArray); - KeychainList keychains(count); - for (CFIndex ix = 0; ix < count; ++ix) - { - keychains[ix] = KeychainImpl::required(SecKeychainRef(CFArrayGetValueAtIndex(keychainArray, ix))); - } - - keychainList.swap(keychains); -} - -CFArrayRef -StorageManager::convertFromKeychainList(const KeychainList &keychainList) -{ - CFRef keychainArray(CFArrayCreateMutable(NULL, keychainList.size(), &kCFTypeArrayCallBacks)); - - for (KeychainList::const_iterator ix = keychainList.begin(); ix != keychainList.end(); ++ix) - { - SecKeychainRef keychainRef = (*ix)->handle(); - CFArrayAppendValue(keychainArray, keychainRef); - CFRelease(keychainRef); - } - - // Counter the CFRelease that CFRef<> is about to do when keychainArray goes out of scope. - CFRetain(keychainArray); - return keychainArray; -} - -void StorageManager::convertList(DLDbList &ids, const KeychainList &kcs) -{ - DLDbList result; - result.reserve(kcs.size()); - for (KeychainList::const_iterator ix = kcs.begin(); ix != kcs.end(); ++ix) - { - result.push_back((*ix)->dLDbIdentifier()); - } - ids.swap(result); -} - -void StorageManager::convertList(KeychainList &kcs, const DLDbList &ids) -{ - KeychainList result; - result.reserve(ids.size()); - for (DLDbList::const_iterator ix = ids.begin(); ix != ids.end(); ++ix) - { - Keychain keychain(_keychain(*ix)); - result.push_back(keychain); - } - kcs.swap(result); -} - -#pragma mark ÑÑÑÑ Login Functions ÑÑÑÑ - -void StorageManager::login(AuthorizationRef authRef, UInt32 nameLength, const char* name) -{ - AuthorizationItemSet* info = NULL; - OSStatus result = AuthorizationCopyInfo(authRef, NULL, &info); // get the results of the copy rights call. - Boolean created = false; - if ( result == noErr && info->count ) - { - // Grab the password from the auth context (info) and create the keychain... - // - AuthorizationItem* currItem = info->items; - for (UInt32 index = 1; index <= info->count; index++) //@@@plugin bug won't return a specific context. - { - if (strcmp(currItem->name, kAuthorizationEnvironmentPassword) == 0) - { - // creates the login keychain with the specified password - try - { - login(nameLength, name, currItem->valueLength, currItem->value); - created = true; - } - catch(...) - { - } - break; - } - currItem++; - } - } - if ( info ) - AuthorizationFreeItemSet(info); - - if ( !created ) - MacOSError::throwMe(errAuthorizationInternal); -} - -void StorageManager::login(ConstStringPtr name, ConstStringPtr password) -{ - if ( name == NULL || password == NULL ) - MacOSError::throwMe(paramErr); - - login(name[0], name + 1, password[0], password + 1); -} - -void StorageManager::login(UInt32 nameLength, const void *name, UInt32 passwordLength, const void *password) -{ - x_debug("StorageManager::login: entered"); - mSavedList.revert(true); - if (passwordLength != 0 && password == NULL) - { - x_debug("StorageManager::login: invalid argument (NULL password)"); - MacOSError::throwMe(paramErr); - } - - DLDbIdentifier loginDLDbIdentifier(mSavedList.loginDLDbIdentifier()); - x_debug1("StorageManager::login: loginDLDbIdentifier is %s", (loginDLDbIdentifier) ? loginDLDbIdentifier.dbName() : ""); - if (!loginDLDbIdentifier) - MacOSError::throwMe(errSecNoSuchKeychain); - - Keychain theKeychain(keychain(loginDLDbIdentifier)); - try - { - x_debug2("Attempting to unlock login keychain %s with %d-character password", (theKeychain) ? theKeychain->name() : "", (unsigned int)passwordLength); - theKeychain->unlock(CssmData(const_cast(password), passwordLength)); - x_debug("Login keychain unlocked successfully"); - } - catch(const CssmError &e) - { - if (e.osStatus() != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) - throw; - x_debug1("Creating login keychain %s", (loginDLDbIdentifier) ? loginDLDbIdentifier.dbName() : ""); - theKeychain->create(passwordLength, password); - x_debug("Login keychain created successfully"); - // Set the prefs for this new login keychain. - loginKeychain(theKeychain); - // Login Keychain does not lock on sleep nor lock after timeout by default. - theKeychain->setSettings(INT_MAX, false); - } -} - -void StorageManager::logout() -{ - // nothing left to do here -} - -void StorageManager::changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword) -{ - loginKeychain()->changePassphrase(oldPassword, newPassword); - secdebug("KClogin", "Changed login keychain password successfully"); -} - - -void StorageManager::changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword) -{ - loginKeychain()->changePassphrase(oldPasswordLength, oldPassword, newPasswordLength, newPassword); - secdebug("KClogin", "Changed login keychain password successfully"); -} - -// Clear out the keychain search list and rename the existing login.keychain. -// -void StorageManager::resetKeychain(Boolean resetSearchList) -{ - // Clear the keychain search list. - // - CFArrayRef emptySearchList = nil; - try - { - if ( resetSearchList ) - { - emptySearchList = CFArrayCreate(NULL, NULL, 0, NULL); - StorageManager::KeychainList keychainList; - convertToKeychainList(emptySearchList, keychainList); - setSearchList(keychainList); - } - // Get a reference to the existing login keychain... - // If we don't have one, we throw (not requiring a rename). - // - Keychain keychain = loginKeychain(); - // - // Rename the existing login.keychain (i.e. put it aside). - // - CFMutableStringRef newName = NULL; - newName = CFStringCreateMutable(NULL, 0); - CFStringRef currName = NULL; - currName = CFStringCreateWithCString(NULL, keychain->name(), kCFStringEncodingUTF8); - if ( newName && currName ) - { - CFStringAppend(newName, currName); - CFStringRef kcSuffix = CFSTR(kKeychainSuffix); - if ( CFStringHasSuffix(newName, kcSuffix) ) // remove the .keychain extension - { - CFRange suffixRange = CFStringFind(newName, kcSuffix, 0); - CFStringFindAndReplace(newName, kcSuffix, CFSTR(""), suffixRange, 0); - } - CFStringAppend(newName, CFSTR(kKeychainRenamedSuffix)); // add "_renamed" - try - { - renameUnique(keychain, newName); - } - catch(...) - { - // we need to release 'newName' & 'currName' - } - } // else, let the login call report a duplicate - if ( newName ) - CFRelease(newName); - if ( currName ) - CFRelease(currName); - } - catch(...) - { - // We either don't have a login keychain, or there was a - // failure to rename the existing one. - } - if ( emptySearchList ) - CFRelease(emptySearchList); -} - -#pragma mark ÑÑÑÑ File Related ÑÑÑÑ - -Keychain StorageManager::make(const char *pathName) -{ - return make(pathName, true); -} - -Keychain StorageManager::make(const char *pathName, bool add) -{ - string fullPathName; - if ( pathName[0] == '/' ) - fullPathName = pathName; - else - { - // Get Home directory from environment. - switch (mDomain) { - case kSecPreferencesDomainUser: - { - const char *homeDir = getenv("HOME"); - if (homeDir == NULL) - { - // If $HOME is unset get the current user's home directory from the passwd file. - uid_t uid = geteuid(); - if (!uid) uid = getuid(); - struct passwd *pw = getpwuid(uid); - if (!pw) - MacOSError::throwMe(paramErr); - homeDir = pw->pw_dir; - } - fullPathName = homeDir; - } - break; - case kSecPreferencesDomainSystem: - fullPathName = ""; - break; - default: - assert(false); // invalid domain for this - } - - fullPathName += "/Library/Keychains/"; - fullPathName += pathName; - } - - const CSSM_NET_ADDRESS *DbLocation = NULL; // NULL for keychains - const CSSM_VERSION *version = NULL; - uint32 subserviceId = 0; - CSSM_SERVICE_TYPE subserviceType = CSSM_SERVICE_DL | CSSM_SERVICE_CSP; - const CssmSubserviceUid ssuid(gGuidAppleCSPDL, version, - subserviceId, subserviceType); - DLDbIdentifier dLDbIdentifier(ssuid, fullPathName.c_str(), DbLocation); - return makeKeychain(dLDbIdentifier, add); -} - -Keychain StorageManager::makeLoginAuthUI(Item &item) -{ - // Create a login/default keychain for the user using UI. - // The user can cancel out of the operation, or create a new login keychain. - // If auto-login is turned off, the user will be asked for their login password. - // - OSStatus result = noErr; - Keychain keychain = NULL; // We return this keychain. - // - // Set up the Auth ref to bring up UI. - // - AuthorizationRef authRef = NULL; - result = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authRef); - if ( result != noErr ) - MacOSError::throwMe(errAuthorizationInternal); - AuthorizationEnvironment envir; - envir.count = 5; // 5 hints are used. - AuthorizationItem* authEnvirItemArrayPtr = (AuthorizationItem*)malloc(sizeof(AuthorizationItem) * envir.count); - if ( !authEnvirItemArrayPtr ) - { - if ( authRef ) - AuthorizationFree(authRef, kAuthorizationFlagDefaults); - MacOSError::throwMe(errAuthorizationInternal); - } - envir.items = authEnvirItemArrayPtr; - AuthorizationItem* currItem = authEnvirItemArrayPtr; - // - // 1st Hint (optional): The keychain item's account attribute string. - // When item is specified, we assume an 'add' operation is being attempted. - char buff[255]; - UInt32 actLen; - SecKeychainAttribute attr = { kSecAccountItemAttr, 255, &buff }; - try - { - item->getAttribute(attr, &actLen); - } - catch(...) - { - actLen = 0; // This item didn't have the account attribute, so don't display one in the UI. - } - currItem->name = AGENT_HINT_ATTR_NAME; // name str that identifies this hint as attr name - if ( actLen ) // Fill in the hint if we have a 'srvr' attr - { - if ( actLen > 255 ) - buff[255] = 0; - else - buff[actLen] = 0; - currItem->valueLength = strlen(buff)+1; - currItem->value = buff; - } - else - { - currItem->valueLength = 0; - currItem->value = NULL; - } - currItem->flags = 0; - // - // 2nd Hint (optional): The item's keychain full path. - // - currItem++; - char* currDefaultName = NULL; - try - { - currDefaultName = (char*)globals().storageManager.defaultKeychain()->name(); // Use the name if we have it. - currItem->name = AGENT_HINT_LOGIN_KC_NAME; // Name str that identifies this hint as kc path - currItem->valueLength = strlen(currDefaultName); - currItem->value = (void*)currDefaultName; - currItem->flags = 0; - currItem++; - } - catch(...) - { - envir.count--; - } - - // - // 3rd Hint (optional): If curr default keychain is unavailable. - // This is determined by the parent not existing. - // - currItem->name = AGENT_HINT_LOGIN_KC_EXISTS_IN_KC_FOLDER; - Boolean loginUnavail = false; - try - { - Keychain defaultKC = defaultKeychain(); - if ( !defaultKC->exists() ) - loginUnavail = true; - } - catch(...) // login.keychain not present - { - } - currItem->valueLength = sizeof(Boolean); - currItem->value = (void*)&loginUnavail; - currItem->flags = 0; - // - // 4th Hint (required) userName - // - currItem++; - currItem->name = AGENT_HINT_LOGIN_KC_USER_NAME; - char* uName = getenv("USER"); - string userName = uName ? uName : ""; - if ( userName.length() == 0 ) - { - uid_t uid = geteuid(); - if (!uid) uid = getuid(); - struct passwd *pw = getpwuid(uid); // fallback case... - if (pw) - userName = pw->pw_name; - endpwent(); - } - if ( userName.length() != 0 ) // did we ultimately get one? - { - currItem->value = (void*)userName.c_str(); - currItem->valueLength = userName.length(); - } - else // trouble getting user name; can't continue... - { - if ( authRef ) - AuthorizationFree(authRef, kAuthorizationFlagDefaults); - free(authEnvirItemArrayPtr); - MacOSError::throwMe(errAuthorizationInternal); - } - currItem->flags = 0; - // - // 5th Hint (optional) flags if user has more than 1 keychain (used for a later warning when reset to default). - // - currItem++; // last hint... - currItem->name = AGENT_HINT_LOGIN_KC_USER_HAS_OTHER_KCS_STR; - Boolean moreThanOneKCExists = false; - { - StLock _(mLock); - if (mSavedList.searchList().size() > 1) - moreThanOneKCExists = true; - } - currItem->value = &moreThanOneKCExists; - currItem->valueLength = sizeof(Boolean); - currItem->flags = 0; - // - // Set up the auth rights and make the auth call. - // - AuthorizationItem authItem = { LOGIN_KC_CREATION_RIGHT, 0 , NULL, 0}; - AuthorizationRights rights = { 1, &authItem }; - result = AuthorizationCopyRights(authRef, &rights, &envir, kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights, NULL); - free(authEnvirItemArrayPtr); // done with the auth items. - if ( result == errAuthorizationSuccess ) // On success, revert to defaults. - { - try - { - resetKeychain(true); // Clears the plist, moves aside existing login.keychain - login(authRef, userName.length(), userName.c_str()); // Creates a login.keychain - keychain = loginKeychain(); // Return it. - defaultKeychain(keychain); // Set it to the default. - } - catch(...) - { - // Reset failed, login.keychain creation failed, or setting it to default. - // We need to release 'authRef'... - } - } - if ( authRef ) - AuthorizationFree(authRef, kAuthorizationFlagDefaults); - if ( result ) - MacOSError::throwMe(result); // Any other error means we don't return a keychain. - return keychain; -} - -Keychain StorageManager::defaultKeychainUI(Item &item) -{ - Keychain returnedKeychain = NULL; - try - { - returnedKeychain = globals().storageManager.defaultKeychain(); // If we have one, return it. - if ( returnedKeychain->exists() ) - return returnedKeychain; - } - catch(...) // We could have one, but it isn't available (i.e. on a un-mounted volume). - { - } - if ( globals().getUserInteractionAllowed() ) - { - returnedKeychain = makeLoginAuthUI(item); // If no Keychains Ä is present, one will be created. - if ( !returnedKeychain ) - MacOSError::throwMe(errSecInvalidKeychain); // Something went wrong... - } - else - MacOSError::throwMe(errSecInteractionNotAllowed); // If UI isn't allowed, return an error. - - return returnedKeychain; -} diff --git a/Keychain/StorageManager.h b/Keychain/StorageManager.h deleted file mode 100644 index f187fe87..00000000 --- a/Keychain/StorageManager.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// StorageManager.h -- Working with multiple keychains -// -#ifndef _SECURITY_STORAGEMANAGER_H_ -#define _SECURITY_STORAGEMANAGER_H_ - -#include -#include -#include -#include -#include -#include -#include - -#define kKeychainRenamedSuffix "_renamed" - -namespace Security -{ - -namespace KeychainCore -{ - -class StorageManager -{ - NOCOPY(StorageManager) -public: - typedef vector KeychainList; - typedef vector DLDbList; - - StorageManager(); - ~StorageManager() {} - - //bool onlist(const Keychain & keychain); - - // These will call addAndNotify() if the specified keychain already exists - Keychain make(const char *fullPathName); - Keychain make(const char *fullPathName, bool add); - Keychain makeLoginAuthUI(Item &item); - void created(const Keychain &keychain); // Be notified a Keychain just got created. - - // Misc - void lockAll(); - - void add(const Keychain& keychainToAdd); // Only add if not there yet. Doesn't write out CFPref - - // Vector-like methods. - size_t size(); - Keychain at(unsigned int ix); - Keychain operator[](unsigned int ix); - - KCCursor createCursor(const SecKeychainAttributeList *attrList); - KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList); - - // Create KC if it doesn't exist, add to cache, but don't modify search list. - Keychain keychain(const DLDbIdentifier &dLDbIdentifier); - - // Same as keychain(const DLDbIdentifier &) but assumes mLock is already held. - Keychain _keychain(const DLDbIdentifier &dLDbIdentifier); - - // Create KC if it doesn't exist, add it to the search list if it exists and is not already on it. - Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier, bool add = true); - - - // Keychain list maintenance - - // remove kcsToRemove from the search list - void remove(const KeychainList &kcsToRemove, bool deleteDb = false); - - void getSearchList(KeychainList &keychainList); - void setSearchList(const KeychainList &keychainList); - - void getSearchList(SecPreferencesDomain domain, KeychainList &keychainList); - void setSearchList(SecPreferencesDomain domain, const KeychainList &keychainList); - - void rename(Keychain keychain, const char* newName); - void renameUnique(Keychain keychain, CFStringRef newName); - - // Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise - // if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList, - // if keychainOrArray is a SecKeychainRef return a KeychainList with one element. - void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList); - - // Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL - static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList); - - // Convert KeychainList to a CFArrayRef of SecKeychainRef's. - static CFArrayRef convertFromKeychainList(const KeychainList &keychainList); - - // Login keychain support - void login(AuthorizationRef authRef, UInt32 nameLength, const char* name); - void login(ConstStringPtr name, ConstStringPtr password); - void login(UInt32 nameLength, const void *name, UInt32 passwordLength, const void *password); - void logout(); - void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword); - void changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword); - - void resetKeychain(Boolean resetSearchList); - - Keychain defaultKeychain(); - Keychain defaultKeychainUI(Item &item); - void defaultKeychain(const Keychain &keychain); - - Keychain loginKeychain(); - void loginKeychain(Keychain keychain); - - Keychain defaultKeychain(SecPreferencesDomain domain); - void defaultKeychain(SecPreferencesDomain domain, const Keychain &keychain); - - SecPreferencesDomain domain() { return mDomain; } - void domain(SecPreferencesDomain newDomain); - - // To be called by KeychainImpl destructor only. - void removeKeychain(const DLDbIdentifier &dLDbIdentifier, KeychainImpl *keychainImpl); - -private: - typedef map KeychainMap; - - static void convertList(DLDbList &ids, const KeychainList &kcs); - void convertList(KeychainList &kcs, const DLDbList &ids); - - // Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification - void addAndNotify(const Keychain& keychainToAdd); - - // set default credentials for opening a keychain - void setDefaultCredentials(const CssmClient::Db &db); - - DLDbListCFPref mSavedList; - DLDbListCFPref mCommonList; - SecPreferencesDomain mDomain; // current domain (in mSavedList and cache fields) - KeychainMap mKeychains; // the cache of Keychains - Mutex mLock; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_STORAGEMANAGER_H_ diff --git a/Keychain/Trust.cpp b/Keychain/Trust.cpp deleted file mode 100644 index dfe46b35..00000000 --- a/Keychain/Trust.cpp +++ /dev/null @@ -1,367 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Trust.cpp -// -#include -#include -#include -#include -#include -#include "SecBridge.h" - -using namespace KeychainCore; - - -// -// For now, we use a global TrustStore -// -ModuleNexus Trust::gStore; - - -// -// @@@ For some reason, the C++ type system won't resolve an operator from Security namespace. -// Drag it in here explicitly (the hard way). Someone bored might want to investigate which -// language rules ambiguates the Security::operator == inside the Security::KeychainCore namespace. -// -inline bool operator == (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2) -{ - return Security::operator == (h1, h2); -} - - -// -// Construct a Trust object with suitable defaults. -// Use setters for additional arguments before calling evaluate(). -// -Trust::Trust(CFTypeRef certificates, CFTypeRef policies) - : mTP(gGuidAppleX509TP), mAction(CSSM_TP_ACTION_DEFAULT), - mCerts(cfArrayize(certificates)), mPolicies(cfArrayize(policies)), - mResult(kSecTrustResultInvalid) -{ - // set default search list from user's default - globals().storageManager.getSearchList(mSearchLibs); -} - - -// -// Clean up a Trust object -// -Trust::~Trust() throw() -{ - clearResults(); -} - - -// -// Retrieve the last TP evaluation result, if any -// -CSSM_TP_VERIFY_CONTEXT_RESULT_PTR Trust::cssmResult() -{ - if (mResult == kSecTrustResultInvalid) - MacOSError::throwMe(errSecTrustNotAvailable); - return &mTpResult; -} - - -// SecCertificateRef -> CssmData -CssmData cfCertificateData(SecCertificateRef certificate) -{ - return Certificate::required(certificate)->data(); -} - -// SecPolicyRef -> CssmField (CFDataRef/NULL or oid/value of a SecPolicy) -CssmField cfField(SecPolicyRef item) -{ - SecPointer policy = Policy::required(SecPolicyRef(item)); - return CssmField(policy->oid(), policy->value()); -} - -// SecKeychain -> CssmDlDbHandle -CSSM_DL_DB_HANDLE cfKeychain(SecKeychainRef ref) -{ - Keychain keychain = KeychainImpl::required(ref); - return keychain->database()->handle(); -} - - -// -// Here's the big "E" - evaluation. -// We build most of the CSSM-layer input structures dynamically right here; -// they will auto-destruct when we're done. The output structures are kept -// around (in our data members) for later analysis. -// Note that evaluate() can be called repeatedly, so we must be careful to -// dispose of prior results. -// -void Trust::evaluate() -{ - // if we have evaluated before, release prior result - clearResults(); - - // build the target cert group - CFToVector subjects(mCerts); - CertGroup subjectCertGroup(CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA); - subjectCertGroup.count() = subjects; - subjectCertGroup.blobCerts() = subjects; - - // build a TP_VERIFY_CONTEXT, a veritable nightmare of a data structure - TPBuildVerifyContext context(mAction); - if (mActionData) - context.actionData() = cfData(mActionData); - - // policies (one at least, please) - CFToVector policies(mPolicies); - if (policies.empty()) - MacOSError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); - context.setPolicies(policies, policies); - - // anchor certificates - CFCopyRef anchors(mAnchors); - if (!anchors) - anchors = gStore().copyRootCertificates(); // retains - CFToVector roots(anchors); - context.anchors(roots, roots); - - // dlDbList (keychain list) - vector dlDbList; - for (StorageManager::KeychainList::const_iterator it = mSearchLibs.begin(); - it != mSearchLibs.end(); it++) - { - try - { - dlDbList.push_back((*it)->database()->handle()); - } - catch (...) - { - } - } - context.setDlDbList(dlDbList.size(), &dlDbList[0]); - - // verification time - char timeString[15]; - if (mVerifyTime) { - CssmUniformDate(static_cast(mVerifyTime)).convertTo( - timeString, sizeof(timeString)); - context.time(timeString); - } - - // Go TP! - try { - mTP->certGroupVerify(subjectCertGroup, context, &mTpResult); - mTpReturn = noErr; - } catch (CssmCommonError &err) { - mTpReturn = err.osStatus(); - } - mResult = diagnoseOutcome(); - - // see if we can use the evidence - if (mTpResult.count() > 0 - && mTpResult[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER - && mTpResult[0].as()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION - && mTpResult.count() == 3 - && mTpResult[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP - && mTpResult[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) { - evaluateUserTrust(*mTpResult[1].as(), - mTpResult[2].as(), anchors); - } else { - // unexpected evidence information. Can't use it - secdebug("trusteval", "unexpected evidence ignored"); - } -} - - -// -// Classify the TP outcome in terms of a SecTrustResultType -// -SecTrustResultType Trust::diagnoseOutcome() -{ - switch (mTpReturn) { - case noErr: // peachy - return kSecTrustResultUnspecified; - case CSSMERR_TP_CERT_EXPIRED: // expired cert - case CSSMERR_TP_CERT_NOT_VALID_YET: // mis-expired cert - case CSSMERR_TP_NOT_TRUSTED: // no root, no anchor - case CSSMERR_TP_VERIFICATION_FAILURE: // root does not self-verify - case CSSMERR_TP_INVALID_ANCHOR_CERT: // valid is not an anchor - case CSSMERR_TP_VERIFY_ACTION_FAILED: // policy action failed - return kSecTrustResultRecoverableTrustFailure; - case CSSMERR_TP_INVALID_CERTIFICATE: // bad certificate - return kSecTrustResultFatalTrustFailure; - default: - return kSecTrustResultOtherError; // unknown - } -} - - -// -// Assuming a good evidence chain, check user trust -// settings and set mResult accordingly. -// -void Trust::evaluateUserTrust(const CertGroup &chain, - const CSSM_TP_APPLE_EVIDENCE_INFO *infoList, CFCopyRef anchors) -{ - // extract cert chain as Certificate objects - mCertChain.resize(chain.count()); - for (uint32 n = 0; n < mCertChain.size(); n++) { - const TPEvidenceInfo &info = TPEvidenceInfo::overlay(infoList[n]); - if (info.recordId()) { - Keychain keychain = keychainByDLDb(info.DlDbHandle); - DbUniqueRecord uniqueId(keychain->database()->newDbUniqueRecord()); - secdebug("trusteval", "evidence #%ld from keychain \"%s\"", n, keychain->name()); - *static_cast(uniqueId) = info.UniqueRecord; - uniqueId->activate(); // transfers ownership - mCertChain[n] = safe_cast(keychain->item(CSSM_DL_DB_RECORD_X509_CERTIFICATE, uniqueId).get()); - } else if (info.status(CSSM_CERT_STATUS_IS_IN_INPUT_CERTS)) { - secdebug("trusteval", "evidence %ld from input cert %ld", n, info.index()); - assert(info.index() < uint32(CFArrayGetCount(mCerts))); - SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(mCerts, - info.index())); - mCertChain[n] = Certificate::required(cert); - } else if (info.status(CSSM_CERT_STATUS_IS_IN_ANCHORS)) { - secdebug("trusteval", "evidence %ld from anchor cert %ld", n, info.index()); - assert(info.index() < uint32(CFArrayGetCount(anchors))); - SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(anchors, - info.index())); - mCertChain[n] = Certificate::required(cert); - } else { - // unknown source; make a new Certificate for it - secdebug("trusteval", "evidence %ld from unknown source", n); - mCertChain[n] = - new Certificate(chain.blobCerts()[n], - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER); - } - } - - // now walk the chain, leaf-to-root, checking for user settings - TrustStore &store = gStore(); - SecPointer policy = - Policy::required(SecPolicyRef(CFArrayGetValueAtIndex(mPolicies, 0))); - for (mResultIndex = 0; - mResult == kSecTrustResultUnspecified && mResultIndex < mCertChain.size(); - mResultIndex++) - { - if (!mCertChain[mResultIndex]) - { - assert(false); - continue; - } - mResult = store.find(mCertChain[mResultIndex], policy); - } -} - - -// -// Release TP evidence information. -// This information is severely under-defined by CSSM, so we proceed -// as follows: -// (a) If the evidence matches an Apple-defined pattern, use specific -// knowledge of that format. -// (b) Otherwise, assume that the void * are flat blocks of memory. -// -void Trust::releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator) -{ - if (result.count() > 0) { // something to do - if (result[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER) { - // Apple defined evidence form -- use intimate knowledge - if (result[0].as()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION - && result.count() == 3 - && result[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP - && result[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) { - // proper format - CertGroup& certs = *result[1].as(); - CSSM_TP_APPLE_EVIDENCE_INFO *evidence = result[2].as(); - uint32 count = certs.count(); - allocator.free(result[0].data()); // just a struct - certs.destroy(allocator); // certgroup contents - allocator.free(result[1].data()); // the CertGroup itself - for (uint32 n = 0; n < count; n++) - allocator.free(evidence[n].StatusCodes); - allocator.free(result[2].data()); // array of (flat) info structs - } else { - secdebug("trusteval", "unrecognized Apple TP evidence format"); - // drop it -- better leak than kill - } - } else { - // unknown format -- blindly assume flat blobs - secdebug("trusteval", "destroying unknown TP evidence format"); - for (uint32 n = 0; n < result.count(); n++) - { - allocator.free(result[n].data()); - } - } - - allocator.free (result.Evidence); - } -} - - -// -// Clear evaluation results unless state is initial (invalid) -// -void Trust::clearResults() -{ - if (mResult != kSecTrustResultInvalid) { - releaseTPEvidence(mTpResult, mTP.allocator()); - mResult = kSecTrustResultInvalid; - } -} - - -// Convert a SecPointer to a CF object. -static SecCertificateRef -convert(const SecPointer &certificate) -{ - return *certificate; -} - -// -// Build evidence information -// -void Trust::buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain) -{ - if (mResult == kSecTrustResultInvalid) - MacOSError::throwMe(errSecTrustNotAvailable); - certChain = mEvidenceReturned = - makeCFArray(convert, mCertChain); - statusChain = mTpResult[2].as(); -} - - -// -// Given a DL_DB_HANDLE, locate the Keychain object (from the search list) -// -Keychain Trust::keychainByDLDb(const CSSM_DL_DB_HANDLE &handle) const -{ - for (StorageManager::KeychainList::const_iterator it = mSearchLibs.begin(); - it != mSearchLibs.end(); it++) - { - try - { - if ((*it)->database()->handle() == handle) - return *it; - } - catch (...) - { - } - } - - // could not find in search list - internal error - assert(false); - return Keychain(); -} diff --git a/Keychain/Trust.h b/Keychain/Trust.h deleted file mode 100644 index 05048ff5..00000000 --- a/Keychain/Trust.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// Trust.h - Trust control wrappers -// -#ifndef _SECURITY_TRUST_H_ -#define _SECURITY_TRUST_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace CssmClient; - -namespace Security { -namespace KeychainCore { - - -// -// The Trust object manages trust-verification workflow. -// As such, it represents a somewhat more complex concept than -// a single "object". -// -class Trust : public SecCFObject -{ - NOCOPY(Trust) -public: - SECCFFUNCTIONS(Trust, SecTrustRef, errSecInvalidItemRef) - - Trust(CFTypeRef certificates, CFTypeRef policies); - virtual ~Trust() throw(); - - // set (or reset) more input parameters - void policies(CFTypeRef policies) { mPolicies.take(cfArrayize(policies)); } - void action(CSSM_TP_ACTION action) { mAction = action; } - void actionData(CFDataRef data) { mActionData = data; } - void time(CFDateRef verifyTime) { mVerifyTime = verifyTime; } - void anchors(CFArrayRef anchorList) { mAnchors.take(cfArrayize(anchorList)); } - StorageManager::KeychainList &searchLibs() { return mSearchLibs; } - - // perform evaluation - void evaluate(); - - // get at evaluation results - void buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain); - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR cssmResult(); - - SecTrustResultType result() const { return mResult; } - OSStatus cssmResultCode() const { return mTpReturn; } - TP getTPHandle() const { return mTP; } - - // an independent release function for TP evidence results - // (yes, we could hand this out to the C layer if desired) - static void releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator); - -private: - SecTrustResultType diagnoseOutcome(); - void evaluateUserTrust(const CertGroup &certs, - const CSSM_TP_APPLE_EVIDENCE_INFO *info, - CFCopyRef anchors); - void clearResults(); - - Keychain keychainByDLDb(const CSSM_DL_DB_HANDLE &handle) const; - -private: - TP mTP; // our TP - - // input arguments: set up before evaluate() - CSSM_TP_ACTION mAction; // TP action to verify - CFRef mActionData; // action data - CFRef mVerifyTime; // verification "now" - CFRef mCerts; // certificates to verify (item 1 is subject) - CFRef mPolicies; // array of policy objects to control verification - CFRef mAnchors; // array of anchor certs - StorageManager::KeychainList mSearchLibs; // array of databases to search - - // evaluation results: set as a result of evaluate() - SecTrustResultType mResult; // result classification - uint32 mResultIndex; // which result cert made the decision? - OSStatus mTpReturn; // return code from TP Verify - TPVerifyResult mTpResult; // result of latest TP verify - - vector< SecPointer > mCertChain; // distilled certificate chain - - // information returned to caller but owned by us - CFRef mEvidenceReturned; // evidence chain returned - -public: - static ModuleNexus Trust::gStore; -}; - -} // end namespace KeychainCore - -} // end namespace Security - -#endif // !_SECURITY_TRUST_H_ diff --git a/Keychain/TrustItem.cpp b/Keychain/TrustItem.cpp deleted file mode 100644 index a78a0628..00000000 --- a/Keychain/TrustItem.cpp +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustStore.h - Abstract interface to permanent user trust assignments -// -#include -#include -#include - -#include -#include -#include - - -namespace Security { -namespace KeychainCore { - - -// -// Construct a UserTrustItem from attributes and initial content -// -UserTrustItem::UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trustData) : - ItemImpl(CSSM_DL_DB_RECORD_USER_TRUST, - reinterpret_cast(NULL), - UInt32(sizeof(trustData)), - reinterpret_cast(&trustData)), - mCertificate(cert), mPolicy(policy) -{ - secdebug("usertrust", "create %p (%p,%p) = %d", this, cert, policy, trustData.trust); -} - - -// -// Destroy it -// -UserTrustItem::~UserTrustItem() throw() -{ - secdebug("usertrust", "destroy %p", this); -} - - -// -// Retrieve the trust value from a UserTrustItem -// -UserTrustItem::TrustData UserTrustItem::trust() -{ - CssmDataContainer data; - getData(data); - if (data.length() != sizeof(TrustData)) - MacOSError::throwMe(errSecInvalidTrustSetting); - return *data.interpretedAs(); -} - - -// -// Add item to keychain -// -PrimaryKey UserTrustItem::add(Keychain &keychain) -{ - // If we already have a Keychain we can't be added. - if (mKeychain) - MacOSError::throwMe(errSecDuplicateItem); - - populateAttributes(); - - CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); - - Db db(keychain->database()); - // add the item to the (regular) db - try - { - mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); - secdebug("usertrust", "%p inserted", this); - } - catch (const CssmError &e) - { - if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE) - throw; - - // Create the cert relation and try again. - secdebug("usertrust", "adding schema relation for user trusts"); - db->createRelation(CSSM_DL_DB_RECORD_USER_TRUST, "CSSM_DL_DB_RECORD_USER_TRUST", - Schema::UserTrustSchemaAttributeCount, - Schema::UserTrustSchemaAttributeList, - Schema::UserTrustSchemaIndexCount, - Schema::UserTrustSchemaIndexList); - keychain->resetSchema(); - - mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); - secdebug("usertrust", "%p inserted now", this); - } - - mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); - mKeychain = keychain; - return mPrimaryKey; -} - - -void UserTrustItem::populateAttributes() -{ - CssmAutoData encodedIndex(CssmAllocator::standard()); - makeCertIndex(mCertificate, encodedIndex); - const CssmOid &policyOid = mPolicy->oid(); - - mDbAttributes->add(Schema::attributeInfo(kSecTrustCertAttr), encodedIndex.get()); - mDbAttributes->add(Schema::attributeInfo(kSecTrustPolicyAttr), policyOid); -} - - -// -// An ad-hoc hold-and-destroy accessor for a single-valued certificate field -// -class CertField { -public: - CertField(Certificate *cert, const CSSM_OID &inField) - : certificate(cert), field(inField) - { mData = certificate->copyFirstFieldValue(field); } - - ~CertField() { certificate->releaseFieldValue(field, mData); } - - Certificate * const certificate; - const CSSM_OID &field; - - operator bool () const { return mData && mData->Data; } - CssmData &data() const { return CssmData::overlay(*mData); } - -private: - CSSM_DATA_PTR mData; -}; - - -// -// Construct a trust item index. -// This is an ASN.1 sequence of issuer and serial number. -// -struct IssuerAndSN { - CSSM_DATA issuer; - CSSM_DATA serial; -}; - -static const SEC_ASN1Template issuerAndSNTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(IssuerAndSN) }, - { SEC_ASN1_OCTET_STRING, offsetof(IssuerAndSN, issuer) }, - { SEC_ASN1_OCTET_STRING, offsetof(IssuerAndSN, serial) }, - { 0 } -}; - -void UserTrustItem::makeCertIndex(Certificate *cert, CssmOwnedData &encodedIndex) -{ - CertField issuer(cert, CSSMOID_X509V1IssuerName); - CertField serial(cert, CSSMOID_X509V1SerialNumber); - IssuerAndSN index; - index.issuer = issuer.data(); - index.serial = serial.data(); - if (SecNssEncodeItemOdata(&index, issuerAndSNTemplate, encodedIndex)) - CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); -} - - -} // end namespace KeychainCore -} // end namespace Security diff --git a/Keychain/TrustItem.h b/Keychain/TrustItem.h deleted file mode 100644 index c1aef1ad..00000000 --- a/Keychain/TrustItem.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustStore.h - Abstract interface to permanent user trust assignments -// -#ifndef _SECURITY_TRUSTITEM_H_ -#define _SECURITY_TRUSTITEM_H_ - -#include -#include -#include -#include - - -// unique keychain item attributes for user trust records -enum { - kSecTrustCertAttr = 'tcrt', - kSecTrustPolicyAttr = 'tpol' -}; - - -namespace Security { -namespace KeychainCore { - - -// -// A trust item in a keychain. -// Currently, Item constructors do not explicitly generate this subclass. -// They don't need to, since our ownly user (TrustStore) can deal with -// the generic Item class just fine. -// If we ever need Item to produce UserTrustItem impls, we would need to -// add constructors from primary key (see Certificate for an example). -// -class UserTrustItem : public ItemImpl { - NOCOPY(UserTrustItem) -public: - struct TrustData { - uint32 version; // version mark - SecTrustUserSetting trust; // user's trust choice - }; - static const uint32 currentVersion = 0x101; - -public: - // new item constructor - UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trust); - virtual ~UserTrustItem() throw(); - - TrustData trust(); - -public: - static void makeCertIndex(Certificate *cert, CssmOwnedData &index); - -protected: - virtual PrimaryKey add(Keychain &keychain); - - void populateAttributes(); - -private: - SecPointer mCertificate; - SecPointer mPolicy; -}; - - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_TRUSTITEM_H_ diff --git a/Keychain/TrustStore.cpp b/Keychain/TrustStore.cpp deleted file mode 100644 index dae7d41e..00000000 --- a/Keychain/TrustStore.cpp +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustStore.h - Abstract interface to permanent user trust assignments -// -#include -#include -#include -#include -#include -#include - - -namespace Security { -namespace KeychainCore { - - -// -// Make and break: trivial -// -TrustStore::TrustStore(CssmAllocator &alloc) - : allocator(alloc), mRootsValid(false), mRootBytes(allocator) -{ -} - -TrustStore::~TrustStore() -{ } - - -// -// Retrieve the trust setting for a (certificate, policy) pair. -// -SecTrustUserSetting TrustStore::find(Certificate *cert, Policy *policy) -{ - if (Item item = findItem(cert, policy)) { - CssmDataContainer data; - item->getData(data); - if (data.length() != sizeof(TrustData)) - MacOSError::throwMe(errSecInvalidTrustSetting); - TrustData &trust = *data.interpretedAs(); - if (trust.version != UserTrustItem::currentVersion) - MacOSError::throwMe(errSecInvalidTrustSetting); - return trust.trust; - } else { - return kSecTrustResultUnspecified; - } -} - - -// -// Set an individual trust element -// -void TrustStore::assign(Certificate *cert, Policy *policy, SecTrustUserSetting trust) -{ - TrustData trustData = { UserTrustItem::currentVersion, trust }; - if (Item item = findItem(cert, policy)) { - // user has a trust setting in a keychain - modify that - if (trust == kSecTrustResultUnspecified) - item->keychain()->deleteItem(item); - else - item->modifyContent(NULL, sizeof(trustData), &trustData); - } else { - // no trust entry: make one - if (trust != kSecTrustResultUnspecified) { - Item item = new UserTrustItem(cert, policy, trustData); - if (Keychain location = cert->keychain()) - location->add(item); // in the cert's keychain - else - Keychain::optional(NULL)->add(item); // in the default keychain - } - } -} - - -// -// Search the user's configured keychains for a trust setting. -// If found, return it (as a TrustItem). Otherwise, return NULL. -// Note that this function throws if a "real" error is encountered. -// -Item TrustStore::findItem(Certificate *cert, Policy *policy) -{ - try { - SecKeychainAttribute attrs[2]; - CssmAutoData certIndex(CssmAllocator::standard()); - UserTrustItem::makeCertIndex(cert, certIndex); - attrs[0].tag = kSecTrustCertAttr; - attrs[0].length = certIndex.length(); - attrs[0].data = certIndex.data(); - const CssmOid &policyOid = policy->oid(); - attrs[1].tag = kSecTrustPolicyAttr; - attrs[1].length = policyOid.length(); - attrs[1].data = policyOid.data(); - SecKeychainAttributeList attrList = { 2, attrs }; - KCCursor cursor = globals().storageManager.createCursor(CSSM_DL_DB_RECORD_USER_TRUST, &attrList); - Item item; - if (cursor->next(item)) - return item; - else - return NULL; - } catch (const CssmCommonError &error) { - if (error.cssmError() == CSSMERR_DL_INVALID_RECORDTYPE) - return NULL; // no trust schema, no records, no error - throw; - } -} - - -// -// Return the root certificate list. -// This list is cached. -// -CFArrayRef TrustStore::copyRootCertificates() -{ - if (!mRootsValid) { - loadRootCertificates(); - mCFRoots = NULL; - } - if (!mCFRoots) { - uint32 count = mRoots.size(); - secdebug("anchors", "building %ld CF-style anchor certificates", count); - vector roots(count); - for (uint32 n = 0; n < count; n++) { - SecPointer cert = new Certificate(mRoots[n], - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER); - roots[n] = cert->handle(); - } - mCFRoots = CFArrayCreate(NULL, (const void **)&roots[0], count, - &kCFTypeArrayCallBacks); - for (uint32 n = 0; n < count; n++) - CFRelease(roots[n]); // undo CFArray's retain - } - CFRetain(mCFRoots); - return mCFRoots; -} - -void TrustStore::getCssmRootCertificates(CertGroup &rootCerts) -{ - if (!mRootsValid) - loadRootCertificates(); - rootCerts = CertGroup(CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA); - rootCerts.blobCerts() = &mRoots[0]; - rootCerts.count() = mRoots.size(); -} - -void TrustStore::refreshRootCertificates() -{ - if (mRootsValid) { - secdebug("anchors", "clearing %ld cached anchor certificates", mRoots.size()); - - // throw out the CF version - if (mCFRoots) { - CFRelease(mCFRoots); - mCFRoots = NULL; - } - - // release cert memory - mRootBytes.reset(); - mRoots.clear(); - - // all pristine again - mRootsValid = false; - } -} - - -// -// Load root (anchor) certificates from disk -// -void TrustStore::loadRootCertificates() -{ - using namespace CssmClient; - using namespace KeychainCore::Schema; - - // release previous cached data (if any) - refreshRootCertificates(); - - static const char anchorLibrary[] = "/System/Library/Keychains/X509Anchors"; - - // open anchor database and formulate query (x509v3 certs) - secdebug("anchors", "Loading anchors from %s", anchorLibrary); - DL dl(gGuidAppleFileDL); - Db db(dl, anchorLibrary); - DbCursor search(db); - search->recordType(CSSM_DL_DB_RECORD_X509_CERTIFICATE); - search->conjunctive(CSSM_DB_OR); -#if 0 // if we ever need to support v1/v2 certificates... - search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v1)); - search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v2)); - search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v3)); -#endif - - // collect certificate data - typedef list ContainerList; - ContainerList::iterator last; - ContainerList certs; - for (;;) { - DbUniqueRecord id; - last = certs.insert(certs.end(), CssmDataContainer()); - if (!search->next(NULL, &*last, id)) - break; - } - - // how many data bytes do we need? - size_t size = 0; - for (ContainerList::const_iterator it = certs.begin(); it != last; it++) - size += it->length(); - mRootBytes.length(size); - - // fill CssmData vector while copying data bytes together - mRoots.clear(); - uint8 *base = mRootBytes.data(); - for (ContainerList::const_iterator it = certs.begin(); it != last; it++) { - memcpy(base, it->data(), it->length()); - mRoots.push_back(CssmData(base, it->length())); - base += it->length(); - } - secdebug("anchors", "%ld anchors loaded", mRoots.size()); - - mRootsValid = true; // ready to roll -} - - -} // end namespace KeychainCore -} // end namespace Security diff --git a/Keychain/TrustStore.h b/Keychain/TrustStore.h deleted file mode 100644 index 3aa27899..00000000 --- a/Keychain/TrustStore.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustStore.h - Abstract interface to permanent user trust assignments -// -#ifndef _SECURITY_TRUSTSTORE_H_ -#define _SECURITY_TRUSTSTORE_H_ - -#include -#include -#include -#include -#include - - -namespace Security { -namespace KeychainCore { - - -// -// A TrustStore object mediates access to "user trust" information stored -// for a user (usually in her keychains). -// For lack of a better home, access to the default anchor certificate -// list is also provided here. -// -class TrustStore { - NOCOPY(TrustStore) -public: - TrustStore(CssmAllocator &alloc = CssmAllocator::standard()); - virtual ~TrustStore(); - - CssmAllocator &allocator; - - // set/get user trust for a certificate and policy - SecTrustUserSetting find(Certificate *cert, Policy *policy); - void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment); - - // get access to the default root anchor certificates for X509 - CFArrayRef copyRootCertificates(); - void getCssmRootCertificates(CertGroup &roots); - void refreshRootCertificates(); - - typedef UserTrustItem::TrustData TrustData; - -protected: - Item findItem(Certificate *cert, Policy *policy); - void loadRootCertificates(); - -private: - bool mRootsValid; // roots have been loaded from disk - vector mRoots; // array of CssmDatas to certificate datas - CssmAutoData mRootBytes; // certificate data blobs (bunched up) - CFRef mCFRoots; // mRoots as CFArray -}; - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_TRUSTSTORE_H_ diff --git a/Keychain/TrustedApplication.cpp b/Keychain/TrustedApplication.cpp deleted file mode 100644 index 3c1037a7..00000000 --- a/Keychain/TrustedApplication.cpp +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustedApplication.cpp -// -#include -#include -#include -#include -#include -#include -#include - -using namespace KeychainCore; -using namespace CodeSigning; - - -// -// Create a TrustedApplication from a code-signing ACL subject. -// Throws ACL::ParseError if the subject is unexpected. -// -TrustedApplication::TrustedApplication(const TypedList &subject) - : mSignature(CssmAllocator::standard()), - mData(CssmAllocator::standard()) -{ - if (subject.type() != CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE) - throw ACL::ParseError(); - if (subject[1] != CSSM_ACL_CODE_SIGNATURE_OSX) - throw ACL::ParseError(); - mSignature = subject[2].data(); - mData = subject[3].data(); -} - - -TrustedApplication::TrustedApplication(const CssmData &signature, const CssmData &data) : - mSignature(CssmAllocator::standard(), signature), - mData(CssmAllocator::standard(), data) -{ -} - -TrustedApplication::TrustedApplication(const char *path) - : mSignature(CssmAllocator::standard()), - mData(CssmAllocator::standard()) -{ - OSXSigner signer; - RefPointer object(OSXCode::at(path)); - auto_ptr signature(signer.sign(*object)); - mSignature = *signature; - string basePath = object->canonicalPath(); - mData = CssmData(const_cast(basePath.c_str()), basePath.length() + 1); -} - -TrustedApplication::TrustedApplication() - : mSignature(CssmAllocator::standard()), - mData(CssmAllocator::standard()) -{ - OSXSigner signer; - RefPointer object(OSXCode::main()); - auto_ptr signature(signer.sign(*object)); - mSignature = *signature; - string path = object->canonicalPath(); - mData.copy(path.c_str(), path.length() + 1); // including trailing null -} - -TrustedApplication::~TrustedApplication() throw() -{ -} - -const CssmData & -TrustedApplication::signature() const -{ - return mSignature; -} - -const char * -TrustedApplication::path() const -{ - if (mData) - return mData.get().interpretedAs(); - else - return NULL; -} - -bool -TrustedApplication::sameSignature(const char *path) -{ - // return true if object at given path has same signature - CssmAutoData otherSignature(CssmAllocator::standard()); - calcSignature(path, otherSignature); - return (mSignature.get() == otherSignature); -} - -void -TrustedApplication::calcSignature(const char *path, CssmOwnedData &signature) -{ - // generate a signature for the given object - RefPointer objToVerify(CodeSigning::OSXCode::at(path)); - CodeSigning::OSXSigner signer; - auto_ptr osxSignature(signer.sign(*objToVerify)); - signature.copy(osxSignature->data(), osxSignature->length()); -} - - -// -// Produce a TypedList representing a code-signing ACL subject -// for this application. -// Memory is allocated from the allocator given, and belongs to -// the caller. -// -TypedList TrustedApplication::makeSubject(CssmAllocator &allocator) -{ - return TypedList(allocator, - CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, - new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX), - new(allocator) ListElement(allocator, mSignature.get()), - new(allocator) ListElement(allocator, mData.get())); -} - - -// -// On a completely different note... -// Read a simple text file from disk and cache the lines in a set. -// This is used during re-prebinding to cut down on the number of -// equivalency records being generated. -// This feature is otherwise completely unconnected to anything else here. -// -PathDatabase::PathDatabase(const char *path) -{ - if (FILE *f = fopen(path, "r")) { - mQualifyAll = false; - char path[PATH_MAX+1]; - while (fgets(path, sizeof(path), f)) { - path[strlen(path)-1] = '\0'; // strip NL - mPaths.insert(path); - } - fclose(f); - secdebug("equivdb", "read %ld paths from %s", mPaths.size(), path); - } else { - mQualifyAll = true; - secdebug("equivdb", "cannot open %s, will qualify all application paths", path); - } -} - - -bool PathDatabase::lookup(const string &path) -{ - string::size_type lastSlash = path.rfind('/'); - string::size_type bundleCore = path.find("/Contents/MacOS/"); - if (lastSlash != string::npos && bundleCore != string::npos) - if (bundleCore + 15 == lastSlash) - path = path.substr(0, bundleCore); - return mPaths.find(path) != mPaths.end(); -} diff --git a/Keychain/TrustedApplication.h b/Keychain/TrustedApplication.h deleted file mode 100644 index 8f2dff7e..00000000 --- a/Keychain/TrustedApplication.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -// -// TrustedApplication.h - TrustedApplication control wrappers -// -#ifndef _SECURITY_TRUSTEDAPPLICATION_H_ -#define _SECURITY_TRUSTEDAPPLICATION_H_ - -#include -#include -#include -#include - - -namespace Security { -namespace KeychainCore { - - -// -// TrustedApplication actually denotes a signed executable -// on disk as used by the ACL subsystem. Much useful -// information is encapsulated in the 'comment' field that -// is stored with the ACL subject. TrustedApplication does -// not interpret this value, leaving its meaning to its caller. -// -class TrustedApplication : public SecCFObject { - NOCOPY(TrustedApplication) -public: - SECCFFUNCTIONS(TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef) - - TrustedApplication(const TypedList &subject); - TrustedApplication(const CssmData &signature, const CssmData &comment); - TrustedApplication(const char *path); - TrustedApplication(); // for current application - virtual ~TrustedApplication() throw(); - - const CssmData &signature() const; - - // data (aka "comment") access - const CssmData &data() const { return mData; } - const char *path() const; - template - void data(const Data &data) { mData = data; } - - TypedList makeSubject(CssmAllocator &allocator); - - bool sameSignature(const char *path); // return true if object at path has same signature - -protected: - void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature - -private: - CssmAutoData mSignature; - CssmAutoData mData; -}; - - -// -// A simple implementation of a caching path database in the system. -// -class PathDatabase { -public: - PathDatabase(const char *path = "/var/db/CodeEquivalenceCandidates"); - - bool operator [] (const std::string &path) - { return mQualifyAll || lookup(path); } - -private: - bool mQualifyAll; - set mPaths; - - bool lookup(const std::string &path); -}; - - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_TRUSTEDAPPLICATION_H_ diff --git a/Keychain/cssmdatetime.cpp b/Keychain/cssmdatetime.cpp deleted file mode 100644 index 22d5c1cd..00000000 --- a/Keychain/cssmdatetime.cpp +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmdatetime.cpp - - Contains: CSSM date and time utilities for the Mac - - Written by: The Hindsight team - - Copyright: © 1997-2000 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#ifdef __MWERKS__ -#define _CPP_CSSM_DATE_TIME_UTILS -#endif - -#include "cssmdatetime.h" - -#include -#include -#include -#include -#include -#include -#include - -namespace Security -{ - -namespace CSSMDateTimeUtils -{ - -#define MAX_TIME_STR_LEN 30 -#define UTC_TIME_STRLEN 13 -#define GENERALIZED_TIME_STRLEN 15 - - -void -GetCurrentMacLongDateTime(SInt64 &outMacDate) -{ - CFTimeZoneRef timeZone = CFTimeZoneCopyDefault(); - CFAbsoluteTime absTime = CFAbsoluteTimeGetCurrent(); - absTime += CFTimeZoneGetSecondsFromGMT(timeZone, absTime); - CFRelease(timeZone); - outMacDate = SInt64(double(absTime + kCFAbsoluteTimeIntervalSince1904)); -} - -void -TimeStringToMacSeconds (const CSSM_DATA &inUTCTime, UInt32 &ioMacDate) -{ - SInt64 ldt; - TimeStringToMacLongDateTime(inUTCTime, ldt); - ioMacDate = UInt32(ldt); -} - -/* - * Given a CSSM_DATA containing either a UTC-style or "generalized time" - * time string, convert to 32-bit Mac time in seconds. - * Returns nonzero on error. - */ -void -TimeStringToMacLongDateTime (const CSSM_DATA &inUTCTime, SInt64 &outMacDate) -{ - char szTemp[5]; - unsigned len; - int isUtc; - sint32 x; - sint32 i; - char *cp; - - CFGregorianDate date; - ::memset( &date, 0, sizeof(date) ); - - if ((inUTCTime.Data == NULL) || (inUTCTime.Length == 0)) - { - MacOSError::throwMe(paramErr); - } - - /* tolerate NULL terminated or not */ - len = inUTCTime.Length; - if (inUTCTime.Data[len - 1] == '\0') - len--; - - switch(len) - { - case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant - isUtc = 1; - break; - case GENERALIZED_TIME_STRLEN: // 4-digit year - isUtc = 0; - break; - default: // unknown format - MacOSError::throwMe(paramErr); - } - - cp = (char *)inUTCTime.Data; - - /* check that all characters except last are digits */ - for(i=0; i<(sint32)(len - 1); i++) { - if ( !(isdigit(cp[i])) ) { - MacOSError::throwMe(paramErr); - } - } - - /* check last character is a 'Z' */ - if(cp[len - 1] != 'Z' ) { - MacOSError::throwMe(paramErr); - } - - /* YEAR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - if(!isUtc) { - /* two more digits */ - szTemp[2] = *cp++; - szTemp[3] = *cp++; - szTemp[4] = '\0'; - } - else { - szTemp[2] = '\0'; - } - x = atoi( szTemp ); - if(isUtc) { - /* - * 2-digit year. - * 0 <= year <= 50 : assume century 21 - * 50 < year < 70 : illegal per PKIX - * 70 < year <= 99 : assume century 20 - */ - if(x <= 50) { - x += 100; - } - else if(x < 70) { - MacOSError::throwMe(paramErr); - } - /* else century 20, OK */ - - /* bug fix... we need to end up with a 4-digit year! */ - x += 1900; - } - /* by definition - tm_year is year - 1900 */ - //tmp->tm_year = x - 1900; - date.year = x; - - /* MONTH */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* in the string, months are from 1 to 12 */ - if((x > 12) || (x <= 0)) { - MacOSError::throwMe(paramErr); - } - /* in a tm, 0 to 11 */ - //tmp->tm_mon = x - 1; - date.month = x; - - /* DAY */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* 1..31 in both formats */ - if((x > 31) || (x <= 0)) { - MacOSError::throwMe(paramErr); - } - //tmp->tm_mday = x; - date.day = x; - - /* HOUR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 23) || (x < 0)) { - MacOSError::throwMe(paramErr); - } - //tmp->tm_hour = x; - date.hour = x; - - /* MINUTE */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - MacOSError::throwMe(paramErr); - } - //tmp->tm_min = x; - date.minute = x; - - /* SECOND */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - MacOSError::throwMe(paramErr); - } - //tmp->tm_sec = x; - date.second = x; - - CFTimeZoneRef timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0); - CFAbsoluteTime absTime = CFGregorianDateGetAbsoluteTime(date, timeZone); - CFRelease(timeZone); - - // Adjust abstime to local timezone - timeZone = CFTimeZoneCopyDefault(); - absTime += CFTimeZoneGetSecondsFromGMT(timeZone, absTime); - CFRelease(timeZone); - - outMacDate = SInt64(double(absTime + kCFAbsoluteTimeIntervalSince1904)); -} - -void MacSecondsToTimeString(UInt32 inMacDate, UInt32 inLength, void *outData) -{ - SInt64 ldt = SInt64(UInt64(inMacDate)); - MacLongDateTimeToTimeString(ldt, inLength, outData); -} - -void MacLongDateTimeToTimeString(const SInt64 &inMacDate, - UInt32 inLength, void *outData) -{ - // @@@ this code is close, but on the fringe case of a daylight savings time it will be off for a little while - CFAbsoluteTime absTime = inMacDate - kCFAbsoluteTimeIntervalSince1904; - - // Remove local timezone component from absTime - CFTimeZoneRef timeZone = CFTimeZoneCopyDefault(); - absTime -= CFTimeZoneGetSecondsFromGMT(timeZone, absTime); - CFRelease(timeZone); - - timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0); - CFGregorianDate date = CFAbsoluteTimeGetGregorianDate(absTime, timeZone); - CFRelease(timeZone); - - if (inLength == 16) - { - sprintf((char *)(outData), "%04d%02d%02d%02d%02d%02dZ", - int(date.year % 10000), date.month, date.day, - date.hour, date.minute, int(date.second)); - } - else if (inLength == 14) - { - /* UTC - 2 year digits - code which parses this assumes that - * (2-digit) years between 0 and 49 are in century 21 */ - sprintf((char *)(outData), "%02d%02d%02d%02d%02d%02dZ", - int(date.year % 100), date.month, date.day, - date.hour, date.minute, int(date.second)); - } - else - MacOSError::throwMe(paramErr); -} - -}; // end namespace CSSMDateTimeUtils - -} // end namespace Security diff --git a/Keychain/cssmdatetime.h b/Keychain/cssmdatetime.h deleted file mode 100644 index a1c8c8cb..00000000 --- a/Keychain/cssmdatetime.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * cssmdatetime.h -- defines for the CSSM date and time utilities for the Mac - */ -#ifndef _SECURITY_CSSMDATETIME_H_ -#define _SECURITY_CSSMDATETIME_H_ - -#include - -namespace Security -{ - -namespace CSSMDateTimeUtils -{ - -// Get the current time. -extern void GetCurrentMacLongDateTime(SInt64 &outMacDate); - -extern void TimeStringToMacSeconds(const CSSM_DATA &inUTCTime, UInt32 &ioMacDate); -extern void TimeStringToMacLongDateTime(const CSSM_DATA &inUTCTime, SInt64 &outMacDate); - -// Length of inLength is an input parameter and must be 14 or 16. -// The outData parameter must point to a buffer of at least inLength bytes. -extern void MacSecondsToTimeString(UInt32 inMacDate, UInt32 inLength, void *outData); -extern void MacLongDateTimeToTimeString(const SInt64 &inMacDate, - UInt32 inLength, void *outData); - -} // end namespace CSSMDateTimeUtils - -} // end namespace Security - -#endif // !_SECURITY_CSSMDATETIME_H_ diff --git a/Keychain/generateErrStrings.pl b/Keychain/generateErrStrings.pl deleted file mode 100644 index 8652bd87..00000000 --- a/Keychain/generateErrStrings.pl +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/perl -# -# generatorX.pl - create error strings files from the Security header files -# -# John Hurley, Summer 2003. Based on generator.pl, Perry The Cynic, Fall 1999. -# -# Usage: -# perl generatorX.pl input-directory output-directory -# -# Currently supported files are SecBase.h, SecureTransport.h and Authorization.h -# -# perl generatorX.pl `pwd` `pwd` SecBase2.h SecureTransport2.h Authorization.h -# -# Input will be like: -# -# errSSLProtocol = -9800, /* SSL protocol error */ -# errSSLNegotiation = -9801, /* Cipher Suite negotiation failure */ -# -# Output should be like (in Unicode): -# -# /* errSSLProtocol */ -# "-9800" = "SSL protocol error"; -# -# /* errSSLNegotiation */ -# "-9801" = "Cipher Suite negotiation failure"; -# -# Note that the list of errors must be numerically unique across all input files, or the strings file -# will be invalid.Comments that span multiple lines will be ignored, as will lines with no comment. C++ -# style comments are not supported. -# - -use Encode; - -$SOURCEDIR=$ARGV[0]; # directory with error headers -$TARGETDIR=$ARGV[1]; # where to put the output file -@INPUTFILES=@ARGV[2 .. 9999]; # list of input files - -$TABLES="$TARGETDIR/SecErrorMessages.strings"; # error strings - -$tabs = "\t\t\t"; # argument indentation (noncritical) -$warning = "This file was automatically generated. Do not edit on penalty of futility!"; - -# -# Parse error headers and build array of all relevant lines -# - -open(ERR, "cat " . join(" ", @INPUTFILES) . "|") or die "Cannot open error header files"; -$/=undef; # still gulping -$_ = ; -@errorlines = m{(?:^\s*)(err[Sec|Authorization|SSL]\w+)(?:\s*=\s*)(-?\d+)(?:\s*,?\s*)(?:/\*\s*)(.*)(?:\*/)(?:$\s*)}gm; -close(ERR); - -$nFull = $#errorlines / 3; - -# -# Now we will generate the error name tables. -# - -open(OUT, ">$TABLES") or die "Cannot write $TABLES: $^E"; -select OUT; - -# Print warning comment -$msg = "//\n// Security error code tables.\n// $warning\n//\n"; - -# Print the error messages -while ($errx = shift @errorlines) -{ - $value = shift @errorlines; # or die; - $str = shift @errorlines; # or die; - $str =~ s/\s*$//; # drop trailing white space - if ( $value != 0) # can't output duplicate error codes - { - $msg = $msg . "\n/* $errx */\n\"$value\" = \"$str\";\n"; - } -}; -$msg = $msg . "\n"; -$output = encode("UTF-16", $msg, Encode::FB_PERLQQ); -print "$output"; - -close(OUT); -select(STDOUT); - -#print "$nFull errors available to error translation functions.\n"; diff --git a/Keychain/iToolsTrustedApps.plist b/Keychain/iToolsTrustedApps.plist deleted file mode 100644 index 57d04d6f..00000000 --- a/Keychain/iToolsTrustedApps.plist +++ /dev/null @@ -1,18 +0,0 @@ - - - - - /Applications/Mail.app - /Applications/System Preferences.app - /Applications/iCal.app - /Applications/iChat.app - /Applications/iMovie.app - /Applications/iPhoto.app - /Applications/iSync.app - /Applications/iTunes.app - /System/Library/CoreServices/Finder.app - /System/Library/CoreServices/MirrorAgent.app - /System/Library/CoreServices/SyncServer.app - /System/Library/PrivateFrameworks/InstantMessage.framework/iChatAgent.app - - diff --git a/Keychain/srCdsaUtils.cpp b/Keychain/srCdsaUtils.cpp deleted file mode 100644 index a5f1b65b..00000000 --- a/Keychain/srCdsaUtils.cpp +++ /dev/null @@ -1,553 +0,0 @@ -/* - File: srCdsaUtils.cpp - - Description: common CDSA access utilities - - Author: dmitch - - Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. - - Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple - Computer, Inc. ("Apple") in consideration of your agreement to - the following terms, and your use, installation, modification - or redistribution of this Apple software constitutes acceptance - of these terms. If you do not agree with these terms, please - do not use, install, modify or redistribute this Apple software. - - In consideration of your agreement to abide by the following - terms, and subject to these terms, Apple grants you a personal, - non-exclusive license, under Apple's copyrights in this - original Apple software (the "Apple Software"), to use, - reproduce, modify and redistribute the Apple Software, with - or without modifications, in source and/or binary forms; - provided that if you redistribute the Apple Software in - its entirety and without modifications, you must retain - this notice and the following text and disclaimers in all - such redistributions of the Apple Software. Neither the - name, trademarks, service marks or logos of Apple Computer, - Inc. may be used to endorse or promote products derived from the - Apple Software without specific prior written permission from - Apple. Except as expressly stated in this notice, no other - rights or licenses, express or implied, are granted by Apple - herein, including but not limited to any patent rights that - may be infringed by your derivative works or by other works - in which the Apple Software may be incorporated. - - The Apple Software is provided by Apple on an "AS IS" basis. - APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, - REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE - OR IN COMBINATION WITH YOUR PRODUCTS. - - IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, - INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION - AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED - AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING - NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE - HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "srCdsaUtils.h" -#include -#include -#include -#include /* for cssmPerror() */ -#include /* for cssmPerror() */ -#include - -static CSSM_VERSION vers = {2, 0}; -static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; - -/* - * Standard app-level memory functions required by CDSA. - */ -void * srAppMalloc (uint32 size, void *allocRef) { - return( malloc(size) ); -} - -void srAppFree (void *mem_ptr, void *allocRef) { - free(mem_ptr); - return; -} - -void * srAppRealloc (void *ptr, uint32 size, void *allocRef) { - return( realloc( ptr, size ) ); -} - -void * srAppCalloc (uint32 num, uint32 size, void *allocRef) { - return( calloc( num, size ) ); -} - -static CSSM_API_MEMORY_FUNCS memFuncs = { - srAppMalloc, - srAppFree, - srAppRealloc, - srAppCalloc, - NULL - }; - -CSSM_BOOL srCompareCssmData(const CSSM_DATA *d1, - const CSSM_DATA *d2) -{ - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - return CSSM_TRUE; -} - -/* - * Init CSSM; returns CSSM_FALSE on error. Reusable. - */ -static CSSM_BOOL cssmInitd = CSSM_FALSE; - -CSSM_BOOL srCssmStartup() -{ - CSSM_RETURN crtn; - CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - - if(cssmInitd) { - return CSSM_TRUE; - } - crtn = CSSM_Init (&vers, - CSSM_PRIVILEGE_SCOPE_NONE, - &testGuid, - CSSM_KEY_HIERARCHY_NONE, - &pvcPolicy, - NULL /* reserved */); - if(crtn != CSSM_OK) - { - srPrintError("CSSM_Init", crtn); - return CSSM_FALSE; - } - else { - cssmInitd = CSSM_TRUE; - return CSSM_TRUE; - } -} - -/* - * Attach to CSP. Returns zero on error. - */ -CSSM_CSP_HANDLE srCspStartup( - CSSM_BOOL bareCsp) // true ==> CSP, false ==> CSP/DL -{ - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - const CSSM_GUID *guid; - - /* common CSSM init */ - if(srCssmStartup() == CSSM_FALSE) { - return 0; - } - if(bareCsp) { - guid = &gGuidAppleCSP; - } - else { - guid = &gGuidAppleCSPDL; - } - crtn = CSSM_ModuleLoad(guid, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - srPrintError("CSSM_ModuleLoad()", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (guid, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CSP, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &cspHand); - if(crtn) { - srPrintError("CSSM_ModuleAttach()", crtn); - return 0; - } - return cspHand; -} - -/* Attach to DL side of CSPDL */ -CSSM_DL_HANDLE srDlStartup() -{ - CSSM_DL_HANDLE dlHand = 0; - CSSM_RETURN crtn; - - if(srCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleCSPDL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - srPrintError("CSSM_ModuleLoad(Apple CSPDL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleCSPDL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_DL, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &dlHand); - if(crtn) { - srPrintError("CSSM_ModuleAttach(Apple CSPDL)", crtn); - return 0; - } - return dlHand; -} - -CSSM_CL_HANDLE srClStartup() -{ - CSSM_CL_HANDLE clHand; - CSSM_RETURN crtn; - - if(srCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509CL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - srPrintError("CSSM_ModuleLoad(AppleCL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509CL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CL, // SubserviceFlags - Where is this used? - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &clHand); - if(crtn) { - srPrintError("CSSM_ModuleAttach(AppleCL)", crtn); - return 0; - } - else { - return clHand; - } -} - -CSSM_TP_HANDLE srTpStartup() -{ - CSSM_TP_HANDLE tpHand; - CSSM_RETURN crtn; - - if(srCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509TP, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - srPrintError("CSSM_ModuleLoad(AppleTP)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509TP, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_TP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &tpHand); - if(crtn) { - srPrintError("CSSM_ModuleAttach(AppleTP)", crtn); - return 0; - } - else { - return tpHand; - } -} - -/* - * Given a context specified via a CSSM_CC_HANDLE, add a new - * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType, - * AttributeLength, and an untyped pointer. - */ -CSSM_RETURN srAddContextAttribute(CSSM_CC_HANDLE CCHandle, - uint32 AttributeType, - uint32 AttributeLength, - const void *AttributePtr) -{ - CSSM_CONTEXT_ATTRIBUTE newAttr; - CSSM_RETURN crtn; - - newAttr.AttributeType = AttributeType; - newAttr.AttributeLength = AttributeLength; - newAttr.Attribute.Data = (CSSM_DATA_PTR)AttributePtr; - crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr); - if(crtn) { - srPrintError("CSSM_UpdateContextAttributes", crtn); - } - return crtn; -} - - -/* - * Derive symmetric key. - * Note in the X CSP, we never return an IV. - */ -CSSM_RETURN srCspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_KEY_PTR key) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - uint32 keyAttr; - CSSM_DATA dummyLabel; - CSSM_PKCS5_PBKDF2_PARAMS pbeParams; - CSSM_DATA pbeData; - CSSM_ACCESS_CREDENTIALS creds; - - memset(key, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_PKCS5_PBKDF2, - keyAlg, - keySizeInBits, - &creds, - NULL, // BaseKey - iterationCnt, - salt, - NULL, // seed - &ccHand); - if(crtn) { - srPrintError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return crtn; - } - keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | - CSSM_KEYATTR_SENSITIVE; - dummyLabel.Length = keyLabelLen; - dummyLabel.Data = (uint8 *)keyLabel; - - /* passing in password is pretty strange....*/ - pbeParams.Passphrase = *password; - pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; - pbeData.Data = (uint8 *)&pbeParams; - pbeData.Length = sizeof(pbeParams); - crtn = CSSM_DeriveKey(ccHand, - &pbeData, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // cred and acl - key); - if(crtn) { - srPrintError("CSSM_DeriveKey", crtn); - return crtn; - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - srPrintError("CSSM_DeleteContext", crtn); - } - return crtn; -} - -/* - * Generate key pair of arbitrary algorithm. - */ - -/* CSP DL currently does not perform DSA generate params; let CSP do it implicitly */ -#define DO_DSA_GEN_PARAMS 0 - -CSSM_RETURN srCspGenKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE *dlDbHand, // optional - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYATTR_FLAGS privAttrs) // CSSM_KEYATTR_EXTRACTABLE, etc. -{ - CSSM_RETURN crtn; - CSSM_RETURN ocrtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - srPrintError("CSSM_CSP_CreateKeyGenContext", crtn); - return crtn; - } - - /* post-context-create algorithm-specific stuff */ - switch(algorithm) { - #if DO_DSA_GEN_PARAMS - case CSSM_ALGID_DSA: - /* - * extra step - generate params - this just adds some - * info to the context - */ - { - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, &dummy); - if(crtn) { - srPrintError("CSSM_GenerateAlgorithmParams", crtn); - CSSM_DeleteContext(ccHand); - return crtn; - } - srAppFree(dummy.Data, NULL); - } - break; - #endif /* DO_DSA_GEN_PARAMS */ - default: - break; - } - - /* optionally specify DL/DB storage location */ - if(dlDbHand) { - crtn = srAddContextAttribute(ccHand, - CSSM_ATTRIBUTE_DL_DB_HANDLE, - sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE), - dlDbHand); - if(crtn) { - CSSM_DeleteContext(ccHand); - return crtn; - } - } - ocrtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttrs, - &keyLabelData, - pubKey, - privKeyUsage, - privAttrs, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(ocrtn) { - srPrintError("CSSM_GenerateKeyPair", ocrtn); - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - srPrintError("CSSM_DeleteContext", crtn); - if(ocrtn == CSSM_OK) { - /* error on CSSM_GenerateKeyPair takes precedence */ - ocrtn = crtn; - } - } - return ocrtn; -} - - -/* - * Add a certificate to an open Keychain. - */ -CSSM_RETURN srAddCertToKC( - SecKeychainRef keychain, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *keyLabel) // ?? -{ - SecCertificateRef certificate; - - OSStatus rslt = SecCertificateCreateFromData(cert, certType, certEncoding, &certificate); - if (!rslt) - { - rslt = SecCertificateAddToKeychain(certificate, keychain); - CFRelease(certificate); - } - - return rslt; -} - -/* - * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to an - * unsigned. - */ -unsigned srDER_ToInt(const CSSM_DATA *DER_Data) -{ - uint32 rtn = 0; - unsigned i = 0; - - while(i < DER_Data->Length) { - rtn |= DER_Data->Data[i]; - if(++i == DER_Data->Length) { - break; - } - rtn <<= 8; - } - return rtn; -} - -/* - * Log CSSM error. - */ -void srPrintError(char *op, CSSM_RETURN err) -{ - cssmPerror(op, err); -} - -/* - * Convert a CFString into a C string as safely as we can. Caller must - * free the result. - */ -char *srCfStrToCString( - CFStringRef cfStr) -{ - CFIndex len = CFStringGetLength(cfStr) + 1; - char *cstr = (char *)malloc(len); - if(cstr == NULL) { - return NULL; - } - if(!CFStringGetCString(cfStr, cstr, len, kCFStringEncodingASCII)) { - printf("***CFStringGetCString error\n"); - free(cstr); - return NULL; - } - return cstr; -} - diff --git a/Keychain/srCdsaUtils.h b/Keychain/srCdsaUtils.h deleted file mode 100644 index 4133a3c1..00000000 --- a/Keychain/srCdsaUtils.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - File: srCdsaUtils.h - - Description: common CDSA access utilities - - Author: dmitch - - Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. - - Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple - Computer, Inc. ("Apple") in consideration of your agreement to - the following terms, and your use, installation, modification - or redistribution of this Apple software constitutes acceptance - of these terms. If you do not agree with these terms, please - do not use, install, modify or redistribute this Apple software. - - In consideration of your agreement to abide by the following - terms, and subject to these terms, Apple grants you a personal, - non-exclusive license, under Apple's copyrights in this - original Apple software (the "Apple Software"), to use, - reproduce, modify and redistribute the Apple Software, with - or without modifications, in source and/or binary forms; - provided that if you redistribute the Apple Software in - its entirety and without modifications, you must retain - this notice and the following text and disclaimers in all - such redistributions of the Apple Software. Neither the - name, trademarks, service marks or logos of Apple Computer, - Inc. may be used to endorse or promote products derived from the - Apple Software without specific prior written permission from - Apple. Except as expressly stated in this notice, no other - rights or licenses, express or implied, are granted by Apple - herein, including but not limited to any patent rights that - may be infringed by your derivative works or by other works - in which the Apple Software may be incorporated. - - The Apple Software is provided by Apple on an "AS IS" basis. - APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, - REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE - OR IN COMBINATION WITH YOUR PRODUCTS. - - IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, - INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION - AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED - AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING - NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE - HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef _COMMON_CDSA_UTILS_H_ -#define _COMMON_CDSA_UTILS_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* common memory allocators shared by app and CSSM */ -extern void * srAppMalloc (uint32 size, void *allocRef); -extern void srAppFree (void *mem_ptr, void *allocRef); -extern void * srAppRealloc (void *ptr, uint32 size, void *allocRef); -extern void * srAppCalloc (uint32 num, uint32 size, void *allocRef); - -#define APP_MALLOC(s) srAppMalloc(s, NULL) -#define APP_FREE(p) srAppFree(p, NULL) -#define APP_REALLOC(p, s) srAppRealloc(p, s, NULL) -#define APP_CALLOC(n, s) srAppRealloc(n, s, NULL) - -extern CSSM_BOOL srCompareCssmData( - const CSSM_DATA *d1, - const CSSM_DATA *d2); - -/* OID flavor of same, which will break when an OID is not a CSSM_DATA */ -#define srCompareOid(o1, o2) srCompareCssmData(o1, o2) - -void srPrintError(char *op, CSSM_RETURN err); - -/* Init CSSM; returns CSSM_FALSE on error. Reusable. */ -extern CSSM_BOOL srCssmStartup(); - -/* Attach to CSP. Returns zero on error. */ -extern CSSM_CSP_HANDLE srCspStartup( - CSSM_BOOL bareCsp); // true ==> CSP, false ==> CSP/DL - -/* Attach to DL side of CSPDL. */ -extern CSSM_DL_HANDLE srDlStartup(); - -/* Attach to CL, TP */ -extern CSSM_CL_HANDLE srClStartup(); -extern CSSM_TP_HANDLE srTpStartup(); - -/* - * Derive symmetric key using PBE. - */ -extern CSSM_RETURN srCspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_KEY_PTR key); - -/* - * Generate key pair of arbitrary algorithm. - */ -extern CSSM_RETURN srCspGenKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE *dlDbHand, // optional - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYATTR_FLAGS privAttrs); // CSSM_KEYATTR_EXTRACTABLE, etc. - -/* Convert a reference key to a raw key. */ -CSSM_RETURN srRefKeyToRaw(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey); // RETURNED - -/* - * Add a certificate to a keychain. - */ -CSSM_RETURN srAddCertToKC( - SecKeychainRef keychain, - const CSSM_DATA *cert, - CSSM_CERT_TYPE certType, - CSSM_CERT_ENCODING certEncoding, - const char *printName, // C string - const CSSM_DATA *keyLabel); // ?? - -/* - * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to an - * unsigned. - */ -unsigned srDER_ToInt( - const CSSM_DATA *DER_Data); - -char *srCfStrToCString( - CFStringRef cfStr); - -#ifdef __cplusplus -} -#endif - -#endif /* _COMMON_CDSA_UTILS_H_ */ \ No newline at end of file diff --git a/Network/connectionpool.cpp b/Network/connectionpool.cpp deleted file mode 100644 index bea735d4..00000000 --- a/Network/connectionpool.cpp +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connectionpool - manage pool of active, unused Connection objects -// -#include "connectionpool.h" -#include "netconnection.h" - - -namespace Security { -namespace Network { - - -// -// Try to locate a Connection with a suitable HostTarget from the pool. -// If found, remove it from the pool and return it. Otherwise, return NULL (no error). -// -Connection *ConnectionPool::get(const HostTarget &host) -{ - //@@@ locking, of course :-) - ConnectionMap::iterator it = mConnections.find(host); - if (it != mConnections.end()) { - // take it and use it - Connection *connection = it->second; - mConnections.erase(it); - secdebug("connpool", "Connection %p retrieved from pool", connection); - return connection; - } - // none available - return NULL; -} - - -// -// Retain a Connection in the pool -// -void ConnectionPool::retain(Connection *connection) -{ - //@@@ threading, of course :-) - secdebug("connpool", "Connection %p retained in connection pool", connection); - mConnections.insert(ConnectionMap::value_type(connection->hostTarget, connection)); - //mConnections[connection->hostTarget] = connection; -} - - -// -// Remove a retained Connection from the pool. -// Returns true if found (and removed); false otherwise. -// -bool ConnectionPool::remove(Connection *connection) -{ - // this search is two-stage to deal with potentially large multimaps - typedef ConnectionMap::iterator Iter; - pair range = mConnections.equal_range(connection->hostTarget); - for (Iter it = range.first; it != range.second; it++) - if (it->second == connection) { - mConnections.erase(it); - secdebug("connpool", "Connection %p removed from connection pool", connection); - return true; - } - return false; -} - - -// -// Clear the connection pool -// -void ConnectionPool::purge() -{ - secdebug("connpool", "Connection pool purging %ld connections", mConnections.size()); - for (ConnectionMap::iterator it = mConnections.begin(); it != mConnections.end(); it++) - delete it->second; - mConnections.erase(mConnections.begin(), mConnections.end()); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/connectionpool.h b/Network/connectionpool.h deleted file mode 100644 index 704b9771..00000000 --- a/Network/connectionpool.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connectionpool - manage pool of active, unused Connection objects -// -#ifndef _H_CONNECTIONPOOL -#define _H_CONNECTIONPOOL - -#include "target.h" -#include - -namespace Security { -namespace Network { - - -class Connection; - - -// -// There is exactly one InternetAccessManager object per process. -// -class ConnectionPool { -public: - ConnectionPool() { } - ~ConnectionPool() { purge(); } - - Connection *get(const HostTarget &host); - void retain(Connection *connection); - bool remove(Connection *connection); - - void purge(); - -private: - typedef multimap ConnectionMap; - ConnectionMap mConnections; // set of active connections -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_CONNECTIONPOOL */ diff --git a/Network/file-protocol.cpp b/Network/file-protocol.cpp deleted file mode 100644 index cd758a33..00000000 --- a/Network/file-protocol.cpp +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// file-protocol - File protocol objects -// -#include "file-protocol.h" -#include "netmanager.h" -#include "neterror.h" -#include "netparameters.h" - - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -FileProtocol::FileProtocol(Manager &mgr) : Protocol(mgr, "file") -{ -} - - -// -// Create a Transfer object for our protocol -// -FileProtocol::FileTransfer *FileProtocol::makeTransfer(const Target &target, Operation operation) -{ - switch (operation) { - case download: - return new Reader(*this, target); - break; - case upload: - return new Writer(*this, target); - default: - Error::throwMe(); - } -} - - -FileProtocol::FileTransfer::FileTransfer(FileProtocol &proto, const Target &tgt, Operation op) - : Transfer(proto, tgt, op) -{ -} - -int FileProtocol::FileTransfer::fileDesc() const -{ return *this; } - - -void FileProtocol::FileTransfer::transitError(const CssmCommonError &error) -{ - fail(); -} - - -// -// Read transfers -// -FileProtocol::Reader::Reader(FileProtocol &proto, const Target &tgt) - : FileTransfer(proto, tgt, download) -{ -} - -void FileProtocol::Reader::start() -{ - open(target.path.c_str()); - - // notify any observer that we are under way. - observe(Observer::resourceFound); - observe(Observer::downloading); - - setFlag(O_NONBLOCK); - int restartOffset = getv(kNetworkRestartPosition, 0); - if (restartOffset) - seek(restartOffset); - size_t size = fileSize() - restartOffset; - mode(sink(), size); - sink().setSize(size); - protocol.manager.addIO(this); -} - -void FileProtocol::Reader::transit(Event event, char *, size_t) -{ - assert(event == autoReadDone); - protocol.manager.removeIO(this); - finish(); -} - - -// -// Write transfers -// -FileProtocol::Writer::Writer(FileProtocol &proto, const Target &tgt) - : FileTransfer(proto, tgt, upload) -{ -} - -void FileProtocol::Writer::start() -{ - open(target.path.c_str(), O_WRONLY | O_CREAT); - - // notify any observer that we are under way. - observe(Observer::resourceFound); - observe(Observer::uploading); - - int restartOffset = getv(kNetworkRestartPosition, 0); - if (restartOffset) - seek(restartOffset); - protocol.manager.addIO(this); - disable(input); - mode(source(), fileSize() - restartOffset); -} - -void FileProtocol::Writer::transit(Event event, char *, size_t) -{ - assert(event == autoWriteDone); - protocol.manager.removeIO(this); - finish(); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/file-protocol.h b/Network/file-protocol.h deleted file mode 100644 index 3280b15e..00000000 --- a/Network/file-protocol.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// file-protocol - FILE protocol objects -// -#ifndef _H_FILE_PROTOCOL -#define _H_FILE_PROTOCOL - -#include "transfer.h" -#include "xfercore.h" -#include "protocol.h" - - -namespace Security { -namespace Network { - - -// -// The Protocol object for the file (local file access) protocol -// -class FileProtocol : public Protocol { - class FileTransfer; -public: - FileProtocol(Manager &mgr); - - FileTransfer *makeTransfer(const Target &target, Operation operation); - -private: - class FileTransfer : public Transfer, protected TransferEngine::Client, protected FileDesc { - public: - FileTransfer(FileProtocol &proto, const Target &tgt, Operation op); - void transitError(const CssmCommonError &error); - int fileDesc() const; - }; - - class Reader : public FileTransfer { - public: - Reader(FileProtocol &proto, const Target &tgt); - void transit(Event event, char *input, size_t inputLength); - - protected: - void start(); - }; - - class Writer : public FileTransfer { - public: - Writer(FileProtocol &proto, const Target &tgt); - void transit(Event event, char *input, size_t inputLength); - - protected: - void start(); - }; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_FILE_PROTOCOL diff --git a/Network/ftp-protocol.cpp b/Network/ftp-protocol.cpp deleted file mode 100644 index 4e700136..00000000 --- a/Network/ftp-protocol.cpp +++ /dev/null @@ -1,582 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ftp-protocol - FTP protocol objects -// -// Basic design notes: -// FTPConnection and FTPDataConnection are mildly incestuous. An FTPConnection -// *contains* an FTPDataConnection to manage its data channel during transfers. -// It could *be* an FTPDataConnection, but they are both TransferEngine::TCPClients, -// which would make coding awkward and mistake prone. -// During wrap-up of a transfer, the control and data channels must synchronize to -// make sure they're both done. (Note that 226/250 replies do NOT guarantee that all -// data has been received on the data path; network latency can hold back that data -// for an arbitrarily long time (modulo TCP timeouts). Synchronization is achieved in -// classic ping-pong fashion: FTPConnection calls FTPDataConnection::connectionDone() -// to signal that it's side is done. The data connection calls FTPConnection::finish once -// it knows they're both done (because FTPConnection told it about its side already). -// -// This version has support for simple FTP proxy operation, where the PASS argument -// is of the form user@remote-host. FTPProxyProtocol uses this support to implement -// FTP/FTP proxies. -// -// Limits on functionality: -// Only stream mode is supported. -// No EBCDIC support. -// -#include - -#include "ftp-protocol.h" -#include "netparameters.h" - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -FTPProtocol::FTPProtocol(Manager &mgr) : Protocol(mgr, "ftp") -{ -} - - -// -// Create a Transfer object for our protocol -// -FTPProtocol::FTPTransfer *FTPProtocol::makeTransfer(const Target &target, Operation operation) -{ - return new FTPTransfer(*this, target, operation); -} - - -// -// Construct an FTPConnection object -// -FTPProtocol::FTPConnection::FTPConnection(Protocol &proto, const HostTarget &hostTarget) - : TCPConnection(proto, hostTarget), state(errorState), mImageMode(false), - mDataPath(*this) -{ - const HostTarget &host = proxyHostTarget(); - connect(host.host(), host.port()); - state = loginInitial; -} - - -// -// Issue a request on the connection. -// -void FTPProtocol::FTPConnection::request(const char *path) -{ - assert(isDocked()); - mOperationPath = path; - - if (state == idle) // already (idly) at command prompt, so... - startCommand(); // ... start operation right now -} - -void FTPProtocol::FTPConnection::startCommand() -{ - // notify any observer of the change in status - observe(Observer::resourceFound); - - switch (operation()) { - case makeDirectory: - printfe("MKD %s", mOperationPath.c_str()); - state = directCommandSent; - return; - case removeDirectory: - printfe("RMD %s", mOperationPath.c_str()); - state = directCommandSent; - return; - case removeFile: - printfe("DELE %s", mOperationPath.c_str()); - state = directCommandSent; - return; - case genericCommand: - printfe("%s", mOperationPath.c_str()); - state = directCommandSent; - return; - } - - // all other commands initiate data transfers. First, set appropriate mode - bool wantImageMode; - switch (operation()) { - case downloadDirectory: - case downloadListing: - wantImageMode = false; - break; - case download: - case upload: - wantImageMode = getv(kNetworkFtpTransferMode, "I") == "I"; - break; - default: - assert(false); - } - - // adjust transfer mode if needed - if (mImageMode != wantImageMode) { - printfe("TYPE %s", wantImageMode ? "I" : "A"); - mImageMode = wantImageMode; // a bit premature, but this shouldn't fail - state = typeCommandSent; - return; // we'll be back here - } - if (mPassive = getv(kNetworkFtpPassiveTransfers)) { - // initiate passive mode download - printfe("PASV"); - state = passiveSent; - } else { - // initiate "active mode" (default mode) download. - // The cooking recipe for the host/port address is deliciously subtle. We obviously take - // the receiver's bound port. But in most cases, its address at this stage (passive bound) - // is ANY, and thus useless to the server. We pick the command connection's local - // address for completion. However, in SOME cases mReceiver.localAddress() has - // a meaningful value (SOCKS, for one), so we allow this to prevail if available. - mReceiver.open(); // open receiver and bind - FTPAddress addr(mReceiver.localAddress().defaults(localAddress())); - printfe("PORT %u,%u,%u,%u,%u,%u", - addr.h1, addr.h2, addr.h3, addr.h4, addr.p1, addr.p2); - state = portSent; - } -} - - -// -// Initiate a data transfer (any direction or form) as indicated by mOperation. -// mDataPath has already been set up. -// -void FTPProtocol::FTPConnection::startTransfer(bool restarted) -{ - if (!restarted) - if (int restartOffset = getv(kNetworkRestartPosition, 0)) { - // restart requested - insert a REST command here - printfe("REST %d", restartOffset); - state = restartSent; - return; - } - - switch (operation()) { - case download: - printfe("RETR %s", mOperationPath.c_str()); - break; - case downloadDirectory: - printfe("NLST %s", mOperationPath.c_str()); - break; - case downloadListing: - printfe("LIST %s", mOperationPath.c_str()); - break; - case upload: - printfe("%s %s", - getv(kNetworkFtpUniqueStores, false) ? "STOU" : "STOR", - mOperationPath.c_str()); - break; - default: - assert(false); - } - state = transferSent; -} - - -// -// This is the master state transit machine for FTP. -// -void FTPProtocol::FTPConnection::transit(Event event, char *input, size_t length) -{ - if (!isDocked()) { // not docked; event while in Connection cache - abort(); // clean up - return; - } - - switch (event) { - case connectionDone: // TCP connection complete or failed - { - int error = length; // transmitted in the 'length' argument - observe(Observer::connectEvent, &error); - if (error) // retry - connect(); - else // connection good - mode(lineInput); - } - return; - case inputAvailable: - { - restarting(false); // valid input observed, commit to this Connection - - // interpret input as FTP protocol reply, handling continued responses - observe(Observer::protocolReceive, input); - if (replyContinuation(input)) - return; // still continuing, keep reading - InetReply reply(input); // parse this reply - if (!reply.valid()) // don't know why, but we're dead - fail(input); - if (replyContinuation(reply)) - return; // is continuation now - - // dispatch state machine - switch (state) { - case loginInitial: - switch (reply) { - case 220: - { - string username = getv(kNetworkGenericUsername, - hostTarget.haveUserPass() ? hostTarget.username() : "anonymous"); - if (transfer().protocol.isProxy()) { - char portPart[10]; - sprintf(portPart, ":%d", transfer().target.host.port()); - username += "@" + transfer().target.host.host().name() + portPart; - } - printfe("USER %s", username.c_str()); - state = loginUserSent; - break; - } - default: - fail(input); - } - break; - case loginUserSent: - switch (reply) { - case 331: - { - string password = getv(kNetworkGenericPassword, - hostTarget.haveUserPass() ? hostTarget.password() : "anonymous@nowhere.net"); - printfe("PASS %s", password.c_str()); - state = loginPassSent; - break; - } - case 230: - startCommand(); - break; - default: - fail(input); - } - break; - case loginPassSent: - switch (reply) { - case 230: - startCommand(); - break; - default: - fail(input); - } - break; - case typeCommandSent: - switch (reply) { - case 200: - startCommand(); - break; - default: - fail(input); - } - break; - case passiveSent: - switch (reply) { - case 227: - { - // reply text =~ Entering passive mode (h1,h2,h3,h4,p1,p2) - FTPAddress addr; - if (const char *p = strchr(reply.message(), '(')) { - if (sscanf(p, "(%u,%u,%u,%u,%u,%u)", - &addr.h1, &addr.h2, &addr.h3, &addr.h4, &addr.p1, &addr.p2) != 6) - fail(input); - } else if (const char *p = strstr(reply.message(), "mode")) { - // RFC1123 says to be really nice to BROKEN FTP servers here - if (sscanf(p+4, "%u,%u,%u,%u,%u,%u", - &addr.h1, &addr.h2, &addr.h3, &addr.h4, &addr.p1, &addr.p2) != 6) - fail(input); - } else { - fail(input); - return; - } - mDataPath.open(addr); //@@@ synchronous - move to state machine - startTransfer(); - } - break; - default: - fail(input); - } - break; - case portSent: - switch (reply) { - case 200: // PORT command successful - startTransfer(); - break; - default: - fail(input); - } - break; - case restartSent: - switch (reply) { - case 350: // Restarting at ... - startTransfer(true); // now do the transfer command for real - break; - default: - fail(input); - } - break; - case transferSent: - switch (reply) { - case 150: - case 125: - transfer().ftpResponse() = input; // remember response for caller. - transfer().ftpResponseCode() = reply; - if (!mPassive) - mReceiver.receive(mDataPath); // accept incoming connection and stop listening - observe(Observer::resultCodeReady, input); - - // engage the data path - switch (operation()) { - case download: - case downloadDirectory: - case downloadListing: - mDataPath.start(sink()); - observe(Observer::downloading, input); - break; - case upload: - mDataPath.start(source()); - observe(Observer::uploading, input); - break; - default: - assert(false); - } - state = transferInProgress; - break; - default: // download command failed - if (!mPassive) - mReceiver.close(); - state = idle; - fail(); - break; - } - break; - case transferInProgress: - switch (reply) { - case 226: // transfer complete - state = idle; // idle command mode - retain(true); - mDataPath.connectionDone(); - break; - case 452: - mDataPath.close(); - state = idle; - fail(input, dskFulErr); - break; - default: // transfer failed - // (ignore any error in mDataPath - prefer diagnostics from remote) - mDataPath.close(); - state = idle; - fail(input); - break; - } - break; - - case directCommandSent: - { - switch (reply.type()) { - case 2: - retain(true); - finish(); - break; - default: - fail(); - break; - } - state = idle; - } - break; - - default: - assert(false); - } - } - break; - - case endOfInput: - return restart(); // try to restart, fail if we can't (or shouldn't) - default: - assert(false); - } -} - -void FTPProtocol::FTPConnection::transitError(const CssmCommonError &error) -{ - //@@@ need to do much better diagnostics here - fail(); // fail transfer and discard connection -} - - -bool FTPProtocol::FTPConnection::validate() -{ - assert(state == idle); - tickle(); - return state == idle; -} - - -// -// The data connection object -// -void FTPProtocol::FTPDataConnection::start(Sink &sink) -{ - secdebug("ftp", "data connection starts download"); - setup(); - mode(sink); -} - -void FTPProtocol::FTPDataConnection::start(Source &source) -{ - secdebug("ftp", "data connection starts upload"); - setup(); - mode(source); -} - -void FTPProtocol::FTPDataConnection::setup() -{ - connection.protocol.manager.addIO(this); - mFailureStatus = noErr; // okay so far - mConnectionDone = false; // connection side not ready yet - mTransferDone = false; // our side not ready net -} - -int FTPProtocol::FTPDataConnection::fileDesc() const -{ - return *this; -} - -void FTPProtocol::FTPDataConnection::transit(Event event, char *input, size_t length) -{ - assert(event == autoReadDone || event == autoWriteDone || event == endOfInput); - secdebug("ftp", "data transfer complete"); - close(); // close data path - finish(); // proceed with state protocol -} - -void FTPProtocol::FTPDataConnection::transitError(const CssmCommonError &error) -{ - mFailureStatus = error.osStatus(); - close(); // close data path - finish(); // proceed with state protocol -} - -void FTPProtocol::FTPDataConnection::close() -{ - if (isOpen()) { - connection.protocol.manager.removeIO(this); - TCPClientSocket::close(); - mTransferDone = true; - } -} - -void FTPProtocol::FTPDataConnection::connectionDone() -{ - mConnectionDone = true; - finish(); -} - -void FTPProtocol::FTPDataConnection::finish() -{ - if (mFailureStatus) { - connection.fail("data transfer failed", mFailureStatus); - connection.finish(); - } else if (mTransferDone && mConnectionDone) { - connection.finish(); - } else if (mConnectionDone) { - secdebug("ftp", "holding for data transfer completion"); - } else { - secdebug("ftp", "holding for control message"); - } -} - - -// -// Transfer objects -// -FTPProtocol::FTPTransfer::FTPTransfer(Protocol &proto, const Target &tgt, Operation operation) - : Transfer(proto, tgt, operation, defaultFtpPort) -{ } - -void FTPProtocol::FTPTransfer::start() -{ - FTPConnection *connection = protocol.manager.findConnection(target); - if (connection == NULL) - connection = new FTPConnection(protocol, target); - - connection->dock(this); - connection->request(target.path.c_str()); -} - -void FTPProtocol::FTPTransfer::abort() -{ - observe(Observer::aborting); - setError("aborted"); - connectionAs().abort(); -} - -void FTPProtocol::FTPConnection::abort() -{ - close(); - mDataPath.close(); - fail(); -} - - -Transfer::ResultClass FTPProtocol::FTPTransfer::resultClass() const -{ - switch (state()) { - case failed: - { - InetReply reply(errorDescription().c_str()); - if (reply / 10 == 53) // 53x - authentication failure - return authorizationFailure; - if (errorDescription() == "aborted") - return abortedFailure; - // when in doubt, blame the remote - return remoteFailure; - } - case finished: - return success; - default: - assert(false); - } -} - - -// -// Translate the ideosyncratic text form of FTP's socket addresses to and from the real thing -// -FTPProtocol::FTPAddress::FTPAddress(const IPSockAddress &sockaddr) -{ - uint32 addr = sockaddr.address(); - h1 = addr >> 24; - h2 = (addr >> 16) & 0xFF; - h3 = (addr >> 8) & 0xFF; - h4 = addr & 0xFF; - p1 = sockaddr.port() >> 8; - p2 = sockaddr.port() & 0xFF; -} - -FTPProtocol::FTPAddress::operator IPSockAddress() const -{ - assert(!(h1 & ~0xff) & !(h2 & ~0xff) & !(h3 & ~0xff) & !(h4 & ~0xff) - & !(p1 & ~0xff) & !(p2 & ~0xff)); - return IPSockAddress(IPAddress(h1 << 24 | h2 << 16 | h3 << 8 | h4), p1 << 8 | p2); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/ftp-protocol.h b/Network/ftp-protocol.h deleted file mode 100644 index af3ebb37..00000000 --- a/Network/ftp-protocol.h +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ftp-protocol - FTP protocol objects -// -#ifndef _H_FTP_PROTOCOL -#define _H_FTP_PROTOCOL - -#include "xfercore.h" -#include "protocol.h" -#include "transfer.h" -#include "netconnection.h" -#include "neterror.h" -#include -#include - - -namespace Security { -namespace Network { - - -// -// The Protocol object for the FTP protocol -// -class FTPProtocol : public Protocol { -protected: - class FTPConnection; -public: - class FTPTransfer; - static const IPPort defaultFtpPort = 21; - - FTPProtocol(Manager &mgr); - -public: - FTPTransfer *makeTransfer(const Target &target, Operation operation); - -public: - // FTP-specific operation codes - enum { - downloadDirectory = protocolSpecific, // get filename list (NLST) - downloadListing, // get host-specific listing (LIST) - makeDirectory, // make a directory (MKD) - removeDirectory, // remove a directory (RMD) - removeFile, // remove a file (DELE) - genericCommand // issue generic FTP command - }; - -private: - // - // The data connection object manages a data pipe (for one upload/download) - // - class FTPDataConnection : public TransferEngine::Client, public TCPClientSocket { - public: - FTPDataConnection(FTPConnection &conn) : connection(conn) { } - - FTPConnection &connection; // the main Connection we belong to - - void start(Sink &sink); // start download - void start(Source &source); // start upload - void close(); // unconditional close - void connectionDone(); // Connection is done - - OSStatus status() const { return mFailureStatus; } - - int fileDesc() const; - - protected: - void transit(Event event, char *input, size_t inputLength); - void transitError(const CssmCommonError &error); - void setup(); - void finish(); - - private: - OSStatus mFailureStatus; // noErr unless something went wrong - bool mTransferDone; // our transfer is all done - bool mConnectionDone; // our Connection is ready to finish() - }; - -protected: - // - // This is the persistent connection object. - // - class FTPConnection : public TCPConnection { - friend class FTPDataConnection; - public: - FTPConnection(Protocol &proto, const HostTarget &tgt); - - // state machine master state - enum State { - errorState, // invalid state marker (reset or fail) - - // login sub-engine - loginInitial, // just connected [want hello or need-login] - loginUserSent, // USER command sent [want hello or need-pass] - loginPassSent, // PASS command sent [want dispatch command] - - // idle state - idle, // at command prompt, idle [nothing pending] - - // data transfer states - typeCommandSent, // sent TYPE command [want ok] - passiveSent, // sent PASV [want contact address] - portSent, // sent PORT [want port ok] - restartSent, // sent REST [want 350 Restarting...] - transferSent, // sent RETR et al [want transfer starting] - transferInProgress, // download in progress [want transfer complete] - - // misc. states - directCommandSent, // sent non-transfer command, want success - - START = loginInitial - }; - - FTPTransfer &transfer() { return transferAs(); } - - void request(const char *path); - void abort(); - - protected: - void transit(Event event, char *input, size_t inputLength); - void transitError(const CssmCommonError &error); - bool validate(); - - void startCommand(); // initiate mOperation, if any - void startTransfer(bool restarted = false); - - bool imageMode() const { return mImageMode; } - void imageMode(bool mode); - - void fail(const char *reply, OSStatus error = Transfer::defaultOSStatusError) - { setError(reply, error); Error::throwMe(error); } - void fail() { retain(false); Connection::fail(); } - - protected: - State state; // state engine state - InetReply::Continuation replyContinuation; // cotinued-reply marker - - // state describing the ongoing connection - bool mImageMode; // in image (vs. ascii) mode - bool mPassive; // current transfer is in passive mode - - string mOperationPath; // remote path for operation - - FTPDataConnection mDataPath; // subsidiary (data transfer) connection - TCPServerSocket mReceiver; // incoming listen socket for active mode transfers - }; - -public: - // - // The official Transfer object (for all kinds of transfers) - // - class FTPTransfer : public Transfer { - public: - FTPTransfer(Protocol &proto, const Target &target, Operation operation); - - ResultClass resultClass() const; - - string &ftpResponse() { return mPrimaryResponseString; } - unsigned int &ftpResponseCode() { return mPrimaryResponseCode; } - unsigned int ftpResponseCode() const { return mPrimaryResponseCode; } - - protected: - void start(); // start me up - void abort(); // abort this Transfer - - string mFailedReply; // reply string that triggered failure - - private: - string mPrimaryResponseString; //FTP protocol first response line. - unsigned int mPrimaryResponseCode; // numeric response code. - }; - -private: - struct FTPAddress { - unsigned int h1, h2, h3, h4, p1, p2; - - FTPAddress() { } - FTPAddress(const IPSockAddress &addr); - operator IPSockAddress () const; - }; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_FTP_PROTOCOL diff --git a/Network/ftp-proxy-protocol.cpp b/Network/ftp-proxy-protocol.cpp deleted file mode 100644 index 7290b8bf..00000000 --- a/Network/ftp-proxy-protocol.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ftp-proxy protocol: FTP variant for proxying -// -#include "ftp-proxy-protocol.h" - - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -FTPProxyProtocol::FTPProxyProtocol(Manager &mgr, const HostTarget &proxy) - : FTPProtocol(mgr), host(proxy.defaultPort(defaultFtpPort)) -{ - secdebug("uaproxy", "%p ftp proxy for %s", this, host.urlForm().c_str()); -} - - -// -// Create a Transfer object for our protocol -// -FTPProxyProtocol::FTPTransfer *FTPProxyProtocol::makeTransfer(const Target &target, - Operation operation) -{ - return new FTPTransfer(*this, target, operation); -} - - -bool FTPProxyProtocol::isProxy() const -{ return true; } - -const HostTarget &FTPProxyProtocol::proxyHost() const -{ return host; } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/ftp-proxy-protocol.h b/Network/ftp-proxy-protocol.h deleted file mode 100644 index 9e8e9641..00000000 --- a/Network/ftp-proxy-protocol.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ftp-proxy protocol: FTP variant for application-level FTP proxying -// -// This version of an FTP proxy uses the "user@host" form of login name to express -// proxying. -// -#ifndef _H_FTP_PROXY_PROTOCOL -#define _H_FTP_PROXY_PROTOCOL - -#include "ftp-protocol.h" - - -namespace Security { -namespace Network { - - -// -// The protocol object for proxy FTP. -// Since FTPProtocol contains code to support the proxy variant, -// this Protocol object is quite trivial. -// -class FTPProxyProtocol : public FTPProtocol { -public: - FTPProxyProtocol(Manager &mgr, const HostTarget &proxy); - - FTPTransfer *makeTransfer(const Target &target, Operation operation); - -public: - bool isProxy() const; - const HostTarget &proxyHost() const; - -private: - const HostTarget host; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_FTP_PROXY_PROTOCOL diff --git a/Network/http-protocol.cpp b/Network/http-protocol.cpp deleted file mode 100644 index 34450cf0..00000000 --- a/Network/http-protocol.cpp +++ /dev/null @@ -1,523 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// http-protocol - HTTP protocol objects -// -// HTTP Transfers succeed (state() == finished) if the HTTP protocol was successfully -// observed. This means that even 300/400/500 type results are "successful" as far -// as state() is concerned. ResultClass() will attempt to classify both successful and -// unsuccessful outcomes, and errorDescription() is the primary HTTP response line -// (HTTP/1.n ccc some-string). HTTP Transfers fail (state() == failed) only if they can't -// talk to the server, or a protocol violation (or unimplemented feature) is detected. -// Deal with it. -// -// Note that the protected flag deferSendRequest allows the state sequencer to be -// interrupted at the idle stage (before an HTTP request is sent over the virtual wire). -// This is used by the https protocol driver to "wedge in" the SSL negotiation. Not very -// elegant, but it works. -// -// This implementation of the http protocol includes http proxy operation. As a result, -// it is very important to distinguish the various HostTargets and Targets involved: -// Connection::hostTarget is the host we're talking to - it could be a proxy. -// Transfer::target.host is the host we're trying to reach. -// From the HTTPConnection's point of view: -// hostTarget may be a proxy or the destination -// target().host is always the host we're trying to reach -// If we're not in proxy mode, these two are usually the same (caveat tester). -// -#include "http-protocol.h" -#include "netparameters.h" - - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -HTTPProtocol::HTTPProtocol(Manager &mgr, const char *scheme) : Protocol(mgr, scheme) -{ -} - - -// -// Create a Transfer object for our protocol -// -HTTPProtocol::HTTPTransfer *HTTPProtocol::makeTransfer(const Target &target, Operation operation) -{ - return new HTTPTransfer(*this, target, operation, defaultHttpPort); -} - - -// -// Construct an HTTPConnection object -// -HTTPProtocol::HTTPConnection::HTTPConnection(Protocol &proto, - const HostTarget &hostTarget) - : TCPConnection(proto, hostTarget), - subVersion(defaultSubVersion), - state(errorState), deferSendRequest(false) -{ - const HostTarget &host = proxyHostTarget(); - connect(host.host(), host.port()); - state = connecting; -} - - -// -// Start a request/response transaction on this Connection. This puts out all the -// HTTP request headers in one fell swoop (but not any request body). -// The Connection must be in idle state. -// -void HTTPProtocol::HTTPConnection::request(const char *operation) -{ - mOperation = operation; - if (state == idle) // already waiting for request - sendRequest(); -} - -void HTTPProtocol::HTTPConnection::sendRequest() -{ - assert(state == idle); - - // what version of HTTP/1 shall we use? - subVersion = getv(kNetworkHttpUseVersion, defaultSubVersion); - - flushOutput(false); // hold output until we're done - const Target &target = this->target(); - if (transfer().useProxyHeaders()) { - printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.urlForm().c_str(), subVersion); - authorizationHeader("Proxy-Authorization", hostTarget, - kNetworkGenericProxyUsername, kNetworkGenericProxyPassword); - } else { - printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.path.c_str(), subVersion); - } - hostHeader(); - authorizationHeader("Authorization", target, - kNetworkGenericUsername, kNetworkGenericPassword); - printfe("User-Agent: %s", - getv(kNetworkHttpUserAgent, "MacNetwork/1.0 (Macintosh)").c_str()); - - // if restarting, add a Range header - if (int restartOffset = getv(kNetworkRestartPosition, 0)) { - printfe("Range: bytes=%d-", restartOffset); - } - - // add other headers set by caller, if any - { - string otherHeaders; - if (get(kNetworkHttpMoreHeaders, otherHeaders)) { - // launder and rinse - don't let the caller screw up the HTTP header structure - static const char lineEndings[] = "\r\n"; - const char *p = otherHeaders.c_str(); - while (const char *q = strpbrk(p, lineEndings)) { - if (q > p) - printfe("%.*s", q - p, p); - p = q + strspn(q, lineEndings); - } - // now send any last (unterminated) line - if (*p) - printfe("%s", p); - } - } - - // add fields used for upstream transfer, if any, and initiate - if (transfer().hasSource()) { - Source &source = transfer().source(); - size_t size = source.getSize(); - if (size == Source::unknownSize) { - //@@@ try to use Transfer-encoding: chunked -- for now, just use EOF delimiting - } else { - printfe("Content-length: %ld", size); - } - printfe("Content-Type: %s", getv(kNetworkHttpPostContentType, "text/plain").c_str()); - printfe(""); // end of headers - mode(source); // initiate autoWrite mode - } else { - printfe(""); // end of headers, no data - } - - flushOutput(); // release pent-up output - mode(lineInput); // line input mode - state = primaryResponse; // prime the state machine -} - -void HTTPProtocol::HTTPConnection::hostHeader() -{ - const HostTarget &host = target().host; - if (host.port()) - printfe("Host: %s:%d", host.host().name().c_str(), host.port()); - else - printfe("Host: %s", host.host().name().c_str()); -} - -void HTTPProtocol::HTTPConnection::authorizationHeader(const char *headerName, - const HostTarget &host, - ParameterSource::Key userKey, ParameterSource::Key passKey) -{ - string username = host.haveUserPass() ? host.username() : getv(userKey); - string password = host.haveUserPass() ? host.password() : getv(passKey); - //@@@ only "Basic" authentication supported for now - if (!username.empty()) { - //@@@ ad-hoc Base64 encoding. Replace with suitable stream encoder when available - static const char alphabet[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - string token = username + ":" + password; - char *buffer = new char[4 * token.length() / 3 + 2]; // just enough - const char *src = token.c_str(), *end = src + token.length(); - char *outp = buffer; - while (src < end) { - uint32 binary = src[0] << 16; - if (src+1 < end) - binary |= src[1] << 8 | src[2]; - *outp++ = alphabet[(binary >> 18) & 0x3F]; - *outp++ = alphabet[(binary >> 12) & 0x3F]; - *outp++ = (src+1 < end) ? alphabet[(binary >> 6) & 0x3F] : '='; - *outp++ = (src+2 < end) ? alphabet[binary & 0x3F] : '='; - src += 3; - } - *outp = '\0'; - printfe("%s: Basic %s", headerName, buffer); - delete[] buffer; - } -} - - -// -// This is the master state transit machine for HTTP. -// -void HTTPProtocol::HTTPConnection::transit(Event event, char *input, size_t length) -{ - switch (event) { - case autoWriteDone: // ingore: it's asynchronous to our state machine - return; - case endOfInput: // most of the time, this is a protocol error, so filter it out now - switch (state) { - case idle: - case readWholeBody: // expected - break; - case primaryResponse: // Connection failed; restart it - return restart(); - default: // unexpected; fail - UnixError::throwMe(ECONNRESET); // @@@ diagnostic? - } - break; - case connectionDone: // TCP connection complete or failed - { - assert(state == connecting); - int error = length; - observe(Observer::connectEvent, &error); - if (error) { // retry - connect(); - } else { // connection good - state = idle; - if (!deferSendRequest) { // (subclass wants to wedge in) - mode(lineInput); - sendRequest(); - } - } - } - return; - default: - break; - } - - switch (state) { - case primaryResponse: - { - assert(mode() == lineInput); - observe(Observer::protocolReceive, input); - transfer().httpResponse() = input; // remember response for caller - // --> HTTP/major.minor status reason-phrase - int reasonPos; - if (sscanf(input, "HTTP/%d.%d %u %n", - &httpVersionMajor, &httpVersionMinor, - &transfer().httpResponseCode(), &reasonPos) != 3) { - // malformed response header - fail(Transfer::remoteFailure); - } - - if (httpVersionMajor != 1) // wrong major protocol Version - fail(Transfer::remoteFailure); - if (httpVersionMinor < 0 || httpVersionMinor > 1) - fail(Transfer::remoteFailure); - - // notify the URLAccess emulation that we have the result code - observe (Observer::resultCodeReady); - - // okay, we grok the version. We'll proceed for now reading headers etc. - state = readHeaders; - - // we got input from the server, so this Connection is now confirmed good - restarting(false); - break; - } - case readHeaders: - { - assert(mode() == lineInput); - if (length) { // another header - headers().add(input); - observe(Observer::protocolReceive, input); - } else { // end of headers - // we are now handling the transition from response headers to response body - observe(Observer::protocolReceive, "** END OF HEADER **"); - observe(Observer::downloading, input); - - // Transfer-Encoding overrides Content-Length as per RFC2616 p.34 - if (const char *encoding = headers().find("Transfer-Encoding")) { - if (!strcasecmp(encoding, "chunked")) { - // eat input in chunks - state = chunkHeader; - // mode remains lineInput - break; - } else if (!strcasecmp(encoding, "identity")) { - // allowed and ignored - } else { - // unrecognized transfer-encoding - fail(Transfer::remoteFailure); - } - } - // no transfer-encoding (or transfer-encoding: identity): big gulp mode - state = readWholeBody; - if (const char *lengthArg = headers().find("Content-Length")) { - size_t length = strtol(lengthArg, NULL, 10); - sink().setSize(length); - if (length > 0) - mode(sink(), length); - else // null body, already done - finish(); - } else { // read until EOI - mode(sink()); - } - } - break; - } - case chunkHeader: - { - assert(mode() == lineInput); - // line should be (just) a hex number, sans "0x" prefix or spaces. Be strict - char *endOfMatch; - size_t chunkLength = strtol(input, &endOfMatch, 0x10); - if (length == 0 || endOfMatch == input) // no valid number - fail(Transfer::remoteFailure); - if (chunkLength) { - secdebug("http", "reading chunk of %ld bytes", chunkLength); - mode(sink(), chunkLength); - state = chunkDownload; - } else { - secdebug("http", "final chunk marker"); - state = chunkTrailer; - observe(Observer::protocolReceive, "** END OF DATA **"); - } - break; - } - case chunkGap: - { - assert(mode() == lineInput); - state = chunkHeader; - break; - } - case chunkTrailer: - { - assert(mode() == lineInput); - if (input[0] == '\0') { // end of trailer - finish(); - } else { - headers().add(input); - observe(Observer::protocolReceive, input); - } - break; - } - case chunkDownload: - { - assert(event == autoReadDone); - state = chunkGap; - mode(lineInput); - break; - } - case readWholeBody: - { - assert(event == autoReadDone || event == endOfInput); - finish(); - break; - } - case idle: - { - // the only asynchronous event in idle mode is a connection drop - secdebug("http", - "%p event %d while idle; destroying connection", this, event); - abort(); - state = dead; - } - break; - default: - assert(false); - } -} - -void HTTPProtocol::HTTPConnection::transitError(const CssmCommonError &error) -{ - // note that fail(const char * [, OSStatus]) has already called setError - fail(true); // fail transfer and throw out connection -} - - -void HTTPProtocol::HTTPConnection::finish() -{ - flushInput(); // clear excess garbage input (resynchronize) - chooseRetain(); // shall we keep the Connection? - mode(lineInput); // ensure valid input mode - state = idle; // idle state - Connection::finish(); // finish this transfer -} - - -void HTTPProtocol::HTTPConnection::fail(bool forceDrop) -{ - if (forceDrop) - retain(false); // drop the Connection - else - chooseRetain(); // perhaps keep it - Connection::fail(); // fail this transfer -} - - -bool HTTPProtocol::HTTPConnection::validate() -{ - assert(state == idle); - tickle(); // may change state - return state == idle; -} - - -void HTTPProtocol::HTTPConnection::chooseRetain() -{ - // figure out whether to stay alive - retain(strcasecmp(headers().find("Connection", "Keep"), "Close")); - //@@@ need to handle the HTTP/1.0 case -} - - -// -// Transfer objects -// -HTTPProtocol::HTTPTransfer::HTTPTransfer(Protocol &proto, - const Target &tgt, Operation operation, IPPort defaultPort) - : Transfer(proto, tgt, operation, defaultPort), - mResultClass(unclassifiedFailure) -{ -} - -void HTTPProtocol::HTTPTransfer::start() -{ - // HTTP servers can serve both proxy requests and direct requests, - // and can be pooled based on that fact. Use proxy==target here. - const HostTarget &host = proxyHostTarget(); - HTTPConnection *connection = protocol.manager.findConnection(host); - if (connection == NULL) - connection = new HTTPConnection(protocol, host); - connection->dock(this); - startRequest(); -} - -void HTTPProtocol::HTTPTransfer::abort() -{ - observe(Observer::aborting); - setError("aborted"); - connectionAs().abort(); -} - -void HTTPProtocol::HTTPConnection::abort() -{ - close(); - fail(true); -} - - -// -// This lower-level request startup function can be called directly by children. -// -void HTTPProtocol::HTTPTransfer::startRequest() -{ - const char *defaultForm; - switch (operation()) { - case Protocol::upload: defaultForm = "PUT"; break; - case Protocol::transaction: defaultForm = "POST"; break; - default: defaultForm = "GET"; break; - } - connectionAs().request(getv(kNetworkHttpCommand, defaultForm).c_str()); -} - - -// -// Determine whether we should use the proxy form of HTTP headers. -// By default, this is true iff we are used by a proxy Protocol. -// However, children may override this determination. -// -bool HTTPProtocol::HTTPTransfer::useProxyHeaders() const -{ - return protocol.isProxy(); -} - -Transfer::ResultClass HTTPProtocol::HTTPTransfer::resultClass() const -{ - switch (state()) { - case failed: - return mResultClass; - case finished: - { - if (mResultClass != unclassifiedFailure) - return mResultClass; // preclassified - unsigned int code = httpResponseCode(); - if (code == 401 || code == 407 || code == 305) // auth or proxy auth required - return authorizationFailure; - else if (code / 100 == 3) // redirect (interpreted as success) - return success; - else if (code / 100 == 2) // success codes - return success; - else // when in doubt, blame the remote end :-) - return remoteFailure; - } - default: - assert(false); - return localFailure; - } -} - - -void HTTPProtocol::HTTPTransfer::fail(ResultClass why, OSStatus how) -{ - mResultClass = why; - Error::throwMe(how); -} - - -// -// Manage the HTTP version of a HeaderMap -// -void HTTPProtocol::HTTPHeaderMap::merge(string key, string &old, string newValue) -{ - // duplicates must be CSV type; concatenate (RFC 2616; section 4.2) - old = old + ", " + newValue; -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/http-protocol.h b/Network/http-protocol.h deleted file mode 100644 index 6e53321e..00000000 --- a/Network/http-protocol.h +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// http-protocol - HTTP protocol objects -// -#ifndef _H_HTTP_PROTOCOL -#define _H_HTTP_PROTOCOL - -#include "neterror.h" -#include "xfercore.h" -#include "protocol.h" -#include "transfer.h" -#include "netconnection.h" -#include -#include -#include - - -namespace Security { -namespace Network { - - -// -// The Protocol object for the HTTP protocol -// -class HTTPProtocol : public Protocol { -public: - class HTTPTransfer; - static const IPPort defaultHttpPort = 80; - - HTTPProtocol(Manager &mgr, const char *scheme = "http"); - -public: - HTTPTransfer *makeTransfer(const Target &target, Operation operation); - -private: - class HTTPHeaderMap : public HeaderMap { - public: - void merge(string key, string &old, string newValue); - }; - -protected: - // - // Our persistent connection object - // - class HTTPConnection : public TCPConnection { - static const int defaultSubVersion = 1; // default to HTTP/1.1 - public: - HTTPConnection(Protocol &proto, const HostTarget &tgt); - - // state machine master state - enum State { - errorState, // invalid state marker - connecting, // awaiting transport level connection - primaryResponse, // read primary response line - readHeaders, // read initial headers - readWholeBody, // read basic body (Transfer-Encoding: identity) - - idle, // between requests on persistent connection - dead, // RIP - - // state submachine for Transfer-Encoding: chunked - chunkHeader, // chunk header line (hex-length CRNL) - chunkDownload, // data of chunk (read in autoReadInput mode) - chunkGap, // empty line after chunk (now why did they do *that*?) - chunkTrailer, // reading trailer header fields (why not :-) - - START = primaryResponse - }; - - HTTPTransfer &transfer() { return transferAs(); } - HeaderMap &headers(); - - void request(const char *operation); - void abort(); - - protected: - void transit(Event event, char *input, size_t inputLength); - void transitError(const CssmCommonError &error); - void finish(); - void fail(bool forceDrop = false); // direct fail - void fail(Transfer::ResultClass why, OSStatus how = Transfer::defaultOSStatusError) - { transfer().fail(why, how); } // use in transit(): setup, throws, gets caught, then fails - bool validate(); - - void sendRequest(); - void hostHeader(); - void authorizationHeader(const char *headerName, - const HostTarget &host, - ParameterSource::Key userKey, ParameterSource::Key passKey); - void chooseRetain(); - - protected: - int subVersion; // HTTP/1.x sub-protocol version - State state; // master state machine switch - bool deferSendRequest; // allows a subclass to interrupt state machine - string mOperation; // requested HTTP operation - unsigned int httpVersionMajor; // major version of peer - unsigned int httpVersionMinor; // minor version of peer - }; - -public: - // - // A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in, - // headers out, optional data out), so there's no reason to distinguish subclasses. - // - class HTTPTransfer : public Transfer { - public: - HTTPTransfer(Protocol &proto, const Target &tgt, Operation operation, IPPort defaultPort); - - // access to HTTP-specific protocol details - string &httpResponse() { return mPrimaryResponseString; } - unsigned int &httpResponseCode() { return mPrimaryResponseCode; } - unsigned int httpResponseCode() const { return mPrimaryResponseCode; } - HeaderMap &httpHeaders() { return mHeaders; } - - void fail(ResultClass how, OSStatus err = defaultOSStatusError); - - // diagnostics - ResultClass resultClass() const; - - void startRequest(); // start request on our Connection - virtual bool useProxyHeaders() const; // should we use proxy form of request headers? - - protected: - void start(); // start HTTP - void abort(); // abort the Transfer - - private: - string mPrimaryResponseString; // HTTP protocol first response line - unsigned int mPrimaryResponseCode; // numeric response code - ResultClass mResultClass; // explicit classification (unclassified if not set) - HTTPHeaderMap mHeaders; // map of response headers - }; -}; - - -// -// Deferred inlines -// -inline HeaderMap &HTTPProtocol::HTTPConnection::headers() -{ return transfer().httpHeaders(); } - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_HTTP_PROTOCOL diff --git a/Network/http-proxy-protocol.cpp b/Network/http-proxy-protocol.cpp deleted file mode 100644 index 28a0de93..00000000 --- a/Network/http-proxy-protocol.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// http-proxy protocol: HTTP variant for proxying -// -#include "http-proxy-protocol.h" - - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -HTTPProxyProtocol::HTTPProxyProtocol(Manager &mgr, const HostTarget &proxy) - : HTTPProtocol(mgr), host(proxy.defaultPort(defaultHttpPort)) -{ - secdebug("uaproxy", "%p http proxy for %s", this, host.urlForm().c_str()); -} - - -// -// Create a Transfer object for our protocol -// -HTTPProxyProtocol::HTTPTransfer *HTTPProxyProtocol::makeTransfer(const Target &target, - Operation operation) -{ - return new HTTPTransfer(*this, target, operation, defaultHttpPort); -} - - -bool HTTPProxyProtocol::isProxy() const -{ return true; } - -const HostTarget &HTTPProxyProtocol::proxyHost() const -{ return host; } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/http-proxy-protocol.h b/Network/http-proxy-protocol.h deleted file mode 100644 index c167ccc0..00000000 --- a/Network/http-proxy-protocol.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// http-proxy protocol: HTTP variant for proxying -// -#ifndef _H_HTTP_PROXY_PROTOCOL -#define _H_HTTP_PROXY_PROTOCOL - -#include "http-protocol.h" - - -namespace Security { -namespace Network { - - -// -// The protocol object for proxy HTTP. -// Since HTTPProtocol contains code to support the proxy variant, -// this Protocol object is quite trivial. -// -class HTTPProxyProtocol : public HTTPProtocol { -public: - HTTPProxyProtocol(Manager &mgr, const HostTarget &proxy); - - HTTPTransfer *makeTransfer(const Target &target, Operation operation); - -public: - bool isProxy() const; - const HostTarget &proxyHost() const; - -private: - const HostTarget host; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_HTTP_PROXY_PROTOCOL diff --git a/Network/https-protocol.cpp b/Network/https-protocol.cpp deleted file mode 100644 index 9f7c568a..00000000 --- a/Network/https-protocol.cpp +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// https-protocol - SSL based HTTP. -// -#include "https-protocol.h" -#include "netparameters.h" - - - -namespace Security { -namespace Network { - -// -// Construct the protocol object -// -SecureHTTPProtocol::SecureHTTPProtocol(Manager &mgr) : HTTPProtocol(mgr, "https") -{ -} - - -// -// Names and identifiers -// -const char *SecureHTTPProtocol::name() const -{ - return "http/ssl"; -} - - -// -// Create a Transfer object for our protocol -// -SecureHTTPProtocol::SecureHTTPTransfer *SecureHTTPProtocol::makeTransfer(const Target &target, - Operation operation) -{ - return new SecureHTTPTransfer(*this, target, operation, defaultHttpsPort); -} - - -// -// Construct an HTTPConnection object -// -SecureHTTPProtocol::SecureHTTPConnection::SecureHTTPConnection(Protocol &proto, - const HostTarget &hostTarget) - : HTTPConnection(proto, hostTarget), - SecureTransport(static_cast(*this)), // (CC pitfall) - deferStartSSL(false), sslActive(false) - -{ - // HTTPConnection already set up everything for talking to the server - deferSendRequest = true; // interrupt HTTP state machine after connecting state - sslState = sslConnecting; -} - -SecureHTTPProtocol::SecureHTTPConnection::~SecureHTTPConnection() -{ -} - -void SecureHTTPProtocol::SecureHTTPConnection::sslRequest() -{ - switch (sslState) { - case sslConnecting: // new connection - wait for TL ready - break; - case sslConnected: // already set; go ahead HTTP - transfer().startRequest(); - break; - default: - assert(false); // huh? - } -} - -void SecureHTTPProtocol::SecureHTTPConnection::startSSL() -{ - assert(sslState == sslStartup); - - // from now on, perform I/O through the SSL layer - sslActive = true; - - // switch initially to raw input mode. Note that no input bytes will actually - // be delivered by our modified read() until SSL handshake is complete. - mode(rawInput); - - // configure the SSL session - allowsExpiredCerts(getv(kNetworkHttpAcceptExpiredCerts, false)); - allowsUnknownRoots(getv(kNetworkHttpAcceptUnknownRoots, false)); - peerId(peerAddress()); - - // start SSL handshake - SSL::open(); - assert(SSL::state() == kSSLHandshake); // there is no chance that we could already be done - sslState = sslHandshaking; -} - - -// -// Validate a connection retrieved from the cache -// -bool SecureHTTPProtocol::SecureHTTPConnection::validate() -{ - return HTTPConnection::validate() && SSL::state() == kSSLConnected; -} - - -// -// Our state transit method controls only the initial SSL handshake. -// Think of it as a "prefix" to the HTTP protocol state engine. Once the handshake -// is complete, we hand off further state management to the HTTP machine. -// -void SecureHTTPProtocol::SecureHTTPConnection::transit(Event event, - char *input, size_t inputLength) -{ - try { - switch (sslState) { - case sslConnecting: - HTTPConnection::transit(event, input, inputLength); - if (HTTPConnection::state == idle) { // transport level ready - sslState = sslStartup; - if (!deferStartSSL) - startSSL(); - } - return; - case sslHandshaking: - assert(event == inputAvailable); - SecureTransport::open(); // advance handshake protocol - switch (SSL::state()) { - case kSSLHandshake: // not yet done - return; - case kSSLConnected: // ready for HTTP - sslState = sslConnected; - transfer().startRequest(); - return; - default: - assert(false); // can't happen - would have thrown - } - case sslConnected: - return HTTPConnection::transit(event, input, inputLength); - default: - assert(false); // huh? - } - - // if SSL fails, we have to abandon the Connection - } catch (const CssmCommonError &err) { - setError("SSL failed", err.osStatus()); - throw; - } catch (...) { - setError("SSL failed"); - throw; - } -} - - -// -// The I/O layer for SecureHTTPConnection objects. -// -size_t SecureHTTPProtocol::SecureHTTPConnection::read(void *data, size_t length) -{ - return sslActive ? SSL::read(data, length) : Socket::read(data, length); -} - -size_t SecureHTTPProtocol::SecureHTTPConnection::write(const void *data, size_t length) -{ - return sslActive ? SSL::write(data, length) : Socket::write(data, length); -} - -bool SecureHTTPProtocol::SecureHTTPConnection::atEnd() const -{ - return sslActive ? SSL::atEnd() : Socket::atEnd(); -} - - -// -// HTTPS Transfer objects. -// -SecureHTTPProtocol::SecureHTTPTransfer::SecureHTTPTransfer(Protocol &proto, - const Target &tgt, Operation operation, IPPort defPort) - : HTTPTransfer(proto, tgt, operation, defPort) -{ -} - -void SecureHTTPProtocol::SecureHTTPTransfer::start() -{ - SecureHTTPConnection *connection = - protocol.manager.findConnection(target); - if (connection == NULL) - connection = new SecureHTTPConnection(protocol, target); - connection->dock(this); - connection->sslRequest(); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/https-protocol.h b/Network/https-protocol.h deleted file mode 100644 index a0fcce83..00000000 --- a/Network/https-protocol.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// https-protocol - SSL based HTTP -// -#ifndef _H_HTTPS_PROTOCOL -#define _H_HTTPS_PROTOCOL - -#include "http-protocol.h" -#include - - -namespace Security { -namespace Network { - - -// -// The protocol object for https. -// This is heavily based on the HTTP protocol, which provides hooks to filter -// the I/O channels to implement the crypto. Refer to HTTP for all the protocol -// stuff. -// -class SecureHTTPProtocol : public HTTPProtocol { -public: - class SecureHTTPTransfer; - static const IPPort defaultHttpsPort = 443; - - SecureHTTPProtocol(Manager &mgr); - -public: - const char *name() const; - SecureHTTPTransfer *makeTransfer(const Target &target, Operation operation); - -private: - // - // Our persistent connection object - // - typedef SecureTransport SSL; - -protected: - class SecureHTTPConnection : public HTTPConnection, protected SSL { - public: - SecureHTTPConnection(Protocol &proto, const HostTarget &tgt); - ~SecureHTTPConnection(); - - void sslRequest(); - - protected: - enum { - sslConnecting, // awaiting transport level connection - sslStartup, // just connected - sslHandshaking, // SSL handshake proceeding - sslConnected // SSL established, I/O possible - } sslState; - - void transit(Event event, char *input, size_t inputLength); - void startSSL(); - - bool validate(); - - protected: - bool deferStartSSL; // protocol break for sub-protocols - - private: - bool sslActive; // using SSL for I/O - - // override I/O methods for TransferEngine::Client - size_t read(void *data, size_t length); - size_t write(const void *data, size_t length); - bool atEnd() const; - }; - -public: - // - // A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in, - // headers out, optional data out), so there's no reason to distinguish subclasses. - // - class SecureHTTPTransfer : public HTTPTransfer { - public: - SecureHTTPTransfer(Protocol &proto, - const Target &tgt, Operation operation, IPPort defaultPort); - - protected: - void start(); - }; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_HTTPS_PROTOCOL diff --git a/Network/https-proxy-protocol.cpp b/Network/https-proxy-protocol.cpp deleted file mode 100644 index 57f218c9..00000000 --- a/Network/https-proxy-protocol.cpp +++ /dev/null @@ -1,210 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// https-proxy - CONNECT style transparent proxy connection to SSL host. -// -// This is the CONNECT method of an ordinary (proxying) HTTP server. -// Once it switches a connection to transparent proxying, there's no way to get out -// again. Hence, our Connection objects belong to the remote host, not the proxy. -// -#include "https-proxy-protocol.h" -#include "netparameters.h" - - -namespace Security { -namespace Network { - - -// -// Construct the protocol object -// -ConnectHTTPProtocol::ConnectHTTPProtocol(Manager &mgr, const HostTarget &proxy) - : SecureHTTPProtocol(mgr), host(proxy.defaultPort(defaultHttpPort)) -{ -} - - -// -// Create a Transfer object for our protocol -// -ConnectHTTPProtocol::ConnectHTTPTransfer *ConnectHTTPProtocol::makeTransfer(const Target &target, - Operation operation) -{ - return new ConnectHTTPTransfer(*this, target, operation, defaultHttpsPort); -} - - -// -// Construct an HTTPConnection object -// -ConnectHTTPProtocol::ConnectHTTPConnection::ConnectHTTPConnection(Protocol &proto, - const HostTarget &hostTarget) - : SecureHTTPConnection(proto, hostTarget) - -{ - // SecureHTTPConnection already set up everything for talking to the server - connectState = connectConnecting; - deferStartSSL = true; // tell parent protocol to break on connect-complete -} - -ConnectHTTPProtocol::ConnectHTTPConnection::~ConnectHTTPConnection() -{ -} - - -// -// Start a connection request -// -void ConnectHTTPProtocol::ConnectHTTPConnection::connectRequest() -{ - switch (connectState) { - case connectConnecting: - return; // still waiting for TCP - case connectStartup: - { - const HostTarget &host = target().host; - flushOutput(false); // hold output - printfe("CONNECT %s:%d HTTP/1.1", - host.host().name().c_str(), target().host.port()); - hostHeader(); - authorizationHeader("Proxy-Authorization", hostTarget, - kNetworkGenericProxyUsername, kNetworkGenericProxyPassword); - printfe(""); // end of headers - flushOutput(); // flush accumulated output - mode(lineInput); - connectState = connectPrimaryResponse; - } - break; - case connectReady: // already set; go ahead next layer (https) - sslRequest(); - break; - default: - assert(false); // huh? - } -} - - -// -// Our state transit method controls only the initial SSL handshake. -// Think of it as a "prefix" to the HTTP protocol state engine. Once the handshake -// is complete, we hand off further state management to the HTTP machine. -// -void ConnectHTTPProtocol::ConnectHTTPConnection::transit(Event event, - char *input, size_t inputLength) -{ - if (event == endOfInput && connectState != connectReady) - UnixError::throwMe(ECONNRESET); // @@@ diagnostic? - - switch (connectState) { - case connectConnecting: - SecureHTTPConnection::transit(event, input, inputLength); - if (SecureHTTPConnection::sslState == sslStartup) { // transport level ready - connectState = connectStartup; - connectRequest(); - } - return; - case connectPrimaryResponse: - { - // sketchily read proxy's primary response - int major, minor, code; - if (sscanf(input, "HTTP/%d.%d %u", &major, &minor, &code) != 3) { - fail(input); // malformed response header - } - if (major != 1 || minor < 0 || minor > 1) - fail(input); - switch (code) { - case 200: // okay, proceed - connectState = connectReadHeaders; - break; - default: // this didn't work - transfer().httpResponse() = input; // won't have a better one - fail(input); - } - } - break; - case connectReadHeaders: - { - if (inputLength) { - headers().add(input); - } else { - // end of proxy headers: start SSL now - connectState = connectReady; - try { - startSSL(); - } catch (const CssmCommonError &err) { - setError("SSL failed", err.osStatus()); - throw; - } catch (...) { - setError("SSL failed"); - throw; - } - } - } - break; - case connectReady: - return SecureHTTPConnection::transit(event, input, inputLength); - default: - assert(false); // huh? - } -} - - -// -// HTTPS Transfer objects. -// -ConnectHTTPProtocol::ConnectHTTPTransfer::ConnectHTTPTransfer(Protocol &proto, - const Target &tgt, Operation operation, IPPort defPort) - : SecureHTTPTransfer(proto, tgt, operation, defPort) -{ -} - -void ConnectHTTPProtocol::ConnectHTTPTransfer::start() -{ - ConnectHTTPConnection *connection = - protocol.manager.findConnection(target); - if (connection == NULL) - connection = new ConnectHTTPConnection(protocol, target); - connection->dock(this); - connection->connectRequest(); -} - - -// -// Even though this is formally a proxy protocol, we should not use -// proxy headers, since the proxy is transparent and the remote system -// expects a direct request. -// -bool ConnectHTTPProtocol::ConnectHTTPTransfer::useProxyHeaders() const -{ - return false; -} - - -// -// We are a proxy protocol -// -bool ConnectHTTPProtocol::isProxy() const -{ return true; } - -const HostTarget &ConnectHTTPProtocol::proxyHost() const -{ return host; } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/https-proxy-protocol.h b/Network/https-proxy-protocol.h deleted file mode 100644 index 56617969..00000000 --- a/Network/https-proxy-protocol.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// https-proxy - CONNECT style transparent proxy connection to SSL host -// -#ifndef _H_HTTPS_PROXY_PROTOCOL -#define _H_HTTPS_PROXY_PROTOCOL - -#include "https-protocol.h" - - -namespace Security { -namespace Network { - - -// -// The CONNECT protocol is a subclass of the secure (SSL) HTTP protocol. -// -class ConnectHTTPProtocol : public SecureHTTPProtocol { - class ConnectHTTPTransfer; -public: - ConnectHTTPProtocol(Manager &mgr, const HostTarget &proxy); - -public: - ConnectHTTPTransfer *makeTransfer(const Target &target, Operation operation); - -private: - // - // Our persistent connection object - // - class ConnectHTTPConnection : public SecureHTTPConnection { - public: - ConnectHTTPConnection(Protocol &proto, const HostTarget &tgt); - ~ConnectHTTPConnection(); - - enum { - connectConnecting, // TCP layer connecting pending - connectStartup, // starting conversation - connectPrimaryResponse, // sent CONNECT, waiting for primary response - connectReadHeaders, // reading proxy headers - connectReady // in transparent mode - } connectState; - - void connectRequest(); - - protected: - void transit(Event event, char *input, size_t inputLength); - }; - - - // - // A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in, - // headers out, optional data out), so there's no reason to distinguish subclasses. - // - class ConnectHTTPTransfer : public SecureHTTPTransfer { - public: - ConnectHTTPTransfer(Protocol &proto, - const Target &tgt, Operation operation, IPPort defaultPort); - - protected: - void start(); - - bool useProxyHeaders() const; - }; - -public: - bool isProxy() const; - const HostTarget &proxyHost() const; - -private: - const HostTarget host; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_HTTPS_PROXY_PROTOCOL diff --git a/Network/multiobserver.cpp b/Network/multiobserver.cpp deleted file mode 100644 index 032204c8..00000000 --- a/Network/multiobserver.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// multiobserver - Observer multiplexer -// -#include "multiobserver.h" - - - -namespace Security { -namespace Network { - - -// -// Manage the observer set -// -void MultiplexObserver::add(Observer &obs) -{ - mObservers.insert(&obs); - Observer::setEvents(getEvents() | obs.getEvents()); -} - -void MultiplexObserver::remove(Observer &obs) -{ - mObservers.erase(&obs); - setEvents(); -} - - -// -// (Re)calculate the event mask -// -void MultiplexObserver::setEvents() -{ - Events eventSet = noEvents; - for (set::const_iterator it = mObservers.begin(); it != mObservers.end(); it++) - eventSet |= (*it)->getEvents(); - Observer::setEvents(eventSet); -} - - -// -// Fan out an observation -// -void MultiplexObserver::observe(Events events, Transfer *xfer, const void *info) -{ - for (set::const_iterator it = mObservers.begin(); it != mObservers.end(); it++) - if ((*it)->wants(events)) - (*it)->observe(events, xfer, info); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/multiobserver.h b/Network/multiobserver.h deleted file mode 100644 index c1e53850..00000000 --- a/Network/multiobserver.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// multiobserver - Observer multiplexer -// -#ifndef _H_MULTIPLEXOBSERVER -#define _H_MULTIPLEXOBSERVER - -#include -#include - - -namespace Security { -namespace Network { - - -// -// A MultipexObserver can be used to "fan out" events to any number of Observers. -// Note that we do not keep an ordering of Observers. -// -class MultiplexObserver : public Observer { -public: - MultiplexObserver(); - - void add(Observer &obs); - void remove(Observer &obs); - bool contains(Observer &obs); - - // call setEvents() if one of the member Observers changes its event set - // Note: this disallows setEvents(Events) on purpose - void setEvents(); - - void add(Observer *obs) { assert(obs); add(*obs); } - void remove(Observer *obs) { assert(obs); remove(*obs); } - - void observe(Events events, Transfer *xfer, const void *info); - -private: - set mObservers; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_MULTIPLEXOBSERVER */ diff --git a/Network/netconnection.cpp b/Network/netconnection.cpp deleted file mode 100644 index 89088abf..00000000 --- a/Network/netconnection.cpp +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connection - a (potentially) persistent access path to a (possibly :-) remote entity -// -#include "netconnection.h" -#include "protocol.h" -#include "netmanager.h" -#include "transfer.h" - - -namespace Security { -namespace Network { - - -// -// Create a Connection object for a particular Protocol and HostTarget. -// Note that these two arguments are potentially unrelated; in general, -// you can't assume that &proto == &host.protocol(). -// -Connection::Connection(Protocol &proto, const HostTarget &host) - : protocol(proto), hostTarget(host), mTransfer(NULL), mRetainMe(false), mRestarting(false) -{ - secdebug("netconn", - "connection %p created for %s", this, hostTarget.urlForm().c_str()); -} - - -// -// Destroy a Connection, assuming it's idle. -// -Connection::~Connection() -{ - assert(!isDocked()); - secdebug("netconn", "connection %p destroyed", this); -} - - -// -// Dock the Connection to a Transfer. -// -void Connection::dock(Transfer *xfer) -{ - assert(!isDocked()); - assert(!xfer->isDocked()); - mTransfer = xfer; - xfer->mConnection = this; - secdebug("netconn", "connection %p docked xfer %p", this, xfer); -} - - -// -// Undock the Connection from its currently docked Transfer. -// The mRetainMe flag determines what happens next: we either -// submit ourselves to our Manager for retention, or for cleanup. -// -void Connection::undock() -{ - // paranoia first - assert(isDocked()); - assert(mTransfer->mConnection == this); - - // will we be kept? - bool retain = mRetainMe && mTransfer->shareConnections(); - - // physically sever our relationship with the Transfer - secdebug("netconn", "connection %p undocking xfer %p", this, mTransfer); - mTransfer->mConnection = NULL; - mTransfer = NULL; - - // submit ourselves to the manager for retention - if (retain) - protocol.manager.retainConnection(this); - else - protocol.manager.closeConnection(this); -} - - -// -// Forwarders for finish/fail -// -void Connection::finish() -{ - assert(isDocked()); - mTransfer->finish(); -} - -void Connection::fail() -{ - if (isDocked()) { - // fail the transfer we're docked to, which will undock us and dispose of us - mTransfer->fail(); - } else { - // we failed while in limbo. Self-dispose - retain(false); - protocol.manager.closeConnection(this); - } -} - - -// -// Drop the current Connection and re-execute start() -// -void Connection::restart() -{ - if (mRestarting) { - Transfer *transfer = mTransfer; - secdebug("netconn", "%p restarting xfer %p", this, transfer); - - // throw outselves out - retain(false); - undock(); - - // restart the transfer - transfer->start(); - } else { - // restart request on Connection that's not marked restarting. - // Presumably a real error, and we assume error indications have already - // been set (in the Transfer) by the caller as desired. - fail(); - } -} - - -// -// The default implementation of validate() does nothing and succeeds. -// -bool Connection::validate() -{ - return true; -} - - -// -// The file descriptor of a TCPConnection is itself (as a TCPClientSocket) -// -int TCPConnection::fileDesc() const -{ - return *this; -} - - -// -// The TCPConnection destructor will remove any remaining I/O hook -// -TCPConnection::~TCPConnection() -{ - close(); -} - -void TCPConnection::close() -{ - if (isOpen()) { - protocol.manager.removeIO(this); - TCPClientSocket::close(); - } -} - - -// -// Asynchronous connect processing for TCPClient subclasses. -// The full call sets up data and initiates the first connect attempt; the second -// form needs to be called on failure notification to (re)try other addresses. -// -void TCPConnection::connect(const Host &host, IPPort port) -{ - mAddressCandidates = host.addresses(); - mPort = port; - nextCandidate(); - protocol.manager.addIO(this); - mode(connecting); -} - -void TCPConnection::connect() -{ - if (mAddressCandidates.empty()) { - // out of candidates. This connection attempt is failing - UnixError::throwMe(EHOSTUNREACH); - } - - close(); - nextCandidate(); - protocol.manager.addIO(this); - mode(connecting); -} - -void TCPConnection::nextCandidate() -{ - // pull the next address from the candidate set - std::set::iterator it = mAddressCandidates.begin(); - IPAddress addr = *it; - mAddressCandidates.erase(it); - - open(addr, mPort, O_NONBLOCK); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/netconnection.h b/Network/netconnection.h deleted file mode 100644 index b34347c5..00000000 --- a/Network/netconnection.h +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connection - a (potentially) persistent access path to a (possibly :-) remote entity. -// -// Connection objects are the bearers of actual network (or other) I/O. They are distinct -// from Transfers, which embody an individual activity for a particular client (and Target). -// To do its stuff, a Transfer "docks" with a Connection, uses its resources, then "undocks" -// and leaves the Connection free to dock again with another Transfer (or, eventually, expire). -// -// Access protocols that do not have persistent state connections (e.g. FILE) will not use -// Connections at all; there is no requirement for a Transfer to use a Connection for its work. -// -// Actual Connection objects are specialized per protocol; for example, you'd expect -// an HTTPTransfer to dock to an HTTPConnection. If you subclass an existing protocol, -// you *may* be able to get away with using its Connection objects - but more often you'd -// subclass them in turn. -// -#ifndef _H_NETCONNECTION -#define _H_NETCONNECTION - -#include -#include -#include -#include "protocol.h" -#include "target.h" -#include "parameters.h" -#include "transfer.h" -#include - - -using namespace IPPlusPlus; - - -namespace Security { -namespace Network { - - -class Manager; -class Protocol; -class Target; - - -// -// A generic Connection represents a semi-persistent channel of access to something -// identified by a Target. -// -class Connection : public ParameterSource { - friend class Transfer; - friend class Manager; - typedef Protocol::Operation Operation; -public: - Connection(Protocol &proto, const HostTarget &spec); - virtual ~Connection(); - - Protocol &protocol; - const HostTarget hostTarget; - - // dock status - virtual void dock(Transfer *xfer); - virtual void undock(); - bool isDocked() const { return mTransfer; } - - template - XFer &transferAs() const { assert(mTransfer); return *safe_cast(mTransfer); } - - // manage persistence - bool retain() const { return mRetainMe; } - void retain(bool r) { mRetainMe = r; } - - // see if we're still alive (after perhaps a delay) - virtual bool validate(); - - // return our hostTarget or that of the proxy server, if any - const HostTarget &proxyHostTarget() const - { return protocol.isProxy() ? protocol.proxyHost() : hostTarget; } - -protected: - Sink &sink() const { assert(isDocked()); return mTransfer->sink(); } - Source &source() const { assert(isDocked()); return mTransfer->source(); } - const Target &target() const { assert(isDocked()); return mTransfer->target; } - Operation operation() const { assert(isDocked()); return mTransfer->operation(); } - - ParameterSource *parameters() { assert(mTransfer); return mTransfer->parameters(); } - bool getParams(Key key, Value &value) const - { assert(mTransfer); return mTransfer->getParams(key, value); } - void observe(Observer::Event event, const void *info = NULL) const - { if (mTransfer) mTransfer->observe(event, info); } - - void setError(const char *s, OSStatus err = Transfer::defaultOSStatusError) - { if (mTransfer) mTransfer->setError(s, err); } - - void finish(); - void fail(); - - virtual void restart(); - void restarting(bool rs) { mRestarting = rs; } - bool restarting() const { return mRestarting; } - -private: - Transfer *mTransfer; // currently docked transfer (NULL if idle) - bool mRetainMe; // want to be retained in connection pool - bool mRestarting; // restart allowed -}; - - -// -// A Connection that is also a TransferAgent::Client. -// This is a common case (but it isn't always true). -// -class TCPConnection : public Connection, - public TransferEngine::Client, public TCPClientSocket { -public: - TCPConnection(Protocol &proto, const HostTarget &spec) - : Connection(proto, spec) { } - ~TCPConnection(); - - // remove from I/O hooks and close - void close(); - - // manage asynchronous connection establishment - void connect(const Host &host, IPPort port); - void connect(); - - int fileDesc() const; - -private: - std::set mAddressCandidates; - IPPort mPort; - - void nextCandidate(); -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_NETCONNECTION */ diff --git a/Network/neterror.cpp b/Network/neterror.cpp deleted file mode 100644 index 94705d5b..00000000 --- a/Network/neterror.cpp +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// neterror - exception objects for Security::Network -// -#include "neterror.h" - - -namespace Security { -namespace Network { - - -Error::Error(OSStatus err) : MacOSError(err) -{ -} - -Error::~Error() throw() -{ -} - -void Error::throwMe(OSStatus err) { throw Error(err); } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/neterror.h b/Network/neterror.h deleted file mode 100644 index 29b2d56e..00000000 --- a/Network/neterror.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// neterror - exception objects for Security::Network -// -#ifndef _H_NETERROR -#define _H_NETERROR - -#include - - -namespace Security { -namespace Network { - - -// -// We subordinate our error space to the CSSM exception model. -// Our primary error space is that of MacOS OSStatus codes. -// -class Error : public Security::MacOSError { -protected: - Error(OSStatus err); -public: - virtual ~Error() throw(); - //@@@ -1 == internal error?! - static void throwMe(OSStatus err = -1) __attribute__((noreturn)); -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_NETERROR */ diff --git a/Network/netmanager.cpp b/Network/netmanager.cpp deleted file mode 100644 index 4b2dc50b..00000000 --- a/Network/netmanager.cpp +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// manager - network protocol core manager class -// -#include "netmanager.h" -#include "protocol.h" -#include "transfer.h" -#include "netconnection.h" -#include "neterror.h" - - -namespace Security { -namespace Network { - - -Manager::Manager() : mActiveTransfers(0), mRetainConnections(true), mObserver(NULL) -{ -} - -Manager::~Manager() -{ - //@@@ cleanup, s'il vous plait: - //@@@ abort transfers and destroy them - //@@@ notify any observers - //@@@ destroy protocol objects -} - - -// -// Add a new Transfer to this Manager. -// This does not start it; it'll just sit around until started. -// -void Manager::add(Transfer *xfer) -{ - assert(xfer->state() == Transfer::cold); - mTransfers.insert(xfer); - xfer->mState = Transfer::warm; -} - - -// -// Remove a Transfer from this Manager. -// You can remove a pre-active Transfer, or one that has finished or failed. -// You can't remove an active Transfer - abort it first. -// -void Manager::remove(Transfer *xfer) -{ - assert(mTransfers.find(xfer) != mTransfers.end()); // is ours - assert(xfer->state() != Transfer::active); - mTransfers.erase(xfer); -} - - -// -// Start a Transfer. It must already have been added, and must be in a pre-active state. -// -void Manager::start(Transfer *xfer) -{ - assert(mTransfers.find(xfer) != mTransfers.end()); // is ours - assert(xfer->state() == Transfer::warm); - try { - xfer->start(); - xfer->mState = Transfer::active; - xfer->observe(Observer::transferStarting); - mActiveTransfers++; - secdebug("netmanager", "%ld active transfers", mActiveTransfers); - } catch (...) { - xfer->mState = Transfer::failed; - secdebug("netmanager", "Transfer %p failed to start", xfer); - throw; - } -} - - -// -// Abort a Transfer. -// If it is active, try to make it stop as soon as it's safe. This may return while -// the Transfer's state is still active; it will eventually switch to failed unless it -// happened to succeed before we got to it (in which case it'll be finished). -// You can't abort a Transfer that isn't active. -//@@@ Phasing problem? Perhaps aborting non-active Transfers should be -//@@@ allowed (and ignored or flagged). -// -void Manager::abort(Transfer *xfer) -{ - assert(mTransfers.find(xfer) != mTransfers.end()); // is ours - switch (xfer->state()) { - case Transfer::active: - try { - secdebug("netmanager", "xfer %p request abort", xfer); - xfer->abort(); - } catch (...) { - secdebug("netmanager", "xfer %p failed to abort; forcing the issue", xfer); - xfer->Transfer::abort(); - } - break; - case Transfer::finished: - case Transfer::failed: - // no longer running; ignore cancel request - secdebug("netmanager", "xfer %p abort ignored (already done)", xfer); - break; - default: - assert(false); // mustn't call in this state - } -} - - -// -// Do bookkeeping for a Transfer that wants to be done. -// This method can only be called from a Transfer that belongs -// to this Manager and was started. -// -void Manager::done(Transfer *xfer) -{ - assert(mTransfers.find(xfer) != mTransfers.end()); // is ours - assert(xfer->state() == Transfer::finished || xfer->state() == Transfer::failed); - assert(mActiveTransfers > 0); - mActiveTransfers--; - secdebug("netmanager", "%ld active transfers", mActiveTransfers); -} - - -// -// Manage engine clients on behalf of active Transfers. -//@@@ Currently the API doesn't specify which Transfer these belong to. -//@@@ Perhaps it should. -// -void Manager::addIO(TransferEngine::Client *client) -{ - mEngine.add(client); -} - -void Manager::removeIO(TransferEngine::Client *client) -{ - mEngine.remove(client); -} - - -// -// Manage Connections on behalf of Transfers (and perhaps Protocols) -// -void Manager::retainConnection(Connection *connection) -{ - if (mRetainConnections) - mConnections.retain(connection); - else - closeConnection(connection); -} - -void Manager::closeConnection(Connection *connection) -{ - mConnections.remove(connection); - mMorgue.insert(connection); -} - - -// -// Try to find a live retained Connection for a HostTarget and return it. -// -Connection *Manager::pickConnection(const HostTarget &host) -{ - while (Connection *connection = mConnections.get(host)) { - if (connection->validate()) { - connection->restarting(true); // mark restarting - return connection; // good to go - } - // if validate returned false, the connection has self-destructed (so ignore it) - secdebug("netmanager", "%p connection %p failed to validate", - this, connection); - } - return NULL; // no joy, caller must make a new one -} - - -// -// Handle the global Connection cache -// -void Manager::reuseConnections(bool retain) -{ - mRetainConnections = retain; -} - - -void Manager::flushConnections() -{ - mConnections.purge(); -} - - -// -// Timer management -// -void Manager::setTimer(Timer *timer, Time::Absolute when) -{ - mTimers.schedule(timer, when); -} - -void Manager::clearTimer(Timer *timer) -{ - if (timer->scheduled()) - mTimers.unschedule(timer); -} - - -void Manager::runTimers() -{ - while (Timer *top = static_cast(mTimers.pop(Time::now()))) { - secdebug("netmanager", "%p timer %p executing at %.3f", - this, top, Time::now().internalForm()); - try { - top->action(); - secdebug("machsrvtime", "%p timer %p done", this, top); - } catch (...) { - secdebug("machsrvtime", - "%p server timer %p failed with exception", this, top); - } - } -} - - -// -// Perform a (small) incremental operations step. -// -void Manager::step() -{ - prepare(); - if (!mEngine.isEmpty()) { - secdebug("mgrstep", "operations step"); - mEngine(); - } -} - - -// -// Run in this thread until a particular time (or until no more Transfers are active). -// -void Manager::run(Time::Absolute stopTime) -{ - secdebug("netmanager", - "starting run with %ld active transfers", mActiveTransfers); - while (mActiveTransfers > 0) { - prepare(); - Time::Absolute limit = mTimers.empty() ? stopTime : min(stopTime, mTimers.next()); - mEngine(limit - Time::now()); - if (Time::now() > stopTime) - break; - } - secdebug("netmanager", "ending run"); -} - -void Manager::run() -{ - run(Time::heatDeath()); -} - - -// -// Internal stepper -// -void Manager::prepare() -{ - // clear the morgue - if (!mMorgue.empty()) { - secdebug("netmanager", - "clearing morgue of %ld connections", mMorgue.size()); - for (set::iterator it = mMorgue.begin(); it != mMorgue.end(); it++) - delete *it; - mMorgue.erase(mMorgue.begin(), mMorgue.end()); - } - - // run pending timers - runTimers(); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/netmanager.h b/Network/netmanager.h deleted file mode 100644 index 3226a9b7..00000000 --- a/Network/netmanager.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// manager - network protocol core manager class -// -#ifndef _H_NETMANAGER -#define _H_NETMANAGER - -#include -#include -#include -#include "xfercore.h" -#include "connectionpool.h" -#include "target.h" -#include "parameters.h" -#include "observer.h" -#include -#include - - -using namespace IPPlusPlus; - - -namespace Security { -namespace Network { - - -class Protocol; -class Transfer; -class Connection; - - -// -// A Manager object represents the top-level operations controller. -// You would usually only have one per process, though you *can* -// have more than one - they would not interact at all, and each -// Protocol, Transfer, etc. object could only belong to one of them. -// -class Manager : public ParameterPointer { -public: - Manager(); - virtual ~Manager(); - -public: - void add(Transfer *xfer); - void remove(Transfer *xfer); - void start(Transfer *xfer); - void abort(Transfer *xfer); - - Observer *observer() const { return mObserver; } - void observer(Observer *ob) { mObserver = ob; } - -public: // meant for just Transfer and Connection - void done(Transfer *xfer); - - void addIO(TransferEngine::Client *client); - void removeIO(TransferEngine::Client *client); - -public: // meant just for Connection - template - ProtoConnection *findConnection(const HostTarget &host) - { return safe_cast(pickConnection(host)); } - - void retainConnection(Connection *connection); - void closeConnection(Connection *connection); - -public: - void step(); // one small step for URLkind... - void run(); // run until no more work - void run(Time::Absolute upTo); // run until some future time - -public: - bool reuseConnections() const { return mRetainConnections; } - void reuseConnections(bool retain); // global connection reuse override - void flushConnections(); // clear connection cache (expensive) - -public: - class Timer : private ScheduleQueue::Event { - friend class Manager; - protected: - virtual ~Timer() { } - - Time::Absolute when() const { return Event::when(); } - bool scheduled() const { return Event::scheduled(); } - - public: - virtual void action() = 0; - }; - - virtual void setTimer(Timer *timer, Time::Absolute when); - void setTimer(Timer *timer, Time::Interval offset) - { setTimer(timer, Time::now() + offset); } - - virtual void clearTimer(Timer *timer); - -protected: - virtual void runTimers(); // run ready timers - virtual void prepare(); // setup for engine - -private: - void doStep(); // internal operative step - Connection *pickConnection(const HostTarget &host); - -private: - typedef map ProtoMap; - ProtoMap mProtocols; // map of registered protocols - -private: - typedef set TransferSet; - TransferSet mTransfers; // set of active transfers (prelim) - uint32 mActiveTransfers; // number of active transfers - -private: - TransferEngine mEngine; // transfer core engine - ConnectionPool mConnections; // pool of retained (live) Connections - set mMorgue; // Connections we should destroy - bool mRetainConnections; // global connection-reuse enable - Observer *mObserver; // default observer (NULL if none) - - ScheduleQueue mTimers; // timer queue -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_NETMANAGER */ diff --git a/Network/netparameters.h b/Network/netparameters.h deleted file mode 100644 index 170eb475..00000000 --- a/Network/netparameters.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// netparameters - ParameterSource keys for network protocol parameters -// -#ifndef _H_NETPARAMETERS -#define _H_NETPARAMETERS - -#include "parameters.h" - - -namespace Security { -namespace Network { - - -enum { - // generic (potentially applies to all protocols) - kNetworkGenericUsername = PARAMKEY(0x00001,string), // username for simple auth - kNetworkGenericPassword = PARAMKEY(0x00002,string), // password for simple auths - kNetworkRestartPosition = PARAMKEY(0x00003,integer), // byte position to restart from - - // generic but for proxy use only (all proxy protocols) - kNetworkGenericProxyUsername = PARAMKEY(0x00100,string), // username for proxy - kNetworkGenericProxyPassword = PARAMKEY(0x00101,string), // password for proxy - - // FTP protocol specific - kNetworkFtpPassiveTransfers = PARAMKEY(0x01001,bool), // use passive mode transfers - kNetworkFtpTransferMode = PARAMKEY(0x01002,string), // transfer mode ("A" or "I") - kNetworkFtpUniqueStores = PARAMKEY(0x01003,bool), // request unique stores (STOU) - - // HTTP/HTTPS protocol specific - kNetworkHttpCommand = PARAMKEY(0x02001,string), // access command (GET et al.) - kNetworkHttpUserAgent = PARAMKEY(0x02002,string), // User-Agent: value - kNetworkHttpMoreHeaders = PARAMKEY(0x02003,string), // arbitrary more headers - kNetworkHttpAcceptExpiredCerts = PARAMKEY(0x02004,bool), // accept expired certs - kNetworkHttpAcceptUnknownRoots = PARAMKEY(0x02005,bool), // accept untrusted root certificates - kNetworkHttpPostContentType = PARAMKEY(0x02006,string), // Content-Type: for posted data - kNetworkHttpUseVersion = PARAMKEY(0x02007,integer), // subversion of HTTP/1 to use - - // Legacy interface use ONLY. Not valid for modern use - kNetworkLegacyIsSecure = PARAMKEY(0x100001,bool), // secure connection (SSL) - kNetworkLegacyRespHeader = PARAMKEY(0x100002,string), // collected response headers - kNetworkLegacyReqBody = PARAMKEY(0x100003,data), // request body (in memory, as string) - - kNetworkLegacyResourceSize = PARAMKEY(0x100004,integer), - kNetworkLegacyFileType = PARAMKEY(0x100005,integer), - kNetworkLegacyFileCreator = PARAMKEY(0x100006,integer), - kNetworkLegacyLastModifiedTime = PARAMKEY(0x100007,integer), - kNetworkLegacyMIMEType = PARAMKEY(0x100008,string), - kNetworkLegacyResourceName = PARAMKEY(0x100009,string), - - // @@@ mistakenly added -- to be removed - kNetworkGenericURL = PARAMKEY(0x00004,string), - kNetworkGenericHost = PARAMKEY(0x00005,string) -}; - - -} // end namespace Security -} // end namespace Network - -#endif //_H_UAPARAMETERS diff --git a/Network/networkchooser.cpp b/Network/networkchooser.cpp deleted file mode 100644 index 9f11abb6..00000000 --- a/Network/networkchooser.cpp +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// chooser - Protocol repository and Transfer maker for network protocols -// -#include "networkchooser.h" - - -namespace Security { -namespace Network { - - -Chooser::Chooser(Manager &mgr) : manager(mgr) -{ -} - -Chooser::~Chooser() -{ -} - - -// -// Add, remove, and locate primary Protocols by name. -// -void Chooser::add(Protocol *protocol) -{ - //@@@ locking - Protocol * &proto = mCoreProtocols[protocol->urlPrefix()]; - assert(proto == NULL); - proto = protocol; -} - -void Chooser::remove(Protocol *protocol) -{ - ProtoMap::iterator it = mCoreProtocols.find(protocol->urlPrefix()); - assert(it != mCoreProtocols.end()); - mCoreProtocols.erase(it); -} - -Protocol &Chooser::protocolFor(const char *protoName) const -{ - ProtoMap::const_iterator it = mCoreProtocols.find(protoName); - if (it == mCoreProtocols.end()) - UnixError::throwMe(ENOENT); - return *it->second; -} - - -// -// The default implementation of protocolFor just finds a direct-connection Protocol -// for the target's scheme. -// -Protocol &Chooser::protocolFor(const HostTarget &target) const -{ - return protocolFor(target.scheme()); -} - - -// -// Here is a short-cut makeTransfer method. -// It simply determines the proper Protocol, creates a Transfer from it, and adds it -// to the Manager. -// -Transfer *Chooser::makeTransfer(const Target &target, Operation operation) -{ - Protocol &protocol = protocolFor(target); - //@@@ use auto_ptr here? - Transfer *transfer = protocol.makeTransfer(target, operation); - manager.add(transfer); - return transfer; -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/networkchooser.h b/Network/networkchooser.h deleted file mode 100644 index b4f412a1..00000000 --- a/Network/networkchooser.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// chooser - Protocol repository and Transfer maker for network protocols -// -#ifndef _H_CHOOSER -#define _H_CHOOSER - -#include -#include -#include -#include - - -using namespace IPPlusPlus; - -namespace Security { -namespace Network { - - -class Protocol; -class Transfer; -class Connection; - - -// -// -class Chooser { - typedef Protocol::Operation Operation; -public: - Chooser(Manager &mgr); - virtual ~Chooser(); - - Manager &manager; - -public: - // add and remove direct protocols - void add(Protocol *protocol); - void remove(Protocol *protocol); - Protocol &protocolFor(const char *protoName) const; // find protocol by URL scheme - -public: - // override this method to implement protocol choosing - virtual Protocol &protocolFor(const HostTarget &target) const; - -public: - Transfer *makeTransfer(const Target &target, Operation operation); - -private: - typedef map ProtoMap; - ProtoMap mCoreProtocols; // map of registered protocols -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_CHOOSER */ diff --git a/Network/observer.cpp b/Network/observer.cpp deleted file mode 100644 index 5eabbd14..00000000 --- a/Network/observer.cpp +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// observer - notification client for Network events -// -#include "observer.h" - - - -namespace Security { -namespace Network { - -// -// Blank virtual destructor -// -Observer::~Observer() -{ } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/observer.h b/Network/observer.h deleted file mode 100644 index 9cd254d2..00000000 --- a/Network/observer.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// observer - notification client for network events -// -#ifndef _H_OBSERVER -#define _H_OBSERVER - -#include - - -namespace Security { -namespace Network { - - -class Transfer; - - -// -// An Observer object has a set (bitmask) of events it is interested in. -// Observers are registered with Transfer and Manager objects to take effect. -// -class Observer { -public: - virtual ~Observer(); - -public: - enum { - noEvents = 0x000000, // mask for no events - transferStarting = 0x000001, // starting transfer operation - transferComplete = 0x000002, // successfully finished - transferFailed = 0x000004, // failed somehow - connectEvent = 0x000800, // transport level connection done or failed - protocolSend = 0x001000, // low-level protocol message sent - protocolReceive = 0x002000, // low-level protocol message received - - //@@@ questionable - resourceFound = 0x000008, // resource found, OK to continue - downloading = 0x000010, // downloading in progress - aborting = 0x000020, // abort in progress - dataAvailable = 0x000040, // data ready to go - systemEvent = 0x000080, // ??? - percentEvent = 0x000100, // a >= 1% data move has occurred - periodicEvent = 0x000200, // call every so often (.25 sec) - propertyChangedEvent = 0x000400, - resultCodeReady = 0x004000, // result code has been received by HTTP - uploading = 0x008000, // uploading - - allEvents = 0xFFFFFFFF // mask for all events - }; - typedef uint32 Event, Events; - - void setEvents(Events mask) { mEventMask = mask; } - Events getEvents() const { return mEventMask; } - bool wants(Events events) const { return mEventMask & events; } - - virtual void observe(Events events, Transfer *xfer, const void *info = NULL) = 0; - -private: - Events mEventMask; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_OBSERVER */ diff --git a/Network/parameters.cpp b/Network/parameters.cpp deleted file mode 100644 index d1b99eba..00000000 --- a/Network/parameters.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// parameters - dynamic parameter retrieval interface -// -#include "parameters.h" -#include - - -namespace Security { -namespace Network { - - -// -// ParameterStacks -// -bool ParameterStack::getParams(Key key, Value &value) const -{ - for (const_iterator it = begin(); it != end(); it++) { - if ((*it)->get(key, value)) - return true; - } - return false; -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/parameters.h b/Network/parameters.h deleted file mode 100644 index b5d310a1..00000000 --- a/Network/parameters.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// parameters - dynamic parameter retrieval interface -// -#ifndef _H_PARAMETERS -#define _H_PARAMETERS - -#include -#include -#include -#include - - -namespace Security { -namespace Network { - - -class ParameterSource { -public: - // Keys are unsigned integers with integrated typing - typedef uint32 Key; - typedef GenericValue Value; - - enum { - integerKey = 1, // int - stringKey = 2, // string - boolKey = 3, // bool - dataKey = 4 // ConstData - }; -# define PARAMKEY(id,type) ((id) << 8 | (Security::Network::ParameterSource::type##Key)) - inline int keyType(Key key) const { return key & 0xFF; } - -public: - virtual ~ParameterSource() { } - -public: - // core form: this can be virtually overridden - virtual bool getParams(Key key, Value &value) const = 0; - - // convenience form: unwrap to Value base type - template bool get(Key key, T &result) const - { - TypedValue value; - if (getParams(key, value)) { - result = value; - secdebug("paramsource", "%p key=0x%lx retrieved", this, key); - return true; - } else { - secdebug("paramsource", "%p key=0x%lx not found", this, key); - return false; - } - } - - // convenience form: return value, use default if not found (no failure indication) - template T getv(Key key, T value = T()) const - { - get(key, value); // overwrite value if successful - return value; // then return it or remaining default - } -}; - - -// -// A ParameterPointer is a ParameterSource that has an indirection to another -// ParameterSource. The underlying ("base") reference can be changed at will. -// If it is NULL, all lookups fail. -// -class ParameterPointer : public ParameterSource { -public: - ParameterPointer() : mBase(NULL) { } - ParameterPointer(ParameterSource *src) : mBase(src) { } - - operator bool () const { return mBase; } - ParameterSource *parameters() const { return mBase; } - ParameterSource *parameters(ParameterSource *newBase) - { ParameterSource *old = mBase; mBase = newBase; return old; } - - ParameterSource *parameters(ParameterSource &newBase) - { return parameters(&newBase); } - - bool getParams(Key key, Value &value) const - { return mBase && mBase->getParams(key, value); } - -private: - ParameterSource *mBase; // where to get it from... -}; - - -// -// Here's an entire (ordered) "stack" of ParameterSources. Just build a vector -// of pointers to ParameterSources, and have them searched in order. -// -class ParameterStack : public ParameterSource, public vector { -public: - bool getParams(Key key, Value &value) const; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_PARAMETERS diff --git a/Network/protocol.cpp b/Network/protocol.cpp deleted file mode 100644 index cc263ac7..00000000 --- a/Network/protocol.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// protocol - generic interface to an access protocol -// -#include "protocol.h" -#include "netmanager.h" -#include "neterror.h" - - -namespace Security { -namespace Network { - - -// -// Construct and manage a Protocol object -// -Protocol::Protocol(Manager &mgr, const char *prefix) : manager(mgr), mPrefix(prefix) -{ -} - -Protocol::~Protocol() -{ -} - - -// -// By default, name() just returns the same as urlPrefix() -// -const char *Protocol::name() const -{ - return urlPrefix(); -} - - -// -// Default Transfer factory (fails) -// -Transfer *Protocol::makeTransfer(const Target &, Operation) -{ Error::throwMe(); } - - -// -// Default to *not* a proxy protocol -// -bool Protocol::isProxy() const -{ return false; } - -const HostTarget &Protocol::proxyHost() const -{ - assert(false); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/protocol.h b/Network/protocol.h deleted file mode 100644 index 564f17ca..00000000 --- a/Network/protocol.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// protocol - generic interface to an access protocol -// -#ifndef _H_PROTOCOL -#define _H_PROTOCOL - -#include -#include "netmanager.h" - -using namespace IPPlusPlus; - - -namespace Security { -namespace Network { - - -class Transfer; -class Target; - - -// -// A Protocol object represents a particular transfer/access protocol. -// -class Protocol { -public: - Protocol(Manager &mgr, const char *prefix = NULL); - virtual ~Protocol(); - - virtual const char *name() const; - const char *urlPrefix() const { return mPrefix ? mPrefix : "?"; } - - typedef unsigned int Operation; - enum { - download = 1, // transfer data to sink - upload = 2, // transfer data from source - transaction = 3, // source-to-sink transaction mode - - protocolSpecific = 101 // starting here is protocol specific - }; - - virtual Transfer *makeTransfer(const Target &target, Operation operation); - - Manager &manager; - -public: - virtual bool isProxy() const; // true if this is a proxy protocol - virtual const HostTarget &proxyHost() const; // proxy host if isProxy() - -private: - const char *mPrefix; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_PROTOCOL */ diff --git a/Network/simplemanager.cpp b/Network/simplemanager.cpp deleted file mode 100644 index 6b804460..00000000 --- a/Network/simplemanager.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// simplemanager - "direct mode" network core manager -// -#include "simplemanager.h" -#include "netparameters.h" -#include - -#include "file-protocol.h" -#include "ftp-protocol.h" -#include "http-protocol.h" -#include "https-protocol.h" - - -namespace Security { -namespace Network { - - -SimpleManager::SimpleManager() : Chooser(static_cast(*this)) -{ - add(new HTTPProtocol(*this)); - add(new SecureHTTPProtocol(*this)); - add(new FTPProtocol(*this)); - add(new FileProtocol(*this)); -} - - -// -// Run all active transfers synchronously until complete. -// -void SimpleManager::allTransfersSynchronous() -{ - run(); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/simplemanager.h b/Network/simplemanager.h deleted file mode 100644 index ac61ede6..00000000 --- a/Network/simplemanager.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// simplemanager - "direct mode" network core manager -// -#ifndef _H_SIMPLEMANAGER -#define _H_SIMPLEMANAGER - -#include "netmanager.h" -#include "networkchooser.h" -#include - - -namespace Security { -namespace Network { - - -// -// The Test manager class -// -class SimpleManager : public Manager, public Chooser { -public: - SimpleManager(); - -#if BUG_GCC - void add(Transfer *xfer) { Manager::add(xfer); } - void add(Protocol *proto) { Chooser::add(proto); } -#else - using Manager::add; - using Chooser::add; -#endif - -public: - void allTransfersSynchronous(); -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_SIMPLEMANAGER diff --git a/Network/target.cpp b/Network/target.cpp deleted file mode 100644 index 31a764bd..00000000 --- a/Network/target.cpp +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// target - target objects and their sub-components -// -#include "target.h" -#include "protocol.h" - - -namespace Security { -namespace Network { - - -// -// Produce a HostTarget with a default port inserted, if necessary. -// -HostTarget HostTarget::defaultPort(IPPort defPort) const -{ - return HostTarget(scheme(), host(), port(defPort), username(), password()); -} - - -// -// Given a Target, construct a canonical proper URL string -// -string HostTarget::urlForm() const -{ - // form the :port optional part - char portPart[10]; - if (mPort) - sprintf(portPart, ":%d", mPort); - else - portPart[0] = '\0'; - - // build the whole form - char buffer[1024]; - if (haveUserPass()) { - snprintf(buffer, sizeof(buffer), "%s://%s:%s@%s%s", - scheme(), mUser.c_str(), mPassword.c_str(), - mHost.name().c_str(), portPart); - } else { - snprintf(buffer, sizeof(buffer), "%s://%s%s", - scheme(), mHost.name().c_str(), portPart); - } - return buffer; -} - -string Target::urlForm() const -{ - return host.urlForm() + path; -} - - -bool HostTarget::operator == (const HostTarget &other) const -{ - return mScheme == other.mScheme - && mHost == other.mHost - && mPort == other.mPort - && mUser == other.mUser - && mPassword == other.mPassword; -} - -bool HostTarget::operator < (const HostTarget &other) const -{ - // arbitrary lexicographic ordering - if (mScheme != other.mScheme) - return mScheme < other.mScheme; - if (mHost != other.mHost) - return mHost < other.mHost; - if (mPort != other.mPort) - return mPort < other.mPort; - if (mUser != other.mUser) - return mUser < other.mUser; - return mPassword < other.mPassword; -} - -bool HostTarget::operator <= (const HostTarget &other) const -{ - //@@@ be lenient on subsume-matching empty users/passwords? Distinguish spec/unspec? - return mHost <= other.mHost - && mScheme == other.mScheme - && mPort == other.mPort - && mUser == other.mUser - && mPassword == other.mPassword; -} - -bool Target::operator == (const Target &other) const -{ - return host == other.host && path == other.path; -} - -bool Target::operator <= (const Target &other) const -{ - //@@@ be lenient on path matches? Usage? - return host <= other.host && path == other.path; -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/target.h b/Network/target.h deleted file mode 100644 index b1ee1b82..00000000 --- a/Network/target.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// target - target objects and their sub-components -// -#ifndef _H_TARGET -#define _H_TARGET - -#include -#include -#include - - -namespace Security { -namespace Network { - -using namespace IPPlusPlus; - - -class Protocol; - - -// -// A HostTarget is the "host part" of a full access target. -// HostTargets are suitable for use as keys in STL containers. -// -class HostTarget { -public: - HostTarget(const char *scheme, Host h, IPPort p, string user = "", string password = "") - : mScheme(scheme), mHost(h), mPort(p), mUser(user), mPassword(password) { } - - const char *scheme() const { return mScheme.c_str(); } - const Host &host() const { return mHost; } - IPPort port(IPPort defaultPort = 0) const { return mPort ? mPort : defaultPort; } - - //@@@ this should probably be replaced with pluggable authentication schemes - bool haveUserPass() const { return mUser != ""; } - string username() const { return mUser; } - string password() const { return mPassword; } - - bool operator == (const HostTarget &other) const; // equality - bool operator < (const HostTarget &other) const; // less-than for sorting - bool operator <= (const HostTarget &other) const; // proper nonstrict subsumption - - HostTarget defaultPort(IPPort def) const; - - string urlForm() const; // canonical URL prefix form (without /path postfix) - -private: - string mScheme; // URL scheme - Host mHost; // host name or number; no default - IPPort mPort; // port number; zero to use protocol default - string mUser; // username; default empty - string mPassword; // password; default empty -}; - - -// -// Targets -// Targets are suitable for use as keys in STL functions. -// -class Target { -public: - Target(const HostTarget &theHost, const char *thePath) : host(theHost), path(thePath) { } - Target(const HostTarget &theHost, string thePath) : host(theHost), path(thePath) { } - Target(const char *scheme, Host h, IPPort p, const char *thePath) - : host(scheme, h, p), path(thePath) { } - - bool operator == (const Target &other) const; - bool operator <= (const Target &other) const; - - operator const HostTarget &() const { return host; } - - string urlForm() const; // construct canonical URL form - - const HostTarget host; - const string path; -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_TARGET */ diff --git a/Network/transfer.cpp b/Network/transfer.cpp deleted file mode 100644 index fef24b82..00000000 --- a/Network/transfer.cpp +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// transfer - the embodiment of a single transfer transaction -// -#include "transfer.h" -#include "netmanager.h" -#include "netconnection.h" -#include "protocol.h" -#include "neterror.h" - - -namespace Security { -namespace Network { - - -// -// Construct and destroy Transfer objects -// -Transfer::Transfer(Protocol &proto, const Target &tgt, Operation op, IPPort defPort) - : protocol(proto), - target(tgt.host.defaultPort(defPort), tgt.path), - mState(cold), mOperation(op), mConnection(NULL), - mSource(NULL), mSink(NULL), - mShareConnections(proto.manager.reuseConnections()), - mErrorStatus(defaultOSStatusError) -{ - secdebug("netxfer", "%p created for protocol %p(%s) target %s operation %d", - this, &proto, proto.name(), target.urlForm().c_str(), mOperation); - - parameters(protocol.manager); // inherit environment from manager object - mObserver = protocol.manager.observer(); -} - -Transfer::~Transfer() -{ - secdebug("netxfer", "transfer %p destroyed", this); -} - - -// -// Generic error management. -// These defaults do (almost) nothing useful; they should be overridden by -// each Protocol's Transfer object. -// -Transfer::ResultClass Transfer::resultClass() const -{ - switch (state()) { - case failed: - return unclassifiedFailure; - case finished: - return success; - default: - Error::throwMe(); - } -} - -OSStatus Transfer::errorStatus() const -{ - assert(state() == failed); - return mErrorStatus; -} - -string Transfer::errorDescription() const -{ - assert(state() == failed); - return mErrorDescription; -} - - -// -// Restart trampoline -// -void Transfer::restart() -{ - assert(mConnection); - return mConnection->restart(); -} - - -// -// Notify any observer -// -void Transfer::observe(Observer::Events events, const void *info) -{ - if (mObserver && mObserver->wants(events)) - mObserver->observe(events, this, info); -} - - -// -// Set yourself to be successfully done -// -void Transfer::finish() -{ - secdebug("xferengine", "transfer %p is finishing up", this); - mState = finished; - if (isDocked()) - mConnection->undock(); - protocol.manager.done(this); - observe(Observer::transferComplete); -} - - -// -// Set yourself to have failed -// -void Transfer::fail() -{ - secdebug("xferengine", "transfer %p is failing", this); - mState = failed; - if (isDocked()) - mConnection->undock(); - protocol.manager.done(this); - observe(Observer::transferFailed); -} - - -// -// This default implementation of abort() simply fails. -// This is not likely to be enough for most protocols. -// -void Transfer::abort() -{ - observe(Observer::aborting); - if (isDocked()) - mConnection->retain(false); // indeterminate state; don't keep it - fail(); -} - - -} // end namespace Network -} // end namespace Security diff --git a/Network/transfer.h b/Network/transfer.h deleted file mode 100644 index 9523ee8a..00000000 --- a/Network/transfer.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// transfer - the embodiment of a single transfer transaction -// -#ifndef _H_TRANSFER -#define _H_TRANSFER - -#include -#include -#include "protocol.h" -#include "target.h" -#include "parameters.h" -#include "observer.h" - - -using namespace IPPlusPlus; - - -namespace Security { -namespace Network { - - -class Protocol; - - -// -// A Transfer is a single transaction with a target. It usually performs -// a data transfer (upload or download), though it could also be some -// administrative action such as creating or deleting (remote) directories. -// -class Transfer : public ParameterPointer { - friend class Manager; - friend class Connection; -public: - typedef Protocol::Operation Operation; - - Transfer(Protocol &proto, const Target &tgt, Operation op, IPPort defaultPort = 0); - virtual ~Transfer(); - - Protocol &protocol; - const Target target; - - enum State { - cold, // queued - warm, // (not yet used) - active, // in progress - frozen, // (not yet used) - finished, // successfully finished - failed // failed - }; - - enum ResultClass { - success, // seems to have worked - localFailure, // local error - networkFailure, // failure talking to remote partner - remoteFailure, // failure reported by remote partner - authorizationFailure, // remote reject our authorization - abortedFailure, // transfer was aborted intentionally - unclassifiedFailure // something else went wrong - }; - - State state() const { return mState; } - Operation operation() const { return mOperation; } - - // valid only if state() is finished or failed - virtual ResultClass resultClass() const; // classify outcome - - // call these ONLY if state() == failed - virtual OSStatus errorStatus() const; // OSStatus short form of error condition - virtual string errorDescription() const; // string form of error condition - - template - Conn &connectionAs() const - { assert(mConnection); return *safe_cast(mConnection); } - - bool isDocked() const { return mConnection; } - - Sink &sink() const { assert(mSink); return *mSink; } - Source &source() const { assert(mSource); return *mSource; } - void sink(Sink &snk) { assert(!mSink); mSink = &snk; } - void source(Source &src) { assert(!mSource); mSource = &src; } - bool hasSink() const { return mSink; } - bool hasSource() const { return mSource; } - - // get/set the Observer. Observer is initially inherited from Manager - Observer *observer() const { return mObserver; } - void observer(Observer *ob) { mObserver = ob; } - - // get/set connection reuse feature - bool shareConnections() const { return mShareConnections; } - void shareConnections(bool share) { mShareConnections = share; } - - // return our hostTarget or that of the proxy server, if any - const HostTarget &proxyHostTarget() const - { return protocol.isProxy() ? protocol.proxyHost() : target; } - - // last resort OSStatus to return for failure, if nothing better is known - static const OSStatus defaultOSStatusError = -30785; //@@@ not a good choice, but what? - -protected: - virtual void start() = 0; // engage! - virtual void abort(); // abort while running - - void restart(); - void observe(Observer::Events events, const void *info = NULL); - - void setError(const char *s, OSStatus err = defaultOSStatusError) - { if (s) mErrorStatus = err; mErrorDescription = s; } - - void finish(); - void fail(); - -private: - State mState; // current state - Operation mOperation; // operation type - Connection *mConnection; // docked connection (NULL if none) - Observer *mObserver; // observer (NULL if none) - Source *mSource; // origin data source (NULL if N/A) - Sink *mSink; // destination data sink (NULL if N/A) - bool mShareConnections; // participate in Connection pool (reuse) - - OSStatus mErrorStatus; // OSStatus to return by default - string mErrorDescription; // error string to return by default -}; - - -} // end namespace Network -} // end namespace Security - - -#endif /* _H_TRANSFER */ diff --git a/Network/xfercore.cpp b/Network/xfercore.cpp deleted file mode 100644 index f665a271..00000000 --- a/Network/xfercore.cpp +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// xfercore - core data transfer engine -// -#include "xfercore.h" -#include - - -namespace Security { -namespace Network { - - -// -// Create an engine-level client object. -// @@@ Defer buffer allocation to mating? -// @@@ Defer state initialization to mating? -// -TransferEngine::Client::Client() - : mMode(invalidInput), mAutoCopyOut(false), - mSink(NULL), mSource(NULL), - mAutoFlush(true), - mReadBuffer(16384), mWriteBuffer(16384) -{ -} - -TransferEngine::Client::~Client() -{ -} - - -// -// Add and remove clients to/from the engine -// -void TransferEngine::add(Client *client) -{ - client->io = client->fileDesc(); // punch master I/O down to Selector client level - Selector::add(client->io, *client, input | critical); // initial registration -} - -void TransferEngine::remove(Client *client) -{ -#ifndef NDEBUG - if (!client->mReadBuffer.isEmpty()) - secdebug("xferengine", "xfer %p(%d) HAD %ld BYTES READ LEFT", - client, client->fileDesc(), client->mReadBuffer.length()); - if (!client->mWriteBuffer.isEmpty()) - secdebug("xferengine", "xfer %p(%d) HAD %ld BYTES WRITE LEFT", - client, client->fileDesc(), client->mWriteBuffer.length()); -#endif //NDEBUG - if (client->io.fd () != -1) { // did we have a live socket? - Selector::remove(client->io); - } - - client->io = FileDesc(); // invalidate -} - - -// -// Mode switching. -// In addition to the generic switcher (mode), there are variants that set associated -// information, such as sources/sinks. -// -void TransferEngine::Client::mode(InputMode newMode) -{ - secdebug("xferengine", "xfer %p(%d) switching to mode %d", this, fileDesc(), newMode); - switch (newMode) { - case rawInput: - case lineInput: - mMode = newMode; - break; - case connecting: - enable(output); - mMode = connecting; - break; - default: - assert(false); // can't switch to these modes like that - } -} - -void TransferEngine::Client::mode(Sink &sink, size_t byteCount) -{ - mMode = autoReadInput; - mSink = &sink; - mResidualReadCount = byteCount; - secdebug("xferengine", "xfer %p(%d) switching to autoReadInput (%ld bytes)", - this, fileDesc(), byteCount); -} - -void TransferEngine::Client::mode(Source &source, size_t byteCount) -{ - assert (!mAutoCopyOut); // no replacements, please - mAutoCopyOut = true; - mSource = &source; - mResidualWriteCount = byteCount; - secdebug("xferengine", "xfer %p(%d) enabling autoCopyOut mode (%ld bytes)", - this, fileDesc(), byteCount); - enable(output); -} - - -// -// Output methods. This queues output to be sent to the client's connection -// as soon as practical. -// -void TransferEngine::Client::printf(const char *format, ...) -{ - va_list args; - va_start(args, format); - vprintf(format, args); - va_end(args); -} - -void TransferEngine::Client::vprintf(const char *format, va_list args) -{ - mWriteBuffer.vprintf(format, args); -#if !defined(NDEBUG) - char buffer[1024]; - vsnprintf(buffer, sizeof(buffer), format, args); - secdebug("engineio", "%p(%d) <-- %s", this, fileDesc(), buffer); -#endif //NDEBUG - startOutput(); -} - -void TransferEngine::Client::printfe(const char *format, ...) -{ - va_list args; - va_start(args, format); - vprintfe(format, args); - va_end(args); -} - -void TransferEngine::Client::vprintfe(const char *format, va_list args) -{ - mWriteBuffer.vprintf(format, args); - mWriteBuffer.printf("\r\n"); -#if !defined(NDEBUG) - char buffer[1024]; - vsnprintf(buffer, sizeof(buffer), format, args); - secdebug("engineio", "%p(%d) <-- %s[CRNL]", this, fileDesc(), buffer); -#endif //NDEBUG - startOutput(); -} - - -// -// Set output auto-flush mode. Think of this as a weak output-hold mode. -// If autoflush is off, we don't try hard to send data out immediately. If it's -// on, we send data as soon as it's generated. -// Calling flushOutput(true) always generates I/O as needed to send output -// data NOW (even if the mode was already on). -// -void TransferEngine::Client::flushOutput(bool autoFlush) -{ - mAutoFlush = autoFlush; - secdebug("engineio", "%p(%d) output flush %s", this, fileDesc(), autoFlush? "on" : "off"); - if (mAutoFlush) - startOutput(); -} - - -// -// StartOutput is called by output generators to get output flowing. -// It may generate output I/O, or hold things in buffers according to -// current settings. -// -void TransferEngine::Client::startOutput() -{ - if (mAutoFlush) { - if (mAutoCopyOut && !mWriteBuffer.isFull()) - autoCopy(); // try to tack on some autoCopy output - if (!mWriteBuffer.isEmpty()) { - mWriteBuffer.write(*this); - if (mAutoFlush || !mWriteBuffer.isEmpty()) { // possibly more output - enable(output); // ask for output-drain notification - } else { - disable(output); // no need for output-possible events - } - } - } -} - - -// -// Discard any data still in the input buffer. -// This is used to cope with unexpected garbage (protocol violations -// from the server), and shouldn't be used indiscriminately. -// -void TransferEngine::Client::flushInput() -{ - if (!mReadBuffer.isEmpty()) { - secdebug("engineio", "flushing %ld bytes of input", mReadBuffer.length()); - mReadBuffer.clear(); - mInputFlushed = true; // inhibit normal buffer ops - } -} - - -// -// Given that autoCopyOut mode is active, try to transfer some bytes -// into the write buffer. This is a lazy, fast push, suitable for tacking on -// when you are about to send data for some other reason. -// Returns the number of bytes retrieved from the auto-Source (possibly zero). -// -size_t TransferEngine::Client::autoCopy() -{ - size_t len = mWriteBuffer.available(); //@@@ (true) ? - if (mResidualWriteCount && mResidualWriteCount < len) - len = mResidualWriteCount; - void *addr; mWriteBuffer.locatePut(addr, len); - mSource->produce(addr, len); - secdebug("xferengine", "xfer %p(%d) autoCopyOut source delivered %ld bytes", - this, fileDesc(), len); - mWriteBuffer.usePut(len); - return len; -} - - -// -// This is the notify function called by the IP Selector layer when I/O is possible. -// It runs the state machines for all current clients, calling their transit methods -// in turn. -// -void TransferEngine::Client::notify(int fd, Type type) -{ - try { - //@@@ Note: We do not currently do anything special about critical events. - - if (type & Selector::output) { - // if we're in connecting mode - if (mMode == connecting) { - Socket s; s = fd; // Socket(fd) means something different... - int error = s.error(); - secdebug("xferengine", "xfer %p(%d) connect (errno %d)", - this, fd, error); - transit(connectionDone, NULL, error); - return; - } - - //@@@ use high/low water marks here - if (mAutoCopyOut && !mWriteBuffer.isFull()) { - if (autoCopy() == 0) { - switch (mSource->state()) { - case Source::stalled: - // ah well, maybe later - secdebug("xferengine", "xfer %p(%d) autoCopyOut source is stalled", this, fd); - break; - case Source::endOfData: - mAutoCopyOut = false; // done - secdebug("xferengine", "xfer %p(%d) autoCopyOut end of data", this, fd); - if (mResidualWriteCount > 0) - secdebug("xferengine", "xfer %p(%d) has %ld autoCopy bytes left", - this, fd, mResidualWriteCount); - transit(autoWriteDone); - if (!isActive()) - return; // transit removed us; stop now - break; - default: - assert(false); - } - } - } - if (mWriteBuffer.isEmpty()) { // output possible, no output pending - secdebug("xferengine", "xfer %p(%d) disabling output (empty)", this, fd); - disable(output); - } else { // stuff some more - size_t length = mWriteBuffer.write(*this); - secdebug("xferengine", "xfer %p(%d) writing %ld bytes", this, fd, length); - } - } - - if (type & Selector::input) { - secdebug("xferengine", "xfer %p(%d) input ready %d bytes", - this, fd, io.iocget(FIONREAD)); - - do { - mInputFlushed = false; // preset normal - - //@@@ break out after partial buffer to give Equal Time to other transfers? good idea?! - if (!atEnd() && mReadBuffer.read(*this) == 0 && !atEnd()) { - mReadBuffer.read(*this, true); - } - - if (mReadBuffer.isEmpty() && atEnd()) { - transit(endOfInput); - break; - } - switch (mMode) { - case rawInput: - rawInputTransit(); - break; - case lineInput: - if (!lineInputTransit()) - return; // no full line; try again later - break; - case autoReadInput: - autoReadInputTransit(); - if (mMode != autoIODone) - break; - // autoRead completed; fall through to autoIODone handling - case autoIODone: - mMode = invalidInput; // pre-mark error - transit(autoReadDone); // notify; this must reset mode or exit - if (!isActive()) // if we're terminated... - return; // ... then go - assert(mMode != invalidInput); // else enforce mode reset - break; - case connecting: - { - // we should never be here. Selector gave us "read but not write" while connecting. FUBAR - Socket s; s = fd; - secdebug("xferengine", - "fd %d input while connecting (errno=%d, type=%d)", - fd, s.error(), type); - UnixError::throwMe(ECONNREFUSED); // likely interpretation - } - default: - secdebug("xferengine", "mode error in input sequencer (mode=%d)", mMode); - assert(false); - } - if (!io) // client has unhooked; clear buffer and exit loop - flushInput(); - } while (!mReadBuffer.isEmpty()); - //@@@ feed back for more output here? But also see comments above... - //@@@ probably better to take the trip through the Selector - } - } catch (const CssmCommonError &err) { - transitError(err); - } catch (...) { - transitError(UnixError::make(EIO)); // best guess (could be anything) - } -} - -void TransferEngine::Client::rawInputTransit() -{ - // just shove it at the user - char *addr; size_t length = mReadBuffer.length(); - mReadBuffer.locateGet(addr, length); - secdebug("engineio", "%p(%d) --> %d bytes RAW", - this, fileDesc(), io.iocget(FIONREAD)); - transit(inputAvailable, addr, length); - if (!mInputFlushed) - mReadBuffer.useGet(length); -} - -bool TransferEngine::Client::lineInputTransit() -{ - char *line; size_t length = mReadBuffer.length(); - mReadBuffer.locateGet(line, length); - - char *nl; - for (nl = line; nl < line + length && *nl != '\n'; nl++) ; - if (nl == line + length) // no end-of-line, wait for more - return false; - - if (nl > line && nl[-1] == '\r') { // proper \r\n termination - nl[-1] = '\0'; // terminate for transit convenience - secdebug("engineio", "%p(%d) --> %s", this, fileDesc(), line); - transit(inputAvailable, line, nl - line - 1); - } else { // improper, tolerate - nl[0] = '\0'; // terminate for transit convenience - secdebug("engineio", "%p(%d) [IMPROPER] --> %s", this, fileDesc(), line); - transit(inputAvailable, line, nl - line); - } - if (!mInputFlushed) - mReadBuffer.useGet(nl - line + 1); - return true; -} - -void TransferEngine::Client::autoReadInputTransit() -{ - secdebug("xferengine", "xfer %p(%d) %ld pending %d available", - this, fileDesc(), mReadBuffer.length(), io.iocget(FIONREAD)); - void *data; size_t length = mReadBuffer.length(); - if (mResidualReadCount && mResidualReadCount < length) - length = mResidualReadCount; - mReadBuffer.locateGet(data, length); - secdebug("engineio", "%p(%d) --> %ld bytes autoReadInput", this, fileDesc(), length); - mSink->consume(data, length); - if (!mInputFlushed) - mReadBuffer.useGet(length); - if (mResidualReadCount && (mResidualReadCount -= length) == 0) - mMode = autoIODone; -} - - -// -// The (protected) tickle() method causes a one-time scan -// of the requesting client. This will simulate an input-ready event -// and possibly call the transit method. -// This is designed to be used from validate() or in other unusual -// external situations. Don't call this from within transit(). -// -void TransferEngine::Client::tickle() -{ - notify(io, input | critical); -} - - -// -// The default read/write methods perform direct I/O on the underlying file descriptor. -// -size_t TransferEngine::Client::read(void *data, size_t size) -{ return io.read(data, size); } - -size_t TransferEngine::Client::write(const void *data, size_t size) -{ return io.write(data, size); } - -bool TransferEngine::Client::atEnd() const -{ return io.atEnd(); } - - -} // end namespace Network -} // end namespace Security diff --git a/Network/xfercore.h b/Network/xfercore.h deleted file mode 100644 index 8f24d1a3..00000000 --- a/Network/xfercore.h +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// xfercore - core data transfer engine -// -#ifndef _H_XFERCORE -#define _H_XFERCORE - -#include -#include -#include -#include -#include - -#if defined(SOCKS_SUPPORT) -# include -# define TCPClientSocket SocksClientSocket -# define TCPServerSocket SocksServerSocket -#endif - -using Security::Buffer; -using namespace IPPlusPlus; - - -namespace Security { -namespace Network { - - -class TransferEngine : public Selector { -public: - TransferEngine() { } - virtual ~TransferEngine() { } - -public: - class Client : public Selector::Client { - friend class TransferEngine; - public: - Client(); - virtual ~Client(); - - public: - enum InputMode { - invalidInput, // error mode (invalid) - connecting, // working on TCP connection - rawInput, // raw chunk input (whatever's on the wire) - lineInput, // Internet lines input (\r\n) - autoReadInput, // bulk read to docked sink - - autoIODone // transiition marker - }; - InputMode mode() const { return mMode; } - void mode(InputMode m); // set (switch) mode - void mode(Sink &sink, size_t byteCount = 0); - - void mode(Source &source, size_t byteCount = 0); - bool autoWriteActive() const { return mSource; } - - enum Event { // event type: (input, length) arguments - inputAvailable, // input available in current mode: (data, length) - connectionDone, // TCP connection event: (NULL, errno) - autoReadDone, // autoReadInput has completed: (NULL, 0) - autoWriteDone, // autoWriteOutput has completed: (NULL, 0) - endOfInput, // end of data stream from remote end: (NULL, 0) - ioError // I/O failed: (CssmCommonError *, 0) - }; - - virtual void transit(Event event, char *data = NULL, size_t length = 0) = 0; - virtual void transitError(const CssmCommonError &error) = 0; - virtual int fileDesc() const = 0; - - public: - // override this to implement I/O filters - default is pass-through - virtual size_t read(void *data, size_t size); - virtual size_t write(const void *data, size_t size); - virtual bool atEnd() const; - - protected: - void printf(const char *format, ...); - void printfe(const char *format, ...); - void vprintf(const char *format, va_list args); - void vprintfe(const char *format, va_list args); - - void flushOutput(bool autoFlush = true); - - void flushInput(); - - void tickle(); - - private: - void notify(int fd, Type type); - - private: - void rawInputTransit(); - bool lineInputTransit(); - void autoReadInputTransit(); - - void startOutput(); - size_t autoCopy(); - - private: - InputMode mMode; // current mode - bool mAutoCopyOut; // auto-copyout overlay mode - Sink *mSink; // sink for autoReadInput mode - Source *mSource; // source for copyout overlay mode - size_t mResidualReadCount; // bytes left to autoReadInput (zero => unlimited) - size_t mResidualWriteCount; // bytes left to autoCopyOut (zero => unlimited) - bool mAutoFlush; // output auto-flush mode - bool mInputFlushed; // transit flushed input; do not complete buffer ops - - FileDesc io; - - Buffer mReadBuffer; - Buffer mWriteBuffer; - }; - -public: - void add(Client *client); - void remove(Client *client); -}; - - -} // end namespace Network -} // end namespace Security - - -#endif //_H_XFERCORE diff --git a/README b/README new file mode 100644 index 00000000..cfdcee72 --- /dev/null +++ b/README @@ -0,0 +1,29 @@ +This code contains a Darwin version of CDSA along with many other security libraries. + +Information about CDSA may be obtained from the OpenGroup web site at: + + http://www.opengroup.org/pubs/catalog/c914.htm + +Further information regarding the security of the MacOSX product is available at: + + http://www.apple.com/support/security/ + +Developers wishing to know more about developing their products in a manner consistent with MacOS security should view: + + http://developer.apple.com/macos/security.html + + +To build this project in a Darwin environment (as opposed to building in-house +at Apple), use the Darwin buildstyle. If you're building with Xcode, select +"Darwin" from the "Active Build Style" popup. If you're building from the command +line, specify the build style like so: + +% xcodebuild -buildstyle Darwin install + +This build style is necessitated by the fact that the CSP built at (and +shipped by) Apple includes some algorithms which are proprietary to Apple; +the source code for these algorithms is not open source. Selecting the +Darwin build style allows the Security project (and also the CSP, in +the libsecurity_apple_csp project, which also must be built with the +Darwin build style) to be built from the Darwin open source tree without +requiring the source for these algorithms. diff --git a/README.txt b/README.txt deleted file mode 100644 index 8c2518d9..00000000 --- a/README.txt +++ /dev/null @@ -1,19 +0,0 @@ -Web Resources for MacOS Data Security - - -This code contains a Darwin version of CDSA along with many other security libraries. - -Information about CDSA may be obtained from the OpenGroup web site at: - - http://www.opengroup.org/pubs/catalog/c914.htm - -Further information regarding the security of the MacOSX product is available at: - - http://www.apple.com/support/security/ - -Developers wishing to know more about developing their products in a manner consistent with -MacOS security should view: - - http://developer.apple.com/macos/security.html - - diff --git a/SecureTransport/CVSVersionInfo.txt b/SecureTransport/CVSVersionInfo.txt deleted file mode 100644 index e0a4f43d..00000000 --- a/SecureTransport/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:58 mb Exp $ -# $Name: $ -ProjectName: SecureTransport -ProjectVersion: 3 diff --git a/SecureTransport/ModuleAttacher.cpp b/SecureTransport/ModuleAttacher.cpp deleted file mode 100644 index fd1edc5f..00000000 --- a/SecureTransport/ModuleAttacher.cpp +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * ModuleAttacher.cpp - * - * Process-wide class which loads and attaches to {CSP, TP, CL} at most - * once, and detaches and unloads the modules when this code is unloaded. - */ - -#include "ModuleAttacher.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include -#include -#include -#include -#include -#include - -class ModuleAttacher -{ -public: - ModuleAttacher() : - mCspHand(CSSM_INVALID_HANDLE), - mClHand(CSSM_INVALID_HANDLE), - mTpHand(CSSM_INVALID_HANDLE), - mCssmInitd(false) - { } - ~ModuleAttacher(); - CSSM_CSP_HANDLE getCspHand(); - CSSM_CL_HANDLE getClHand(); - CSSM_TP_HANDLE getTpHand(); - CSSM_RETURN loadAllModules( - CSSM_CSP_HANDLE &cspHand, - CSSM_CL_HANDLE &clHand, - CSSM_TP_HANDLE &tpHand); - -private: - /* on all private member functions, mLock held on entry and exit */ - bool initCssm(); - CSSM_HANDLE loadModule( - CSSM_SERVICE_TYPE svcType, // CSSM_SERVICE_CSP, etc. - const CSSM_GUID *guid, - const char *modName); - void unloadModule( - CSSM_HANDLE hand, - const CSSM_GUID *guid); - - /* connection to modules, evaluated lazily */ - CSSM_CSP_HANDLE mCspHand; - CSSM_TP_HANDLE mClHand; - CSSM_TP_HANDLE mTpHand; - bool mCssmInitd; - Mutex mLock; -}; - -/* the single global thing */ -static ModuleNexus moduleAttacher; - -static const CSSM_API_MEMORY_FUNCS CA_memFuncs = { - stAppMalloc, - stAppFree, - stAppRealloc, - stAppCalloc, - NULL -}; - - -/* - * This only gets called when cspAttacher get deleted, i.e., when this code - * is actually unloaded from the process's address space. - */ -ModuleAttacher::~ModuleAttacher() -{ - StLock _(mLock); - - if(mCspHand != CSSM_INVALID_HANDLE) { - unloadModule(mCspHand, &gGuidAppleCSP); - } - if(mTpHand != CSSM_INVALID_HANDLE) { - unloadModule(mTpHand, &gGuidAppleX509TP); - } - if(mClHand != CSSM_INVALID_HANDLE) { - unloadModule(mClHand, &gGuidAppleX509CL); - } -} - -static const CSSM_VERSION cssmVers = {2, 0}; -static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; - -bool ModuleAttacher::initCssm() -{ - CSSM_RETURN crtn; - CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - - if(mCssmInitd) { - return true; - } - crtn = CSSM_Init (&cssmVers, - CSSM_PRIVILEGE_SCOPE_NONE, - &testGuid, - CSSM_KEY_HIERARCHY_NONE, - &pvcPolicy, - NULL /* reserved */); - if(crtn != CSSM_OK) { - #ifndef NDEBUG - sslErrorLog("CSSM_Init returned %s", stCssmErrToStr(crtn)); - #endif - return false; - } - else { - mCssmInitd = true; - return true; - } -} - -CSSM_HANDLE ModuleAttacher::loadModule( - CSSM_SERVICE_TYPE svcType, // CSSM_SERVICE_CSP, etc. - const CSSM_GUID *guid, - const char *modName) -{ - CSSM_RETURN crtn; - CSSM_HANDLE hand; - - if(!initCssm()) { - return CSSM_INVALID_HANDLE; - } - crtn = CSSM_ModuleLoad(guid, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - #ifndef NDEBUG - sslErrorLog("ModuleAttacher::loadModule: error (%s) loading %s\n", - stCssmErrToStr(crtn), modName); - #endif - return CSSM_INVALID_HANDLE; - } - crtn = CSSM_ModuleAttach (guid, - &cssmVers, - &CA_memFuncs, // memFuncs - 0, // SubserviceID - svcType, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &hand); - if(crtn) { - #ifndef NDEBUG - sslErrorLog("ModuleAttacher::loadModule: error (%s) attaching to %s\n", - stCssmErrToStr(crtn), modName); - #endif - return CSSM_INVALID_HANDLE; - } - return hand; -} - -void ModuleAttacher::unloadModule( - CSSM_HANDLE hand, - const CSSM_GUID *guid) -{ - CSSM_ModuleDetach(hand); - CSSM_ModuleUnload(guid, NULL, NULL); -} - -CSSM_CSP_HANDLE ModuleAttacher::getCspHand() -{ - StLock _(mLock); - - if(mCspHand != CSSM_INVALID_HANDLE) { - /* already connected */ - return mCspHand; - } - mCspHand = loadModule(CSSM_SERVICE_CSP, &gGuidAppleCSP, "AppleCSP"); - return mCspHand; -} - -CSSM_CL_HANDLE ModuleAttacher::getClHand() -{ - StLock _(mLock); - - if(mClHand != CSSM_INVALID_HANDLE) { - /* already connected */ - return mClHand; - } - mClHand = loadModule(CSSM_SERVICE_CL, &gGuidAppleX509CL, "AppleCL"); - return mClHand; -} - -CSSM_TP_HANDLE ModuleAttacher::getTpHand() -{ - StLock _(mLock); - - if(mTpHand != CSSM_INVALID_HANDLE) { - /* already connected */ - return mTpHand; - } - mTpHand = loadModule(CSSM_SERVICE_TP, &gGuidAppleX509TP, "AppleTP"); - return mTpHand; -} - -CSSM_RETURN ModuleAttacher::loadAllModules( - CSSM_CSP_HANDLE &cspHand, - CSSM_CL_HANDLE &clHand, - CSSM_TP_HANDLE &tpHand) -{ - StLock _(mLock); - - if(mCspHand == CSSM_INVALID_HANDLE) { - mCspHand = loadModule(CSSM_SERVICE_CSP, &gGuidAppleCSP, "AppleCSP"); - if(mCspHand == CSSM_INVALID_HANDLE) { - return CSSMERR_CSSM_ADDIN_LOAD_FAILED; - } - } - if(mClHand == CSSM_INVALID_HANDLE) { - mClHand = loadModule(CSSM_SERVICE_CL, &gGuidAppleX509CL, "AppleCL"); - if(mClHand == CSSM_INVALID_HANDLE) { - return CSSMERR_CSSM_ADDIN_LOAD_FAILED; - } - } - if(mTpHand == CSSM_INVALID_HANDLE) { - mTpHand = loadModule(CSSM_SERVICE_TP, &gGuidAppleX509TP, "AppleTP"); - if(mTpHand == CSSM_INVALID_HANDLE) { - return CSSMERR_CSSM_ADDIN_LOAD_FAILED; - } - } - cspHand = mCspHand; - clHand = mClHand; - tpHand = mTpHand; - return CSSM_OK; -} - -/* public C function to load and attach to all three modules */ -CSSM_RETURN attachToModules( - CSSM_CSP_HANDLE *cspHand, - CSSM_CL_HANDLE *clHand, - CSSM_TP_HANDLE *tpHand) -{ - return moduleAttacher().loadAllModules(*cspHand, *clHand, *tpHand); -} - diff --git a/SecureTransport/ModuleAttacher.h b/SecureTransport/ModuleAttacher.h deleted file mode 100644 index 0f646251..00000000 --- a/SecureTransport/ModuleAttacher.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * ModuleAttacher.h - * - * Process-wide class which loads and attaches to {CSP, TP, CL} at most - * once, and detaches and unloads the modules when this code is unloaded. - */ - -#ifndef _MODULE_ATTACHER_H_ -#define _MODULE_ATTACHER_H_ - -#include -#include "sslBuildFlags.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Load and attach to all three modules. - * Returns CSSMERR_CSSM_ADDIN_LOAD_FAILED or CSSM_OK. - */ -extern CSSM_RETURN attachToModules( - CSSM_CSP_HANDLE *cspHand, - CSSM_CL_HANDLE *clHand, - CSSM_TP_HANDLE *tpHand); - -#ifdef __cplusplus -} -#endif - -#endif /* _CSP_ATTACHER_H_ */ \ No newline at end of file diff --git a/SecureTransport/README b/SecureTransport/README deleted file mode 100644 index 3be86f2a..00000000 --- a/SecureTransport/README +++ /dev/null @@ -1,45 +0,0 @@ - SecureTransport notes - 14 Feb 2002 dmitch - --- Server-side cert usage and configuration is highly application dependent. - - -- Although the use of server-initiated key exchange is optional under - the SSL3 spec, Netscape browsers (4.61 through 4.75) will not tolerate - this operation unless an exportable cipher is selected. The current - configuration of the library will attempt to perform server-initiated - key exchange if and only if the app has specified an encryption - certificate via SSLSetEncryptionCertificate(). Thus, in a config - which is required to work with Netscape browsers, if non-export - (i.e., strong) ciphers are to be supported, encryption certs - must NOT be specified, and the server cert specified in SSLSetCertificate() - must be capable of both signing and encryption. This applies to the underlying - keys as well. - - -- On top of that, even in a situation where Netscape will allow a server- - initiated key exchange (export cipher, app specifies both kinds of certs), - Netscape will abort if the *signing-only* cert (specified in - SSLSetCertificate()) is not capable of encryption! In this case that cert - is never even used for encryption. But that is the real world. - - Thus, to work with Netscape browsers with export-grade ciphers, the main - signing cert still has to be capable of encryption, even if the app specifies - a separate encryption cert. - - -- The SSL_SERVER_KEYEXCH_HACK flag, in sslBuildFlags.h, was previously used - to work around the above-mentioned Netscape bug; when this flag is true, - server-initiated key exchange is only performed if an encrypting cert is - specified AND an export-grade cipher is selected. The current config has - this flag set false. - - -- SSL2 server-side operation requires the presence of a cert and key which is - capable of encryption (not signing). One cert, specified in SSLSetCertificate(), - can support both SSL2 and SSL3 if and only if it is capable of both signing - and encryption. - --- Server mode operation with IE is fully functional and reliable. There is a - bug in IE which is worked around in SSLEncodeServerHello(), in hdskhelo.c. - See comments there. Tested with IE 5.0 on OS 9 and 5.1.3 on OS X. - --- Server untested with Windows clients. - - diff --git a/SecureTransport/SecureTransport.pbproj/project.pbxproj b/SecureTransport/SecureTransport.pbproj/project.pbxproj deleted file mode 100644 index 1c8755f1..00000000 --- a/SecureTransport/SecureTransport.pbproj/project.pbxproj +++ /dev/null @@ -1,1348 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 38; - objects = { - 00E4CE33FF9B8B71D0A17CE7 = { - buildStyles = ( - 48499A08FFCB05657F000001, - 48499A09FFCB05657F000001, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 00E4CE34FF9B8B71D0A17CE7; - productRefGroup = 00E4CE35FF9B8CA8D0A17CE7; - projectDirPath = ""; - targets = ( - 00E4CE37FF9B8CA8D0A17CE7, - 00E4CE38FF9B8CA8D0A17CE7, - ); - }; - 00E4CE34FF9B8B71D0A17CE7 = { - children = ( - 00E4CE3EFF9B8E08D0A17CE7, - 00E4CE41FF9B8EABD0A17CE7, - 00E4CE42FF9B8EABD0A17CE7, - 00E4CE5FFF9B8EABD0A17CE7, - 00E4CE60FF9B8EABD0A17CE7, - 00E4CE61FF9B8EABD0A17CE7, - 1F12355AFF9CE43ED0A17CE7, - 00E4CE35FF9B8CA8D0A17CE7, - ); - isa = PBXGroup; - refType = 4; - }; - 00E4CE35FF9B8CA8D0A17CE7 = { - children = ( - 00E4CE36FF9B8CA8D0A17CE7, - ); - isa = PBXGroup; - name = Products; - refType = 4; - }; - 00E4CE36FF9B8CA8D0A17CE7 = { - isa = PBXFrameworkReference; - path = SecureTransport.framework; - refType = 3; - }; - 00E4CE37FF9B8CA8D0A17CE7 = { - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = World; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 00E4CEBEFF9B99B0D0A17CE7, - ); - isa = PBXAggregateTarget; - name = World; - productName = World; - }; - 00E4CE38FF9B8CA8D0A17CE7 = { - buildPhases = ( - 00E4CE39FF9B8CA8D0A17CE7, - 00E4CE3AFF9B8CA8D0A17CE7, - 00E4CE3BFF9B8CA8D0A17CE7, - 00E4CE3CFF9B8CA8D0A17CE7, - 00E4CE3DFF9B8CA8D0A17CE7, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; - EXPORTED_SYMBOLS_FILE = secureTransport.exp; - FRAMEWORK_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\" /Volumes/Data_and_Apps/dmitchBuildRelease"; - FRAMEWORK_VERSION = A; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)/privateInc\""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - OPTIMIZATION_CFLAGS = "-O3"; - OTHER_CFLAGS = "-DNDEBUG"; - OTHER_LDFLAGS = "-lstdc++"; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRINCIPAL_CLASS = ""; - PRODUCT_NAME = SecureTransport; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format"; - WRAPPER_EXTENSION = framework; - }; - dependencies = ( - ); - isa = PBXFrameworkTarget; - name = SecureTransport; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - productName = SecureTransport; - productReference = 00E4CE36FF9B8CA8D0A17CE7; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - FMWK - CFBundleShortVersionString - - CFBundleSignature - ???? - CFBundleVersion - 0.0.1d1 - - -"; - }; - 00E4CE39FF9B8CA8D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 00E4CE62FF9B8EABD0A17CE7, - 00E4CE64FF9B8EABD0A17CE7, - 00E4CE65FF9B8EABD0A17CE7, - 00E4CE66FF9B8EABD0A17CE7, - 00E4CE67FF9B8EABD0A17CE7, - 00E4CE6CFF9B8EABD0A17CE7, - 00E4CE6DFF9B8EABD0A17CE7, - 00E4CE6EFF9B8EABD0A17CE7, - 00E4CE6FFF9B8EABD0A17CE7, - 00E4CE70FF9B8EABD0A17CE7, - 00E4CE71FF9B8EABD0A17CE7, - 00E4CE72FF9B8EABD0A17CE7, - 00E4CE73FF9B8EABD0A17CE7, - 00E4CE76FF9B8EABD0A17CE7, - 00E4CE77FF9B8EABD0A17CE7, - 00E4CE78FF9B8EABD0A17CE7, - 00E4CE79FF9B8EABD0A17CE7, - 00E4CE7AFF9B8EABD0A17CE7, - 00E4CE7CFF9B8EABD0A17CE7, - 00E4CE7DFF9B8EABD0A17CE7, - 00E4CEB7FF9B909FD0A17CE7, - 00E4CEB8FF9B909FD0A17CE7, - 0145E21DFFEED50A7F000001, - 9D1B441A01F5ED1200003D05, - 9D1B441B01F5ED1200003D05, - 9D1B441C01F5ED1200003D05, - 9DD49D9A030C714000003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 00E4CE3AFF9B8CA8D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 9D1B441D01F5ED1200003D05, - 9D1B441E01F5ED1200003D05, - 9D1B441F01F5ED1200003D05, - 9D1B442001F5ED1200003D05, - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 00E4CE3BFF9B8CA8D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 00E4CE82FF9B8F1DD0A17CE7, - 00E4CE85FF9B8F1DD0A17CE7, - 00E4CE9BFF9B8FE5D0A17CE7, - 00E4CE9EFF9B8FE5D0A17CE7, - 00E4CE9FFF9B8FE5D0A17CE7, - 00E4CEA0FF9B8FE5D0A17CE7, - 00E4CEA1FF9B8FE5D0A17CE7, - 00E4CEA3FF9B8FE5D0A17CE7, - 00E4CEA5FF9B8FE5D0A17CE7, - 00E4CEA6FF9B8FE5D0A17CE7, - 00E4CEA7FF9B8FE5D0A17CE7, - 00E4CEA8FF9B8FE5D0A17CE7, - 00E4CEA9FF9B8FE5D0A17CE7, - 00E4CEAAFF9B8FE5D0A17CE7, - 00E4CEABFF9B8FE5D0A17CE7, - 00E4CEACFF9B8FE5D0A17CE7, - 00E4CEAEFF9B8FE5D0A17CE7, - 00E4CEAFFF9B8FE5D0A17CE7, - 00E4CEB9FF9B909FD0A17CE7, - 00E4CEBAFF9B909FD0A17CE7, - 00E4CEBBFF9B909FD0A17CE7, - 00E4CEBCFF9B909FD0A17CE7, - 00E4CEBDFF9B909FD0A17CE7, - 00E4CEC0FF9B9A4ED0A17CE7, - 0145E21EFFEED50A7F000001, - 9D1B442601F5ED3000003D05, - 9D1B442701F5ED3000003D05, - 9D1B442801F5ED3000003D05, - 9D1B442901F5ED3000003D05, - 9D1B442A01F5ED3000003D05, - 9D1B443101F5EE8D00003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 00E4CE3CFF9B8CA8D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 1F123559FF9CE3A5D0A17CE7, - 9D1B442C01F5ED9400003D05, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 00E4CE3DFF9B8CA8D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 00E4CE3EFF9B8E08D0A17CE7 = { - children = ( - 00E4CEB0FF9B909FD0A17CE7, - 00E4CEB1FF9B909FD0A17CE7, - 00E4CEB2FF9B909FD0A17CE7, - 00E4CEB3FF9B909FD0A17CE7, - 00E4CEB4FF9B909FD0A17CE7, - 00E4CE3FFF9B8E08D0A17CE7, - 00E4CE40FF9B8E08D0A17CE7, - ); - isa = PBXGroup; - name = "SSL Core"; - refType = 4; - }; - 00E4CE3FFF9B8E08D0A17CE7 = { - children = ( - 00E4CE86FF9B8FE5D0A17CE7, - 00E4CE87FF9B8FE5D0A17CE7, - 00E4CE88FF9B8FE5D0A17CE7, - 00E4CE89FF9B8FE5D0A17CE7, - ); - isa = PBXGroup; - name = SSL2; - refType = 4; - }; - 00E4CE40FF9B8E08D0A17CE7 = { - children = ( - 00E4CE8AFF9B8FE5D0A17CE7, - 00E4CE8BFF9B8FE5D0A17CE7, - 00E4CE8CFF9B8FE5D0A17CE7, - 00E4CE8DFF9B8FE5D0A17CE7, - 00E4CE8FFF9B8FE5D0A17CE7, - 00E4CE90FF9B8FE5D0A17CE7, - ); - isa = PBXGroup; - name = Handshake; - refType = 4; - }; - 00E4CE41FF9B8EABD0A17CE7 = { - children = ( - 00E4CEB5FF9B909FD0A17CE7, - 00E4CEB6FF9B909FD0A17CE7, - 9D1B441201F5ED1200003D05, - ); - isa = PBXGroup; - name = "Public Headers"; - path = ""; - refType = 4; - }; - 00E4CE42FF9B8EABD0A17CE7 = { - children = ( - 00E4CE43FF9B8EABD0A17CE7, - 00E4CE45FF9B8EABD0A17CE7, - 00E4CE46FF9B8EABD0A17CE7, - 00E4CE47FF9B8EABD0A17CE7, - 00E4CE48FF9B8EABD0A17CE7, - 0145E21CFFEED50A7F000001, - 00E4CE4DFF9B8EABD0A17CE7, - 00E4CE4EFF9B8EABD0A17CE7, - 00E4CE4FFF9B8EABD0A17CE7, - 00E4CE50FF9B8EABD0A17CE7, - 00E4CE51FF9B8EABD0A17CE7, - 00E4CE52FF9B8EABD0A17CE7, - 00E4CE53FF9B8EABD0A17CE7, - 00E4CE54FF9B8EABD0A17CE7, - 00E4CE57FF9B8EABD0A17CE7, - 00E4CE58FF9B8EABD0A17CE7, - 00E4CE59FF9B8EABD0A17CE7, - 00E4CE5AFF9B8EABD0A17CE7, - 00E4CE5BFF9B8EABD0A17CE7, - 00E4CE5DFF9B8EABD0A17CE7, - 00E4CE5EFF9B8EABD0A17CE7, - 9D1B441301F5ED1200003D05, - 9D1B441801F5ED1200003D05, - 9D1B441901F5ED1200003D05, - 9DD49D99030C714000003D05, - ); - isa = PBXGroup; - name = "Private Headers"; - path = ""; - refType = 4; - }; - 00E4CE43FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = appleCdsa.h; - path = privateInc/appleCdsa.h; - refType = 4; - }; - 00E4CE45FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = appleSession.h; - path = privateInc/appleSession.h; - refType = 4; - }; - 00E4CE46FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = cipherSpecs.h; - path = privateInc/cipherSpecs.h; - refType = 4; - }; - 00E4CE47FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = cryptType.h; - path = privateInc/cryptType.h; - refType = 4; - }; - 00E4CE48FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslDigests.h; - path = privateInc/sslDigests.h; - refType = 4; - }; - 00E4CE4DFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ssl.h; - path = privateInc/ssl.h; - refType = 4; - }; - 00E4CE4EFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ssl2.h; - path = privateInc/ssl2.h; - refType = 4; - }; - 00E4CE4FFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslAlertMessage.h; - path = privateInc/sslAlertMessage.h; - refType = 4; - }; - 00E4CE50FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslMemory.h; - path = privateInc/sslMemory.h; - refType = 4; - }; - 00E4CE51FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslBER.h; - path = privateInc/sslBER.h; - refType = 4; - }; - 00E4CE52FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslBuildFlags.h; - path = privateInc/sslBuildFlags.h; - refType = 4; - }; - 00E4CE53FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslContext.h; - path = privateInc/sslContext.h; - refType = 4; - }; - 00E4CE54FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslDebug.h; - path = privateInc/sslDebug.h; - refType = 4; - }; - 00E4CE57FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslHandshake.h; - path = privateInc/sslHandshake.h; - refType = 4; - }; - 00E4CE58FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslKeychain.h; - path = privateInc/sslKeychain.h; - refType = 4; - }; - 00E4CE59FF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslPriv.h; - path = privateInc/sslPriv.h; - refType = 4; - }; - 00E4CE5AFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslRecord.h; - path = privateInc/sslRecord.h; - refType = 4; - }; - 00E4CE5BFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslSession.h; - path = privateInc/sslSession.h; - refType = 4; - }; - 00E4CE5DFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslUtils.h; - path = privateInc/sslUtils.h; - refType = 4; - }; - 00E4CE5EFF9B8EABD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = symCipher.h; - path = privateInc/symCipher.h; - refType = 4; - }; - 00E4CE5FFF9B8EABD0A17CE7 = { - children = ( - 00E4CE7EFF9B8F1DD0A17CE7, - 00E4CE81FF9B8F1DD0A17CE7, - 00E4CE91FF9B8FE5D0A17CE7, - 00E4CE94FF9B8FE5D0A17CE7, - 0145E21BFFEED50A7F000001, - 9D1B442101F5ED3000003D05, - 9D1B442201F5ED3000003D05, - 9D1B442301F5ED3000003D05, - 9D1B442401F5ED3000003D05, - 9D1B442501F5ED3000003D05, - 9D1B443001F5EE8D00003D05, - ); - isa = PBXGroup; - name = Apple; - path = ""; - refType = 4; - }; - 00E4CE60FF9B8EABD0A17CE7 = { - children = ( - 00E4CE95FF9B8FE5D0A17CE7, - 00E4CE97FF9B8FE5D0A17CE7, - ); - isa = PBXGroup; - name = "Embedded Crypto"; - path = ""; - refType = 4; - }; - 00E4CE61FF9B8EABD0A17CE7 = { - children = ( - 00E4CEBFFF9B9A4ED0A17CE7, - 00E4CE99FF9B8FE5D0A17CE7, - 00E4CE9AFF9B8FE5D0A17CE7, - ); - isa = PBXGroup; - name = Misc.; - path = ""; - refType = 4; - }; - 00E4CE62FF9B8EABD0A17CE7 = { - fileRef = 00E4CE43FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE64FF9B8EABD0A17CE7 = { - fileRef = 00E4CE45FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE65FF9B8EABD0A17CE7 = { - fileRef = 00E4CE46FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE66FF9B8EABD0A17CE7 = { - fileRef = 00E4CE47FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE67FF9B8EABD0A17CE7 = { - fileRef = 00E4CE48FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE6CFF9B8EABD0A17CE7 = { - fileRef = 00E4CE4DFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE6DFF9B8EABD0A17CE7 = { - fileRef = 00E4CE4EFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE6EFF9B8EABD0A17CE7 = { - fileRef = 00E4CE4FFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE6FFF9B8EABD0A17CE7 = { - fileRef = 00E4CE50FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE70FF9B8EABD0A17CE7 = { - fileRef = 00E4CE51FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE71FF9B8EABD0A17CE7 = { - fileRef = 00E4CE52FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE72FF9B8EABD0A17CE7 = { - fileRef = 00E4CE53FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE73FF9B8EABD0A17CE7 = { - fileRef = 00E4CE54FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE76FF9B8EABD0A17CE7 = { - fileRef = 00E4CE57FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE77FF9B8EABD0A17CE7 = { - fileRef = 00E4CE58FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE78FF9B8EABD0A17CE7 = { - fileRef = 00E4CE59FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE79FF9B8EABD0A17CE7 = { - fileRef = 00E4CE5AFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE7AFF9B8EABD0A17CE7 = { - fileRef = 00E4CE5BFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE7CFF9B8EABD0A17CE7 = { - fileRef = 00E4CE5DFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE7DFF9B8EABD0A17CE7 = { - fileRef = 00E4CE5EFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 00E4CE7EFF9B8F1DD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleCdsa.cpp; - refType = 4; - }; - 00E4CE81FF9B8F1DD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslKeychain.cpp; - refType = 4; - }; - 00E4CE82FF9B8F1DD0A17CE7 = { - fileRef = 00E4CE7EFF9B8F1DD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CE85FF9B8F1DD0A17CE7 = { - fileRef = 00E4CE81FF9B8F1DD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CE86FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2CipherMap.cpp; - refType = 4; - }; - 00E4CE87FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Message.cpp; - refType = 4; - }; - 00E4CE88FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Protocol.cpp; - refType = 4; - }; - 00E4CE89FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Record.cpp; - refType = 4; - }; - 00E4CE8AFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslCert.cpp; - refType = 4; - }; - 00E4CE8BFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslChangeCipher.cpp; - refType = 4; - }; - 00E4CE8CFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshakeFinish.cpp; - refType = 4; - }; - 00E4CE8DFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshakeHello.cpp; - refType = 4; - }; - 00E4CE8FFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslKeyExchange.cpp; - refType = 4; - }; - 00E4CE90FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshake.cpp; - refType = 4; - }; - 00E4CE91FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cipherSpecs.cpp; - refType = 4; - }; - 00E4CE94FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = symCipher.cpp; - refType = 4; - }; - 00E4CE95FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslDigests.cpp; - refType = 4; - }; - 00E4CE97FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslNullCipher.cpp; - refType = 4; - }; - 00E4CE99FF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslMemory.cpp; - refType = 4; - }; - 00E4CE9AFF9B8FE5D0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslUtils.cpp; - refType = 4; - }; - 00E4CE9BFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE91FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CE9EFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE94FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CE9FFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE99FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA0FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE9AFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA1FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE95FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA3FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE97FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA5FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE86FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA6FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE87FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA7FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE88FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA8FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE89FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEA9FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE8AFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEAAFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE8BFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEABFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE8CFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEACFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE8DFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEAEFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE8FFF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEAFFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE90FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEB0FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslAlertMessage.cpp; - refType = 4; - }; - 00E4CEB1FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslContext.cpp; - refType = 4; - }; - 00E4CEB2FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslRecord.cpp; - refType = 4; - }; - 00E4CEB3FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslSession.cpp; - refType = 4; - }; - 00E4CEB4FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslTransport.cpp; - refType = 4; - }; - 00E4CEB5FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = CipherSuite.h; - path = SecureTransport/CipherSuite.h; - refType = 4; - }; - 00E4CEB6FF9B909FD0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SecureTransport.h; - path = SecureTransport/SecureTransport.h; - refType = 4; - }; - 00E4CEB7FF9B909FD0A17CE7 = { - fileRef = 00E4CEB5FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 00E4CEB8FF9B909FD0A17CE7 = { - fileRef = 00E4CEB6FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 00E4CEB9FF9B909FD0A17CE7 = { - fileRef = 00E4CEB0FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEBAFF9B909FD0A17CE7 = { - fileRef = 00E4CEB1FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEBBFF9B909FD0A17CE7 = { - fileRef = 00E4CEB2FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEBCFF9B909FD0A17CE7 = { - fileRef = 00E4CEB3FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEBDFF9B909FD0A17CE7 = { - fileRef = 00E4CEB4FF9B909FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E4CEBEFF9B99B0D0A17CE7 = { - isa = PBXTargetDependency; - target = 00E4CE38FF9B8CA8D0A17CE7; - }; - 00E4CEBFFF9B9A4ED0A17CE7 = { - fileEncoding = 30; - isa = PBXFileReference; - path = secureTransport.exp; - refType = 4; - }; - 00E4CEC0FF9B9A4ED0A17CE7 = { - fileRef = 00E4CEBFFF9B9A4ED0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//000 -//001 -//002 -//003 -//004 -//010 -//011 -//012 -//013 -//014 - 0145E21BFFEED50A7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ModuleAttacher.cpp; - refType = 4; - }; - 0145E21CFFEED50A7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ModuleAttacher.h; - refType = 4; - }; - 0145E21DFFEED50A7F000001 = { - fileRef = 0145E21CFFEED50A7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0145E21EFFEED50A7F000001 = { - fileRef = 0145E21BFFEED50A7F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//010 -//011 -//012 -//013 -//014 -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 - 1F123557FF9CE3A5D0A17CE7 = { - isa = PBXFrameworkReference; - name = CoreFoundation.framework; - path = /System/Library/Frameworks/CoreFoundation.framework; - refType = 0; - }; - 1F123559FF9CE3A5D0A17CE7 = { - fileRef = 1F123557FF9CE3A5D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 1F12355AFF9CE43ED0A17CE7 = { - children = ( - 1F123557FF9CE3A5D0A17CE7, - 9D1B442B01F5ED9400003D05, - ); - isa = PBXGroup; - name = Frameworks; - refType = 4; - }; -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 -//480 -//481 -//482 -//483 -//484 - 48499A08FFCB05657F000001 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = "-O0"; - }; - isa = PBXBuildStyle; - name = Development; - }; - 48499A09FFCB05657F000001 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; -//480 -//481 -//482 -//483 -//484 -//9D0 -//9D1 -//9D2 -//9D3 -//9D4 - 9D1B441201F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "securetransport++.h"; - refType = 4; - }; - 9D1B441301F5ED1200003D05 = { - children = ( - 9D1B441401F5ED1200003D05, - 9D1B441501F5ED1200003D05, - 9D1B441601F5ED1200003D05, - 9D1B441701F5ED1200003D05, - ); - isa = PBXGroup; - name = CVS; - path = privateInc/CVS; - refType = 4; - }; - 9D1B441401F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Entries; - refType = 4; - }; - 9D1B441501F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Repository; - refType = 4; - }; - 9D1B441601F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Root; - refType = 4; - }; - 9D1B441701F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Template; - refType = 4; - }; - 9D1B441801F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = tls_hmac.h; - path = privateInc/tls_hmac.h; - refType = 4; - }; - 9D1B441901F5ED1200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = tls_ssl.h; - path = privateInc/tls_ssl.h; - refType = 4; - }; - 9D1B441A01F5ED1200003D05 = { - fileRef = 9D1B441801F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B441B01F5ED1200003D05 = { - fileRef = 9D1B441901F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B441C01F5ED1200003D05 = { - fileRef = 9D1B441201F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B441D01F5ED1200003D05 = { - fileRef = 9D1B441401F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B441E01F5ED1200003D05 = { - fileRef = 9D1B441501F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B441F01F5ED1200003D05 = { - fileRef = 9D1B441601F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442001F5ED1200003D05 = { - fileRef = 9D1B441701F5ED1200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442101F5ED3000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleSession.cpp; - refType = 4; - }; - 9D1B442201F5ED3000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "securetransport++.cpp"; - refType = 4; - }; - 9D1B442301F5ED3000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl3Callouts.cpp; - refType = 4; - }; - 9D1B442401F5ED3000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tls_hmac.cpp; - refType = 4; - }; - 9D1B442501F5ED3000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tls1Callouts.cpp; - refType = 4; - }; - 9D1B442601F5ED3000003D05 = { - fileRef = 9D1B442101F5ED3000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442701F5ED3000003D05 = { - fileRef = 9D1B442201F5ED3000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442801F5ED3000003D05 = { - fileRef = 9D1B442301F5ED3000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442901F5ED3000003D05 = { - fileRef = 9D1B442401F5ED3000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442A01F5ED3000003D05 = { - fileRef = 9D1B442501F5ED3000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B442B01F5ED9400003D05 = { - isa = PBXFrameworkReference; - name = Security.framework; - path = /Volumes/Data_and_Apps/dmitchBuildRelease/Security.framework; - refType = 0; - }; - 9D1B442C01F5ED9400003D05 = { - fileRef = 9D1B442B01F5ED9400003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1B443001F5EE8D00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslBER_Dummy.cpp; - refType = 4; - }; - 9D1B443101F5EE8D00003D05 = { - fileRef = 9D1B443001F5EE8D00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DD49D99030C714000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SecureTransportPriv.h; - path = privateInc/SecureTransportPriv.h; - refType = 4; - }; - 9DD49D9A030C714000003D05 = { - fileRef = 9DD49D99030C714000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 00E4CE33FF9B8B71D0A17CE7; -} diff --git a/SecureTransport/SecureTransport/CipherSuite.h b/SecureTransport/SecureTransport/CipherSuite.h deleted file mode 100644 index 55ce16d8..00000000 --- a/SecureTransport/SecureTransport/CipherSuite.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: CipherSuite.h - - Contains: SSL Cipher Suite definitions. - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ -#ifndef _SECURITY_CIPHERSUITE_H_ -#define _SECURITY_CIPHERSUITE_H_ - -/* fetch Uint32 */ -#include - -/* - * Defined as enum for debugging, but in the protocol - * it is actually exactly two bytes - */ -typedef UInt32 SSLCipherSuite; - -enum -{ SSL_NULL_WITH_NULL_NULL = 0x0000, - SSL_RSA_WITH_NULL_MD5 = 0x0001, - SSL_RSA_WITH_NULL_SHA = 0x0002, - SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - SSL_RSA_WITH_RC4_128_MD5 = 0x0004, - SSL_RSA_WITH_RC4_128_SHA = 0x0005, - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007, - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - SSL_RSA_WITH_DES_CBC_SHA = 0x0009, - SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, - SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018, - SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A, - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, - SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = 0x001D, - /* - * Tags for SSL 2 cipher kinds which are not specified - * for SSL 3. - */ - SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, - SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, - SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, - SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, - SSL_NO_SUCH_CIPHERSUITE = 0xFFFF -}; - -#endif /* !_SECURITY_CIPHERSUITE_H_ */ diff --git a/SecureTransport/SecureTransport/SecureTransport.h b/SecureTransport/SecureTransport/SecureTransport.h deleted file mode 100644 index 7e43d996..00000000 --- a/SecureTransport/SecureTransport/SecureTransport.h +++ /dev/null @@ -1,770 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: SecureTransport.h - - Contains: Public API for Apple SSL/TLS Implementation - - Copyright: (c) 1999-2002 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SECURITY_SECURETRANSPORT_H_ -#define _SECURITY_SECURETRANSPORT_H_ - -/* - * This file describes the public API for an implementation of the - * Secure Socket Layer, V. 3.0, and Transport Layer Security, V. 1.0. - * - * There no transport layer dependencies in this library; - * it can be used with sockets, Open Transport, etc. Applications using - * this library provide callback functions which do the actual I/O - * on underlying network connections. Applications are also responsible - * for setting up raw network connections; the application passes in - * an opaque reference to the underlying (connected) entity at the - * start of an SSL session in the form of an SSLConnectionRef. - * - * Some terminology: - * - * A "client" is the initiator of an SSL Session. The canonical example - * of a client is a web browser, when it's talking to an https URL. - * - * A "server" is an entity which accepts requests for SSL sessions made - * by clients. E.g., a secure web server. - - * An "SSL Session", or "session", is bounded by calls to SSLHandshake() - * and SSLClose(). An "Active session" is in some state between these - * two calls, inclusive. - * - * An SSL Session Context, or SSLContextRef, is an opaque reference in this - * library to the state associated with one session. A SSLContextRef cannot - * be reused for multiple sessions. - */ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/*********************** - *** Common typedefs *** - ***********************/ - -/* Opaque reference to an SSL session context */ -struct SSLContext; -typedef struct SSLContext *SSLContextRef; - -/* Opaque reference to an I/O conection (socket, Endpoint, etc.) */ -typedef const void * SSLConnectionRef; - -/* SSL Protocol version */ -typedef enum { - kSSLProtocolUnknown, /* no protocol negotiated/specified; use default */ - kSSLProtocol2, /* SSL 2.0 only */ - kSSLProtocol3, /* SSL 3.0 preferred, 2.0 OK if peer requires */ - kSSLProtocol3Only, /* use SSL 3.0 only, fail if peer tries to - * negotiate 2.0 */ - kTLSProtocol1, /* TLS 1.0 preferred, lower versions OK */ - kTLSProtocol1Only, /* TLS 1.0 only */ - kSSLProtocolAll /* all supported versions */ -} SSLProtocol; - -/* State of an SSLSession */ -typedef enum { - kSSLIdle, /* no I/O performed yet */ - kSSLHandshake, /* SSL handshake in progress */ - kSSLConnected, /* Handshake complete, ready for normal I/O */ - kSSLClosed, /* connection closed normally */ - kSSLAborted /* connection aborted */ -} SSLSessionState; - -/* - * Status of client certificate exchange (which is optional - * for both server and client). - */ -typedef enum { - /* Server hasn't asked for a cert. Client hasn't sent one. */ - kSSLClientCertNone, - /* Server has asked for a cert, but client didn't send it. */ - kSSLClientCertRequested, - /* - * Server side: We asked for a cert, client sent one, we validated - * it OK. App can inspect the cert via - * SSLGetPeerCertificates(). - * Client side: server asked for one, we sent it. - */ - kSSLClientCertSent, - /* - * Client sent a cert but failed validation. Server side only. - * Server app can inspect the cert via SSLGetPeerCertificates(). - */ - kSSLClientCertRejected -} SSLClientCertificateState; - -/* - * R/W functions. The application using this library provides - * these functions via SSLSetIOFuncs(). - * - * Data's memory is allocated by caller; on entry to these two functions - * the *length argument indicates both the size of the available data and the - * requested byte count. Number of bytes actually transferred is returned in - * *length. - * - * The application may configure the underlying connection to operate - * in a non-blocking manner; in such a case, a read operation may - * well return errSSLWouldBlock, indicating "I transferred less data than - * you requested (maybe even zero bytes), nothing is wrong, except - * requested I/O hasn't completed". This will be returned back up to - * the application as a return from SSLRead(), SSLWrite(), SSLHandshake(), - * etc. - */ -typedef OSStatus -(*SSLReadFunc) (SSLConnectionRef connection, - void *data, /* owned by - * caller, data - * RETURNED */ - size_t *dataLength); /* IN/OUT */ -typedef OSStatus -(*SSLWriteFunc) (SSLConnectionRef connection, - const void *data, - size_t *dataLength); /* IN/OUT */ - - -/************************************************* - *** OSStatus values unique to SecureTransport *** - *************************************************/ - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -enum { - errSSLProtocol = -9800, /* SSL protocol error */ - errSSLNegotiation = -9801, /* Cipher Suite negotiation failure */ - errSSLFatalAlert = -9802, /* Fatal alert */ - errSSLWouldBlock = -9803, /* I/O would block (not fatal) */ - errSSLSessionNotFound = -9804, /* attempt to restore an unknown session */ - errSSLClosedGraceful = -9805, /* connection closed gracefully */ - errSSLClosedAbort = -9806, /* connection closed via error */ - errSSLXCertChainInvalid = -9807, /* Invalid certificate chain */ - errSSLBadCert = -9808, /* bad certificate format */ - errSSLCrypto = -9809, /* underlying cryptographic error */ - errSSLInternal = -9810, /* Internal error */ - errSSLModuleAttach = -9811, /* module attach failure */ - errSSLUnknownRootCert = -9812, /* valid cert chain, untrusted root */ - errSSLNoRootCert = -9813, /* cert chain not verified by root */ - errSSLCertExpired = -9814, /* chain had an expired cert */ - errSSLCertNotYetValid = -9815, /* chain had a cert not yet valid */ - errSSLClosedNoNotify = -9816, /* server closed session with no notification */ - errSSLBufferOverflow = -9817, /* insufficient buffer provided */ - errSSLBadCipherSuite = -9818, /* bad SSLCipherSuite */ - - /* fatal errors detected by peer */ - errSSLPeerUnexpectedMsg = -9819, /* unexpected message received */ - errSSLPeerBadRecordMac = -9820, /* bad MAC */ - errSSLPeerDecryptionFail = -9821, /* decryption failed */ - errSSLPeerRecordOverflow = -9822, /* record overflow */ - errSSLPeerDecompressFail = -9823, /* decompression failure */ - errSSLPeerHandshakeFail = -9824, /* handshake failure */ - errSSLPeerBadCert = -9825, /* misc. bad certificate */ - errSSLPeerUnsupportedCert = -9826, /* bad unsupported cert format */ - errSSLPeerCertRevoked = -9827, /* certificate revoked */ - errSSLPeerCertExpired = -9828, /* certificate expired */ - errSSLPeerCertUnknown = -9829, /* unknown certificate */ - errSSLIllegalParam = -9830, /* illegal parameter */ - errSSLPeerUnknownCA = -9831, /* unknown Cert Authority */ - errSSLPeerAccessDenied = -9832, /* access denied */ - errSSLPeerDecodeError = -9833, /* decoding error */ - errSSLPeerDecryptError = -9834, /* decryption error */ - errSSLPeerExportRestriction = -9835, /* export restriction */ - errSSLPeerProtocolVersion = -9836, /* bad protocol version */ - errSSLPeerInsufficientSecurity = -9837, /* insufficient security */ - errSSLPeerInternalError = -9838, /* internal error */ - errSSLPeerUserCancelled = -9839, /* user canceled */ - errSSLPeerNoRenegotiation = -9840, /* no renegotiation allowed */ - - /* more errors detected by us */ - errSSLDecryptionFail = -9845, /* decryption failure */ - errSSLBadRecordMac = -9846, /* bad MAC */ - errSSLRecordOverflow = -9847, /* Record Overflow */ - errSSLBadConfiguration = -9848, /* configuration error */ - errSSLLast = -9849 /* end of range, to be deleted */ -}; - - -/****************** - *** Public API *** - ******************/ - -/* - * Create a new session context. - */ -OSStatus -SSLNewContext (Boolean isServer, - SSLContextRef *contextPtr); /* RETURNED */ - -/* - * Dispose of an SSLContextRef. - */ -OSStatus -SSLDisposeContext (SSLContextRef context); - -/* - * Determine the state of an SSL session. - */ -OSStatus -SSLGetSessionState (SSLContextRef context, - SSLSessionState *state); /* RETURNED */ - - -/******************************************************************** - *** Session context configuration, common to client and servers. *** - ********************************************************************/ - -/* - * Specify functions which do the network I/O. Must be called prior - * to SSLHandshake(); subsequently can not be called while a session is - * active. - */ -OSStatus -SSLSetIOFuncs (SSLContextRef context, - SSLReadFunc read, - SSLWriteFunc write); - -/* - * Set allowed SSL protocol versions. Optional. - * Specifying kSSLProtocolAll for SSLSetProtocolVersionEnabled results in - * specified 'enable' boolean to be applied to all supported protocols. - * The default is "all supported protocols are enabled". - * This can only be called when no session is active. - * - * Legal values for protocol are : - * kSSLProtocol2 - * kSSLProtocol3 - * kTLSProtocol1 - * kSSLProtocolAll - */ -OSStatus -SSLSetProtocolVersionEnabled (SSLContextRef context, - SSLProtocol protocol, - Boolean enable); - -/* - * Obtain a value specified in SSLSetProtocolVersionEnabled. - */ -OSStatus -SSLGetProtocolVersionEnabled(SSLContextRef context, - SSLProtocol protocol, - Boolean *enable); /* RETURNED */ - -/* - * Get/set SSL protocol version; optional. Default is kSSLProtocolUnknown, - * in which case the highest possible version (currently kTLSProtocol1) - * is attempted, but a lower version is accepted if the peer requires it. - * - * SSLSetProtocolVersion can not be called when a session is active. - * - * This is deprecated in favor of SSLSetProtocolVersionEnabled. - */ -OSStatus -SSLSetProtocolVersion (SSLContextRef context, - SSLProtocol version); - -/* - * Obtain the protocol version specified in SSLSetProtocolVersion. - * This is deprecated in favor of SSLGetProtocolVersionEnabled. - * If SSLSetProtocolVersionEnabled() has been called for this session, - * SSLGetProtocolVersion() may return paramErr if the protocol enable - * state can not be represented by the SSLProtocol enums (e.g., - * SSL2 and TLS1 enabled, SSL3 disabled). - */ -OSStatus -SSLGetProtocolVersion (SSLContextRef context, - SSLProtocol *protocol); /* RETURNED */ - -/* - * Specify this connection's certificate(s). This is mandatory for - * server connections, optional for clients. Specifying a certificate - * for a client enables SSL client-side authentication. The end-entity - * cert is in certRefs[0]. Specifying a root cert is optional; if it's - * not specified, the root cert which verifies the cert chain specified - * here must be present in the system-wide set of trusted anchor certs. - * - * The certRefs argument is a CFArray containing SecCertificateRefs, - * except for certRefs[0], which is a SecIdentityRef. - * - * Can only be called when no session is active. - * - * SecureTransport assumes the following: - * - * -- The certRef references remains valid for the lifetime of the - * session. - * -- The specified certRefs[0] is capable of signing. - * -- The required capabilities of the certRef[0], and of the optional cert - * specified in SSLSetEncryptionCertificate (see below), are highly - * dependent on the application. For example, to work as a server with - * Netscape clients, the cert specified here must be capable of both - * signing and encrypting. - */ -OSStatus -SSLSetCertificate (SSLContextRef context, - CFArrayRef certRefs); - -/* - * Specify I/O connection - a socket, endpoint, etc., which is - * managed by caller. On the client side, it's assumed that communication - * has been established with the desired server on this connection. - * On the server side, it's assumed that an incoming client request - * has been established. - * - * Must be called prior to SSLHandshake(); subsequently can only be - * called when no session is active. - */ -OSStatus -SSLSetConnection (SSLContextRef context, - SSLConnectionRef connection); - -OSStatus -SSLGetConnection (SSLContextRef context, - SSLConnectionRef *connection); - -/* - * Specify the fully qualified doman name of the peer, e.g., "store.apple.com." - * Optional; used to verify the common name field in peer's certificate. - * Name is in the form of a C string; NULL termination optional, i.e., - * peerName[peerNameLen[1] may or may not have a NULL. In any case peerNameLen - * is the number of bytes of the peer domain name. - */ -OSStatus -SSLSetPeerDomainName (SSLContextRef context, - const char *peerName, - size_t peerNameLen); - -/* - * Determine the buffer size needed for SSLGetPeerDomainName(). - */ -OSStatus -SSLGetPeerDomainNameLength (SSLContextRef context, - size_t *peerNameLen); // RETURNED - -/* - * Obtain the value specified in SSLSetPeerDomainName(). - */ -OSStatus -SSLGetPeerDomainName (SSLContextRef context, - char *peerName, // returned here - size_t *peerNameLen); // IN/OUT - -/* - * Obtain the actual negotiated protocol version of the active - * session, which may be different that the value specified in - * SSLSetProtocolVersion(). Returns kSSLProtocolUnknown if no - * SSL session is in progress. - */ -OSStatus -SSLGetNegotiatedProtocolVersion (SSLContextRef context, - SSLProtocol *protocol); /* RETURNED */ - -/* - * Determine number and values of all of the SSLCipherSuites we support. - * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in - * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow - * will be returned. - */ -OSStatus -SSLGetNumberSupportedCiphers (SSLContextRef context, - size_t *numCiphers); - -OSStatus -SSLGetSupportedCiphers (SSLContextRef context, - SSLCipherSuite *ciphers, /* RETURNED */ - size_t *numCiphers); /* IN/OUT */ - -/* - * Specify a (typically) restricted set of SSLCipherSuites to be enabled by - * the current SSLContext. Can only be called when no session is active. Default - * set of enabled SSLCipherSuites is the same as the complete set of supported - * SSLCipherSuites as obtained by SSLGetSupportedCiphers(). - */ -OSStatus -SSLSetEnabledCiphers (SSLContextRef context, - const SSLCipherSuite *ciphers, - size_t numCiphers); - -/* - * Determine number and values of all of the SSLCipherSuites currently enabled. - * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in - * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow - * will be returned. - */ -OSStatus -SSLGetNumberEnabledCiphers (SSLContextRef context, - size_t *numCiphers); - -OSStatus -SSLGetEnabledCiphers (SSLContextRef context, - SSLCipherSuite *ciphers, /* RETURNED */ - size_t *numCiphers); /* IN/OUT */ - -/* - * Enable/disable peer certificate chain validation. Default is enabled. - * If caller disables, it is the caller's responsibility to call - * SSLGetPeerCertificates() upon successful completion of the handshake - * and then to perform external validation of the peer certificate - * chain before proceeding with data transfer. - */ -OSStatus -SSLSetEnableCertVerify (SSLContextRef context, - Boolean enableVerify); - -OSStatus -SSLGetEnableCertVerify (SSLContextRef context, - Boolean *enableVerify); /* RETURNED */ - - -/* - * Specify the option of ignoring certificates' "expired" times. - * This is a common failure in the real SSL world. Default for - * this flag is false, meaning expired certs result in a - * errSSLCertExpired error. - */ -OSStatus -SSLSetAllowsExpiredCerts (SSLContextRef context, - Boolean allowsExpired); - -/* - * Obtain the current value of an SSLContext's "allowExpiredCerts" flag. - */ -OSStatus -SSLGetAllowsExpiredCerts (SSLContextRef context, - Boolean *allowsExpired); /* RETURNED */ - -/* - * Similar to SSLSetAllowsExpiredCerts(), this function allows the - * option of ignoring "expired" status for root certificates only. - * Default is false, i.e., expired root certs result in an - * errSSLCertExpired error. - */ -OSStatus -SSLSetAllowsExpiredRoots (SSLContextRef context, - Boolean allowsExpired); - -OSStatus -SSLGetAllowsExpiredRoots (SSLContextRef context, - Boolean *allowsExpired); /* RETURNED */ - -/* - * Specify option of allowing for an unknown root cert, i.e., one which - * this software can not verify as one of a list of known good root certs. - * Default for this flag is false, in which case one of the following two - * errors may occur: - * -- The peer returns a cert chain with a root cert, and the chain - * verifies to that root, but the root is not one of our trusted - * roots. This results in errSSLUnknownRootCert on handshake. - * -- The peer returns a cert chain which does not contain a root cert, - * and we can't verify the chain to one of our trusted roots. This - * results in errSSLNoRootCert on handshake. - * - * Both of these error conditions are ignored when the AllowAnyRoot flag is true, - * allowing connection to a totally untrusted peer. - */ -OSStatus -SSLSetAllowsAnyRoot (SSLContextRef context, - Boolean anyRoot); - -/* - * Obtain the current value of an SSLContext's "allow any root" flag. - */ -OSStatus -SSLGetAllowsAnyRoot (SSLContextRef context, - Boolean *anyRoot); /* RETURNED */ - -/* - * Augment or replace the system's default trusted root certificate set - * for this session. If replaceExisting is true, the specified roots will - * be the only roots which are trusted during this session. If replaceExisting - * is false, the specified roots will be added to the current set of trusted - * root certs. If this function has never been called, the current trusted - * root set is the same as the system's default trusted root set. - * Successive calls with replaceExisting false result in accumulation - * of additional root certs. - * - * The trustedRoots array contains SecCertificateRefs. - */ -OSStatus -SSLSetTrustedRoots (SSLContextRef context, - CFArrayRef trustedRoots, - Boolean replaceExisting); - -/* - * Obtain an array of SecCertificateRefs representing the current - * set of trusted roots. If SSLSetTrustedRoots() has never been called - * for this session, this returns the system's default root set. - */ -OSStatus -SSLGetTrustedRoots (SSLContextRef context, - CFArrayRef *trustedRoots); /* RETURNED */ - -/* - * Request peer certificates. Valid anytime, subsequent to - * a handshake attempt. - * - * The certs argument is a CFArray containing SecCertificateRefs. - * The entire array is created by the SecureTransport library - * and must be released by the caller. The cert at index 0 of - * the returned array is the subject (end entity) cert; the - * root cert (or the closest cert to it) is at the end of the - * returned array. - */ -OSStatus -SSLGetPeerCertificates (SSLContextRef context, - CFArrayRef *certs); /* RETURNED */ - -/* - * Specify some data, opaque to this library, which is sufficient - * to uniquely identify the peer of the current session. An example - * would be IP address and port, stored in some caller-private manner. - * To be optionally called prior to SSLHandshake for the current - * session. This is mandatory if this session is to be resumable. - * - * SecureTransport allocates its own copy of the incoming peerID. The - * data provided in *peerID, while opaque to SecureTransport, is used - * in a byte-for-byte compare to other previous peerID values set by the - * current application. Matching peerID blobs result in SecureTransport - * attempting to resume an SSL session with the same parameters as used - * in the previous session which specified the same peerID bytes. - */ -OSStatus -SSLSetPeerID (SSLContextRef context, - const void *peerID, - size_t peerIDLen); - -/* - * Obtain current PeerID. Returns NULL pointer, zero length if - * SSLSetPeerID has not been called for this context. - */ -OSStatus -SSLGetPeerID (SSLContextRef context, - const void **peerID, - size_t *peerIDLen); - -/* - * Obtain the SSLCipherSuite (e.g., SSL_RSA_WITH_DES_CBC_SHA) negotiated - * for this session. Only valid when a session is active. - */ -OSStatus -SSLGetNegotiatedCipher (SSLContextRef context, - SSLCipherSuite *cipherSuite); - - -/******************************************************** - *** Session context configuration, server side only. *** - ********************************************************/ - -/* - * Specify this connection's encryption certificate(s). This is - * used in one of the following cases: - * - * -- The end-entity certificate specified in SSLSetCertificate() is - * not capable of encryption. - * - * -- The end-entity certificate specified in SSLSetCertificate() - * contains a key which is too large (i.e., too strong) for legal - * encryption in this session. In this case a weaker cert is - * specified here and is used for server-initiated key exchange. - * - * The certRefs argument is a CFArray containing SecCertificateRefs, - * except for certRefs[0], which is a SecIdentityRef. - * - * The following assumptions are made: - * - * -- The certRefs references remains valid for the lifetime of the - * connection. - * -- The specified certRefs[0] is capable of encryption. - * - * Can only be called when no session is active. - * - * Notes: - * ------ - * - * -- SSL servers which enforce the SSL3 spec to the letter will - * not accept encryption certs with key sizes larger than 512 - * bits for exportable ciphers. Apps which wish to use encryption - * certs with key sizes larger than 512 bits should disable the - * use of exportable ciphers via the SSLSetEnabledCiphers() call. - */ -OSStatus -SSLSetEncryptionCertificate (SSLContextRef context, - CFArrayRef certRefs); - -/* - * Specify requirements for client-side authentication. - * Optional; Default is kNeverAuthenticate. - * - * Can only be called when no session is active. - */ -typedef enum { - kNeverAuthenticate, /* skip client authentication */ - kAlwaysAuthenticate, /* require it */ - kTryAuthenticate /* try to authenticate, but not an error - * if client doesn't have a cert */ -} SSLAuthenticate; - -OSStatus -SSLSetClientSideAuthenticate (SSLContextRef context, - SSLAuthenticate auth); - -/* - * Add a DER-encoded dinstiguished name to list of acceptable names - * to be specified in requests for client certificates. - */ -OSStatus -SSLAddDistinguishedName (SSLContextRef context, - const void *derDN, - size_t derDNLen); - -/* - * Obtain client certificate exhange status. Can be called - * any time. Reflects the *last* client certificate state change; - * subsequent to a renegotiation attempt by either peer, the state - * is reset to kSSLClientCertNone. - */ -OSStatus -SSLGetClientCertificateState (SSLContextRef context, - SSLClientCertificateState *clientState); - -/* - * Specify Diffie-Hellman parameters. Optional; if we are configured to allow - * for D-H ciphers and a D-H cipher is negotiated, and this function has not - * been called, a set of process-wide parameters will be calculated. However - * that can take a long time (30 seconds). - */ -OSStatus SSLSetDiffieHellmanParams (SSLContextRef context, - const void *dhParams, - size_t dhParamsLen); - -/* - * Return parameter block specified in SSLSetDiffieHellmanParams. - * Returned data is not copied and belongs to the SSLContextRef. - */ -OSStatus SSLGetDiffieHellmanParams (SSLContextRef context, - const void **dhParams, - size_t *dhParamsLen); -/* - * Enable/Disable RSA blinding. This feature thwarts a known timing - * attack to which RSA keys are vulnerable; enabling it is a tradeoff - * between performance and security. The default for RSA blinding is - * enabled. - */ -OSStatus SSLSetRsaBlinding (SSLContextRef context, - Boolean blinding); - -OSStatus SSLGetRsaBlinding (SSLContextRef context, - Boolean *blinding); - -/******************************* - ******** I/O Functions ******** - *******************************/ - -/* - * Note: depending on the configuration of the underlying I/O - * connection, all SSL I/O functions can return errSSLWouldBlock, - * indicating "not complete, nothing is wrong, except required - * I/O hasn't completed". Caller may need to repeat I/Os as necessary - * if the underlying connection has been configured to behave in - * a non-blocking manner. - */ - -/* - * Perform the SSL handshake. On successful return, session is - * ready for normal secure application I/O via SSLWrite and SSLRead. - * - * Interesting error returns: - * - * errSSLUnknownRootCert: Peer had a valid cert chain, but the root of - * the chain is unknown. - * - * errSSLNoRootCert: Peer had a cert chain which was not verifiable - * to a root cert. Handshake was aborted; peer's cert chain - * available via SSLGetPeerCertificates(). - * - * errSSLCertExpired: Peer's cert chain had one or more expired certs. - * - * errSSLXCertChainInvalid: Peer had an invalid cert chain (i.e., - * signature verification within the chain failed, or no certs - * were found). - * - * In all of the above errors, the handshake was aborted; peer's - * cert chain available via SSLGetPeerCertificates(). - * - * A return value of errSSLWouldBlock indicates that SSLHandshake has to be called - * again (and again and again until something else is returned). - */ -OSStatus -SSLHandshake (SSLContextRef context); - -/* - * Normal application-level read/write. On both of these, a errSSLWouldBlock - * return and a partially completed transfer - or even zero bytes transferred - - * are NOT mutually exclusive. - */ -OSStatus -SSLWrite (SSLContextRef context, - const void * data, - size_t dataLength, - size_t *processed); /* RETURNED */ - -/* - * data is mallocd by caller; available size specified in - * dataLength; actual number of bytes read returned in - * *processed. - */ -OSStatus -SSLRead (SSLContextRef context, - void * data, /* RETURNED */ - size_t dataLength, - size_t *processed); /* RETURNED */ - -/* - * Determine how much data the client can be guaranteed to - * obtain via SSLRead() without blocking or causing any low-level - * read operations to occur. - */ -OSStatus -SSLGetBufferedReadSize (SSLContextRef context, - size_t *bufSize); /* RETURNED */ - -/* - * Terminate current SSL session. - */ -OSStatus -SSLClose (SSLContextRef context); - -#ifdef __cplusplus -} -#endif - -#endif /* !_SECURITY_SECURETRANSPORT_H_ */ diff --git a/SecureTransport/appleCdsa.cpp b/SecureTransport/appleCdsa.cpp deleted file mode 100644 index 33c51b3b..00000000 --- a/SecureTransport/appleCdsa.cpp +++ /dev/null @@ -1,1617 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: appleCdsa.cpp - - Contains: interface between SSL and CDSA - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "sslContext.h" -#include "sslMemory.h" -#include "appleCdsa.h" -#include "sslUtils.h" -#include "sslDebug.h" -#include "sslBER.h" -#include "ModuleAttacher.h" - -#ifndef _SSL_KEYCHAIN_H_ -#include "sslKeychain.h" -#endif - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -/* X.509 includes, from cssmapi */ -#include /* x.509 function and type defs */ -#include -#include - -#pragma mark *** Utilities *** - -/* - * Set up a Raw symmetric key with specified algorithm and key bits. - */ -OSStatus sslSetUpSymmKey( - CSSM_KEY_PTR symKey, - CSSM_ALGORITHMS alg, - CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_BOOL copyKey, // true: copy keyData false: set by reference - uint8 *keyData, - uint32 keyDataLen) // in bytes -{ - OSStatus serr; - CSSM_KEYHEADER *hdr; - - memset(symKey, 0, sizeof(CSSM_KEY)); - if(copyKey) { - serr = stSetUpCssmData(&symKey->KeyData, keyDataLen); - if(serr) { - return serr; - } - memmove(symKey->KeyData.Data, keyData, keyDataLen); - } - else { - symKey->KeyData.Data = keyData; - symKey->KeyData.Length = keyDataLen; - } - - /* set up the header */ - hdr = &symKey->KeyHeader; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - hdr->AlgorithmId = alg; - hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY; - hdr->LogicalKeySizeInBits = keyDataLen * 8; - hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = keyUse; - hdr->WrapAlgorithmId = CSSM_ALGID_NONE; - return noErr; -} - -/* - * Free a CSSM_KEY - its CSP resources, KCItemRef, and the key itself. - */ -OSStatus sslFreeKey( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR *key, /* so we can null it out */ - #if ST_KC_KEYS_NEED_REF - SecKeychainRef *kcItem) - #else - void *kcItem) - #endif -{ - assert(key != NULL); - - if(*key != NULL) { - if(cspHand != 0) { - CSSM_FreeKey(cspHand, NULL, *key, CSSM_FALSE); - } - stAppFree(*key, NULL); // key mallocd by CL using our callback - *key = NULL; - } - #if ST_KC_KEYS_NEED_REF - if((kcItem != NULL) && (*kcItem != NULL)) { - KCReleaseItem(kcItem); /* does this NULL the referent? */ - *kcItem = NULL; - } - #endif - return noErr; -} - -/* - * Standard app-level memory functions required by CDSA. - */ -void * stAppMalloc (uint32 size, void *allocRef) { - return( malloc(size) ); -} -void stAppFree (void *mem_ptr, void *allocRef) { - free(mem_ptr); - return; -} -void * stAppRealloc (void *ptr, uint32 size, void *allocRef) { - return( realloc( ptr, size ) ); -} -void * stAppCalloc (uint32 num, uint32 size, void *allocRef) { - return( calloc( num, size ) ); -} - -/* - * Ensure there's a connection to ctx->cspHand. If there - * already is one, fine. - * Note that as of 12/18/00, we assume we're connected to - * all modules all the time (since we do an attachToAll() in - * SSLNewContext()). - */ -OSStatus attachToCsp(SSLContext *ctx) -{ - assert(ctx != NULL); - if(ctx->cspHand != 0) { - return noErr; - } - else { - return errSSLModuleAttach; - } -} - -/* - * Connect to TP, CL; reusable. - */ -OSStatus attachToCl(SSLContext *ctx) -{ - assert(ctx != NULL); - if(ctx->clHand != 0) { - return noErr; - } - else { - return errSSLModuleAttach; - } -} - -OSStatus attachToTp(SSLContext *ctx) -{ - assert(ctx != NULL); - if(ctx->tpHand != 0) { - return noErr; - } - else { - return errSSLModuleAttach; - } -} - -/* - * Convenience function - attach to CSP, CL, TP. Reusable. - */ -OSStatus attachToAll(SSLContext *ctx) -{ - CSSM_RETURN crtn; - - assert(ctx != NULL); - crtn = attachToModules(&ctx->cspHand, &ctx->clHand, &ctx->tpHand); - if(crtn) { - return errSSLModuleAttach; - } - else { - return noErr; - } -} - -OSStatus detachFromAll(SSLContext *ctx) -{ - #if 0 - /* No more, attachments are kept on a global basis */ - assert(ctx != NULL); - if(ctx->cspHand != 0) { - CSSM_ModuleDetach(ctx->cspHand); - ctx->cspHand = 0; - } - if(ctx->tpHand != 0) { - CSSM_ModuleDetach(ctx->tpHand); - ctx->tpHand = 0; - } - if(ctx->clHand != 0) { - CSSM_ModuleDetach(ctx->clHand); - ctx->clHand = 0; - } - #endif /* 0 */ - return noErr; -} - -/* - * Add a CSSM_ATTRIBUTE_RSA_BLINDING attribute to - * specified crypto context. - */ -static CSSM_RETURN sslAddBlindingAttr( - CSSM_CC_HANDLE ccHand) -{ - CSSM_CONTEXT_ATTRIBUTE newAttr; - CSSM_RETURN crtn; - - newAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING; - newAttr.AttributeLength = sizeof(uint32); - newAttr.Attribute.Uint32 = 1; - crtn = CSSM_UpdateContextAttributes(ccHand, 1, &newAttr); - if(crtn) { - stPrintCdsaError("CSSM_UpdateContextAttributes", crtn); - } - return crtn; -} - -/* Get CSP, key in CSSM format from a SecKeyRef */ -static OSStatus sslGetKeyParts( - SecKeyRef keyRef, - const CSSM_KEY **cssmKey, - CSSM_CSP_HANDLE *cspHand) -{ - OSStatus ortn = SecKeyGetCSSMKey(keyRef, cssmKey); - if(ortn) { - sslErrorLog("sslGetKeyParts: SecKeyGetCSSMKey err %d\n", - (int)ortn); - return ortn; - } - ortn = SecKeyGetCSPHandle(keyRef, cspHand); - if(ortn) { - sslErrorLog("sslGetKeyParts: SecKeyGetCSPHandle err %d\n", - (int)ortn); - } - return ortn; -} - -#pragma mark - -#pragma mark *** CSSM_DATA routines *** - -CSSM_DATA_PTR stMallocCssmData( - uint32 size) -{ - CSSM_DATA_PTR rtn = (CSSM_DATA_PTR)stAppMalloc(sizeof(CSSM_DATA), NULL); - - if(rtn == NULL) { - return NULL; - } - rtn->Length = size; - if(size == 0) { - rtn->Data = NULL; - } - else { - rtn->Data = (uint8 *)stAppMalloc(size, NULL); - } - return rtn; -} - -void stFreeCssmData( - CSSM_DATA_PTR data, - CSSM_BOOL freeStruct) -{ - if(data == NULL) { - return; - } - if(data->Data != NULL) { - stAppFree(data->Data, NULL); - data->Data = NULL; - } - data->Length = 0; - if(freeStruct) { - stAppFree(data, NULL); - } -} - -/* - * Ensure that indicated CSSM_DATA_PTR can handle 'length' bytes of data. - * Malloc the Data ptr if necessary. - */ -OSStatus stSetUpCssmData( - CSSM_DATA_PTR data, - uint32 length) -{ - assert(data != NULL); - if(data->Length == 0) { - data->Data = (uint8 *)stAppMalloc(length, NULL); - if(data->Data == NULL) { - return memFullErr; - } - } - else if(data->Length < length) { - sslErrorLog("stSetUpCssmData: length too small\n"); - return memFullErr; - } - data->Length = length; - return noErr; -} - -static OSStatus sslKeyToSigAlg( - const CSSM_KEY *cssmKey, - CSSM_ALGORITHMS &sigAlg) /* RETURNED */ - -{ - OSStatus ortn = noErr; - switch(cssmKey->KeyHeader.AlgorithmId) { - case CSSM_ALGID_RSA: - sigAlg = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_DSA: - sigAlg = CSSM_ALGID_DSA; - break; - default: - ortn = errSSLBadConfiguration; - break; - } - return ortn; -} - -#pragma mark - -#pragma mark *** Public CSP Functions *** - -/* - * Raw RSA/DSA sign/verify. - */ -OSStatus sslRawSign( - SSLContext *ctx, - SecKeyRef privKeyRef, - const UInt8 *plainText, - UInt32 plainTextLen, - UInt8 *sig, // mallocd by caller; RETURNED - UInt32 sigLen, // available - UInt32 *actualBytes) // RETURNED -{ - CSSM_CC_HANDLE sigHand = 0; - CSSM_RETURN crtn; - OSStatus serr; - CSSM_DATA sigData; - CSSM_DATA ptextData; - CSSM_CSP_HANDLE cspHand; - const CSSM_KEY *privKey; - const CSSM_ACCESS_CREDENTIALS *creds; - - assert(ctx != NULL); - if((privKeyRef == NULL) || - (plainText == NULL) || - (sig == NULL) || - (actualBytes == NULL)) { - sslErrorLog("sslRsaRawSign: bad arguments\n"); - return errSSLInternal; - } - *actualBytes = 0; - - /* Get CSP, signing key in CSSM format */ - serr = sslGetKeyParts(privKeyRef, &privKey, &cspHand); - if(serr) { - return serr; - } - assert(privKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); - - CSSM_ALGORITHMS sigAlg; - serr = sslKeyToSigAlg(privKey, sigAlg); - if(serr) { - return serr; - } - - /* - * Get default creds - * FIXME: per 3420180, this needs to allow app-specified creds via - * an new API - */ - serr = SecKeyGetCredentials(privKeyRef, - CSSM_ACL_AUTHORIZATION_SIGN, - kSecCredentialTypeDefault, - &creds); - if(serr) { - sslErrorLog("sslRawSign: SecKeyGetCredentials err %lu\n", serr); - return serr; - } - - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - creds, - privKey, - &sigHand); - if(crtn) { - stPrintCdsaError("CSSM_CSP_CreateSignatureContext (1)", crtn); - return errSSLCrypto; - } - - if((ctx->rsaBlindingEnable) && - (privKey->KeyHeader.AlgorithmId == CSSM_ALGID_RSA)) { - /* - * Turn on RSA blinding to defeat timing attacks - */ - crtn = sslAddBlindingAttr(sigHand); - if(crtn) { - return crtn; - } - } - - ptextData.Data = (uint8 *)plainText; - ptextData.Length = plainTextLen; - - /* caller better get this right, or the SignData will fail */ - sigData.Data = sig; - sigData.Length = sigLen; - - crtn = CSSM_SignData(sigHand, - &ptextData, - 1, - CSSM_ALGID_NONE, // digestAlg for raw sign - &sigData); - if(crtn) { - stPrintCdsaError("CSSM_SignData", crtn); - serr = errSSLCrypto; - } - else { - *actualBytes = sigData.Length; - serr = noErr; - } - if(sigHand != 0) { - CSSM_DeleteContext(sigHand); - } - return serr; -} - -OSStatus sslRawVerify( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - const UInt8 *plainText, - UInt32 plainTextLen, - const UInt8 *sig, - UInt32 sigLen) -{ - CSSM_CC_HANDLE sigHand = 0; - CSSM_RETURN crtn; - OSStatus serr; - CSSM_DATA sigData; - CSSM_DATA ptextData; - - assert(ctx != NULL); - if((pubKey == NULL) || - (cspHand == 0) || - (plainText == NULL) || - (sig == NULL)) { - sslErrorLog("sslRawVerify: bad arguments\n"); - return errSSLInternal; - } - - CSSM_ALGORITHMS sigAlg; - serr = sslKeyToSigAlg(pubKey, sigAlg); - if(serr) { - return serr; - } - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // passPhrase - pubKey, - &sigHand); - if(sigHand == 0) { - stPrintCdsaError("CSSM_CSP_CreateSignatureContext (2)", crtn); - return errSSLCrypto; - } - - ptextData.Data = (uint8 *)plainText; - ptextData.Length = plainTextLen; - sigData.Data = (uint8 *)sig; - sigData.Length = sigLen; - - crtn = CSSM_VerifyData(sigHand, - &ptextData, - 1, - CSSM_ALGID_NONE, // digestAlg - &sigData); - if(crtn) { - stPrintCdsaError("CSSM_VerifyData", crtn); - serr = errSSLCrypto; - } - else { - serr = noErr; - } - if(sigHand != 0) { - CSSM_DeleteContext(sigHand); - } - return serr; -} - -/* - * Encrypt/Decrypt - */ -OSStatus sslRsaEncrypt( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - const UInt8 *plainText, - UInt32 plainTextLen, - UInt8 *cipherText, // mallocd by caller; RETURNED - UInt32 cipherTextLen, // available - UInt32 *actualBytes) // RETURNED -{ - CSSM_DATA ctextData = {0, NULL}; - CSSM_DATA ptextData; - CSSM_DATA remData = {0, NULL}; - CSSM_CC_HANDLE cryptHand = 0; - OSStatus serr = errSSLInternal; - CSSM_RETURN crtn; - uint32 bytesMoved = 0; - CSSM_ACCESS_CREDENTIALS creds; - - assert(ctx != NULL); - assert(actualBytes != NULL); - *actualBytes = 0; - - if((pubKey == NULL) || (cspHand == 0)) { - sslErrorLog("sslRsaEncrypt: bad pubKey/cspHand\n"); - return errSSLInternal; - } - assert(pubKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PUBLIC_KEY); - - #if RSA_PUB_KEY_USAGE_HACK - ((CSSM_KEY_PTR)pubKey)->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT; - #endif - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - CSSM_ALGID_RSA, - &creds, - pubKey, - CSSM_PADDING_PKCS1, - &cryptHand); - if(crtn) { - stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn); - return errSSLCrypto; - } - ptextData.Data = (uint8 *)plainText; - ptextData.Length = plainTextLen; - - /* - * Have CSP malloc ciphertext - */ - crtn = CSSM_EncryptData(cryptHand, - &ptextData, - 1, - &ctextData, - 1, - &bytesMoved, - &remData); - if(crtn == CSSM_OK) { - /* - * ciphertext in both ctextData and remData; ensure it'll fit - * in caller's buf & copy - */ - if(bytesMoved > cipherTextLen) { - sslErrorLog("sslRsaEncrypt overflow; cipherTextLen %ld bytesMoved %ld\n", - cipherTextLen, bytesMoved); - serr = errSSLCrypto; - } - else { - UInt32 toMoveCtext; - UInt32 toMoveRem; - - *actualBytes = bytesMoved; - /* - * Snag valid data from ctextData - its length or bytesMoved, - * whichever is less - */ - if(ctextData.Length > bytesMoved) { - /* everything's in ctext */ - toMoveCtext = bytesMoved; - toMoveRem = 0; - } - else { - /* must be some in remData too */ - toMoveCtext = ctextData.Length; - toMoveRem = bytesMoved - toMoveCtext; // remainder - } - if(toMoveCtext) { - memmove(cipherText, ctextData.Data, toMoveCtext); - } - if(toMoveRem) { - memmove(cipherText + toMoveCtext, remData.Data, - toMoveRem); - } - serr = noErr; - } - } - else { - stPrintCdsaError("CSSM_EncryptData", crtn); - serr = errSSLCrypto; - } - if(cryptHand != 0) { - CSSM_DeleteContext(cryptHand); - } - - /* free data mallocd by CSP */ - stFreeCssmData(&ctextData, CSSM_FALSE); - stFreeCssmData(&remData, CSSM_FALSE); - return serr; -} - -OSStatus sslRsaDecrypt( - SSLContext *ctx, - SecKeyRef privKeyRef, - const UInt8 *cipherText, - UInt32 cipherTextLen, - UInt8 *plainText, // mallocd by caller; RETURNED - UInt32 plainTextLen, // available - UInt32 *actualBytes) // RETURNED -{ - CSSM_DATA ptextData = {0, NULL}; - CSSM_DATA ctextData; - CSSM_DATA remData = {0, NULL}; - CSSM_CC_HANDLE cryptHand = 0; - OSStatus serr = errSSLInternal; - CSSM_RETURN crtn; - uint32 bytesMoved = 0; - CSSM_CSP_HANDLE cspHand; - const CSSM_KEY *privKey; - const CSSM_ACCESS_CREDENTIALS *creds; - - assert(ctx != NULL); - assert(actualBytes != NULL); - *actualBytes = 0; - - if(privKeyRef == NULL) { - sslErrorLog("sslRsaDecrypt: bad privKey\n"); - return errSSLInternal; - } - - /* Get CSP, signing key in CSSM format */ - serr = sslGetKeyParts(privKeyRef, &privKey, &cspHand); - if(serr) { - return serr; - } - assert(privKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); - - /* - * Get default creds - * FIXME: per 3420180, this needs to allow app-specified creds via - * an new API - */ - serr = SecKeyGetCredentials(privKeyRef, - CSSM_ACL_AUTHORIZATION_DECRYPT, - kSecCredentialTypeDefault, - &creds); - if(serr) { - sslErrorLog("sslRsaDecrypt: SecKeyGetCredentials err %lu\n", serr); - return serr; - } - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - CSSM_ALGID_RSA, - creds, - privKey, - CSSM_PADDING_PKCS1, - &cryptHand); - if(crtn) { - stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn); - return errSSLCrypto; - } - ctextData.Data = (uint8 *)cipherText; - ctextData.Length = cipherTextLen; - - if((ctx->rsaBlindingEnable) && - (privKey->KeyHeader.AlgorithmId == CSSM_ALGID_RSA)) { - /* - * Turn on RSA blinding to defeat timing attacks - */ - crtn = sslAddBlindingAttr(cryptHand); - if(crtn) { - return crtn; - } - } - - /* - * Have CSP malloc plaintext - */ - crtn = CSSM_DecryptData(cryptHand, - &ctextData, - 1, - &ptextData, - 1, - &bytesMoved, - &remData); - if(crtn == CSSM_OK) { - /* - * plaintext in both ptextData and remData; ensure it'll fit - * in caller's buf & copy - */ - if(bytesMoved > plainTextLen) { - sslErrorLog("sslRsaDecrypt overflow; plainTextLen %ld bytesMoved %ld\n", - plainTextLen, bytesMoved); - serr = errSSLCrypto; - } - else { - UInt32 toMovePtext; - UInt32 toMoveRem; - - *actualBytes = bytesMoved; - /* - * Snag valid data from ptextData - its length or bytesMoved, - * whichever is less - */ - if(ptextData.Length > bytesMoved) { - /* everything's in ptext */ - toMovePtext = bytesMoved; - toMoveRem = 0; - } - else { - /* must be some in remData too */ - toMovePtext = ptextData.Length; - toMoveRem = bytesMoved - toMovePtext; // remainder - } - if(toMovePtext) { - memmove(plainText, ptextData.Data, toMovePtext); - } - if(toMoveRem) { - memmove(plainText + toMovePtext, remData.Data, - toMoveRem); - } - serr = noErr; - } - } - else { - stPrintCdsaError("CSSM_DecryptData", crtn); - serr = errSSLCrypto; - } - if(cryptHand != 0) { - CSSM_DeleteContext(cryptHand); - } - - /* free data mallocd by CSP */ - stFreeCssmData(&ptextData, CSSM_FALSE); - stFreeCssmData(&remData, CSSM_FALSE); - return serr; -} - -/* - * Obtain size of key in bytes. - */ -UInt32 sslKeyLengthInBytes(const CSSM_KEY *key) -{ - assert(key != NULL); - return (((key->KeyHeader.LogicalKeySizeInBits) + 7) / 8); -} - -/* - * Obtain maximum size of signature in bytes. A bit of a kludge; we could - * ask the CSP to do this but that would be kind of expensive. - */ -OSStatus sslGetMaxSigSize( - const CSSM_KEY *privKey, - UInt32 &maxSigSize) -{ - OSStatus ortn = noErr; - assert(privKey != NULL); - assert(privKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); - switch(privKey->KeyHeader.AlgorithmId) { - case CSSM_ALGID_RSA: - maxSigSize = sslKeyLengthInBytes(privKey); - break; - case CSSM_ALGID_DSA: - { - /* DSA sig is DER sequence of two 160-bit integers */ - UInt32 sizeOfOneInt; - sizeOfOneInt = (160 / 8) + // the raw contents - 1 + // possible leading zero - 2; // tag + length (assume DER, not BER) - maxSigSize = (2 * sizeOfOneInt) + 5; - break; - } - default: - ortn = errSSLBadConfiguration; - break; - } - return ortn; -} -/* - * Get raw key bits from an RSA public key. - */ -OSStatus sslGetPubKeyBits( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - SSLBuffer *modulus, // data mallocd and RETURNED - SSLBuffer *exponent) // data mallocd and RETURNED -{ - CSSM_KEY wrappedKey; - CSSM_BOOL didWrap = CSSM_FALSE; - const CSSM_KEYHEADER *hdr; - SSLBuffer pubKeyBlob; - OSStatus srtn; - - assert(ctx != NULL); - assert(modulus != NULL); - assert(exponent != NULL); - assert(pubKey != NULL); - - hdr = &pubKey->KeyHeader; - if(hdr->KeyClass != CSSM_KEYCLASS_PUBLIC_KEY) { - sslErrorLog("sslGetPubKeyBits: bad keyClass (%ld)\n", hdr->KeyClass); - return errSSLInternal; - } - if(hdr->AlgorithmId != CSSM_ALGID_RSA) { - sslErrorLog("sslGetPubKeyBits: bad AlgorithmId (%ld)\n", hdr->AlgorithmId); - return errSSLInternal; - } - - /* Note currently ALL public keys are raw, obtained from the CL... */ - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - - /* - * Handle possible reference format - I think it should be in - * blob form since it came from the DL, but conversion is - * simple. - */ - switch(hdr->BlobType) { - case CSSM_KEYBLOB_RAW: - /* easy case */ - CSSM_TO_SSLBUF(&pubKey->KeyData, &pubKeyBlob); - break; - - case CSSM_KEYBLOB_REFERENCE: - - sslErrorLog("sslGetPubKeyBits: bad BlobType (%ld)\n", - hdr->BlobType); - return errSSLInternal; - - #if 0 - /* - * Convert to a blob via "NULL wrap"; no wrapping key, - * ALGID_NONE - */ - srtn = attachToCsp(ctx); - if(srtn) { - return srtn; - } - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(ctx->cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, // creds - pubKey, - NULL, // InitVector - CSSM_PADDING_NONE, - 0, // reserved - &ccHand); - if(crtn) { - stPrintCdsaError("sslGetPubKeyBits: CreateSymmetricContext failure", crtn); - return errSSLCrypto; - } - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - crtn = CSSM_WrapKey(ccHand, - &creds, - pubKey, - NULL, // descriptiveData - &wrappedKey); - CSSM_DeleteContext(ccHand); - if(crtn) { - stPrintCdsaError("CSSM_WrapKey", crtn); - return errSSLCrypto; - } - hdr = &wrappedKey.KeyHeader; - if(hdr->BlobType != CSSM_KEYBLOB_RAW) { - sslErrorLog("sslGetPubKeyBits: bad BlobType (%ld) after WrapKey\n", - hdr->BlobType); - return errSSLCrypto; - } - didWrap = CSSM_TRUE; - CSSM_TO_SSLBUF(&wrappedKey.KeyData, &pubKeyBlob); - break; - #endif /* 0 */ - - default: - sslErrorLog("sslGetPubKeyBits: bad BlobType (%ld)\n", - hdr->BlobType); - return errSSLInternal; - - } /* switch BlobType */ - - assert(hdr->BlobType == CSSM_KEYBLOB_RAW); - srtn = sslDecodeRsaBlob(&pubKeyBlob, modulus, exponent); - if(didWrap) { - CSSM_FreeKey(ctx->cspHand, NULL, &wrappedKey, CSSM_FALSE); - } - return srtn; -} - -/* - * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in - * Server-initiated key exchange. - */ -OSStatus sslGetPubKeyFromBits( - SSLContext *ctx, - const SSLBuffer *modulus, - const SSLBuffer *exponent, - CSSM_KEY_PTR *pubKey, // mallocd and RETURNED - CSSM_CSP_HANDLE *cspHand) // RETURNED -{ - CSSM_KEY_PTR key = NULL; - OSStatus serr; - SSLBuffer blob; - CSSM_KEYHEADER_PTR hdr; - CSSM_KEY_SIZE keySize; - CSSM_RETURN crtn; - - assert((ctx != NULL) && (modulus != NULL) && (exponent != NULL)); - assert((pubKey != NULL) && (cspHand != NULL)); - - *pubKey = NULL; - *cspHand = 0; - - serr = attachToCsp(ctx); - if(serr) { - return serr; - } - serr = sslEncodeRsaBlob(modulus, exponent, &blob); - if(serr) { - return serr; - } - - /* the rest is boilerplate, cook up a good-looking public key */ - key = (CSSM_KEY_PTR)sslMalloc(sizeof(CSSM_KEY)); - if(key == NULL) { - return memFullErr; - } - memset(key, 0, sizeof(CSSM_KEY)); - hdr = &key->KeyHeader; - - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - /* key_ptr->KeyHeader.CspId is unknown (remains 0) */ - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->AlgorithmId = CSSM_ALGID_RSA; - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - hdr->KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - /* comply with ASA requirements */ - hdr->KeyUsage = CSSM_KEYUSE_VERIFY; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - /* key_ptr->KeyHeader.StartDate is unknown (remains 0) */ - /* key_ptr->KeyHeader.EndDate is unknown (remains 0) */ - hdr->WrapAlgorithmId = CSSM_ALGID_NONE; - hdr->WrapMode = CSSM_ALGMODE_NONE; - - /* blob->data was mallocd by sslEncodeRsaBlob, pass it over to - * actual key */ - SSLBUF_TO_CSSM(&blob, &key->KeyData); - - /* - * Get keySizeInBits. This also serves to validate the key blob - * we just cooked up. - */ - crtn = CSSM_QueryKeySizeInBits(ctx->cspHand, CSSM_INVALID_HANDLE, key, &keySize); - if(crtn) { - stPrintCdsaError("sslGetPubKeyFromBits: QueryKeySizeInBits\n", crtn); - serr = errSSLCrypto; - goto abort; - } - - /* success */ - hdr->LogicalKeySizeInBits = keySize.EffectiveKeySizeInBits; - *pubKey = key; - *cspHand = ctx->cspHand; - return noErr; - -abort: - /* note this frees the blob */ - sslFreeKey(ctx->cspHand, &key, NULL); - return serr; -} - -#pragma mark - -#pragma mark *** Public Certificate Functions *** - -/* - * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR. - * Caller must CSSM_FreeKey and free the CSSM_KEY_PTR itself. - * - * For now, the returned cspHand is a copy of ctx->cspHand, so it - * doesn't have to be detached later - this may change. - * - * Update: since CSSM_CL_CertGetKeyInfo() doesn't provide a means for - * us to tell the CL what CSP to use, we really have no way of knowing - * what is going on here...we return the process-wide (bare) cspHand, - * which is currently always able to deal with this raw public key. - */ -OSStatus sslPubKeyFromCert( - SSLContext *ctx, - const SSLBuffer &derCert, - CSSM_KEY_PTR *pubKey, // RETURNED - CSSM_CSP_HANDLE *cspHand) // RETURNED -{ - OSStatus serr; - CSSM_DATA certData; - CSSM_RETURN crtn; - - assert(ctx != NULL); - assert(pubKey != NULL); - assert(cspHand != NULL); - - *pubKey = NULL; - *cspHand = 0; - - serr = attachToCl(ctx); - if(serr) { - return serr; - } - serr = attachToCsp(ctx); - if(serr) { - return serr; - } - SSLBUF_TO_CSSM(&derCert, &certData); - crtn = CSSM_CL_CertGetKeyInfo(ctx->clHand, &certData, pubKey); - if(crtn) { - return errSSLBadCert; - } - else { - *cspHand = ctx->cspHand; - return noErr; - } -} - -/* - * Release each element in a CFArray. - */ -static void sslReleaseArray( - CFArrayRef a) -{ - CFIndex num = CFArrayGetCount(a); - for(CFIndex dex=0; dextrustedCerts. - * - * If arePeerCerts is true, host name verification is enabled and we - * save the resulting SecTrustRef in ctx->peerSecTrust. Otherwise - * we're just validating our own certs; no host name checking and - * peerSecTrust is transient. - */ - OSStatus sslVerifyCertChain( - SSLContext *ctx, - const SSLCertificate &certChain, - bool arePeerCerts /* = true */) -{ - UInt32 numCerts; - int i; - OSStatus serr; - SSLCertificate *c = (SSLCertificate *)&certChain; - CSSM_RETURN crtn; - CSSM_APPLE_TP_SSL_OPTIONS sslOpts; - CSSM_APPLE_TP_ACTION_DATA tpActionData; - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - CFDataRef actionData = NULL; - CSSM_DATA sslOptsData; - CFMutableArrayRef anchors = NULL; - SecCertificateRef cert; // only lives in CFArrayRefs - SecTrustResultType secTrustResult; - CFMutableArrayRef kcList = NULL; - SecTrustRef theTrust = NULL; - - if(ctx->peerSecTrust && arePeerCerts) { - /* renegotiate - start with a new SecTrustRef */ - CFRelease(ctx->peerSecTrust); - ctx->peerSecTrust = NULL; - } - - numCerts = SSLGetCertificateChainLength(&certChain); - if(numCerts == 0) { - /* nope */ - return errSSLBadCert; - } - - /* - * SSLCertificate chain --> CFArrayRef of SecCertificateRefs. - * TP Cert group has root at the end, opposite of - * SSLCertificate chain. - */ - CFMutableArrayRef certGroup = CFArrayCreateMutable(NULL, numCerts, - &kCFTypeArrayCallBacks); - if(certGroup == NULL) { - return memFullErr; - } - /* subsequent errors to errOut: */ - - for(i=numCerts-1; i>=0; i--) { - CSSM_DATA cdata; - SSLBUF_TO_CSSM(&c->derCert, &cdata); - serr = SecCertificateCreateFromData(&cdata, CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_DER, &cert); - if(serr) { - goto errOut; - } - /* - * Can't set a value at index i when there is an empty element - * at i=1! - */ - secdebug("sslcert", "Adding cert %p", cert); - CFArrayInsertValueAtIndex(certGroup, 0, cert); - c = c->next; - } - - /* - * Cook up an SSL-specific SecPolicyRef. This will persists as part - * of the SecTrustRef object we'll be creating. - */ - serr = SecPolicySearchCreate(CSSM_CERT_X_509v3, - &CSSMOID_APPLE_TP_SSL, - NULL, - &policySearch); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecPolicySearchCreate rtn %d\n", - (int)serr); - goto errOut; - } - serr = SecPolicySearchCopyNext(policySearch, &policy); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecPolicySearchCopyNext rtn %d\n", - (int)serr); - goto errOut; - } - sslOpts.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION; - if(arePeerCerts) { - sslOpts.ServerNameLen = ctx->peerDomainNameLen; - sslOpts.ServerName = ctx->peerDomainName; - } - else { - sslOpts.ServerNameLen = 0; - sslOpts.ServerName = NULL; - } - sslOptsData.Data = (uint8 *)&sslOpts; - sslOptsData.Length = sizeof(sslOpts); - serr = SecPolicySetValue(policy, &sslOptsData); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecPolicySetValue rtn %d\n", - (int)serr); - goto errOut; - } - - /* now a SecTrustRef */ - serr = SecTrustCreateWithCertificates(certGroup, policy, &theTrust); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustCreateWithCertificates " - "rtn %d\n", (int)serr); - goto errOut; - } - - /* anchors - default, or ours? */ - if(ctx->numTrustedCerts != 0) { - anchors = CFArrayCreateMutable(NULL, ctx->numTrustedCerts, - &kCFTypeArrayCallBacks); - if(anchors == NULL) { - serr = memFullErr; - goto errOut; - } - for(i=0; i<(int)ctx->numTrustedCerts; i++) { - serr = SecCertificateCreateFromData(&ctx->trustedCerts[i], - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &cert); - if(serr) { - goto errOut; - } - secdebug("sslcert", "Adding cert %p", cert); - CFArraySetValueAtIndex(anchors, i, cert); - } - serr = SecTrustSetAnchorCertificates(theTrust, anchors); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustSetAnchorCertificates " - "rtn %d\n", (int)serr); - goto errOut; - } - } - tpActionData.Version = CSSM_APPLE_TP_ACTION_VERSION; - tpActionData.ActionFlags = 0; - if(ctx->allowExpiredCerts) { - tpActionData.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED; - } - if(ctx->allowExpiredRoots) { - tpActionData.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT; - } - actionData = CFDataCreate(NULL, (UInt8 *)&tpActionData, sizeof(tpActionData)); - - serr = SecTrustSetParameters(theTrust, CSSM_TP_ACTION_DEFAULT, - actionData); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustSetParameters rtn %d\n", - (int)serr); - goto errOut; - } - - #if 0 - /* Disabled for Radar 3421314 */ - /* - * Avoid searching user keychains for intermediate certs by specifying - * an empty array of keychains - */ - kcList = CFArrayCreateMutable(NULL, 0, NULL); - if(kcList == NULL) { - sslErrorLog("***sslVerifyCertChain: error creating null kcList\n"); - serr = memFullErr; - goto errOut; - } - serr = SecTrustSetKeychains(theTrust, kcList); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustSetKeychains rtn %d\n", - (int)serr); - goto errOut; - } - #endif - - /* - * Save this no matter what if we're evaluating peer certs. - * We do a retain here so we can unconditionally release theTrust - * at the end of this routine in case of previous error or - * !arePeerCerts. - */ - if(arePeerCerts) { - ctx->peerSecTrust = theTrust; - CFRetain(theTrust); - } - - if(!ctx->enableCertVerify) { - /* trivial case, this is caller's responsibility */ - serr = noErr; - goto errOut; - } - - /* - * Here we go; hand it over to SecTrust/TP. - */ - serr = SecTrustEvaluate(theTrust, &secTrustResult); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustEvaluate rtn %d\n", - (int)serr); - goto errOut; - } - switch(secTrustResult) { - case kSecTrustResultUnspecified: - /* cert chain valid, no special UserTrust assignments */ - case kSecTrustResultProceed: - /* cert chain valid AND user explicitly trusts this */ - crtn = CSSM_OK; - break; - case kSecTrustResultDeny: - case kSecTrustResultConfirm: - /* - * Cert chain may well have verified OK, but user has flagged - * one of these certs as untrustable. - */ - crtn = CSSMERR_TP_NOT_TRUSTED; - break; - default: - { - OSStatus osCrtn; - serr = SecTrustGetCssmResultCode(theTrust, &osCrtn); - if(serr) { - sslErrorLog("***sslVerifyCertChain: SecTrustGetCssmResultCode" - " rtn %d\n", (int)serr); - goto errOut; - } - crtn = osCrtn; - } - } - if(crtn) { - /* get some detailed error info */ - switch(crtn) { - case CSSMERR_TP_INVALID_ANCHOR_CERT: - /* root found but we don't trust it */ - if(ctx->allowAnyRoot) { - serr = noErr; - sslErrorLog("***Warning: accepting unknown root cert\n"); - } - else { - serr = errSSLUnknownRootCert; - } - break; - case CSSMERR_TP_NOT_TRUSTED: - /* no root, not even in implicit SSL roots */ - if(ctx->allowAnyRoot) { - sslErrorLog("***Warning: accepting unverified cert chain\n"); - serr = noErr; - } - else { - serr = errSSLNoRootCert; - } - break; - case CSSMERR_TP_CERT_EXPIRED: - assert(!ctx->allowExpiredCerts); - serr = errSSLCertExpired; - break; - case CSSMERR_TP_CERT_NOT_VALID_YET: - serr = errSSLCertNotYetValid; - break; - default: - stPrintCdsaError("sslVerifyCertChain: SecTrustEvaluate returned", - crtn); - serr = errSSLXCertChainInvalid; - break; - } - } /* SecTrustEvaluate error */ - -errOut: - /* - * Free up resources - certGroup, policy, etc. Note that most of these - * will actually persist as long as the current SSLContext does since - * peerSecTrust holds references to these. - */ - if(policy) { - CFRelease(policy); - } - if(policySearch) { - CFRelease(policySearch); - } - if(actionData) { - CFRelease(actionData); - } - if(anchors) { - sslReleaseArray(anchors); - CFRelease(anchors); - } - if(certGroup) { - sslReleaseArray(certGroup); - CFRelease(certGroup); - } - if(kcList) { - /* empty, no contents to release */ - CFRelease(kcList); - } - if(theTrust) { - CFRelease(theTrust); - } - return serr; -} - -#ifndef NDEBUG -void stPrintCdsaError(const char *op, CSSM_RETURN crtn) -{ - cssmPerror(op, crtn); -} - -char *stCssmErrToStr(CSSM_RETURN err) -{ - string errStr = cssmErrorString(err); - return const_cast(errStr.c_str()); -} -#endif - -#pragma mark - -#pragma mark *** Diffie-Hellman support *** - -/* - * Generate a Diffie-Hellman key pair. Algorithm parameters always - * come from the server, so on client side we have the parameters - * as two SSLBuffers. On server side we have the pre-encoded block - * which comes from ServerDhParams. - */ -OSStatus sslDhGenKeyPairClient( - SSLContext *ctx, - const SSLBuffer &prime, - const SSLBuffer &generator, - CSSM_KEY_PTR publicKey, // RETURNED - CSSM_KEY_PTR privateKey) // RETURNED -{ - assert((prime.data != NULL) && (generator.data != NULL)); - if(prime.data && !generator.data) { - return errSSLProtocol; - } - if(!prime.data && generator.data) { - return errSSLProtocol; - } - - SSLBuffer sParam; - OSStatus ortn = sslEncodeDhParams(&prime, &generator, &sParam); - if(ortn) { - sslErrorLog("***sslDhGenerateKeyPairClient: DH param error\n"); - return ortn; - } - ortn = sslDhGenerateKeyPair(ctx, sParam, prime.length * 8, publicKey, privateKey); - SSLFreeBuffer(sParam, ctx); - return ortn; -} - -OSStatus sslDhGenerateKeyPair( - SSLContext *ctx, - const SSLBuffer ¶mBlob, - UInt32 keySizeInBits, - CSSM_KEY_PTR publicKey, // RETURNED - CSSM_KEY_PTR privateKey) // RETURNED -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHandle; - CSSM_DATA labelData = {8, (uint8 *)"tempKey"}; - OSStatus ortn = noErr; - CSSM_DATA cParamBlob; - - assert(ctx != NULL); - assert(ctx->cspHand != 0); - - memset(publicKey, 0, sizeof(CSSM_KEY)); - memset(privateKey, 0, sizeof(CSSM_KEY)); - SSLBUF_TO_CSSM(¶mBlob, &cParamBlob); - - crtn = CSSM_CSP_CreateKeyGenContext(ctx->cspHand, - CSSM_ALGID_DH, - keySizeInBits, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - &cParamBlob, - &ccHandle); - if(crtn) { - stPrintCdsaError("DH CSSM_CSP_CreateKeyGenContext", crtn); - return errSSLCrypto; - } - - crtn = CSSM_GenerateKeyPair(ccHandle, - CSSM_KEYUSE_DERIVE, // only legal use of a Diffie-Hellman key - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, - &labelData, - publicKey, - /* private key specification */ - CSSM_KEYUSE_DERIVE, - CSSM_KEYATTR_RETURN_REF, - &labelData, // same labels - NULL, // CredAndAclEntry - privateKey); - if(crtn) { - stPrintCdsaError("DH CSSM_GenerateKeyPair", crtn); - ortn = errSSLCrypto; - } - CSSM_DeleteContext(ccHandle); - return ortn; -} - -/* - * Perform Diffie-Hellman key exchange. - * Valid on entry: - * ctx->dhPrivate - * ctx->dhPeerPublic - * - * This generates deriveSizeInBits of key-exchanged data. - */ - -/* the alg isn't important; we just want to be able to cook up lots of bits */ -#define DERIVE_KEY_ALG CSSM_ALGID_RC5 -#define DERIVE_KEY_MAX_BYTES 255 - -OSStatus sslDhKeyExchange( - SSLContext *ctx, - uint32 deriveSizeInBits, - SSLBuffer *exchanged) -{ - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHandle; - CSSM_DATA labelData = {8, (uint8 *)"tempKey"}; - CSSM_KEY derivedKey; - OSStatus ortn = noErr; - - assert(ctx != NULL); - assert(ctx->cspHand != 0); - assert(ctx->dhPrivate != NULL); - if(ctx->dhPeerPublic.length == 0) { - /* comes from peer, don't panic */ - sslErrorLog("cdsaDhKeyExchange: null peer public key\n"); - return errSSLProtocol; - } - if(deriveSizeInBits > (DERIVE_KEY_MAX_BYTES * 8)) { - sslErrorLog("cdsaDhKeyExchange: deriveSizeInBits %u bits\n", - (unsigned)deriveSizeInBits); - return errSSLProtocol; - } - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - memset(&derivedKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateDeriveKeyContext(ctx->cspHand, - CSSM_ALGID_DH, - DERIVE_KEY_ALG, - deriveSizeInBits, - &creds, - ctx->dhPrivate, // BaseKey - 0, // IterationCount - 0, // Salt - 0, // Seed - &ccHandle); - if(crtn) { - stPrintCdsaError("DH CSSM_CSP_CreateDeriveKeyContext", crtn); - return errSSLCrypto; - } - - /* public key passed in as CSSM_DATA *Param */ - CSSM_DATA theirPubKeyData; - SSLBUF_TO_CSSM(&ctx->dhPeerPublic, &theirPubKeyData); - - crtn = CSSM_DeriveKey(ccHandle, - &theirPubKeyData, - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, - &labelData, - NULL, // cread/acl - &derivedKey); - if(crtn) { - stPrintCdsaError("DH CSSM_DeriveKey", crtn); - ortn = errSSLCrypto; - } - else { - CSSM_TO_SSLBUF(&derivedKey.KeyData, exchanged); - } - CSSM_DeleteContext(ccHandle); - return ortn; -} - -/* - * After ciphersuite negotiation is complete, verify that we have - * the capability of actually performing the negotiated cipher. - * Currently we just verify that we have a cert and private signing - * key, if needed, and that the signing key's algorithm matches the - * expected key exchange method. - * This is currnetly only called from FindCipherSpec(), after - * it sets ctx->selectedCipherSpec to a (supposedly) valid value. - */ -OSStatus sslVerifyNegotiatedCipher( - SSLContext *ctx) -{ - if(ctx->protocolSide == SSL_ClientSide) { - return noErr; - } - CSSM_ALGORITHMS requireAlg = CSSM_ALGID_NONE; - - switch (ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - case SSL_DH_RSA: - case SSL_DH_RSA_EXPORT: - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - requireAlg = CSSM_ALGID_RSA; - break; - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - case SSL_DH_DSS: - case SSL_DH_DSS_EXPORT: - requireAlg = CSSM_ALGID_DSA; - break; - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - /* CSSM_ALGID_NONE, no signing key */ - break; - default: - /* needs update per cipherSpecs.cpp */ - assert(0); - return errSSLInternal; - } - if(requireAlg == CSSM_ALGID_NONE) { - return noErr; - } - - /* private signing key required */ - if(ctx->signingPrivKeyRef == NULL) { - sslErrorLog("sslVerifyNegotiatedCipher: no signing key\n"); - return errSSLBadConfiguration; - } - { - const CSSM_KEY *cssmKey; - OSStatus ortn = SecKeyGetCSSMKey(ctx->signingPrivKeyRef, &cssmKey); - if(ortn) { - sslErrorLog("sslVerifyNegotiatedCipher: SecKeyGetCSSMKey err %d\n", - (int)ortn); - return ortn; - } - if(cssmKey->KeyHeader.AlgorithmId != requireAlg) { - sslErrorLog("sslVerifyNegotiatedCipher: signing key alg mismatch\n"); - return errSSLBadConfiguration; - } - } - return noErr; -} - diff --git a/SecureTransport/appleSession.cpp b/SecureTransport/appleSession.cpp deleted file mode 100644 index e0293155..00000000 --- a/SecureTransport/appleSession.cpp +++ /dev/null @@ -1,500 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: appleSession.cpp - - Contains: Session storage module, Apple CDSA version. - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -/* - * The current implementation stores sessions in a deque<>, a member of a - * SessionCache object for which we keep a ModuleNexus-ized instance. It is - * expected that at a given time, only a small number of sessions will be - * cached, so the random insertion access provided by a map<> is unnecessary. - * New entries are placed in the head of the queue, assuming a LIFO usage - * tendency. - * - * Entries in this cache have a time to live of SESSION_CACHE_TTL, currently - * ten minutes. Entries are tested for being stale upon lookup; also, the global - * sslCleanupSession() tests all entries in the cache, deleting entries which - * are stale. This function is currently called whenever an SSLContext is deleted. - * The current design does not provide any asynchronous timed callouts to perform - * further cache cleanup; it was decided that the thread overhead of this would - * outweight the benefits (again assuming a small number of entries in the - * cache). - * - * When a session is added via sslAddSession, and a cache entry already - * exists for the specifed key (sessionID), the sessionData for the existing - * cache entry is updated with the new sessionData. The entry's expiration - * time is unchanged (thus a given session entry can only be used for a finite - * time no mattter how often it is re-used), - */ - -#include "ssl.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "appleSession.h" - -#include - -#include -#include -#include -#include -#include - -/* time-to-live in cache, in seconds */ -#define QUICK_CACHE_TEST 0 -#if QUICK_CACHE_TEST -#define SESSION_CACHE_TTL ((int)5) -#else -#define SESSION_CACHE_TTL ((int)(10 * 60)) -#endif /* QUICK_CACHE_TEST */ - -#define CACHE_PRINT 0 -#if CACHE_PRINT -#define DUMP_ALL_CACHE 0 - -static void cachePrint( - const SSLBuffer *key, - const SSLBuffer *data) -{ - unsigned char *kd = key->data; - if(data != NULL) { - unsigned char *dd = data->data; - printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X" - " data: %02X%02X%02X%02X... (len %d)\n", - kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7], - dd[0],dd[1],dd[2],dd[3], (unsigned)data->length); - } - else { - /* just print key */ - printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X\n", - kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7]); - } -} -#else /* !CACHE_PRINT */ -#define cachePrint(k, d) -#define DUMP_ALL_CACHE 0 -#endif /* CACHE_PRINT */ - -#if DUMP_ALL_CACHE -static void dumpAllCache(); -#else -#define dumpAllCache() -#endif - -/* - * One entry (value) in SessionCache. - */ -class SessionCacheEntry { -public: - /* - * This constructor, the only one, allocs copies of the key and value - * SSLBuffers. - */ - SessionCacheEntry( - const SSLBuffer &key, - const SSLBuffer &sessionData, - const Time::Absolute &expirationTime); - ~SessionCacheEntry(); - - /* basic lookup/match function */ - bool matchKey(const SSLBuffer &key) const; - - /* has this expired? */ - bool isStale(); // calculates "now" - bool isStale(const Time::Absolute &now); // when you know it - - /* key/data accessors */ - SSLBuffer &key() { return mKey; } - SSLBuffer &sessionData() { return mSessionData; } - - /* replace existing mSessionData */ - OSStatus sessionData(const SSLBuffer &data); - -private: - SSLBuffer mKey; - SSLBuffer mSessionData; - - /* this entry to be removed from session map at this time */ - Time::Absolute mExpiration; -}; - -/* - * Note: the caller passes in the expiration time solely to accomodate the - * instantiation of a single const Time::Interval for use in calculating - * TTL. This const, SessionCache.mTimeToLive, is in the singleton gSession Cache. - */ -SessionCacheEntry::SessionCacheEntry( - const SSLBuffer &key, - const SSLBuffer &sessionData, - const Time::Absolute &expirationTime) - : mExpiration(expirationTime) -{ - OSStatus serr; - - serr = SSLCopyBuffer(key, mKey); - if(serr) { - throw runtime_error("memory error"); - } - serr = SSLCopyBuffer(sessionData, mSessionData); - if(serr) { - throw runtime_error("memory error"); - } - sslLogSessCacheDebug("SessionCacheEntry(buf,buf) this %p", this); - mExpiration += Time::Interval(SESSION_CACHE_TTL); -} - -SessionCacheEntry::~SessionCacheEntry() -{ - sslLogSessCacheDebug("~SessionCacheEntry() this %p", this); - SSLFreeBuffer(mKey, NULL); // no SSLContext - SSLFreeBuffer(mSessionData, NULL); -} - -/* basic lookup/match function */ -bool SessionCacheEntry::matchKey(const SSLBuffer &key) const -{ - if(key.length != mKey.length) { - return false; - } - if((key.data == NULL) || (mKey.data == NULL)) { - return false; - } - return (memcmp(key.data, mKey.data, mKey.length) == 0); -} - -/* has this expired? */ -bool SessionCacheEntry::isStale() -{ - return isStale(Time::now()); -} - -bool SessionCacheEntry::isStale(const Time::Absolute &now) -{ - if(now > mExpiration) { - return true; - } - else { - return false; - } -} - -/* replace existing mSessionData */ -OSStatus SessionCacheEntry::sessionData( - const SSLBuffer &data) -{ - SSLFreeBuffer(mSessionData, NULL); - return SSLCopyBuffer(data, mSessionData); -} - -/* Types for the actual deque and its iterator */ -typedef std::deque SessionCacheType; -typedef SessionCacheType::iterator SessionCacheIter; - -/* - * Global map and associated state. We maintain a singleton of this. - */ -class SessionCache -{ -public: - SessionCache() - : mTimeToLive(SESSION_CACHE_TTL) {} - ~SessionCache(); - - /* these correspond to the C functions exported by this file */ - OSStatus addEntry( - const SSLBuffer sessionKey, - const SSLBuffer sessionData); - OSStatus lookupEntry( - const SSLBuffer sessionKey, - SSLBuffer *sessionData); - OSStatus deleteEntry( - const SSLBuffer sessionKey); - - /* cleanup, delete stale entries */ - bool cleanup(); - SessionCacheType &sessMap() { return mSessionCache; } - -private: - SessionCacheIter lookupPriv( - const SSLBuffer *sessionKey); - void deletePriv( - const SSLBuffer *sessionKey); - SessionCacheIter deletePriv( - SessionCacheIter iter); - SessionCacheType mSessionCache; - Mutex mSessionLock; - const Time::Interval mTimeToLive; -}; - -SessionCache::~SessionCache() -{ - /* free all entries */ - StLock _(mSessionLock); - for(SessionCacheIter iter = mSessionCache.begin(); iter != mSessionCache.end(); ) { - iter = deletePriv(iter); - } -} - -/* these three correspond to the C functions exported by this file */ -OSStatus SessionCache::addEntry( - const SSLBuffer sessionKey, - const SSLBuffer sessionData) -{ - StLock _(mSessionLock); - - SessionCacheIter existIter = lookupPriv(&sessionKey); - if(existIter != mSessionCache.end()) { - /* cache hit - just update this entry's sessionData if necessary */ - /* Note we leave expiration time and position in deque unchanged - OK? */ - SessionCacheEntry *existEntry = *existIter; - SSLBuffer &existBuf = existEntry->sessionData(); - if((existBuf.length == sessionData.length) && - (memcmp(existBuf.data, sessionData.data, sessionData.length) == 0)) { - /* - * These usually match, and a memcmp is a lot cheaper than - * a malloc and a free, hence this quick optimization..... - */ - sslLogSessCacheDebug("SessionCache::addEntry CACHE HIT " - "entry = %p", existEntry); - return noErr; - } - else { - sslLogSessCacheDebug("SessionCache::addEntry CACHE REPLACE " - "entry = %p", existEntry); - return existEntry->sessionData(sessionData); - } - } - - /* this allocs new copy of incoming sessionKey and sessionData */ - SessionCacheEntry *entry = new SessionCacheEntry(sessionKey, - sessionData, - Time::now() + mTimeToLive); - - sslLogSessCacheDebug("SessionCache::addEntry %p", entry); - cachePrint(&sessionKey, &sessionData); - dumpAllCache(); - - /* add to head of queue for LIFO caching */ - mSessionCache.push_front(entry); - assert(lookupPriv(&sessionKey) != mSessionCache.end()); - return noErr; -} - -OSStatus SessionCache::lookupEntry( - const SSLBuffer sessionKey, - SSLBuffer *sessionData) -{ - StLock _(mSessionLock); - - SessionCacheIter existIter = lookupPriv(&sessionKey); - if(existIter == mSessionCache.end()) { - return errSSLSessionNotFound; - } - SessionCacheEntry *entry = *existIter; - if(entry->isStale()) { - sslLogSessCacheDebug("SessionCache::lookupEntry %p: STALE " - "entry, deleting", entry); - cachePrint(&sessionKey, &entry->sessionData()); - deletePriv(existIter); - return errSSLSessionNotFound; - } - /* alloc/copy sessionData from existing entry (caller must free) */ - return SSLCopyBuffer(entry->sessionData(), *sessionData); -} - -OSStatus SessionCache::deleteEntry( - const SSLBuffer sessionKey) -{ - StLock _(mSessionLock); - deletePriv(&sessionKey); - return noErr; -} - -/* cleanup, delete stale entries */ -bool SessionCache::cleanup() -{ - StLock _(mSessionLock); - bool brtn = false; - Time::Absolute rightNow = Time::now(); - SessionCacheIter iter; - - for(iter = mSessionCache.begin(); iter != mSessionCache.end(); ) { - SessionCacheEntry *entry = *iter; - if(entry->isStale(rightNow)) { - #ifndef DEBUG - sslLogSessCacheDebug("...SessionCache::cleanup: deleting " - "cached session (%p)", entry); - cachePrint(&entry->key(), &entry->sessionData()); - #endif - iter = deletePriv(iter); - } - else { - iter++; - /* we're leaving one in the map */ - brtn = true; - } - } - return brtn; -} - -/* private methods, mSessionLock held on entry and exit */ -SessionCacheIter SessionCache::lookupPriv( - const SSLBuffer *sessionKey) -{ - SessionCacheIter it; - - for(it = mSessionCache.begin(); it != mSessionCache.end(); it++) { - SessionCacheEntry *entry = *it; - if(entry->matchKey(*sessionKey)) { - return it; - } - } - /* returning map.end() */ - return it; -} - -void SessionCache::deletePriv( - const SSLBuffer *sessionKey) -{ - SessionCacheIter iter = lookupPriv(sessionKey); - if(iter != mSessionCache.end()) { - /* - * delete from map - * free underlying SSLBuffer.data pointers - * destruct the stored map entry - */ - #if CACHE_PRINT - SessionCacheEntry *entry = *iter; - sslLogSessCacheDebug("SessionCache::deletePriv %p", entry); - cachePrint(sessionKey, &entry->sessionData()); - dumpAllCache(); - #endif - deletePriv(iter); - } - assert(lookupPriv(sessionKey) == mSessionCache.end()); -} - -/* common erase, given a SessionCacheIter; returns next iter */ -SessionCacheIter SessionCache::deletePriv( - SessionCacheIter iter) -{ - assert(iter != mSessionCache.end()); - SessionCacheEntry *entry = *iter; - SessionCacheIter nextIter = mSessionCache.erase(iter); - delete entry; - return nextIter; -} - -/* the single global thing */ -static ModuleNexus gSessionCache; - -#if DUMP_ALL_CACHE -static void dumpAllCache() -{ - SessionCacheIter it; - SessionCacheType &smap = gSessionCache().sessMap(); - - printf("Contents of sessionCache:\n"); - for(it = smap.begin(); it != smap.end(); it++) { - SessionCacheEntry *entry = *it; - cachePrint(&entry->key(), &entry->sessionData()); - } -} -#endif /* DUMP_ALL_CACHE */ - -/* - * Store opaque sessionData, associated with opaque sessionKey. - */ -OSStatus sslAddSession ( - const SSLBuffer sessionKey, - const SSLBuffer sessionData) -{ - OSStatus serr; - try { - serr = gSessionCache().addEntry(sessionKey, sessionData); - } - catch(...) { - serr = unimpErr; - } - dumpAllCache(); - return serr; -} - -/* - * Given an opaque sessionKey, alloc & retrieve associated sessionData. - */ -OSStatus sslGetSession ( - const SSLBuffer sessionKey, - SSLBuffer *sessionData) -{ - OSStatus serr; - try { - serr = gSessionCache().lookupEntry(sessionKey, sessionData); - } - catch(...) { - serr = errSSLSessionNotFound; - } - sslLogSessCacheDebug("sslGetSession(%d, %p): %ld", - (int)sessionKey.length, sessionKey.data, - serr); - if(serr == noErr) { - cachePrint(&sessionKey, sessionData); - } - else { - cachePrint(&sessionKey, NULL); - } - dumpAllCache(); - return serr; -} - -OSStatus sslDeleteSession ( - const SSLBuffer sessionKey) -{ - OSStatus serr; - try { - serr = gSessionCache().deleteEntry(sessionKey); - } - catch(...) { - serr = errSSLSessionNotFound; - } - return serr; -} - -/* cleanup up session cache, deleting stale entries. */ -OSStatus sslCleanupSession () -{ - OSStatus serr = noErr; - bool moreToGo = false; - try { - moreToGo = gSessionCache().cleanup(); - } - catch(...) { - serr = errSSLSessionNotFound; - } - /* Possible TBD: if moreToGo, schedule a timed callback to this function */ - return serr; -} diff --git a/SecureTransport/cipherSpecs.cpp b/SecureTransport/cipherSpecs.cpp deleted file mode 100644 index 5562ac9e..00000000 --- a/SecureTransport/cipherSpecs.cpp +++ /dev/null @@ -1,621 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cipherSpecs.cpp - - Contains: SSLCipherSpec declarations - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "cryptType.h" -#include "symCipher.h" -#include "cipherSpecs.h" -#include "sslDebug.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslUtils.h" -#include "sslPriv.h" -#include "appleCdsa.h" -#include -#include - -#define ENABLE_3DES 1 /* normally enabled */ -#define ENABLE_RC4 1 /* normally enabled, our first preference */ -#define ENABLE_DES 1 /* normally enabled */ -#define ENABLE_RC2 1 /* normally enabled */ - -#define ENABLE_RSA_DES_SHA_NONEXPORT ENABLE_DES -#define ENABLE_RSA_DES_MD5_NONEXPORT ENABLE_DES -#define ENABLE_RSA_DES_SHA_EXPORT ENABLE_DES -#define ENABLE_RSA_RC4_MD5_EXPORT ENABLE_RC4 /* the most common one */ -#define ENABLE_RSA_RC4_MD5_NONEXPORT ENABLE_RC4 -#define ENABLE_RSA_RC4_SHA_NONEXPORT ENABLE_RC4 -#define ENABLE_RSA_RC2_MD5_EXPORT ENABLE_RC2 -#define ENABLE_RSA_RC2_MD5_NONEXPORT ENABLE_RC2 -#define ENABLE_RSA_3DES_SHA ENABLE_3DES -#define ENABLE_RSA_3DES_MD5 ENABLE_3DES - -#if APPLE_DH -#define ENABLE_DH_ANON 1 -#define ENABLE_DH_EPHEM_RSA 1 -#define ENABLE_DH_EPHEM_DSA 1 -#else -#define ENABLE_DH_ANON 0 -#define ENABLE_DH_EPHEM_RSA 0 -#define ENABLE_DH_EPHEM_DSA 0 -#endif /* APPLE_DH */ - -extern "C" { -extern const SSLSymmetricCipher SSLCipherNull; /* in sslNullCipher.cpp */ -} - -/* - * The symmetric ciphers currently supported (in addition to the - * NULL cipher in nullciph.c). - */ -#if ENABLE_DES -static const SSLSymmetricCipher SSLCipherDES_CBC = { - 8, /* Key size in bytes */ - 8, /* Secret key size = 64 bits */ - 8, /* IV size */ - 8, /* Block size */ - CSSM_ALGID_DES, - CSSM_ALGID_DES, - /* Note we don't want CSSM_ALGMODE_CBCPadIV8; our clients do that - * for us */ - CSSM_ALGMODE_CBC_IV8, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; - -static const SSLSymmetricCipher SSLCipherDES40_CBC = { - 8, /* Key size in bytes */ - 5, /* Secret key size = 40 bits */ - 8, /* IV size */ - 8, /* Block size */ - CSSM_ALGID_DES, - CSSM_ALGID_DES, - CSSM_ALGMODE_CBC_IV8, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; -#endif /* ENABLE_DES */ - -#if ENABLE_3DES -static const SSLSymmetricCipher SSLCipher3DES_CBC = { - 24, /* Key size in bytes */ - 24, /* Secret key size = 192 bits */ - 8, /* IV size */ - 8, /* Block size */ - CSSM_ALGID_3DES_3KEY, // key gen - CSSM_ALGID_3DES_3KEY_EDE, // encryption - /* Note we don't want CSSM_ALGMODE_CBCPadIV8; our clients do that - * for us */ - CSSM_ALGMODE_CBC_IV8, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; -#endif /* ENABLE_3DES */ - -#if ENABLE_RC4 -static const SSLSymmetricCipher SSLCipherRC4_40 = { - 16, /* Key size in bytes */ - 5, /* Secret key size = 40 bits */ - 0, /* IV size */ - 0, /* Block size */ - CSSM_ALGID_RC4, - CSSM_ALGID_RC4, - CSSM_ALGMODE_NONE, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; - -static const SSLSymmetricCipher SSLCipherRC4_128 = { - 16, /* Key size in bytes */ - 16, /* Secret key size = 128 bits */ - 0, /* IV size */ - 0, /* Block size */ - CSSM_ALGID_RC4, - CSSM_ALGID_RC4, - CSSM_ALGMODE_NONE, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; -#endif /* ENABLE_RC4 */ - -#if ENABLE_RC2 -static const SSLSymmetricCipher SSLCipherRC2_40 = { - 16, /* Key size in bytes */ - 5, /* Secret key size = 40 bits */ - 8, /* IV size */ - 8, /* Block size */ - CSSM_ALGID_RC2, - CSSM_ALGID_RC2, - CSSM_ALGMODE_CBC_IV8, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; - -static const SSLSymmetricCipher SSLCipherRC2_128 = { - 16, /* Key size in bytes */ - 16, /* Secret key size = 40 bits */ - 8, /* IV size */ - 8, /* Block size */ - CSSM_ALGID_RC2, - CSSM_ALGID_RC2, - CSSM_ALGMODE_CBC_IV8, - CSSM_PADDING_NONE, - CDSASymmInit, - CDSASymmEncrypt, - CDSASymmDecrypt, - CDSASymmFinish -}; - -#endif /* ENABLE_RC2*/ - - -/* Even if we don't support NULL_WITH_NULL_NULL for transport, - * we need a reference for startup */ -const SSLCipherSpec SSL_NULL_WITH_NULL_NULL_CipherSpec = -{ SSL_NULL_WITH_NULL_NULL, - Exportable, - SSL_NULL_auth, - &HashHmacNull, - &SSLCipherNull -}; - -/* - * List of all CipherSpecs we implement. Depending on a context's - * exportable flag, not all of these might be available for use. - * - * FIXME - I'm not sure the distinction between e.g. SSL_RSA and SSL_RSA_EXPORT - * makes any sense here. See comments for the definition of - * KeyExchangeMethod in cryptType.h. - */ -/* Order by preference, domestic first */ -static const SSLCipherSpec KnownCipherSpecs[] = -{ - /*** domestic only ***/ - #if ENABLE_RSA_RC4_SHA_NONEXPORT - { - SSL_RSA_WITH_RC4_128_SHA, - NotExportable, - SSL_RSA, - &HashHmacSHA1, - &SSLCipherRC4_128 - }, - #endif - #if ENABLE_RSA_RC4_MD5_NONEXPORT - { - SSL_RSA_WITH_RC4_128_MD5, - NotExportable, - SSL_RSA, - &HashHmacMD5, - &SSLCipherRC4_128 - }, - #endif - #if ENABLE_RSA_3DES_SHA - { - SSL_RSA_WITH_3DES_EDE_CBC_SHA, - NotExportable, - SSL_RSA, - &HashHmacSHA1, - &SSLCipher3DES_CBC - }, - #endif - #if ENABLE_RSA_3DES_MD5 - { - SSL_RSA_WITH_3DES_EDE_CBC_MD5, - NotExportable, - SSL_RSA, - &HashHmacMD5, - &SSLCipher3DES_CBC - }, - #endif - #if ENABLE_RSA_DES_SHA_NONEXPORT - { - SSL_RSA_WITH_DES_CBC_SHA, - NotExportable, - SSL_RSA, - &HashHmacSHA1, - &SSLCipherDES_CBC - }, - #endif - #if ENABLE_RSA_DES_MD5_NONEXPORT - { - SSL_RSA_WITH_DES_CBC_MD5, - NotExportable, - SSL_RSA, - &HashHmacMD5, - &SSLCipherDES_CBC - }, - #endif - /*** exportable ***/ - #if ENABLE_RSA_RC4_MD5_EXPORT - { - SSL_RSA_EXPORT_WITH_RC4_40_MD5, - Exportable, - SSL_RSA_EXPORT, - &HashHmacMD5, - &SSLCipherRC4_40 - }, - #endif - #if ENABLE_RSA_DES_SHA_EXPORT - { - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, - Exportable, - SSL_RSA_EXPORT, - &HashHmacSHA1, - &SSLCipherDES40_CBC - }, - #endif - - #if ENABLE_RSA_RC2_MD5_EXPORT - { - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - Exportable, - SSL_RSA_EXPORT, - &HashHmacMD5, - &SSLCipherRC2_40 - }, - #endif - #if ENABLE_RSA_RC2_MD5_NONEXPORT - { - SSL_RSA_WITH_RC2_CBC_MD5, - NotExportable, - SSL_RSA, - &HashHmacMD5, - &SSLCipherRC2_128 - }, - #endif - { - SSL_RSA_WITH_NULL_MD5, - Exportable, - SSL_RSA, - &HashHmacMD5, - &SSLCipherNull - }, - #if ENABLE_DH_EPHEM_RSA - { - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - NotExportable, - SSL_DHE_RSA, - &HashHmacSHA1, - &SSLCipher3DES_CBC - }, - { - SSL_DHE_RSA_WITH_DES_CBC_SHA, - NotExportable, - SSL_DHE_RSA, - &HashHmacSHA1, - &SSLCipherDES_CBC - }, - { - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - Exportable, - SSL_DHE_RSA, - &HashHmacSHA1, - &SSLCipherDES40_CBC - }, - - #endif /* ENABLE_DH_EPHEM_RSA */ - #if ENABLE_DH_EPHEM_DSA - { - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - NotExportable, - SSL_DHE_DSS, - &HashHmacSHA1, - &SSLCipher3DES_CBC - }, - { - SSL_DHE_DSS_WITH_DES_CBC_SHA, - NotExportable, - SSL_DHE_DSS, - &HashHmacSHA1, - &SSLCipherDES_CBC - }, - { - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - Exportable, - SSL_DHE_DSS, - &HashHmacSHA1, - &SSLCipherDES40_CBC - }, - - #endif /* ENABLE_DH_EPHEM_DSA */ - #if ENABLE_DH_ANON - { - SSL_DH_anon_WITH_RC4_128_MD5, - NotExportable, - SSL_DH_anon, - &HashHmacMD5, - &SSLCipherRC4_128 - }, - { - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, - NotExportable, - SSL_DH_anon, - &HashHmacSHA1, - &SSLCipher3DES_CBC - }, - { - SSL_DH_anon_WITH_DES_CBC_SHA, - NotExportable, - SSL_DH_anon, - &HashHmacSHA1, - &SSLCipherDES_CBC - }, - { - SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, - Exportable, - SSL_DH_anon, - &HashHmacMD5, - &SSLCipherRC4_40 - }, - { - SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - Exportable, - SSL_DH_anon, - &HashHmacSHA1, - &SSLCipherDES40_CBC - }, - #endif /* APPLE_DH */ -}; - -static const unsigned CipherSpecCount = sizeof(KnownCipherSpecs) / sizeof(SSLCipherSpec); - -/* - * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that - * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has - * not been called). - */ -OSStatus sslBuildCipherSpecArray(SSLContext *ctx) -{ - unsigned size; - - assert(ctx != NULL); - assert(ctx->validCipherSpecs == NULL); - - ctx->numValidCipherSpecs = CipherSpecCount; - size = CipherSpecCount * sizeof(SSLCipherSpec); - ctx->validCipherSpecs = (SSLCipherSpec *)sslMalloc(size); - if(ctx->validCipherSpecs == NULL) { - ctx->numValidCipherSpecs = 0; - return memFullErr; - } - memmove(ctx->validCipherSpecs, KnownCipherSpecs, size); - return noErr; -} - -/* - * Convert an array of SSLCipherSpecs (which is either KnownCipherSpecs or - * ctx->validCipherSpecs) to an array of SSLCipherSuites. - */ -static OSStatus -cipherSpecsToCipherSuites( - UInt32 numCipherSpecs, /* size of cipherSpecs */ - const SSLCipherSpec *cipherSpecs, - SSLCipherSuite *ciphers, /* RETURNED */ - UInt32 *numCiphers) /* IN/OUT */ -{ - unsigned dex; - - if(*numCiphers < numCipherSpecs) { - return errSSLBufferOverflow; - } - for(dex=0; dexvalidCipherSpecs = (SSLCipherSpec *)sslMalloc(size); - if(ctx->validCipherSpecs == NULL) { - ctx->numValidCipherSpecs = 0; - return memFullErr; - } - - /* - * Run thru caller's specs, finding a matching SSLCipherSpec for each one. - * If caller specifies one we don't know about, abort. - */ - for(callerDex=0; callerDexvalidCipherSpecs[callerDex] = KnownCipherSpecs[tableDex]; - foundOne = 1; - break; - } - } - if(!foundOne) { - /* caller specified one we don't implement */ - sslFree(ctx->validCipherSpecs); - ctx->validCipherSpecs = NULL; - return errSSLBadCipherSuite; - } - } - - /* success */ - ctx->numValidCipherSpecs = numCiphers; - return noErr; -} - -/* - * Determine number and values of all of the SSLCipherSuites currently enabled. - * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in - * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow - * will be returned. - */ -OSStatus -SSLGetNumberEnabledCiphers (SSLContextRef ctx, - UInt32 *numCiphers) -{ - if((ctx == NULL) || (numCiphers == NULL)) { - return paramErr; - } - if(ctx->validCipherSpecs == NULL) { - /* hasn't been set; use default */ - *numCiphers = CipherSpecCount; - } - else { - /* caller set via SSLSetEnabledCiphers */ - *numCiphers = ctx->numValidCipherSpecs; - } - return noErr; -} - -OSStatus -SSLGetEnabledCiphers (SSLContextRef ctx, - SSLCipherSuite *ciphers, /* RETURNED */ - UInt32 *numCiphers) /* IN/OUT */ -{ - if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) { - return paramErr; - } - if(ctx->validCipherSpecs == NULL) { - /* hasn't been set; use default */ - return cipherSpecsToCipherSuites(CipherSpecCount, - KnownCipherSpecs, - ciphers, - numCiphers); - } - else { - /* use the ones specified in SSLSetEnabledCiphers() */ - return cipherSpecsToCipherSuites(ctx->numValidCipherSpecs, - ctx->validCipherSpecs, - ciphers, - numCiphers); - } -} - -/*** - *** End of publically exported functions declared in SecureTransport.h - ***/ - -/* - * Given a valid ctx->selectedCipher and ctx->validCipherSpecs, set - * ctx->selectedCipherSpec as appropriate. - */ -OSStatus -FindCipherSpec(SSLContext *ctx) -{ - - unsigned i; - - assert(ctx != NULL); - assert(ctx->validCipherSpecs != NULL); - - ctx->selectedCipherSpec = NULL; - for (i=0; inumValidCipherSpecs; i++) - { if (ctx->validCipherSpecs[i].cipherSpec == ctx->selectedCipher) { - ctx->selectedCipherSpec = &ctx->validCipherSpecs[i]; - break; - } - } - if (ctx->selectedCipherSpec == NULL) /* Not found */ - return errSSLNegotiation; - - /* make sure we're configured to handle this one */ - return sslVerifyNegotiatedCipher(ctx); -} - diff --git a/SecureTransport/privateInc/SecureTransportPriv.h b/SecureTransport/privateInc/SecureTransportPriv.h deleted file mode 100644 index 2c5f2dd2..00000000 --- a/SecureTransport/privateInc/SecureTransportPriv.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: SecureTransportPriv.h - - Contains: Apple-private exported routines - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SECURE_TRANSPORT_PRIV_H_ -#define _SECURE_TRANSPORT_PRIV_H_ 1 - -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* The size of of client- and server-generated random numbers in hello messages. */ -#define SSL_CLIENT_SRVR_RAND_SIZE 32 - -/* The size of the pre-master and master secrets. */ -#define SSL_RSA_PREMASTER_SECRET_SIZE 48 -#define SSL_MASTER_SECRET_SIZE 48 - -/* - * For the following three functions, *size is the available - * buffer size on entry and the actual size of the data returned - * on return. The above consts are for convenience. - */ -OSStatus SSLInternalMasterSecret( - SSLContextRef context, - void *secret, // mallocd by caller, SSL_MASTER_SECRET_SIZE - size_t *secretSize); // in/out - -OSStatus SSLInternalServerRandom( - SSLContextRef context, - void *rand, // mallocd by caller, SSL_CLIENT_SRVR_RAND_SIZE - size_t *randSize); // in/out - -OSStatus SSLInternalClientRandom( - SSLContextRef context, - void *rand, // mallocd by caller, SSL_CLIENT_SRVR_RAND_SIZE - size_t *randSize); // in/out - -OSStatus SSLInternal_PRF( - SSLContextRef context, - const void *secret, - size_t secretLen, - const void *label, - size_t labelLen, - const void *seed, - size_t seedLen, - void *out, // mallocd by caller, length >= outLen - size_t outLen); - -/* - * Obtain a SecTrustRef representing peer certificates. Valid anytime, - * subsequent to a handshake attempt. The returned SecTrustRef is valid - * only as long as the SSLContextRef is. - */ -OSStatus -SSLGetPeerSecTrust (SSLContextRef context, - SecTrustRef *secTrust); /* RETURNED */ - -/* - * Obtain resumable session info. Can be called anytime subsequent to - * handshake attempt. - * - * if sessionWasResumed is True on return, the session is indeed a - * resumed session; the sessionID (an opaque blob generated by the - * server) is returned in *sessionID. The length of the sessionID - * is returned in *sessionIDLength. Caller must allocate the - * sessionID buffer; it max size is MAX_SESSION_ID_LENGTH bytes. - */ -#define MAX_SESSION_ID_LENGTH 32 - -OSStatus -SSLGetResumableSessionInfo ( - SSLContextRef context, - Boolean *sessionWasResumed, // RETURNED - void *sessionID, // RETURNED, mallocd by caller - size_t *sessionIDLength); // IN/OUT - -#ifdef __cplusplus -} -#endif - -#endif /* _SECURE_TRANSPORT_PRIV_H_ */ diff --git a/SecureTransport/privateInc/appleCdsa.h b/SecureTransport/privateInc/appleCdsa.h deleted file mode 100644 index 8d09adc7..00000000 --- a/SecureTransport/privateInc/appleCdsa.h +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: appleCdsa.h - - Contains: interface between SSL and CDSA - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _APPLE_CDSA_H_ -#define _APPLE_CDSA_H_ 1 - -#include "ssl.h" -#include "sslPriv.h" -#include "sslContext.h" -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef NDEBUG -extern void stPrintCdsaError(const char *op, CSSM_RETURN crtn); -extern char *stCssmErrToStr(CSSM_RETURN err); -#else -#define stPrintCdsaError(o, cr) -#endif - -extern OSStatus sslSetUpSymmKey( - CSSM_KEY_PTR symKey, - CSSM_ALGORITHMS alg, - CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_BOOL copyKey, // true: copy keyData false: set by reference - uint8 *keyData, - uint32 keyDataLen); // in bytes - -extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR *key, - #if ST_KC_KEYS_NEED_REF - SecKeychainRef *kcItem); - #else /* !ST_KC_KEYS_NEED_REF */ - void *kcItem); - #endif /* ST_KC_KEYS_NEED_REF*/ - -extern OSStatus attachToCsp(SSLContext *ctx); -extern OSStatus attachToCl(SSLContext *ctx); -extern OSStatus attachToTp(SSLContext *ctx); -extern OSStatus attachToAll(SSLContext *ctx); -extern OSStatus detachFromAll(SSLContext *ctx); - -extern CSSM_DATA_PTR stMallocCssmData(uint32 size); -extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct); -extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, uint32 length); - - -/* - * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR. - */ -extern OSStatus sslPubKeyFromCert( - SSLContext *ctx, - const SSLBuffer &derCert, - CSSM_KEY_PTR *pubKey, // RETURNED - CSSM_CSP_HANDLE *cspHand); // RETURNED - -/* - * Verify a cert chain. - */ -extern OSStatus sslVerifyCertChain( - SSLContext *ctx, - const SSLCertificate &certChain, - bool arePeerCerts = true); - -/* - * Raw RSA/DSA sign/verify. - */ -OSStatus sslRawSign( - SSLContext *ctx, - SecKeyRef privKeyRef, - const UInt8 *plainText, - UInt32 plainTextLen, - UInt8 *sig, // mallocd by caller; RETURNED - UInt32 sigLen, // available - UInt32 *actualBytes); // RETURNED - -OSStatus sslRawVerify( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - const UInt8 *plainText, - UInt32 plainTextLen, - const UInt8 *sig, - UInt32 sigLen); // available - -/* - * Encrypt/Decrypt - */ -OSStatus sslRsaEncrypt( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - const UInt8 *plainText, - UInt32 plainTextLen, - UInt8 *cipherText, // mallocd by caller; RETURNED - UInt32 cipherTextLen, // available - UInt32 *actualBytes); // RETURNED -OSStatus sslRsaDecrypt( - SSLContext *ctx, - SecKeyRef privKeyRef, - const UInt8 *cipherText, - UInt32 cipherTextLen, - UInt8 *plainText, // mallocd by caller; RETURNED - UInt32 plainTextLen, // available - UInt32 *actualBytes); // RETURNED - -/* - * Obtain size of key in bytes. - */ -extern UInt32 sslKeyLengthInBytes( - const CSSM_KEY *key); - -/* Obtain max signature size in bytes. */ -extern OSStatus sslGetMaxSigSize( - const CSSM_KEY *privKey, - UInt32 &maxSigSize); - -/* - * Get raw key bits from an RSA public key. - */ -OSStatus sslGetPubKeyBits( - SSLContext *ctx, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE cspHand, - SSLBuffer *modulus, // data mallocd and RETURNED - SSLBuffer *exponent); // data mallocd and RETURNED - -/* - * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in - * Server-initiated key exchange. - */ -OSStatus sslGetPubKeyFromBits( - SSLContext *ctx, - const SSLBuffer *modulus, - const SSLBuffer *exponent, - CSSM_KEY_PTR *pubKey, // mallocd and RETURNED - CSSM_CSP_HANDLE *cspHand); // RETURNED - -/* - * Given a DER-encoded cert, obtain its DER-encoded subject name. - */ -CSSM_DATA_PTR sslGetCertSubjectName( - SSLContext *ctx, - const CSSM_DATA_PTR cert); - -#if SSL_DEBUG -void verifyTrustedRoots(SSLContext *ctx, - CSSM_DATA_PTR certs, - unsigned numCerts); -#endif - -void * stAppMalloc (uint32 size, void *allocRef); -void stAppFree (void *mem_ptr, void *allocRef); -void * stAppRealloc (void *ptr, uint32 size, void *allocRef); -void * stAppCalloc (uint32 num, uint32 size, void *allocRef); - -OSStatus sslDhGenKeyPairClient( - SSLContext *ctx, - const SSLBuffer &prime, - const SSLBuffer &generator, - CSSM_KEY_PTR publicKey, // RETURNED - CSSM_KEY_PTR privateKey); // RETURNED -OSStatus sslDhGenerateKeyPair( - SSLContext *ctx, - const SSLBuffer ¶mBlob, - UInt32 keySizeInBits, - CSSM_KEY_PTR publicKey, // RETURNED - CSSM_KEY_PTR privateKey); // RETURNED -OSStatus sslDhKeyExchange( - SSLContext *ctx, - uint32 deriveSizeInBits, - SSLBuffer *exchanged); -OSStatus sslVerifyNegotiatedCipher( - SSLContext *ctx); - -/* - * Convert between SSLBuffer and CSSM_DATA, which are after all identical. - * No mallocs, just copy the pointer and length. - */ -#define SSLBUF_TO_CSSM(sb, cd) { \ - (cd)->Length = (sb)->length; \ - (cd)->Data = (sb)->data; \ -} - -#define CSSM_TO_SSLBUF(cd, sb) { \ - (sb)->length = (cd)->Length; \ - (sb)->data = (cd)->Data; \ -} - -#ifdef __cplusplus -} -#endif - - -#endif /* _APPLE_CDSA_H_ */ diff --git a/SecureTransport/privateInc/appleSession.h b/SecureTransport/privateInc/appleSession.h deleted file mode 100644 index 671178f5..00000000 --- a/SecureTransport/privateInc/appleSession.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: appleSession.h - - Contains: Session storage module, Apple CDSA version. - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _APPLE_SESSION_H_ -#define _APPLE_SESSION_H_ - -#include "ssl.h" - -#ifdef __cplusplus -extern "C" { -#endif - -extern OSStatus sslAddSession ( - const SSLBuffer sessionKey, - const SSLBuffer sessionData); - -extern OSStatus sslGetSession ( - const SSLBuffer sessionKey, - SSLBuffer *sessionData); - -extern OSStatus sslDeleteSession ( - const SSLBuffer sessionKey); - -extern OSStatus sslCleanupSession(); - -#ifdef __cplusplus -} -#endif - -#endif /* _APPLE_SESSION_H_ */ diff --git a/SecureTransport/privateInc/cipherSpecs.h b/SecureTransport/privateInc/cipherSpecs.h deleted file mode 100644 index 8a1467e8..00000000 --- a/SecureTransport/privateInc/cipherSpecs.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cipherSpecs.h - - Contains: SSLCipherSpec declarations - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _CIPHER_SPECS_H_ -#define _CIPHER_SPECS_H_ - -#include "sslContext.h" -#include "cryptType.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Build ctx->validCipherSpecs as a copy of all known CipherSpecs. - */ -extern OSStatus sslBuildCipherSpecArray(SSLContext *ctx); - -/* - * Given a valid ctx->selectedCipher and ctx->validCipherSpecs, set - * ctx->selectedCipherSpec as appropriate. - */ -OSStatus FindCipherSpec(SSLContext *ctx); - -extern const SSLCipherSpec SSL_NULL_WITH_NULL_NULL_CipherSpec; - -#ifdef __cplusplus -} -#endif - -#endif /* _CIPHER_SPECS_H_ */ diff --git a/SecureTransport/privateInc/cryptType.h b/SecureTransport/privateInc/cryptType.h deleted file mode 100644 index be6006c4..00000000 --- a/SecureTransport/privateInc/cryptType.h +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cryptType.h - - Contains: Crypto structures and routines - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _CRYPTTYPE_H_ -#define _CRYPTTYPE_H_ 1 - -#include -#include "sslPriv.h" -#include "sslContext.h" -#include "tls_hmac.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ SSL2_RC4_128_WITH_MD5 = 0x010080, - SSL2_RC4_128_EXPORT_40_WITH_MD5 = 0x020080, - SSL2_RC2_128_CBC_WITH_MD5 = 0x030080, - SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, - SSL2_IDEA_128_CBC_WITH_MD5 = 0x050080, - SSL2_DES_64_CBC_WITH_MD5 = 0x060040, - SSL2_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0 -} SSL2CipherKind; - -typedef struct -{ SSL2CipherKind cipherKind; - SSLCipherSuite cipherSuite; -} SSLCipherMapping; - -typedef OSStatus (*HashInit)(SSLBuffer &digestCtx, SSLContext *sslCtx); -typedef OSStatus (*HashUpdate)(SSLBuffer &digestCtx, const SSLBuffer &data); -/* HashFinal also does HashClose */ -typedef OSStatus (*HashFinal)(SSLBuffer &digestCtx, SSLBuffer &digest); -typedef OSStatus (*HashClose)(SSLBuffer &digestCtx, SSLContext *sslCtx); -typedef OSStatus (*HashClone)(const SSLBuffer &src, SSLBuffer &dest); -typedef struct -{ UInt32 contextSize; - UInt32 digestSize; - UInt32 macPadSize; - HashInit init; - HashUpdate update; - HashFinal final; - HashClose close; - HashClone clone; -} HashReference; - -/* - * TLS addenda: - * -- new struct HashHmacReference - * -- structs which used to use HashReference now use HashHmacReference - * -- new union HashHmacContext, used in CipherContext. - */ -typedef struct { - const HashReference *hash; - const HMACReference *hmac; -} HashHmacReference; - -typedef union { - SSLBuffer hashCtx; - HMACContextRef hmacCtx; -} HashHmacContext; - -/* these are declared in tls_hmac.c */ -extern const HashHmacReference HashHmacNull; -extern const HashHmacReference HashHmacMD5; -extern const HashHmacReference HashHmacSHA1; - -/* - * Hack to avoid circular dependency with tls_ssl.h. - */ -struct _SslTlsCallouts; - -/* - * All symmetric ciphers go thru CDSA, via these callouts. - */ -struct CipherContext; -typedef struct CipherContext CipherContext; - -typedef OSStatus (*SSLKeyFunc)( - UInt8 *key, - UInt8 *iv, - CipherContext *cipherCtx, - SSLContext *ctx); -typedef OSStatus (*SSLCryptFunc)( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx); -typedef OSStatus (*SSLFinishFunc)( - CipherContext *cipherCtx, - SSLContext *ctx); - -typedef enum -{ NotExportable = 0, - Exportable = 1 -} Exportability; - -/* - * Statically defined description of a symmetric sipher. - */ -typedef struct { - UInt8 keySize; /* Sizes are in bytes */ - UInt8 secretKeySize; - UInt8 ivSize; - UInt8 blockSize; - CSSM_ALGORITHMS keyAlg; /* CSSM_ALGID_DES, etc. */ - CSSM_ALGORITHMS encrAlg; /* ditto */ - CSSM_ENCRYPT_MODE encrMode; /* CSSM_ALGMODE_CBCPadIV8, etc. */ - CSSM_PADDING encrPad; - SSLKeyFunc initialize; - SSLCryptFunc encrypt; - SSLCryptFunc decrypt; - SSLFinishFunc finish; -} SSLSymmetricCipher; - -#define MAX_MAC_PADDING 48 /* MD5 MAC padding size = 48 bytes */ -#define MASTER_SECRET_LEN 48 /* master secret = 3 x MD5 hashes concatenated */ - -/* SSL V2 - mac secret is the size of symmetric key, not digest */ -#define MAX_SYMKEY_SIZE 24 - -typedef enum -{ SSL_NULL_auth, - SSL_RSA, - SSL_RSA_EXPORT, - SSL_DH_DSS, - SSL_DH_DSS_EXPORT, - SSL_DH_RSA, - SSL_DH_RSA_EXPORT, - SSL_DHE_DSS, - SSL_DHE_DSS_EXPORT, - SSL_DHE_RSA, - SSL_DHE_RSA_EXPORT, - SSL_DH_anon, - SSL_DH_anon_EXPORT, - SSL_Fortezza -} KeyExchangeMethod; - -typedef struct { - SSLCipherSuite cipherSpec; - Exportability isExportable; - KeyExchangeMethod keyExchangeMethod; - const HashHmacReference *macAlgorithm; - const SSLSymmetricCipher *cipher; -} SSLCipherSpec; - -extern const SSLCipherMapping SSL2CipherMap[]; -extern const unsigned SSL2CipherMapCount; - -/* Default size of server-generated Diffie-Hellman parameters and keys */ -#ifdef NDEBUG -#define SSL_DH_DEFAULT_PRIME_SIZE 1024 /* in bits */ -#else -#define SSL_DH_DEFAULT_PRIME_SIZE 512 /* in bits */ -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* _CRYPTTYPE_H_ */ diff --git a/SecureTransport/privateInc/ssl.h b/SecureTransport/privateInc/ssl.h deleted file mode 100644 index e0728eaa..00000000 --- a/SecureTransport/privateInc/ssl.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: ssl.h - - Contains: convenience header - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_SSL_H_ -#define _SSL_SSL_H_ - -#include -#include "sslPriv.h" - -/* and this system-wide kludge */ -#include - -#endif /* _SSL_SSL_H_ */ diff --git a/SecureTransport/privateInc/ssl2.h b/SecureTransport/privateInc/ssl2.h deleted file mode 100644 index c7155816..00000000 --- a/SecureTransport/privateInc/ssl2.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: ssl2.h - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL2_H_ -#define _SSL2_H_ - -#include "SecureTransport.h" -#include "sslPriv.h" -#include "sslRecord.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum { - SSL2_MsgError = 0, - SSL2_MsgClientHello = 1, - SSL2_MsgClientMasterKey = 2, - SSL2_MsgClientFinished = 3, - SSL2_MsgServerHello = 4, - SSL2_MsgServerVerify = 5, - SSL2_MsgServerFinished = 6, - SSL2_MsgRequestCert = 7, - SSL2_MsgClientCert = 8, - SSL2_MsgKickstart = 99 -} SSL2MessageType; - -typedef enum { - SSL2_ErrNoCipher = 1, - SSL2_ErrNoCert = 2, - SSL2_ErrBadCert = 4, - SSL2_ErrUnsupportedCert = 6 -} SSL2ErrorCode; - -typedef enum{ - SSL2_CertTypeX509 = 1 -} SSL2CertTypeCode; - -#define SSL2_CONNECTION_ID_LENGTH 16 - -typedef OSStatus (*EncodeSSL2MessageFunc)(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ReadRecord(SSLRecord &rec, SSLContext *ctx); -OSStatus SSL2WriteRecord(SSLRecord &rec, SSLContext *ctx); -OSStatus SSL2ProcessMessage(SSLRecord &rec, SSLContext *ctx); -OSStatus SSL2SendError(SSL2ErrorCode error, SSLContext *ctx); -OSStatus SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx); -OSStatus SSL2PrepareAndQueueMessage(EncodeSSL2MessageFunc encodeFunc, SSLContext *ctx); -OSStatus SSL2CompareSessionIDs(SSLContext *ctx); -OSStatus SSL2InstallSessionKey(SSLContext *ctx); -OSStatus SSL2GenerateSessionID(SSLContext *ctx); -OSStatus SSL2InitCiphers(SSLContext *ctx); - -OSStatus SSL2ProcessClientHello(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeClientHello(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ProcessClientMasterKey(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeClientMasterKey(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ProcessClientFinished(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeClientFinished(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ProcessServerHello(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeServerHello(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ProcessServerVerify(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeServerVerify(SSLBuffer &msg, SSLContext *ctx); -OSStatus SSL2ProcessServerFinished(SSLBuffer msgContents, SSLContext *ctx); -OSStatus SSL2EncodeServerFinished(SSLBuffer &msg, SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/SecureTransport/privateInc/sslAlertMessage.h b/SecureTransport/privateInc/sslAlertMessage.h deleted file mode 100644 index 3100b083..00000000 --- a/SecureTransport/privateInc/sslAlertMessage.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ********************************************************************* - File: sslAlertMessage.h - ****************************************************************** */ - -#ifndef _SSLALERTMESSAGE_H_ -#define _SSLALERTMESSAGE_H_ 1 - -#ifndef _SECURE_TRANSPORT_H_ -#include "SecureTransport.h" -#endif - -#include "sslPriv.h" -#include "sslRecord.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ SSL_AlertLevelWarning = 1, - SSL_AlertLevelFatal = 2 -} AlertLevel; - -typedef enum -{ SSL_AlertCloseNotify = 0, - SSL_AlertUnexpectedMsg = 10, - SSL_AlertBadRecordMac = 20, - SSL_AlertDecryptionFail = 21, /* TLS */ - SSL_AlertRecordOverflow = 22, /* TLS */ - SSL_AlertDecompressFail = 30, - SSL_AlertHandshakeFail = 40, - SSL_AlertNoCert = 41, - SSL_AlertBadCert = 42, /* SSLv3 only */ - SSL_AlertUnsupportedCert = 43, - SSL_AlertCertRevoked = 44, - SSL_AlertCertExpired = 45, - SSL_AlertCertUnknown = 46, - SSL_AlertIllegalParam = 47, - /* remainder are TLS addenda */ - SSL_AlertUnknownCA = 48, - SSL_AlertAccessDenied = 49, - SSL_AlertDecodeError = 50, - SSL_AlertDecryptError = 51, - SSL_AlertExportRestriction = 60, - SSL_AlertProtocolVersion = 70, - SSL_AlertInsufficientSecurity = 71, - SSL_AlertInternalError = 80, - SSL_AlertUserCancelled = 90, - SSL_AlertNoRenegotiation = 100 -} AlertDescription; - -OSStatus SSLProcessAlert( - SSLRecord rec, - SSLContext *ctx); -OSStatus SSLSendAlert( - AlertLevel level, - AlertDescription desc, - SSLContext *ctx); -OSStatus SSLFatalSessionAlert( - AlertDescription desc, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLALERTMESSAGE_H_ */ diff --git a/SecureTransport/privateInc/sslBER.h b/SecureTransport/privateInc/sslBER.h deleted file mode 100644 index 2ebc444d..00000000 --- a/SecureTransport/privateInc/sslBER.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslBER.h - - Contains: BER routines - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_BER_H_ -#define _SSL_BER_H_ - -#ifndef _SSL_PRIV_H_ -#include "sslPriv.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given a PKCS-1 encoded RSA public key, extract the - * modulus and public exponent. - * - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e } - */ - -OSStatus sslDecodeRsaBlob( - const SSLBuffer *blob, /* PKCS-1 encoded */ - SSLBuffer *modulus, /* data mallocd and RETURNED */ - SSLBuffer *exponent); /* data mallocd and RETURNED */ - -/* - * Given a raw modulus and exponent, cook up a - * BER-encoded RSA public key blob. - */ - -OSStatus sslEncodeRsaBlob( - const SSLBuffer *modulus, - const SSLBuffer *exponent, - SSLBuffer *blob); /* data mallocd and RETURNED */ - -/* - * Given a DER encoded DHParameter, extract the prime and generator. - * modulus and public exponent. - */ -OSStatus sslDecodeDhParams( - const SSLBuffer *blob, /* PKCS-1 encoded */ - SSLBuffer *prime, /* data mallocd and RETURNED */ - SSLBuffer *generator); /* data mallocd and RETURNED */ - -/* - * Given a prime and generator, cook up a BER-encoded DHParameter blob. - */ -OSStatus sslEncodeDhParams( - const SSLBuffer *prime, - const SSLBuffer *generator, - SSLBuffer *blob); /* data mallocd and RETURNED */ - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_BER_H_ */ \ No newline at end of file diff --git a/SecureTransport/privateInc/sslBuildFlags.h b/SecureTransport/privateInc/sslBuildFlags.h deleted file mode 100644 index 9a0c3cfd..00000000 --- a/SecureTransport/privateInc/sslBuildFlags.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslBuildFlags.h - - Contains: Common build flags - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_BUILD_FLAGS_H_ -#define _SSL_BUILD_FLAGS_H_ 1 - -#if defined(__cplusplus) -extern "C" { -#endif - -/* - * general Keychain functionality. - */ - -/* - * Work around the Netscape Server Key Exchange bug. When this is - * true, only do server key exchange if both of the following are - * true: - * - * -- an export-grade ciphersuite has been negotiated, and - * -- an encryptPrivKey is present in the context - */ -#define SSL_SERVER_KEYEXCH_HACK 0 - -/* - * RSA functions which use a public key to do encryption force - * the proper usage bit because the CL always gives us - * a pub key (from a cert) with only the verify bit set. - * This needs a mod to the CL to do the right thing, and that - * might not be enough - what if server certs don't have the - * appropriate usage bits? - */ -#define RSA_PUB_KEY_USAGE_HACK 1 - -/* debugging flags */ -#ifdef NDEBUG -#define SSL_DEBUG 0 -#define ERROR_LOG_ENABLE 0 -#else -#define SSL_DEBUG 1 -#define ERROR_LOG_ENABLE 1 -#endif /* NDEBUG */ - -#if defined(__cplusplus) -} -#endif - -#endif /* _SSL_BUILD_FLAGS_H_ */ diff --git a/SecureTransport/privateInc/sslContext.h b/SecureTransport/privateInc/sslContext.h deleted file mode 100644 index c017fe9b..00000000 --- a/SecureTransport/privateInc/sslContext.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslContext.h - - Contains: Private SSL typedefs: SSLContext and its components - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSLCONTEXT_H_ -#define _SSLCONTEXT_H_ 1 - -#include -#include "sslBuildFlags.h" -#include - -#include "sslPriv.h" -#include "tls_ssl.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct -{ SSLReadFunc read; - SSLWriteFunc write; - SSLConnectionRef ioRef; -} IOContext; - -/* - * An element in a certificate chain. - */ -typedef struct SSLCertificate -{ - struct SSLCertificate *next; - SSLBuffer derCert; -} SSLCertificate; - -#include "cryptType.h" - -/* - * An SSLContext contains four of these - one for each of {read,write} and for - * {current, pending}. - */ -struct CipherContext -{ - - const HashHmacReference *macRef; /* HMAC (TLS) or digest (SSL) */ - const SSLSymmetricCipher *symCipher; - - /* this is a context which is reused once per record */ - HashHmacContext macCtx; - - /* - * symKey is obtained from the CSP at cspHand. Normally this - * cspHand is the same as ctx->cspHand; some day they might differ. - * Code which deals with this struct doesn't ever have to - * attach or detach from cspHand - that's taken care of at the - * SSLContext level. - */ - CSSM_KEY_PTR symKey; - CSSM_CSP_HANDLE cspHand; - CSSM_CC_HANDLE ccHand; - - /* needed in CDSASymmInit */ - uint8 encrypting; - - sslUint64 sequenceNum; - uint8 ready; - - /* in SSL2 mode, the macSecret is the same size as the - * cipher key - which is 24 bytes in the 3DES case. */ - uint8 macSecret[MAX_SYMKEY_SIZE]; -}; -/* typedef in cryptType.h */ - -#include "sslHandshake.h" - -typedef struct WaitingRecord -{ struct WaitingRecord *next; - SSLBuffer data; - uint32 sent; -} WaitingRecord; - -typedef struct DNListElem -{ struct DNListElem *next; - SSLBuffer derDN; -} DNListElem; - -struct SSLContext -{ - IOContext ioCtx; - - /* - * Prior to successful protocol negotiation, negProtocolVersion - * is SSL_Version_Undetermined. Subsequent to successful - * negotiation, negProtocolVersion contains the actual over-the-wire - * protocol value. - * - * The Boolean versionEnable flags are set by - * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and - * remain invariant once negotiation has started. If there - * were a large number of these and/or we were adding new - * protocol versions on a regular basis, we'd probably want - * to implement these as a word of flags. For now, in the - * real world, this is the most straightfoprward implementation. - */ - SSLProtocolVersion negProtocolVersion; /* negotiated */ - SSLProtocolVersion clientReqProtocol; /* requested by client in hello msg */ - Boolean versionSsl2Enable; - Boolean versionSsl3Enable; - Boolean versionTls1Enable; - SSLProtocolSide protocolSide; - - const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3 and TLSv1 */ - - /* crypto state in CDSA-centric terms */ - - SecKeyRef signingPrivKeyRef; /* our private signing key */ - CSSM_KEY_PTR signingPubKey; /* our public signing key */ - - SecKeyRef encryptPrivKeyRef; /* our private encrypt key, for - * server-initiated key exchange */ - CSSM_KEY_PTR encryptPubKey; /* public version of above */ - - CSSM_KEY_PTR peerPubKey; - CSSM_CSP_HANDLE peerPubKeyCsp; /* may not be needed, we figure this - * one out by trial&error, right? */ - - /* - * Various cert chains. - * For all three, the root is the first in the chain. - */ - SSLCertificate *localCert; - SSLCertificate *encryptCert; - SSLCertificate *peerCert; - - /* peer certs as SecTrustRef */ - SecTrustRef peerSecTrust; - - /* - * trusted root certs; specific to this implementation, we'll store - * them conveniently...these will be used as AnchorCerts in a TP - * call. - */ - uint32 numTrustedCerts; - CSSM_DATA_PTR trustedCerts; - - /* for symmetric cipher and RNG */ - CSSM_CSP_HANDLE cspHand; - - /* session-wide handles for Apple TP, CL */ - CSSM_TP_HANDLE tpHand; - CSSM_CL_HANDLE clHand; - - #if APPLE_DH - SSLBuffer dhParamsPrime; - SSLBuffer dhParamsGenerator; - SSLBuffer dhParamsEncoded; /* prime + generator */ - SSLBuffer dhPeerPublic; - SSLBuffer dhExchangePublic; - CSSM_KEY_PTR dhPrivate; - #endif /* APPLE_DH */ - - Boolean allowExpiredCerts; - Boolean allowExpiredRoots; - Boolean enableCertVerify; - - SSLBuffer sessionID; - - SSLBuffer peerID; - SSLBuffer resumableSession; - - char *peerDomainName; - UInt32 peerDomainNameLen; - - CipherContext readCipher; - CipherContext writeCipher; - CipherContext readPending; - CipherContext writePending; - - uint16 selectedCipher; /* currently selected */ - const SSLCipherSpec *selectedCipherSpec; /* ditto */ - SSLCipherSpec *validCipherSpecs; /* context's valid specs */ - unsigned numValidCipherSpecs; /* size of validCipherSpecs */ - SSLHandshakeState state; - - /* server-side only */ - SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */ - Boolean tryClientAuth; - - /* client and server */ - SSLClientCertificateState clientCertState; - - DNListElem *acceptableDNList; - - int certRequested; - int certSent; - int certReceived; - int x509Requested; - - uint8 clientRandom[SSL_CLIENT_SRVR_RAND_SIZE]; - uint8 serverRandom[SSL_CLIENT_SRVR_RAND_SIZE]; - SSLBuffer preMasterSecret; - uint8 masterSecret[SSL_MASTER_SECRET_SIZE]; - - /* running digests of all handshake messages */ - SSLBuffer shaState, md5State; - - SSLBuffer fragmentedMessageCache; - - unsigned ssl2ChallengeLength; - unsigned ssl2ConnectionIDLength; - unsigned sessionMatch; - - /* Record layer fields */ - SSLBuffer partialReadBuffer; - uint32 amountRead; - - /* Transport layer fields */ - WaitingRecord *recordWriteQueue; - SSLBuffer receivedDataBuffer; - uint32 receivedDataPos; - - Boolean allowAnyRoot; // don't require known roots - Boolean sentFatalAlert; // this session terminated by fatal alert - Boolean rsaBlindingEnable; -}; - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLCONTEXT_H_ */ diff --git a/SecureTransport/privateInc/sslDebug.h b/SecureTransport/privateInc/sslDebug.h deleted file mode 100644 index 9ac8ae88..00000000 --- a/SecureTransport/privateInc/sslDebug.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslDebug.h - - Contains: Debugging macros. - - Written by: Doug Mitchell - - Copyright: (c) 1998, 1999 by Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _SSL_DEBUG_H_ -#define _SSL_DEBUG_H_ - -#include "sslContext.h" -#include -#include - -/* log changes in handshake state */ -#define sslHdskStateDebug(args...) secdebug("sslHdskState", ## args) - -/* log handshake and alert messages */ -#define sslHdskMsgDebug(args...) secdebug("sslHdskMsg", ## args) - -/* log negotiated handshake parameters */ -#define sslLogNegotiateDebug(args...) secdebug("sslLogNegotiate", ## args) - -/* log received protocol messsages */ -#define sslLogRxProtocolDebug(msgType) secdebug("sslLogRxProtocol", \ - "---received protoMsg %s", msgType) - -/* log resumable session info */ -#define sslLogResumSessDebug(args...) secdebug("sslResumSession", ## args) - -/* log low-level session info in appleSession.cpp */ -#define sslLogSessCacheDebug(args...) secdebug("sslSessionCache", ## args) - -/* log record-level I/O (SSLRead, SSLWrite) */ -#define sslLogRecordIo(args...) secdebug("sslRecordIo", ## args) - -/* cert-related info */ -#define sslCertDebug(args...) secdebug("sslCert", ## args) - -/* Diffie-Hellman */ -#define sslDhDebug(args...) secdebug("sslDh", ## args) - -#ifdef NDEBUG - -#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; } -#define SSLLogHdskMsg(msg, sent) - -/* all errors logged to stdout for DEBUG config only */ -#define sslErrorLog(args...) - -#else - -#include "sslAlertMessage.h" - -extern void SSLLogHdskMsg(SSLHandshakeType msg, char sent); -extern char *hdskStateToStr(SSLHandshakeState state); -extern void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState); - -/* all errors logged to stdout for DEBUG config only */ -#define sslErrorLog(args...) printf(args) - -#endif /* NDEBUG */ - -#endif /* _SSL_DEBUG_H_ */ diff --git a/SecureTransport/privateInc/sslDigests.h b/SecureTransport/privateInc/sslDigests.h deleted file mode 100644 index 77f0f686..00000000 --- a/SecureTransport/privateInc/sslDigests.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslDigests.h - - Contains: HashReference declarations - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_DIGESTS_H_ -#define _SSL_DIGESTS_H_ 1 - -#include "cryptType.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * These numbers show up all over the place...might as well hard code 'em once. - */ -#define SSL_MD5_DIGEST_LEN 16 -#define SSL_SHA1_DIGEST_LEN 20 -#define SSL_MAX_DIGEST_LEN 20 - -extern const UInt8 SSLMACPad1[], SSLMACPad2[]; - -extern const HashReference SSLHashNull; -extern const HashReference SSLHashMD5; -extern const HashReference SSLHashSHA1; - -extern OSStatus CloneHashState( - const HashReference &ref, - const SSLBuffer &state, - SSLBuffer &newState, - SSLContext *ctx); -extern OSStatus ReadyHash( - const HashReference &ref, - SSLBuffer &state, - SSLContext *ctx); -extern OSStatus CloseHash( - const HashReference &ref, - SSLBuffer &state, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_DIGESTS_H_ */ diff --git a/SecureTransport/privateInc/sslHandshake.h b/SecureTransport/privateInc/sslHandshake.h deleted file mode 100644 index 0eafc913..00000000 --- a/SecureTransport/privateInc/sslHandshake.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ********************************************************************* - File: sslHandshake.h - SSL Handshake Layer - ****************************************************************** */ - -#ifndef _SSLHANDSHAKE_H_ -#define _SSLHANDSHAKE_H_ - -#include "cryptType.h" -#include "sslRecord.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ SSL_HdskHelloRequest = 0, - SSL_HdskClientHello = 1, - SSL_HdskServerHello = 2, - SSL_HdskCert = 11, - SSL_HdskServerKeyExchange = 12, - SSL_HdskCertRequest = 13, - SSL_HdskServerHelloDone = 14, - SSL_HdskCertVerify = 15, - SSL_HdskClientKeyExchange = 16, - SSL_HdskFinished = 20, - SSL_HdskNoCertAlert = 100 -} SSLHandshakeType; - -typedef enum -{ SSL_read, - SSL_write -} CipherSide; - -typedef enum -{ - SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */ - SSL_HdskStateServerUninit, /* no handshake yet */ - SSL_HdskStateClientUninit, /* no handshake yet */ - SSL_HdskStateGracefulClose, - SSL_HdskStateErrorClose, - SSL_HdskStateNoNotifyClose, /* server disconnected with no - * notify msg */ - /* remainder must be consecutive */ - SSL_HdskStateServerHello, /* must get server hello; client hello sent */ - SSL_HdskStateServerHelloUnknownVersion, - /* Could get SSL 2 or SSL 3 server hello back */ - SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec - * requires it */ - SSL_HdskStateCert, /* may get certificate or certificate - * request (if no cert request received yet) */ - SSL_HdskStateHelloDone, /* must get server hello done; after key - * exchange or fixed DH parameters */ - SSL_HdskStateClientCert, /* must get certificate or no cert alert - * from client */ - SSL_HdskStateClientKeyExchange, /* must get client key exchange */ - SSL_HdskStateClientCertVerify, /* must get certificate verify from client */ - SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */ - SSL_HdskStateFinished, /* must get a finished message in the - * new cipher spec */ - SSL2_HdskStateClientMasterKey, - SSL2_HdskStateClientFinished, - SSL2_HdskStateServerHello, - SSL2_HdskStateServerVerify, - SSL2_HdskStateServerFinished, - SSL_HdskStateServerReady, /* ready for I/O; server side */ - SSL_HdskStateClientReady /* ready for I/O; client side */ -} SSLHandshakeState; - -typedef struct -{ SSLHandshakeType type; - SSLBuffer contents; -} SSLHandshakeMsg; - -#define SSL_Finished_Sender_Server 0x53525652 -#define SSL_Finished_Sender_Client 0x434C4E54 - -/** sslHandshake.c **/ -typedef OSStatus (*EncodeMessageFunc)(SSLRecord &rec, SSLContext *ctx); -OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx); -OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx); -OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx); -OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx); - -/** sslChangeCipher.c **/ -OSStatus SSLEncodeChangeCipherSpec(SSLRecord &rec, SSLContext *ctx); -OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx); -OSStatus SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx); - -/** sslCert.c **/ -OSStatus SSLEncodeCertificate(SSLRecord &certificate, SSLContext *ctx); -OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeCertificateRequest(SSLRecord &request, SSLContext *ctx); -OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeCertificateVerify(SSLRecord &verify, SSLContext *ctx); -OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx); - -/** sslHandshakeHello.c **/ -OSStatus SSLEncodeServerHello(SSLRecord &serverHello, SSLContext *ctx); -OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeClientHello(SSLRecord &clientHello, SSLContext *ctx); -OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx); -OSStatus SSLInitMessageHashes(SSLContext *ctx); - -/** sslKeyExchange.c **/ -OSStatus SSLEncodeServerKeyExchange(SSLRecord &keyExch, SSLContext *ctx); -OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeKeyExchange(SSLRecord &keyExchange, SSLContext *ctx); -OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx); -OSStatus SSLInitPendingCiphers(SSLContext *ctx); - -/** sslHandshakeFinish.c **/ -OSStatus SSLEncodeFinishedMessage(SSLRecord &finished, SSLContext *ctx); -OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeServerHelloDone(SSLRecord &helloDone, SSLContext *ctx); -OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx); -OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLHANDSHAKE_H_ */ diff --git a/SecureTransport/privateInc/sslKeychain.h b/SecureTransport/privateInc/sslKeychain.h deleted file mode 100644 index a01f83ed..00000000 --- a/SecureTransport/privateInc/sslKeychain.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslKeychain.h - - Contains: Apple Keychain routines - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_KEYCHAIN_H_ -#define _SSL_KEYCHAIN_H_ - - -#include "sslContext.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given an array of certs (as KCItemRefs) and a destination - * SSLCertificate: - * - * -- free destCerts if we have any - * -- Get raw cert data, convert to array of SSLCertificates in *destCert - * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey - * -- validate cert chain - * - */ -OSStatus -parseIncomingCerts( - SSLContext *ctx, - CFArrayRef certs, - SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */ - CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */ - SecKeyRef *privKeyRef); /* &ctx->signingPrivKeyRef, etc. */ - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_KEYCHAIN_H_ */ \ No newline at end of file diff --git a/SecureTransport/privateInc/sslMemory.h b/SecureTransport/privateInc/sslMemory.h deleted file mode 100644 index f978c037..00000000 --- a/SecureTransport/privateInc/sslMemory.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslMemory.h - - Contains: memory allocator declarations - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSLMEMORY_H_ -#define _SSLMEMORY_H_ 1 - -#include "sslContext.h" -#include "sslPriv.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * General purpose allocators - */ -void *sslMalloc(UInt32 length); -void sslFree(void *p); -void *sslRealloc(void *oldPtr, UInt32 oldLen, UInt32 newLen); - -/* - * SSLBuffer-oriented allocators - */ -OSStatus SSLAllocBuffer(SSLBuffer &buf, UInt32 length, const SSLContext *ctx); -OSStatus SSLFreeBuffer(SSLBuffer &buf, const SSLContext *ctx); -OSStatus SSLReallocBuffer(SSLBuffer &buf, UInt32 newSize, const SSLContext *ctx); - -/* - * Convenience routines - */ -UInt8 *sslAllocCopy(const UInt8 *src, UInt32 len); -OSStatus SSLAllocCopyBuffer( - const SSLBuffer &src, - SSLBuffer **dst); // buffer itself and data mallocd and returned -OSStatus SSLCopyBufferFromData( - const void *src, - UInt32 len, - SSLBuffer &dst); // data mallocd and returned -OSStatus SSLCopyBuffer( - const SSLBuffer &src, - SSLBuffer &dst); // dataÊmallocd and returned - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/SecureTransport/privateInc/sslPriv.h b/SecureTransport/privateInc/sslPriv.h deleted file mode 100644 index 35455959..00000000 --- a/SecureTransport/privateInc/sslPriv.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslPriv.h - - Contains: Misc. private SSL typedefs - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SSL_PRIV_H_ -#define _SSL_PRIV_H_ 1 - -#include -#include "sslBuildFlags.h" -#include "SecureTransportPriv.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* Diffie-Hellman support */ -#define APPLE_DH 1 - -/* - * For ease of porting, we'll keep this around for internal use. - * It's used extensively; eventually we'll convert over to - * CFData, as in the public API. - */ -typedef struct -{ UInt32 length; - UInt8 *data; -} SSLBuffer; - -/* - * We can make this more Mac-like as well... - */ -typedef struct -{ UInt32 high; - UInt32 low; -} sslUint64; - -/* - * Not exposed in public API - */ -typedef enum -{ SSL_ServerSide = 1, - SSL_ClientSide = 2 -} SSLProtocolSide; - -typedef enum -{ - /* This value never appears in the actual protocol */ - SSL_Version_Undetermined = 0, - /* actual protocol values */ - SSL_Version_2_0 = 0x0002, - SSL_Version_3_0 = 0x0300, - TLS_Version_1_0 = 0x0301 /* TLS 1.0 == SSL 3.1 */ -} SSLProtocolVersion; - -/* - * Clients see an opaque SSLContextRef; internal code uses the - * following typedef. - */ -typedef struct SSLContext SSLContext; - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_PRIV_H */ diff --git a/SecureTransport/privateInc/sslRecord.h b/SecureTransport/privateInc/sslRecord.h deleted file mode 100644 index 8b701617..00000000 --- a/SecureTransport/privateInc/sslRecord.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ********************************************************************* - File: sslRecord.h - SSL Record Layer - ****************************************************************** */ - -#ifndef _SSLRECORD_H_ -#define _SSLRECORD_H_ 1 - -#include "sslPriv.h" - -#ifdef __cplusplus -extern "C" { -#endif - -enum -{ SSL_RecordTypeV2_0, - SSL_RecordTypeV3_Smallest = 20, - SSL_RecordTypeChangeCipher = 20, - SSL_RecordTypeAlert = 21, - SSL_RecordTypeHandshake = 22, - SSL_RecordTypeAppData = 23, - SSL_RecordTypeV3_Largest = 23 -}; - -typedef struct -{ UInt8 contentType; - SSLProtocolVersion protocolVersion; - SSLBuffer contents; -} SSLRecord; - -/* - * Slightly smaller that 16384 to make room for a MAC in an SSL 2.0 - * 3-byte header record - */ -#define MAX_RECORD_LENGTH 16300 - -#define DEFAULT_BUFFER_SIZE 4096 - -OSStatus SSLReadRecord( - SSLRecord &rec, - SSLContext *ctx); - -OSStatus SSLVerifyMac( - UInt8 type, - SSLBuffer &data, - UInt8 *compareMAC, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLRECORD_H_ */ diff --git a/SecureTransport/privateInc/sslSession.h b/SecureTransport/privateInc/sslSession.h deleted file mode 100644 index e29c6c87..00000000 --- a/SecureTransport/privateInc/sslSession.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ********************************************************************* - File: sslSession.h - SSL Session Interface - *********************************************************************/ - -#ifndef _SSLSESSION_H_ -#define _SSLSESSION_H_ 1 - -#define SSL_SESSION_ID_LEN 16 /* 16 <= SSL_SESSION_ID_LEN <= 32 */ - -#ifdef __cplusplus -extern "C" { -#endif - -OSStatus SSLAddSessionData( - const SSLContext *ctx); -OSStatus SSLGetSessionData( - SSLBuffer *sessionData, - const SSLContext *ctx); -OSStatus SSLDeleteSessionData( - const SSLContext *ctx); -OSStatus SSLRetrieveSessionID( - const SSLBuffer sessionData, - SSLBuffer *identifier, - const SSLContext *ctx); -OSStatus SSLRetrieveSessionProtocolVersion( - const SSLBuffer sessionData, - SSLProtocolVersion *version, - const SSLContext *ctx); -OSStatus SSLInstallSessionFromData( - const SSLBuffer sessionData, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLSESSION_H_ */ diff --git a/SecureTransport/privateInc/sslUtils.h b/SecureTransport/privateInc/sslUtils.h deleted file mode 100644 index c033c9af..00000000 --- a/SecureTransport/privateInc/sslUtils.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - - /************************************************************ - File: sslUtils.h - ************************************************************/ - -#ifndef _SSLUTILS_H_ -#define _SSLUTILS_H_ 1 - -#include "SecureTransport.h" -#include "sslPriv.h" - -#ifdef __cplusplus -extern "C" { -#endif - -UInt32 SSLDecodeInt( - const unsigned char *p, - int length); -unsigned char *SSLEncodeInt( - unsigned char *p, - UInt32 value, - int length); -UInt8* SSLEncodeUInt64( - UInt8 *p, - sslUint64 value); -void IncrementUInt64( - sslUint64 *v); - -UInt32 SSLGetCertificateChainLength( - const SSLCertificate *c); -Boolean sslIsSessionActive( - const SSLContext *ctx); -OSStatus sslDeleteCertificateChain( - SSLCertificate *certs, - SSLContext *ctx); - -OSStatus sslTime( - UInt32 *tim); - -#if SSL_DEBUG -extern const char *protocolVersStr( - SSLProtocolVersion prot); -#endif - -/* - * Redirect SSLBuffer-based I/O call to user-supplied I/O. - */ -OSStatus sslIoRead( - SSLBuffer buf, - UInt32 *actualLength, - SSLContext *ctx); - -OSStatus sslIoWrite( - SSLBuffer buf, - UInt32 *actualLength, - SSLContext *ctx); - -/* - * Common RNG function. - */ -OSStatus sslRand( - SSLContext *ctx, - SSLBuffer *buf); - -OSStatus sslVerifyProtVersion( - SSLContext *ctx, - SSLProtocolVersion peerVersion, - SSLProtocolVersion *negVersion); - -OSStatus sslGetMaxProtVersion( - SSLContext *ctx, - SSLProtocolVersion *version); // RETURNED - -#define SET_SSL_BUFFER(buf, d, l) do { (buf).data = (d); (buf).length = (l); } while (0) - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/SecureTransport/privateInc/symCipher.h b/SecureTransport/privateInc/symCipher.h deleted file mode 100644 index 80212283..00000000 --- a/SecureTransport/privateInc/symCipher.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: symCipher.h - - Contains: CDSA-based symmetric cipher module - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _SYM_CIPHER_H_ -#define _SYM_CIPHER_H_ - -#include "sslContext.h" -#include "cryptType.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * All symmetric cipher logic goes thru these same four routines, on the - * way down to CDSA - */ -OSStatus CDSASymmInit( - uint8 *key, - uint8* iv, - CipherContext *cipherCtx, - SSLContext *ctx); -OSStatus CDSASymmEncrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx); -OSStatus CDSASymmDecrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx); -OSStatus CDSASymmFinish( - CipherContext *cipherCtx, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SYM_CIPHER_H_ */ diff --git a/SecureTransport/privateInc/tls_hmac.h b/SecureTransport/privateInc/tls_hmac.h deleted file mode 100644 index 26b28d78..00000000 --- a/SecureTransport/privateInc/tls_hmac.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: tls_hmac.h - - Contains: Declarations of HMAC routines used by TLS - - Written by: Doug Mitchell -*/ - -#ifndef _TLS_HMAC_H_ -#define _TLS_HMAC_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ssl.h" -#include "sslPriv.h" - -/* forward declaration of HMAC object */ -struct HMACReference; - -/* Opaque reference to an HMAC session context */ -struct HMACContext; -typedef struct HMACContext *HMACContextRef; - -/* The HMAC algorithms we support */ -typedef enum { - HA_Null = 0, // i.e., uninitialized - HA_SHA1, - HA_MD5 -} HMAC_Algs; - -/* For convenience..the max size of HMAC, in bytes, this module will ever return */ -#define TLS_HMAC_MAX_SIZE 20 - -/* Create an HMAC session */ -typedef OSStatus (*HMAC_AllocFcn) ( - const struct HMACReference *hmac, - SSLContext *ctx, - const void *keyPtr, - unsigned keyLen, - HMACContextRef *hmacCtx); // RETURNED - -/* Free a session */ -typedef OSStatus (*HMAC_FreeFcn) ( - HMACContextRef hmacCtx); - -/* Reusable init, using same key */ -typedef OSStatus (*HMAC_InitFcn) ( - HMACContextRef hmacCtx); - -/* normal crypt ops */ -typedef OSStatus (*HMAC_UpdateFcn) ( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen); - -typedef OSStatus (*HMAC_FinalFcn) ( - HMACContextRef hmacCtx, - void *hmac, // mallocd by caller - unsigned *hmacLen); // IN/OUT - -/* one-shot */ -typedef OSStatus (*HMAC_HmacFcn) ( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen, - void *hmac, // mallocd by caller - unsigned *hmacLen); // IN/OUT - -typedef struct HMACReference { - UInt32 macSize; - HMAC_Algs alg; - HMAC_AllocFcn alloc; - HMAC_FreeFcn free; - HMAC_InitFcn init; - HMAC_UpdateFcn update; - HMAC_FinalFcn final; - HMAC_HmacFcn hmac; -} HMACReference; - -extern const HMACReference TlsHmacNull; -extern const HMACReference TlsHmacSHA1; -extern const HMACReference TlsHmacMD5; - -#ifdef __cplusplus -} -#endif -#endif /* _TLS_HMAC_H_ */ \ No newline at end of file diff --git a/SecureTransport/privateInc/tls_ssl.h b/SecureTransport/privateInc/tls_ssl.h deleted file mode 100644 index 01e3fa74..00000000 --- a/SecureTransport/privateInc/tls_ssl.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: tls_ssl.h - - Contains: Declarations of callout struct to provide indirect calls to - SSLv3 and TLS routines. - - Written by: Doug Mitchell -*/ - -#ifndef _TLS_SSL_H_ -#define _TLS_SSL_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ssl.h" -#include "sslPriv.h" -#include "sslContext.h" -#include "sslRecord.h" -#include "cryptType.h" - -/*** - *** Each of {TLS, SSLv3} implements each of these functions. - ***/ - -/* unpack, decrypt, validate one record */ -typedef OSStatus (*decryptRecordFcn) ( - UInt8 type, - SSLBuffer *payload, - SSLContext *ctx); - -/* pack, encrypt, mac, queue one outgoing record */ -typedef OSStatus (*writeRecordFcn) ( - SSLRecord rec, - SSLContext *ctx); - -/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ -typedef OSStatus (*initMacFcn) ( - CipherContext *cipherCtx, // macRef, macSecret valid on entry - // macCtx valid on return - SSLContext *ctx); - -/* free per-CipherContext HashHmacContext */ -typedef OSStatus (*freeMacFcn) ( - CipherContext *cipherCtx); - -/* compute MAC on one record */ -typedef OSStatus (*computeMacFcn) ( - UInt8 type, - SSLBuffer data, - SSLBuffer mac, // caller mallocs data - CipherContext *cipherCtx, // assumes macCtx, macRef - sslUint64 seqNo, - SSLContext *ctx); - -typedef OSStatus (*generateKeyMaterialFcn) ( - SSLBuffer key, // caller mallocs and specifies length of - // required key material here - SSLContext *ctx); - -typedef OSStatus (*generateExportKeyAndIvFcn) ( - SSLContext *ctx, // clientRandom, serverRandom valid - const SSLBuffer clientWriteKey, - const SSLBuffer serverWriteKey, - SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalClientIV, // RETURNED, mallocd by caller - SSLBuffer finalServerIV); // RETURNED, mallocd by caller - -/* - * On entry: clientRandom, serverRandom, preMasterSecret valid - * On return: masterSecret valid - */ -typedef OSStatus (*generateMasterSecretFcn) ( - SSLContext *ctx); - -typedef OSStatus (*computeFinishedMacFcn) ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState, // ditto - Boolean isServer); - -typedef OSStatus (*computeCertVfyMacFcn) ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState); // ditto - -typedef struct _SslTlsCallouts { - decryptRecordFcn decryptRecord; - writeRecordFcn writeRecord; - initMacFcn initMac; - freeMacFcn freeMac; - computeMacFcn computeMac; - generateKeyMaterialFcn generateKeyMaterial; - generateExportKeyAndIvFcn generateExportKeyAndIv; - generateMasterSecretFcn generateMasterSecret; - computeFinishedMacFcn computeFinishedMac; - computeCertVfyMacFcn computeCertVfyMac; -} SslTlsCallouts; - -/* From ssl3Callouts.c and tls1Callouts.c */ -extern const SslTlsCallouts Ssl3Callouts; -extern const SslTlsCallouts Tls1Callouts; - -/* one callout routine used in common (for now) */ -OSStatus ssl3WriteRecord( - SSLRecord rec, - SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _TLS_SSL_H_ */ diff --git a/SecureTransport/secureTransport.exp b/SecureTransport/secureTransport.exp deleted file mode 100644 index 81f5155b..00000000 --- a/SecureTransport/secureTransport.exp +++ /dev/null @@ -1,21 +0,0 @@ -_SSLNewContext -_SSLDisposeContext -_SSLGetSessionState -_SSLSetIOFuncs -_SSLSetProtocolVersion -_SSLGetProtocolVersion -_SSLSetProtocolVersionEnabled -_SSLGetProtocolVersionEnabled -_SSLSetConnection -_SSLGetNegotiatedProtocolVersion -_SSLSetAllowsExpiredCerts -_SSLGetAllowsExpiredCerts -_SSLSetAllowsAnyRoot -_SSLGetAllowsAnyRoot -_SSLGetPeerCertificates -_SSLSetPeerID -_SSLGetNegotiatedCipher -_SSLHandshake -_SSLWrite -_SSLRead -_SSLClose diff --git a/SecureTransport/securetransport++.cpp b/SecureTransport/securetransport++.cpp deleted file mode 100644 index 18626b0b..00000000 --- a/SecureTransport/securetransport++.cpp +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// securetransport++ - C++ interface to Apple's Secure Transport layer -// -#include "securetransport++.h" -#include - - -namespace Security { -namespace IPPlusPlus { - - -// -// Construct a core object. -// This creates the Context object and sets the I/O functions. -// -SecureTransportCore::SecureTransportCore() : mAtEnd(false) -{ - MacOSError::check(SSLNewContext(false, &mContext)); - try { - MacOSError::check(SSLSetIOFuncs(mContext, sslReadFunc, sslWriteFunc)); - MacOSError::check(SSLSetConnection(mContext, this)); - secdebug("ssl", "%p constructed", this); - } catch (...) { - SSLDisposeContext(mContext); - throw; - } -} - - -// -// On destruction, we force a close and destroy the Context. -// -SecureTransportCore::~SecureTransportCore() -{ - SSLDisposeContext(mContext); // ignore error (can't do anything if error) - secdebug("ssl", "%p destroyed", this); -} - - -// -// Open initiates or continues the SSL handshake. -// In nonblocking mode, open may return while handshake is still in -// Progress. Keep calling open until state() != errSSLWouldBlock, or -// go directly to I/O. -// -void SecureTransportCore::open() -{ - switch (OSStatus err = SSLHandshake(mContext)) { - case noErr: - case errSSLWouldBlock: - secdebug("ssl", "%p open, state=%d", this, state()); - return; - default: - MacOSError::throwMe(err); - } -} - - -// -// Close the SSL layer if needed. -// Note that this does nothing to the underlying I/O layer. -// -void SecureTransportCore::close() -{ - switch (state()) { - case kSSLHandshake: - case kSSLConnected: - secdebug("ssl", "%p closed", this); - SSLClose(mContext); - break; - default: - break; - } -} - - -// -// Read bytes from the SSL layer. This is the standard FileDescoid -// read function. -// Note that if the connection is still handshaking, handshake will proceed -// and no bytes will be read (yet). -// -size_t SecureTransportCore::read(void *data, size_t length) -{ - if (continueHandshake()) - return 0; - UInt32 bytesRead; - switch (OSStatus err = SSLRead(mContext, data, length, &bytesRead)) { - case noErr: // full read - case errSSLWouldBlock: // partial read - return bytesRead; // (may be zero in non-blocking scenarios) - case errSSLClosedGraceful: // means end-of-data, but we may still return some - case errSSLClosedNoNotify: // peer closed abruptly (not sending SSL layer shutdown) - if (bytesRead == 0) - mAtEnd = true; // no more data - set final end-of-data flag - return bytesRead; - default: - MacOSError::throwMe(err); - } -} - - -// -// Write bytes to the SSL layer. This is the standard FileDescoid write function. -// Note that if the connection is still handshaking, handshake will proceed -// and no bytes will be written (yet). -// -size_t SecureTransportCore::write(const void *data, size_t length) -{ - if (continueHandshake()) - return 0; - UInt32 bytesWritten; - switch (OSStatus err = SSLWrite(mContext, data, length, &bytesWritten)) { - case noErr: - return bytesWritten; - case errSSLWouldBlock: - return 0; // no data, no error, no fuss - default: - MacOSError::throwMe(err); - } -} - - -// -// Continue handshake processing if necessary. -// Returns true if handshake is in Progress and not yet complete. -// -bool SecureTransportCore::continueHandshake() -{ - if (state() == kSSLHandshake) { - // still in handshake mode; prod it along - secdebug("ssl", "%p continuing handshake", this); - switch (OSStatus err = SSLHandshake(mContext)) { - case noErr: - case errSSLWouldBlock: - break; - default: - MacOSError::throwMe(err); - } - IFDEBUG(if (state() != kSSLHandshake) secdebug("ssl", "%p handshake complete", this)); - return state() == kSSLHandshake; - } else - return false; -} - - -// -// State access methods -// -SSLSessionState SecureTransportCore::state() const -{ - SSLSessionState state; - MacOSError::check(SSLGetSessionState(mContext, &state)); - return state; -} - -SSLProtocol SecureTransportCore::version() const -{ - SSLProtocol version; - MacOSError::check(SSLGetProtocolVersion(mContext, &version)); - return version; -} - -void SecureTransportCore::version(SSLProtocol version) -{ - MacOSError::check(SSLSetProtocolVersion(mContext, version)); -} - -UInt32 SecureTransportCore::numSupportedCiphers() const -{ - UInt32 numCiphers; - MacOSError::check(SSLGetNumberSupportedCiphers(mContext, &numCiphers)); - return numCiphers; -} - -void SecureTransportCore::supportedCiphers( - SSLCipherSuite *ciphers, - UInt32 &numCiphers) const -{ - MacOSError::check(SSLGetSupportedCiphers(mContext, ciphers, &numCiphers)); -} - -UInt32 SecureTransportCore::numEnabledCiphers() const -{ - UInt32 numCiphers; - MacOSError::check(SSLGetNumberEnabledCiphers(mContext, &numCiphers)); - return numCiphers; -} - -void SecureTransportCore::enabledCiphers( - SSLCipherSuite *ciphers, - UInt32 &numCiphers) const -{ - MacOSError::check(SSLGetEnabledCiphers(mContext, ciphers, &numCiphers)); -} - -void SecureTransportCore::enabledCiphers( - SSLCipherSuite *ciphers, - UInt32 numCiphers) -{ - MacOSError::check(SSLSetEnabledCiphers(mContext, ciphers, numCiphers)); -} - -bool SecureTransportCore::allowsExpiredCerts() const -{ - Boolean allow; - MacOSError::check(SSLGetAllowsExpiredCerts(mContext, &allow)); - return allow; -} - -void SecureTransportCore::allowsExpiredCerts(bool allow) -{ - MacOSError::check(SSLSetAllowsExpiredCerts(mContext, allow)); -} - -bool SecureTransportCore::allowsUnknownRoots() const -{ - Boolean allow; - MacOSError::check(SSLGetAllowsAnyRoot(mContext, &allow)); - return allow; -} - -void SecureTransportCore::allowsUnknownRoots(bool allow) -{ - MacOSError::check(SSLSetAllowsAnyRoot(mContext, allow)); -} - -void SecureTransportCore::peerId(const void *id, size_t length) -{ - MacOSError::check(SSLSetPeerID(mContext, id, length)); -} - - -// -// Implement SecureTransport's read/write transport functions. -// Note that this API is very un-UNIX in that error codes (errSSLClosedGraceful, errSSLWouldBlock) -// are returned even though data has been produced. -// -OSStatus SecureTransportCore::sslReadFunc(SSLConnectionRef connection, - void *data, UInt32 *length) -{ - const SecureTransportCore *stc = reinterpret_cast(connection); - try { - size_t lengthRequested = *length; - *length = stc->ioRead(data, lengthRequested); - secdebug("sslconio", "%p read %ld of %ld bytes", stc, *length, lengthRequested); - if (*length == lengthRequested) // full deck - return noErr; - else if (stc->ioAtEnd()) { - secdebug("sslconio", "%p end of source input, returning %ld bytes", - stc, *length); - return errSSLClosedGraceful; - } else - return errSSLWouldBlock; - } catch (const UnixError &err) { - *length = 0; - if (err.error == ECONNRESET) - return errSSLClosedGraceful; - throw; - } catch (const CssmCommonError &err) { - *length = 0; - return err.osStatus(); - } catch (...) { - *length = 0; - return -1; //@@@ generic internal error? - } -} - -OSStatus SecureTransportCore::sslWriteFunc(SSLConnectionRef connection, - const void *data, UInt32 *length) -{ - const SecureTransportCore *stc = reinterpret_cast(connection); - try { - size_t lengthRequested = *length; - *length = stc->ioWrite(data, lengthRequested); - secdebug("sslconio", "%p wrote %ld of %ld bytes", stc, *length, lengthRequested); - return *length == lengthRequested ? OSStatus(noErr) : OSStatus(errSSLWouldBlock); - } catch (const CssmCommonError &err) { - *length = 0; - return err.osStatus(); - } catch (...) { - *length = 0; - return -1; //@@@ generic internal error? - } -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/SecureTransport/securetransport++.h b/SecureTransport/securetransport++.h deleted file mode 100644 index 69bb8d03..00000000 --- a/SecureTransport/securetransport++.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// securetransport++ - C++ interface to Apple's Secure Transport layer -// -#ifndef _H_SECURETRANSPORTPLUSPLUS -#define _H_SECURETRANSPORTPLUSPLUS - -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -// -// The common-code core of a SecureTransport context and session. -// Abstract - do not use directly. -// -class SecureTransportCore { -public: - SecureTransportCore(); - virtual ~SecureTransportCore(); - - void open(); // open SSL (but not underlying I/O) - void close(); // close SSL (but not underlying I/O) - - SSLSessionState state() const; - - SSLProtocol version() const; - void version(SSLProtocol v); - - UInt32 numSupportedCiphers() const; - void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; - - UInt32 numEnabledCiphers() const; - void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get - void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set - - bool allowsExpiredCerts() const; - void allowsExpiredCerts(bool allow); - - bool allowsUnknownRoots() const; - void allowsUnknownRoots(bool allow); - - void peerId(const void *data, size_t length); - template void peerId(const T &obj) { peerId(&obj, sizeof(obj)); } - - size_t read(void *data, size_t length); - size_t write(const void *data, size_t length); - bool atEnd() const { return mAtEnd; } - -protected: - virtual size_t ioRead(void *data, size_t length) const = 0; - virtual size_t ioWrite(const void *data, size_t length) const = 0; - virtual bool ioAtEnd() const = 0; - -private: - static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *); - static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *); - - bool continueHandshake(); - -private: - SSLContextRef mContext; // SecureTransport session/context object - bool mAtEnd; // end-of-data flag derived from last SSLRead -}; - - -// -// This is what you use. The constructor argument is a FileDescoid object -// of some kind, such as a FileDesc, Socket, etc. -// Note that SecureTransport is in turn a FileDescoid object, so you can read/write -// it in the usual fashion, and it will in turn read/write cipher data from its I/O source. -// -template -class SecureTransport : public SecureTransportCore { -public: - SecureTransport(IO &ioRef) : io(ioRef) { } - ~SecureTransport() { close(); } - - IO &io; - -private: - size_t ioRead(void *data, size_t length) const { return io.read(data, length); } - size_t ioWrite(const void *data, size_t length) const { return io.write(data, length); } - bool ioAtEnd() const { return io.atEnd(); } -}; - - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif //_H_SECURETRANSPORTPLUSPLUS diff --git a/SecureTransport/ssl2CipherMap.cpp b/SecureTransport/ssl2CipherMap.cpp deleted file mode 100644 index e45807f9..00000000 --- a/SecureTransport/ssl2CipherMap.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/************************************************************************* - File: ssl2CipherMap.cpp Maps SSL 2 cipher kinds to SSL 3 cipher suites - *************************************************************************/ - -#include "sslContext.h" -#include "cryptType.h" - -const SSLCipherMapping SSL2CipherMap[] = -{ { SSL2_RC4_128_WITH_MD5, SSL_RSA_WITH_RC4_128_MD5 }, - { SSL2_RC4_128_EXPORT_40_WITH_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5 }, - { SSL2_RC2_128_CBC_WITH_MD5, SSL_RSA_WITH_RC2_CBC_MD5 }, - { SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 }, - { SSL2_IDEA_128_CBC_WITH_MD5, SSL_RSA_WITH_IDEA_CBC_MD5 }, - { SSL2_DES_64_CBC_WITH_MD5, SSL_RSA_WITH_DES_CBC_MD5 }, - { SSL2_DES_192_EDE3_CBC_WITH_MD5, SSL_RSA_WITH_3DES_EDE_CBC_MD5} -}; - -const unsigned SSL2CipherMapCount = sizeof(SSL2CipherMap) / sizeof(SSLCipherMapping); diff --git a/SecureTransport/ssl2Message.cpp b/SecureTransport/ssl2Message.cpp deleted file mode 100644 index 061e3da5..00000000 --- a/SecureTransport/ssl2Message.cpp +++ /dev/null @@ -1,768 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include "ssl.h" -#include "ssl2.h" -#include "sslRecord.h" -#include "sslMemory.h" -#include "sslContext.h" -#include "sslAlertMessage.h" -#include "sslHandshake.h" -#include "sslSession.h" -#include "sslDebug.h" -#include "cipherSpecs.h" -#include "appleCdsa.h" -#include "sslUtils.h" - -#include -#include - -OSStatus -SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx) -{ OSStatus err; - UInt8 *charPtr, *cipherList; - unsigned i, j, cipherKindCount, sessionIDLen, challengeLen; - SSL2CipherKind cipherKind; - SSLCipherSuite matchingCipher, selectedCipher; - SSLProtocolVersion negVersion; - - if (msg.length < 27) { - sslErrorLog("SSL2ProcessClientHello: msg len error 1\n"); - return errSSLProtocol; - } - - charPtr = msg.data; - - ctx->clientReqProtocol = (SSLProtocolVersion)SSLDecodeInt(charPtr, 2); - err = sslVerifyProtVersion(ctx, ctx->clientReqProtocol, &negVersion); - if(err) { - return err; - } - - /* - * Note we can be here, processing a v2 client hello, even if - * we don't support SSL2. That can happen if the client is - * sending a v2 hello with an attempt to upgrade. - */ - if (ctx->negProtocolVersion == SSL_Version_Undetermined) { - #ifndef NDEBUG - sslLogNegotiateDebug("===SSL2 server: negVersion was undetermined; " - "is %s", protocolVersStr(negVersion)); - #endif - ctx->negProtocolVersion = negVersion; - if(negVersion >= TLS_Version_1_0) { - ctx->sslTslCalls = &Tls1Callouts; - } - else { - /* default from context init */ - assert(ctx->sslTslCalls == &Ssl3Callouts); - } - } - - charPtr += 2; - cipherKindCount = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if (cipherKindCount % 3 != 0) { - sslErrorLog("SSL2ProcessClientHello: cipherKindCount error\n"); - return errSSLProtocol; - } - cipherKindCount /= 3; - sessionIDLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - challengeLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - - if (msg.length != 8 + 3*cipherKindCount + sessionIDLen + challengeLen || - (sessionIDLen != 0 && sessionIDLen != 16) || - challengeLen < 16 || challengeLen > 32 ) { - sslErrorLog("SSL2ProcessClientHello: msg len error 2\n"); - return errSSLProtocol; - } - cipherList = charPtr; - selectedCipher = SSL_NO_SUCH_CIPHERSUITE; - - assert(ctx->negProtocolVersion >= SSL_Version_2_0); // i.e., not undetermined - if (ctx->negProtocolVersion >= SSL_Version_3_0) { - /* If we're negotiating an SSL 3.0 session, use SSL 3.0 suites first */ - for (i = 0; i < cipherKindCount; i++) { - cipherKind = (SSL2CipherKind)SSLDecodeInt(charPtr, 3); - charPtr += 3; - if (selectedCipher != SSL_NO_SUCH_CIPHERSUITE) - continue; - if ((((UInt32)cipherKind) & 0xFF0000) != 0) - continue; /* Skip SSL 2 suites */ - matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF); - for (j = 0; jnumValidCipherSpecs; j++) { - if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) { - selectedCipher = matchingCipher; - break; - } - } /* searching thru all our valid ciphers */ - } /* for each client cipher */ - } /* v3 or greater */ - - if(selectedCipher == SSL_NO_SUCH_CIPHERSUITE) { - /* try again using SSL2 ciphers only */ - charPtr = cipherList; - for (i = 0; i < cipherKindCount; i++) { - cipherKind = (SSL2CipherKind)SSLDecodeInt(charPtr, 3); - charPtr += 3; - if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) { - /* After we find one, just keep advancing ptr past - * the unused ones */ - if ((((UInt32)cipherKind) & 0xFF0000) != 0) { - /* If it's a real SSL2 spec, look for it in the list */ - matchingCipher = SSL_NO_SUCH_CIPHERSUITE; - for (j = 0; j < SSL2CipherMapCount; j++) { - if (cipherKind == SSL2CipherMap[j].cipherKind) { - matchingCipher = SSL2CipherMap[j].cipherSuite; - break; - } - } - } /* real 3-byte SSL2 suite */ - else { - /* if the first byte is zero, it's an encoded SSL 3 CipherSuite */ - matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF); - /* - * One more restriction - if we've negotiated a v2 session, - * ignore this matching cipher if it's not in the SSL2 map. - */ - if(ctx->negProtocolVersion < SSL_Version_3_0) { - int isInMap = 0; - for (j = 0; j < SSL2CipherMapCount; j++) { - if (matchingCipher == SSL2CipherMap[j].cipherSuite) { - isInMap = 1; - break; - } - } - if(!isInMap) { - /* Sorry, no can do */ - matchingCipher = SSL_NO_SUCH_CIPHERSUITE; - } - } /* SSL2 check */ - } /* two-byte suite */ - - /* now see if we are enabled for this cipher */ - if (matchingCipher != SSL_NO_SUCH_CIPHERSUITE) { - for (j = 0; j < ctx->numValidCipherSpecs; j++) { - if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) { - selectedCipher = matchingCipher; - break; - } - } - } - } /* not ignoring this suite */ - } /* for each suite in the hello msg */ - } /* not found in SSL3 ciphersuites */ - - if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) - return errSSLNegotiation; - - ctx->selectedCipher = selectedCipher; - err = FindCipherSpec(ctx); - if(err != 0) { - return err; - } - if (sessionIDLen > 0 && ctx->peerID.data != 0) - { /* Don't die on error; just treat it as an uncacheable session */ - err = SSLAllocBuffer(ctx->sessionID, sessionIDLen, ctx); - if (err == 0) - memcpy(ctx->sessionID.data, charPtr, sessionIDLen); - } - charPtr += sessionIDLen; - - ctx->ssl2ChallengeLength = challengeLen; - memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE); - memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - challengeLen, - charPtr, challengeLen); - charPtr += challengeLen; - assert(charPtr == msg.data + msg.length); - - return noErr; -} - -/* - * The SSL v2 spec says that the challenge string sent by the client can be - * between 16 and 32 bytes. However all Netscape enterprise servers actually - * require a 16 byte challenge. Q.v. cdnow.com, store.apple.com. - * Unfortunately this means that when we're trying to do an - * SSL2 hello with possible upgrade, we have to limit ourself to a - * 16-byte clientRandom, which we have to concatenate to 16 bytes of zeroes - * if we end up with a 3.0 or 3.1 connection. Thus we lose 16 bytes of entropy. - */ -#define SSL2_CHALLENGE_LEN 16 - -OSStatus -SSL2EncodeClientHello(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - UInt8 *charPtr; - unsigned i, j; - int useSSL3Ciphers = 0; - int totalCipherCount; - int sessionIDLen; - UInt16 version; - SSLBuffer sessionIdentifier, randomData; - SSLProtocolVersion maxVersion; - - assert(ctx->versionSsl2Enable); - err = sslGetMaxProtVersion(ctx, &maxVersion); - if(err) { - /* we don't have a protocol enabled */ - return err; - } - version = maxVersion; - if(version > SSL_Version_2_0) { - /* see if server can handle upgrading */ - useSSL3Ciphers = 1; - } - - #ifndef NDEBUG - sslLogNegotiateDebug("===SSL client: proclaiming %s capable", - protocolVersStr((SSLProtocolVersion)version)); - #endif - - if (useSSL3Ciphers != 0) - totalCipherCount = ctx->numValidCipherSpecs; - else - totalCipherCount = 0; - - for (i = 0; i < SSL2CipherMapCount; i++) - for (j = 0; j < ctx->numValidCipherSpecs; j++) - if (ctx->validCipherSpecs[j].cipherSpec == SSL2CipherMap[i].cipherSuite) - { totalCipherCount++; - break; - } - - if(totalCipherCount == 0) { - sslErrorLog("SSL2EncodeClientHello: no valid ciphers for SSL2"); - return errSSLBadConfiguration; - } - sessionIDLen = 0; - sessionIdentifier.data = 0; - if (ctx->resumableSession.data != 0) - { if ((err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) - return err; - sessionIDLen = sessionIdentifier.length; - } - - /* msg length = 9 + 3 * totalCipherCount + sessionIDLen + 16 bytes of challenge - * Use exactly 16 bytes of challenge because Netscape products have a bug - * that requires this length - */ - if ((err = SSLAllocBuffer(msg, 9 + (3*totalCipherCount) + sessionIDLen + - SSL2_CHALLENGE_LEN, ctx)) != 0) - { SSLFreeBuffer(sessionIdentifier, ctx); - return err; - } - - charPtr = msg.data; - *charPtr++ = SSL2_MsgClientHello; - charPtr = SSLEncodeInt(charPtr, version, 2); - charPtr = SSLEncodeInt(charPtr, 3*totalCipherCount, 2); - charPtr = SSLEncodeInt(charPtr, sessionIDLen, 2); - charPtr = SSLEncodeInt(charPtr, SSL2_CHALLENGE_LEN, 2); - - /* If we can send SSL3 ciphers, encode the two-byte cipher specs into three-byte - * CipherKinds which have a leading 0. - */ - if (useSSL3Ciphers != 0) - for (i = 0; i < ctx->numValidCipherSpecs; i++) - charPtr = SSLEncodeInt(charPtr, ctx->validCipherSpecs[i].cipherSpec, 3); - - /* Now send those SSL2 specs for which we have implementations */ - for (i = 0; i < SSL2CipherMapCount; i++) - for (j = 0; j < ctx->numValidCipherSpecs; j++) - if (ctx->validCipherSpecs[j].cipherSpec == SSL2CipherMap[i].cipherSuite) - { charPtr = SSLEncodeInt(charPtr, SSL2CipherMap[i].cipherKind, 3); - break; - } - - if (sessionIDLen > 0) - { memcpy(charPtr, sessionIdentifier.data, sessionIDLen); - charPtr += sessionIDLen; - SSLFreeBuffer(sessionIdentifier, ctx); - } - - randomData.data = charPtr; - randomData.length = SSL2_CHALLENGE_LEN; - if ((err = sslRand(ctx, &randomData)) != 0) - { SSLFreeBuffer(msg, ctx); - return err; - } - charPtr += SSL2_CHALLENGE_LEN; - - /* Zero out the first 16 bytes of clientRandom, and store - * the challenge in the second 16 bytes */ - #if (SSL2_CHALLENGE_LEN == SSL_CLIENT_SRVR_RAND_SIZE) - /* this path verified to fail with Netscape Enterprise servers 1/16/02 */ - memcpy(ctx->clientRandom, randomData.data, SSL2_CHALLENGE_LEN); - #else - memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN); - memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN, - randomData.data, SSL2_CHALLENGE_LEN); - #endif - ctx->ssl2ChallengeLength = SSL2_CHALLENGE_LEN; - - assert(charPtr == msg.data + msg.length); - - return noErr; -} - -OSStatus -SSL2ProcessClientMasterKey(SSLBuffer msg, SSLContext *ctx) -{ OSStatus err; - SSL2CipherKind cipherKind; - SSLBuffer secretData; - unsigned clearLength, encryptedLength, keyArgLength; - UInt32 secretLength, localKeyModulusLen; - UInt8 *charPtr; - const CSSM_KEY *cssmKey; - SecKeyRef decryptKeyRef = NULL; - - if (msg.length < 9) { - sslErrorLog("SSL2ProcessClientMasterKey: msg.length error 1\n"); - return errSSLProtocol; - } - assert(ctx->protocolSide == SSL_ServerSide); - - charPtr = msg.data; - cipherKind = (SSL2CipherKind)SSLDecodeInt(charPtr, 3); - charPtr += 3; - clearLength = SSLDecodeInt(charPtr, 2); - charPtr += 2; - encryptedLength = SSLDecodeInt(charPtr, 2); - charPtr += 2; - keyArgLength = SSLDecodeInt(charPtr, 2); - charPtr += 2; - - if (msg.length != 9 + clearLength + encryptedLength + keyArgLength) { - sslErrorLog("SSL2ProcessClientMasterKey: msg.length error 2\n"); - return errSSLProtocol; - } - - /* Master key == CLEAR_DATA || SECRET_DATA */ - memcpy(ctx->masterSecret, charPtr, clearLength); - charPtr += clearLength; - - /* - * Just as in SSL2EncodeServerHello, which key we use depends on the - * app's config. - */ - if(ctx->encryptPrivKeyRef) { - decryptKeyRef = ctx->encryptPrivKeyRef; - /* FIXME: when 3420180 is implemented, pick appropriate creds here */ - } - else if(ctx->signingPrivKeyRef) { - decryptKeyRef = ctx->signingPrivKeyRef; - /* FIXME: when 3420180 is implemented, pick appropriate creds here */ - } - else { - /* app configuration error */ - sslErrorLog("SSL2ProcessClientMasterKey: No server key!\n"); - return errSSLBadConfiguration; - } - err = SecKeyGetCSSMKey(decryptKeyRef, &cssmKey); - if(err) { - sslErrorLog("SSL2ProcessClientMasterKey: SecKeyGetCSSMKey err %d\n", (int)err); - return err; - } - localKeyModulusLen = sslKeyLengthInBytes(cssmKey); - - if (encryptedLength != localKeyModulusLen) { - sslErrorLog("SSL2ProcessClientMasterKey: encryptedLength error 1\n"); - return errSSLProtocol; - } - - /* Allocate enough room to hold any decrypted value */ - if ((err = SSLAllocBuffer(secretData, encryptedLength, ctx)) != 0) - return err; - - err = sslRsaDecrypt(ctx, - decryptKeyRef, - charPtr, - encryptedLength, - secretData.data, - encryptedLength, // same length for both...? - &secretLength); - if(err) { - SSLFreeBuffer(secretData, ctx); - return err; - } - - charPtr += encryptedLength; - - if (clearLength + secretLength != ctx->selectedCipherSpec->cipher->keySize) { - sslErrorLog("SSL2ProcessClientMasterKey: length error 3\n"); - return errSSLProtocol; - } - memcpy(ctx->masterSecret + clearLength, secretData.data, secretLength); - if ((err = SSLFreeBuffer(secretData, ctx)) != 0) - return err; - - if (keyArgLength != ctx->selectedCipherSpec->cipher->ivSize) { - sslErrorLog("SSL2ProcessClientMasterKey: length error 4\n"); - return errSSLProtocol; - } - - /* Stash the IV after the master key in master secret storage */ - memcpy(ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize, charPtr, keyArgLength); - charPtr += keyArgLength; - assert(charPtr = msg.data + msg.length); - - return noErr; -} - -OSStatus -SSL2EncodeClientMasterKey(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - unsigned length, i, clearLen; - UInt32 outputLen, peerKeyModulusLen; - SSLBuffer keyData; - UInt8 *charPtr; - - peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); - - /* Length is 10 + clear key size + encrypted output size + iv size */ - length = 10; - clearLen = ctx->selectedCipherSpec->cipher->keySize - ctx->selectedCipherSpec->cipher->secretKeySize; - length += clearLen; - length += peerKeyModulusLen; - length += ctx->selectedCipherSpec->cipher->ivSize; - - if ((err = SSLAllocBuffer(msg, length, ctx)) != 0) - return err; - charPtr = msg.data; - *charPtr++ = SSL2_MsgClientMasterKey; - for (i = 0; i < SSL2CipherMapCount; i++) - if (ctx->selectedCipher == SSL2CipherMap[i].cipherSuite) - break; - assert(i < SSL2CipherMapCount); - sslLogNegotiateDebug("===SSL2EncodeClientMasterKey: sending cipherKind 0x%x", - SSL2CipherMap[i].cipherKind); - charPtr = SSLEncodeInt(charPtr, SSL2CipherMap[i].cipherKind, 3); - charPtr = SSLEncodeInt(charPtr, clearLen, 2); - charPtr = SSLEncodeInt(charPtr, peerKeyModulusLen, 2); - charPtr = SSLEncodeInt(charPtr, ctx->selectedCipherSpec->cipher->ivSize, 2); - - /* Generate the keying material; we need enough data for the key and IV */ - keyData.data = ctx->masterSecret; - keyData.length = ctx->selectedCipherSpec->cipher->keySize + ctx->selectedCipherSpec->cipher->ivSize; - assert(keyData.length <= 48); /* Must be able to store it in the masterSecret array */ - if ((err = sslRand(ctx, &keyData)) != 0) - return err; - - memcpy(charPtr, ctx->masterSecret, clearLen); - charPtr += clearLen; - - /* Replace this with code to do encryption at lower level & set PKCS1 padding - for rollback attack */ - - /* - * encrypt only the secret key portion of masterSecret, starting at - * clearLen bytes - */ - err = sslRsaEncrypt(ctx, - ctx->peerPubKey, - ctx->peerPubKeyCsp, // XX - maybe cspHand - ctx->masterSecret + clearLen, - ctx->selectedCipherSpec->cipher->keySize - clearLen, - charPtr, - peerKeyModulusLen, - &outputLen); - if(err) { - return err; - } - - charPtr += outputLen; - - /* copy clear IV to msg buf */ - memcpy(charPtr, ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize, - ctx->selectedCipherSpec->cipher->ivSize); - charPtr += ctx->selectedCipherSpec->cipher->ivSize; - - assert(charPtr == msg.data + msg.length); - - return noErr; -} - -OSStatus -SSL2ProcessClientFinished(SSLBuffer msg, SSLContext *ctx) -{ if (msg.length != ctx->sessionID.length) { - sslErrorLog("SSL2ProcessClientFinished: length error\n"); - return errSSLProtocol; - } - if (memcmp(msg.data, ctx->serverRandom, ctx->ssl2ConnectionIDLength) != 0) { - sslErrorLog("SSL2ProcessClientFinished: data compare error\n"); - return errSSLProtocol; - } - return noErr; -} - -OSStatus -SSL2EncodeClientFinished(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLAllocBuffer(msg, ctx->ssl2ConnectionIDLength+1, ctx)) != 0) - return err; - msg.data[0] = SSL2_MsgClientFinished; - memcpy(msg.data+1, ctx->serverRandom, ctx->ssl2ConnectionIDLength); - return noErr; -} - -OSStatus -SSL2ProcessServerHello(SSLBuffer msg, SSLContext *ctx) -{ OSStatus err; - SSL2CertTypeCode certType; - unsigned sessionIDMatch, certLen, cipherSpecsLen, connectionIDLen; - unsigned i, j; - SSL2CipherKind cipherKind; - SSLCertificate *cert; - SSLCipherSuite matchingCipher = 0; // avoid compiler warning - SSLCipherSuite selectedCipher; - UInt8 *charPtr; - SSLProtocolVersion version; - - if (msg.length < 10) { - sslErrorLog("SSL2ProcessServerHello: length error\n"); - return errSSLProtocol; - } - charPtr = msg.data; - - sessionIDMatch = *charPtr++; - certType = (SSL2CertTypeCode)*charPtr++; - version = (SSLProtocolVersion)SSLDecodeInt(charPtr, 2); - charPtr += 2; - if (version != SSL_Version_2_0) { - sslErrorLog("SSL2ProcessServerHello: version error\n"); - return errSSLProtocol; - } - ctx->negProtocolVersion = version; - sslLogNegotiateDebug("===SSL2 client: negVersion is 2_0"); - certLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - cipherSpecsLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - connectionIDLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - - if (connectionIDLen < 16 || connectionIDLen > 32 || cipherSpecsLen % 3 != 0 || - (msg.length != 10 + certLen + cipherSpecsLen + connectionIDLen) ) - return errSSLProtocol; - if (sessionIDMatch != 0) - { if (certLen != 0 || cipherSpecsLen != 0 /* || certType != 0 */ ) - return errSSLProtocol; - ctx->sessionMatch = 1; - - ctx->ssl2ConnectionIDLength = connectionIDLen; - memcpy(ctx->serverRandom, charPtr, connectionIDLen); - charPtr += connectionIDLen; - } - else - { if (certType != SSL2_CertTypeX509) - return errSSLNegotiation; - cipherSpecsLen /= 3; - - cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); - if(cert == NULL) { - return memFullErr; - } - cert->next = 0; - if ((err = SSLAllocBuffer(cert->derCert, certLen, ctx)) != 0) - { - sslFree(cert); - return err; - } - memcpy(cert->derCert.data, charPtr, certLen); - charPtr += certLen; - ctx->peerCert = cert; - if((err = sslVerifyCertChain(ctx, *ctx->peerCert)) != 0) { - return err; - } - if((err = sslPubKeyFromCert(ctx, - cert->derCert, - &ctx->peerPubKey, - &ctx->peerPubKeyCsp)) != 0) - return err; - - selectedCipher = SSL_NO_SUCH_CIPHERSUITE; - for (i = 0; i < cipherSpecsLen; i++) - { cipherKind = (SSL2CipherKind)SSLDecodeInt(charPtr, 3); - charPtr += 3; - if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) /* After we find one, just keep advancing charPtr past the unused ones */ - { for (j = 0; j < SSL2CipherMapCount; j++) - if (cipherKind == SSL2CipherMap[j].cipherKind) - { matchingCipher = SSL2CipherMap[j].cipherSuite; - break; - } - for (j = 0; j < ctx->numValidCipherSpecs; j++) - if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) - { selectedCipher = matchingCipher; - break; - } - } - } - if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) - return errSSLNegotiation; - sslLogNegotiateDebug("===SSL2 client: selectedCipher 0x%x", - (unsigned)selectedCipher); - - ctx->selectedCipher = selectedCipher; - if ((err = FindCipherSpec(ctx)) != 0) { - return err; - } - ctx->ssl2ConnectionIDLength = connectionIDLen; - memcpy(ctx->serverRandom, charPtr, connectionIDLen); - charPtr += connectionIDLen; - } - - assert(charPtr == msg.data + msg.length); - - return noErr; -} - -OSStatus -SSL2EncodeServerHello(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - SSLCertificate *cert; - SSLBuffer randomData; - UInt8 *charPtr; - unsigned i; - - /* Create the connection ID */ - ctx->ssl2ConnectionIDLength = SSL2_CONNECTION_ID_LENGTH; - randomData.data = ctx->serverRandom; - randomData.length = ctx->ssl2ConnectionIDLength; - if ((err = sslRand(ctx, &randomData)) != 0) - return err; - - if (ctx->sessionMatch != 0) - { if ((err = SSLAllocBuffer(msg, 11 + ctx->sessionID.length, ctx)) != 0) - return err; - charPtr = msg.data; - *charPtr++ = SSL2_MsgServerHello; - *charPtr++ = ctx->sessionMatch; - *charPtr++ = 0; /* cert type */ - charPtr = SSLEncodeInt(charPtr, ctx->negProtocolVersion, 2); - charPtr = SSLEncodeInt(charPtr, 0, 2); /* cert len */ - charPtr = SSLEncodeInt(charPtr, 0, 2); /* cipherspecs len */ - charPtr = SSLEncodeInt(charPtr, ctx->ssl2ConnectionIDLength, 2); - memcpy(charPtr, ctx->serverRandom, ctx->ssl2ConnectionIDLength); - charPtr += ctx->ssl2ConnectionIDLength; - } - else - { /* First, find the last cert in the chain; it's the one we'll send */ - - /* - * Use encryptCert if we have it, but allow for the case of app - * specifying one cert which can encrypt and sign. - */ - if(ctx->encryptCert != NULL) { - cert = ctx->encryptCert; - } - else if(ctx->localCert != NULL) { - cert = ctx->localCert; - } - else { - /* really should not happen... */ - sslErrorLog("SSL2EncodeServerHello: No server cert!\n"); - return badReqErr; - } - - while (cert->next != 0) - cert = cert->next; - - if ((err = SSLAllocBuffer(msg, 11 + cert->derCert.length + 3 + ctx->sessionID.length, ctx)) != 0) - return err; - charPtr = msg.data; - *charPtr++ = SSL2_MsgServerHello; - *charPtr++ = ctx->sessionMatch; - *charPtr++ = SSL2_CertTypeX509; /* cert type */ - - #ifndef NDEBUG - sslLogNegotiateDebug("===SSL2 server: sending vers info %s", - protocolVersStr((SSLProtocolVersion)ctx->negProtocolVersion)); - #endif - - charPtr = SSLEncodeInt(charPtr, ctx->negProtocolVersion, 2); - charPtr = SSLEncodeInt(charPtr, cert->derCert.length, 2); - charPtr = SSLEncodeInt(charPtr, 3, 2); /* cipherspecs len */ - charPtr = SSLEncodeInt(charPtr, ctx->ssl2ConnectionIDLength, 2); - memcpy(charPtr, cert->derCert.data, cert->derCert.length); - charPtr += cert->derCert.length; - for (i = 0; i < SSL2CipherMapCount; i++) - if (ctx->selectedCipher == SSL2CipherMap[i].cipherSuite) - break; - assert(i < SSL2CipherMapCount); - charPtr = SSLEncodeInt(charPtr, SSL2CipherMap[i].cipherKind, 3); - sslLogNegotiateDebug("ssl2: server specifying cipherKind 0x%lx", - (UInt32)SSL2CipherMap[i].cipherKind); - memcpy(charPtr, ctx->serverRandom, ctx->ssl2ConnectionIDLength); - charPtr += ctx->ssl2ConnectionIDLength; - } - - assert(charPtr == msg.data + msg.length); - return noErr; -} - -OSStatus -SSL2ProcessServerVerify(SSLBuffer msg, SSLContext *ctx) -{ if (msg.length != ctx->ssl2ChallengeLength) - return errSSLProtocol; - - if (memcmp(msg.data, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - - ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength) != 0) - return errSSLProtocol; - - return noErr; -} - -OSStatus -SSL2EncodeServerVerify(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLAllocBuffer(msg, 1 + ctx->ssl2ChallengeLength, ctx)) != 0) - return err; - - msg.data[0] = SSL2_MsgServerVerify; - memcpy(msg.data+1, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - - ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength); - - return noErr; -} - -OSStatus -SSL2ProcessServerFinished(SSLBuffer msg, SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLAllocBuffer(ctx->sessionID, msg.length, ctx)) != 0) - return err; - memcpy(ctx->sessionID.data, msg.data, msg.length); - return noErr; -} - -OSStatus -SSL2EncodeServerFinished(SSLBuffer &msg, SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLAllocBuffer(msg, 1 + ctx->sessionID.length, ctx)) != 0) - return err; - - msg.data[0] = SSL2_MsgServerFinished; - memcpy(msg.data+1, ctx->sessionID.data, ctx->sessionID.length); - - return noErr; -} diff --git a/SecureTransport/ssl2Protocol.cpp b/SecureTransport/ssl2Protocol.cpp deleted file mode 100644 index 93a008e7..00000000 --- a/SecureTransport/ssl2Protocol.cpp +++ /dev/null @@ -1,463 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: ssl2Protocol.cpp - - Contains: Protocol engine for SSL 2 - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "ssl2.h" -#include "sslRecord.h" -#include "sslMemory.h" -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslSession.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include "sslUtils.h" -#include "sslDigests.h" -#include -#include - -#ifndef NDEBUG - -static char *sslHdskMsgToStr(SSL2MessageType msg) -{ - static char badStr[100]; - - switch(msg) { - case SSL2_MsgError: - return "SSL2_MsgError"; - case SSL2_MsgClientHello: - return "SSL2_MsgClientHello"; - case SSL2_MsgClientMasterKey: - return "SSL2_MsgClientMasterKey"; - case SSL2_MsgClientFinished: - return "SSL2_MsgClientFinished"; - case SSL2_MsgServerHello: - return "SSL2_MsgServerHello"; - case SSL2_MsgServerVerify: - return "SSL2_MsgServerVerify"; - case SSL2_MsgServerFinished: - return "SSL2_MsgServerFinished"; - case SSL2_MsgRequestCert: - return "SSL2_MsgRequestCert"; - case SSL2_MsgClientCert: - return "SSL2_MsgClientCert"; - case SSL2_MsgKickstart: - return "SSL2_MsgKickstart"; - default: - sprintf(badStr, "Unknown msg (%d(d)", msg); - return badStr; - } -} - -static void logSsl2Msg(SSL2MessageType msg, char sent) -{ - char *ms = sslHdskMsgToStr(msg); - sslHdskMsgDebug("...msg %s: %s", (sent ? "sent" : "recd"), ms); -} - -#else - -#define logSsl2Msg(m, s) - -#endif /* NDEBUG */ - -OSStatus -SSL2ProcessMessage(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err = 0; - SSL2MessageType msg; - SSLBuffer contents; - - if (rec.contents.length < 2) - return errSSLProtocol; - - msg = (SSL2MessageType)rec.contents.data[0]; - contents.data = rec.contents.data + 1; - contents.length = rec.contents.length - 1; - - logSsl2Msg(msg, 0); - - switch (msg) - { case SSL2_MsgError: - err = errSSLClosedAbort; - break; - case SSL2_MsgClientHello: - if (ctx->state != SSL_HdskStateServerUninit) - return errSSLProtocol; - err = SSL2ProcessClientHello(contents, ctx); - if (err == errSSLNegotiation) - SSL2SendError(SSL2_ErrNoCipher, ctx); - break; - case SSL2_MsgClientMasterKey: - if (ctx->state != SSL2_HdskStateClientMasterKey) - return errSSLProtocol; - err = SSL2ProcessClientMasterKey(contents, ctx); - break; - case SSL2_MsgClientFinished: - if (ctx->state != SSL2_HdskStateClientFinished) - return errSSLProtocol; - err = SSL2ProcessClientFinished(contents, ctx); - break; - case SSL2_MsgServerHello: - if (ctx->state != SSL2_HdskStateServerHello && - ctx->state != SSL_HdskStateServerHelloUnknownVersion) - return errSSLProtocol; - err = SSL2ProcessServerHello(contents, ctx); - if (err == errSSLNegotiation) - SSL2SendError(SSL2_ErrNoCipher, ctx); - break; - case SSL2_MsgServerVerify: - if (ctx->state != SSL2_HdskStateServerVerify) - return errSSLProtocol; - err = SSL2ProcessServerVerify(contents, ctx); - break; - case SSL2_MsgServerFinished: - if (ctx->state != SSL2_HdskStateServerFinished) { - /* FIXME - this ifndef should not be necessary */ - #ifndef NDEBUG - sslHdskStateDebug("SSL2_MsgServerFinished; state %s", - hdskStateToStr(ctx->state)); - #endif - return errSSLProtocol; - } - err = SSL2ProcessServerFinished(contents, ctx); - break; - case SSL2_MsgRequestCert: - /* Don't process the request; we don't support client certification */ - break; - case SSL2_MsgClientCert: - return errSSLProtocol; - break; - default: - return errSSLProtocol; - break; - } - - if (err == 0) - { - if ((msg == SSL2_MsgClientHello) && - (ctx->negProtocolVersion >= SSL_Version_3_0)) - { /* Promote this message to SSL 3 protocol */ - if ((err = SSL3ReceiveSSL2ClientHello(rec, ctx)) != 0) - return err; - } - else - err = SSL2AdvanceHandshake(msg, ctx); - } - return err; -} - -OSStatus -SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) -{ OSStatus err; - - err = noErr; - - switch (msg) - { case SSL2_MsgKickstart: - assert(ctx->negProtocolVersion == SSL_Version_Undetermined); - assert(ctx->versionSsl2Enable); - if (ctx->versionSsl3Enable || ctx->versionTls1Enable) { - /* prepare for possible v3 upgrade */ - if ((err = SSLInitMessageHashes(ctx)) != 0) - return err; - } - if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeClientHello, ctx)) != 0) - return err; - if (ctx->versionSsl3Enable || ctx->versionTls1Enable) { - SSLChangeHdskState(ctx, SSL_HdskStateServerHelloUnknownVersion); - } - else { - /* v2 only */ - SSLChangeHdskState(ctx, SSL2_HdskStateServerHello); - } - break; - case SSL2_MsgClientHello: - if ((err = SSL2CompareSessionIDs(ctx)) != 0) - return err; - if (ctx->sessionMatch == 0) - if ((err = SSL2GenerateSessionID(ctx)) != 0) - return err; - if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeServerHello, ctx)) != 0) - return err; - if (ctx->sessionMatch == 0) - { SSLChangeHdskState(ctx, SSL2_HdskStateClientMasterKey); - break; - } - sslLogResumSessDebug("===RESUMING SSL2 server-side session"); - if ((err = SSL2InstallSessionKey(ctx)) != 0) - return err; - /* Fall through for matching session; lame, but true */ - case SSL2_MsgClientMasterKey: - if ((err = SSL2InitCiphers(ctx)) != 0) - return err; - if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeServerVerify, ctx)) != 0) - return err; - if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeServerFinished, ctx)) != 0) - return err; - SSLChangeHdskState(ctx, SSL2_HdskStateClientFinished); - break; - case SSL2_MsgServerHello: - if (ctx->sessionMatch == 0) - { if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeClientMasterKey, ctx)) != 0) - return err; - } - else - { - sslLogResumSessDebug("===RESUMING SSL2 client-side session"); - if ((err = SSL2InstallSessionKey(ctx)) != 0) - return err; - } - if ((err = SSL2InitCiphers(ctx)) != 0) - return err; - if ((err = SSL2PrepareAndQueueMessage(SSL2EncodeClientFinished, ctx)) != 0) - return err; - SSLChangeHdskState(ctx, SSL2_HdskStateServerVerify); - break; - case SSL2_MsgClientFinished: - /* Handshake is complete; turn ciphers on */ - ctx->writeCipher.ready = 1; - ctx->readCipher.ready = 1; - /* original code never got out of SSL2_MsgClientFinished state */ - assert(ctx->protocolSide == SSL_ServerSide); - SSLChangeHdskState(ctx, SSL_HdskStateServerReady); - if (ctx->peerID.data != 0) - SSLAddSessionData(ctx); - break; - case SSL2_MsgServerVerify: - SSLChangeHdskState(ctx, SSL2_HdskStateServerFinished); - break; - case SSL2_MsgRequestCert: - if ((err = SSL2SendError(SSL2_ErrNoCert, ctx)) != 0) - return err; - break; - case SSL2_MsgServerFinished: - /* Handshake is complete; turn ciphers on */ - ctx->writeCipher.ready = 1; - ctx->readCipher.ready = 1; - /* original code never got out of SSL2_MsgServerFinished state */ - assert(ctx->protocolSide == SSL_ClientSide); - SSLChangeHdskState(ctx, SSL_HdskStateClientReady); - if (ctx->peerID.data != 0) - SSLAddSessionData(ctx); - break; - case SSL2_MsgError: - case SSL2_MsgClientCert: - return errSSLProtocol; - break; - } - - return noErr; -} - -OSStatus -SSL2PrepareAndQueueMessage(EncodeSSL2MessageFunc encodeFunc, SSLContext *ctx) -{ OSStatus err; - SSLRecord rec; - - rec.contentType = SSL_RecordTypeV2_0; - rec.protocolVersion = SSL_Version_2_0; - if ((err = encodeFunc(rec.contents, ctx)) != 0) - return err; - - logSsl2Msg((SSL2MessageType)rec.contents.data[0], 1); - - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) - { SSLFreeBuffer(rec.contents, ctx); - return err; - } - - assert((ctx->negProtocolVersion == SSL_Version_Undetermined) || - (ctx->negProtocolVersion == SSL_Version_2_0)); - if((ctx->negProtocolVersion == SSL_Version_Undetermined) && - (ctx->versionSsl3Enable || ctx->versionTls1Enable)) { - /* prepare for possible V3/TLS1 upgrade */ - if ((err = SSLHashSHA1.update(ctx->shaState, rec.contents)) != 0 || - (err = SSLHashMD5.update(ctx->md5State, rec.contents)) != 0) - return err; - } - err = SSLFreeBuffer(rec.contents, ctx); - return err; -} - -OSStatus -SSL2CompareSessionIDs(SSLContext *ctx) -{ OSStatus err; - SSLBuffer sessionIdentifier; - - ctx->sessionMatch = 0; - - if (ctx->resumableSession.data == 0) - return noErr; - - if ((err = SSLRetrieveSessionID(ctx->resumableSession, - &sessionIdentifier, ctx)) != 0) - return err; - - if (sessionIdentifier.length == ctx->sessionID.length && - memcmp(sessionIdentifier.data, ctx->sessionID.data, sessionIdentifier.length) == 0) - ctx->sessionMatch = 1; - - if ((err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0) - return err; - - return noErr; -} - -OSStatus -SSL2InstallSessionKey(SSLContext *ctx) -{ OSStatus err; - - assert(ctx->sessionMatch != 0); - assert(ctx->resumableSession.data != 0); - if ((err = SSLInstallSessionFromData(ctx->resumableSession, ctx)) != 0) - return err; - return noErr; -} - -OSStatus -SSL2GenerateSessionID(SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLFreeBuffer(ctx->sessionID, ctx)) != 0) - return err; - if ((err = SSLAllocBuffer(ctx->sessionID, SSL_SESSION_ID_LEN, ctx)) != 0) - return err; - if ((err = sslRand(ctx, &ctx->sessionID)) != 0) - return err; - return noErr; -} - -OSStatus -SSL2InitCiphers(SSLContext *ctx) -{ OSStatus err; - int keyMaterialLen; - SSLBuffer keyData; - uint8 variantChar, *charPtr, *readKey, *writeKey, *iv; - SSLBuffer hashDigest, hashContext, masterKey, challenge, connectionID, variantData; - - keyMaterialLen = 2 * ctx->selectedCipherSpec->cipher->keySize; - if ((err = SSLAllocBuffer(keyData, keyMaterialLen, ctx)) != 0) - return err; - - /* Can't have % in assertion string... */ - #if SSL_DEBUG - { - UInt32 keyModDigestSize = keyMaterialLen % SSLHashMD5.digestSize; - assert(keyModDigestSize == 0); - } - #endif - - masterKey.data = ctx->masterSecret; - masterKey.length = ctx->selectedCipherSpec->cipher->keySize; - challenge.data = ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - - ctx->ssl2ChallengeLength; - challenge.length = ctx->ssl2ChallengeLength; - connectionID.data = ctx->serverRandom; - connectionID.length = ctx->ssl2ConnectionIDLength; - variantData.data = &variantChar; - variantData.length = 1; - if ((err = SSLAllocBuffer(hashContext, SSLHashMD5.contextSize, ctx)) != 0) - { SSLFreeBuffer(keyData, ctx); - return err; - } - - variantChar = 0x30; /* '0' */ - charPtr = keyData.data; - while (keyMaterialLen) - { hashDigest.data = charPtr; - hashDigest.length = SSLHashMD5.digestSize; - if ((err = SSLHashMD5.init(hashContext, ctx)) != 0 || - (err = SSLHashMD5.update(hashContext, masterKey)) != 0 || - (err = SSLHashMD5.update(hashContext, variantData)) != 0 || - (err = SSLHashMD5.update(hashContext, challenge)) != 0 || - (err = SSLHashMD5.update(hashContext, connectionID)) != 0 || - (err = SSLHashMD5.final(hashContext, hashDigest)) != 0) - { SSLFreeBuffer(keyData, ctx); - SSLFreeBuffer(hashContext, ctx); - return err; - } - charPtr += hashDigest.length; - ++variantChar; - keyMaterialLen -= hashDigest.length; - } - - assert(charPtr == keyData.data + keyData.length); - - if ((err = SSLFreeBuffer(hashContext, ctx)) != 0) - { SSLFreeBuffer(keyData, ctx); - return err; - } - - ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher; - ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher; - ctx->readPending.sequenceNum = ctx->readCipher.sequenceNum; - ctx->writePending.sequenceNum = ctx->writeCipher.sequenceNum; - - if (ctx->protocolSide == SSL_ServerSide) - { writeKey = keyData.data; - readKey = keyData.data + ctx->selectedCipherSpec->cipher->keySize; - } - else - { readKey = keyData.data; - writeKey = keyData.data + ctx->selectedCipherSpec->cipher->keySize; - } - - iv = ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize; - - if ((err = ctx->readPending.symCipher->initialize(readKey, iv, - &ctx->readPending, ctx)) != 0 || - (err = ctx->writePending.symCipher->initialize(writeKey, iv, - &ctx->writePending, ctx)) != 0) - { SSLFreeBuffer(keyData, ctx); - return err; - } - - /* - * HEY! macSecret is only 20 bytes. This blows up when key size - * is greater than 20, e.g., 3DES. - * I'll increase the size of macSecret to 24, 'cause it appears - * from the SSL v23 spec that the macSecret really the same size as - * CLIENT-WRITE-KEY and SERVER-READ-KEY (see 1.2 of the spec). - */ - memcpy(ctx->readPending.macSecret, readKey, ctx->selectedCipherSpec->cipher->keySize); - memcpy(ctx->writePending.macSecret, writeKey, ctx->selectedCipherSpec->cipher->keySize); - - if ((err = SSLFreeBuffer(keyData, ctx)) != 0) - return err; - - ctx->readCipher = ctx->readPending; - ctx->writeCipher = ctx->writePending; - memset(&ctx->readPending, 0, sizeof(CipherContext)); /* Zero out old data */ - memset(&ctx->writePending, 0, sizeof(CipherContext)); /* Zero out old data */ - - return noErr; -} diff --git a/SecureTransport/ssl2Record.cpp b/SecureTransport/ssl2Record.cpp deleted file mode 100644 index 40ea26a8..00000000 --- a/SecureTransport/ssl2Record.cpp +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: ssl2Record.cpp - - Contains: Record encrypting/decrypting/MACing for SSL 2 - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl2.h" -#include "sslRecord.h" -#include "sslMemory.h" -#include "sslContext.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" -#include "sslUtils.h" -#include "sslDigests.h" - -#include - -static OSStatus SSL2DecryptRecord( - SSLBuffer &payload, - SSLContext *ctx); -static OSStatus SSL2VerifyMAC( - SSLBuffer &content, - UInt8 *compareMAC, - SSLContext *ctx); -static OSStatus SSL2CalculateMAC( - SSLBuffer &secret, - SSLBuffer &content, - UInt32 seqNo, - const HashReference &hash, - SSLBuffer &mac, - SSLContext *ctx); - - -OSStatus -SSL2ReadRecord(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err; - UInt32 len, contentLen; - int padding, headerSize; - UInt8 *charPtr; - SSLBuffer readData, cipherFragment; - - switch (ctx->negProtocolVersion) - { case SSL_Version_Undetermined: - case SSL_Version_2_0: - break; - case SSL_Version_3_0: /* We've negotiated a 3.0 session; - * we can send an alert */ - case TLS_Version_1_0: - SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx); - return errSSLProtocol; - default: - sslErrorLog("bad protocolVersion in ctx->protocolVersion"); - return errSSLInternal; - } - - if (!ctx->partialReadBuffer.data || ctx->partialReadBuffer.length < 3) - { if (ctx->partialReadBuffer.data) - if ((err = SSLFreeBuffer(ctx->partialReadBuffer, ctx)) != 0) - { SSL2SendError(SSL2_ErrNoCipher, ctx); - return err; - } - if ((err = SSLAllocBuffer(ctx->partialReadBuffer, DEFAULT_BUFFER_SIZE, ctx)) != 0) - { SSL2SendError(SSL2_ErrNoCipher, ctx); - return err; - } - } - - if (ctx->amountRead < 3) - { readData.length = 3 - ctx->amountRead; - readData.data = ctx->partialReadBuffer.data + ctx->amountRead; - len = readData.length; - err = sslIoRead(readData, &len, ctx); - if(err != 0) - { if (err == errSSLWouldBlock) - ctx->amountRead += len; - if (err == ioErr && ctx->amountRead == 0) /* If the session closes on a record boundary, it's graceful */ - err = errSSLClosedGraceful; - return err; - } - ctx->amountRead += len; - } - - rec.contentType = SSL_RecordTypeV2_0; - rec.protocolVersion = SSL_Version_2_0; - charPtr = ctx->partialReadBuffer.data; - - if (((*charPtr) & 0x80) != 0) /* High bit on -> specifies 2-byte header */ - { headerSize = 2; - contentLen = ((charPtr[0] & 0x7F) << 8) | charPtr[1]; - padding = 0; - } - else if (((*charPtr) & 0x40) != 0) /* Bit 6 on -> specifies security escape */ - { return errSSLProtocol; /* No security escapes are defined */ - } - else /* 3-byte header */ - { headerSize = 3; - contentLen = ((charPtr[0] & 0x3F) << 8) | charPtr[1]; - padding = charPtr[2]; - } - - /* - * FIXME - what's the max record size? - * and why doesn't SSLReadRecord parse the 2 or 3 byte header? - * Note: I see contentLen of 0 coming back from www.cduniverse.com when - * it's only been given SSL_RSA_EXPORT_WITH_DES40_CBC_SHA. - */ - if((contentLen == 0) || (contentLen > 0xffff)) { - return errSSLProtocol; - } - - charPtr += headerSize; - - if (ctx->partialReadBuffer.length < headerSize + contentLen) - { if ((err = SSLReallocBuffer(ctx->partialReadBuffer, 5 + contentLen, ctx)) != 0) - return err; - } - - if (ctx->amountRead < headerSize + contentLen) - { readData.length = headerSize + contentLen - ctx->amountRead; - readData.data = ctx->partialReadBuffer.data + ctx->amountRead; - len = readData.length; - err = sslIoRead(readData, &len, ctx); - if(err != 0) - { if (err == errSSLWouldBlock) - ctx->amountRead += len; - return err; - } - ctx->amountRead += len; - } - - cipherFragment.data = ctx->partialReadBuffer.data + headerSize; - cipherFragment.length = contentLen; - if ((err = SSL2DecryptRecord(cipherFragment, ctx)) != 0) - return err; - - cipherFragment.length -= padding; /* Remove padding; MAC was removed - * by SSL2DecryptRecord */ - - IncrementUInt64(&ctx->readCipher.sequenceNum); - - /* Allocate a buffer to return the plaintext in and return it */ - if ((err = SSLAllocBuffer(rec.contents, cipherFragment.length, ctx)) != 0) - return err; - memcpy(rec.contents.data, cipherFragment.data, cipherFragment.length); - - ctx->amountRead = 0; /* We've used all the data in the cache */ - - return noErr; -} - -OSStatus -SSL2WriteRecord(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err; - int padding = 0, i, headerSize; - WaitingRecord *out, *queue; - SSLBuffer buf, content, payload, secret, mac; - UInt8 *charPtr; - UInt16 payloadSize, blockSize; - - assert(rec.contents.length < 16384); - - out = 0; - /* Allocate a WaitingRecord to store our ready-to-send record in */ - if ((err = SSLAllocBuffer(buf, sizeof(WaitingRecord), ctx)) != 0) - return err; - out = (WaitingRecord*)buf.data; - out->next = 0; - out->sent = 0; - - payloadSize = (UInt16) - (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize); - blockSize = ctx->writeCipher.symCipher->blockSize; - if (blockSize > 0) - { - padding = blockSize - (payloadSize % blockSize); - if (padding == blockSize) - padding = 0; - payloadSize += padding; - headerSize = 3; - } - else - { padding = 0; - headerSize = 2; - } - out->data.data = 0; - if ((err = SSLAllocBuffer(out->data, headerSize + payloadSize, ctx)) != 0) - goto fail; - charPtr = out->data.data; - - if (headerSize == 2) - charPtr = SSLEncodeInt(charPtr, payloadSize | 0x8000, 2); - else - { charPtr = SSLEncodeInt(charPtr, payloadSize, 2); - *charPtr++ = padding; - } - - payload.data = charPtr; - payload.length = payloadSize; - - mac.data = charPtr; - mac.length = ctx->writeCipher.macRef->hash->digestSize; - charPtr += mac.length; - - content.data = charPtr; - content.length = rec.contents.length + padding; - memcpy(charPtr, rec.contents.data, rec.contents.length); - charPtr += rec.contents.length; - i = padding; - while (i--) - *charPtr++ = padding; - - assert(charPtr == out->data.data + out->data.length); - - secret.data = ctx->writeCipher.macSecret; - secret.length = ctx->writeCipher.symCipher->keySize; - if (mac.length > 0) - if ((err = SSL2CalculateMAC(secret, content, - ctx->writeCipher.sequenceNum.low, - *ctx->writeCipher.macRef->hash, mac, ctx)) != 0) - goto fail; - - if ((err = ctx->writeCipher.symCipher->encrypt(payload, - payload, - &ctx->writeCipher, - ctx)) != 0) - goto fail; - - /* Enqueue the record to be written from the idle loop */ - if (ctx->recordWriteQueue == 0) - ctx->recordWriteQueue = out; - else - { queue = ctx->recordWriteQueue; - while (queue->next != 0) - queue = queue->next; - queue->next = out; - } - - /* Increment the sequence number */ - IncrementUInt64(&ctx->writeCipher.sequenceNum); - - return noErr; - -fail: - /* - * Only for if we fail between when the WaitingRecord is allocated and - * when it is queued - */ - SSLFreeBuffer(out->data, 0); - buf.data = (UInt8*)out; - buf.length = sizeof(WaitingRecord); - SSLFreeBuffer(buf, ctx); - return err; -} - -static OSStatus -SSL2DecryptRecord(SSLBuffer &payload, SSLContext *ctx) -{ OSStatus err; - SSLBuffer content; - - if (ctx->readCipher.symCipher->blockSize > 0) - if (payload.length % ctx->readCipher.symCipher->blockSize != 0) - return errSSLProtocol; - - /* Decrypt in place */ - if ((err = ctx->readCipher.symCipher->decrypt(payload, - payload, - &ctx->readCipher, - ctx)) != 0) - return err; - - if (ctx->readCipher.macRef->hash->digestSize > 0) - /* Optimize away MAC for null case */ - { content.data = payload.data + ctx->readCipher.macRef->hash->digestSize; /* Data is after MAC */ - content.length = payload.length - ctx->readCipher.macRef->hash->digestSize; - if ((err = SSL2VerifyMAC(content, payload.data, ctx)) != 0) - return err; - /* Adjust payload to remove MAC; caller is still responsible - * for removing padding [if any] */ - payload = content; - } - - return noErr; -} - -#define IGNORE_MAC_FAILURE 0 - -static OSStatus -SSL2VerifyMAC(SSLBuffer &content, UInt8 *compareMAC, SSLContext *ctx) -{ OSStatus err; - UInt8 calculatedMAC[SSL_MAX_DIGEST_LEN]; - SSLBuffer secret, mac; - - secret.data = ctx->readCipher.macSecret; - secret.length = ctx->readCipher.symCipher->keySize; - mac.data = calculatedMAC; - mac.length = ctx->readCipher.macRef->hash->digestSize; - if ((err = SSL2CalculateMAC(secret, content, ctx->readCipher.sequenceNum.low, - *ctx->readCipher.macRef->hash, mac, ctx)) != 0) - return err; - if (memcmp(mac.data, compareMAC, mac.length) != 0) { - #if IGNORE_MAC_FAILURE - sslErrorLog("SSL2VerifyMAC: Mac verify failure\n"); - return noErr; - #else - sslErrorLog("SSL2VerifyMAC: Mac verify failure\n"); - return errSSLProtocol; - #endif - } - return noErr; -} - -#define LOG_MAC_DATA 0 -#if LOG_MAC_DATA -static void logMacData( - char *field, - SSLBuffer *data) -{ - int i; - - printf("%s: ", field); - for(i=0; ilength; i++) { - printf("%02X", data->data[i]); - if((i % 4) == 3) { - printf(" "); - } - } - printf("\n"); -} -#else /* LOG_MAC_DATA */ -#define logMacData(f, d) -#endif /* LOG_MAC_DATA */ - -/* For SSL 2, the MAC is hash ( secret || content || sequence# ) - * where secret is the decryption key for the message, content is - * the record data plus any padding used to round out the record - * size to an even multiple of the block size and sequence# is - * a monotonically increasing 32-bit unsigned integer. - */ -static OSStatus -SSL2CalculateMAC( - SSLBuffer &secret, - SSLBuffer &content, - UInt32 seqNo, - const HashReference &hash, - SSLBuffer &mac, - SSLContext *ctx) -{ OSStatus err; - UInt8 sequenceNum[4]; - SSLBuffer seqData, hashContext; - - SSLEncodeInt(sequenceNum, seqNo, 4); - seqData.data = sequenceNum; - seqData.length = 4; - - hashContext.data = 0; - if ((err = ReadyHash(hash, hashContext, ctx)) != 0) - return err; - if ((err = hash.update(hashContext, secret)) != 0) - goto fail; - if ((err = hash.update(hashContext, content)) != 0) - goto fail; - if ((err = hash.update(hashContext, seqData)) != 0) - goto fail; - if ((err = hash.final(hashContext, mac)) != 0) - goto fail; - - logMacData("secret ", &secret); - logMacData("seqData", &seqData); - logMacData("mac ", &mac); - - err = noErr; -fail: - SSLFreeBuffer(hashContext, ctx); - return err; -} - -OSStatus -SSL2SendError(SSL2ErrorCode error, SSLContext *ctx) -{ OSStatus err; - SSLRecord rec; - UInt8 errorData[3]; - - rec.contentType = SSL_RecordTypeV2_0; - rec.protocolVersion = SSL_Version_2_0; - rec.contents.data = errorData; - rec.contents.length = 3; - errorData[0] = SSL2_MsgError; - SSLEncodeInt(errorData + 1, error, 2); - - err = SSL2WriteRecord(rec, ctx); - return err; -} diff --git a/SecureTransport/ssl3Callouts.cpp b/SecureTransport/ssl3Callouts.cpp deleted file mode 100644 index 92b1f540..00000000 --- a/SecureTransport/ssl3Callouts.cpp +++ /dev/null @@ -1,716 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: ssl3Callouts.cpp - - Contains: SSLv3-specific routines for SslTlsCallouts. - - Written by: Doug Mitchell -*/ - -#include "sslMemory.h" -#include "tls_ssl.h" -#include "sslUtils.h" -#include "sslDigests.h" -#include "ssl2.h" -#include "sslDebug.h" -#include "sslAlertMessage.h" - -#include -#include - -/* - * ssl3WriteRecord does not send alerts on failure, out of the assumption/fear - * that this might result in a loop (since sending an alert causes ssl3WriteRecord - * to be called). - * - * As far as I can tell, we can use this same routine for SSLv3 and TLSv1, as long - * as we're not trying to use the "variable length padding" feature of TLSv1. - * OpenSSL doesn't use that feature; for now, neither will we. Thus this routine - * is used for the SslTlsCallouts.writeRecord function for both protocols. - */ -OSStatus ssl3WriteRecord( - SSLRecord rec, - SSLContext *ctx) -{ - OSStatus err; - int padding = 0, i; - WaitingRecord *out, *queue; - SSLBuffer buf, payload, mac; - UInt8 *charPtr; - UInt16 payloadSize,blockSize; - - switch(rec.protocolVersion) { - case SSL_Version_2_0: - return SSL2WriteRecord(rec, ctx); - case SSL_Version_3_0: - case TLS_Version_1_0: - break; - default: - assert(0); - return errSSLInternal; - } - assert(rec.contents.length <= 16384); - - out = 0; - /* Allocate a WaitingRecord to store our ready-to-send record in */ - if ((err = SSLAllocBuffer(buf, sizeof(WaitingRecord), ctx)) != 0) - return err; - out = (WaitingRecord*)buf.data; - out->next = 0; - out->sent = 0; - /* Allocate enough room for the transmitted record, which will be: - * 5 bytes of header + - * encrypted contents + - * macLength + - * padding [block ciphers only] + - * padding length field (1 byte) [block ciphers only] - */ - payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize); - blockSize = ctx->writeCipher.symCipher->blockSize; - if (blockSize > 0) - { padding = blockSize - (payloadSize % blockSize) - 1; - payloadSize += padding + 1; - } - out->data.data = 0; - if ((err = SSLAllocBuffer(out->data, 5 + payloadSize, ctx)) != 0) - goto fail; - - charPtr = out->data.data; - *(charPtr++) = rec.contentType; - charPtr = SSLEncodeInt(charPtr, rec.protocolVersion, 2); - charPtr = SSLEncodeInt(charPtr, payloadSize, 2); - - /* Copy the contents into the output buffer */ - memcpy(charPtr, rec.contents.data, rec.contents.length); - payload.data = charPtr; - payload.length = rec.contents.length; - - charPtr += rec.contents.length; - /* MAC immediately follows data */ - mac.data = charPtr; - mac.length = ctx->writeCipher.macRef->hash->digestSize; - charPtr += mac.length; - - /* MAC the data */ - if (mac.length > 0) /* Optimize away null case */ - { - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->computeMac(rec.contentType, - payload, - mac, - &ctx->writeCipher, - ctx->writeCipher.sequenceNum, - ctx)) != 0) - goto fail; - } - - /* Update payload to reflect encrypted data: contents, mac & padding */ - payload.length = payloadSize; - - /* Fill in the padding bytes & padding length field with the padding value; the - * protocol only requires the last byte, - * but filling them all in avoids leaking data - */ - if (ctx->writeCipher.symCipher->blockSize > 0) - for (i = 1; i <= padding + 1; ++i) - payload.data[payload.length - i] = padding; - - /* Encrypt the data */ - if ((err = ctx->writeCipher.symCipher->encrypt(payload, - payload, - &ctx->writeCipher, - ctx)) != 0) - goto fail; - - /* Enqueue the record to be written from the idle loop */ - if (ctx->recordWriteQueue == 0) - ctx->recordWriteQueue = out; - else - { queue = ctx->recordWriteQueue; - while (queue->next != 0) - queue = queue->next; - queue->next = out; - } - - /* Increment the sequence number */ - IncrementUInt64(&ctx->writeCipher.sequenceNum); - - return noErr; - -fail: - /* - * Only for if we fail between when the WaitingRecord is allocated and when - * it is queued - */ - SSLFreeBuffer(out->data, ctx); - buf.data = (UInt8*)out; - buf.length = sizeof(WaitingRecord); - SSLFreeBuffer(buf, ctx); - return err; -} - -static OSStatus ssl3DecryptRecord( - UInt8 type, - SSLBuffer *payload, - SSLContext *ctx) -{ - OSStatus err; - SSLBuffer content; - - if ((ctx->readCipher.symCipher->blockSize > 0) && - ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) - { SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx); - return errSSLProtocol; - } - - /* Decrypt in place */ - if ((err = ctx->readCipher.symCipher->decrypt(*payload, - *payload, - &ctx->readCipher, - ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertDecryptionFail, ctx); - return err; - } - - /* Locate content within decrypted payload */ - content.data = payload->data; - content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; - if (ctx->readCipher.symCipher->blockSize > 0) - { /* padding can't be equal to or more than a block */ - if (payload->data[payload->length - 1] >= ctx->readCipher.symCipher->blockSize) - { SSLFatalSessionAlert(SSL_AlertDecryptionFail, ctx); - sslErrorLog("DecryptSSLRecord: bad padding length (%d)\n", - (unsigned)payload->data[payload->length - 1]); - return errSSLDecryptionFail; - } - content.length -= 1 + payload->data[payload->length - 1]; - /* Remove block size padding */ - } - - /* Verify MAC on payload */ - if (ctx->readCipher.macRef->hash->digestSize > 0) - /* Optimize away MAC for null case */ - if ((err = SSLVerifyMac(type, content, - payload->data + content.length, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertBadRecordMac, ctx); - return errSSLBadRecordMac; - } - - *payload = content; /* Modify payload buffer to indicate content length */ - - return noErr; -} - -/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ -static OSStatus ssl3InitMac ( - CipherContext *cipherCtx, // macRef, macSecret valid on entry - // macCtx valid on return - SSLContext *ctx) -{ - const HashReference *hash; - SSLBuffer *hashCtx; - OSStatus serr; - - assert(cipherCtx->macRef != NULL); - hash = cipherCtx->macRef->hash; - assert(hash != NULL); - - hashCtx = &cipherCtx->macCtx.hashCtx; - if(hashCtx->data != NULL) { - SSLFreeBuffer(*hashCtx, ctx); - } - serr = SSLAllocBuffer(*hashCtx, hash->contextSize, ctx); - if(serr) { - return serr; - } - return noErr; -} - -static OSStatus ssl3FreeMac ( - CipherContext *cipherCtx) -{ - SSLBuffer *hashCtx; - - assert(cipherCtx != NULL); - /* this can be called on a completely zeroed out CipherContext... */ - if(cipherCtx->macRef == NULL) { - return noErr; - } - hashCtx = &cipherCtx->macCtx.hashCtx; - if(hashCtx->data != NULL) { - sslFree(hashCtx->data); - hashCtx->data = NULL; - } - hashCtx->length = 0; - return noErr; -} - -static OSStatus ssl3ComputeMac ( - UInt8 type, - SSLBuffer data, - SSLBuffer mac, // caller mallocs data - CipherContext *cipherCtx, // assumes macCtx, macRef - sslUint64 seqNo, - SSLContext *ctx) -{ - OSStatus err; - UInt8 innerDigestData[SSL_MAX_DIGEST_LEN]; - UInt8 scratchData[11], *charPtr; - SSLBuffer digest, digestCtx, scratch; - SSLBuffer secret; - - const HashReference *hash; - - assert(cipherCtx != NULL); - assert(cipherCtx->macRef != NULL); - hash = cipherCtx->macRef->hash; - assert(hash != NULL); - assert(hash->macPadSize <= MAX_MAC_PADDING); - assert(hash->digestSize <= SSL_MAX_DIGEST_LEN); - digestCtx = cipherCtx->macCtx.hashCtx; // may be NULL, for null cipher - secret.data = cipherCtx->macSecret; - secret.length = hash->digestSize; - - /* init'd early in SSLNewContext() */ - assert(SSLMACPad1[0] == 0x36 && SSLMACPad2[0] == 0x5C); - - /* - * MAC = hash( MAC_write_secret + pad_2 + - * hash( MAC_write_secret + pad_1 + seq_num + type + - * length + content ) - * ) - */ - if ((err = hash->init(digestCtx, ctx)) != 0) - goto exit; - if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */ - goto exit; - scratch.data = (UInt8 *)SSLMACPad1; - scratch.length = hash->macPadSize; - if ((err = hash->update(digestCtx, scratch)) != 0) /* pad1 */ - goto exit; - charPtr = scratchData; - charPtr = SSLEncodeUInt64(charPtr, seqNo); - *charPtr++ = type; - charPtr = SSLEncodeInt(charPtr, data.length, 2); - scratch.data = scratchData; - scratch.length = 11; - assert(charPtr = scratchData+11); - if ((err = hash->update(digestCtx, scratch)) != 0) - /* sequenceNo, type & length */ - goto exit; - if ((err = hash->update(digestCtx, data)) != 0) /* content */ - goto exit; - digest.data = innerDigestData; - digest.length = hash->digestSize; - if ((err = hash->final(digestCtx, digest)) != 0) /* figure inner digest */ - goto exit; - - if ((err = hash->init(digestCtx, ctx)) != 0) - goto exit; - if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */ - goto exit; - scratch.data = (UInt8 *)SSLMACPad2; - scratch.length = hash->macPadSize; - if ((err = hash->update(digestCtx, scratch)) != 0) /* pad2 */ - goto exit; - if ((err = hash->update(digestCtx, digest)) != 0) /* inner digest */ - goto exit; - if ((err = hash->final(digestCtx, mac)) != 0) /* figure the mac */ - goto exit; - - err = noErr; /* redundant, I know */ - -exit: - return err; -} - -#define LOG_GEN_KEY 0 - -/* - * On input, the following are valid: - * MasterSecret[48] - * ClientHello.random[32] - * ServerHello.random[32] - * - * key_block = - * MD5(master_secret + SHA(`A' + master_secret + - * ServerHello.random + - * ClientHello.random)) + - * MD5(master_secret + SHA(`BB' + master_secret + - * ServerHello.random + - * ClientHello.random)) + - * MD5(master_secret + SHA(`CCC' + master_secret + - * ServerHello.random + - * ClientHello.random)) + [...]; - */ -static OSStatus ssl3GenerateKeyMaterial ( - SSLBuffer key, // caller mallocs and specifies length of - // required key material here - SSLContext *ctx) -{ - OSStatus err; - UInt8 leaderData[10]; /* Max of 10 hashes - * (* 16 bytes/hash = 160 bytes of key) */ - UInt8 shaHashData[20], md5HashData[16]; - SSLBuffer shaContext, md5Context; - UInt8 *keyProgress; - int i,j,remaining, satisfied; - SSLBuffer leader, masterSecret, serverRandom, clientRandom, shaHash, md5Hash; - - #if LOG_GEN_KEY - printf("GenerateKey: master "); - for(i=0; imasterSecret[i]); - } - printf("\n"); - #endif - - assert(key.length <= 16 * sizeof(leaderData)); - - leader.data = leaderData; - masterSecret.data = ctx->masterSecret; - masterSecret.length = SSL_MASTER_SECRET_SIZE; - serverRandom.data = ctx->serverRandom; - serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - clientRandom.data = ctx->clientRandom; - clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - shaHash.data = shaHashData; - shaHash.length = 20; - md5Hash.data = md5HashData; - md5Hash.length = 16; - - md5Context.data = 0; - shaContext.data = 0; - if ((err = ReadyHash(SSLHashMD5, md5Context, ctx)) != 0) - goto fail; - if ((err = ReadyHash(SSLHashSHA1, shaContext, ctx)) != 0) - goto fail; - - keyProgress = key.data; - remaining = key.length; - - for (i = 0; remaining > 0; ++i) - { for (j = 0; j <= i; j++) - leaderData[j] = 0x41 + i; /* 'A', 'BB', 'CCC', etc. */ - leader.length = i+1; - - if ((err = SSLHashSHA1.update(shaContext, leader)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, masterSecret)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(shaContext, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5Context, masterSecret)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5Context, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.final(md5Context, md5Hash)) != 0) - goto fail; - - satisfied = 16; - if (remaining < 16) - satisfied = remaining; - memcpy(keyProgress, md5HashData, satisfied); - remaining -= satisfied; - keyProgress += satisfied; - - if(remaining > 0) { - /* at top of loop, this was done in ReadyHash() */ - if ((err = SSLHashMD5.init(md5Context, ctx)) != 0) - goto fail; - if ((err = SSLHashSHA1.init(shaContext, ctx)) != 0) - goto fail; - } - } - - assert(remaining == 0 && keyProgress == (key.data + key.length)); - err = noErr; -fail: - SSLFreeBuffer(md5Context, ctx); - SSLFreeBuffer(shaContext, ctx); - - #if LOG_GEN_KEY - printf("GenerateKey: DONE\n"); - #endif - return err; -} - -static OSStatus ssl3GenerateExportKeyAndIv ( - SSLContext *ctx, // clientRandom, serverRandom valid - const SSLBuffer clientWriteKey, - const SSLBuffer serverWriteKey, - SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalClientIV, // RETURNED, mallocd by caller - SSLBuffer finalServerIV) // RETURNED, mallocd by caller -{ - OSStatus err; - SSLBuffer hashCtx, serverRandom, clientRandom; - - /* random blobs are 32 bytes */ - serverRandom.data = ctx->serverRandom; - serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - clientRandom.data = ctx->clientRandom; - clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - - if ((err = SSLAllocBuffer(hashCtx, SSLHashMD5.contextSize, ctx)) != 0) - return err; - /* client write key */ - if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientWriteKey)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - finalClientWriteKey.length = 16; - if ((err = SSLHashMD5.final(hashCtx, finalClientWriteKey)) != 0) - goto fail; - - /* optional client IV */ - if (ctx->selectedCipherSpec->cipher->ivSize > 0) - { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - finalClientIV.length = 16; - if ((err = SSLHashMD5.final(hashCtx, finalClientIV)) != 0) - goto fail; - } - - /* server write key */ - if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverWriteKey)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - finalServerWriteKey.length = 16; - if ((err = SSLHashMD5.final(hashCtx, finalServerWriteKey)) != 0) - goto fail; - - /* optional server IV */ - if (ctx->selectedCipherSpec->cipher->ivSize > 0) - { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - finalServerIV.length = 16; - if ((err = SSLHashMD5.final(hashCtx, finalServerIV)) != 0) - goto fail; - } - - err = noErr; -fail: - SSLFreeBuffer(hashCtx, ctx); - return err; -} - -/* - * On entry: clientRandom, serverRandom, preMasterSecret valid - * On return: masterSecret valid - */ -static OSStatus ssl3GenerateMasterSecret ( - SSLContext *ctx) -{ - OSStatus err; - SSLBuffer shaState, md5State, clientRandom, - serverRandom, shaHash, md5Hash, leader; - UInt8 *masterProgress, shaHashData[20], leaderData[3]; - int i; - - md5State.data = shaState.data = 0; - if ((err = SSLAllocBuffer(md5State, SSLHashMD5.contextSize, ctx)) != 0) - goto fail; - if ((err = SSLAllocBuffer(shaState, SSLHashSHA1.contextSize, ctx)) != 0) - goto fail; - - clientRandom.data = ctx->clientRandom; - clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - serverRandom.data = ctx->serverRandom; - serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - shaHash.data = shaHashData; - shaHash.length = 20; - - masterProgress = ctx->masterSecret; - - for (i = 1; i <= 3; i++) - { if ((err = SSLHashMD5.init(md5State, ctx)) != 0) - goto fail; - if ((err = SSLHashSHA1.init(shaState, ctx)) != 0) - goto fail; - - leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i; /* 'A', 'B', etc. */ - leader.data = leaderData; - leader.length = i; - - if ((err = SSLHashSHA1.update(shaState, leader)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5State, shaHash)) != 0) - goto fail; - md5Hash.data = masterProgress; - md5Hash.length = 16; - if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0) - goto fail; - masterProgress += 16; - } - - err = noErr; -fail: - SSLFreeBuffer(shaState, ctx); - SSLFreeBuffer(md5State, ctx); - return err; -} - -/* common routine to compute a Mac for finished message and cert verify message */ -static OSStatus -ssl3CalculateFinishedMessage( - SSLContext *ctx, - SSLBuffer finished, // mallocd by caller - SSLBuffer shaMsgState, // running total - SSLBuffer md5MsgState, // ditto - UInt32 senderID) // optional, nonzero for finished message -{ - OSStatus err; - SSLBuffer hash, input; - UInt8 sender[4], md5Inner[16], shaInner[20]; - - // assert(finished.length == 36); - - if (senderID != 0) { - SSLEncodeInt(sender, senderID, 4); - input.data = sender; - input.length = 4; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - } - input.data = ctx->masterSecret; - input.length = SSL_MASTER_SECRET_SIZE; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = (UInt8 *)SSLMACPad1; - input.length = SSLHashMD5.macPadSize; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - input.length = SSLHashSHA1.macPadSize; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - hash.data = md5Inner; - hash.length = 16; - if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) - return err; - hash.data = shaInner; - hash.length = 20; - if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) - return err; - if ((err = SSLHashMD5.init(md5MsgState, ctx)) != 0) - return err; - if ((err = SSLHashSHA1.init(shaMsgState, ctx)) != 0) - return err; - input.data = ctx->masterSecret; - input.length = SSL_MASTER_SECRET_SIZE; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = (UInt8 *)SSLMACPad2; - input.length = SSLHashMD5.macPadSize; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - input.length = SSLHashSHA1.macPadSize; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = md5Inner; - input.length = 16; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - hash.data = finished.data; - hash.length = 16; - if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) - return err; - input.data = shaInner; - input.length = 20; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - hash.data = finished.data + 16; - hash.length = 20; - if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) - return err; - return noErr; -} - - -static OSStatus ssl3ComputeFinishedMac ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState, // ditto - Boolean isServer) // refers to message, not us -{ - return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState, - isServer ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client); -} - -static OSStatus ssl3ComputeCertVfyMac ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState) // ditto -{ - return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState, 0); -} - -const SslTlsCallouts Ssl3Callouts = { - ssl3DecryptRecord, - ssl3WriteRecord, - ssl3InitMac, - ssl3FreeMac, - ssl3ComputeMac, - ssl3GenerateKeyMaterial, - ssl3GenerateExportKeyAndIv, - ssl3GenerateMasterSecret, - ssl3ComputeFinishedMac, - ssl3ComputeCertVfyMac -}; diff --git a/SecureTransport/sslAlertMessage.cpp b/SecureTransport/sslAlertMessage.cpp deleted file mode 100644 index 3ac69ab1..00000000 --- a/SecureTransport/sslAlertMessage.cpp +++ /dev/null @@ -1,403 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* ********************************************************************* - File: sslAlertMessage.cpp - SSL3 Alert protocol - ****************************************************************** */ - -#include "ssl.h" -#include "sslAlertMessage.h" -#include "sslMemory.h" -#include "sslContext.h" -#include "sslSession.h" -#include "sslDebug.h" -#include "sslUtils.h" - -#include - -#ifdef NDEBUG -#define SSLLogAlertMsg(msg,sent) -#else -static void SSLLogAlertMsg(AlertDescription msg, bool sent); -#endif - -static OSStatus SSLEncodeAlert( - SSLRecord &rec, - AlertLevel level, - AlertDescription desc, - SSLContext *ctx); - -/* - * If a peer sends us any kind of a bad cert alert, we may need to adjust - * ctx->clientCertState accordingly. - */ -static void -SSLDetectCertRejected( - SSLContext *ctx, - AlertDescription desc) -{ - if(ctx->protocolSide == SSL_ServerSide) { - return; - } - if(ctx->clientCertState != kSSLClientCertSent) { - return; - } - switch(desc) { - case SSL_AlertBadCert: - case SSL_AlertUnsupportedCert: - case SSL_AlertCertRevoked: - case SSL_AlertCertExpired: - case SSL_AlertCertUnknown: - case SSL_AlertUnknownCA: - ctx->clientCertState = kSSLClientCertRejected; - break; - default: - break; - } -} - -OSStatus -SSLProcessAlert(SSLRecord rec, SSLContext *ctx) -{ OSStatus err = noErr; - AlertLevel level; - AlertDescription desc; - uint8 *charPtr; - uint32 remaining; - - if (rec.contents.length % 2 != 0) - { - err = SSLFatalSessionAlert(SSL_AlertIllegalParam, ctx); - if (!err) { - err = errSSLProtocol; - } - return err; - } - - charPtr = rec.contents.data; - remaining = rec.contents.length; - bool fatal = false; - - while (remaining > 0) - { level = (AlertLevel)*charPtr++; - desc = (AlertDescription)*charPtr++; - sslHdskMsgDebug("alert msg recieved level %d desc %d", - (int)level, (int)desc); - remaining -= 2; - SSLLogAlertMsg(desc, false); - - if (level == SSL_AlertLevelFatal) { - /* explicit fatal errror */ - fatal = true; - sslHdskMsgDebug("***Fatal alert %d received\n", desc); - } - SSLDetectCertRejected(ctx, desc); - - switch (desc) { - /* A number of these are fatal by implication */ - case SSL_AlertUnexpectedMsg: - err = errSSLPeerUnexpectedMsg; - fatal = true; - break; - case SSL_AlertBadRecordMac: - err = errSSLPeerBadRecordMac; - fatal = true; - break; - case SSL_AlertDecryptionFail: - err = errSSLPeerDecryptionFail; - fatal = true; - break; - case SSL_AlertRecordOverflow: - err = errSSLPeerRecordOverflow; - fatal = true; - break; - case SSL_AlertDecompressFail: - err = errSSLPeerDecompressFail; - fatal = true; - break; - case SSL_AlertHandshakeFail: - err = errSSLPeerHandshakeFail; - fatal = true; - break; - case SSL_AlertIllegalParam: - err = errSSLIllegalParam; - fatal = true; - break; - case SSL_AlertBadCert: - err = errSSLPeerBadCert; - break; - case SSL_AlertUnsupportedCert: - err = errSSLPeerUnsupportedCert; - break; - case SSL_AlertCertRevoked: - err = errSSLPeerCertRevoked; - break; - case SSL_AlertCertExpired: - err = errSSLPeerCertExpired; - break; - case SSL_AlertCertUnknown: - err = errSSLPeerCertUnknown; - break; - case SSL_AlertUnknownCA: - err = errSSLPeerUnknownCA; - break; - case SSL_AlertAccessDenied: - err = errSSLPeerAccessDenied; - break; - case SSL_AlertDecodeError: - err = errSSLPeerDecodeError; - break; - case SSL_AlertDecryptError: - err = errSSLPeerDecryptError; - break; - case SSL_AlertExportRestriction: - err = errSSLPeerExportRestriction; - break; - case SSL_AlertProtocolVersion: - err = errSSLPeerProtocolVersion; - break; - case SSL_AlertInsufficientSecurity: - err = errSSLPeerInsufficientSecurity; - break; - case SSL_AlertInternalError: - err = errSSLPeerInternalError; - break; - case SSL_AlertUserCancelled: - err = errSSLPeerUserCancelled; - break; - case SSL_AlertNoRenegotiation: - err = errSSLPeerNoRenegotiation; - break; - /* unusual cases.... */ - case SSL_AlertCloseNotify: - /* the clean "we're done" case */ - SSLClose(ctx); - err = noErr; - break; - case SSL_AlertNoCert: - if((ctx->state == SSL_HdskStateClientCert) && - (ctx->protocolSide == SSL_ServerSide) && - (ctx->clientAuth != kAlwaysAuthenticate)) { - /* - * Tolerate this unless we're configured to - * *require* a client cert. If a client cert is - * required, we'll catch the error at the next - * handshake msg we receive - which will probably - * be a client key exchange msg, which is illegal - * when we're in state SSL_HdskStateClientCert. - * If the client cert is optional, advance to - * state ClientKeyExchange by pretending we - * just got a client cert msg. - */ - if ((err = SSLAdvanceHandshake(SSL_HdskCert, - ctx)) != 0) { - return err; - } - } - break; - default: - /* Unknown alert, ignore if not fatal */ - if(level == SSL_AlertLevelFatal) { - err = errSSLFatalAlert; - } - else { - err = noErr; - } - break; - } - if(fatal) { - /* don't bother processing any more */ - break; - } - } - if(fatal) { - SSLDeleteSessionData(ctx); - } - return err; -} - -OSStatus -SSLSendAlert(AlertLevel level, AlertDescription desc, SSLContext *ctx) -{ SSLRecord rec; - OSStatus err; - - switch(ctx->negProtocolVersion) { - case SSL_Version_Undetermined: - /* Too early in negotiation to send an alert */ - return noErr; - case SSL_Version_2_0: - /* shouldn't be here */ - assert(0); - return errSSLInternal; - default: - break; - } - if(ctx->sentFatalAlert) { - /* no more alerts allowed */ - return noErr; - } - if ((err = SSLEncodeAlert(rec, level, desc, ctx)) != 0) - return err; - assert(ctx->sslTslCalls != NULL); - SSLLogAlertMsg(desc, true); - if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) - return err; - if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0) - return err; - if(desc == SSL_AlertCloseNotify) { - /* no more alerts allowed */ - ctx->sentFatalAlert = true; - } - return noErr; -} - -static OSStatus -SSLEncodeAlert(SSLRecord &rec, AlertLevel level, AlertDescription desc, SSLContext *ctx) -{ OSStatus err; - - rec.protocolVersion = ctx->negProtocolVersion; - rec.contentType = SSL_RecordTypeAlert; - rec.contents.length = 2; - if ((err = SSLAllocBuffer(rec.contents, 2, ctx)) != 0) - return err; - rec.contents.data[0] = level; - rec.contents.data[1] = desc; - - return noErr; -} - -OSStatus -SSLFatalSessionAlert(AlertDescription desc, SSLContext *ctx) -{ OSStatus err1, err2; - - if(desc != SSL_AlertCloseNotify) { - sslHdskMsgDebug("SSLFatalSessionAlert: desc %d\n", desc); - } - SSLChangeHdskState(ctx, SSL_HdskStateErrorClose); - - if(ctx->negProtocolVersion < TLS_Version_1_0) { - /* translate to SSL3 if necessary */ - switch(desc) { - case SSL_AlertDecryptionFail: - case SSL_AlertRecordOverflow: - case SSL_AlertAccessDenied: - case SSL_AlertDecodeError: - case SSL_AlertDecryptError: - case SSL_AlertExportRestriction: - case SSL_AlertProtocolVersion: - case SSL_AlertInsufficientSecurity: - case SSL_AlertUserCancelled: - case SSL_AlertNoRenegotiation: - desc = SSL_AlertHandshakeFail; - break; - case SSL_AlertUnknownCA: - desc = SSL_AlertUnsupportedCert; - break; - case SSL_AlertInternalError: - desc = SSL_AlertCloseNotify; - break; - default: - /* send as is */ - break; - } - } - /* Make session unresumable; I'm not stopping if I get an error, - because I'd like to attempt to send the alert anyway */ - err1 = SSLDeleteSessionData(ctx); - - /* Second, send the alert */ - err2 = SSLSendAlert(SSL_AlertLevelFatal, desc, ctx); - - ctx->sentFatalAlert = true; - - /* If they both returned errors, arbitrarily return the first */ - return err1 != 0 ? err1 : err2; -} - -#ifndef NDEBUG - -/* log alert messages */ - -static char *alertMsgToStr(AlertDescription msg) -{ - static char badStr[100]; - - switch(msg) { - case SSL_AlertCloseNotify: - return "SSL_AlertCloseNotify"; - case SSL_AlertUnexpectedMsg: - return "SSL_AlertUnexpectedMsg"; - case SSL_AlertBadRecordMac: - return "SSL_AlertBadRecordMac"; - case SSL_AlertDecryptionFail: - return "SSL_AlertDecryptionFail"; - case SSL_AlertRecordOverflow: - return "SSL_AlertRecordOverflow"; - case SSL_AlertDecompressFail: - return "SSL_AlertDecompressFail"; - case SSL_AlertHandshakeFail: - return "SSL_AlertHandshakeFail"; - case SSL_AlertNoCert: - return "SSL_AlertNoCert"; - case SSL_AlertBadCert: - return "SSL_AlertBadCert"; - case SSL_AlertUnsupportedCert: - return "SSL_AlertUnsupportedCert"; - case SSL_AlertCertRevoked: - return "SSL_AlertCertRevoked"; - - case SSL_AlertCertExpired: - return "SSL_AlertCertExpired"; - case SSL_AlertCertUnknown: - return "SSL_AlertCertUnknown"; - case SSL_AlertIllegalParam: - return "SSL_AlertIllegalParam"; - case SSL_AlertUnknownCA: - return "SSL_AlertUnknownCA"; - case SSL_AlertAccessDenied: - return "SSL_AlertAccessDenied"; - case SSL_AlertDecodeError: - return "SSL_AlertDecodeError"; - case SSL_AlertDecryptError: - return "SSL_AlertDecryptError"; - - case SSL_AlertExportRestriction: - return "SSL_AlertExportRestriction"; - case SSL_AlertProtocolVersion: - return "SSL_AlertProtocolVersion"; - case SSL_AlertInsufficientSecurity: - return "SSL_AlertInsufficientSecurity"; - case SSL_AlertInternalError: - return "SSL_AlertInternalError"; - case SSL_AlertUserCancelled: - return "SSL_AlertUserCancelled"; - case SSL_AlertNoRenegotiation: - return "SSL_AlertNoRenegotiation"; - - default: - sprintf(badStr, "Unknown state (%d(d)", msg); - return badStr; - } -} - -static void SSLLogAlertMsg(AlertDescription msg, bool sent) -{ - sslHdskMsgDebug("---%s alert msg %s", - alertMsgToStr(msg), (sent ? "sent" : "recv")); -} - -#endif /* NDEBUG */ diff --git a/SecureTransport/sslBER.cpp b/SecureTransport/sslBER.cpp deleted file mode 100644 index bc48fa33..00000000 --- a/SecureTransport/sslBER.cpp +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslBER.cpp - - Contains: BER routines - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslBER.h" -#include "appleCdsa.h" - -#include -#include -#include -#include - -/* - * Given a PKCS-1 encoded RSA public key, extract the - * modulus and public exponent. - * - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e } - */ - -OSStatus sslDecodeRsaBlob( - const SSLBuffer *blob, /* PKCS-1 encoded */ - SSLBuffer *modulus, /* data mallocd and RETURNED */ - SSLBuffer *exponent) /* data mallocd and RETURNED */ -{ - OSStatus srtn; - - assert(blob != NULL); - assert(modulus != NULL); - assert(exponent != NULL); - - /* DER-decode the blob */ - NSS_RSAPublicKeyPKCS1 nssPubKey; - SecNssCoder coder; - - memset(&nssPubKey, 0, sizeof(nssPubKey)); - PRErrorCode perr = coder.decode(blob->data, blob->length, - NSS_RSAPublicKeyPKCS1Template, &nssPubKey); - if(perr) { - return errSSLBadCert; - } - - /* malloc & copy components */ - srtn = SSLCopyBufferFromData(nssPubKey.modulus.Data, - nssPubKey.modulus.Length, *modulus); - if(srtn) { - return srtn; - } - return SSLCopyBufferFromData(nssPubKey.publicExponent.Data, - nssPubKey.publicExponent.Length, *exponent); -} - -/* - * Given a raw modulus and exponent, cook up a - * BER-encoded RSA public key blob. - */ -OSStatus sslEncodeRsaBlob( - const SSLBuffer *modulus, - const SSLBuffer *exponent, - SSLBuffer *blob) /* data mallocd and RETURNED */ -{ - assert((modulus != NULL) && (exponent != NULL)); - blob->data = NULL; - blob->length = 0; - - /* convert to NSS_RSAPublicKeyPKCS1 */ - NSS_RSAPublicKeyPKCS1 nssPubKey; - SSLBUF_TO_CSSM(modulus, &nssPubKey.modulus); - SSLBUF_TO_CSSM(exponent, &nssPubKey.publicExponent); - - /* DER encode */ - SecNssCoder coder; - CSSM_DATA encBlob; - PRErrorCode perr; - perr = coder.encodeItem(&nssPubKey, NSS_RSAPublicKeyPKCS1Template, encBlob); - if(perr) { - return memFullErr; - - } - /* copy out to caller */ - return SSLCopyBufferFromData(encBlob.Data, encBlob.Length, *blob); -} - -/* - * Given a DER encoded DHParameterBlock, extract the prime and generator. - * modulus and public exponent. - * This will work with either PKCS-1 encoded DHParameterBlock or - * openssl-style DHParameter. - */ -OSStatus sslDecodeDhParams( - const SSLBuffer *blob, /* PKCS-1 encoded */ - SSLBuffer *prime, /* data mallocd and RETURNED */ - SSLBuffer *generator) /* data mallocd and RETURNED */ -{ - assert(blob != NULL); - assert(prime != NULL); - assert(generator != NULL); - - PRErrorCode perr; - NSS_DHParameterBlock paramBlock; - SecNssCoder coder; - CSSM_DATA cblob; - - memset(¶mBlock, 0, sizeof(paramBlock)); - SSLBUF_TO_CSSM(blob, &cblob); - - /* - * Since the common case here is to decode a parameter block coming - * over the wire, which is in openssl format, let's try that format first. - */ - perr = coder.decodeItem(cblob, NSS_DHParameterTemplate, - ¶mBlock.params); - if(perr) { - /* - * OK, that failed when trying as a CDSA_formatted parameter - * block DHParameterBlock). Openssl uses a subset of that, - * a DHParameter. Try that instead. - */ - memset(¶mBlock, 0, sizeof(paramBlock)); - perr = coder.decodeItem(cblob, NSS_DHParameterBlockTemplate, - ¶mBlock); - if(perr) { - /* Ah well, we tried. */ - sslErrorLog("sslDecodeDhParams: both CDSA and openssl format" - "failed\n"); - return errSSLCrypto; - } - } - - /* copy out components */ - NSS_DHParameter ¶m = paramBlock.params; - OSStatus ortn = SSLCopyBufferFromData(param.prime.Data, - param.prime.Length, *prime); - if(ortn) { - return ortn; - } - return SSLCopyBufferFromData(param.base.Data, - param.base.Length, *generator); -} - -/* - * Given a prime and generator, cook up a BER-encoded DHParameter blob. - */ -OSStatus sslEncodeDhParams( - const SSLBuffer *prime, - const SSLBuffer *generator, - SSLBuffer *blob) /* data mallocd and RETURNED */ -{ - assert((prime != NULL) && (generator != NULL)); - blob->data = NULL; - blob->length = 0; - - /* convert to NSS_DHParameter */ - NSS_DHParameter dhParams; - SSLBUF_TO_CSSM(prime, &dhParams.prime); - SSLBUF_TO_CSSM(generator, &dhParams.base); - dhParams.privateValueLength.Data = NULL; - dhParams.privateValueLength.Length = 0; - - /* DER encode */ - SecNssCoder coder; - CSSM_DATA encBlob; - PRErrorCode perr; - perr = coder.encodeItem(&dhParams, NSS_DHParameterTemplate, encBlob); - if(perr) { - return memFullErr; - - } - /* copy out to caller */ - return SSLCopyBufferFromData(encBlob.Data, encBlob.Length, *blob); -} - diff --git a/SecureTransport/sslBER_Dummy.cpp b/SecureTransport/sslBER_Dummy.cpp deleted file mode 100644 index 4119463b..00000000 --- a/SecureTransport/sslBER_Dummy.cpp +++ /dev/null @@ -1,51 +0,0 @@ - -/* - File: sslBER_Dummy.cpp - - Contains: stubs of routines in sslBER.cpp to enable standalone - build for indexing purposes. Unlike the real sslBER.cpp, - this version does not require the SecurityANS1 files - (which are not exported from Security.framework). - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslBER.h" - -#include - -/* - * Given a PKCS-1 encoded RSA public key, extract the - * modulus and public exponent. - * - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e } - */ - -OSStatus sslDecodeRsaBlob( - const SSLBuffer *blob, /* PKCS-1 encoded */ - SSLBuffer *modulus, /* data mallocd and RETURNED */ - SSLBuffer *exponent) /* data mallocd and RETURNED */ -{ - return errSSLBadCert; -} - -/* - * Given a raw modulus and exponent, cook up a - * BER-encoded RSA public key blob. - */ -OSStatus sslEncodeRsaBlob( - const SSLBuffer *modulus, - const SSLBuffer *exponent, - SSLBuffer *blob) /* data mallocd and RETURNED */ -{ - return errSSLCrypto; -} - diff --git a/SecureTransport/sslCert.cpp b/SecureTransport/sslCert.cpp deleted file mode 100644 index 035a8984..00000000 --- a/SecureTransport/sslCert.cpp +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslCert.cpp - - Contains: certificate request/verify messages - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" -#include "sslUtils.h" -#include "sslDigests.h" -#include "appleCdsa.h" - -#include -#include - -OSStatus -SSLEncodeCertificate(SSLRecord &certificate, SSLContext *ctx) -{ OSStatus err; - UInt32 totalLength; - int i, j, certCount; - UInt8 *charPtr; - SSLCertificate *cert; - - /* - * TBD: for client side, match Match DER-encoded acceptable DN list - * (ctx->acceptableDNList) to one of our certs. For now we just send - * what we have since we don't support multiple certs. - * - * Note this can be called with localCert==0 for client seide in TLS1; - * in that case we send an empty cert msg. - */ - cert = ctx->localCert; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - assert((cert != NULL) || (ctx->negProtocolVersion == TLS_Version_1_0)); - totalLength = 0; - certCount = 0; - while (cert) - { totalLength += 3 + cert->derCert.length; /* 3 for encoded length field */ - ++certCount; - cert = cert->next; - } - - certificate.contentType = SSL_RecordTypeHandshake; - certificate.protocolVersion = ctx->negProtocolVersion; - if ((err = SSLAllocBuffer(certificate.contents, totalLength + 7, ctx)) != 0) - return err; - - charPtr = certificate.contents.data; - *charPtr++ = SSL_HdskCert; - charPtr = SSLEncodeInt(charPtr, totalLength+3, 3); /* Handshake message length */ - charPtr = SSLEncodeInt(charPtr, totalLength, 3); /* Vector length */ - - /* Root cert is first in the linked list, but has to go last, - * so walk list backwards */ - for (i = 0; i < certCount; ++i) - { cert = ctx->localCert; - for (j = i+1; j < certCount; ++j) - cert = cert->next; - charPtr = SSLEncodeInt(charPtr, cert->derCert.length, 3); - memcpy(charPtr, cert->derCert.data, cert->derCert.length); - charPtr += cert->derCert.length; - } - - assert(charPtr == certificate.contents.data + certificate.contents.length); - - if ((ctx->protocolSide == SSL_ClientSide) && (ctx->localCert)) { - /* this tells us to send a CertificateVerify msg after the - * client key exchange. We skip the cert vfy if we just - * sent an empty cert msg (i.e., we were asked for a cert - * but we don't have one). */ - ctx->certSent = 1; - assert(ctx->clientCertState == kSSLClientCertRequested); - assert(ctx->certRequested); - ctx->clientCertState = kSSLClientCertSent; - } - return noErr; -} - -OSStatus -SSLProcessCertificate(SSLBuffer message, SSLContext *ctx) -{ OSStatus err; - UInt32 listLen, certLen; - UInt8 *p; - SSLCertificate *cert; - - p = message.data; - listLen = SSLDecodeInt(p,3); - p += 3; - if (listLen + 3 != message.length) { - sslErrorLog("SSLProcessCertificate: length decode error 1\n"); - return errSSLProtocol; - } - - while (listLen > 0) - { certLen = SSLDecodeInt(p,3); - p += 3; - if (listLen < certLen + 3) { - sslErrorLog("SSLProcessCertificate: length decode error 2\n"); - return errSSLProtocol; - } - cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); - if(cert == NULL) { - return memFullErr; - } - if ((err = SSLAllocBuffer(cert->derCert, certLen, ctx)) != 0) - { sslFree(cert); - return err; - } - memcpy(cert->derCert.data, p, certLen); - p += certLen; - cert->next = ctx->peerCert; /* Insert backwards; root cert - * will be first in linked list */ - ctx->peerCert = cert; - listLen -= 3+certLen; - } - assert(p == message.data + message.length && listLen == 0); - - if (ctx->peerCert == 0) { - /* this *might* be OK... */ - if((ctx->protocolSide == SSL_ServerSide) && - (ctx->clientAuth != kAlwaysAuthenticate)) { - /* - * we tried to authenticate, client doesn't have a cert, and - * app doesn't require it. OK. - */ - return noErr; - } - else { - AlertDescription desc; - if(ctx->negProtocolVersion == SSL_Version_3_0) { - /* this one's for SSL3 only */ - desc = SSL_AlertBadCert; - } - else { - desc = SSL_AlertCertUnknown; - } - SSLFatalSessionAlert(desc, ctx); - return errSSLXCertChainInvalid; - } - } - if((err = sslVerifyCertChain(ctx, *ctx->peerCert)) != 0) { - AlertDescription desc; - switch(err) { - case errSSLUnknownRootCert: - case errSSLNoRootCert: - desc = SSL_AlertUnknownCA; - break; - case errSSLCertExpired: - case errSSLCertNotYetValid: - desc = SSL_AlertCertExpired; - break; - case errSSLXCertChainInvalid: - default: - desc = SSL_AlertCertUnknown; - break; - } - SSLFatalSessionAlert(desc, ctx); - return err; - } - - /* peer's certificate is the last one in the chain */ - cert = ctx->peerCert; - while (cert->next != 0) - cert = cert->next; - /* Convert its public key to CDSA format */ - if ((err = sslPubKeyFromCert(ctx, - cert->derCert, - &ctx->peerPubKey, - &ctx->peerPubKeyCsp)) != 0) - return err; - - return noErr; -} - -OSStatus -SSLEncodeCertificateRequest(SSLRecord &request, SSLContext *ctx) -{ - OSStatus err; - UInt32 dnListLen, msgLen; - UInt8 *charPtr; - DNListElem *dn; - - assert(ctx->protocolSide == SSL_ServerSide); - dnListLen = 0; - dn = ctx->acceptableDNList; - while (dn) - { dnListLen += 2 + dn->derDN.length; - dn = dn->next; - } - msgLen = 1 + 1 + 2 + dnListLen; - - request.contentType = SSL_RecordTypeHandshake; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - request.protocolVersion = ctx->negProtocolVersion; - if ((err = SSLAllocBuffer(request.contents, msgLen + 4, ctx)) != 0) - return err; - - charPtr = request.contents.data; - *charPtr++ = SSL_HdskCertRequest; - charPtr = SSLEncodeInt(charPtr, msgLen, 3); - - *charPtr++ = 1; /* one cert type */ - *charPtr++ = 1; /* RSA-sign type */ - charPtr = SSLEncodeInt(charPtr, dnListLen, 2); - dn = ctx->acceptableDNList; - while (dn) - { charPtr = SSLEncodeInt(charPtr, dn->derDN.length, 2); - memcpy(charPtr, dn->derDN.data, dn->derDN.length); - charPtr += dn->derDN.length; - dn = dn->next; - } - - assert(charPtr == request.contents.data + request.contents.length); - return noErr; -} - -OSStatus -SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx) -{ - unsigned i; - unsigned typeCount; - UInt8 *charPtr; - - /* - * Cert request only happens in during client authentication, which - * we don't do. We will however take this handshake msg and do - * nothing with the enclosed DNList. We'll send a client cert - * if we have one but we don't do any DNList compare. - */ - if (message.length < 3) { - sslErrorLog("SSLProcessCertificateRequest: length decode error 1\n"); - return errSSLProtocol; - } - charPtr = message.data; - typeCount = *charPtr++; - if (typeCount < 1 || message.length < 3 + typeCount) { - sslErrorLog("SSLProcessCertificateRequest: length decode error 2\n"); - return errSSLProtocol; - } - for (i = 0; i < typeCount; i++) - { if (*charPtr++ == 1) - ctx->x509Requested = 1; - } - - #if 0 - /* FIXME - currently untested */ - unsigned dnListLen; - unsigned dnLen; - SSLBuffer dnBuf; - DNListElem *dn; - OSStatus err; - - dnListLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if (message.length != 3 + typeCount + dnListLen) { - sslErrorLog("SSLProcessCertificateRequest: length decode error 3\n"); - return errSSLProtocol; - } - while (dnListLen > 0) - { if (dnListLen < 2) { - sslErrorLog("SSLProcessCertificateRequest: dnListLen error 1\n"); - return errSSLProtocol; - } - dnLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if (dnListLen < 2 + dnLen) { - sslErrorLog("SSLProcessCertificateRequest: dnListLen error 2\n"); - return errSSLProtocol; - } - if ((err = SSLAllocBuffer(dnBuf, sizeof(DNListElem), ctx)) != 0) - return err; - dn = (DNListElem*)dnBuf.data; - if ((err = SSLAllocBuffer(dn->derDN, dnLen, ctx)) != 0) - { SSLFreeBuffer(dnBuf, ctx); - return err; - } - memcpy(dn->derDN.data, charPtr, dnLen); - charPtr += dnLen; - dn->next = ctx->acceptableDNList; - ctx->acceptableDNList = dn; - dnListLen -= 2 + dnLen; - } - - assert(charPtr == message.data + message.length); - #endif /* untested client-side authentication */ - - return noErr; -} - -OSStatus -SSLEncodeCertificateVerify(SSLRecord &certVerify, SSLContext *ctx) -{ OSStatus err; - UInt8 hashData[36]; - SSLBuffer hashDataBuf, shaMsgState, md5MsgState; - UInt32 len; - UInt32 outputLen; - const CSSM_KEY *cssmKey; - - certVerify.contents.data = 0; - hashDataBuf.data = hashData; - hashDataBuf.length = 36; - - if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0) - goto fail; - if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0) - goto fail; - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->computeCertVfyMac(ctx, hashDataBuf, - shaMsgState, md5MsgState)) != 0) - goto fail; - - assert(ctx->signingPrivKeyRef != NULL); - err = SecKeyGetCSSMKey(ctx->signingPrivKeyRef, &cssmKey); - if(err) { - sslErrorLog("SSLEncodeCertificateVerify: SecKeyGetCSSMKey err %d\n", (int)err); - return err; - } - len = sslKeyLengthInBytes(cssmKey); - - certVerify.contentType = SSL_RecordTypeHandshake; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - certVerify.protocolVersion = ctx->negProtocolVersion; - if ((err = SSLAllocBuffer(certVerify.contents, len + 6, ctx)) != 0) - goto fail; - - certVerify.contents.data[0] = SSL_HdskCertVerify; - SSLEncodeInt(certVerify.contents.data+1, len+2, 3); - SSLEncodeInt(certVerify.contents.data+4, len, 2); - - err = sslRawSign(ctx, - ctx->signingPrivKeyRef, - hashData, // data to sign - 36, // MD5 size + SHA1 size - certVerify.contents.data+6, // signature destination - len, // we mallocd len+6 - &outputLen); - if(err) { - goto fail; - } - - assert(outputLen == len); - - err = noErr; - -fail: - SSLFreeBuffer(shaMsgState, ctx); - SSLFreeBuffer(md5MsgState, ctx); - - return err; -} - -OSStatus -SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx) -{ OSStatus err; - UInt8 hashData[36]; - UInt16 signatureLen; - SSLBuffer hashDataBuf, shaMsgState, md5MsgState; - unsigned int publicModulusLen; - - shaMsgState.data = 0; - md5MsgState.data = 0; - - if (message.length < 2) { - sslErrorLog("SSLProcessCertificateVerify: msg len error\n"); - return errSSLProtocol; - } - - signatureLen = (UInt16)SSLDecodeInt(message.data, 2); - if (message.length != (unsigned)(2 + signatureLen)) { - sslErrorLog("SSLProcessCertificateVerify: sig len error 1\n"); - return errSSLProtocol; - } - - assert(ctx->peerPubKey != NULL); - publicModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); - - if (signatureLen != publicModulusLen) { - sslErrorLog("SSLProcessCertificateVerify: sig len error 2\n"); - return errSSLProtocol; - } - hashDataBuf.data = hashData; - hashDataBuf.length = 36; - - if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0) - goto fail; - if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0) - goto fail; - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->computeCertVfyMac(ctx, hashDataBuf, - shaMsgState, md5MsgState)) != 0) - goto fail; - - /* - * The CSP does the decrypt & compare for us in one shot - */ - err = sslRawVerify(ctx, - ctx->peerPubKey, - ctx->peerPubKeyCsp, // FIXME - maybe we just use cspHand? - hashData, // data to verify - 36, - message.data + 2, // signature - signatureLen); - if(err) { - SSLFatalSessionAlert(SSL_AlertDecryptError, ctx); - goto fail; - } - err = noErr; - -fail: - SSLFreeBuffer(shaMsgState, ctx); - SSLFreeBuffer(md5MsgState, ctx); - - return err; -} diff --git a/SecureTransport/sslChangeCipher.cpp b/SecureTransport/sslChangeCipher.cpp deleted file mode 100644 index 7de0d2a6..00000000 --- a/SecureTransport/sslChangeCipher.cpp +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslChangeCipher.cpp - - Contains: support for change cipher spec messages - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" - -#include -#include - -OSStatus -SSLEncodeChangeCipherSpec(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err; - - assert(ctx->writePending.ready); - - sslLogNegotiateDebug("===Sending changeCipherSpec msg"); - rec.contentType = SSL_RecordTypeChangeCipher; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - rec.protocolVersion = ctx->negProtocolVersion; - rec.contents.length = 1; - if ((err = SSLAllocBuffer(rec.contents, 1, ctx)) != 0) - return err; - rec.contents.data[0] = 1; - - return noErr; -} - -OSStatus -SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx) -{ OSStatus err; - - if (rec.contents.length != 1 || rec.contents.data[0] != 1) - { SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx); - sslErrorLog("***bad changeCipherSpec msg: length %d data 0x%x\n", - (unsigned)rec.contents.length, (unsigned)rec.contents.data[0]); - return errSSLProtocol; - } - - if (!ctx->readPending.ready || ctx->state != SSL_HdskStateChangeCipherSpec) - { SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx); - sslErrorLog("***bad changeCipherSpec msg: readPending.ready %d state %d\n", - (unsigned)ctx->readPending.ready, (unsigned)ctx->state); - return errSSLProtocol; - } - - sslLogNegotiateDebug("===Processing changeCipherSpec msg"); - - /* Install new cipher spec on read side */ - if ((err = SSLDisposeCipherSuite(&ctx->readCipher, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->readCipher = ctx->readPending; - ctx->readCipher.ready = 0; /* Can't send data until Finished is sent */ - SSLChangeHdskState(ctx, SSL_HdskStateFinished); - memset(&ctx->readPending, 0, sizeof(CipherContext)); /* Zero out old data */ - return noErr; -} - -OSStatus -SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx) -{ OSStatus err; - - /* symmetric key */ - if (cipher->symKey) - { if ((err = cipher->symCipher->finish(cipher, ctx)) != 0) - return err; - cipher->symKey = 0; - } - - /* per-record hash/hmac context */ - ctx->sslTslCalls->freeMac(cipher); - - return noErr; -} diff --git a/SecureTransport/sslContext.cpp b/SecureTransport/sslContext.cpp deleted file mode 100644 index 5d3be3c7..00000000 --- a/SecureTransport/sslContext.cpp +++ /dev/null @@ -1,1226 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslContext.cpp - - Contains: SSLContext accessors - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "sslContext.h" -#include "sslMemory.h" -#include -#include "sslDigests.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include "sslKeychain.h" -#include "sslUtils.h" -#include "cipherSpecs.h" -#include "appleSession.h" -#include "sslBER.h" -#include -#include -#include - -static void sslFreeDnList( - SSLContext *ctx) -{ - DNListElem *dn, *nextDN; - - dn = ctx->acceptableDNList; - while (dn) - { - SSLFreeBuffer(dn->derDN, ctx); - nextDN = dn->next; - sslFree(dn); - dn = nextDN; - } - ctx->acceptableDNList = NULL; -} - -static OSStatus sslFreeTrustedRoots( - SSLContext *ctx) -{ - unsigned i; - - assert(ctx != NULL); - if((ctx->numTrustedCerts == 0) || (ctx->trustedCerts == NULL)) { - /* they really should both be zero, right? */ - assert((ctx->numTrustedCerts == 0) && (ctx->trustedCerts == NULL)); - } - else { - for(i=0; inumTrustedCerts; i++) { - stFreeCssmData(&ctx->trustedCerts[i], CSSM_FALSE); - } - sslFree(ctx->trustedCerts); - } - ctx->numTrustedCerts = 0; - ctx->trustedCerts = NULL; - sslFreeDnList(ctx); - return noErr; -} - -/* - * Default version enables. - */ -#define DEFAULT_SSL2_ENABLE true -#define DEFAULT_SSL3_ENABLE true -#define DEFAULT_TLS1_ENABLE true - -OSStatus -SSLNewContext (Boolean isServer, - SSLContextRef *contextPtr) /* RETURNED */ -{ - SSLContext *ctx; - OSStatus serr; - - if(contextPtr == NULL) { - return paramErr; - } - *contextPtr = NULL; - ctx = (SSLContext *)sslMalloc(sizeof(SSLContext)); - if(ctx == NULL) { - return memFullErr; - } - /* subsequent errors to errOut: */ - - memset(ctx, 0, sizeof(SSLContext)); - ctx->state = SSL_HdskStateUninit; - ctx->clientCertState = kSSLClientCertNone; - - ctx->versionSsl2Enable = DEFAULT_SSL2_ENABLE; - ctx->versionSsl3Enable = DEFAULT_SSL3_ENABLE; - ctx->versionTls1Enable = DEFAULT_TLS1_ENABLE; - ctx->negProtocolVersion = SSL_Version_Undetermined; - - if(isServer) { - ctx->protocolSide = SSL_ServerSide; - } - else { - ctx->protocolSide = SSL_ClientSide; - } - - /* Default value so we can send and receive hello msgs */ - ctx->sslTslCalls = &Ssl3Callouts; - - /* Initialize the cipher state to NULL_WITH_NULL_NULL */ - ctx->selectedCipherSpec = &SSL_NULL_WITH_NULL_NULL_CipherSpec; - ctx->selectedCipher = ctx->selectedCipherSpec->cipherSpec; - ctx->writeCipher.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->readCipher.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->readCipher.symCipher = ctx->selectedCipherSpec->cipher; - ctx->writeCipher.symCipher = ctx->selectedCipherSpec->cipher; - - /* these two are invariant */ - ctx->writeCipher.encrypting = 1; - ctx->writePending.encrypting = 1; - - /* this gets init'd on first call to SSLHandshake() */ - ctx->validCipherSpecs = NULL; - ctx->numValidCipherSpecs = 0; - - ctx->peerDomainName = NULL; - ctx->peerDomainNameLen = 0; - - /* attach to CSP, CL, TP */ - serr = attachToAll(ctx); - if(serr) { - goto errOut; - } - - /* Initial cert verify state: verify with default system roots */ - ctx->enableCertVerify = true; - - /* Default for RSA blinding is ENABLED */ - ctx->rsaBlindingEnable = true; - - *contextPtr = ctx; - return noErr; - -errOut: - sslFree(ctx); - return serr; -} - - -/* - * Dispose of an SSLContext. - */ -OSStatus -SSLDisposeContext (SSLContext *ctx) -{ - WaitingRecord *wait, *next; - SSLBuffer buf; - - if(ctx == NULL) { - return paramErr; - } - sslDeleteCertificateChain(ctx->localCert, ctx); - sslDeleteCertificateChain(ctx->encryptCert, ctx); - sslDeleteCertificateChain(ctx->peerCert, ctx); - ctx->localCert = ctx->encryptCert = ctx->peerCert = NULL; - SSLFreeBuffer(ctx->partialReadBuffer, ctx); - if(ctx->peerSecTrust) { - CFRelease(ctx->peerSecTrust); - ctx->peerSecTrust = NULL; - } - wait = ctx->recordWriteQueue; - while (wait) - { SSLFreeBuffer(wait->data, ctx); - next = wait->next; - buf.data = (uint8*)wait; - buf.length = sizeof(WaitingRecord); - SSLFreeBuffer(buf, ctx); - wait = next; - } - - #if APPLE_DH - SSLFreeBuffer(ctx->dhParamsPrime, ctx); - SSLFreeBuffer(ctx->dhParamsGenerator, ctx); - SSLFreeBuffer(ctx->dhParamsEncoded, ctx); - SSLFreeBuffer(ctx->dhPeerPublic, ctx); - SSLFreeBuffer(ctx->dhExchangePublic, ctx); - sslFreeKey(ctx->cspHand, &ctx->dhPrivate, NULL); - #endif /* APPLE_DH */ - - CloseHash(SSLHashSHA1, ctx->shaState, ctx); - CloseHash(SSLHashMD5, ctx->md5State, ctx); - - SSLFreeBuffer(ctx->sessionID, ctx); - SSLFreeBuffer(ctx->peerID, ctx); - SSLFreeBuffer(ctx->resumableSession, ctx); - SSLFreeBuffer(ctx->preMasterSecret, ctx); - SSLFreeBuffer(ctx->partialReadBuffer, ctx); - SSLFreeBuffer(ctx->fragmentedMessageCache, ctx); - SSLFreeBuffer(ctx->receivedDataBuffer, ctx); - - if(ctx->peerDomainName) { - sslFree(ctx->peerDomainName); - ctx->peerDomainName = NULL; - ctx->peerDomainNameLen = 0; - } - SSLDisposeCipherSuite(&ctx->readCipher, ctx); - SSLDisposeCipherSuite(&ctx->writeCipher, ctx); - SSLDisposeCipherSuite(&ctx->readPending, ctx); - SSLDisposeCipherSuite(&ctx->writePending, ctx); - - sslFree(ctx->validCipherSpecs); - ctx->validCipherSpecs = NULL; - ctx->numValidCipherSpecs = 0; - - /* - * NOTE: currently, all public keys come from the CL via CSSM_CL_CertGetKeyInfo. - * We really don't know what CSP the CL used to generate a public key (in fact, - * it uses the raw CSP only to get LogicalKeySizeInBits, but we can't know - * that). Thus using e.g. signingKeyCsp (or any other CSP) to free - * signingPubKey is not tecnically accurate. However, our public keys - * are all raw keys, and all Apple CSPs dispose of raw keys in the same - * way. - */ - sslFreeKey(ctx->cspHand, &ctx->signingPubKey, NULL); - sslFreeKey(ctx->cspHand, &ctx->encryptPubKey, NULL); - sslFreeKey(ctx->peerPubKeyCsp, &ctx->peerPubKey, NULL); - - if(ctx->signingPrivKeyRef) { - CFRelease(ctx->signingPrivKeyRef); - } - if(ctx->encryptPrivKeyRef) { - CFRelease(ctx->encryptPrivKeyRef); - } - sslFreeTrustedRoots(ctx); - - detachFromAll(ctx); - - memset(ctx, 0, sizeof(SSLContext)); - sslFree(ctx); - sslCleanupSession(); - return noErr; -} - -/* - * Determine the state of an SSL session. - */ -OSStatus -SSLGetSessionState (SSLContextRef context, - SSLSessionState *state) /* RETURNED */ -{ - SSLSessionState rtnState = kSSLIdle; - - if(context == NULL) { - return paramErr; - } - *state = rtnState; - switch(context->state) { - case SSL_HdskStateUninit: - case SSL_HdskStateServerUninit: - case SSL_HdskStateClientUninit: - rtnState = kSSLIdle; - break; - case SSL_HdskStateGracefulClose: - rtnState = kSSLClosed; - break; - case SSL_HdskStateErrorClose: - case SSL_HdskStateNoNotifyClose: - rtnState = kSSLAborted; - break; - case SSL_HdskStateServerReady: - case SSL_HdskStateClientReady: - rtnState = kSSLConnected; - break; - default: - assert((context->state >= SSL_HdskStateServerHello) && - (context->state <= SSL2_HdskStateServerFinished)); - rtnState = kSSLHandshake; - break; - - } - *state = rtnState; - return noErr; -} - -OSStatus -SSLSetIOFuncs (SSLContextRef ctx, - SSLReadFunc read, - SSLWriteFunc write) -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - ctx->ioCtx.read = read; - ctx->ioCtx.write = write; - return noErr; -} - -OSStatus -SSLSetConnection (SSLContextRef ctx, - SSLConnectionRef connection) -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - ctx->ioCtx.ioRef = connection; - return noErr; -} - -OSStatus -SSLGetConnection (SSLContextRef ctx, - SSLConnectionRef *connection) -{ - if((ctx == NULL) || (connection == NULL)) { - return paramErr; - } - *connection = ctx->ioCtx.ioRef; - return noErr; -} - -OSStatus -SSLSetPeerDomainName (SSLContextRef ctx, - const char *peerName, - size_t peerNameLen) -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - - /* free possible existing name */ - if(ctx->peerDomainName) { - sslFree(ctx->peerDomainName); - } - - /* copy in */ - ctx->peerDomainName = (char *)sslMalloc(peerNameLen); - if(ctx->peerDomainName == NULL) { - return memFullErr; - } - memmove(ctx->peerDomainName, peerName, peerNameLen); - ctx->peerDomainNameLen = peerNameLen; - return noErr; -} - -/* - * Determine the buffer size needed for SSLGetPeerDomainName(). - */ -OSStatus -SSLGetPeerDomainNameLength (SSLContextRef ctx, - size_t *peerNameLen) // RETURNED -{ - if(ctx == NULL) { - return paramErr; - } - *peerNameLen = ctx->peerDomainNameLen; - return noErr; -} - -OSStatus -SSLGetPeerDomainName (SSLContextRef ctx, - char *peerName, // returned here - size_t *peerNameLen) // IN/OUT -{ - if(ctx == NULL) { - return paramErr; - } - if(*peerNameLen < ctx->peerDomainNameLen) { - return errSSLBufferOverflow; - } - memmove(peerName, ctx->peerDomainName, ctx->peerDomainNameLen); - *peerNameLen = ctx->peerDomainNameLen; - return noErr; -} - -/* concert between private SSLProtocolVersion and public SSLProtocol */ -static SSLProtocol convertProtToExtern(SSLProtocolVersion prot) -{ - switch(prot) { - case SSL_Version_Undetermined: - return kSSLProtocolUnknown; - case SSL_Version_2_0: - return kSSLProtocol2; - case SSL_Version_3_0: - return kSSLProtocol3; - case TLS_Version_1_0: - return kTLSProtocol1; - default: - sslErrorLog("convertProtToExtern: bad prot\n"); - return kSSLProtocolUnknown; - } - /* not reached but make compiler happy */ - return kSSLProtocolUnknown; -} - -OSStatus -SSLSetProtocolVersionEnabled(SSLContextRef ctx, - SSLProtocol protocol, - Boolean enable) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - switch(protocol) { - case kSSLProtocol2: - ctx->versionSsl2Enable = enable; - break; - case kSSLProtocol3: - ctx->versionSsl3Enable = enable; - break; - case kTLSProtocol1: - ctx->versionTls1Enable = enable; - break; - case kSSLProtocolAll: - ctx->versionTls1Enable = ctx->versionSsl3Enable = - ctx->versionSsl2Enable = enable; - break; - default: - return paramErr; - } - return noErr; -} - -OSStatus -SSLGetProtocolVersionEnabled(SSLContextRef ctx, - SSLProtocol protocol, - Boolean *enable) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - switch(protocol) { - case kSSLProtocol2: - *enable = ctx->versionSsl2Enable; - break; - case kSSLProtocol3: - *enable = ctx->versionSsl3Enable; - break; - case kTLSProtocol1: - *enable = ctx->versionTls1Enable; - break; - case kSSLProtocolAll: - if(ctx->versionTls1Enable && ctx->versionSsl3Enable && - ctx->versionSsl2Enable) { - *enable = true; - } - else { - *enable = false; - } - break; - default: - return paramErr; - } - return noErr; -} - -/* deprecated */ -OSStatus -SSLSetProtocolVersion (SSLContextRef ctx, - SSLProtocol version) -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - - /* convert external representation to three booleans */ - switch(version) { - case kSSLProtocolUnknown: - ctx->versionSsl2Enable = DEFAULT_SSL2_ENABLE; - ctx->versionSsl3Enable = DEFAULT_SSL3_ENABLE; - ctx->versionTls1Enable = DEFAULT_TLS1_ENABLE; - break; - case kSSLProtocol2: - ctx->versionSsl2Enable = true; - ctx->versionSsl3Enable = false; - ctx->versionTls1Enable = false; - break; - case kSSLProtocol3: - /* this tells us to do our best, up to 3.0, but allows 2.0 */ - ctx->versionSsl2Enable = true; - ctx->versionSsl3Enable = true; - ctx->versionTls1Enable = false; - break; - case kSSLProtocol3Only: - ctx->versionSsl2Enable = false; - ctx->versionSsl3Enable = true; - ctx->versionTls1Enable = false; - break; - case kTLSProtocol1: - case kSSLProtocolAll: - /* this tells us to do our best, up to TLS, but allows 2.0 or 3.0 */ - ctx->versionSsl2Enable = true; - ctx->versionSsl3Enable = true; - ctx->versionTls1Enable = true; - break; - case kTLSProtocol1Only: - ctx->versionSsl2Enable = false; - ctx->versionSsl3Enable = false; - ctx->versionTls1Enable = true; - break; - default: - return paramErr; - } - return noErr; -} - -/* deprecated */ -OSStatus -SSLGetProtocolVersion (SSLContextRef ctx, - SSLProtocol *protocol) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - - /* translate array of booleans to public value; not all combinations - * are legal (i.e., meaningful) for this call */ - if(ctx->versionTls1Enable) { - if(ctx->versionSsl2Enable) { - if(ctx->versionSsl3Enable) { - /* traditional 'all enabled' */ - *protocol = kTLSProtocol1; - return noErr; - } - else { - /* SSL2 true, SSL3 false, TLS1 true - invalid here */ - return paramErr; - } - } - else if(ctx->versionSsl3Enable) { - /* SSL2 false, SSL3 true, TLS1 true - invalid here */ - return paramErr; - } - else { - *protocol = kTLSProtocol1Only; - return noErr; - } - } - else { - /* TLS1 false */ - if(ctx->versionSsl3Enable) { - *protocol = ctx->versionSsl2Enable ? - kSSLProtocol3 : kSSLProtocol3Only; - return noErr; - } - else if(ctx->versionSsl2Enable) { - *protocol = kSSLProtocol2; - return noErr; - } - else { - /* - * Bogus state - no enables - the API does provide a way - * to get into this state. Other than this path, the app - * will discover this bogon when attempting to do the - * handshake; sslGetMaxProtVersion will detect this. - */ - return paramErr; - } - } - /* NOT REACHED */ -} - -OSStatus -SSLGetNegotiatedProtocolVersion (SSLContextRef ctx, - SSLProtocol *protocol) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - *protocol = convertProtToExtern(ctx->negProtocolVersion); - return noErr; -} - -OSStatus -SSLSetEnableCertVerify (SSLContextRef ctx, - Boolean enableVerify) -{ - if(ctx == NULL) { - return paramErr; - } - sslCertDebug("SSLSetEnableCertVerify %s", - enableVerify ? "true" : "false"); - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - ctx->enableCertVerify = enableVerify; - return noErr; -} - -OSStatus -SSLGetEnableCertVerify (SSLContextRef ctx, - Boolean *enableVerify) -{ - if(ctx == NULL) { - return paramErr; - } - *enableVerify = ctx->enableCertVerify; - return noErr; -} - -OSStatus -SSLSetAllowsExpiredCerts(SSLContextRef ctx, - Boolean allowExpired) -{ - if(ctx == NULL) { - return paramErr; - } - sslCertDebug("SSLSetAllowsExpiredCerts %s", - allowExpired ? "true" : "false"); - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - ctx->allowExpiredCerts = allowExpired; - return noErr; -} - -OSStatus -SSLGetAllowsExpiredCerts (SSLContextRef ctx, - Boolean *allowExpired) -{ - if(ctx == NULL) { - return paramErr; - } - *allowExpired = ctx->allowExpiredCerts; - return noErr; -} - -OSStatus -SSLSetAllowsExpiredRoots(SSLContextRef ctx, - Boolean allowExpired) -{ - if(ctx == NULL) { - return paramErr; - } - sslCertDebug("SSLSetAllowsExpiredRoots %s", - allowExpired ? "true" : "false"); - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - ctx->allowExpiredRoots = allowExpired; - return noErr; -} - -OSStatus -SSLGetAllowsExpiredRoots (SSLContextRef ctx, - Boolean *allowExpired) -{ - if(ctx == NULL) { - return paramErr; - } - *allowExpired = ctx->allowExpiredRoots; - return noErr; -} - -OSStatus SSLSetAllowsAnyRoot( - SSLContextRef ctx, - Boolean anyRoot) -{ - if(ctx == NULL) { - return paramErr; - } - sslCertDebug("SSLSetAllowsAnyRoot %s", anyRoot ? "true" : "false"); - ctx->allowAnyRoot = anyRoot; - return noErr; -} - -OSStatus -SSLGetAllowsAnyRoot( - SSLContextRef ctx, - Boolean *anyRoot) -{ - if(ctx == NULL) { - return paramErr; - } - *anyRoot = ctx->allowAnyRoot; - return noErr; -} - -OSStatus -SSLSetTrustedRoots (SSLContextRef ctx, - CFArrayRef trustedRoots, - Boolean replaceExisting) -{ - unsigned dex; - unsigned outDex; - unsigned numIncoming; - uint32 numCerts; - CSSM_DATA_PTR newRoots = NULL; - const CSSM_DATA *existAnchors = NULL; - uint32 numExistAnchors = 0; - OSStatus ortn = noErr; - - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - numCerts = numIncoming = CFArrayGetCount(trustedRoots); - sslCertDebug("SSLSetTrustedRoot numCerts %d replaceExist %s", - (int)numCerts, replaceExisting ? "true" : "false"); - if(!replaceExisting) { - if(ctx->trustedCerts != NULL) { - /* adding to existing store */ - existAnchors = ctx->trustedCerts; - numExistAnchors = ctx->numTrustedCerts; - } - else { - /* adding to system roots */ - ortn = SecTrustGetCSSMAnchorCertificates(&existAnchors, - &numExistAnchors); - if(ortn) { - /* should never happen */ - return ortn; - } - } - numCerts += numExistAnchors; - } - newRoots = (CSSM_DATA_PTR)sslMalloc(numCerts * sizeof(CSSM_DATA)); - memset(newRoots, 0, numCerts * sizeof(CSSM_DATA)); - - /* Caller's certs first */ - for(dex=0, outDex=0; dexnumTrustedCerts = numCerts; - ctx->trustedCerts = newRoots; - return noErr; - -abort: - sslFree(newRoots); - return ortn; -} - -OSStatus -SSLGetTrustedRoots (SSLContextRef ctx, - CFArrayRef *trustedRoots) /* RETURNED */ -{ - uint32 numCerts; - const CSSM_DATA *certs; - CFMutableArrayRef certArray; - unsigned dex; - SecCertificateRef secCert; - OSStatus ortn; - - if(ctx == NULL) { - return paramErr; - } - if(ctx->trustedCerts != NULL) { - /* use ours */ - certs = ctx->trustedCerts; - numCerts = ctx->numTrustedCerts; - } - else { - /* use default system roots */ - OSStatus ortn = SecTrustGetCSSMAnchorCertificates(&certs, - &numCerts); - if(ortn) { - /* should never happen */ - return ortn; - } - } - - certArray = CFArrayCreateMutable(kCFAllocatorDefault, - (CFIndex)numCerts, &kCFTypeArrayCallBacks); - if(certArray == NULL) { - return memFullErr; - } - for(dex=0; dexclientAuth = auth; - switch(auth) { - case kNeverAuthenticate: - ctx->tryClientAuth = false; - break; - case kAlwaysAuthenticate: - case kTryAuthenticate: - ctx->tryClientAuth = true; - break; - } - return noErr; -} - -OSStatus -SSLGetClientCertificateState (SSLContextRef ctx, - SSLClientCertificateState *clientState) -{ - if(ctx == NULL) { - return paramErr; - } - *clientState = ctx->clientCertState; - return noErr; -} - -OSStatus -SSLSetCertificate (SSLContextRef ctx, - CFArrayRef certRefs) -{ - /* - * -- free localCerts if we have any - * -- Get raw cert data, convert to ctx->localCert - * -- get pub, priv keys from certRef[0] - * -- validate cert chain - */ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - return parseIncomingCerts(ctx, - certRefs, - &ctx->localCert, - &ctx->signingPubKey, - &ctx->signingPrivKeyRef); -} - -OSStatus -SSLSetEncryptionCertificate (SSLContextRef ctx, - CFArrayRef certRefs) -{ - /* - * -- free encryptCert if we have any - * -- Get raw cert data, convert to ctx->encryptCert - * -- get pub, priv keys from certRef[0] - * -- validate cert chain - */ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - return parseIncomingCerts(ctx, - certRefs, - &ctx->encryptCert, - &ctx->encryptPubKey, - &ctx->encryptPrivKeyRef); -} - -OSStatus -SSLSetPeerID (SSLContext *ctx, - const void *peerID, - size_t peerIDLen) -{ - OSStatus serr; - - /* copy peerId to context->peerId */ - if((ctx == NULL) || - (peerID == NULL) || - (peerIDLen == 0)) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - /* can't do this with an active session */ - return badReqErr; - } - SSLFreeBuffer(ctx->peerID, ctx); - serr = SSLAllocBuffer(ctx->peerID, peerIDLen, ctx); - if(serr) { - return serr; - } - memmove(ctx->peerID.data, peerID, peerIDLen); - return noErr; -} - -OSStatus -SSLGetPeerID (SSLContextRef ctx, - const void **peerID, - size_t *peerIDLen) -{ - *peerID = ctx->peerID.data; // may be NULL - *peerIDLen = ctx->peerID.length; - return noErr; -} - -OSStatus -SSLGetNegotiatedCipher (SSLContextRef ctx, - SSLCipherSuite *cipherSuite) -{ - if(ctx == NULL) { - return paramErr; - } - if(!sslIsSessionActive(ctx)) { - return badReqErr; - } - *cipherSuite = (SSLCipherSuite)ctx->selectedCipher; - return noErr; -} - -/* - * Add an acceptable distinguished name (client authentication only). - */ -OSStatus -SSLAddDistinguishedName( - SSLContextRef ctx, - const void *derDN, - size_t derDNLen) -{ - DNListElem *dn; - OSStatus err; - - dn = (DNListElem *)sslMalloc(sizeof(DNListElem)); - if(dn == NULL) { - return memFullErr; - } - if ((err = SSLAllocBuffer(dn->derDN, derDNLen, ctx)) != 0) - return err; - memcpy(dn->derDN.data, derDN, derDNLen); - dn->next = ctx->acceptableDNList; - ctx->acceptableDNList = dn; - return noErr; -} - -/* - * Request peer certificates. Valid anytime, subsequent to - * a handshake attempt. - */ -OSStatus -SSLGetPeerCertificates (SSLContextRef ctx, - CFArrayRef *certs) -{ - uint32 numCerts; - CFMutableArrayRef ca; - CFIndex i; - SecCertificateRef cfd; - OSStatus ortn; - CSSM_DATA certData; - SSLCertificate *scert; - - if(ctx == NULL) { - return paramErr; - } - *certs = NULL; - - /* - * Copy peerCert, a chain of SSLCertificates, to a CFArray of - * CFDataRefs, each of which is one DER-encoded cert. - */ - numCerts = SSLGetCertificateChainLength(ctx->peerCert); - if(numCerts == 0) { - return noErr; - } - ca = CFArrayCreateMutable(kCFAllocatorDefault, - (CFIndex)numCerts, &kCFTypeArrayCallBacks); - if(ca == NULL) { - return memFullErr; - } - - /* - * Caller gets leaf cert first, the opposite of the way we store them. - */ - scert = ctx->peerCert; - for(i=0; (unsigned)iderCert, &certData); - ortn = SecCertificateCreateFromData(&certData, - CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_DER, - &cfd); - if(ortn) { - CFRelease(ca); - return ortn; - } - /* insert at head of array */ - CFArrayInsertValueAtIndex(ca, 0, cfd); - scert = scert->next; - } - *certs = ca; - return noErr; -} - -/* - * Specify Diffie-Hellman parameters. Optional; if we are configured to allow - * for D-H ciphers and a D-H cipher is negotiated, and this function has not - * been called, a set of process-wide parameters will be calculated. However - * that can take a long time (30 seconds). - */ -OSStatus SSLSetDiffieHellmanParams( - SSLContextRef ctx, - const void *dhParams, - size_t dhParamsLen) -{ - if(ctx == NULL) { - return paramErr; - } - if(sslIsSessionActive(ctx)) { - return badReqErr; - } - SSLFreeBuffer(ctx->dhParamsPrime, ctx); - SSLFreeBuffer(ctx->dhParamsGenerator, ctx); - SSLFreeBuffer(ctx->dhParamsEncoded, ctx); - - OSStatus ortn; - ortn = SSLCopyBufferFromData(dhParams, dhParamsLen, - ctx->dhParamsEncoded); - if(ortn) { - return ortn; - } - - /* decode for use by server over the wire */ - SSLBuffer sParams; - sParams.data = (UInt8 *)dhParams; - sParams.length = dhParamsLen; - return sslDecodeDhParams(&sParams, &ctx->dhParamsPrime, - &ctx->dhParamsGenerator); -} - -/* - * Return parameter block specified in SSLSetDiffieHellmanParams. - * Returned data is not copied and belongs to the SSLContextRef. - */ -OSStatus SSLGetDiffieHellmanParams( - SSLContextRef ctx, - const void **dhParams, - size_t *dhParamsLen) -{ - if(ctx == NULL) { - return paramErr; - } - *dhParams = ctx->dhParamsEncoded.data; - *dhParamsLen = ctx->dhParamsEncoded.length; - return noErr; -} - -OSStatus SSLSetRsaBlinding( - SSLContextRef ctx, - Boolean blinding) -{ - if(ctx == NULL) { - return paramErr; - } - ctx->rsaBlindingEnable = blinding; - return noErr; -} - -OSStatus SSLGetRsaBlinding( - SSLContextRef ctx, - Boolean *blinding) -{ - if(ctx == NULL) { - return paramErr; - } - *blinding = ctx->rsaBlindingEnable; - return noErr; -} - -OSStatus SSLGetPeerSecTrust( - SSLContextRef ctx, - SecTrustRef *secTrust) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - *secTrust = ctx->peerSecTrust; - return noErr; -} - -OSStatus SSLInternalMasterSecret( - SSLContextRef ctx, - void *secret, // mallocd by caller, SSL_MASTER_SECRET_SIZE - size_t *secretSize) // in/out -{ - if((ctx == NULL) || (secret == NULL) || (secretSize == NULL)) { - return paramErr; - } - if(*secretSize < SSL_MASTER_SECRET_SIZE) { - return paramErr; - } - memmove(secret, ctx->masterSecret, SSL_MASTER_SECRET_SIZE); - *secretSize = SSL_MASTER_SECRET_SIZE; - return noErr; -} - -OSStatus SSLInternalServerRandom( - SSLContextRef ctx, - void *rand, // mallocd by caller, SSL_CLIENT_SRVR_RAND_SIZE - size_t *randSize) // in/out -{ - if((ctx == NULL) || (rand == NULL) || (randSize == NULL)) { - return paramErr; - } - if(*randSize < SSL_CLIENT_SRVR_RAND_SIZE) { - return paramErr; - } - memmove(rand, ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE); - *randSize = SSL_CLIENT_SRVR_RAND_SIZE; - return noErr; -} - -OSStatus SSLInternalClientRandom( - SSLContextRef ctx, - void *rand, // mallocd by caller, SSL_CLIENT_SRVR_RAND_SIZE - size_t *randSize) // in/out -{ - if((ctx == NULL) || (rand == NULL) || (randSize == NULL)) { - return paramErr; - } - if(*randSize < SSL_CLIENT_SRVR_RAND_SIZE) { - return paramErr; - } - memmove(rand, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); - *randSize = SSL_CLIENT_SRVR_RAND_SIZE; - return noErr; -} - -OSStatus -SSLGetResumableSessionInfo( - SSLContextRef ctx, - Boolean *sessionWasResumed, // RETURNED - void *sessionID, // RETURNED, mallocd by caller - size_t *sessionIDLength) // IN/OUT -{ - if((ctx == NULL) || (sessionWasResumed == NULL) || - (sessionID == NULL) || (sessionIDLength == NULL) || - (*sessionIDLength < MAX_SESSION_ID_LENGTH)) { - return paramErr; - } - if(ctx->sessionMatch) { - assert(ctx->sessionID.data != NULL); - *sessionWasResumed = true; - if(ctx->sessionID.length > *sessionIDLength) { - /* really should never happen - means ID > 32 */ - return paramErr; - } - memmove(sessionID, ctx->sessionID.data, ctx->sessionID.length); - *sessionIDLength = ctx->sessionID.length; - } - else { - *sessionWasResumed = false; - *sessionIDLength = 0; - } - return noErr; -} - - diff --git a/SecureTransport/sslDigests.cpp b/SecureTransport/sslDigests.cpp deleted file mode 100644 index 5748ad6d..00000000 --- a/SecureTransport/sslDigests.cpp +++ /dev/null @@ -1,328 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslDigests.cpp - - Contains: interface between SSL and SHA, MD5 digest implementations - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "cryptType.h" -#include "sslMemory.h" -#include "sslDigests.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include -#include - -#define DIGEST_PRINT 0 -#if DIGEST_PRINT -#define dgprintf(s) printf s -#else -#define dgprintf(s) -#endif - -/* - * Common digest context. The SSLBuffer.data pointer in a "digest state" argument - * casts to one of these. - */ -typedef struct { - CSSM_CC_HANDLE hashHand; -} cdsaHashContext; - -const UInt8 SSLMACPad1[MAX_MAC_PADDING] = -{ - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 -}; - -const UInt8 SSLMACPad2[MAX_MAC_PADDING] = -{ - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C -}; - -/* - * Public general hash functions - */ - -/* - * A convenience wrapper for HashReference.clone, which has the added benefit of - * allocating the state buffer for the caller. - */ -OSStatus -CloneHashState( - const HashReference &ref, - const SSLBuffer &state, - SSLBuffer &newState, - SSLContext *ctx) -{ - OSStatus err; - if ((err = SSLAllocBuffer(newState, ref.contextSize, ctx)) != 0) - return err; - return ref.clone(state, newState); -} - -/* - * Wrapper for HashReference.init. - */ -OSStatus -ReadyHash(const HashReference &ref, SSLBuffer &state, SSLContext *ctx) -{ - OSStatus err; - if ((err = SSLAllocBuffer(state, ref.contextSize, ctx)) != 0) - return err; - return ref.init(state, ctx); -} - -/* - * Wrapper for HashReference.clone. Tolerates NULL digestCtx and frees it if it's - * there. - */ -OSStatus CloseHash(const HashReference &ref, SSLBuffer &state, SSLContext *ctx) -{ - OSStatus serr; - - if(state.data == NULL) { - return noErr; - } - serr = ref.close(state, ctx); - if(serr) { - return serr; - } - return SSLFreeBuffer(state, ctx); -} - -static OSStatus HashNullInit(SSLBuffer &digestCtx, SSLContext *sslCtx); -static OSStatus HashNullUpdate(SSLBuffer &digestCtx, const SSLBuffer &data); -static OSStatus HashNullFinal(SSLBuffer &digestCtx, SSLBuffer &digest); -static OSStatus HashNullClose(SSLBuffer &digestCtx, SSLContext *sslCtx); -static OSStatus HashNullClone(const SSLBuffer &src, SSLBuffer &dst); - -static OSStatus HashMD5Init(SSLBuffer &digestCtx, SSLContext *sslCtx); -static OSStatus HashSHA1Init(SSLBuffer &digestCtx, SSLContext *sslCtx); -static OSStatus cdsaHashInit(SSLBuffer &digestCtx, SSLContext *sslCtx, - CSSM_ALGORITHMS digestAlg); -static OSStatus cdsaHashUpdate(SSLBuffer &digestCtx, const SSLBuffer &data); -static OSStatus cdsaHashFinal(SSLBuffer &digestCtx, SSLBuffer &digest); -static OSStatus cdsaHashClose(SSLBuffer &digestCtx, SSLContext *sslCtx); -static OSStatus cdsaHashClone(const SSLBuffer &src, SSLBuffer &dest); - -/* - * These are the handles by which the bulk of digesting work - * is done. - */ -const HashReference SSLHashNull = - { - 0, - 0, - 0, - HashNullInit, - HashNullUpdate, - HashNullFinal, - HashNullClose, - HashNullClone - }; - -const HashReference SSLHashMD5 = - { - sizeof(cdsaHashContext), - 16, - 48, - HashMD5Init, - cdsaHashUpdate, - cdsaHashFinal, - cdsaHashClose, - cdsaHashClone - }; - -const HashReference SSLHashSHA1 = - { - sizeof(cdsaHashContext), - 20, - 40, - HashSHA1Init, - cdsaHashUpdate, - cdsaHashFinal, - cdsaHashClose, - cdsaHashClone - }; - -/*** NULL ***/ -static OSStatus HashNullInit(SSLBuffer &digestCtx, SSLContext *sslCtx) { - return noErr; -} - -static OSStatus HashNullUpdate(SSLBuffer &digestCtx, const SSLBuffer &data) { - return noErr; -} - -static OSStatus HashNullFinal(SSLBuffer &digestCtx, SSLBuffer &digest) { - return noErr; -} -static OSStatus HashNullClose(SSLBuffer &digestCtx, SSLContext *sslCtx) { - return noErr; -} -static OSStatus HashNullClone(const SSLBuffer &src, SSLBuffer &dest) { - return noErr; -} - -static OSStatus HashMD5Init(SSLBuffer &digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx.length >= sizeof(cdsaHashContext)); - return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_MD5); -} - -static OSStatus HashSHA1Init(SSLBuffer &digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx.length >= sizeof(cdsaHashContext)); - return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_SHA1); -} - -/* common digest functions via CDSA */ -static OSStatus cdsaHashInit(SSLBuffer &digestCtx, - SSLContext *sslCtx, - CSSM_ALGORITHMS digestAlg) -{ - OSStatus serr; - cdsaHashContext *cdsaCtx; - CSSM_CC_HANDLE hashHand = 0; - CSSM_RETURN crtn; - - assert(digestCtx.length >= sizeof(cdsaHashContext)); - serr = attachToCsp(sslCtx); // should be a nop - if(serr) { - return serr; - } - cdsaCtx = (cdsaHashContext *)digestCtx.data; - cdsaCtx->hashHand = 0; - dgprintf(("###cdsaHashInit cdsaCtx %p\n", cdsaCtx)); - - /* cook up a digest context, initialize it */ - crtn = CSSM_CSP_CreateDigestContext(sslCtx->cspHand, - digestAlg, - &hashHand); - if(crtn) { - sslErrorLog("CSSM_CSP_CreateDigestContext failure\n"); - return errSSLCrypto; - } - crtn = CSSM_DigestDataInit(hashHand); - if(crtn) { - CSSM_DeleteContext(hashHand); - sslErrorLog("CSSM_DigestDataInit failure\n"); - return errSSLCrypto; - } - cdsaCtx->hashHand = hashHand; - return noErr; -} - -static OSStatus cdsaHashUpdate(SSLBuffer &digestCtx, const SSLBuffer &data) -{ - cdsaHashContext *cdsaCtx; - CSSM_RETURN crtn; - CSSM_DATA cdata; - - assert(digestCtx.length >= sizeof(cdsaHashContext)); - cdsaCtx = (cdsaHashContext *)digestCtx.data; - //dgprintf(("###cdsaHashUpdate cdsaCtx %p\n", cdsaCtx)); - - SSLBUF_TO_CSSM(&data, &cdata); - crtn = CSSM_DigestDataUpdate(cdsaCtx->hashHand, &cdata, 1); - if(crtn) { - sslErrorLog("CSSM_DigestDataUpdate failure\n"); - return errSSLCrypto; - } - else { - return noErr; - } -} - -static OSStatus cdsaHashFinal(SSLBuffer &digestCtx, SSLBuffer &digest) -{ - cdsaHashContext *cdsaCtx; - CSSM_RETURN crtn; - CSSM_DATA cdata; - OSStatus srtn = noErr; - - assert(digestCtx.length >= sizeof(cdsaHashContext)); - cdsaCtx = (cdsaHashContext *)digestCtx.data; - dgprintf(("###cdsaHashFinal cdsaCtx %p\n", cdsaCtx)); - SSLBUF_TO_CSSM(&digest, &cdata); - crtn = CSSM_DigestDataFinal(cdsaCtx->hashHand, &cdata); - if(crtn) { - sslErrorLog("CSSM_DigestDataFinal failure\n"); - srtn = errSSLCrypto; - } - else { - digest.length = cdata.Length; - } - CSSM_DeleteContext(cdsaCtx->hashHand); - cdsaCtx->hashHand = 0; - return srtn; -} - -static OSStatus cdsaHashClose(SSLBuffer &digestCtx, SSLContext *sslCtx) -{ - cdsaHashContext *cdsaCtx; - - assert(digestCtx.length >= sizeof(cdsaHashContext)); - cdsaCtx = (cdsaHashContext *)digestCtx.data; - dgprintf(("###cdsaHashClose cdsaCtx %p\n", cdsaCtx)); - if(cdsaCtx->hashHand != 0) { - CSSM_DeleteContext(cdsaCtx->hashHand); - cdsaCtx->hashHand = 0; - } - return noErr; -} - -static OSStatus cdsaHashClone(const SSLBuffer &src, SSLBuffer &dst) -{ - cdsaHashContext *srcCtx; - cdsaHashContext *dstCtx; - CSSM_RETURN crtn; - - assert(src.length >= sizeof(cdsaHashContext)); - assert(dst.length >= sizeof(cdsaHashContext)); - srcCtx = (cdsaHashContext *)src.data; - dstCtx = (cdsaHashContext *)dst.data; - dgprintf(("###cdsaHashClone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); - - crtn = CSSM_DigestDataClone(srcCtx->hashHand, &dstCtx->hashHand); - if(crtn) { - sslErrorLog("CSSM_DigestDataClone failure\n"); - return errSSLCrypto; - } - else { - return noErr; - } -} - diff --git a/SecureTransport/sslHandshake.cpp b/SecureTransport/sslHandshake.cpp deleted file mode 100644 index 8ec94a08..00000000 --- a/SecureTransport/sslHandshake.cpp +++ /dev/null @@ -1,847 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslHandshake.cpp - - Contains: SSL 3.0 handshake state machine. - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslAlertMessage.h" -#include "sslSession.h" -#include "sslUtils.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include "sslDigests.h" - -#include -#include - -#define REQUEST_CERT_CORRECT 0 - -static OSStatus SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx); - -OSStatus -SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx) -{ OSStatus err; - sint32 remaining; - UInt8 *p; - SSLHandshakeMsg message; - SSLBuffer messageData; - - if (ctx->fragmentedMessageCache.data != 0) - { if ((err = SSLReallocBuffer(ctx->fragmentedMessageCache, - ctx->fragmentedMessageCache.length + rec.contents.length, - ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - memcpy(ctx->fragmentedMessageCache.data + ctx->fragmentedMessageCache.length, - rec.contents.data, rec.contents.length); - remaining = ctx->fragmentedMessageCache.length; - p = ctx->fragmentedMessageCache.data; - } - else - { remaining = rec.contents.length; - p = rec.contents.data; - } - - while (remaining > 0) - { if (remaining < 4) - break; /* we must have at least a header */ - - messageData.data = p; - message.type = (SSLHandshakeType)*p++; - message.contents.length = SSLDecodeInt(p, 3); - if (((int)(message.contents.length + 4)) > remaining) - break; - - p += 3; - message.contents.data = p; - p += message.contents.length; - messageData.length = 4 + message.contents.length; - assert(p == messageData.data + messageData.length); - - /* message fragmentation */ - remaining -= messageData.length; - if ((err = SSLProcessHandshakeMessage(message, ctx)) != 0) - return err; - - if (message.type != SSL_HdskHelloRequest) - { if ((err = SSLHashSHA1.update(ctx->shaState, messageData)) != 0 || - (err = SSLHashMD5.update(ctx->md5State, messageData)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - - if ((err = SSLAdvanceHandshake(message.type, ctx)) != 0) - return err; - } - - if (remaining > 0) /* Fragmented handshake message */ - { /* If there isn't a cache, allocate one */ - if (ctx->fragmentedMessageCache.data == 0) - { if ((err = SSLAllocBuffer(ctx->fragmentedMessageCache, remaining, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - if (p != ctx->fragmentedMessageCache.data) - { memcpy(ctx->fragmentedMessageCache.data, p, remaining); - ctx->fragmentedMessageCache.length = remaining; - } - } - else if (ctx->fragmentedMessageCache.data != 0) - { if ((err = SSLFreeBuffer(ctx->fragmentedMessageCache, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - - return noErr; -} - -static OSStatus -SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx) -{ OSStatus err; - - err = noErr; - SSLLogHdskMsg(message.type, 0); - switch (message.type) - { case SSL_HdskHelloRequest: - if (ctx->protocolSide != SSL_ClientSide) - goto wrongMessage; - if (message.contents.length > 0) - err = errSSLProtocol; - break; - case SSL_HdskClientHello: - if (ctx->state != SSL_HdskStateServerUninit) - goto wrongMessage; - err = SSLProcessClientHello(message.contents, ctx); - break; - case SSL_HdskServerHello: - if (ctx->state != SSL_HdskStateServerHello && - ctx->state != SSL_HdskStateServerHelloUnknownVersion) - goto wrongMessage; - err = SSLProcessServerHello(message.contents, ctx); - break; - case SSL_HdskCert: - if (ctx->state != SSL_HdskStateCert && - ctx->state != SSL_HdskStateClientCert) - goto wrongMessage; - err = SSLProcessCertificate(message.contents, ctx); - if(ctx->protocolSide == SSL_ServerSide) { - if(err) { - /* - * Error could be from no cert (when we require one) - * or invalid cert - */ - if(ctx->peerCert != NULL) { - ctx->clientCertState = kSSLClientCertRejected; - } - } - else if(ctx->peerCert != NULL) { - /* - * This still might change if cert verify msg - * fails. Note we avoid going to state - * if we get en empty cert message which is - * otherwise valid. - */ - ctx->clientCertState = kSSLClientCertSent; - } - } - break; - case SSL_HdskCertRequest: - if (((ctx->state != SSL_HdskStateHelloDone) && - (ctx->state != SSL_HdskStateKeyExchange)) - || ctx->certRequested) - goto wrongMessage; - err = SSLProcessCertificateRequest(message.contents, ctx); - break; - case SSL_HdskServerKeyExchange: - /* - * Since this message is optional, and completely at the - * server's discretion, we need to be able to handle this - * in one of two states... - */ - switch(ctx->state) { - case SSL_HdskStateKeyExchange: /* explicitly waiting for this */ - case SSL_HdskStateHelloDone: - break; - default: - goto wrongMessage; - } - err = SSLProcessServerKeyExchange(message.contents, ctx); - break; - case SSL_HdskServerHelloDone: - if (ctx->state != SSL_HdskStateHelloDone) - goto wrongMessage; - err = SSLProcessServerHelloDone(message.contents, ctx); - break; - case SSL_HdskCertVerify: - if (ctx->state != SSL_HdskStateClientCertVerify) - goto wrongMessage; - err = SSLProcessCertificateVerify(message.contents, ctx); - assert(ctx->protocolSide == SSL_ServerSide); - if(err) { - ctx->clientCertState = kSSLClientCertRejected; - } - break; - case SSL_HdskClientKeyExchange: - if (ctx->state != SSL_HdskStateClientKeyExchange) - goto wrongMessage; - err = SSLProcessKeyExchange(message.contents, ctx); - break; - case SSL_HdskFinished: - if (ctx->state != SSL_HdskStateFinished) - goto wrongMessage; - err = SSLProcessFinished(message.contents, ctx); - break; - default: - goto wrongMessage; - break; - } - - if (err && !ctx->sentFatalAlert) - { if (err == errSSLProtocol) - SSLFatalSessionAlert(SSL_AlertIllegalParam, ctx); - else if (err == errSSLNegotiation) - SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx); - else - SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx); - } - return err; - -wrongMessage: - SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx); - return errSSLProtocol; -} - -OSStatus -SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) -{ OSStatus err; - SSLBuffer sessionIdentifier; - - switch (processed) - { case SSL_HdskHelloRequest: - /* - * Reset the client auth state machine in case this is - * a renegotiation. - */ - ctx->certRequested = 0; - ctx->certSent = 0; - ctx->certReceived = 0; - ctx->x509Requested = 0; - ctx->clientCertState = kSSLClientCertNone; - if ((err = SSLPrepareAndQueueMessage(SSLEncodeClientHello, ctx)) != 0) - return err; - SSLChangeHdskState(ctx, SSL_HdskStateServerHello); - break; - case SSL_HdskClientHello: - assert(ctx->protocolSide == SSL_ServerSide); - ctx->sessionMatch = 0; - if (ctx->sessionID.data != 0) - /* If session ID != 0, client is trying to resume */ - { if (ctx->resumableSession.data != 0) - { - SSLProtocolVersion sessionProt; - if ((err = SSLRetrieveSessionID(ctx->resumableSession, - &sessionIdentifier, ctx)) != 0) - return err; - if ((err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession, - &sessionProt, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - if ((sessionIdentifier.length == ctx->sessionID.length) && - (memcmp(sessionIdentifier.data, ctx->sessionID.data, - ctx->sessionID.length) == 0) && - (sessionProt == ctx->negProtocolVersion)) - { /* Everything matches; resume the session */ - sslLogResumSessDebug("===RESUMING SSL3 server-side session"); - if ((err = SSLInstallSessionFromData(ctx->resumableSession, - ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->sessionMatch = 1; - if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHello, - ctx)) != 0) - return err; - if ((err = SSLInitPendingCiphers(ctx)) != 0 || - (err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - if ((err = - SSLPrepareAndQueueMessage(SSLEncodeChangeCipherSpec, - ctx)) != 0) - return err; - /* Install new cipher spec on write side */ - if ((err = SSLDisposeCipherSuite(&ctx->writeCipher, - ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->writeCipher = ctx->writePending; - ctx->writeCipher.ready = 0; - /* Can't send data until Finished is sent */ - memset(&ctx->writePending, 0, sizeof(CipherContext)); - /* Zero out old data */ - if ((err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, - ctx)) != 0) - return err; - /* Finished has been sent; enable data t6ransfer on - * write channel */ - ctx->writeCipher.ready = 1; - SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec); - break; - } - else { - sslLogResumSessDebug( - "===FAILED TO RESUME SSL3 server-side session"); - } - if ((err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0 || - (err = SSLDeleteSessionData(ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - if ((err = SSLFreeBuffer(ctx->sessionID, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - - /* - * If we get here, we're not resuming; generate a new session ID - * if we know our peer - */ - if (ctx->peerID.data != 0) - { /* Ignore errors; just treat as uncached session */ - assert(ctx->sessionID.data == 0); - err = SSLAllocBuffer(ctx->sessionID, SSL_SESSION_ID_LEN, ctx); - if (err == 0) - { - if((err = sslRand(ctx, &ctx->sessionID)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - } - - if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHello, ctx)) != 0) - return err; - switch (ctx->selectedCipherSpec->keyExchangeMethod) - { case SSL_NULL_auth: - #if APPLE_DH - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - if(ctx->clientAuth == kAlwaysAuthenticate) { - /* app requires this; abort */ - SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx); - return errSSLNegotiation; - } - ctx->tryClientAuth = false; - /* DH server side needs work */ - break; - #endif /* APPLE_DH */ - default: /* everything else */ - if(ctx->localCert == NULL) { - /* no cert but configured for, and negotiated, a - * ciphersuite which requires one */ - sslErrorLog("SSLAdvanceHandshake: No server key!\n"); - return errSSLBadConfiguration; - } - if ((err = SSLPrepareAndQueueMessage(SSLEncodeCertificate, - ctx)) != 0) - return err; - break; - } - /* - * At this point we decide whether to send a server key exchange - * method. For Apple servers, I think we'll ALWAYS do this, because - * of key usage restrictions (can't decrypt and sign with the same - * private key), but conceptually in this code, we do it if - * enabled by the presence of encryptPrivKey. - */ - { - bool doServerKeyExch = false; - switch(ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA_EXPORT: - #if !SSL_SERVER_KEYEXCH_HACK - /* the "proper" way - app decides. */ - case SSL_RSA: - #endif - if(ctx->encryptPrivKeyRef != NULL) { - doServerKeyExch = true; - } - break; - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - doServerKeyExch = true; - break; - default: - break; - } - if(doServerKeyExch) { - err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx); - if(err) { - return err; - } - } - } - if (ctx->tryClientAuth) - { if ((err = SSLPrepareAndQueueMessage(SSLEncodeCertificateRequest, - ctx)) != 0) - return err; - ctx->certRequested = 1; - ctx->clientCertState = kSSLClientCertRequested; - } - if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHelloDone, ctx)) != 0) - return err; - if (ctx->certRequested) { - SSLChangeHdskState(ctx, SSL_HdskStateClientCert); - } - else { - SSLChangeHdskState(ctx, SSL_HdskStateClientKeyExchange); - } - break; - case SSL_HdskServerHello: - ctx->sessionMatch = 0; - if (ctx->resumableSession.data != 0 && ctx->sessionID.data != 0) - { - SSLProtocolVersion sessionProt; - if ((err = SSLRetrieveSessionID(ctx->resumableSession, - &sessionIdentifier, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - if ((err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession, - &sessionProt, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - if ((sessionIdentifier.length == ctx->sessionID.length) && - (memcmp(sessionIdentifier.data, ctx->sessionID.data, - ctx->sessionID.length) == 0) && - (sessionProt == ctx->negProtocolVersion)) - { /* Everything matches; resume the session */ - sslLogResumSessDebug("===RESUMING SSL3 client-side session"); - if ((err = SSLInstallSessionFromData(ctx->resumableSession, - ctx)) != 0 || - (err = SSLInitPendingCiphers(ctx)) != 0 || - (err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->sessionMatch = 1; - SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec); - break; - } - else { - sslLogResumSessDebug("===FAILED TO RESUME SSL3 client-side " - "session"); - } - if ((err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - switch (ctx->selectedCipherSpec->keyExchangeMethod) - { - /* these require a key exchange message */ - case SSL_NULL_auth: - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - SSLChangeHdskState(ctx, SSL_HdskStateKeyExchange); - break; - case SSL_RSA: - case SSL_DH_DSS: - case SSL_DH_DSS_EXPORT: - case SSL_DH_RSA: - case SSL_DH_RSA_EXPORT: - case SSL_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_Fortezza: - SSLChangeHdskState(ctx, SSL_HdskStateCert); - break; - default: - assert("Unknown key exchange method"); - break; - } - break; - case SSL_HdskCert: - if (ctx->state == SSL_HdskStateCert) - switch (ctx->selectedCipherSpec->keyExchangeMethod) - { case SSL_RSA: - /* - * I really think the two RSA cases should be - * handled the same here - the server key exchange is - * optional, and is up to the server. - * Note this isn't the same as SSL_SERVER_KEYEXCH_HACK; - * we're a client here. - */ - case SSL_RSA_EXPORT: - case SSL_DH_DSS: - case SSL_DH_DSS_EXPORT: - case SSL_DH_RSA: - case SSL_DH_RSA_EXPORT: - SSLChangeHdskState(ctx, SSL_HdskStateHelloDone); - break; - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_Fortezza: - SSLChangeHdskState(ctx, SSL_HdskStateKeyExchange); - break; - default: - assert("Unknown or unexpected key exchange method"); - break; - } - else if (ctx->state == SSL_HdskStateClientCert) - { SSLChangeHdskState(ctx, SSL_HdskStateClientKeyExchange); - if (ctx->peerCert != 0) - ctx->certReceived = 1; - } - break; - case SSL_HdskCertRequest: - /* state stays in SSL_HdskStateHelloDone; distinction is in - * ctx->certRequested */ - if (ctx->peerCert == 0) - { SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx); - return errSSLProtocol; - } - ctx->certRequested = 1; - ctx->clientCertState = kSSLClientCertRequested; - break; - case SSL_HdskServerKeyExchange: - SSLChangeHdskState(ctx, SSL_HdskStateHelloDone); - break; - case SSL_HdskServerHelloDone: - if (ctx->certRequested) { - /* - * Server wants a client authentication cert - do - * we have one? - */ - if (ctx->localCert != 0 && ctx->x509Requested) { - if ((err = SSLPrepareAndQueueMessage(SSLEncodeCertificate, - ctx)) != 0) { - return err; - } - } - else { - /* response for no cert depends on protocol version */ - if(ctx->negProtocolVersion == TLS_Version_1_0) { - /* TLS: send empty cert msg */ - if ((err = SSLPrepareAndQueueMessage(SSLEncodeCertificate, - ctx)) != 0) { - return err; - } - } - else { - /* SSL3: "no cert" alert */ - if ((err = SSLSendAlert(SSL_AlertLevelWarning, SSL_AlertNoCert, - ctx)) != 0) { - return err; - } - } - } /* no cert to send */ - } /* server requested a cert */ - if ((err = SSLPrepareAndQueueMessage(SSLEncodeKeyExchange, ctx)) != 0) - return err; - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 || - (err = SSLInitPendingCiphers(ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length); - if ((err = SSLFreeBuffer(ctx->preMasterSecret, ctx)) != 0) { - return err; - } - if (ctx->certSent) { - if ((err = SSLPrepareAndQueueMessage(SSLEncodeCertificateVerify, - ctx)) != 0) { - return err; - } - } - if ((err = SSLPrepareAndQueueMessage(SSLEncodeChangeCipherSpec, - ctx)) != 0) { - return err; - } - /* Install new cipher spec on write side */ - if ((err = SSLDisposeCipherSuite(&ctx->writeCipher, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->writeCipher = ctx->writePending; - /* Can't send data until Finished is sent */ - ctx->writeCipher.ready = 0; - - /* Zero out old data */ - memset(&ctx->writePending, 0, sizeof(CipherContext)); - ctx->writePending.encrypting = 1; - if ((err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, ctx)) != 0) - return err; - /* Finished has been sent; enable data transfer on write channel */ - ctx->writeCipher.ready = 1; - SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec); - break; - case SSL_HdskCertVerify: - SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec); - break; - case SSL_HdskClientKeyExchange: - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 || - (err = SSLInitPendingCiphers(ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length); - if ((err = SSLFreeBuffer(ctx->preMasterSecret, ctx)) != 0) - return err; - if (ctx->certReceived) { - SSLChangeHdskState(ctx, SSL_HdskStateClientCertVerify); - } - else { - SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec); - } - break; - case SSL_HdskFinished: - /* Handshake is over; enable data transfer on read channel */ - ctx->readCipher.ready = 1; - /* If writePending is set, we haven't yet sent a finished message; - * send it */ - if (ctx->writePending.ready != 0) - { if ((err = SSLPrepareAndQueueMessage(SSLEncodeChangeCipherSpec, - ctx)) != 0) - return err; - - /* Install new cipher spec on write side */ - if ((err = SSLDisposeCipherSuite(&ctx->writeCipher, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - ctx->writeCipher = ctx->writePending; - ctx->writeCipher.ready = 0; - /* Can't send data until Finished is sent */ - memset(&ctx->writePending, 0, sizeof(CipherContext)); - /* Zero out old data */ - if ((err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, - ctx)) != 0) - return err; - ctx->writeCipher.ready = 1; - } - if (ctx->protocolSide == SSL_ServerSide) { - SSLChangeHdskState(ctx, SSL_HdskStateServerReady); - } - else { - SSLChangeHdskState(ctx, SSL_HdskStateClientReady); - } - if (ctx->peerID.data != 0) - SSLAddSessionData(ctx); - break; - default: - assert("Unknown State"); - break; - } - - return noErr; -} - -OSStatus -SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx) -{ OSStatus err; - SSLRecord rec; - - if ((err = msgFunc(rec, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx); - goto fail; - } - - if (rec.contentType == SSL_RecordTypeHandshake) - { if ((err = SSLHashSHA1.update(ctx->shaState, rec.contents)) != 0 || - (err = SSLHashMD5.update(ctx->md5State, rec.contents)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - goto fail; - } - SSLLogHdskMsg((SSLHandshakeType)rec.contents.data[0], 1); - } - - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) - goto fail; - - err = noErr; -fail: - SSLFreeBuffer(rec.contents, ctx); - - return err; -} - -OSStatus -SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx) -{ OSStatus err; - - if ((err = SSLInitMessageHashes(ctx)) != 0) - return err; - - if ((err = SSLHashSHA1.update(ctx->shaState, rec.contents)) != 0 || - (err = SSLHashMD5.update(ctx->md5State, rec.contents)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - - if ((err = SSLAdvanceHandshake(SSL_HdskClientHello, ctx)) != 0) - return err; - - return noErr; -} - -/* log changes in handshake state */ -#ifndef NDEBUG -#include - -char *hdskStateToStr(SSLHandshakeState state) -{ - static char badStr[100]; - - switch(state) { - case SSL_HdskStateUninit: - return "Uninit"; - case SSL_HdskStateServerUninit: - return "ServerUninit"; - case SSL_HdskStateClientUninit: - return "ClientUninit"; - case SSL_HdskStateGracefulClose: - return "GracefulClose"; - case SSL_HdskStateErrorClose: - return "ErrorClose"; - case SSL_HdskStateNoNotifyClose: - return "NoNotifyClose"; - case SSL_HdskStateServerHello: - return "ServerHello"; - case SSL_HdskStateServerHelloUnknownVersion: - return "ServerHelloUnknownVersion"; - case SSL_HdskStateKeyExchange: - return "KeyExchange"; - case SSL_HdskStateCert: - return "Cert"; - case SSL_HdskStateHelloDone: - return "HelloDone"; - case SSL_HdskStateClientCert: - return "ClientCert"; - case SSL_HdskStateClientKeyExchange: - return "ClientKeyExchange"; - case SSL_HdskStateClientCertVerify: - return "ClientCertVerify"; - case SSL_HdskStateChangeCipherSpec: - return "ChangeCipherSpec"; - case SSL_HdskStateFinished: - return "Finished"; - case SSL2_HdskStateClientMasterKey: - return "SSL2_ClientMasterKey"; - case SSL2_HdskStateClientFinished: - return "SSL2_ClientFinished"; - case SSL2_HdskStateServerHello: - return "SSL2_ServerHello"; - case SSL2_HdskStateServerVerify: - return "SSL2_ServerVerify"; - case SSL2_HdskStateServerFinished: - return "SSL2_ServerFinished"; - case SSL_HdskStateServerReady: - return "SSL_ServerReady"; - case SSL_HdskStateClientReady: - return "SSL_ClientReady"; - default: - sprintf(badStr, "Unknown state (%d(d)", state); - return badStr; - } -} - -void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState) -{ - /* FIXME - this ifndef should not be necessary */ - #ifndef NDEBUG - sslHdskStateDebug("...hdskState = %s", hdskStateToStr(newState)); - #endif - ctx->state = newState; -} - - -/* log handshake messages */ - -static char *hdskMsgToStr(SSLHandshakeType msg) -{ - static char badStr[100]; - - switch(msg) { - case SSL_HdskHelloRequest: - return "SSL_HdskHelloRequest"; - case SSL_HdskClientHello: - return "SSL_HdskClientHello"; - case SSL_HdskServerHello: - return "SSL_HdskServerHello"; - case SSL_HdskCert: - return "SSL_HdskCert"; - case SSL_HdskServerKeyExchange: - return "SSL_HdskServerKeyExchange"; - case SSL_HdskCertRequest: - return "SSL_HdskCertRequest"; - case SSL_HdskServerHelloDone: - return "SSL_HdskServerHelloDone"; - case SSL_HdskCertVerify: - return "SSL_HdskCertVerify"; - case SSL_HdskClientKeyExchange: - return "SSL_HdskClientKeyExchange"; - case SSL_HdskFinished: - return "SSL_HdskFinished"; - case SSL_HdskNoCertAlert: - return "SSL_HdskNoCertAlert"; - default: - sprintf(badStr, "Unknown state (%d(d)", msg); - return badStr; - } -} - -void SSLLogHdskMsg(SSLHandshakeType msg, char sent) -{ - sslHdskMsgDebug("---%s handshake msg %s", - hdskMsgToStr(msg), (sent ? "sent" : "recv")); -} - -#endif /* NDEBUG */ - diff --git a/SecureTransport/sslHandshakeFinish.cpp b/SecureTransport/sslHandshakeFinish.cpp deleted file mode 100644 index 13a4edd1..00000000 --- a/SecureTransport/sslHandshakeFinish.cpp +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslHandshakeFinish.c - - Contains: Finished and server hello done messages. - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslUtils.h" -#include "sslDigests.h" - -#include -#include - -OSStatus -SSLEncodeFinishedMessage(SSLRecord &finished, SSLContext *ctx) -{ OSStatus err; - SSLBuffer finishedMsg, shaMsgState, md5MsgState; - Boolean isServerMsg; - unsigned finishedSize; - - shaMsgState.data = 0; - md5MsgState.data = 0; - - /* size and version depend on negotiatedProtocol */ - switch(ctx->negProtocolVersion) { - case SSL_Version_3_0: - finished.protocolVersion = SSL_Version_3_0; - finishedSize = 36; - break; - case TLS_Version_1_0: - finished.protocolVersion = TLS_Version_1_0; - finishedSize = 12; - break; - default: - assert(0); - return errSSLInternal; - } - finished.contentType = SSL_RecordTypeHandshake; - /* msg = type + 3 bytes len + finishedSize */ - if ((err = SSLAllocBuffer(finished.contents, finishedSize + 4, - ctx)) != 0) - return err; - - finished.contents.data[0] = SSL_HdskFinished; - SSLEncodeInt(finished.contents.data + 1, finishedSize, 3); - - finishedMsg.data = finished.contents.data + 4; - finishedMsg.length = finishedSize; - - if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0) - goto fail; - if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0) - goto fail; - isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false; - if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg, - shaMsgState, md5MsgState, isServerMsg)) != 0) - goto fail; - -fail: - SSLFreeBuffer(shaMsgState, ctx); - SSLFreeBuffer(md5MsgState, ctx); - return err; -} - -OSStatus -SSLProcessFinished(SSLBuffer message, SSLContext *ctx) -{ OSStatus err; - SSLBuffer expectedFinished, shaMsgState, md5MsgState; - Boolean isServerMsg; - unsigned finishedSize; - - switch(ctx->negProtocolVersion) { - case SSL_Version_3_0: - finishedSize = 36; - break; - case TLS_Version_1_0: - finishedSize = 12; - break; - default: - assert(0); - return errSSLInternal; - } - if (message.length != finishedSize) { - sslErrorLog("SSLProcessFinished: msg len error 1\n"); - return errSSLProtocol; - } - expectedFinished.data = 0; - if ((err = SSLAllocBuffer(expectedFinished, finishedSize, ctx)) != 0) - return err; - shaMsgState.data = 0; - if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0) - goto fail; - md5MsgState.data = 0; - if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0) - goto fail; - isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true; - if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished, - shaMsgState, md5MsgState, isServerMsg)) != 0) - goto fail; - - if (memcmp(expectedFinished.data, message.data, finishedSize) != 0) - { - sslErrorLog("SSLProcessFinished: memcmp failure\n"); - err = errSSLProtocol; - goto fail; - } - -fail: - SSLFreeBuffer(expectedFinished, ctx); - SSLFreeBuffer(shaMsgState, ctx); - SSLFreeBuffer(md5MsgState, ctx); - return err; -} - -OSStatus -SSLEncodeServerHelloDone(SSLRecord &helloDone, SSLContext *ctx) -{ OSStatus err; - - helloDone.contentType = SSL_RecordTypeHandshake; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - helloDone.protocolVersion = ctx->negProtocolVersion; - if ((err = SSLAllocBuffer(helloDone.contents, 4, ctx)) != 0) - return err; - helloDone.contents.data[0] = SSL_HdskServerHelloDone; - SSLEncodeInt(helloDone.contents.data+1, 0, 3); /* Message has 0 length */ - return noErr; -} - -OSStatus -SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx) -{ assert(ctx->protocolSide == SSL_ClientSide); - if (message.length != 0) { - sslErrorLog("SSLProcessServerHelloDone: nonzero msg len\n"); - return errSSLProtocol; - } - return noErr; -} diff --git a/SecureTransport/sslHandshakeHello.cpp b/SecureTransport/sslHandshakeHello.cpp deleted file mode 100644 index 9264e42a..00000000 --- a/SecureTransport/sslHandshakeHello.cpp +++ /dev/null @@ -1,374 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslHandshakeHello.c - - Contains: Support for client hello and server hello messages. - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslSession.h" -#include "sslUtils.h" -#include "sslDebug.h" -#include "appleCdsa.h" -#include "sslDigests.h" -#include "cipherSpecs.h" - -#include - -static OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx); - -/* IE treats null session id as valid; two consecutive sessions with NULL ID - * are considered a match. Workaround: when resumable sessions are disabled, - * send a random session ID. */ -#define SSL_IE_NULL_RESUME_BUG 1 -#if SSL_IE_NULL_RESUME_BUG -#define SSL_NULL_ID_LEN 32 /* length of bogus session ID */ -#endif - -OSStatus -SSLEncodeServerHello(SSLRecord &serverHello, SSLContext *ctx) -{ OSStatus err; - UInt8 *charPtr; - int sessionIDLen; - - sessionIDLen = 0; - if (ctx->sessionID.data != 0) - sessionIDLen = (UInt8)ctx->sessionID.length; - #if SSL_IE_NULL_RESUME_BUG - if(sessionIDLen == 0) { - sessionIDLen = SSL_NULL_ID_LEN; - } - #endif /* SSL_IE_NULL_RESUME_BUG */ - - /* this was set to a known quantity in SSLProcessClientHello */ - assert(ctx->negProtocolVersion != SSL_Version_Undetermined); - /* should not be here in this case */ - assert(ctx->negProtocolVersion != SSL_Version_2_0); - sslLogNegotiateDebug("===SSL3 server: sending version %d_%d", - ctx->negProtocolVersion >> 8, ctx->negProtocolVersion & 0xff); - sslLogNegotiateDebug("...sessionIDLen = %d", sessionIDLen); - serverHello.protocolVersion = ctx->negProtocolVersion; - serverHello.contentType = SSL_RecordTypeHandshake; - if ((err = SSLAllocBuffer(serverHello.contents, 42 + sessionIDLen, ctx)) != 0) - return err; - - charPtr = serverHello.contents.data; - *charPtr++ = SSL_HdskServerHello; - charPtr = SSLEncodeInt(charPtr, 38 + sessionIDLen, 3); - charPtr = SSLEncodeInt(charPtr, serverHello.protocolVersion, 2); - if ((err = SSLEncodeRandom(charPtr, ctx)) != 0) - return err; - memcpy(ctx->serverRandom, charPtr, SSL_CLIENT_SRVR_RAND_SIZE); - charPtr += SSL_CLIENT_SRVR_RAND_SIZE; - *(charPtr++) = (UInt8)sessionIDLen; - #if SSL_IE_NULL_RESUME_BUG - if(ctx->sessionID.data != NULL) { - /* normal path for enabled resumable session */ - memcpy(charPtr, ctx->sessionID.data, sessionIDLen); - } - else { - /* IE workaround */ - SSLBuffer rb; - rb.data = charPtr; - rb.length = SSL_NULL_ID_LEN; - sslRand(ctx, &rb); - } - #else - if (sessionIDLen > 0) - memcpy(charPtr, ctx->sessionID.data, sessionIDLen); - #endif /* SSL_IE_NULL_RESUME_BUG */ - charPtr += sessionIDLen; - charPtr = SSLEncodeInt(charPtr, ctx->selectedCipher, 2); - *(charPtr++) = 0; /* Null compression */ - - sslLogNegotiateDebug("ssl3: server specifying cipherSuite 0x%lx", - (UInt32)ctx->selectedCipher); - - assert(charPtr == serverHello.contents.data + serverHello.contents.length); - - return noErr; -} - -OSStatus -SSLProcessServerHello(SSLBuffer message, SSLContext *ctx) -{ OSStatus err; - SSLProtocolVersion protocolVersion, negVersion; - unsigned int sessionIDLen; - UInt8 *p; - - assert(ctx->protocolSide == SSL_ClientSide); - - if (message.length < 38 || message.length > 70) { - sslErrorLog("SSLProcessServerHello: msg len error\n"); - return errSSLProtocol; - } - p = message.data; - - protocolVersion = (SSLProtocolVersion)SSLDecodeInt(p, 2); - p += 2; - /* FIXME this should probably send appropriate alerts */ - err = sslVerifyProtVersion(ctx, protocolVersion, &negVersion); - if(err) { - return err; - } - ctx->negProtocolVersion = negVersion; - switch(negVersion) { - case SSL_Version_3_0: - ctx->sslTslCalls = &Ssl3Callouts; - break; - case TLS_Version_1_0: - ctx->sslTslCalls = &Tls1Callouts; - break; - default: - return errSSLNegotiation; - } - sslLogNegotiateDebug("===SSL3 client: negVersion is %d_%d", - (negVersion >> 8) & 0xff, negVersion & 0xff); - - memcpy(ctx->serverRandom, p, 32); - p += 32; - - sessionIDLen = *p++; - if (message.length != 38 + sessionIDLen) { - sslErrorLog("SSLProcessServerHello: msg len error 2\n"); - return errSSLProtocol; - } - if (sessionIDLen > 0 && ctx->peerID.data != 0) - { /* Don't die on error; just treat it as an uncached session */ - err = SSLAllocBuffer(ctx->sessionID, sessionIDLen, ctx); - if (err == 0) - memcpy(ctx->sessionID.data, p, sessionIDLen); - } - p += sessionIDLen; - - ctx->selectedCipher = (UInt16)SSLDecodeInt(p,2); - sslLogNegotiateDebug("===ssl3: server requests cipherKind %d", - (unsigned)ctx->selectedCipher); - p += 2; - if ((err = FindCipherSpec(ctx)) != 0) { - return err; - } - - if (*p++ != 0) /* Compression */ - return unimpErr; - - assert(p == message.data + message.length); - return noErr; -} - -OSStatus -SSLEncodeClientHello(SSLRecord &clientHello, SSLContext *ctx) -{ - unsigned length, i; - OSStatus err; - unsigned char *p; - SSLBuffer sessionIdentifier; - UInt16 sessionIDLen; - - assert(ctx->protocolSide == SSL_ClientSide); - - sessionIDLen = 0; - if (ctx->resumableSession.data != 0) - { if ((err = SSLRetrieveSessionID(ctx->resumableSession, - &sessionIdentifier, ctx)) != 0) - { return err; - } - sessionIDLen = sessionIdentifier.length; - } - - length = 39 + 2*(ctx->numValidCipherSpecs) + sessionIDLen; - - err = sslGetMaxProtVersion(ctx, &clientHello.protocolVersion); - if(err) { - /* we don't have a protocol enabled */ - return err; - } - clientHello.contentType = SSL_RecordTypeHandshake; - if ((err = SSLAllocBuffer(clientHello.contents, length + 4, ctx)) != 0) - return err; - - p = clientHello.contents.data; - *p++ = SSL_HdskClientHello; - p = SSLEncodeInt(p, length, 3); - p = SSLEncodeInt(p, clientHello.protocolVersion, 2); - sslLogNegotiateDebug("===SSL3 client: proclaiming max protocol " - "%d_%d capable ONLY", - clientHello.protocolVersion >> 8, clientHello.protocolVersion & 0xff); - if ((err = SSLEncodeRandom(p, ctx)) != 0) - { SSLFreeBuffer(clientHello.contents, ctx); - return err; - } - memcpy(ctx->clientRandom, p, SSL_CLIENT_SRVR_RAND_SIZE); - p += 32; - *p++ = sessionIDLen; /* 1 byte vector length */ - if (sessionIDLen > 0) - { memcpy(p, sessionIdentifier.data, sessionIDLen); - if ((err = SSLFreeBuffer(sessionIdentifier, ctx)) != 0) - return err; - } - p += sessionIDLen; - p = SSLEncodeInt(p, 2*(ctx->numValidCipherSpecs), 2); - /* 2 byte long vector length */ - for (i = 0; inumValidCipherSpecs; ++i) - p = SSLEncodeInt(p, ctx->validCipherSpecs[i].cipherSpec, 2); - *p++ = 1; /* 1 byte long vector */ - *p++ = 0; /* null compression */ - - assert(p == clientHello.contents.data + clientHello.contents.length); - - if ((err = SSLInitMessageHashes(ctx)) != 0) - return err; - - return noErr; -} - -OSStatus -SSLProcessClientHello(SSLBuffer message, SSLContext *ctx) -{ OSStatus err; - SSLProtocolVersion negVersion; - UInt16 cipherListLen, cipherCount, desiredSpec, cipherSpec; - UInt8 sessionIDLen, compressionCount; - UInt8 *charPtr; - unsigned i; - - if (message.length < 41) { - sslErrorLog("SSLProcessClientHello: msg len error 1\n"); - return errSSLProtocol; - } - charPtr = message.data; - ctx->clientReqProtocol = (SSLProtocolVersion)SSLDecodeInt(charPtr, 2); - charPtr += 2; - err = sslVerifyProtVersion(ctx, ctx->clientReqProtocol, &negVersion); - if(err) { - return err; - } - switch(negVersion) { - case SSL_Version_3_0: - ctx->sslTslCalls = &Ssl3Callouts; - break; - case TLS_Version_1_0: - ctx->sslTslCalls = &Tls1Callouts; - break; - default: - return errSSLNegotiation; - } - ctx->negProtocolVersion = negVersion; - sslLogNegotiateDebug("===SSL3 server: negVersion is %d_%d", - negVersion >> 8, negVersion & 0xff); - - memcpy(ctx->clientRandom, charPtr, SSL_CLIENT_SRVR_RAND_SIZE); - charPtr += 32; - sessionIDLen = *(charPtr++); - if (message.length < (unsigned)(41 + sessionIDLen)) { - sslErrorLog("SSLProcessClientHello: msg len error 2\n"); - return errSSLProtocol; - } - /* FIXME peerID is never set on server side.... */ - if (sessionIDLen > 0 && ctx->peerID.data != 0) - { /* Don't die on error; just treat it as an uncacheable session */ - err = SSLAllocBuffer(ctx->sessionID, sessionIDLen, ctx); - if (err == 0) - memcpy(ctx->sessionID.data, charPtr, sessionIDLen); - } - charPtr += sessionIDLen; - - cipherListLen = (UInt16)SSLDecodeInt(charPtr, 2); - /* Count of cipherSpecs, must be even & >= 2 */ - charPtr += 2; - if ((cipherListLen & 1) || - (cipherListLen < 2) || - (message.length < (unsigned)(39 + sessionIDLen + cipherListLen))) { - sslErrorLog("SSLProcessClientHello: msg len error 3\n"); - return errSSLProtocol; - } - cipherCount = cipherListLen/2; - cipherSpec = 0xFFFF; /* No match marker */ - while (cipherSpec == 0xFFFF && cipherCount--) - { desiredSpec = (UInt16)SSLDecodeInt(charPtr, 2); - charPtr += 2; - for (i = 0; i numValidCipherSpecs; i++) - { if (ctx->validCipherSpecs[i].cipherSpec == desiredSpec) - { cipherSpec = desiredSpec; - break; - } - } - } - - if (cipherSpec == 0xFFFF) - return errSSLNegotiation; - charPtr += 2 * cipherCount; /* Advance past unchecked cipherCounts */ - ctx->selectedCipher = cipherSpec; - if ((err = FindCipherSpec(ctx)) != 0) { - return err; - } - sslLogNegotiateDebug("ssl3 server: selecting cipherKind 0x%x", (unsigned)ctx->selectedCipher); - - compressionCount = *(charPtr++); - if ((compressionCount < 1) || - (message.length < - (unsigned)(38 + sessionIDLen + cipherListLen + compressionCount))) { - sslErrorLog("SSLProcessClientHello: msg len error 4\n"); - return errSSLProtocol; - } - /* Ignore list; we're doing null */ - - if ((err = SSLInitMessageHashes(ctx)) != 0) - return err; - - return noErr; -} - -static OSStatus -SSLEncodeRandom(unsigned char *p, SSLContext *ctx) -{ SSLBuffer randomData; - OSStatus err; - UInt32 time; - - if ((err = sslTime(&time)) != 0) - return err; - SSLEncodeInt(p, time, 4); - randomData.data = p+4; - randomData.length = 28; - if((err = sslRand(ctx, &randomData)) != 0) - return err; - return noErr; -} - -OSStatus -SSLInitMessageHashes(SSLContext *ctx) -{ OSStatus err; - - if ((err = CloseHash(SSLHashSHA1, ctx->shaState, ctx)) != 0) - return err; - if ((err = CloseHash(SSLHashMD5, ctx->md5State, ctx)) != 0) - return err; - if ((err = ReadyHash(SSLHashSHA1, ctx->shaState, ctx)) != 0) - return err; - if ((err = ReadyHash(SSLHashMD5, ctx->md5State, ctx)) != 0) - return err; - return noErr; -} diff --git a/SecureTransport/sslKeyExchange.cpp b/SecureTransport/sslKeyExchange.cpp deleted file mode 100644 index cf7c77b6..00000000 --- a/SecureTransport/sslKeyExchange.cpp +++ /dev/null @@ -1,1376 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslKeyExchange.c - - Contains: Support for key exchange and server key exchange - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslHandshake.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslUtils.h" -#include "appleCdsa.h" -#include "sslDigests.h" -#include "ModuleAttacher.h" -#include "sslBER.h" - -#include -#include - -#include -#include - -#pragma mark - -#pragma mark *** forward static declarations *** -static OSStatus SSLGenServerDHParamsAndKey(SSLContext *ctx); -static OSStatus SSLEncodeDHKeyParams(SSLContext *ctx, UInt8 *charPtr); -static OSStatus SSLDecodeDHKeyParams(SSLContext *ctx, UInt8 *&charPtr, - UInt32 length); - -#define DH_PARAM_DUMP 0 -#if DH_PARAM_DUMP - -static void dumpBuf(const char *name, SSLBuffer &buf) -{ - printf("%s:\n", name); - UInt8 *cp = buf.data; - UInt8 *endCp = cp + buf.length; - - do { - for(unsigned i=0; i<16; i++) { - printf("%02x ", *cp++); - if(cp == endCp) { - break; - } - } - if(cp == endCp) { - break; - } - printf("\n"); - } while(cp < endCp); - printf("\n"); -} -#else -#define dumpBuf(n, b) -#endif /* DH_PARAM_DUMP */ - -#if APPLE_DH - -#pragma mark - -#pragma mark *** local D-H parameter generator *** -/* - * Process-wide server-supplied Diffie-Hellman parameters. - * This might be overridden by some API_supplied parameters - * in the future. - */ -class ServerDhParams -{ -public: - ServerDhParams(); - ~ServerDhParams(); - const SSLBuffer &prime() { return mPrime; } - const SSLBuffer &generator() { return mGenerator; } - const SSLBuffer ¶mBlock() { return mParamBlock; } - -private: - /* these two for sending over the wire */ - SSLBuffer mPrime; - SSLBuffer mGenerator; - /* this one for sending to the CSP at key gen time */ - SSLBuffer mParamBlock; -}; - -ServerDhParams::ServerDhParams() -{ - mPrime.data = NULL; - mPrime.length = 0; - mGenerator.data = NULL; - mGenerator.length = 0; - mParamBlock.data = NULL; - mParamBlock.length = 0; - - CSSM_CSP_HANDLE cspHand; - CSSM_CL_HANDLE clHand; // not used here, just for - // attachToModules() - CSSM_TP_HANDLE tpHand; // ditto - CSSM_RETURN crtn; - - crtn = attachToModules(&cspHand, &clHand, &tpHand); - if(crtn) { - MacOSError::throwMe(errSSLModuleAttach); - } - - CSSM_CC_HANDLE ccHandle; - CSSM_DATA cParams = {0, NULL}; - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DH, - SSL_DH_DEFAULT_PRIME_SIZE, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - &cParams, // Params, may be NULL - &ccHandle); - if(crtn) { - stPrintCdsaError("ServerDhParams CSSM_CSP_CreateKeyGenContext", crtn); - MacOSError::throwMe(errSSLCrypto); - } - - /* explicitly generate params and save them */ - sslDhDebug("^^^generating Diffie-Hellman parameters..."); - crtn = CSSM_GenerateAlgorithmParams(ccHandle, - SSL_DH_DEFAULT_PRIME_SIZE, &cParams); - if(crtn) { - stPrintCdsaError("ServerDhParams CSSM_GenerateAlgorithmParams", crtn); - CSSM_DeleteContext(ccHandle); - MacOSError::throwMe(errSSLCrypto); - } - CSSM_TO_SSLBUF(&cParams, &mParamBlock); - OSStatus ortn = sslDecodeDhParams(&mParamBlock, &mPrime, &mGenerator); - if(ortn) { - sslErrorLog("ServerDhParams: param decode error\n"); - MacOSError::throwMe(ortn); - } - CSSM_DeleteContext(ccHandle); -} - -ServerDhParams::~ServerDhParams() -{ - sslFree(mPrime.data); - sslFree(mGenerator.data); - sslFree(mParamBlock.data); -} - -/* the single global thing */ -static ModuleNexus serverDhParams; - -#endif /* APPLE_DH */ - -#pragma mark - -#pragma mark *** RSA key exchange *** - -/* - * Client RSA Key Exchange msgs actually start with a two-byte - * length field, contrary to the first version of RFC 2246, dated - * January 1999. See RFC 2246, March 2002, section 7.4.7.1 for - * updated requirements. - */ -#define RSA_CLIENT_KEY_ADD_LENGTH 1 - -typedef CSSM_KEY_PTR SSLRSAPrivateKey; - -static OSStatus -SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *ctx) -{ OSStatus err; - SSLBuffer modulus, exponent; - UInt8 *charPtr; - - if(err = attachToCsp(ctx)) { - return err; - } - - /* Note currently ALL public keys are raw, obtained from the CL... */ - assert((*key)->KeyHeader.BlobType == CSSM_KEYBLOB_RAW); - err = sslGetPubKeyBits(ctx, - *key, - ctx->cspHand, - &modulus, - &exponent); - if(err) { - SSLFreeBuffer(modulus, ctx); - SSLFreeBuffer(exponent, ctx); - return err; - } - - if ((err = SSLAllocBuffer(*keyParams, - modulus.length + exponent.length + 4, ctx)) != 0) { - return err; - } - charPtr = keyParams->data; - charPtr = SSLEncodeInt(charPtr, modulus.length, 2); - memcpy(charPtr, modulus.data, modulus.length); - charPtr += modulus.length; - charPtr = SSLEncodeInt(charPtr, exponent.length, 2); - memcpy(charPtr, exponent.data, exponent.length); - - /* these were mallocd by sslGetPubKeyBits() */ - SSLFreeBuffer(modulus, ctx); - SSLFreeBuffer(exponent, ctx); - return noErr; -} - -static OSStatus -SSLEncodeRSAPremasterSecret(SSLContext *ctx) -{ SSLBuffer randData; - OSStatus err; - SSLProtocolVersion maxVersion; - - if ((err = SSLAllocBuffer(ctx->preMasterSecret, - SSL_RSA_PREMASTER_SECRET_SIZE, ctx)) != 0) - return err; - - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - sslGetMaxProtVersion(ctx, &maxVersion); - SSLEncodeInt(ctx->preMasterSecret.data, maxVersion, 2); - randData.data = ctx->preMasterSecret.data+2; - randData.length = SSL_RSA_PREMASTER_SECRET_SIZE - 2; - if ((err = sslRand(ctx, &randData)) != 0) - return err; - return noErr; -} - -/* - * Generate a server key exchange message signed by our RSA or DSA private key. - */ -static OSStatus -SSLEncodeSignedServerKeyExchange(SSLRecord &keyExch, SSLContext *ctx) -{ OSStatus err; - UInt8 *charPtr; - int outputLen; - UInt8 hashes[SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN]; - SSLBuffer exchangeParams,clientRandom,serverRandom,hashCtx, hash; - UInt8 *dataToSign; - UInt32 dataToSignLen; - bool isRsa = true; - UInt32 maxSigLen; - UInt32 actSigLen; - SSLBuffer signature; - const CSSM_KEY *cssmKey; - - assert(ctx->protocolSide == SSL_ServerSide); - assert(ctx->signingPubKey != NULL); - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - exchangeParams.data = 0; - hashCtx.data = 0; - signature.data = 0; - - /* Set up parameter block to hash ==> exchangeParams */ - switch(ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - /* - * Parameter block = encryption public key. - * If app hasn't supplied a separate encryption cert, abort. - */ - if(ctx->encryptPubKey == NULL) { - sslErrorLog("RSAServerKeyExchange: no encrypt cert\n"); - return errSSLBadConfiguration; - } - err = SSLEncodeRSAKeyParams(&exchangeParams, - &ctx->encryptPubKey, ctx); - break; - - #if APPLE_DH - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - isRsa = false; - /* and fall through */ - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - { - /* - * Parameter block = {prime, generator, public key} - * Obtain D-H parameters (if we don't have them) and a key pair. - */ - err = SSLGenServerDHParamsAndKey(ctx); - if(err) { - return err; - } - UInt32 len = ctx->dhParamsPrime.length + - ctx->dhParamsGenerator.length + - ctx->dhExchangePublic.length + 6 /* 3 length fields */; - err = SSLAllocBuffer(exchangeParams, len, ctx); - if(err) { - goto fail; - } - err = SSLEncodeDHKeyParams(ctx, exchangeParams.data); - break; - } - #endif /* APPLE_DH */ - default: - /* shouldn't be here */ - assert(0); - return errSSLInternal; - } - if(err) { - goto fail; - } - - /* cook up hash(es) for raw sign */ - clientRandom.data = ctx->clientRandom; - clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - serverRandom.data = ctx->serverRandom; - serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - - if(isRsa) { - /* skip this if signing with DSA */ - dataToSign = hashes; - dataToSignLen = SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN; - hash.data = &hashes[0]; - hash.length = SSL_MD5_DIGEST_LEN; - - if ((err = ReadyHash(SSLHashMD5, hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, exchangeParams)) != 0) - goto fail; - if ((err = SSLHashMD5.final(hashCtx, hash)) != 0) - goto fail; - if ((err = SSLFreeBuffer(hashCtx, ctx)) != 0) - goto fail; - } - else { - /* DSA - just use the SHA1 hash */ - dataToSign = &hashes[SSL_MD5_DIGEST_LEN]; - dataToSignLen = SSL_SHA1_DIGEST_LEN; - } - hash.data = &hashes[SSL_MD5_DIGEST_LEN]; - hash.length = SSL_SHA1_DIGEST_LEN; - if ((err = ReadyHash(SSLHashSHA1, hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, exchangeParams)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(hashCtx, hash)) != 0) - goto fail; - if ((err = SSLFreeBuffer(hashCtx, ctx)) != 0) - goto fail; - - /* preallocate a buffer for signing */ - err = SecKeyGetCSSMKey(ctx->signingPrivKeyRef, &cssmKey); - if(err) { - sslErrorLog("SSLEncodeSignedServerKeyExchange: SecKeyGetCSSMKey err %d\n", - (int)err); - goto fail; - } - err = sslGetMaxSigSize(cssmKey, maxSigLen); - if(err) { - goto fail; - } - err = SSLAllocBuffer(signature, maxSigLen, ctx); - if(err) { - goto fail; - } - - err = sslRawSign(ctx, - ctx->signingPrivKeyRef, - dataToSign, // one or two hashes - dataToSignLen, - signature.data, - maxSigLen, - &actSigLen); - if(err) { - goto fail; - } - assert(actSigLen <= maxSigLen); - - /* package it all up */ - outputLen = exchangeParams.length + 2 + actSigLen; - keyExch.protocolVersion = ctx->negProtocolVersion; - keyExch.contentType = SSL_RecordTypeHandshake; - if ((err = SSLAllocBuffer(keyExch.contents, outputLen+4, ctx)) != 0) - goto fail; - - charPtr = keyExch.contents.data; - *charPtr++ = SSL_HdskServerKeyExchange; - charPtr = SSLEncodeInt(charPtr, outputLen, 3); - - memcpy(charPtr, exchangeParams.data, exchangeParams.length); - charPtr += exchangeParams.length; - charPtr = SSLEncodeInt(charPtr, actSigLen, 2); - memcpy(charPtr, signature.data, actSigLen); - assert((charPtr + actSigLen) == - (keyExch.contents.data + keyExch.contents.length)); - - err = noErr; - -fail: - SSLFreeBuffer(hashCtx, ctx); - SSLFreeBuffer(exchangeParams, ctx); - SSLFreeBuffer(signature, ctx); - return err; -} - -/* - * Decode and verify a server key exchange message signed by server's - * public key. - */ -static OSStatus -SSLDecodeSignedServerKeyExchange(SSLBuffer message, SSLContext *ctx) -{ - OSStatus err; - SSLBuffer hashOut, hashCtx, clientRandom, serverRandom; - UInt16 modulusLen, exponentLen, signatureLen; - UInt8 *modulus, *exponent, *signature; - UInt8 hashes[SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN]; - SSLBuffer signedHashes; - UInt8 *dataToSign; - UInt32 dataToSignLen; - bool isRsa = true; - - assert(ctx->protocolSide == SSL_ClientSide); - signedHashes.data = 0; - hashCtx.data = 0; - - if (message.length < 2) { - sslErrorLog("SSLDecodeSignedServerKeyExchange: msg len error 1\n"); - return errSSLProtocol; - } - - /* first extract the key-exchange-method-specific parameters */ - UInt8 *charPtr = message.data; - UInt8 *endCp = charPtr + message.length; - switch(ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - modulusLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((charPtr + modulusLen) > endCp) { - sslErrorLog("signedServerKeyExchange: msg len error 2\n"); - return errSSLProtocol; - } - modulus = charPtr; - charPtr += modulusLen; - - exponentLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((charPtr + exponentLen) > endCp) { - sslErrorLog("signedServerKeyExchange: msg len error 3\n"); - return errSSLProtocol; - } - exponent = charPtr; - charPtr += exponentLen; - break; - #if APPLE_DH - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - isRsa = false; - /* and fall through */ - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - err = SSLDecodeDHKeyParams(ctx, charPtr, message.length); - if(err) { - return err; - } - break; - #endif /* APPLE_DH */ - default: - assert(0); - return errSSLInternal; - } - - /* this is what's hashed */ - SSLBuffer signedParams; - signedParams.data = message.data; - signedParams.length = charPtr - message.data; - - signatureLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((charPtr + signatureLen) != endCp) { - sslErrorLog("signedServerKeyExchange: msg len error 4\n"); - return errSSLProtocol; - } - signature = charPtr; - - clientRandom.data = ctx->clientRandom; - clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - serverRandom.data = ctx->serverRandom; - serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; - - if(isRsa) { - /* skip this if signing with DSA */ - dataToSign = hashes; - dataToSignLen = SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN; - hashOut.data = hashes; - hashOut.length = SSL_MD5_DIGEST_LEN; - - if ((err = ReadyHash(SSLHashMD5, hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, signedParams)) != 0) - goto fail; - if ((err = SSLHashMD5.final(hashCtx, hashOut)) != 0) - goto fail; - } - else { - /* DSA - just use the SHA1 hash */ - dataToSign = &hashes[SSL_MD5_DIGEST_LEN]; - dataToSignLen = SSL_SHA1_DIGEST_LEN; - } - hashOut.data = hashes + SSL_MD5_DIGEST_LEN; - hashOut.length = SSL_SHA1_DIGEST_LEN; - if ((err = SSLFreeBuffer(hashCtx, ctx)) != 0) - goto fail; - - if ((err = ReadyHash(SSLHashSHA1, hashCtx, ctx)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(hashCtx, signedParams)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(hashCtx, hashOut)) != 0) - goto fail; - - err = sslRawVerify(ctx, - ctx->peerPubKey, - ctx->peerPubKeyCsp, - dataToSign, /* plaintext */ - dataToSignLen, /* plaintext length */ - signature, - signatureLen); - if(err) { - sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify " - "returned %d\n", (int)err); - goto fail; - } - - /* Signature matches; now replace server key with new key */ - switch(ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - { - SSLBuffer modBuf; - SSLBuffer expBuf; - - /* first free existing peerKey */ - sslFreeKey(ctx->peerPubKeyCsp, - &ctx->peerPubKey, - NULL); /* no KCItem */ - - /* and cook up a new one from raw bits */ - modBuf.data = modulus; - modBuf.length = modulusLen; - expBuf.data = exponent; - expBuf.length = exponentLen; - err = sslGetPubKeyFromBits(ctx, - &modBuf, - &expBuf, - &ctx->peerPubKey, - &ctx->peerPubKeyCsp); - break; - } - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - break; /* handled above */ - default: - assert(0); /* handled above */ - } -fail: - SSLFreeBuffer(signedHashes, ctx); - SSLFreeBuffer(hashCtx, ctx); - return err; -} - -static OSStatus -SSLDecodeRSAKeyExchange(SSLBuffer keyExchange, SSLContext *ctx) -{ OSStatus err; - UInt32 outputLen, localKeyModulusLen; - SSLProtocolVersion version; - Boolean useEncryptKey = false; - UInt8 *src = NULL; - SecKeyRef keyRef = NULL; - const CSSM_KEY *cssmKey; - - assert(ctx->protocolSide == SSL_ServerSide); - - #if SSL_SERVER_KEYEXCH_HACK - /* - * the way we work with Netscape. - * FIXME - maybe we should *require* an encryptPrivKey in this - * situation? - */ - if((ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) && - (ctx->encryptPrivKey != NULL)) { - useEncryptKey = true; - } - - #else /* !SSL_SERVER_KEYEXCH_HACK */ - /* The "correct" way, I think, which doesn't work with Netscape */ - if (ctx->encryptPrivKeyRef) { - useEncryptKey = true; - } - #endif /* SSL_SERVER_KEYEXCH_HACK */ - if (useEncryptKey) { - keyRef = ctx->encryptPrivKeyRef; - /* FIXME: when 3420180 is implemented, pick appropriate creds here */ - } - else { - keyRef = ctx->signingPrivKeyRef; - /* FIXME: when 3420180 is implemented, pick appropriate creds here */ - } - err = SecKeyGetCSSMKey(keyRef, &cssmKey); - if(err) { - sslErrorLog("SSLDecodeRSAKeyExchange: SecKeyGetCSSMKey err %d\n", - (int)err); - return err; - } - - localKeyModulusLen = sslKeyLengthInBytes(cssmKey); - - /* - * We have to tolerate incoming key exchange msgs with and without the - * two-byte "encrypted length" field. - */ - if (keyExchange.length == localKeyModulusLen) { - /* no length encoded */ - src = keyExchange.data; - } - else if((keyExchange.length == (localKeyModulusLen + 2)) && - (ctx->negProtocolVersion >= TLS_Version_1_0)) { - /* TLS only - skip the length bytes */ - src = keyExchange.data + 2; - } - else { - sslErrorLog("SSLDecodeRSAKeyExchange: length error (exp %u got %u)\n", - (unsigned)localKeyModulusLen, (unsigned)keyExchange.length); - return errSSLProtocol; - } - err = SSLAllocBuffer(ctx->preMasterSecret, SSL_RSA_PREMASTER_SECRET_SIZE, ctx); - if(err != 0) { - return err; - } - - /* - * From this point on, to defend against the Bleichenbacher attack - * and its Klima-Pokorny-Rosa variant, any errors we detect are *not* - * reported to the caller or the peer. If we detect any error during - * decryption (e.g., bad PKCS1 padding) or in the testing of the version - * number in the premaster secret, we proceed by generating a random - * premaster secret, with the correct version number, and tell our caller - * that everything is fine. This session will fail as soon as the - * finished messages are sent, since we will be using a bogus premaster - * secret (and hence bogus session and MAC keys). Meanwhile we have - * not provided any side channel information relating to the cause of - * the failure. - * - * See http://eprint.iacr.org/2003/052/ for more info. - */ - err = sslRsaDecrypt(ctx, - keyRef, - src, - localKeyModulusLen, // ciphertext len - ctx->preMasterSecret.data, - SSL_RSA_PREMASTER_SECRET_SIZE, // plaintext buf available - &outputLen); - - if(err != noErr) { - /* possible Bleichenbacher attack */ - sslLogNegotiateDebug("SSLDecodeRSAKeyExchange: RSA decrypt fail"); - } - else if(outputLen != SSL_RSA_PREMASTER_SECRET_SIZE) { - sslLogNegotiateDebug("SSLDecodeRSAKeyExchange: premaster secret size error"); - err = errSSLProtocol; // not passed back to caller - } - - if(err == noErr) { - /* - * Two legal values here - the one we actually negotiated (which is - * technically incorrect but not uncommon), and the one the client - * sent as its preferred version in the client hello msg. - */ - version = (SSLProtocolVersion)SSLDecodeInt(ctx->preMasterSecret.data, 2); - if((version != ctx->negProtocolVersion) && - (version != ctx->clientReqProtocol)) { - /* possible Klima-Pokorny-Rosa attack */ - sslLogNegotiateDebug("SSLDecodeRSAKeyExchange: version error"); - err = errSSLProtocol; - } - } - if(err != noErr) { - /* - * Obfuscate failures for defense against Bleichenbacher and - * Klima-Pokorny-Rosa attacks. - */ - SSLEncodeInt(ctx->preMasterSecret.data, ctx->negProtocolVersion, 2); - SSLBuffer tmpBuf; - tmpBuf.data = ctx->preMasterSecret.data + 2; - tmpBuf.length = SSL_RSA_PREMASTER_SECRET_SIZE - 2; - /* must ignore failures here */ - sslRand(ctx, &tmpBuf); - } - - /* in any case, save premaster secret (good or bogus) and proceed */ - return noErr; -} - -static OSStatus -SSLEncodeRSAKeyExchange(SSLRecord &keyExchange, SSLContext *ctx) -{ OSStatus err; - UInt32 outputLen, peerKeyModulusLen; - UInt32 bufLen; - UInt8 *dst; - bool encodeLen = false; - - assert(ctx->protocolSide == SSL_ClientSide); - if ((err = SSLEncodeRSAPremasterSecret(ctx)) != 0) - return err; - - keyExchange.contentType = SSL_RecordTypeHandshake; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - keyExchange.protocolVersion = ctx->negProtocolVersion; - - peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); - bufLen = peerKeyModulusLen + 4; - #if RSA_CLIENT_KEY_ADD_LENGTH - if(ctx->negProtocolVersion >= TLS_Version_1_0) { - bufLen += 2; - encodeLen = true; - } - #endif - if ((err = SSLAllocBuffer(keyExchange.contents, - bufLen,ctx)) != 0) - { - return err; - } - dst = keyExchange.contents.data + 4; - if(encodeLen) { - dst += 2; - } - keyExchange.contents.data[0] = SSL_HdskClientKeyExchange; - - /* this is the record payload length */ - SSLEncodeInt(keyExchange.contents.data + 1, bufLen - 4, 3); - if(encodeLen) { - /* the length of the encrypted pre_master_secret */ - SSLEncodeInt(keyExchange.contents.data + 4, - peerKeyModulusLen, 2); - } - err = sslRsaEncrypt(ctx, - ctx->peerPubKey, - /* FIXME - maybe this should be ctx->cspHand */ - ctx->peerPubKeyCsp, - ctx->preMasterSecret.data, - SSL_RSA_PREMASTER_SECRET_SIZE, - dst, - peerKeyModulusLen, - &outputLen); - if(err) { - return err; - } - - assert(outputLen == encodeLen ? - keyExchange.contents.length - 6 : - keyExchange.contents.length - 4 ); - - return noErr; -} - - -#if APPLE_DH - -#pragma mark - -#pragma mark *** Diffie-Hellman key exchange *** - -/* - * Diffie-Hellman setup, server side. On successful return, the - * following SSLContext members are valid: - * - * dhParamsPrime - * dhParamsGenerator - * dhPrivate - * dhExchangePublic - */ -static OSStatus -SSLGenServerDHParamsAndKey( - SSLContext *ctx) -{ - OSStatus ortn; - assert(ctx->protocolSide == SSL_ServerSide); - - /* - * Obtain D-H parameters if we don't have them. - */ - if(ctx->dhParamsPrime.data == NULL) { - assert(ctx->dhParamsGenerator.data == NULL); - const SSLBuffer &pr = serverDhParams().prime(); - ortn = SSLCopyBuffer(pr, ctx->dhParamsPrime); - if(ortn) { - return ortn; - } - const SSLBuffer &gen = serverDhParams().generator(); - ortn = SSLCopyBuffer(gen, ctx->dhParamsGenerator); - if(ortn) { - return ortn; - } - const SSLBuffer &block = serverDhParams().paramBlock(); - ortn = SSLCopyBuffer(block, ctx->dhParamsEncoded); - if(ortn) { - return ortn; - } - } - - /* generate per-session D-H key pair */ - sslFreeKey(ctx->cspHand, &ctx->dhPrivate, NULL); - SSLFreeBuffer(ctx->dhExchangePublic, ctx); - ctx->dhPrivate = (CSSM_KEY *)sslMalloc(sizeof(CSSM_KEY)); - CSSM_KEY pubKey; - ortn = sslDhGenerateKeyPair(ctx, - ctx->dhParamsEncoded, - ctx->dhParamsPrime.length * 8, - &pubKey, ctx->dhPrivate); - if(ortn) { - return ortn; - } - CSSM_TO_SSLBUF(&pubKey.KeyData, &ctx->dhExchangePublic); - return noErr; -} - -/* - * Encode DH params and public key in caller-supplied buffer. - */ -static OSStatus -SSLEncodeDHKeyParams( - SSLContext *ctx, - UInt8 *charPtr) -{ - assert(ctx->protocolSide == SSL_ServerSide); - assert(ctx->dhParamsPrime.data != NULL); - assert(ctx->dhParamsGenerator.data != NULL); - assert(ctx->dhExchangePublic.data != NULL); - - charPtr = SSLEncodeInt(charPtr, ctx->dhParamsPrime.length, 2); - memcpy(charPtr, ctx->dhParamsPrime.data, ctx->dhParamsPrime.length); - charPtr += ctx->dhParamsPrime.length; - - charPtr = SSLEncodeInt(charPtr, ctx->dhParamsGenerator.length, 2); - memcpy(charPtr, ctx->dhParamsGenerator.data, - ctx->dhParamsGenerator.length); - charPtr += ctx->dhParamsGenerator.length; - - charPtr = SSLEncodeInt(charPtr, ctx->dhExchangePublic.length, 2); - memcpy(charPtr, ctx->dhExchangePublic.data, - ctx->dhExchangePublic.length); - - dumpBuf("server prime", ctx->dhParamsPrime); - dumpBuf("server generator", ctx->dhParamsGenerator); - dumpBuf("server pub key", ctx->dhExchangePublic); - return noErr; -} - -/* - * Decode DH params and server public key. - */ -static OSStatus -SSLDecodeDHKeyParams( - SSLContext *ctx, - UInt8 *&charPtr, // IN/OUT - UInt32 length) -{ - OSStatus err = noErr; - - assert(ctx->protocolSide == SSL_ClientSide); - UInt8 *endCp = charPtr + length; - - /* Allow reuse via renegotiation */ - SSLFreeBuffer(ctx->dhParamsPrime, ctx); - SSLFreeBuffer(ctx->dhParamsGenerator, ctx); - SSLFreeBuffer(ctx->dhPeerPublic, ctx); - - /* Prime, with a two-byte length */ - UInt32 len = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((charPtr + len) > endCp) { - return errSSLProtocol; - } - err = SSLAllocBuffer(ctx->dhParamsPrime, len, ctx); - if(err) { - return err; - } - memmove(ctx->dhParamsPrime.data, charPtr, len); - charPtr += len; - - /* Generator, with a two-byte length */ - len = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((charPtr + len) > endCp) { - return errSSLProtocol; - } - err = SSLAllocBuffer(ctx->dhParamsGenerator, len, ctx); - if(err) { - return err; - } - memmove(ctx->dhParamsGenerator.data, charPtr, len); - charPtr += len; - - /* peer public key, with a two-byte length */ - len = SSLDecodeInt(charPtr, 2); - charPtr += 2; - err = SSLAllocBuffer(ctx->dhPeerPublic, len, ctx); - if(err) { - return err; - } - memmove(ctx->dhPeerPublic.data, charPtr, len); - charPtr += len; - - dumpBuf("client peer pub", ctx->dhPeerPublic); - dumpBuf("client prime", ctx->dhParamsPrime); - dumpBuf("client generator", ctx->dhParamsGenerator); - - return err; -} - -/* - * Given the server's Diffie-Hellman parameters, generate our - * own DH key pair, and perform key exchange using the server's - * public key and our private key. The result is the premaster - * secret. - * - * SSLContext members valid on entry: - * dhParamsPrime - * dhParamsGenerator - * dhPeerPublic - * - * SSLContext members valid on successful return: - * dhPrivate - * dhExchangePublic - * preMasterSecret - */ -static OSStatus -SSLGenClientDHKeyAndExchange(SSLContext *ctx) -{ - OSStatus ortn; - - assert(ctx->protocolSide == SSL_ClientSide); - if((ctx->dhParamsPrime.data == NULL) || - (ctx->dhParamsGenerator.data == NULL) || - (ctx->dhPeerPublic.data == NULL)) { - sslErrorLog("SSLGenClientDHKeyAndExchange: incomplete server params\n"); - return errSSLProtocol; - } - - /* generate two keys */ - CSSM_KEY pubKey; - ctx->dhPrivate = (CSSM_KEY *)sslMalloc(sizeof(CSSM_KEY)); - ortn = sslDhGenKeyPairClient(ctx, - ctx->dhParamsPrime, ctx->dhParamsGenerator, - &pubKey, ctx->dhPrivate); - if(ortn) { - sslFree(ctx->dhPrivate); - ctx->dhPrivate = NULL; - return ortn; - } - - /* do the exchange, size of prime */ - ortn = sslDhKeyExchange(ctx, ctx->dhParamsPrime.length * 8, - &ctx->preMasterSecret); - if(ortn) { - return ortn; - } - CSSM_TO_SSLBUF(&pubKey.KeyData, &ctx->dhExchangePublic); - return noErr; -} - -static OSStatus -SSLEncodeDHanonServerKeyExchange(SSLRecord &keyExch, SSLContext *ctx) -{ - OSStatus ortn = noErr; - - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - assert(ctx->protocolSide == SSL_ServerSide); - - /* - * Obtain D-H parameters (if we don't have them) and a key pair. - */ - ortn = SSLGenServerDHParamsAndKey(ctx); - if(ortn) { - return ortn; - } - - UInt32 length = 6 + - ctx->dhParamsPrime.length + - ctx->dhParamsGenerator.length + ctx->dhExchangePublic.length; - - keyExch.protocolVersion = ctx->negProtocolVersion; - keyExch.contentType = SSL_RecordTypeHandshake; - if ((ortn = SSLAllocBuffer(keyExch.contents, length+4, ctx)) != 0) - return ortn; - - UInt8 *charPtr = keyExch.contents.data; - *charPtr++ = SSL_HdskServerKeyExchange; - charPtr = SSLEncodeInt(charPtr, length, 3); - - /* encode prime, generator, our public key */ - return SSLEncodeDHKeyParams(ctx, charPtr); -} - - -static OSStatus -SSLDecodeDHanonServerKeyExchange(SSLBuffer message, SSLContext *ctx) -{ - OSStatus err = noErr; - - assert(ctx->protocolSide == SSL_ClientSide); - if (message.length < 6) { - sslErrorLog("SSLDecodeDHanonServerKeyExchange error: msg len %u\n", - (unsigned)message.length); - return errSSLProtocol; - } - UInt8 *charPtr = message.data; - err = SSLDecodeDHKeyParams(ctx, charPtr, message.length); - if(err == noErr) { - if((message.data + message.length) != charPtr) { - err = errSSLProtocol; - } - } - return err; -} - -static OSStatus -SSLDecodeDHClientKeyExchange(SSLBuffer keyExchange, SSLContext *ctx) -{ - OSStatus ortn = noErr; - unsigned int publicLen; - - assert(ctx->protocolSide == SSL_ServerSide); - if(ctx->dhParamsPrime.data == NULL) { - /* should never happen */ - assert(0); - return errSSLInternal; - } - - /* this message simply contains the client's public DH key */ - UInt8 *charPtr = keyExchange.data; - publicLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if((keyExchange.length != publicLen + 2) || - (publicLen > ctx->dhParamsPrime.length)) { - return errSSLProtocol; - } - SSLFreeBuffer(ctx->dhPeerPublic, ctx); // allow reuse via renegotiation - ortn = SSLAllocBuffer(ctx->dhPeerPublic, publicLen, ctx); - if(ortn) { - return ortn; - } - memmove(ctx->dhPeerPublic.data, charPtr, publicLen); - - /* DH Key exchange, result --> premaster secret */ - SSLFreeBuffer(ctx->preMasterSecret, ctx); - ortn = sslDhKeyExchange(ctx, ctx->dhParamsPrime.length * 8, - &ctx->preMasterSecret); - - dumpBuf("server peer pub", ctx->dhPeerPublic); - dumpBuf("server premaster", ctx->preMasterSecret); - return ortn; -} - -static OSStatus -SSLEncodeDHClientKeyExchange(SSLRecord &keyExchange, SSLContext *ctx) -{ OSStatus err; - unsigned int outputLen; - - assert(ctx->protocolSide == SSL_ClientSide); - if ((err = SSLGenClientDHKeyAndExchange(ctx)) != 0) - return err; - - outputLen = ctx->dhExchangePublic.length + 2; - - keyExchange.contentType = SSL_RecordTypeHandshake; - assert((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == TLS_Version_1_0)); - keyExchange.protocolVersion = ctx->negProtocolVersion; - - if ((err = SSLAllocBuffer(keyExchange.contents,outputLen + 4,ctx)) != 0) - return err; - - keyExchange.contents.data[0] = SSL_HdskClientKeyExchange; - SSLEncodeInt(keyExchange.contents.data+1, - ctx->dhExchangePublic.length+2, 3); - - SSLEncodeInt(keyExchange.contents.data+4, - ctx->dhExchangePublic.length, 2); - memcpy(keyExchange.contents.data+6, ctx->dhExchangePublic.data, - ctx->dhExchangePublic.length); - - dumpBuf("client pub key", ctx->dhExchangePublic); - dumpBuf("client premaster", ctx->preMasterSecret); - return noErr; -} - -#endif /* APPLE_DH */ - -#pragma mark - -#pragma mark *** Public Functions *** -OSStatus -SSLEncodeServerKeyExchange(SSLRecord &keyExch, SSLContext *ctx) -{ OSStatus err; - - switch (ctx->selectedCipherSpec->keyExchangeMethod) - { case SSL_RSA: - case SSL_RSA_EXPORT: - #if APPLE_DH - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - #endif /* APPLE_DH */ - if ((err = SSLEncodeSignedServerKeyExchange(keyExch, ctx)) != 0) - return err; - break; - #if APPLE_DH - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - if ((err = SSLEncodeDHanonServerKeyExchange(keyExch, ctx)) != 0) - return err; - break; - #endif - default: - return unimpErr; - } - - return noErr; -} - -OSStatus -SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx) -{ - OSStatus err; - - switch (ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - #if APPLE_DH - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - #endif - err = SSLDecodeSignedServerKeyExchange(message, ctx); - break; - #if APPLE_DH - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - err = SSLDecodeDHanonServerKeyExchange(message, ctx); - break; - #endif - default: - err = unimpErr; - break; - } - - return err; -} - -OSStatus -SSLEncodeKeyExchange(SSLRecord &keyExchange, SSLContext *ctx) -{ OSStatus err; - - assert(ctx->protocolSide == SSL_ClientSide); - - switch (ctx->selectedCipherSpec->keyExchangeMethod) { - case SSL_RSA: - case SSL_RSA_EXPORT: - err = SSLEncodeRSAKeyExchange(keyExchange, ctx); - break; - #if APPLE_DH - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - err = SSLEncodeDHClientKeyExchange(keyExchange, ctx); - break; - #endif - default: - err = unimpErr; - } - - return err; -} - -OSStatus -SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx) -{ OSStatus err; - - switch (ctx->selectedCipherSpec->keyExchangeMethod) - { case SSL_RSA: - case SSL_RSA_EXPORT: - if ((err = SSLDecodeRSAKeyExchange(keyExchange, ctx)) != 0) - return err; - break; - #if APPLE_DH - case SSL_DH_anon: - case SSL_DHE_DSS: - case SSL_DHE_DSS_EXPORT: - case SSL_DHE_RSA: - case SSL_DHE_RSA_EXPORT: - case SSL_DH_anon_EXPORT: - if ((err = SSLDecodeDHClientKeyExchange(keyExchange, ctx)) != 0) - return err; - break; - #endif - default: - return unimpErr; - } - - return noErr; -} - -OSStatus -SSLInitPendingCiphers(SSLContext *ctx) -{ OSStatus err; - SSLBuffer key; - UInt8 *keyDataProgress, *keyPtr, *ivPtr; - int keyDataLen; - CipherContext *serverPending, *clientPending; - - key.data = 0; - - ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm; - ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher; - ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher; - ctx->readPending.sequenceNum.high = ctx->readPending.sequenceNum.low = 0; - ctx->writePending.sequenceNum.high = ctx->writePending.sequenceNum.low = 0; - - keyDataLen = ctx->selectedCipherSpec->macAlgorithm->hash->digestSize + - ctx->selectedCipherSpec->cipher->secretKeySize; - if (ctx->selectedCipherSpec->isExportable == NotExportable) - keyDataLen += ctx->selectedCipherSpec->cipher->ivSize; - keyDataLen *= 2; /* two of everything */ - - if ((err = SSLAllocBuffer(key, keyDataLen, ctx)) != 0) - return err; - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->generateKeyMaterial(key, ctx)) != 0) - goto fail; - - if (ctx->protocolSide == SSL_ServerSide) - { serverPending = &ctx->writePending; - clientPending = &ctx->readPending; - } - else - { serverPending = &ctx->readPending; - clientPending = &ctx->writePending; - } - - keyDataProgress = key.data; - memcpy(clientPending->macSecret, keyDataProgress, - ctx->selectedCipherSpec->macAlgorithm->hash->digestSize); - keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize; - memcpy(serverPending->macSecret, keyDataProgress, - ctx->selectedCipherSpec->macAlgorithm->hash->digestSize); - keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize; - - /* init the reusable-per-record MAC contexts */ - err = ctx->sslTslCalls->initMac(clientPending, ctx); - if(err) { - goto fail; - } - err = ctx->sslTslCalls->initMac(serverPending, ctx); - if(err) { - goto fail; - } - - if (ctx->selectedCipherSpec->isExportable == NotExportable) - { keyPtr = keyDataProgress; - keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize; - /* Skip server write key to get to IV */ - ivPtr = keyDataProgress + ctx->selectedCipherSpec->cipher->secretKeySize; - if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr, - clientPending, ctx)) != 0) - goto fail; - keyPtr = keyDataProgress; - keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize; - /* Skip client write IV to get to server write IV */ - ivPtr = keyDataProgress + ctx->selectedCipherSpec->cipher->ivSize; - if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr, - serverPending, ctx)) != 0) - goto fail; - } - else { - UInt8 clientExportKey[16], serverExportKey[16], - clientExportIV[16], serverExportIV[16]; - SSLBuffer clientWrite, serverWrite; - SSLBuffer finalClientWrite, finalServerWrite; - SSLBuffer finalClientIV, finalServerIV; - - assert(ctx->selectedCipherSpec->cipher->keySize <= 16); - assert(ctx->selectedCipherSpec->cipher->ivSize <= 16); - - /* Inputs to generateExportKeyAndIv are clientRandom, serverRandom, - * clientWriteKey, serverWriteKey. The first two are already present - * in ctx. - * Outputs are a key and IV for each of {server, client}. - */ - clientWrite.data = keyDataProgress; - clientWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize; - serverWrite.data = keyDataProgress + clientWrite.length; - serverWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize; - finalClientWrite.data = clientExportKey; - finalServerWrite.data = serverExportKey; - finalClientIV.data = clientExportIV; - finalServerIV.data = serverExportIV; - finalClientWrite.length = 16; - finalServerWrite.length = 16; - /* these can be zero */ - finalClientIV.length = ctx->selectedCipherSpec->cipher->ivSize; - finalServerIV.length = ctx->selectedCipherSpec->cipher->ivSize; - - assert(ctx->sslTslCalls != NULL); - err = ctx->sslTslCalls->generateExportKeyAndIv(ctx, clientWrite, serverWrite, - finalClientWrite, finalServerWrite, finalClientIV, finalServerIV); - if(err) { - goto fail; - } - if ((err = ctx->selectedCipherSpec->cipher->initialize(clientExportKey, - clientExportIV, clientPending, ctx)) != 0) - goto fail; - if ((err = ctx->selectedCipherSpec->cipher->initialize(serverExportKey, - serverExportIV, serverPending, ctx)) != 0) - goto fail; - } - - /* Ciphers are ready for use */ - ctx->writePending.ready = 1; - ctx->readPending.ready = 1; - - /* Ciphers get swapped by sending or receiving a change cipher spec message */ - - err = noErr; -fail: - SSLFreeBuffer(key, ctx); - return err; -} - diff --git a/SecureTransport/sslKeychain.cpp b/SecureTransport/sslKeychain.cpp deleted file mode 100644 index 28e37225..00000000 --- a/SecureTransport/sslKeychain.cpp +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslKeychain.c - - Contains: Apple Keychain routines - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" -#include "sslContext.h" -#include "sslMemory.h" -#include "appleCdsa.h" -#include "sslDebug.h" -#include "sslKeychain.h" -#include "sslUtils.h" -#include -#include -#include -#include - -/* - * Given an array of certs (as SecIdentityRefs, specified by caller - * in SSLSetCertificate or SSLSetEncryptionCertificate) and a - * destination SSLCertificate: - * - * -- free destCerts if we have any - * -- Get raw cert data, convert to array of SSLCertificates in *destCert - * -- validate cert chain - * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey - */ - -/* Convert a SecCertificateRef to an SSLCertificate * */ -static OSStatus secCertToSslCert( - SSLContext *ctx, - SecCertificateRef certRef, - SSLCertificate **sslCert) -{ - CSSM_DATA certData; // struct is transient, referent owned by - // Sec layer - OSStatus ortn; - SSLCertificate *thisSslCert = NULL; - - ortn = SecCertificateGetData(certRef, &certData); - if(ortn) { - sslErrorLog("SecCertificateGetData() returned %d\n", (int)ortn); - return ortn; - } - - thisSslCert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); - if(thisSslCert == NULL) { - return memFullErr; - } - if(SSLAllocBuffer(thisSslCert->derCert, certData.Length, - ctx)) { - return memFullErr; - } - memcpy(thisSslCert->derCert.data, certData.Data, certData.Length); - thisSslCert->derCert.length = certData.Length; - *sslCert = thisSslCert; - return noErr; -} - -OSStatus -parseIncomingCerts( - SSLContext *ctx, - CFArrayRef certs, - SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */ - CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */ - SecKeyRef *privKeyRef) /* &ctx->signingPrivKeyRef, etc. */ -{ - CFIndex numCerts; - CFIndex cert; - SSLCertificate *certChain = NULL; - SSLCertificate *thisSslCert; - OSStatus ortn; - SecIdentityRef identity; - SecCertificateRef certRef; - SecKeyRef keyRef; - CSSM_DATA certData; - CSSM_CL_HANDLE clHand; // carefully derive from a SecCertificateRef - CSSM_RETURN crtn; - - assert(ctx != NULL); - assert(destCert != NULL); /* though its referent may be NULL */ - assert(pubKey != NULL); - assert(privKeyRef != NULL); - - sslDeleteCertificateChain(*destCert, ctx); - *destCert = NULL; - *pubKey = NULL; - *privKeyRef = NULL; - - if(certs == NULL) { - sslErrorLog("parseIncomingCerts: NULL incoming cert array\n"); - return errSSLBadCert; - } - numCerts = CFArrayGetCount(certs); - if(numCerts == 0) { - sslErrorLog("parseIncomingCerts: empty incoming cert array\n"); - return errSSLBadCert; - } - - /* - * Certs[0] is an SecIdentityRef from which we extract subject cert, - * privKeyRef, pubKey. - * - * 1. ensure the first element is a SecIdentityRef. - */ - identity = (SecIdentityRef)CFArrayGetValueAtIndex(certs, 0); - if(identity == NULL) { - sslErrorLog("parseIncomingCerts: bad cert array (1)\n"); - return paramErr; - } - if(CFGetTypeID(identity) != SecIdentityGetTypeID()) { - sslErrorLog("parseIncomingCerts: bad cert array (2)\n"); - return paramErr; - } - - /* - * 2. Extract cert, keys and convert to local format. - */ - ortn = SecIdentityCopyCertificate(identity, &certRef); - if(ortn) { - sslErrorLog("parseIncomingCerts: bad cert array (3)\n"); - return ortn; - } - ortn = secCertToSslCert(ctx, certRef, &thisSslCert); - if(ortn) { - sslErrorLog("parseIncomingCerts: bad cert array (4)\n"); - return ortn; - } - /* enqueue onto head of cert chain */ - thisSslCert->next = certChain; - certChain = thisSslCert; - - /* fetch private key from identity */ - ortn = SecIdentityCopyPrivateKey(identity, &keyRef); - if(ortn) { - sslErrorLog("parseIncomingCerts: SecIdentityCopyPrivateKey err %d\n", - (int)ortn); - return ortn; - } - *privKeyRef = keyRef; - - /* obtain public key from cert */ - ortn = SecCertificateGetCLHandle(certRef, &clHand); - if(ortn) { - sslErrorLog("parseIncomingCerts: SecCertificateGetCLHandle err %d\n", - (int)ortn); - return ortn; - } - certData.Data = thisSslCert->derCert.data; - certData.Length = thisSslCert->derCert.length; - crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey); - if(crtn) { - sslErrorLog("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n"); - return (OSStatus)crtn; - } - - /* OK, that's the subject cert. Fetch optional remaining certs. */ - /* - * Convert: CFArray of SecCertificateRefs --> chain of SSLCertificates. - * Incoming certs have root last; SSLCertificate chain has root - * first. - */ - for(cert=1; certnext = certChain; - certChain = thisSslCert; - } - - /* SUCCESS */ - *destCert = certChain; - return noErr; - -errOut: - /* free certChain, everything in it, other vars, return ortn */ - sslDeleteCertificateChain(certChain, ctx); - /* FIXME - anything else? */ - return ortn; -} - - diff --git a/SecureTransport/sslMemory.cpp b/SecureTransport/sslMemory.cpp deleted file mode 100644 index 1ffbe4a9..00000000 --- a/SecureTransport/sslMemory.cpp +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslMemory.c - - Contains: memory allocator implementation - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslMemory.h" -#include "sslContext.h" -#include "sslDebug.h" - -#include - -#pragma mark *** Basic low-level malloc/free *** - -/* - * For now, all allocs/frees go thru here. - */ -#include /* memset */ -#include - -void * -sslMalloc(UInt32 length) -{ - return malloc(length); -} - -void -sslFree(void *p) -{ - if(p != nil) { - free(p); - } -} - -void * -sslRealloc(void *oldPtr, UInt32 oldLen, UInt32 newLen) -{ - return realloc(oldPtr, newLen); -} - -#pragma mark *** SSLBuffer-level alloc/free *** - -OSStatus SSLAllocBuffer( - SSLBuffer &buf, - UInt32 length, - const SSLContext *ctx) // currently unused -{ - buf.data = (UInt8 *)sslMalloc(length); - if(buf.data == NULL) { - buf.length = 0; - return memFullErr; - } - buf.length = length; - return noErr; -} - -OSStatus -SSLFreeBuffer(SSLBuffer &buf, const SSLContext *ctx) -{ - if(&buf == NULL) { - sslErrorLog("SSLFreeBuffer: NULL buf!\n"); - return errSSLInternal; - } - sslFree(buf.data); - buf.data = NULL; - buf.length = 0; - return noErr; -} - -OSStatus -SSLReallocBuffer(SSLBuffer &buf, UInt32 newSize, const SSLContext *ctx) -{ - buf.data = (UInt8 *)sslRealloc(buf.data, buf.length, newSize); - if(buf.data == NULL) { - buf.length = 0; - return memFullErr; - } - buf.length = newSize; - return noErr; -} - -#pragma mark *** Convenience routines *** - -UInt8 *sslAllocCopy( - const UInt8 *src, - UInt32 len) -{ - UInt8 *dst; - - dst = (UInt8 *)sslMalloc(len); - if(dst == NULL) { - return NULL; - } - memmove(dst, src, len); - return dst; -} - -OSStatus SSLAllocCopyBuffer( - const SSLBuffer &src, - SSLBuffer **dst) // buffer and data mallocd and returned -{ - OSStatus serr; - - SSLBuffer *rtn = (SSLBuffer *)sslMalloc(sizeof(SSLBuffer)); - if(rtn == NULL) { - return memFullErr; - } - serr = SSLCopyBuffer(src, *rtn); - if(serr) { - sslFree(rtn); - } - else { - *dst = rtn; - } - return serr; -} - -OSStatus SSLCopyBufferFromData( - const void *src, - UInt32 len, - SSLBuffer &dst) // data mallocd and returned -{ - dst.data = sslAllocCopy((const UInt8 *)src, len); - if(dst.data == NULL) { - return memFullErr; - } - dst.length = len; - return noErr; -} - -OSStatus SSLCopyBuffer( - const SSLBuffer &src, - SSLBuffer &dst) // data mallocd and returned -{ - return SSLCopyBufferFromData(src.data, src.length, dst); -} - diff --git a/SecureTransport/sslNullCipher.cpp b/SecureTransport/sslNullCipher.cpp deleted file mode 100644 index 475d4e70..00000000 --- a/SecureTransport/sslNullCipher.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include "sslContext.h" - -#include - -static OSStatus NullInit( - uint8 *key, - uint8* iv, - CipherContext *cipherCtx, - SSLContext *ctx); -static OSStatus NullCrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx); -static OSStatus NullFinish( - CipherContext *cipherCtx, - SSLContext *ctx); - -extern "C" { -extern const SSLSymmetricCipher SSLCipherNull; -} -const SSLSymmetricCipher SSLCipherNull = { - 0, /* Key size in bytes (ignoring parity) */ - 0, /* Secret key size */ - 0, /* IV size */ - 0, /* Block size */ - CSSM_ALGID_NONE, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - CSSM_PADDING_NONE, - NullInit, - NullCrypt, - NullCrypt, - NullFinish -}; - -static OSStatus NullInit( - uint8 *key, - uint8* iv, - CipherContext *cipherCtx, - SSLContext *ctx) -{ - return noErr; -} - -static OSStatus NullCrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx) -{ - if (src.data != dest.data) - memcpy(dest.data, src.data, src.length); - return noErr; -} - -static OSStatus NullFinish( - CipherContext *cipherCtx, - SSLContext *ctx) -{ - return noErr; -} diff --git a/SecureTransport/sslRecord.cpp b/SecureTransport/sslRecord.cpp deleted file mode 100644 index 9abd8d4f..00000000 --- a/SecureTransport/sslRecord.cpp +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslRecord.cpp - - Contains: Encryption, decryption and MACing of data - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "ssl.h" - -#include "sslRecord.h" -#include "sslMemory.h" -#include "cryptType.h" -#include "sslContext.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" -#include "ssl2.h" -#include "sslUtils.h" -#include "sslDigests.h" - -#include -#include - -/* - * Lots of servers fail to provide closure alerts when they disconnect. - * For now we'll just accept it as long as it occurs on a clean record boundary - * (and the handshake is complete). - */ -#define SSL_ALLOW_UNNOTICED_DISCONNECT 1 - -/* ReadSSLRecord - * Attempt to read & decrypt an SSL record. - */ -OSStatus -SSLReadRecord(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err; - UInt32 len, contentLen; - UInt8 *charPtr; - SSLBuffer readData, cipherFragment; - - if (!ctx->partialReadBuffer.data || ctx->partialReadBuffer.length < 5) - { if (ctx->partialReadBuffer.data) - if ((err = SSLFreeBuffer(ctx->partialReadBuffer, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - if ((err = SSLAllocBuffer(ctx->partialReadBuffer, - DEFAULT_BUFFER_SIZE, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - - if (ctx->negProtocolVersion == SSL_Version_Undetermined) { - if (ctx->amountRead < 1) - { readData.length = 1 - ctx->amountRead; - readData.data = ctx->partialReadBuffer.data + ctx->amountRead; - len = readData.length; - err = sslIoRead(readData, &len, ctx); - if(err != 0) - { if (err == errSSLWouldBlock) { - ctx->amountRead += len; - return err; - } - else { - /* abort */ - SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx); - return errSSLClosedAbort; - } - } - ctx->amountRead += len; - } - } - - /* - * In undetermined cases, if the first byte isn't in the range of SSL 3.0 - * record types, this is an SSL 2.0 record - */ - switch (ctx->negProtocolVersion) - { case SSL_Version_Undetermined: - if (ctx->partialReadBuffer.data[0] < SSL_RecordTypeV3_Smallest || - ctx->partialReadBuffer.data[0] > SSL_RecordTypeV3_Largest) - return SSL2ReadRecord(rec, ctx); - else - break; - case SSL_Version_2_0: - return SSL2ReadRecord(rec, ctx); - default: - break; - } - - if (ctx->amountRead < 5) - { readData.length = 5 - ctx->amountRead; - readData.data = ctx->partialReadBuffer.data + ctx->amountRead; - len = readData.length; - err = sslIoRead(readData, &len, ctx); - if(err != 0) - { - switch(err) { - case errSSLWouldBlock: - ctx->amountRead += len; - break; - #if SSL_ALLOW_UNNOTICED_DISCONNECT - case errSSLClosedGraceful: - /* legal if we're on record boundary and we've gotten past - * the handshake */ - if((ctx->amountRead == 0) && /* nothing pending */ - (len == 0) && /* nothing new */ - (ctx->state == SSL_HdskStateClientReady)) { /* handshake done */ - /* - * This means that the server has disconnected without - * sending a closure alert notice. This is technically - * illegal per the SSL3 spec, but about half of the - * servers out there do it, so we report it as a separate - * error which most clients - including (currently) - * URLAccess - ignore by treating it the same as - * a errSSLClosedGraceful error. Paranoid - * clients can detect it and handle it however they - * want to. - */ - SSLChangeHdskState(ctx, SSL_HdskStateNoNotifyClose); - err = errSSLClosedNoNotify; - break; - } - else { - /* illegal disconnect */ - err = errSSLClosedAbort; - /* and drop thru to default: fatal alert */ - } - #endif /* SSL_ALLOW_UNNOTICED_DISCONNECT */ - default: - SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx); - break; - } - return err; - } - ctx->amountRead += len; - } - - assert(ctx->amountRead >= 5); - - charPtr = ctx->partialReadBuffer.data; - rec.contentType = *charPtr++; - if (rec.contentType < SSL_RecordTypeV3_Smallest || - rec.contentType > SSL_RecordTypeV3_Largest) - return errSSLProtocol; - - rec.protocolVersion = (SSLProtocolVersion)SSLDecodeInt(charPtr, 2); - charPtr += 2; - contentLen = SSLDecodeInt(charPtr, 2); - charPtr += 2; - if (contentLen > (16384 + 2048)) /* Maximum legal length of an - * SSLCipherText payload */ - { SSLFatalSessionAlert(SSL_AlertRecordOverflow, ctx); - return errSSLProtocol; - } - - if (ctx->partialReadBuffer.length < 5 + contentLen) - { if ((err = SSLReallocBuffer(ctx->partialReadBuffer, 5 + contentLen, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - } - - if (ctx->amountRead < 5 + contentLen) - { readData.length = 5 + contentLen - ctx->amountRead; - readData.data = ctx->partialReadBuffer.data + ctx->amountRead; - len = readData.length; - err = sslIoRead(readData, &len, ctx); - if(err != 0) - { if (err == errSSLWouldBlock) - ctx->amountRead += len; - else - SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx); - return err; - } - ctx->amountRead += len; - } - - assert(ctx->amountRead >= 5 + contentLen); - - cipherFragment.data = ctx->partialReadBuffer.data + 5; - cipherFragment.length = contentLen; - - /* - * Decrypt the payload & check the MAC, modifying the length of the - * buffer to indicate the amount of plaintext data after adjusting - * for the block size and removing the MAC (this function generates - * its own alerts). - */ - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->decryptRecord(rec.contentType, - &cipherFragment, ctx)) != 0) - return err; - - /* - * We appear to have sucessfully received a record; increment the - * sequence number - */ - IncrementUInt64(&ctx->readCipher.sequenceNum); - - /* Allocate a buffer to return the plaintext in and return it */ - if ((err = SSLAllocBuffer(rec.contents, cipherFragment.length, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertInternalError, ctx); - return err; - } - memcpy(rec.contents.data, cipherFragment.data, cipherFragment.length); - - ctx->amountRead = 0; /* We've used all the data in the cache */ - - return noErr; -} - -/* common for sslv3 and tlsv1, except for the computeMac callout */ -OSStatus SSLVerifyMac( - UInt8 type, - SSLBuffer &data, - UInt8 *compareMAC, - SSLContext *ctx) -{ - OSStatus err; - UInt8 macData[SSL_MAX_DIGEST_LEN]; - SSLBuffer secret, mac; - - secret.data = ctx->readCipher.macSecret; - secret.length = ctx->readCipher.macRef->hash->digestSize; - mac.data = macData; - mac.length = ctx->readCipher.macRef->hash->digestSize; - - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->computeMac(type, - data, - mac, - &ctx->readCipher, - ctx->readCipher.sequenceNum, - ctx)) != 0) - return err; - - if ((memcmp(mac.data, compareMAC, mac.length)) != 0) { - sslErrorLog("ssl3VerifyMac: Mac verify failure\n"); - return errSSLProtocol; - } - return noErr; -} - - diff --git a/SecureTransport/sslSession.cpp b/SecureTransport/sslSession.cpp deleted file mode 100644 index f6a9e5ab..00000000 --- a/SecureTransport/sslSession.cpp +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include "ssl.h" -#include "sslContext.h" -#include "sslSession.h" -#include "sslMemory.h" -#include "sslUtils.h" -#include "sslDebug.h" -#include "cipherSpecs.h" -#include "appleSession.h" - -#include -#include -#include - -typedef struct -{ int sessionIDLen; - UInt8 sessionID[32]; - SSLProtocolVersion protocolVersion; - UInt16 cipherSuite; - UInt16 padding; /* so remainder is word aligned */ - UInt8 masterSecret[48]; - int certCount; - UInt8 certs[1]; /* Actually, variable length */ -} ResumableSession; - -/* - * Cook up a (private) resumable session blob, based on the - * specified ctx, store it with ctx->peerID as the key. - * NOTE: This is contrary to the SSL v3 spec, which claims that - * servers store resumable sessions using ctx->sessionID as the key. - * I don' think this is an issue...is it? - */ -OSStatus -SSLAddSessionData(const SSLContext *ctx) -{ OSStatus err; - uint32 sessionIDLen; - SSLBuffer sessionID; - ResumableSession *session; - int certCount; - SSLCertificate *cert; - uint8 *certDest; - - /* If we don't know who the peer is, we can't store a session */ - if (ctx->peerID.data == 0) - return errSSLSessionNotFound; - - sessionIDLen = offsetof(ResumableSession, certs); - cert = ctx->peerCert; - certCount = 0; - while (cert) - { ++certCount; - sessionIDLen += 4 + cert->derCert.length; - cert = cert->next; - } - - if ((err = SSLAllocBuffer(sessionID, sessionIDLen, ctx)) != 0) - return err; - - session = (ResumableSession*)sessionID.data; - - session->sessionIDLen = ctx->sessionID.length; - memcpy(session->sessionID, ctx->sessionID.data, session->sessionIDLen); - session->protocolVersion = ctx->negProtocolVersion; - session->cipherSuite = ctx->selectedCipher; - memcpy(session->masterSecret, ctx->masterSecret, 48); - session->certCount = certCount; - session->padding = 0; - - certDest = session->certs; - cert = ctx->peerCert; - while (cert) - { certDest = SSLEncodeInt(certDest, cert->derCert.length, 4); - memcpy(certDest, cert->derCert.data, cert->derCert.length); - certDest += cert->derCert.length; - cert = cert->next; - } - - err = sslAddSession(ctx->peerID, sessionID); - SSLFreeBuffer(sessionID, ctx); - - return err; -} - -/* - * Retrieve resumable session data, from key ctx->peerID. - */ -OSStatus -SSLGetSessionData(SSLBuffer *sessionData, const SSLContext *ctx) -{ OSStatus err; - - if (ctx->peerID.data == 0) - return errSSLSessionNotFound; - - sessionData->data = 0; - - err = sslGetSession(ctx->peerID, sessionData); - if (sessionData->data == 0) - return errSSLSessionNotFound; - - return err; -} - -OSStatus -SSLDeleteSessionData(const SSLContext *ctx) -{ OSStatus err; - - if (ctx->peerID.data == 0) - return errSSLSessionNotFound; - - err = sslDeleteSession(ctx->peerID); - return err; -} - -/* - * Given a sessionData blob, obtain the associated sessionID (NOT the key...). - */ -OSStatus -SSLRetrieveSessionID( - const SSLBuffer sessionData, - SSLBuffer *identifier, - const SSLContext *ctx) -{ OSStatus err; - ResumableSession *session; - - session = (ResumableSession*) sessionData.data; - if ((err = SSLAllocBuffer(*identifier, session->sessionIDLen, ctx)) != 0) - return err; - memcpy(identifier->data, session->sessionID, session->sessionIDLen); - return noErr; -} - -/* - * Obtain the protocol version associated with a specified resumable session blob. - */ -OSStatus -SSLRetrieveSessionProtocolVersion( - const SSLBuffer sessionData, - SSLProtocolVersion *version, - const SSLContext *ctx) -{ ResumableSession *session; - - session = (ResumableSession*) sessionData.data; - *version = session->protocolVersion; - return noErr; -} - -/* - * Retrieve session state from specified sessionData blob, install into - * ctx. Presumably, ctx->sessionID and - * ctx->negProtocolVersion are already init'd (from the above two functions). - */ - -/* - * Netscape Enterprise Server is known to change cipherspecs upon session resumption. - * For example, connecting to cdnow.com with all ciphersuites enabled results in - * CipherSuite 4 (SSL_RSA_WITH_RC4_128_MD5) being selected on the first session, - * and CipherSuite 10 (SSL_RSA_WITH_3DES_EDE_CBC_SHA) being selected on subsequent - * sessions. This is contrary to the SSL3.0 spec, sesion 7.6.1.3, describing the - * Server Hello message. - * - * This anomaly does not occur if only RC4 ciphers are enabled in the Client Hello - * message. It also does not happen in SSL V2. - */ -#define ALLOW_CIPHERSPEC_CHANGE 1 - -OSStatus -SSLInstallSessionFromData(const SSLBuffer sessionData, SSLContext *ctx) -{ OSStatus err; - ResumableSession *session; - uint8 *storedCertProgress; - SSLCertificate *cert, *lastCert; - int certCount; - uint32 certLen; - - session = (ResumableSession*)sessionData.data; - - /* - * For SSLv3 and TLSv1, we know that selectedCipher has already been specified in - * SSLProcessServerHello(). An SSLv2 server hello message with a session - * ID hit contains no CipherKind field so we set it here. - */ - if(ctx->negProtocolVersion == SSL_Version_2_0) { - if(ctx->protocolSide == SSL_ClientSide) { - assert(ctx->selectedCipher == 0); - ctx->selectedCipher = session->cipherSuite; - } - else { - /* - * Else...what if they don't match? Could never happen, right? - * Wouldn't that mean the client is trying to switch ciphers on us? - */ - if(ctx->selectedCipher != session->cipherSuite) { - sslErrorLog("+++SSL2: CipherSpec change from %d to %d on session " - "resume\n", - session->cipherSuite, ctx->selectedCipher); - return errSSLProtocol; - } - } - } - else { - assert(ctx->selectedCipher != 0); - if(ctx->selectedCipher != session->cipherSuite) { - #if ALLOW_CIPHERSPEC_CHANGE - sslErrorLog("+++WARNING: CipherSpec change from %d to %d " - "on session resume\n", - session->cipherSuite, ctx->selectedCipher); - #else - sslErrorLog("+++SSL: CipherSpec change from %d to %d on session resume\n", - session->cipherSuite, ctx->selectedCipher); - return errSSLProtocol; - #endif - } - } - if ((err = FindCipherSpec(ctx)) != 0) { - return err; - } - memcpy(ctx->masterSecret, session->masterSecret, 48); - - lastCert = 0; - storedCertProgress = session->certs; - certCount = session->certCount; - - while (certCount--) - { - cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); - if(cert == NULL) { - return memFullErr; - } - cert->next = 0; - certLen = SSLDecodeInt(storedCertProgress, 4); - storedCertProgress += 4; - if ((err = SSLAllocBuffer(cert->derCert, certLen, ctx)) != 0) - { - sslFree(cert); - return err; - } - memcpy(cert->derCert.data, storedCertProgress, certLen); - storedCertProgress += certLen; - if (lastCert == 0) - ctx->peerCert = cert; - else - lastCert->next = cert; - lastCert = cert; - } - - return noErr; -} diff --git a/SecureTransport/sslTransport.cpp b/SecureTransport/sslTransport.cpp deleted file mode 100644 index 1b352e43..00000000 --- a/SecureTransport/sslTransport.cpp +++ /dev/null @@ -1,544 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslTransport.c - - Contains: SSL transport layer - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslMemory.h" -#include "sslContext.h" -#include "sslRecord.h" -#include "sslAlertMessage.h" -#include "sslSession.h" -#include "ssl2.h" -#include "sslDebug.h" -#include "cipherSpecs.h" -#include "sslUtils.h" - -#include - -#include -#include - -#ifndef NDEBUG -static void inline sslIoTrace( - const char *op, - UInt32 req, - UInt32 moved, - OSStatus stat) -{ - sslLogRecordIo("===%s: req %4lu moved %4lu status %ld", - op, req, moved, stat); -} -#else -#define sslIoTrace(op, req, moved, stat) -#endif /* NDEBUG */ - -static OSStatus SSLProcessProtocolMessage(SSLRecord &rec, SSLContext *ctx); -static OSStatus SSLHandshakeProceed(SSLContext *ctx); -static OSStatus SSLInitConnection(SSLContext *ctx); -static OSStatus SSLServiceWriteQueue(SSLContext *ctx); - -OSStatus -SSLWrite( - SSLContext *ctx, - const void * data, - UInt32 dataLength, - UInt32 *bytesWritten) /* RETURNED */ -{ - OSStatus err; - SSLRecord rec; - UInt32 dataLen, processed; - - sslLogRecordIo("SSLWrite top"); - if((ctx == NULL) || (bytesWritten == NULL)) { - return paramErr; - } - dataLen = dataLength; - processed = 0; /* Initialize in case we return with errSSLWouldBlock */ - *bytesWritten = 0; - - switch(ctx->state) { - case SSL_HdskStateGracefulClose: - err = errSSLClosedGraceful; - goto abort; - case SSL_HdskStateErrorClose: - err = errSSLClosedAbort; - goto abort; - default: - /* FIXME - original code didn't check for pending handshake - - * should we? - */ - sslIoTrace("SSLWrite", dataLength, 0, badReqErr); - return badReqErr; - case SSL_HdskStateServerReady: - case SSL_HdskStateClientReady: - break; - } - - /* First, we have to wait until the session is ready to send data, - so the encryption keys and such have been established. */ - err = noErr; - while (ctx->writeCipher.ready == 0) - { if ((err = SSLHandshakeProceed(ctx)) != 0) - goto exit; - } - - /* Attempt to empty the write queue before queueing more data */ - if ((err = SSLServiceWriteQueue(ctx)) != 0) - goto abort; - - processed = 0; - /* - * Fragment, package and encrypt the data and queue the resulting data - * for sending - */ - while (dataLen > 0) - { rec.contentType = SSL_RecordTypeAppData; - rec.protocolVersion = ctx->negProtocolVersion; - rec.contents.data = ((UInt8*)data) + processed; - - if (dataLen < MAX_RECORD_LENGTH) - rec.contents.length = dataLen; - else - rec.contents.length = MAX_RECORD_LENGTH; - - assert(ctx->sslTslCalls != NULL); - if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) - goto exit; - processed += rec.contents.length; - dataLen -= rec.contents.length; - } - - /* All the data has been advanced to the write queue */ - *bytesWritten = processed; - if ((err = SSLServiceWriteQueue(ctx)) == 0) { - err = noErr; - } -exit: - if (err != 0 && err != errSSLWouldBlock && err != errSSLClosedGraceful) { - sslErrorLog("SSLWrite: going to state errorCLose due to err %d\n", - (int)err); - SSLChangeHdskState(ctx, SSL_HdskStateErrorClose); - } -abort: - sslIoTrace("SSLWrite", dataLength, *bytesWritten, err); - return err; -} - -OSStatus -SSLRead ( - SSLContext *ctx, - void * data, - UInt32 dataLength, - UInt32 *processed) /* RETURNED */ -{ - OSStatus err; - UInt8 *charPtr; - UInt32 bufSize, remaining, count; - SSLRecord rec; - - sslLogRecordIo("SSLRead top"); - if((ctx == NULL) || (processed == NULL)) { - return paramErr; - } - bufSize = dataLength; - *processed = 0; /* Initialize in case we return with errSSLWouldBlock */ - -readRetry: - /* first handle cases in which we know we're finished */ - switch(ctx->state) { - case SSL_HdskStateGracefulClose: - err = errSSLClosedGraceful; - goto abort; - case SSL_HdskStateErrorClose: - err = errSSLClosedAbort; - goto abort; - case SSL_HdskStateNoNotifyClose: - err = errSSLClosedNoNotify; - goto abort; - default: - break; - } - - /* First, we have to wait until the session is ready to receive data, - so the encryption keys and such have been established. */ - err = noErr; - while (ctx->readCipher.ready == 0) { - if ((err = SSLHandshakeProceed(ctx)) != 0) { - goto exit; - } - } - - /* Attempt to service the write queue */ - if ((err = SSLServiceWriteQueue(ctx)) != 0) { - if (err != errSSLWouldBlock) { - goto exit; - } - err = noErr; /* Write blocking shouldn't stop attempts to read */ - } - - remaining = bufSize; - charPtr = (UInt8*)data; - if (ctx->receivedDataBuffer.data) - { count = ctx->receivedDataBuffer.length - ctx->receivedDataPos; - if (count > bufSize) - count = bufSize; - memcpy(data, ctx->receivedDataBuffer.data + ctx->receivedDataPos, count); - remaining -= count; - charPtr += count; - *processed += count; - ctx->receivedDataPos += count; - } - - assert(ctx->receivedDataPos <= ctx->receivedDataBuffer.length); - assert(*processed + remaining == bufSize); - assert(charPtr == ((UInt8*)data) + *processed); - - if (ctx->receivedDataBuffer.data != 0 && - ctx->receivedDataPos >= ctx->receivedDataBuffer.length) - { SSLFreeBuffer(ctx->receivedDataBuffer, ctx); - ctx->receivedDataBuffer.data = 0; - ctx->receivedDataPos = 0; - } - - /* - * This while statement causes a hang when using nonblocking low-level I/O! - while (remaining > 0 && ctx->state != SSL_HdskStateGracefulClose) - ..what we really have to do is just return as soon as we read one - record. A performance hit in the nonblocking case, but that is - the only way this code can work in both modes... - */ - if (remaining > 0 && ctx->state != SSL_HdskStateGracefulClose) - { assert(ctx->receivedDataBuffer.data == 0); - if ((err = SSLReadRecord(rec, ctx)) != 0) { - goto exit; - } - if (rec.contentType == SSL_RecordTypeAppData || - rec.contentType == SSL_RecordTypeV2_0) - { if (rec.contents.length <= remaining) - { memcpy(charPtr, rec.contents.data, rec.contents.length); - remaining -= rec.contents.length; - charPtr += rec.contents.length; - *processed += rec.contents.length; - /* COMPILER BUG! - * This: - * if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0) - * passes the address of rec to SSLFreeBuffer, not the address - * of the contents field (which should be offset 8 from the start - * of rec). - */ - { - SSLBuffer *b = &rec.contents; - if ((err = SSLFreeBuffer(*b, ctx)) != 0) { - goto exit; - } - } - } - else - { memcpy(charPtr, rec.contents.data, remaining); - charPtr += remaining; - *processed += remaining; - ctx->receivedDataBuffer = rec.contents; - ctx->receivedDataPos = remaining; - remaining = 0; - } - } - else { - if ((err = SSLProcessProtocolMessage(rec, ctx)) != 0) { - goto exit; - } - if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0) { - goto exit; - } - } - } - - err = noErr; - -exit: - /* test for renegotiate: loop until something happens */ - if((err == noErr) && (*processed == 0)) { - sslLogNegotiateDebug("SSLRead recursion"); - goto readRetry; - } - /* shut down on serious errors */ - switch(err) { - case noErr: - case errSSLWouldBlock: - case errSSLClosedGraceful: - case errSSLClosedNoNotify: - break; - default: - sslErrorLog("SSLRead: going to state errorClose due to err %d\n", - (int)err); - SSLChangeHdskState(ctx, SSL_HdskStateErrorClose); - break; - } -abort: - sslIoTrace("SSLRead ", dataLength, *processed, err); - return err; -} - -#if SSL_DEBUG -#include "appleCdsa.h" -#endif - -OSStatus -SSLHandshake(SSLContext *ctx) -{ - OSStatus err; - - if(ctx == NULL) { - return paramErr; - } - if (ctx->state == SSL_HdskStateGracefulClose) - return errSSLClosedGraceful; - if (ctx->state == SSL_HdskStateErrorClose) - return errSSLClosedAbort; - - if(ctx->validCipherSpecs == NULL) { - /* build list of legal cipherSpecs */ - err = sslBuildCipherSpecArray(ctx); - if(err) { - return err; - } - } - err = noErr; - while (ctx->readCipher.ready == 0 || ctx->writeCipher.ready == 0) - { if ((err = SSLHandshakeProceed(ctx)) != 0) - return err; - } - - /* one more flush at completion of successful handshake */ - if ((err = SSLServiceWriteQueue(ctx)) != 0) { - return err; - } - return noErr; -} - - -static OSStatus -SSLHandshakeProceed(SSLContext *ctx) -{ OSStatus err; - SSLRecord rec; - - if (ctx->state == SSL_HdskStateUninit) - if ((err = SSLInitConnection(ctx)) != 0) - return err; - if ((err = SSLServiceWriteQueue(ctx)) != 0) - return err; - assert(ctx->readCipher.ready == 0); - if ((err = SSLReadRecord(rec, ctx)) != 0) - return err; - if ((err = SSLProcessProtocolMessage(rec, ctx)) != 0) - { SSLFreeBuffer(rec.contents, ctx); - return err; - } - if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0) - return err; - - return noErr; -} - -static OSStatus -SSLInitConnection(SSLContext *ctx) -{ OSStatus err = noErr; - - if (ctx->protocolSide == SSL_ClientSide) { - SSLChangeHdskState(ctx, SSL_HdskStateClientUninit); - } - else - { assert(ctx->protocolSide == SSL_ServerSide); - SSLChangeHdskState(ctx, SSL_HdskStateServerUninit); - } - - if (ctx->peerID.data != 0) - { SSLGetSessionData(&ctx->resumableSession, ctx); - /* Ignore errors; just treat as uncached session */ - } - - /* - * If we have a cached resumable session, blow it off if it's a version - * which is not currently enabled. - */ - Boolean cachedV3OrTls1 = false; - - if (ctx->resumableSession.data != 0) { - - SSLProtocolVersion savedVersion; - Boolean enable; - - if ((err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession, - &savedVersion, ctx)) != 0) { - return err; - } - switch(savedVersion) { - case SSL_Version_2_0: - enable = ctx->versionSsl2Enable; - break; - case SSL_Version_3_0: - enable = ctx->versionSsl3Enable; - cachedV3OrTls1 = true; // avoid V2 hello - break; - case TLS_Version_1_0: - enable = ctx->versionTls1Enable; - cachedV3OrTls1 = true; - break; - default: - assert(0); - return errSSLInternal; - } - if(!enable) { - sslLogResumSessDebug("===Resumable session protocol mismatch"); - SSLFreeBuffer(ctx->resumableSession, ctx); - cachedV3OrTls1 = false; - } - else { - sslLogResumSessDebug("===attempting to resume session"); - } - } - - /* - * If we're the client & handshake hasn't yet begun, start it by - * pretending we just received a hello request - */ - if (ctx->state == SSL_HdskStateClientUninit && ctx->writeCipher.ready == 0) - { - assert(ctx->negProtocolVersion == SSL_Version_Undetermined); - if(ctx->versionSsl2Enable && !cachedV3OrTls1) { - /* SSL2 client hello with possible upgrade */ - err = SSL2AdvanceHandshake(SSL2_MsgKickstart, ctx); - } - else { - err = SSLAdvanceHandshake(SSL_HdskHelloRequest, ctx); - } - } - - return err; -} - -static OSStatus -SSLServiceWriteQueue(SSLContext *ctx) -{ OSStatus err = noErr, werr = noErr; - UInt32 written = 0; - SSLBuffer buf, recBuf; - WaitingRecord *rec; - - while (!werr && ((rec = ctx->recordWriteQueue) != 0)) - { buf.data = rec->data.data + rec->sent; - buf.length = rec->data.length - rec->sent; - werr = sslIoWrite(buf, &written, ctx); - rec->sent += written; - if (rec->sent >= rec->data.length) - { assert(rec->sent == rec->data.length); - assert(err == 0); - err = SSLFreeBuffer(rec->data, ctx); - assert(err == 0); - recBuf.data = (UInt8*)rec; - recBuf.length = sizeof(WaitingRecord); - ctx->recordWriteQueue = rec->next; - err = SSLFreeBuffer(recBuf, ctx); - assert(err == 0); - } - if (err) - return err; - } - - return werr; -} - -static OSStatus -SSLProcessProtocolMessage(SSLRecord &rec, SSLContext *ctx) -{ OSStatus err; - - switch (rec.contentType) - { case SSL_RecordTypeHandshake: - sslLogRxProtocolDebug("Handshake"); - err = SSLProcessHandshakeRecord(rec, ctx); - break; - case SSL_RecordTypeAlert: - sslLogRxProtocolDebug("Alert"); - err = SSLProcessAlert(rec, ctx); - break; - case SSL_RecordTypeChangeCipher: - sslLogRxProtocolDebug("ChangeCipher"); - err = SSLProcessChangeCipherSpec(rec, ctx); - break; - case SSL_RecordTypeV2_0: - sslLogRxProtocolDebug("RecordTypeV2_0"); - err = SSL2ProcessMessage(rec, ctx); - break; - default: - sslLogRxProtocolDebug("Bad msg"); - return errSSLProtocol; - } - - return err; -} - -OSStatus -SSLClose(SSLContext *ctx) -{ - OSStatus err = noErr; - - sslHdskStateDebug("SSLClose"); - if(ctx == NULL) { - return paramErr; - } - if (ctx->negProtocolVersion >= SSL_Version_3_0) - err = SSLSendAlert(SSL_AlertLevelWarning, SSL_AlertCloseNotify, ctx); - if (err == 0) - err = SSLServiceWriteQueue(ctx); - SSLChangeHdskState(ctx, SSL_HdskStateGracefulClose); - if (err == ioErr) - err = noErr; /* Ignore errors related to closed streams */ - return err; -} - -/* - * Determine how much data the client can be guaranteed to - * obtain via SSLRead() without blocking or causing any low-level - * read operations to occur. - * - * Implemented here because the relevant info in SSLContext (receivedDataBuffer - * and receivedDataPos) are only used in this file. - */ -OSStatus -SSLGetBufferedReadSize(SSLContextRef ctx, - size_t *bufSize) /* RETURNED */ -{ - if(ctx == NULL) { - return paramErr; - } - if(ctx->receivedDataBuffer.data == NULL) { - *bufSize = 0; - } - else { - assert(ctx->receivedDataBuffer.length >= ctx->receivedDataPos); - *bufSize = ctx->receivedDataBuffer.length - ctx->receivedDataPos; - } - return noErr; -} diff --git a/SecureTransport/sslUtils.cpp b/SecureTransport/sslUtils.cpp deleted file mode 100644 index 191d9fce..00000000 --- a/SecureTransport/sslUtils.cpp +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslutils.ccpp - - Contains: Misc. SSL utility functions - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "sslUtils.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include - -#include -#include - -UInt32 -SSLDecodeInt(const unsigned char *p, int length) -{ UInt32 val = 0; - while (length--) - val = (val << 8) | *p++; - return val; -} - -unsigned char * -SSLEncodeInt(unsigned char *p, UInt32 value, int length) -{ unsigned char *retVal = p + length; /* Return pointer to char after int */ - assert(length > 0 && length <= 4); - while (length--) /* Assemble backwards */ - { p[length] = (UInt8)value; /* Implicit masking to low byte */ - value >>= 8; - } - return retVal; -} - -UInt8* -SSLEncodeUInt64(UInt8 *p, sslUint64 value) -{ p = SSLEncodeInt(p, value.high, 4); - return SSLEncodeInt(p, value.low, 4); -} - - -void -IncrementUInt64(sslUint64 *v) -{ if (++v->low == 0) /* Must have just rolled over */ - ++v->high; -} - -UInt32 -SSLGetCertificateChainLength(const SSLCertificate *c) -{ - UInt32 rtn = 0; - - while (c) - { - rtn++; - c = c->next; - } - return rtn; -} - -Boolean sslIsSessionActive(const SSLContext *ctx) -{ - assert(ctx != NULL); - switch(ctx->state) { - case SSL_HdskStateUninit: - case SSL_HdskStateServerUninit: - case SSL_HdskStateClientUninit: - case SSL_HdskStateGracefulClose: - case SSL_HdskStateErrorClose: - return false; - default: - return true; - } -} - -OSStatus sslDeleteCertificateChain( - SSLCertificate *certs, - SSLContext *ctx) -{ - SSLCertificate *cert; - SSLCertificate *nextCert; - - assert(ctx != NULL); - cert=certs; - while(cert != NULL) { - nextCert = cert->next; - SSLFreeBuffer(cert->derCert, ctx); - sslFree(cert); - cert = nextCert; - } - return noErr; -} - -#if SSL_DEBUG - -const char *protocolVersStr(SSLProtocolVersion prot) -{ - switch(prot) { - case SSL_Version_Undetermined: return "SSL_Version_Undetermined"; - case SSL_Version_2_0: return "SSL_Version_2_0"; - case SSL_Version_3_0: return "SSL_Version_3_0"; - case TLS_Version_1_0: return "TLS_Version_1_0"; - default: sslErrorLog("protocolVersStr: bad prot\n"); return "BAD PROTOCOL"; - } - return NULL; /* NOT REACHED */ -} - -#endif /* SSL_DEBUG */ - -/* - * Redirect SSLBuffer-based I/O call to user-supplied I/O. - */ -OSStatus sslIoRead( - SSLBuffer buf, - size_t *actualLength, - SSLContext *ctx) -{ - UInt32 dataLength = buf.length; - OSStatus ortn; - - *actualLength = 0; - ortn = (ctx->ioCtx.read)(ctx->ioCtx.ioRef, - buf.data, - &dataLength); - *actualLength = dataLength; - return ortn; -} - -OSStatus sslIoWrite( - SSLBuffer buf, - size_t *actualLength, - SSLContext *ctx) -{ - UInt32 dataLength = buf.length; - OSStatus ortn; - - *actualLength = 0; - ortn = (ctx->ioCtx.write)(ctx->ioCtx.ioRef, - buf.data, - &dataLength); - *actualLength = dataLength; - return ortn; -} - -OSStatus sslTime(UInt32 *tim) -{ - time_t t; - time(&t); - *tim = (UInt32)t; - return noErr; -} - -/* - * Common RNG function. - */ -OSStatus sslRand(SSLContext *ctx, SSLBuffer *buf) -{ - OSStatus serr = noErr; - - assert(ctx != NULL); - assert(buf != NULL); - assert(buf->data != NULL); - - if(buf->length == 0) { - sslErrorLog("sslRand: zero buf->length\n"); - return noErr; - } - try { - Security::DevRandomGenerator devRand(false); - devRand.random(buf->data, buf->length); - } - catch(...) { - serr = errSSLCrypto; - } - return serr; -} - -/* - * Given a protocol version sent by peer, determine if we accept that version - * and downgrade if appropriate (which can not be done for the client side). - */ -OSStatus sslVerifyProtVersion( - SSLContext *ctx, - SSLProtocolVersion peerVersion, // sent by peer - SSLProtocolVersion *negVersion) // final negotiated version if return success -{ - OSStatus ortn = noErr; - - switch(peerVersion) { - case SSL_Version_2_0: - if(ctx->versionSsl2Enable) { - *negVersion = SSL_Version_2_0; - } - else { - /* SSL2 is the best peer can do but we don't support it */ - ortn = errSSLNegotiation; - } - break; - case SSL_Version_3_0: - if(ctx->versionSsl3Enable) { - *negVersion = SSL_Version_3_0; - } - /* downgrade if possible */ - else if(ctx->protocolSide == SSL_ClientSide) { - /* client side - no more negotiation possible */ - ortn = errSSLNegotiation; - } - else if(ctx->versionSsl2Enable) { - /* server downgrading to SSL2 */ - *negVersion = SSL_Version_2_0; - } - else { - /* Peer requested SSL3, we don't support SSL2 or SSL3 */ - ortn = errSSLNegotiation; - } - break; - case TLS_Version_1_0: - if(ctx->versionTls1Enable) { - *negVersion = TLS_Version_1_0; - } - /* downgrade if possible */ - else if(ctx->protocolSide == SSL_ClientSide) { - /* - * Client side - no more negotiation possible - * Note this actually implies a pretty serious server - * side violation; it's sending back a protocol version - * HIGHER than we requested - */ - ortn = errSSLNegotiation; - } - else if(ctx->versionSsl3Enable) { - /* server downgrading to SSL3 */ - *negVersion = SSL_Version_3_0; - } - else if(ctx->versionSsl2Enable) { - /* server downgrading to SSL2 */ - *negVersion = SSL_Version_2_0; - } - else { - /* we appear not to support any protocol */ - sslErrorLog("sslVerifyProtVersion: no protocols supported\n"); - ortn = errSSLNegotiation; - } - break; - default: - ortn = errSSLNegotiation; - break; - - } - return ortn; -} - -/* - * Determine max enabled protocol, i.e., the one we try to negotiate for. - * Only returns an error (paramErr) if NO protocols are enabled, which can - * in fact happen by malicious or ignorant use of SSLSetProtocolVersionEnabled(). - */ -OSStatus sslGetMaxProtVersion( - SSLContext *ctx, - SSLProtocolVersion *version) // RETURNED -{ - OSStatus ortn = noErr; - if(ctx->versionTls1Enable) { - *version = TLS_Version_1_0; - } - else if(ctx->versionSsl3Enable) { - *version = SSL_Version_3_0; - } - else if(ctx->versionSsl2Enable) { - *version = SSL_Version_2_0; - } - else { - ortn = paramErr; - } - return ortn; -} - - \ No newline at end of file diff --git a/SecureTransport/symCipher.cpp b/SecureTransport/symCipher.cpp deleted file mode 100644 index b3dd7f4e..00000000 --- a/SecureTransport/symCipher.cpp +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: symCipher.c - - Contains: CDSA-based symmetric cipher module - - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -#include "sslContext.h" -#include "cryptType.h" -#include "sslDebug.h" -#include "sslMemory.h" -#include "appleCdsa.h" -#include "symCipher.h" - -#include - -#include - -/* dispose of dynamically allocated resources in a CipherContext */ -static void disposeCipherCtx( - CipherContext *cipherCtx) -{ - assert(cipherCtx != NULL); - if(cipherCtx->symKey != NULL) { - assert(cipherCtx->cspHand != 0); - CSSM_FreeKey(cipherCtx->cspHand, NULL, cipherCtx->symKey, CSSM_FALSE); - sslFree(cipherCtx->symKey); - cipherCtx->symKey = NULL; - } - cipherCtx->cspHand = 0; - if(cipherCtx->ccHand != 0) { - CSSM_DeleteContext(cipherCtx->ccHand); - cipherCtx->ccHand = 0; - } -} - -OSStatus CDSASymmInit( - uint8 *key, - uint8* iv, - CipherContext *cipherCtx, - SSLContext *ctx) -{ - /* - * Cook up a symmetric key and a CCSM_CC_HANDLE. Assumes: - * cipherCtx->symCipher.keyAlg - * ctx->cspHand - * key (raw key bytes) - * On successful exit: - * Resulting CSSM_KEY_PTR --> cipherCtx->symKey - * Resulting CSSM_CC_HANDLE --> cipherCtx->ccHand - * (Currently) a copy of ctx->cspHand --> cipherCtx->cspHand - * - * FIXME - for now we assume that ctx->cspHand is capable of - * using the specified algorithm, keysize, and mode. This - * may need revisiting. - */ - - OSStatus serr = errSSLInternal; - CSSM_RETURN crtn; - const SSLSymmetricCipher *symCipher; - CSSM_DATA ivData; - CSSM_DATA_PTR ivDataPtr = NULL; - CSSM_KEY_PTR symKey = NULL; - CSSM_CC_HANDLE ccHand = 0; - char *op; - - assert(cipherCtx != NULL); - assert(cipherCtx->symCipher != NULL); - assert(ctx != NULL); - if(ctx->cspHand == 0) { - sslErrorLog("CDSASymmInit: NULL cspHand!\n"); - return errSSLInternal; - } - - /* clean up cipherCtx */ - disposeCipherCtx(cipherCtx); - - /* cook up a raw key */ - symKey = (CSSM_KEY_PTR)sslMalloc(sizeof(CSSM_KEY)); - if(symKey == NULL) { - return memFullErr; - } - serr = sslSetUpSymmKey(symKey, cipherCtx->symCipher->keyAlg, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, CSSM_TRUE, - key, cipherCtx->symCipher->keySize); - if(serr) { - sslFree(symKey); - return serr; - } - - cipherCtx->symKey = symKey; - - /* now the crypt handle */ - symCipher = cipherCtx->symCipher; - if(symCipher->ivSize != 0) { - ivData.Data = iv; - ivData.Length = symCipher->ivSize; - ivDataPtr = &ivData; - } - crtn = CSSM_CSP_CreateSymmetricContext(ctx->cspHand, - symCipher->encrAlg, - symCipher->encrMode, - NULL, - symKey, - ivDataPtr, - symCipher->encrPad, - 0, // Params - &ccHand); - if(crtn) { - stPrintCdsaError("CSSM_CSP_CreateSymmetricContext", crtn); - serr = errSSLCrypto; - goto errOut; - } - cipherCtx->ccHand = ccHand; - - /* after this, each en/decrypt is merely an update */ - if(cipherCtx->encrypting) { - crtn = CSSM_EncryptDataInit(ccHand); - op = "CSSM_EncryptDataInit"; - } - else { - crtn = CSSM_DecryptDataInit(ccHand); - op = "CSSM_DecryptDataInit"; - } - if(crtn) { - stPrintCdsaError("CSSM_CSP_EncryptDataInit", crtn); - serr = errSSLCrypto; - goto errOut; - } - - /* success */ - cipherCtx->cspHand = ctx->cspHand; - serr = noErr; - -errOut: - if(serr) { - /* dispose of the stuff we created */ - disposeCipherCtx(cipherCtx); - } - return serr; -} - -#define REDECRYPT_DATA 0 - -#define LOG_SYMM_DATA 0 -#if LOG_SYMM_DATA -static void logSymmData( - char *field, - SSLBuffer *data, - int maxLen) -{ - int i; - - printf("%s: ", field); - for(i=0; ilength; i++) { - if(i == maxLen) { - break; - } - printf("%02X", data->data[i]); - if((i % 4) == 3) { - printf(" "); - } - } - printf("\n"); -} -#else /* LOG_SYMM_DATA */ -#define logSymmData(f, d, l) -#endif /* LOG_SYMM_DATA */ - -#define IS_ALIGNED(count, blockSize) ((count % blockSize) == 0) - -OSStatus CDSASymmEncrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx) -{ - CSSM_RETURN crtn; - CSSM_DATA ptextData; - CSSM_DATA ctextData; - uint32 bytesEncrypted; - OSStatus serr = errSSLInternal; - uint32 origLen = dest.length; - - /* - * Valid on entry: - * cipherCtx->ccHand - * cipherCtx->cspHand - */ - assert(ctx != NULL); - assert(cipherCtx != NULL); - logSymmData("Symm encrypt ptext", &src, 48); - - /* this requirement allows us to avoid a malloc and copy */ - assert(dest.length >= src.length); - - #if SSL_DEBUG - { - unsigned blockSize = cipherCtx->symCipher->blockSize; - if(blockSize) { - if(!IS_ALIGNED(src.length, blockSize)) { - sslErrorLog("CDSASymmEncrypt: unaligned ptext (len %ld bs %d)\n", - src.length, blockSize); - return errSSLInternal; - } - if(!IS_ALIGNED(dest.length, blockSize)) { - sslErrorLog("CDSASymmEncrypt: unaligned ctext (len %ld bs %d)\n", - dest.length, blockSize); - return errSSLInternal; - } - } - } - #endif - - if((cipherCtx->ccHand == 0) || (cipherCtx->cspHand == 0)) { - sslErrorLog("CDSASymmEncrypt: null args\n"); - return errSSLInternal; - } - SSLBUF_TO_CSSM(&src, &ptextData); - SSLBUF_TO_CSSM(&dest, &ctextData); - crtn = CSSM_EncryptDataUpdate(cipherCtx->ccHand, - &ptextData, - 1, - &ctextData, - 1, - &bytesEncrypted); - if(crtn) { - stPrintCdsaError("CSSM_EncryptDataUpdate", crtn); - serr = errSSLCrypto; - goto errOut; - } - - if(bytesEncrypted > origLen) { - /* should never happen, callers always give us block-aligned - * plaintext and CSP padding is disabled. */ - sslErrorLog("Symmetric encrypt overflow: bytesEncrypted %ld destLen %ld\n", - bytesEncrypted, dest.length); - serr = errSSLCrypto; - goto errOut; - } - dest.length = bytesEncrypted; - logSymmData("Symm encrypt ctext", &dest, 48); - serr = noErr; - -errOut: - return serr; -} - -OSStatus CDSASymmDecrypt( - SSLBuffer src, - SSLBuffer dest, - CipherContext *cipherCtx, - SSLContext *ctx) -{ - CSSM_RETURN crtn; - CSSM_DATA ptextData = {0, NULL}; - CSSM_DATA ctextData; - uint32 bytesDecrypted; - OSStatus serr = errSSLInternal; - uint32 origLen = dest.length; - - /* - * Valid on entry: - * cipherCtx->cspHand - * cipherCtx->ccHand - */ - assert(ctx != NULL); - assert(cipherCtx != NULL); - if((cipherCtx->ccHand == 0) || (cipherCtx->cspHand == 0)) { - sslErrorLog("CDSASymmDecrypt: null args\n"); - return errSSLInternal; - } - /* this requirement allows us to avoid a malloc and copy */ - assert(dest.length >= src.length); - - #if SSL_DEBUG - { - unsigned blockSize = cipherCtx->symCipher->blockSize; - if(blockSize) { - if(!IS_ALIGNED(src.length, blockSize)) { - sslErrorLog("CDSASymmDecrypt: unaligned ctext (len %ld bs %d)\n", - src.length, blockSize); - return errSSLInternal; - } - if(!IS_ALIGNED(dest.length, blockSize)) { - sslErrorLog("CDSASymmDecrypt: unaligned ptext (len %ld bs %d)\n", - dest.length, blockSize); - return errSSLInternal; - } - } - } - #endif - - SSLBUF_TO_CSSM(&src, &ctextData); - SSLBUF_TO_CSSM(&dest, &ptextData); - crtn = CSSM_DecryptDataUpdate(cipherCtx->ccHand, - &ctextData, - 1, - &ptextData, - 1, - &bytesDecrypted); - if(crtn) { - stPrintCdsaError("CSSM_DecryptDataUpdate", crtn); - serr = errSSLCrypto; - goto errOut; - } - - if(bytesDecrypted > origLen) { - /* FIXME - can this happen? Should we remalloc? */ - sslErrorLog("Symmetric decrypt overflow: bytesDecrypted %ld destLen %ld\n", - bytesDecrypted, dest.length); - serr = errSSLCrypto; - goto errOut; - } - dest.length = bytesDecrypted; - serr = noErr; - logSymmData("Symm decrypt ptext(1)", &dest, 48); -errOut: - return serr; -} - -OSStatus CDSASymmFinish( - CipherContext *cipherCtx, - SSLContext *ctx) -{ - /* dispose of cipherCtx->{symKey,cspHand,ccHand} */ - disposeCipherCtx(cipherCtx); - return noErr; -} - diff --git a/SecureTransport/tls1Callouts.cpp b/SecureTransport/tls1Callouts.cpp deleted file mode 100644 index e27ffe1b..00000000 --- a/SecureTransport/tls1Callouts.cpp +++ /dev/null @@ -1,688 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: tls1Callouts.c - - Contains: TLSv1-specific routines for SslTlsCallouts. - - Written by: Doug Mitchell -*/ - -#include "tls_ssl.h" -#include "sslMemory.h" -#include "sslUtils.h" -#include "sslDigests.h" -#include "sslAlertMessage.h" -#include "sslDebug.h" -#include -#include - -#define TLS_ENC_DEBUG 0 -#if TLS_ENC_DEBUG -#define tlsDebug(format, args...) printf(format , ## args) -static void tlsDump(const char *name, void *b, unsigned len) -{ - unsigned char *cp = (unsigned char *)b; - unsigned i, dex; - - printf("%s\n", name); - for(dex=0; dex= outLen - unsigned outLen) // desired output size -{ - unsigned char aSubI[TLS_HMAC_MAX_SIZE]; /* A(i) */ - unsigned char digest[TLS_HMAC_MAX_SIZE]; - HMACContextRef hmacCtx; - OSStatus serr; - unsigned digestLen = hmac->macSize; - - serr = hmac->alloc(hmac, ctx, secret, secretLen, &hmacCtx); - if(serr) { - return serr; - } - - /* A(0) = seed */ - /* A(1) := HMAC_hash(secret, seed) */ - serr = hmac->hmac(hmacCtx, seed, seedLen, aSubI, &digestLen); - if(serr) { - goto fail; - } - assert(digestLen = hmac->macSize); - - /* starting at loopNum 1... */ - for (;;) { - /* - * This loop's chunk = HMAC_hash(secret, A(loopNum) + seed)) - */ - serr = hmac->init(hmacCtx); - if(serr) { - break; - } - serr = hmac->update(hmacCtx, aSubI, digestLen); - if(serr) { - break; - } - serr = hmac->update(hmacCtx, seed, seedLen); - if(serr) { - break; - } - serr = hmac->final(hmacCtx, digest, &digestLen); - if(serr) { - break; - } - assert(digestLen = hmac->macSize); - - if(outLen <= digestLen) { - /* last time, possible partial digest */ - memmove(out, digest, outLen); - break; - } - - memmove(out, digest, digestLen); - out += digestLen; - outLen -= digestLen; - - /* - * A(i) = HMAC_hash(secret, A(i-1)) - * Note there is a possible optimization involving obtaining this - * hmac by cloning the state of hmacCtx above after updating with - * aSubI, and getting the final version of that here. However CDSA - * does not support cloning of a MAC context (only for digest contexts). - */ - serr = hmac->hmac(hmacCtx, aSubI, digestLen, - aSubI, &digestLen); - if(serr) { - break; - } - assert(digestLen = hmac->macSize); - } -fail: - hmac->free(hmacCtx); - memset(aSubI, 0, TLS_HMAC_MAX_SIZE); - memset(digest, 0, TLS_HMAC_MAX_SIZE); - return serr; -} - -/* - * The TLS pseudorandom function, defined in RFC2246, section 5. - * This takes as its input a secret block, a label, and a seed, and produces - * a caller-specified length of pseudorandom data. - * - * Optimization TBD: make label optional, avoid malloc and two copies if it's - * not there, so callers can take advantage of fixed-size seeds. - */ -OSStatus SSLInternal_PRF( - SSLContext *ctx, - const void *vsecret, - size_t secretLen, - const void *label, // optional, NULL implies that seed contains - // the label - size_t labelLen, - const void *seed, - size_t seedLen, - void *vout, // mallocd by caller, length >= outLen - size_t outLen) -{ - OSStatus serr = errSSLInternal; - const unsigned char *S1, *S2; // the two seeds - unsigned sLen; // effective length of each seed - unsigned char *labelSeed = NULL; // label + seed, passed to tlsPHash - unsigned labelSeedLen; - unsigned char *tmpOut = NULL; // output of P_SHA1 - unsigned i; - const unsigned char *secret = (const unsigned char *)vsecret; - - /* two seeds for tlsPHash */ - sLen = secretLen / 2; // for partitioning - S1 = secret; - S2 = &secret[sLen]; - sLen += (secretLen & 1); // secret length odd, increment effective size - - if(label != NULL) { - /* concatenate label and seed */ - labelSeedLen = labelLen + seedLen; - labelSeed = (unsigned char *)sslMalloc(labelSeedLen); - if(labelSeed == NULL) { - return memFullErr; - } - memmove(labelSeed, label, labelLen); - memmove(labelSeed + labelLen, seed, seedLen); - } - else { - /* fast track - just use seed as is */ - labelSeed = (unsigned char *)seed; - labelSeedLen = seedLen; - } - - /* temporary output for SHA1, to be XORd with MD5 */ - unsigned char *out = (unsigned char *)vout; - tmpOut = (unsigned char *)sslMalloc(outLen); - if(tmpOut == NULL) { - serr = memFullErr; - goto fail; - } - serr = tlsPHash(ctx, &TlsHmacMD5, S1, sLen, labelSeed, labelSeedLen, - out, outLen); - if(serr) { - goto fail; - } - serr = tlsPHash(ctx, &TlsHmacSHA1, S2, sLen, labelSeed, labelSeedLen, - tmpOut, outLen); - if(serr) { - goto fail; - } - - /* XOR together to get final result */ - for(i=0; ireadCipher.symCipher->blockSize > 0) && - ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) { - SSLFatalSessionAlert(SSL_AlertRecordOverflow, ctx); - return errSSLRecordOverflow; - } - - /* Decrypt in place */ - if ((err = ctx->readCipher.symCipher->decrypt(*payload, - *payload, - &ctx->readCipher, - ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertDecryptError, ctx); - return errSSLDecryptionFail; - } - - /* Locate content within decrypted payload */ - content.data = payload->data; - content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; - if (ctx->readCipher.symCipher->blockSize > 0) { - /* for TLSv1, padding can be anywhere from 0 to 255 bytes */ - UInt8 padSize = payload->data[payload->length - 1]; - UInt8 *padChars; - - /* verify that all padding bytes are equal - WARNING - OpenSSL code - * has a special case here dealing with some kind of bug related to - * even size packets...beware... */ - if(padSize > payload->length) { - SSLFatalSessionAlert(SSL_AlertDecodeError, ctx); - sslErrorLog("tls1DecryptRecord: bad padding length (%d)\n", - (unsigned)payload->data[payload->length - 1]); - return errSSLDecryptionFail; - } - padChars = payload->data + payload->length - padSize; - while(padChars < (payload->data + payload->length)) { - if(*padChars++ != padSize) { - SSLFatalSessionAlert(SSL_AlertDecodeError, ctx); - sslErrorLog("tls1DecryptRecord: bad padding value\n"); - return errSSLDecryptionFail; - } - } - /* Remove block size padding and its one-byte length */ - content.length -= (1 + padSize); - } - - /* Verify MAC on payload */ - if (ctx->readCipher.macRef->hash->digestSize > 0) - /* Optimize away MAC for null case */ - if ((err = SSLVerifyMac(type, content, - payload->data + content.length, ctx)) != 0) - { SSLFatalSessionAlert(SSL_AlertBadRecordMac, ctx); - return errSSLBadRecordMac; - } - - *payload = content; /* Modify payload buffer to indicate content length */ - - return noErr; -} - -/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ -static OSStatus tls1InitMac ( - CipherContext *cipherCtx, // macRef, macSecret valid on entry - // macCtx valid on return - SSLContext *ctx) -{ - const HMACReference *hmac; - OSStatus serr; - - assert(cipherCtx->macRef != NULL); - hmac = cipherCtx->macRef->hmac; - assert(hmac != NULL); - - if(cipherCtx->macCtx.hmacCtx != NULL) { - hmac->free(cipherCtx->macCtx.hmacCtx); - cipherCtx->macCtx.hmacCtx = NULL; - } - serr = hmac->alloc(hmac, ctx, cipherCtx->macSecret, - cipherCtx->macRef->hmac->macSize, &cipherCtx->macCtx.hmacCtx); - - /* mac secret now stored in macCtx.hmacCtx, delete it from cipherCtx */ - memset(cipherCtx->macSecret, 0, sizeof(cipherCtx->macSecret)); - return serr; -} - -static OSStatus tls1FreeMac ( - CipherContext *cipherCtx) -{ - /* this can be called on a completely zeroed out CipherContext... */ - if(cipherCtx->macRef == NULL) { - return noErr; - } - assert(cipherCtx->macRef->hmac != NULL); - - if(cipherCtx->macCtx.hmacCtx != NULL) { - cipherCtx->macRef->hmac->free(cipherCtx->macCtx.hmacCtx); - cipherCtx->macCtx.hmacCtx = NULL; - } - return noErr; -} - -/* - * mac = HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + - * TLSCompressed.version + TLSCompressed.length + - * TLSCompressed.fragment)); - */ - -/* sequence, type, version, length */ -#define HDR_LENGTH (8 + 1 + 2 + 2) -OSStatus tls1ComputeMac ( - UInt8 type, - SSLBuffer data, - SSLBuffer mac, // caller mallocs data - CipherContext *cipherCtx, // assumes macCtx, macRef - sslUint64 seqNo, - SSLContext *ctx) -{ - unsigned char hdr[HDR_LENGTH]; - unsigned char *p; - HMACContextRef hmacCtx; - OSStatus serr; - const HMACReference *hmac; - unsigned macLength; - - assert(cipherCtx != NULL); - assert(cipherCtx->macRef != NULL); - hmac = cipherCtx->macRef->hmac; - assert(hmac != NULL); - hmacCtx = cipherCtx->macCtx.hmacCtx; // may be NULL, for null cipher - - serr = hmac->init(hmacCtx); - if(serr) { - goto fail; - } - p = SSLEncodeUInt64(hdr, seqNo); - *p++ = type; - *p++ = TLS_Version_1_0 >> 8; - *p++ = TLS_Version_1_0 & 0xff; - *p++ = data.length >> 8; - *p = data.length & 0xff; - serr = hmac->update(hmacCtx, hdr, HDR_LENGTH); - if(serr) { - goto fail; - } - serr = hmac->update(hmacCtx, data.data, data.length); - if(serr) { - goto fail; - } - macLength = mac.length; - serr = hmac->final(hmacCtx, mac.data, &macLength); - if(serr) { - goto fail; - } - mac.length = macLength; -fail: - return serr; -} - -/* - * On input, the following are valid: - * MasterSecret[48] - * ClientHello.random[32] - * ServerHello.random[32] - * - * key_block = PRF(SecurityParameters.master_secret, - * "key expansion", - * SecurityParameters.server_random + - * SecurityParameters.client_random); - */ - -#define GKM_SEED_LEN (PLS_KEY_EXPAND_LEN + (2 * SSL_CLIENT_SRVR_RAND_SIZE)) - -OSStatus tls1GenerateKeyMaterial ( - SSLBuffer key, // caller mallocs and specifies length of - // required key material here - SSLContext *ctx) -{ - unsigned char seedBuf[GKM_SEED_LEN]; - OSStatus serr; - - /* use optimized label-less PRF */ - memmove(seedBuf, PLS_KEY_EXPAND, PLS_KEY_EXPAND_LEN); - memmove(seedBuf + PLS_KEY_EXPAND_LEN, ctx->serverRandom, - SSL_CLIENT_SRVR_RAND_SIZE); - memmove(seedBuf + PLS_KEY_EXPAND_LEN + SSL_CLIENT_SRVR_RAND_SIZE, - ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); - serr = SSLInternal_PRF(ctx, - ctx->masterSecret, - SSL_MASTER_SECRET_SIZE, - NULL, // no label - 0, - seedBuf, - GKM_SEED_LEN, - key.data, // destination - key.length); - tlsDump("key expansion", key.data, key.length); - return serr; -} - -/* - * final_client_write_key = - * PRF(SecurityParameters.client_write_key, - * "client write key", - * SecurityParameters.client_random + - * SecurityParameters.server_random); - * final_server_write_key = - * PRF(SecurityParameters.server_write_key, - * "server write key", - * SecurityParameters.client_random + - * SecurityParameters.server_random); - * - * iv_block = PRF("", "IV block", SecurityParameters.client_random + - * SecurityParameters.server_random); - * - * iv_block is broken up into: - * - * client_write_IV[SecurityParameters.IV_size] - * server_write_IV[SecurityParameters.IV_size] - */ -OSStatus tls1GenerateExportKeyAndIv ( - SSLContext *ctx, // clientRandom, serverRandom valid - const SSLBuffer clientWriteKey, - const SSLBuffer serverWriteKey, - SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller - SSLBuffer finalClientIV, // RETURNED, mallocd by caller - SSLBuffer finalServerIV) // RETURNED, mallocd by caller -{ - unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE]; - OSStatus serr; - unsigned char *ivBlock; - char *nullKey = ""; - - /* all three PRF calls use the same seed */ - memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); - memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE, - ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE); - - serr = SSLInternal_PRF(ctx, - clientWriteKey.data, - clientWriteKey.length, - (const unsigned char *)PLS_EXPORT_CLIENT_WRITE, - PLS_EXPORT_CLIENT_WRITE_LEN, - randBuf, - 2 * SSL_CLIENT_SRVR_RAND_SIZE, - finalClientWriteKey.data, // destination - finalClientWriteKey.length); - if(serr) { - return serr; - } - serr = SSLInternal_PRF(ctx, - serverWriteKey.data, - serverWriteKey.length, - (const unsigned char *)PLS_EXPORT_SERVER_WRITE, - PLS_EXPORT_SERVER_WRITE_LEN, - randBuf, - 2 * SSL_CLIENT_SRVR_RAND_SIZE, - finalServerWriteKey.data, // destination - finalServerWriteKey.length); - if(serr) { - return serr; - } - if((finalClientIV.length == 0) && (finalServerIV.length == 0)) { - /* skip remainder as optimization */ - return noErr; - } - ivBlock = (unsigned char *)sslMalloc(finalClientIV.length + finalServerIV.length); - if(ivBlock == NULL) { - return memFullErr; - } - serr = SSLInternal_PRF(ctx, - (const unsigned char *)nullKey, - 0, - (const unsigned char *)PLS_EXPORT_IV_BLOCK, - PLS_EXPORT_IV_BLOCK_LEN, - randBuf, - 2 * SSL_CLIENT_SRVR_RAND_SIZE, - ivBlock, // destination - finalClientIV.length + finalServerIV.length); - if(serr) { - goto done; - } - memmove(finalClientIV.data, ivBlock, finalClientIV.length); - memmove(finalServerIV.data, ivBlock + finalClientIV.length, finalServerIV.length); -done: - sslFree(ivBlock); - return serr; -} - -/* - * On entry: clientRandom, serverRandom, preMasterSecret valid - * On return: masterSecret valid - * - * master_secret = PRF(pre_master_secret, "master secret", - * ClientHello.random + ServerHello.random) - * [0..47]; - */ - -OSStatus tls1GenerateMasterSecret ( - SSLContext *ctx) -{ - unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE]; - OSStatus serr; - - memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); - memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE, - ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE); - serr = SSLInternal_PRF(ctx, - ctx->preMasterSecret.data, - ctx->preMasterSecret.length, - (const unsigned char *)PLS_MASTER_SECRET, - PLS_MASTER_SECRET_LEN, - randBuf, - 2 * SSL_CLIENT_SRVR_RAND_SIZE, - ctx->masterSecret, // destination - SSL_MASTER_SECRET_SIZE); - tlsDump("master secret", ctx->masterSecret, SSL_MASTER_SECRET_SIZE); - return serr; -} - -/* - * Given digests contexts representing the running total of all handshake messages, - * calculate mac for "finished" message. - * - * verify_data = 12 bytes = - * PRF(master_secret, finished_label, MD5(handshake_messages) + - * SHA-1(handshake_messages)) [0..11]; - */ -OSStatus tls1ComputeFinishedMac ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState, // ditto - Boolean isServer) -{ - unsigned char digests[SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN]; - SSLBuffer digBuf; - char *finLabel; - unsigned finLabelLen; - OSStatus serr; - - if(isServer) { - finLabel = PLS_SERVER_FINISH; - finLabelLen = PLS_SERVER_FINISH_LEN; - } - else { - finLabel = PLS_CLIENT_FINISH; - finLabelLen = PLS_CLIENT_FINISH_LEN; - } - - /* concatenate two digest results */ - digBuf.data = digests; - digBuf.length = SSL_MD5_DIGEST_LEN; - serr = SSLHashMD5.final(md5MsgState, digBuf); - if(serr) { - return serr; - } - digBuf.data += SSL_MD5_DIGEST_LEN; - digBuf.length = SSL_SHA1_DIGEST_LEN; - serr = SSLHashSHA1.final(shaMsgState, digBuf); - if(serr) { - return serr; - } - return SSLInternal_PRF(ctx, - ctx->masterSecret, - SSL_MASTER_SECRET_SIZE, - (const unsigned char *)finLabel, - finLabelLen, - digests, - SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN, - finished.data, // destination - finished.length); -} - -/* - * This one is trivial. - * - * mac := MD5(handshake_messages) + SHA(handshake_messages); - * - * I don't know why this one doesn't use an HMAC or the master secret (as SSLv3 - * does). - */ -OSStatus tls1ComputeCertVfyMac ( - SSLContext *ctx, - SSLBuffer finished, // output - mallocd by caller - SSLBuffer shaMsgState, // clone of running digest of all handshake msgs - SSLBuffer md5MsgState) // ditto -{ - SSLBuffer digBuf; - OSStatus serr; - - assert(finished.length == (SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN)); - digBuf.data = finished.data; - digBuf.length = SSL_MD5_DIGEST_LEN; - serr = SSLHashMD5.final(md5MsgState, digBuf); - if(serr) { - return serr; - } - digBuf.data = finished.data + SSL_MD5_DIGEST_LEN; - digBuf.length = SSL_SHA1_DIGEST_LEN; - return SSLHashSHA1.final(shaMsgState, digBuf); -} - -const SslTlsCallouts Tls1Callouts = { - tls1DecryptRecord, - ssl3WriteRecord, - tls1InitMac, - tls1FreeMac, - tls1ComputeMac, - tls1GenerateKeyMaterial, - tls1GenerateExportKeyAndIv, - tls1GenerateMasterSecret, - tls1ComputeFinishedMac, - tls1ComputeCertVfyMac -}; diff --git a/SecureTransport/tls_hmac.cpp b/SecureTransport/tls_hmac.cpp deleted file mode 100644 index d18b9883..00000000 --- a/SecureTransport/tls_hmac.cpp +++ /dev/null @@ -1,319 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: tls_hmac.c - - Contains: HMAC routines used by TLS - - Written by: Doug Mitchell -*/ - -#include "tls_hmac.h" -#include "appleCdsa.h" -#include "sslMemory.h" -#include "cryptType.h" -#include "sslDigests.h" -#include -#include -#include - -/* Per-session state, opaque to callers; all fields set at alloc time */ -struct HMACContext { - SSLContext *ctx; - CSSM_CC_HANDLE ccHand; - const struct HMACReference *hmac; -}; - -#pragma mark *** Common CDSA_based HMAC routines *** - -/* Create an HMAC session */ -static OSStatus HMAC_Alloc( - const struct HMACReference *hmac, - SSLContext *ctx, - const void *keyPtr, - unsigned keyLen, - HMACContextRef *hmacCtx) // RETURNED -{ - CSSM_RETURN crtn; - CSSM_KEY cssmKey; - OSStatus serr; - CSSM_ALGORITHMS calg; - HMACContextRef href = (HMACContextRef)sslMalloc(sizeof(struct HMACContext)); - - if(href == NULL) { - return memFullErr; - } - href->ctx = ctx; - href->ccHand = 0; - href->hmac = hmac; - - /* - * Since the key is present in the CDSA context, we cook up the context now. - * Currently we can't reuse an HMAC context if the key changes. - */ - switch(hmac->alg) { - case HA_SHA1: - calg = CSSM_ALGID_SHA1HMAC; - break; - case HA_MD5: - calg = CSSM_ALGID_MD5HMAC; - break; - default: - assert(0); - return errSSLInternal; - } - serr = sslSetUpSymmKey(&cssmKey, - calg, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, - CSSM_FALSE, /* don't malloc/copy key */ - (uint8 *)keyPtr, - keyLen); - if(serr) { - return serr; - } - if(attachToCsp(ctx)) { - return serr; - } - crtn = CSSM_CSP_CreateMacContext(ctx->cspHand, - calg, - &cssmKey, - &href->ccHand); - if(crtn) { - stPrintCdsaError("CSSM_CSP_CreateMacContext", crtn); - return errSSLCrypto; - } - - /* success */ - *hmacCtx = href; - return noErr; -} - -/* free a session */ -static OSStatus HMAC_Free( - HMACContextRef hmacCtx) -{ - if(hmacCtx != NULL) { - if(hmacCtx->ccHand != 0) { - CSSM_DeleteContext(hmacCtx->ccHand); - hmacCtx->ccHand = 0; - } - sslFree(hmacCtx); - } - return noErr; -} - -/* Reusable init */ -static OSStatus HMAC_Init( - HMACContextRef hmacCtx) -{ - CSSM_RETURN crtn; - - if(hmacCtx == NULL) { - return errSSLInternal; - } - assert(hmacCtx->ctx != NULL); - assert(hmacCtx->hmac != NULL); - assert(hmacCtx->ccHand != 0); - - crtn = CSSM_GenerateMacInit(hmacCtx->ccHand); - if(crtn) { - stPrintCdsaError("CSSM_GenerateMacInit", crtn); - return errSSLCrypto; - } - return noErr; -} - -/* normal crypt ops */ -static OSStatus HMAC_Update( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen) -{ - CSSM_RETURN crtn; - CSSM_DATA cdata; - - if(hmacCtx == NULL) { - return errSSLInternal; - } - assert(hmacCtx->ctx != NULL); - assert(hmacCtx->hmac != NULL); - assert(hmacCtx->ccHand != 0); - cdata.Data = (uint8 *)data; - cdata.Length = dataLen; - crtn = CSSM_GenerateMacUpdate(hmacCtx->ccHand, &cdata, 1); - if(crtn) { - stPrintCdsaError("CSSM_GenerateMacUpdate", crtn); - return errSSLCrypto; - } - return noErr; -} - -static OSStatus HMAC_Final( - HMACContextRef hmacCtx, - void *hmac, // mallocd by caller - unsigned *hmacLen) // IN/OUT -{ - CSSM_RETURN crtn; - CSSM_DATA cdata; - - if(hmacCtx == NULL) { - return errSSLInternal; - } - if((hmac == NULL) || (hmacLen == 0)) { - return errSSLInternal; - } - assert(hmacCtx->ctx != NULL); - assert(hmacCtx->hmac != NULL); - assert(hmacCtx->ccHand != 0); - cdata.Data = (uint8 *)hmac; - cdata.Length = *hmacLen; - crtn = CSSM_GenerateMacFinal(hmacCtx->ccHand, &cdata); - if(crtn) { - stPrintCdsaError("CSSM_GenerateMacFinal", crtn); - return errSSLCrypto; - } - *hmacLen = cdata.Length; - return noErr; -} - -/* one-shot */ -static OSStatus HMAC_Hmac ( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen, - void *hmac, // mallocd by caller - unsigned *hmacLen) // IN/OUT -{ - OSStatus serr; - const HMACReference *hmacRef; - - if(hmacCtx == NULL) { - return errSSLInternal; - } - hmacRef = hmacCtx->hmac; - assert(hmacRef != NULL); - serr = hmacRef->init(hmacCtx); - if(serr) { - return serr; - } - serr = hmacRef->update(hmacCtx, data, dataLen); - if(serr) { - return serr; - } - return hmacRef->final(hmacCtx, hmac, hmacLen); -} - -#pragma mark *** Null HMAC *** - -static OSStatus HMAC_AllocNull( - const struct HMACReference *hmac, - SSLContext *ctx, - const void *keyPtr, - unsigned keyLen, - HMACContextRef *hmacCtx) // RETURNED -{ - *hmacCtx = NULL; - return noErr; -} - -static OSStatus HMAC_FreeNull( - HMACContextRef hmacCtx) -{ - return noErr; -} - -static OSStatus HMAC_InitNull( - HMACContextRef hmacCtx) - { - return noErr; -} - -static OSStatus HMAC_UpdateNull( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen) -{ - return noErr; -} - -static OSStatus HMAC_FinalNull( - HMACContextRef hmacCtx, - void *hmac, // mallocd by caller - unsigned *hmacLen) // IN/OUT -{ - return noErr; -} - -static OSStatus HMAC_HmacNull ( - HMACContextRef hmacCtx, - const void *data, - unsigned dataLen, - void *hmac, // mallocd by caller - unsigned *hmacLen) -{ - return noErr; -} - -const HMACReference TlsHmacNull = { - 0, - HA_Null, - HMAC_AllocNull, - HMAC_FreeNull, - HMAC_InitNull, - HMAC_UpdateNull, - HMAC_FinalNull, - HMAC_HmacNull -}; - -const HMACReference TlsHmacSHA1 = { - 20, - HA_SHA1, - HMAC_Alloc, - HMAC_Free, - HMAC_Init, - HMAC_Update, - HMAC_Final, - HMAC_Hmac -}; - -const HMACReference TlsHmacMD5 = { - 16, - HA_MD5, - HMAC_Alloc, - HMAC_Free, - HMAC_Init, - HMAC_Update, - HMAC_Final, - HMAC_Hmac -}; - -const HashHmacReference HashHmacNull = { - &SSLHashNull, - &TlsHmacNull -}; - -const HashHmacReference HashHmacMD5 = { - &SSLHashMD5, - &TlsHmacMD5 -}; - -const HashHmacReference HashHmacSHA1 = { - &SSLHashSHA1, - &TlsHmacSHA1 -}; diff --git a/Security.exp b/Security.exp deleted file mode 100644 index 6eb9eee7..00000000 --- a/Security.exp +++ /dev/null @@ -1,79 +0,0 @@ -_gGuidCssm -_gGuidAppleCSP -_gGuidAppleFileDL -_gGuidAppleCSPDL -_gGuidAppleFileDL -_gGuidAppleX509CL -_gGuidAppleX509TP -_cssmPerror -_cssmOidToAlg -_cssmAlgToOid -_security_ktrace -___security_debug -___security_debugging -_MDS_Initialize -_MDS_Terminate -_MDS_Install -_MDS_Uninstall -_SSLNewContext -_SSLDisposeContext -_SSLGetSessionState -_SSLSetIOFuncs -_SSLSetProtocolVersion -_SSLGetProtocolVersion -_SSLSetProtocolVersionEnabled -_SSLGetProtocolVersionEnabled -_SSLSetCertificate -_SSLSetConnection -_SSLGetConnection -_SSLGetNegotiatedProtocolVersion -_SSLGetNumberSupportedCiphers -_SSLGetSupportedCiphers -_SSLSetEnabledCiphers -_SSLGetNumberEnabledCiphers -_SSLGetEnabledCiphers -_SSLSetAllowsExpiredCerts -_SSLGetAllowsExpiredCerts -_SSLSetAllowsExpiredRoots -_SSLGetAllowsExpiredRoots -_SSLSetEnableCertVerify -_SSLGetEnableCertVerify -_SSLGetPeerCertificates -_SSLGetPeerSecTrust -_SSLSetTrustedRoots -_SSLGetTrustedRoots -_SSLSetPeerID -_SSLGetPeerID -_SSLSetPeerDomainName -_SSLGetPeerDomainNameLength -_SSLGetPeerDomainName -_SSLGetNegotiatedCipher -_SSLSetEncryptionCertificate -_SSLGetBufferedReadSize -_SSLHandshake -_SSLWrite -_SSLRead -_SSLClose -_SSLSetAllowsAnyRoot -_SSLGetAllowsAnyRoot -_SSLAddDistinguishedName -_SSLSetClientSideAuthenticate -_SSLSetRsaBlinding -_SSLGetRsaBlinding -_SessionGetInfo -_SessionCreate -_checkpw -_checkpw_internal -_SSLInternalMasterSecret -_SSLInternalServerRandom -_SSLInternalClientRandom -_SSLInternal_PRF -_SSLGetClientCertificateState -_SSLSetDiffieHellmanParams -_SSLGetDiffieHellmanParams -_SSLGetResumableSessionInfo -_NSS_DSAPublicKeyX509Template -_SecKeyImportPair -___authorization_bind -_SecCopyErrorMessageString - diff --git a/Security.order b/Security.order deleted file mode 100644 index 954965d7..00000000 --- a/Security.order +++ /dev/null @@ -1,6655 +0,0 @@ -Security:single module:__mh_dylib_header -Security:single module:_ucsp_client_setup -Security:single module:__Z27__MIG_check__Reply__setup_tP16__Reply__setup_t -Security:single module:__ZN8Security14SecurityServer13ClientSession6GlobalC4Ev -Security:single module:__ZN8Security12MachPlusPlus5Error5checkEi -Security:single module:__ZN8Security12MachPlusPlus4Port13requestNotifyEjij -Security:single module:__ZNSs4_Rep10_M_destroyERKSaIcE -Security:single module:__ZN8Security17ModuleNexusCommon6createEPFPvvE -Security:single module:__ZN8Security5Mutex6unlockEv -Security:single module:__ZN8Security5MutexD1Ev -Security:single module:__ZN8Security5MutexD4Ev -Security:single module:__ZdlPv -Security:single module:__ZN8Security14SecurityServer13ClientSession8activateEv -Security:single module:__ZN8Security14SecurityServer13ClientSession14getSessionInfoERmS2_ -Security:single module:_ucsp_client_getSessionInfo -Security:single module:__ZN8Security12MachPlusPlus10MachServer15runServerThreadEb -Security:single module:__ZN8Security5Mutex4lockEv -Security:single module:__Z36__MIG_check__Reply__getSessionInfo_tP25__Reply__getSessionInfo_t -Security:single module:_SessionGetInfo -Security:single module:__ZN8Security12MachPlusPlus10MachServer12processTimerEv -Security:single module:__ZN8Security4Time3nowEv -Security:single module:_ucsp_client_authorizationCreate -Security:single module:__Z41__MIG_check__Reply__authorizationCreate_tP30__Reply__authorizationCreate_t -Security:single module:__ZN8Security14SecurityServer13ClientSession10authCreateEPK20AuthorizationItemSetS4_mRNS0_17AuthorizationBlobE -Security:single module:__ZN20DefaultCssmAllocator4freeEPv -Security:single module:_AuthorizationCreate -Security:single module:__ZN20DefaultCssmAllocator6mallocEm -Security:single module:_AuthorizationMakeExternalForm -Security:single module:__ZN8Security14SecurityServer13ClientSession15authExternalizeERKNS0_17AuthorizationBlobER25AuthorizationExternalForm -Security:single module:_ucsp_client_authorizationExternalize -Security:single module:__Z46__MIG_check__Reply__authorizationExternalize_tP35__Reply__authorizationExternalize_t -Security:single module:_ucsp_client_authorizationInternalize -Security:single module:__Z46__MIG_check__Reply__authorizationInternalize_tP35__Reply__authorizationInternalize_t -Security:single module:__ZN8Security14SecurityServer13ClientSession15authInternalizeERK25AuthorizationExternalFormRNS0_17AuthorizationBlobE -Security:single module:_AuthorizationCreateFromExternalForm -Security:single module:_SessionCreate -Security:single module:__ZN8Security14SecurityServer13ClientSession12setupSessionEmm -Security:single module:_cdsa_notify_server -Security:single module:__Xmach_notify_dead_name -Security:single module:_cdsa_mach_notify_dead_name -Security:single module:__ZN8Security12MachPlusPlus10MachServer26releaseDeferredAllocationsEv -Security:single module:__ZN8Security15ThreadStoreSlotD2Ev -Security:single module:__ZN8Security15ThreadStoreSlotD4Ev -Security:single module:__ZN8Security11CodeSigning13GenericBundleD2Ev -Security:single module:__ZN8Security11CodeSigning13GenericBundleD4Ev -Security:single module:__Znwm -Security:single module:__ZN8Security5MutexC1Eb -Security:single module:__ZN8Security5MutexC4Eb -Security:single module:__ZN8Security14SecurityServer13ClientSession6GlobalC1Ev -Security:single module:__ZN8Security15ThreadStoreSlotC2EPFvPvE -Security:single module:__ZN8Security15ThreadStoreSlotC4EPFvPvE -Security:single module:__ZNK8Security12MachPlusPlus9Bootstrap6lookupEPKc -Security:single module:__ZN8Security12MachPlusPlus11ReceivePortC2EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus11ReceivePortC4EPKcRKNS0_9BootstrapE -Security:single module:__ZNK8Security12MachPlusPlus9Bootstrap15checkInOptionalEPKc -Security:single module:_ucsp_client_setupNew -Security:single module:__Z30__MIG_check__Reply__setupNew_tP19__Reply__setupNew_t -Security:single module:_ucsp_client_setupSession -Security:single module:__Z34__MIG_check__Reply__setupSession_tP23__Reply__setupSession_t -Security:single module:_ucsp_client_setupThread -Security:single module:__ZNK8Security12MachPlusPlus10MachServer12notifyIfDeadENS0_4PortEb -Security:single module:__Z33__MIG_check__Reply__setupThread_tP22__Reply__setupThread_t -Security:single module:__ZN8Security18DevRandomGenerator6randomEPvm -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc4readEPvm -Security:single module:_AuthorizationCopyRights -Security:single module:__ZN8Security14SecurityServer13ClientSession14authCopyRightsERKNS0_17AuthorizationBlobEPK20AuthorizationItemSetS7_mPPS5_ -Security:single module:_ucsp_client_authorizationCopyRights -Security:single module:__ZNK10__cxxabiv120__si_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE -Security:single module:__ZNKSt9type_infoeqERKS_ -Security:single module:__ZN8Security10CssmClient7ContextC2ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient7ContextC4ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient10ObjectImplC2ERKNS0_6ObjectE -Security:single module:__ZN8Security10CssmClient10ObjectImplC4ERKNS0_6ObjectE -Security:single module:__ZN8Security10CssmClient10ObjectImpl8addChildEv -Security:single module:__ZN8Security10CssmClient6Digest6digestEPKNS_8CssmDataEmRS2_ -Security:single module:__ZN8Security10CssmClient6Digest8activateEv -Security:single module:___dynamic_cast -Security:single module:__ZN8Security10CssmClient14AttachmentImpl8activateEv -Security:single module:_CSSM_CSP_CreateDigestContext -Security:single module:__ZN8Security12HandleObject5State6locateEml -Security:single module:__ZN8Security5Mutex7tryLockEv -Security:single module:__ZN8Security13CountingMutex11finishEnterEv -Security:single module:__ZN8Security7Context7Builder4makeEv -Security:single module:__ZN8Security28CssmMemoryFunctionsAllocator6mallocEm -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctions11relayMallocEmPv -Security:single module:__ZN13HandleContext5MakerclEmm -Security:single module:__ZN8Security12HandleObject5State4makeEPS0_ -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE8allocateEm -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockC4Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockD4Ev -Security:single module:__ZN8Security7ContextC2Emm -Security:single module:__ZN8Security7ContextC4Emm -Security:single module:__ZN8Security7Context7Builder4doneERP22cssm_context_attributeRm -Security:single module:__ZN13HandleContext14validateChangeEm -Security:single module:__Z16cssm_EventNotifymmyPK12cssm_context -Security:single module:__ZNK10__cxxabiv121__vmi_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE -Security:single module:__ZN8Security16CSPPluginSession11EventNotifyEmyRKNS_7ContextE -Security:single module:__ZN15AppleCSPSession13contextCreateEyRKN8Security7ContextE -Security:single module:__ZN8Security13CountingMutex4exitEv -Security:single module:__ZN8Security28CssmMemoryFunctionsAllocator4freeEPv -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctions9relayFreeEPvS1_ -Security:single module:__ZN8Security10CssmClient10ObjectImpl5checkEl -Security:single module:_CSSM_DigestData -Security:single module:__ZN13HandleContext7tryLockEv -Security:single module:__ZN8Security13CountingMutex8tryEnterEv -Security:single module:__Z15cssm_DigestDatamyPK12cssm_contextPK9cssm_datamPS2_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession10DigestDataEyRKNS_7ContextEPKNS_8CssmDataEmRS4_ -Security:single module:__ZN8Security20CSPFullPluginSession10DigestDataEyRKNS_7ContextEPKNS_8CssmDataEmRS4_ -Security:single module:__ZN8Security20CSPFullPluginSession14DigestDataInitEyRKNS_7ContextE -Security:single module:__ZN8Security20CSPFullPluginSession4initEymRKNS_7ContextEb -Security:single module:__ZN8Security20CSPFullPluginSession14checkOperationEmm -Security:single module:__ZN15AppleCSPSession12setupContextERPN8Security20CSPFullPluginSession10CSPContextERKNS0_7ContextEb -Security:single module:__ZN15RSA_DSA_Factory5setupER15AppleCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextE -Security:single module:__ZN14MiscAlgFactory5setupER15AppleCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextE -Security:single module:__ZN13DigestContext4initERKN8Security7ContextEb -Security:single module:__ZN10SHA1Object10digestInitEv -Security:single module:_shsInit -Security:single module:__ZN8Security20CSPFullPluginSession16DigestDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN8Security20CSPFullPluginSession16getStagedContextEymb -Security:single module:__ZN13DigestContext6updateERKN8Security8CssmDataE -Security:single module:__ZN10SHA1Object12digestUpdateEPKvm -Security:single module:__ZN8Security20CSPFullPluginSession15DigestDataFinalEyRNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext5finalERNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN13DigestContext10outputSizeEbm -Security:single module:__ZNK10SHA1Object17digestSizeInBytesEv -Security:single module:__ZN13DigestContext5finalERN8Security8CssmDataE -Security:single module:__ZN10SHA1Object11digestFinalEPv -Security:single module:_shsUpdate -Security:single module:_shsFinal -Security:single module:_shsTransform -Security:single module:__ZN8Security10CssmClient7ContextD2Ev -Security:single module:__ZN8Security10CssmClient7ContextD4Ev -Security:single module:__ZN8Security10CssmClient7Context10deactivateEv -Security:single module:_CSSM_DeleteContext -Security:single module:__ZN8Security16CSPPluginSession13contextDeleteEyRKNS_7ContextEPNS0_13PluginContextE -Security:single module:__ZN15AppleCSPContextD2Ev -Security:single module:__ZN15AppleCSPContextD4Ev -Security:single module:__ZN8Security16CSPPluginSession13PluginContextD2Ev -Security:single module:__ZN8Security16CSPPluginSession13PluginContextD4Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE10deallocateEPvm -Security:single module:__ZN13HandleContextD1Ev -Security:single module:__ZN13HandleContextD4Ev -Security:single module:__ZN8Security12HandleObjectD2Ev -Security:single module:__ZN8Security12HandleObjectD4Ev -Security:single module:__ZN8Security12HandleObject5State5eraseEPS0_ -Security:single module:__ZN8Security10CssmClient10ObjectImplD2Ev -Security:single module:__ZN8Security10CssmClient10ObjectImplD4Ev -Security:single module:__ZN8Security10CssmClient10ObjectImpl11removeChildEv -Security:single module:__ZN8Security13CssmAllocator8standardEm -Security:single module:__ZN8Security12MachPlusPlus10MachServer16longTermActivityEv -Security:single module:__ZNK8Security12MachPlusPlus9Bootstrap14lookupOptionalEPKc -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapC1ERKNS0_9BootstrapERKNS0_8TaskPortE -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapC4ERKNS0_9BootstrapERKNS0_8TaskPortE -Security:single module:__ZN8Security14SecurityServer13ClientSessionC2ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security14SecurityServer13ClientSessionC4ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security11CodeSigning7OSXCode4mainEv -Security:single module:__ZN8Security11CodeSigning7OSXCode7getPathEPK7__CFURL -Security:single module:__ZNSsC1EPKcRKSaIcE -Security:single module:__ZNSsC4EPKcRKSaIcE -Security:single module:__ZNSs12_S_constructIPKcEEPcT_S3_RKSaIcESt20forward_iterator_tag -Security:single module:__ZNSs4_Rep9_S_createEmRKSaIcE -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE9_S_refillEm -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE14_S_chunk_allocEmRi -Security:single module:__ZNSs12_Alloc_hiderC4EPcRKSaIcE -Security:single module:__ZNK8Security11CodeSigning14ExecutableTool6encodeEv -Security:single module:__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_EPKS3_RKS6_ -Security:single module:__ZNSsC4Ev -Security:single module:__ZNSs7reserveEm -Security:single module:__ZNKSs13get_allocatorEv -Security:single module:__ZNSs4_Rep8_M_cloneERKSaIcEm -Security:single module:__ZNKSs7_M_iendEv -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_PKcS4_ -Security:single module:__ZNKSs9_M_ibeginEv -Security:single module:__ZNSs7replaceEmmPKcm -Security:single module:__ZNSs15_M_replace_safeIPKcEERSsN9__gnu_cxx17__normal_iteratorIPcSsEES6_T_S7_ -Security:single module:__ZNSs9_M_mutateEmmm -Security:single module:__ZNSs6appendERKSs -Security:single module:__ZNSs15_M_replace_safeIN9__gnu_cxx17__normal_iteratorIPcSsEEEERSsS3_S3_T_S5_ -Security:single module:__ZNSs13_S_copy_charsEPcN9__gnu_cxx17__normal_iteratorIS_SsEES2_ -Security:single module:__ZNSs6assignERKSs -Security:single module:__ZNSs4_Rep7_M_grabERKSaIcES2_ -Security:single module:__ZNK8Security12MachPlusPlus8TaskPort3pidEv -Security:single module:__ZN8Security11CodeSigning7OSXCode6decodeEPKc -Security:single module:_security_ktrace -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC2EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC4EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus10MachServerC2EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus10MachServerC4EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus11ReceivePortC1EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security11CodeSigning13GenericBundleC2EPKc -Security:single module:__ZN8Security11CodeSigning13GenericBundleC4EPKc -Security:single module:__ZNK8Security11CodeSigning13GenericBundle6encodeEv -Security:single module:__ZN8Security11CodeSigning13GenericBundleC1EPKc -Security:single module:__ZN8Security5Debug5debugEPKcS2_z -Security:single module:__ZN8Security5Debug6Target3getEv -Security:single module:__ZN8Security5Debug6Target7messageEPKcS3_Pc -Security:single module:__ZNK8Security5Debug6Target8SelectorclEPKc -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer3runEmi -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer10cfCallbackEP12__CFMachPortPvlS4_ -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer10oneRequestEP17mach_msg_header_t -Security:single module:__ZN8Security5Debug12makeTypeNameERKSt9type_info -Security:single module:___cxa_demangle -Security:single module:___cxa_dyn_string_init -Security:single module:_cp_demangle_type -Security:single module:_demangling_new -Security:single module:___cxa_dyn_string_new -Security:single module:_result_push -Security:single module:_string_list_new -Security:single module:_demangle_type -Security:single module:_substitution_start -Security:single module:_current_template_arg_list -Security:single module:_demangle_type_ptr -Security:single module:_demangle_class_enum_type -Security:single module:_demangle_name -Security:single module:_demangle_unqualified_name -Security:single module:_demangle_source_name -Security:single module:_demangle_number -Security:single module:_demangle_number_literally -Security:single module:___cxa_dyn_string_append_char -Security:single module:___cxa_dyn_string_resize -Security:single module:___cxa_dyn_string_delete -Security:single module:_demangle_identifier -Security:single module:___cxa_dyn_string_clear -Security:single module:___cxa_dyn_string_insert -Security:single module:_substitution_add -Security:single module:___cxa_dyn_string_substring -Security:single module:_pop_to_template_arg_list -Security:single module:___cxa_dyn_string_insert_char -Security:single module:_result_pop -Security:single module:___cxa_dyn_string_copy -Security:single module:_demangling_delete -Security:single module:_string_list_delete -Security:single module:__ZNK8Security12MachPlusPlus17MachRunLoopServer12notifyIfDeadENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer16blockNewRequestsEb -Security:single module:_demangle_builtin_type -Security:single module:___cxa_dyn_string_insert_cstr -Security:single module:__ZN8Security12MachPlusPlus10MachServer15releaseWhenDoneERNS_13CssmAllocatorEPv -Security:single module:__ZN8Security12MachPlusPlus10deallocateEjm -Security:single module:_checkpw_internal -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer20cfInvalidateCallbackEP12__CFMachPortPv -Security:single module:_AuthorizationFree -Security:single module:__ZN8Security14SecurityServer13ClientSession11authReleaseERKNS0_17AuthorizationBlobEm -Security:single module:_ucsp_client_authorizationRelease -Security:single module:__Z42__MIG_check__Reply__authorizationRelease_tP31__Reply__authorizationRelease_t -Security:single module:__Z45__MIG_check__Reply__authorizationCopyRights_tP34__Reply__authorizationCopyRights_t -Security:single module:_AuthorizationCopyInfo -Security:single module:__ZN8Security14SecurityServer13ClientSession12authCopyInfoERKNS0_17AuthorizationBlobEPKcRP20AuthorizationItemSet -Security:single module:_ucsp_client_authorizationCopyInfo -Security:single module:__Z43__MIG_check__Reply__authorizationCopyInfo_tP32__Reply__authorizationCopyInfo_t -Security:single module:__Xmach_notify_no_senders -Security:single module:_cdsa_mach_notify_no_senders -Security:single module:__Xmach_notify_port_deleted -Security:single module:_cdsa_mach_notify_port_deleted -Security:single module:__ZN8Security12MachPlusPlus10MachServer17notifyPortDeletedENS0_4PortE -Security:single module:__ZN8Security10CssmClient7CSPImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient7CSPImplC4ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient14AttachmentImplC2ERKNS_4GuidEm -Security:single module:__ZN8Security10CssmClient14AttachmentImplC4ERKNS_4GuidEm -Security:single module:__ZN8Security10CssmClient8CssmImpl8standardEv -Security:single module:__ZN8Security5MutexC2Eb -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssm3getEv -Security:single module:__ZN8Security10CssmClient8CssmImplC1Eb -Security:single module:__ZN8Security10CssmClient8CssmImplC4Eb -Security:single module:__ZN8Security10CssmClient10ObjectImplC2Ev -Security:single module:__ZN8Security10CssmClient10ObjectImplC4Ev -Security:single module:__ZN8Security10CssmClient8CssmImpl5setupEv -Security:single module:__ZN8Security10CssmClient8CssmImpl10autoModuleERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient10ModuleImplC1ERKNS_4GuidERKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient10ModuleImplC4ERKNS_4GuidERKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient14AttachmentImpl4makeEm -Security:single module:_SecKeychainFindGenericPassword -Security:single module:__ZN8Security12KeychainCore7GlobalsC1Ev -Security:single module:__ZN8Security12KeychainCore7GlobalsC4Ev -Security:single module:__ZN8Security12KeychainCore14StorageManagerC1Ev -Security:single module:__ZN8Security12KeychainCore14StorageManagerC4Ev -Security:single module:__ZN8Security14DLDbListCFPrefC1E20SecPreferencesDomain -Security:single module:__ZN8Security14DLDbListCFPrefC4E20SecPreferencesDomain -Security:single module:__ZN8Security14DLDbListCFPref16loadPropertyListEb -Security:single module:__ZN8Security14DLDbListCFPref18ExpandTildesInPathERKSs -Security:single module:__ZNKSs4findEPKcmm -Security:single module:__ZN8Security14DLDbListCFPref9getPwInfoENS0_10PwInfoTypeE -Security:single module:__ZN8Security16PasswordDBLookupC1Ev -Security:single module:__ZN8Security16PasswordDBLookupC4Ev -Security:single module:__ZN8Security16PasswordDBLookup15lookupInfoOnUIDEj -Security:single module:__ZNSs6assignEPKcm -Security:single module:__ZNSsC1ERKSsmm -Security:single module:__ZNSsC4ERKSsmm -Security:single module:__ZNKSs8_M_checkEm -Security:single module:__ZNKSs7_M_foldEmm -Security:single module:__ZNSs12_S_constructIN9__gnu_cxx17__normal_iteratorIPcSsEEEES2_T_S4_RKSaIcESt20forward_iterator_tag -Security:single module:__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_ERKS6_S8_ -Security:single module:__ZNSsC1ERKSs -Security:single module:__ZNSsC4ERKSs -Security:single module:__ZN8Security10CssmClient10AclFactoryC1Ev -Security:single module:__ZN8Security10CssmClient10AclFactoryC4Ev -Security:single module:__ZN8Security12KeychainCore14StorageManager18optionalSearchListEPKvRSt6vectorINS0_8KeychainESaIS5_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager13getSearchListERSt6vectorINS0_8KeychainESaIS3_EE -Security:single module:__ZN8Security14DLDbListCFPref6revertEb -Security:single module:__ZN8Security14DLDbListCFPref10searchListEv -Security:single module:__ZN8Security14DLDbListCFPref31cfDictionaryRefToDLDbIdentifierEPK14__CFDictionary -Security:single module:__ZN8Security4GuidC1EPKc -Security:single module:__ZN8Security4GuidC4EPKc -Security:single module:__ZN8Security17CssmSubserviceUidC1ERK9cssm_guidPK12cssm_versionmm -Security:single module:__ZN8Security17CssmSubserviceUidC4ERK9cssm_guidPK12cssm_versionmm -Security:single module:__ZN8Security6DbNameC1EPKcPK16cssm_net_address -Security:single module:__ZN8Security6DbNameC4EPKcPK16cssm_net_address -Security:single module:__ZN8Security14DLDbListCFPref21defaultDLDbIdentifierEv -Security:single module:__ZN8Security14DLDbListCFPref19loginDLDbIdentifierEv -Security:single module:__ZN8Security14DLDbListCFPref25JaguarLoginDLDbIdentifierEv -Security:single module:__ZN8Security12KeychainCore14StorageManager9_keychainERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security10CssmClient10ModuleImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient10ModuleImplC4ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC4ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC4ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient7CSPImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient7CSPImplC4ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient14AttachmentImplC2ERKNS0_6ModuleEm -Security:single module:__ZN8Security10CssmClient14AttachmentImplC4ERKNS0_6ModuleEm -Security:single module:__ZN8Security10CssmClient6DLImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6DLImplC4ERKNS0_6ModuleE -Security:single module:__ZThn64_N8Security10CssmClient9CSPDLImpl12subserviceIdEm -Security:single module:__ZN8Security10CssmClient9CSPDLImpl12subserviceIdEm -Security:single module:__ZN8Security10CssmClient14AttachmentImpl12subserviceIdEm -Security:single module:__ZThn128_N8Security10CssmClient11SSCSPDLImpl5newDbEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient11SSCSPDLImpl5newDbEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient8SSDbImplC1ERKNS0_7SSCSPDLEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient8SSDbImplC4ERKNS0_7SSCSPDLEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient6DbImplC2ERKNS0_2DLEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient6DbImplC4ERKNS0_2DLEPKcPK16cssm_net_address -Security:single module:__ZN8Security12KeychainCore6gTypesEv -Security:single module:__ZN8Security12KeychainCore10SecCFTypesC1Ev -Security:single module:__ZN8Security12KeychainCore10SecCFTypesC4Ev -Security:single module:__ZN8Security12KeychainCore7CFClassC1EPKc -Security:single module:__ZN8Security12KeychainCore7CFClassC4EPKc -Security:single module:__ZN8Security12KeychainCore11SecCFObject8allocateEmm -Security:single module:__ZN8Security12KeychainCore12KeychainImplC1ERKNS_10CssmClient2DbE -Security:single module:__ZN8Security12KeychainCore12KeychainImplC4ERKNS_10CssmClient2DbE -Security:single module:__ZNK8Security17CssmSubserviceUidltERK19cssm_subservice_uid -Security:single module:__ZNK8Security17CssmSubserviceUideqERK19cssm_subservice_uid -Security:single module:__ZNKSs7compareERKSs -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC1ERKSt6vectorINS0_8KeychainESaIS3_EEmPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC4ERKSt6vectorINS0_8KeychainESaIS3_EEmPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore6Schema13recordTypeForEm -Security:single module:__ZN8Security12KeychainCore6Schema13attributeInfoEm -Security:single module:__ZN8Security13CssmAutoQuery3addEmRK22cssm_db_attribute_infoRKNS_12CssmPolyDataE -Security:single module:__ZN20DefaultCssmAllocator7reallocEPvm -Security:single module:__ZN8Security12KeychainCore4ItemC1Ev -Security:single module:__ZN8Security12KeychainCore4ItemC4Ev -Security:single module:__ZN8Security12KeychainCore12KCCursorImpl4nextERNS0_4ItemE -Security:single module:__ZN8Security10CssmClient12DbAttributesC1Ev -Security:single module:__ZN8Security10CssmClient12DbAttributesC4Ev -Security:single module:__ZThn20_N8Security10CssmClient8SSDbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient8SSDbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC1ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC4ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC2ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC4ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC2ERKNS0_6ObjectERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC4ERKNS0_6ObjectERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security13CssmAutoQueryC2ERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security13CssmAutoQueryC4ERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImpl4nextEPNS0_12DbAttributesEPNS_17CssmDataContainerERNS0_14DbUniqueRecordE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImpl4nextEPNS0_12DbAttributesEPNS_17CssmDataContainerERNS0_14DbUniqueRecordEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient14DbDbCursorImpl4nextEPNS0_12DbAttributesEPNS_17CssmDataContainerERNS0_14DbUniqueRecordE -Security:single module:__ZThn24_N8Security10CssmClient8SSDbImpl17newDbUniqueRecordEv -Security:single module:__ZN8Security10CssmClient8SSDbImpl17newDbUniqueRecordEv -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplC1ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplC4ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplC2ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplC4ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient6DbImpl8activateEv -Security:single module:__ZN8Security10CssmClient8SSDbImpl4openEv -Security:single module:__ZN8Security10CssmClient6DbImpl4openEv -Security:single module:__ZNK8Security10CssmClient14AttachmentImpl6moduleEv -Security:single module:__ZN8Security10CssmClient10ModuleImpl8activateEv -Security:single module:__ZNK8Security10CssmClient10ModuleImpl7sessionEv -Security:single module:__ZN8Security10CssmClient8CssmImpl8activateEv -Security:single module:_CSSM_Init -Security:single module:__ZN11CssmManagerC1Ev -Security:single module:__ZN11CssmManagerC4Ev -Security:single module:__ZN12MdsComponentC2ERKN8Security4GuidE -Security:single module:__ZN12MdsComponentC4ERKN8Security4GuidE -Security:single module:__ZN17AttachmentFactoryC2Ev -Security:single module:__ZN17AttachmentFactoryC4Ev -Security:single module:__ZN8Security12ModuleLoaderC1Ev -Security:single module:__ZN8Security12ModuleLoaderC4Ev -Security:single module:__ZN14AppleCSPPluginC1Ev -Security:single module:__ZN14AppleCSPPluginC4Ev -Security:single module:__ZN8Security10CssmPluginC2Ev -Security:single module:__ZN8Security10CssmPluginC4Ev -Security:single module:__ZN15CryptKitFactoryC1EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN15CryptKitFactoryC4EPN8Security13CssmAllocatorES2_ -Security:single module:_initCryptKit -Security:single module:_fallocRegister -Security:single module:__ZN13AscAlgFactoryC1EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN13AscAlgFactoryC4EPN8Security13CssmAllocatorES2_ -Security:single module:_comMallocRegister -Security:single module:__ZN15RSA_DSA_FactoryC1EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN15RSA_DSA_FactoryC4EPN8Security13CssmAllocatorES2_ -Security:single module:_CRYPTO_set_mem_functions -Security:single module:_CRYPTO_set_locked_mem_functions -Security:single module:_ERR_load_RSA_strings -Security:single module:_ERR_load_BN_strings -Security:single module:_ERR_load_DSA_strings -Security:single module:__ZN10DH_FactoryC1EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN10DH_FactoryC4EPN8Security13CssmAllocatorES2_ -Security:single module:_ERR_load_DH_strings -Security:single module:__ZN11AppleFileDLC1Ev -Security:single module:__ZN11AppleFileDLC4Ev -Security:single module:__ZN8Security20AppleDatabaseManagerC1EPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security20AppleDatabaseManagerC4EPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security15DatabaseManagerC2Ev -Security:single module:__ZN8Security15DatabaseManagerC4Ev -Security:single module:__ZN11CSPDLPluginC1Ev -Security:single module:__ZN11CSPDLPluginC4Ev -Security:single module:__ZN14SSCSPDLSessionC1Ev -Security:single module:__ZN14SSCSPDLSessionC4Ev -Security:single module:__ZN8Security7KeyPoolC2Ev -Security:single module:__ZN8Security7KeyPoolC4Ev -Security:single module:__ZN11AppleX509CLC1Ev -Security:single module:__ZN11AppleX509CLC4Ev -Security:single module:__ZN7AppleTPC1Ev -Security:single module:__ZN7AppleTPC4Ev -Security:single module:__ZN11CssmManager10initializeERK12cssm_versionmRKN8Security4GuidEmRm -Security:single module:__ZN11CssmManager12checkVersionERK12cssm_version -Security:single module:_CSSM_ModuleLoad -Security:single module:__ZN11CssmManager10loadModuleERKN8Security4GuidEmRKNS0_14ModuleCallbackE -Security:single module:__ZN12MdsComponentC1ERKN8Security4GuidE -Security:single module:__ZNK12MdsComponent7getInfoEv -Security:single module:__ZN12MdsComponent3MDSC1Ev -Security:single module:__ZN12MdsComponent3MDSC4Ev -Security:single module:__ZN8Security12ModuleLoaderclEPKc -Security:single module:__ZN6ModuleC1EP11CssmManagerRK12MdsComponentPN8Security6PluginE -Security:single module:__ZN6ModuleC4EP11CssmManagerRK12MdsComponentPN8Security6PluginE -Security:single module:__ZN8Security10CssmPlugin10moduleLoadERKNS_4GuidES3_RKNS_14ModuleCallbackE -Security:single module:__ZN8Security10CssmPlugin4loadEv -Security:single module:__ZN12MdsComponentD1Ev -Security:single module:__ZN12MdsComponentD4Ev -Security:single module:__ZN8Security17ModuleCallbackSet6insertERKNS_14ModuleCallbackE -Security:single module:__ZN8Security10CssmClient8CssmImpl9catchExitEv -Security:single module:__ZThn64_NK8Security10CssmClient9CSPDLImpl9allocatorEv -Security:single module:__ZNK8Security10CssmClient9CSPDLImpl9allocatorEv -Security:single module:__ZNK8Security10CssmClient10ObjectImpl9allocatorEv -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctionsC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctionsC4ERNS_13CssmAllocatorE -Security:single module:_CSSM_ModuleAttach -Security:single module:__ZN11CssmManager9getModuleERKN8Security4GuidE -Security:single module:__ZN6Module6attachERK12cssm_versionmmRK17cssm_memory_funcsmmP19cssm_func_name_addrm -Security:single module:__ZNK17AttachmentFactory18attachmentMakerForEm -Security:single module:__ZN10AttachmentC2EP6ModuleRK12cssm_versionmmRK17cssm_memory_funcsmm -Security:single module:__ZN10AttachmentC4EP6ModuleRK12cssm_versionmmRK17cssm_memory_funcsmm -Security:single module:__ZN8Security12HandleObject5StateC1Ev -Security:single module:__ZN8Security12HandleObject5StateC4Ev -Security:single module:__ZN8Security10CssmPlugin12moduleAttachEmRKNS_4GuidES3_S3_S3_RK12cssm_versionmmmmRK12cssm_upcallsRP17cssm_module_funcs -Security:single module:__ZN11CSPDLPlugin11makeSessionEmRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN11SSDLSessionC1EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsRN8Security15DatabaseManagerER14SSCSPDLSession -Security:single module:__ZN11SSDLSessionC4EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsRN8Security15DatabaseManagerER14SSCSPDLSession -Security:single module:__ZN8Security15DLPluginSessionC2EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcallsRNS_15DatabaseManagerE -Security:single module:__ZN8Security15DLPluginSessionC4EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcallsRNS_15DatabaseManagerE -Security:single module:__ZN8Security13PluginSessionC2EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security13PluginSessionC4EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security15DatabaseSessionC2ERNS_15DatabaseManagerE -Security:single module:__ZN8Security15DatabaseSessionC4ERNS_15DatabaseManagerE -Security:single module:__ZN8Security10CssmClient6DLImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security14SecurityServer13ClientSessionC1ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security10CssmClient10ObjectImpl9allocatorERNS_13CssmAllocatorE -Security:single module:__ZN8Security15DLPluginSession9constructEv -Security:single module:_CSSM_DL_DbOpen -Security:single module:__Z11cssm_DbOpenmPKcPK16cssm_net_addressmPK23cssm_access_credentialsPKvPm -Security:single module:__ZThn40_N11SSDLSession6DbOpenEPKcPK16cssm_net_addressmPKN8Security17AccessCredentialsEPKvRm -Security:single module:__ZN11SSDLSession6DbOpenEPKcPK16cssm_net_addressmPKN8Security17AccessCredentialsEPKvRm -Security:single module:__ZN14SSDatabaseImplC1ERN8Security14SecurityServer13ClientSessionERKNS0_10CssmClient2DLEPKcPK16cssm_net_address -Security:single module:__ZN14SSDatabaseImplC4ERN8Security14SecurityServer13ClientSessionERKNS0_10CssmClient2DLEPKcPK16cssm_net_address -Security:single module:__ZN14SSDatabaseImpl4openERKN8Security14DLDbIdentifierE -Security:single module:__ZN11AppleFileDL11makeSessionEmRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security15DLPluginSessionC1EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcallsRNS_15DatabaseManagerE -Security:single module:__ZN8Security15DatabaseSession6DbOpenEPKcPK16cssm_net_addressmPKNS_17AccessCredentialsEPKvRm -Security:single module:__ZN8Security15DatabaseManager6dbOpenERNS_15DatabaseSessionERKNS_6DbNameEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security15DatabaseManager3getERKNS_6DbNameE -Security:single module:__ZN8Security20AppleDatabaseManager4makeERKNS_6DbNameE -Security:single module:__ZN8Security13AppleDatabaseC1ERKNS_6DbNameEPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security13AppleDatabaseC4ERKNS_6DbNameEPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security8DatabaseC2ERKNS_6DbNameE -Security:single module:__ZN8Security8DatabaseC4ERKNS_6DbNameE -Security:single module:__ZN8Security6DbNameC1ERKS0_ -Security:single module:__ZN8Security6DbNameC4ERKS0_ -Security:single module:__ZN8Security10AtomicFileC1ERKSs -Security:single module:__ZN8Security10AtomicFileC4ERKSs -Security:single module:__ZN8Security10AtomicFile9pathSplitERKSsRSsS3_ -Security:single module:__ZNKSs5rfindEcm -Security:single module:__ZN8Security10DbModifierC1ERNS_10AtomicFileERKNS_13AppleDatabaseE -Security:single module:__ZN8Security10DbModifierC4ERNS_10AtomicFileERKNS_13AppleDatabaseE -Security:single module:__ZN8Security6DbNameD1Ev -Security:single module:__ZN8Security6DbNameD4Ev -Security:single module:__ZN8Security8Database7_dbOpenERNS_15DatabaseSessionEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security13AppleDatabase13makeDbContextERNS_15DatabaseSessionEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security14AppleDbContextC1ERNS_8DatabaseERNS_15DatabaseSessionEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security14AppleDbContextC4ERNS_8DatabaseERNS_15DatabaseSessionEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security9DbContextC2ERNS_8DatabaseERNS_15DatabaseSessionEmPK23cssm_access_credentials -Security:single module:__ZN8Security9DbContextC4ERNS_8DatabaseERNS_15DatabaseSessionEmPK23cssm_access_credentials -Security:single module:__ZN8Security13AppleDatabase6dbOpenERNS_9DbContextE -Security:single module:__ZN8Security10DbModifier12openDatabaseEv -Security:single module:__ZN8Security10DbModifier6commitEv -Security:single module:__ZN8Security10DbModifier12getDbVersionEv -Security:single module:__ZN8Security10AtomicFile4readEv -Security:single module:__ZN8Security18AtomicBufferedFileC1ERKSs -Security:single module:__ZN8Security18AtomicBufferedFileC4ERKSs -Security:single module:__ZN8Security18AtomicBufferedFile4openEv -Security:single module:__ZN8Security10AtomicFile5ropenEPKcit -Security:single module:__ZN8Security9DbVersionC1ERKNS_13AppleDatabaseERKNS_10RefPointerINS_18AtomicBufferedFileEEE -Security:single module:__ZN8Security9DbVersionC4ERKNS_13AppleDatabaseERKNS_10RefPointerINS_18AtomicBufferedFileEEE -Security:single module:__ZN8Security18AtomicBufferedFile4readExxRx -Security:single module:__ZN8Security18AtomicBufferedFile5closeEv -Security:single module:__ZN8Security10AtomicFile6rcloseEi -Security:single module:__ZN8Security9DbVersion4openEv -Security:single module:__ZN8Security5TableC1ERKNS_11ReadSectionE -Security:single module:__ZN8Security5TableC4ERKNS_11ReadSectionE -Security:single module:__ZN8Security10MetaRecordC1Em -Security:single module:__ZN8Security10MetaRecordC4Em -Security:single module:__ZN8Security9DbVersion9findTableEm -Security:single module:__ZN8Security10MetaRecord22setRecordAttributeInfoERK29cssm_db_record_attribute_info -Security:single module:__ZN8Security10MetaRecord15createAttributeEPKSsPKNS_8CssmDataEmm -Security:single module:__ZN8Security13MetaAttribute6createEmmm -Security:single module:__ZNK8Security5Table17getRecordsSectionEv -Security:single module:__ZNK8Security10MetaRecord12unpackRecordERKNS_11ReadSectionERNS_13CssmAllocatorEP29cssm_db_record_attribute_dataPNS_8CssmDataEm -Security:single module:__ZNK8Security10MetaRecord13metaAttributeERK22cssm_db_attribute_info -Security:single module:__ZNK8Security10MetaRecord14attributeIndexERK22cssm_db_attribute_info -Security:single module:__ZNK8Security13MetaAttribute15unpackAttributeERKNS_11ReadSectionERNS_13CssmAllocatorERmRP9cssm_data -Security:single module:__ZNK8Security13MetaAttribute20unpackNumberOfValuesERKNS_11ReadSectionERmS4_ -Security:single module:__ZN8Security11UInt32ValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11UInt32ValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11UInt32ValueD1Ev -Security:single module:__ZN8Security11UInt32ValueD4Ev -Security:single module:__ZN8Security7DbValueD2Ev -Security:single module:__ZN8Security7DbValueD4Ev -Security:single module:__ZN8Security11StringValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11StringValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security9BlobValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security9BlobValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11StringValueD1Ev -Security:single module:__ZN8Security11StringValueD4Ev -Security:single module:__ZN8Security9BlobValueD2Ev -Security:single module:__ZN8Security9BlobValueD4Ev -Security:single module:__ZN8Security17TrackingAllocatorD1Ev -Security:single module:__ZN8Security17TrackingAllocatorD4Ev -Security:single module:__ZN8Security13CssmAllocatorD2Ev -Security:single module:__ZN8Security13CssmAllocatorD4Ev -Security:single module:__ZNSsC1EPKcmRKSaIcE -Security:single module:__ZNSsC4EPKcmRKSaIcE -Security:single module:__ZN8Security5Table16readIndexSectionEv -Security:single module:__ZN8Security12DbConstIndexC1ERKNS_5TableERKNS_11ReadSectionE -Security:single module:__ZN8Security12DbConstIndexC4ERKNS_5TableERKNS_11ReadSectionE -Security:single module:__ZN8Security7DbIndexC2ERKNS_10MetaRecordEmb -Security:single module:__ZN8Security7DbIndexC4ERKNS_10MetaRecordEmb -Security:single module:__ZN8Security7DbIndex15appendAttributeEm -Security:single module:__ZN8Security15DatabaseSession15insertDbContextERNS_9DbContextE -Security:single module:__ZN14SSDatabaseImpl11getDbBlobIdEPN8Security17CssmDataContainerE -Security:single module:__ZThn20_N8Security10CssmClient6DbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient6DbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC1ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC4ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC2ERKNS0_6ObjectEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC4ERKNS0_6ObjectEmRNS_13CssmAllocatorE -Security:single module:__ZThn24_N14SSDatabaseImpl17newDbUniqueRecordEv -Security:single module:__ZN14SSDatabaseImpl17newDbUniqueRecordEv -Security:single module:__ZN18SSUniqueRecordImplC1ERK10SSDatabase -Security:single module:__ZN18SSUniqueRecordImplC4ERK10SSDatabase -Security:single module:_CSSM_DL_DataGetFirst -Security:single module:__Z17cssm_DataGetFirst17cssm_dl_db_handlePK10cssm_queryPmP29cssm_db_record_attribute_dataP9cssm_dataPP21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession12DataGetFirstEmPKNS_7DLQueryEP29cssm_db_record_attribute_dataPNS_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession13findDbContextEm -Security:single module:__ZN8Security13AppleDatabase12dataGetFirstERNS_9DbContextEPKNS_7DLQueryEP29cssm_db_record_attribute_dataPNS_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN8Security10DbModifier12createCursorEPK10cssm_query -Security:single module:__ZN8Security18AtomicBufferedFileD1Ev -Security:single module:__ZN8Security18AtomicBufferedFileD4Ev -Security:single module:__ZNK8Security9DbVersion12createCursorEPK10cssm_query -Security:single module:__ZNK8Security9DbVersion9findTableEm -Security:single module:__ZNK8Security5Table12createCursorEPK10cssm_queryRKNS_9DbVersionE -Security:single module:__ZN8Security12LinearCursorC1EPK10cssm_queryRKNS_9DbVersionERKNS_5TableE -Security:single module:__ZN8Security12LinearCursorC4EPK10cssm_queryRKNS_9DbVersionERKNS_5TableE -Security:single module:__ZN8Security12LinearCursor4nextERmP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorERNS_8RecordIdE -Security:single module:__ZThn44_N8Security15DLPluginSession6mallocEm -Security:single module:__ZN8Security15DLPluginSession6mallocEm -Security:single module:__ZN8Security13PluginSession6mallocEm -Security:single module:__ZN10Attachment12upcallMallocEmm -Security:single module:__ZN8Security12HandleObject5State4findEml -Security:single module:__ZN8Security13AppleDatabase18createUniqueRecordERNS_9DbContextEmRKNS_8RecordIdE -Security:single module:__ZN8Security13AppleDatabase18updateUniqueRecordERNS_9DbContextEmRKNS_8RecordIdER21cssm_db_unique_record -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImpl8activateEv -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplD0Ev -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplD4Ev -Security:single module:__ZN8Security10CssmClient14DbDbCursorImpl10deactivateEv -Security:single module:_CSSM_DL_DataAbortQuery -Security:single module:__Z19cssm_DataAbortQuery17cssm_dl_db_handlem -Security:single module:__ZN8Security15DatabaseSession14DataAbortQueryEmm -Security:single module:__ZN8Security13AppleDatabase14dataAbortQueryERNS_9DbContextEm -Security:single module:__ZN8Security12LinearCursorD0Ev -Security:single module:__ZN8Security12LinearCursorD4Ev -Security:single module:__ZN8Security6CursorD2Ev -Security:single module:__ZN8Security6CursorD4Ev -Security:single module:__ZN8Security13CssmAutoQueryD2Ev -Security:single module:__ZN8Security13CssmAutoQueryD4Ev -Security:single module:__ZN8Security13CssmAutoQuery5clearEv -Security:single module:__ZN18SSUniqueRecordImplD0Ev -Security:single module:__ZN18SSUniqueRecordImplD4Ev -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplD2Ev -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplD4Ev -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImpl10deactivateEv -Security:single module:_CSSM_DL_FreeUniqueRecord -Security:single module:__Z21cssm_FreeUniqueRecord17cssm_dl_db_handleP21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession16FreeUniqueRecordEmR21cssm_db_unique_record -Security:single module:__ZN8Security13AppleDatabase16freeUniqueRecordERNS_9DbContextER21cssm_db_unique_record -Security:single module:__ZThn44_N8Security15DLPluginSession4freeEPv -Security:single module:__ZN8Security15DLPluginSession4freeEPv -Security:single module:__ZN10Attachment10upcallFreeEmPv -Security:single module:__ZN8Security14SecurityServer13ClientSession8decodeDbERKNS_14DLDbIdentifierEPKNS_17AccessCredentialsERKNS_8CssmDataE -Security:single module:__ZN8Security25DatabaseAccessCredentialsC1EPKNS_17AccessCredentialsERNS_13CssmAllocatorE -Security:single module:__ZN8Security25DatabaseAccessCredentialsC4EPKNS_17AccessCredentialsERNS_13CssmAllocatorE -Security:single module:_ucsp_client_decodeDb -Security:single module:__ZN8Security9ObjectAclC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security9ObjectAclC4ERNS_13CssmAllocatorE -Security:single module:__Z30__MIG_check__Reply__decodeDb_tP19__Reply__decodeDb_t -Security:single module:__ZN11SSDLSession12makeDbHandleER10SSDatabase -Security:single module:__ZThn40_N11SSDLSession12DataGetFirstEmPKN8Security7DLQueryEP29cssm_db_record_attribute_dataPNS0_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN11SSDLSession12DataGetFirstEmPKN8Security7DLQueryEP29cssm_db_record_attribute_dataPNS0_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN11SSDLSession12findDbHandleEm -Security:single module:__ZNK8Security12DbConstIndex12matchesQueryERK10cssm_queryRPNS_10DbQueryKeyE -Security:single module:__Znam -Security:single module:__ZN8Security10DbQueryKeyC1ERKNS_12DbConstIndexE -Security:single module:__ZN8Security10DbQueryKeyC4ERKNS_12DbConstIndexE -Security:single module:__ZN8Security9BlobValueC1ERK9cssm_data -Security:single module:__ZN8Security9BlobValueC4ERK9cssm_data -Security:single module:__ZNK8Security9BlobValue4packERNS_12WriteSectionERm -Security:single module:__ZN8Security9BlobValueD1Ev -Security:single module:__ZdaPv -Security:single module:__ZN8Security11IndexCursorC1EPNS_10DbQueryKeyERKNS_9DbVersionERKNS_5TableEPKNS_12DbConstIndexE -Security:single module:__ZN8Security11IndexCursorC4EPNS_10DbQueryKeyERKNS_9DbVersionERKNS_5TableEPKNS_12DbConstIndexE -Security:single module:__ZNK8Security12DbConstIndex12performQueryERKNS_10DbQueryKeyERPKNS_6EndianImEES8_ -Security:single module:__ZNK8Security15DbKeyComparatorclEmm -Security:single module:__ZN8Security9BlobValueC1ERKNS_11ReadSectionERm -Security:single module:__ZNK8Security9BlobValue8evaluateERKS0_m -Security:single module:__ZN8Security9BlobValue8evaluateERKNS_8CssmDataES3_mNS0_10ComparatorE -Security:single module:__ZN8Security9BlobValue10ComparatorclEPKhS3_m -Security:single module:__ZN8Security9BlobValue10ComparatorD1Ev -Security:single module:__ZN8Security9BlobValue10ComparatorD4Ev -Security:single module:__ZN8Security9BlobValueD0Ev -Security:single module:__ZN8Security11IndexCursor4nextERmP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorERNS_8RecordIdE -Security:single module:__ZNK8Security12DbConstIndex16getRecordSectionEPKNS_6EndianImEE -Security:single module:__ZNK8Security5Table16getRecordSectionEm -Security:single module:__ZN11SSDLSession18makeSSUniqueRecordER14SSUniqueRecord -Security:single module:__ZN11SSDLSession18createUniqueRecordEm -Security:single module:__ZN8Security12KeychainCore12KeychainImpl4itemEmRNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl14makePrimaryKeyEmRNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security10CssmClient12DbAttributesC1ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbAttributesC4ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl26gatherPrimaryKeyAttributesERNS_10CssmClient12DbAttributesE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl18primaryKeyInfosForEm -Security:single module:__ZN8Security12KeychainCore12KeychainImpl14keychainSchemaEv -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplC1ERKNS_10CssmClient2DbE -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplC4ERKNS_10CssmClient2DbE -Security:single module:__ZThn20_N8Security10CssmClient8SSDbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient8SSDbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC1ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC4ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC2ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeData3addERK22cssm_db_attribute_info -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeData21getAttributeReferenceERK22cssm_db_attribute_info -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeData13findAttributeERK22cssm_db_attribute_info -Security:single module:__ZN8Security19CssmDbAttributeData12deleteValuesERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplD0Ev -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplD4Ev -Security:single module:__ZN8Security18SelectionPredicateC1ERKNS_10MetaRecordERK24cssm_selection_predicate -Security:single module:__ZN8Security18SelectionPredicateC4ERKNS_10MetaRecordERK24cssm_selection_predicate -Security:single module:__ZN8Security11UInt32ValueC1ERK9cssm_data -Security:single module:__ZN8Security11UInt32ValueC4ERK9cssm_data -Security:single module:__ZNK8Security18SelectionPredicate8evaluateERKNS_11ReadSectionE -Security:single module:_CSSM_DL_DataGetNext -Security:single module:__Z16cssm_DataGetNext17cssm_dl_db_handlemP29cssm_db_record_attribute_dataP9cssm_dataPP21cssm_db_unique_record -Security:single module:__ZThn40_N11SSDLSession11DataGetNextEmmP29cssm_db_record_attribute_dataPN8Security8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN11SSDLSession11DataGetNextEmmP29cssm_db_record_attribute_dataPN8Security8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession11DataGetNextEmmP29cssm_db_record_attribute_dataPNS_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN8Security13AppleDatabase11dataGetNextERNS_9DbContextEmP29cssm_db_record_attribute_dataPNS_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZThn40_N11SSDLSession16FreeUniqueRecordEmR21cssm_db_unique_record -Security:single module:__ZN11SSDLSession16FreeUniqueRecordEmR21cssm_db_unique_record -Security:single module:__ZN11SSDLSession18killSSUniqueRecordER21cssm_db_unique_record -Security:single module:__ZN11SSDLSession17parseUniqueRecordERK21cssm_db_unique_record -Security:single module:__ZN11SSDLSession16freeUniqueRecordER21cssm_db_unique_record -Security:single module:__ZN8Security18SelectionPredicateD1Ev -Security:single module:__ZN8Security18SelectionPredicateD4Ev -Security:single module:__ZN8Security11UInt32ValueD0Ev -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeDataD2Ev -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeDataD4Ev -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeData5clearEv -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplD2Ev -Security:single module:__Z21CompareAttributeInfosRK22cssm_db_attribute_infoS1_ -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl18primaryKeyInfosForEm -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl3getEPNS0_12DbAttributesEPNS_17CssmDataContainerE -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl3getEPNS0_12DbAttributesEPNS_17CssmDataContainerEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImpl3getEPNS0_12DbAttributesEPNS_17CssmDataContainerE -Security:single module:_CSSM_DL_DataGetFromUniqueRecordId -Security:single module:__Z30cssm_DataGetFromUniqueRecordId17cssm_dl_db_handlePK21cssm_db_unique_recordP29cssm_db_record_attribute_dataP9cssm_data -Security:single module:__ZThn40_N11SSDLSession25DataGetFromUniqueRecordIdEmRK21cssm_db_unique_recordP29cssm_db_record_attribute_dataPN8Security8CssmDataE -Security:single module:__ZN11SSDLSession25DataGetFromUniqueRecordIdEmRK21cssm_db_unique_recordP29cssm_db_record_attribute_dataPN8Security8CssmDataE -Security:single module:__ZN11SSDLSession18findSSUniqueRecordERK21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession25DataGetFromUniqueRecordIdEmRK21cssm_db_unique_recordP29cssm_db_record_attribute_dataPNS_8CssmDataE -Security:single module:__ZN8Security13AppleDatabase25dataGetFromUniqueRecordIdERNS_9DbContextERK21cssm_db_unique_recordP29cssm_db_record_attribute_dataPNS_8CssmDataE -Security:single module:__ZN8Security13AppleDatabase17parseUniqueRecordERK21cssm_db_unique_recordRm -Security:single module:__ZN8Security10DbModifier9getRecordEmRKNS_8RecordIdEP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZNK8Security9DbVersion9getRecordEmRKNS_8RecordIdEP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZNK8Security5Table9getRecordERKNS_8RecordIdEP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC1ERKNS_10CssmClient12DbAttributesE -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC4ERKNS_10CssmClient12DbAttributesE -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImpl9putUInt32ERPhm -Security:single module:__ZN8Security12KeychainCore4ItemC1ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore4ItemC4ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZNK8Security12KeychainCore14PrimaryKeyImpl10recordTypeEv -Security:single module:__ZNK8Security12KeychainCore14PrimaryKeyImpl9getUInt32ERPhRm -Security:single module:__ZN8Security12KeychainCore8ItemImplC1ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore8ItemImplC4ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl7addItemERKNS0_10PrimaryKeyEPNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore11SecCFObject6handleEb -Security:single module:__ZN8Security12KeychainCore7CFClass12finalizeTypeEPKv -Security:single module:__ZN8Security12KeychainCore11SecCFObject8optionalEPKv -Security:single module:__ZN8Security12KeychainCore12KCCursorImplD1Ev -Security:single module:__ZN8Security12KeychainCore12KCCursorImplD4Ev -Security:single module:__ZThn40_N11SSDLSession14DataAbortQueryEmm -Security:single module:__ZN11SSDLSession14DataAbortQueryEmm -Security:single module:__ZN8Security11IndexCursorD0Ev -Security:single module:__ZN8Security11IndexCursorD4Ev -Security:single module:__ZN8Security12KeychainCore11SecCFObjectD2Ev -Security:single module:__ZN8Security12KeychainCore11SecCFObjectD4Ev -Security:single module:__ZN8Security12KeychainCore12KeychainImplD1Ev -Security:single module:__ZN8Security12KeychainCore12KeychainImplD4Ev -Security:single module:__ZNK8Security10CssmClient6DbImpl14dlDbIdentifierEv -Security:single module:__ZNK8Security10CssmClient14AttachmentImpl13subserviceUidEv -Security:single module:__ZThn64_NK8Security10CssmClient9CSPDLImpl14subserviceMaskEv -Security:single module:__ZNK8Security10CssmClient9CSPDLImpl14subserviceMaskEv -Security:single module:__ZN8Security12KeychainCore14StorageManager14removeKeychainERKNS_14DLDbIdentifierEPNS0_12KeychainImplE -Security:single module:__ZN8Security10CssmClient8SSDbImplD0Ev -Security:single module:__ZN8Security10CssmClient8SSDbImplD4Ev -Security:single module:__ZN8Security10CssmClient6DbImplD2Ev -Security:single module:__ZN8Security10CssmClient6DbImplD4Ev -Security:single module:__ZN8Security10CssmClient6DbImpl10deactivateEv -Security:single module:__ZThn64_N8Security10CssmClient11SSCSPDLImplD0Ev -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplD0Ev -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplD4Ev -Security:single module:__ZN8Security10CssmClient9CSPDLImplD2Ev -Security:single module:__ZN8Security10CssmClient9CSPDLImplD4Ev -Security:single module:__ZN8Security10CssmClient6DLImplD2Ev -Security:single module:__ZN8Security10CssmClient6DLImplD4Ev -Security:single module:__ZN8Security10CssmClient14AttachmentImplD2Ev -Security:single module:__ZN8Security10CssmClient14AttachmentImplD4Ev -Security:single module:__ZN8Security10CssmClient14AttachmentImpl10deactivateEv -Security:single module:__ZN8Security10CssmClient7CSPImplD2Ev -Security:single module:__ZN8Security10CssmClient7CSPImplD4Ev -Security:single module:__ZN8Security10CssmClient10ModuleImplD0Ev -Security:single module:__ZN8Security10CssmClient10ModuleImplD4Ev -Security:single module:__ZN8Security10CssmClient10ModuleImpl10deactivateEv -Security:single module:_SecKeychainItemCopyContent -Security:single module:__ZN8Security12KeychainCore11SecCFObject8requiredEPKvl -Security:single module:__ZN8Security12KeychainCore4ItemC1EPNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore4ItemC4EPNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore8ItemImpl10getContentEPmP24SecKeychainAttributeListS2_PPv -Security:single module:__ZN8Security12KeychainCore8ItemImpl14dbUniqueRecordEv -Security:single module:__ZNK8Security12KeychainCore8ItemImpl12isPersistantEv -Security:single module:__ZN8Security12KeychainCore8ItemImpl10getContentEPNS_10CssmClient12DbAttributesEPNS_17CssmDataContainerE -Security:single module:__ZN8Security12KeychainCore8ItemImpl16useSecureStorageERKNS_10CssmClient2DbE -Security:single module:__ZNK8Security12KeychainCore8ItemImpl10recordTypeEv -Security:single module:__ZN8Security12KeychainCore7Globals11credentialsEv -Security:single module:__ZNK8Security10CssmClient10AclFactory10promptCredEv -Security:single module:__ZN8Security10CssmClient7StaticsC1Ev -Security:single module:__ZN8Security10CssmClient7StaticsC4Ev -Security:single module:__ZN8Security15AutoCredentialsC1ERNS_13CssmAllocatorEm -Security:single module:__ZN8Security15AutoCredentialsC4ERNS_13CssmAllocatorEm -Security:single module:__ZN8Security15AutoCredentials4initEv -Security:single module:__ZN8Security15AutoCredentials9getSampleEm -Security:single module:__ZN8Security9TypedListC1ERNS_13CssmAllocatorEl -Security:single module:__ZN8Security9TypedListC4ERNS_13CssmAllocatorEl -Security:single module:__ZN8Security11ListElementC1El -Security:single module:__ZN8Security11ListElementC4El -Security:single module:__ZN8Security8CssmList6appendEPNS_11ListElementE -Security:single module:__ZN8Security11ListElementC1ERKNS_8CssmListE -Security:single module:__ZN8Security11ListElementC4ERKNS_8CssmListE -Security:single module:__ZN8Security9TypedListC1ERNS_13CssmAllocatorElPNS_11ListElementE -Security:single module:__ZN8Security9TypedListC4ERNS_13CssmAllocatorElPNS_11ListElementE -Security:single module:__ZN8Security10CssmClient11SSGroupImpl7isGroupERK9cssm_data -Security:single module:__ZN8Security10CssmClient11SSGroupImplC1ERKNS0_4SSDbERK9cssm_data -Security:single module:__ZN8Security10CssmClient11SSGroupImplC4ERKNS0_4SSDbERK9cssm_data -Security:single module:__ZN8Security10CssmClient7KeyImplC2ERKNS0_3CSPE -Security:single module:__ZN8Security10CssmClient7KeyImplC4ERKNS0_3CSPE -Security:single module:__ZN5SSKeyC1ER11SSDLSessionRN8Security7CssmKeyER10SSDatabaseRK14SSUniqueRecordmRNS2_8CssmDataE -Security:single module:__ZN5SSKeyC4ER11SSDLSessionRN8Security7CssmKeyER10SSDatabaseRK14SSUniqueRecordmRNS2_8CssmDataE -Security:single module:__ZN8Security13ReferencedKeyC2ERNS_7KeyPoolE -Security:single module:__ZN8Security13ReferencedKeyC4ERNS_7KeyPoolE -Security:single module:__ZN8Security7KeyPool3addERNS_13ReferencedKeyE -Security:single module:__ZN8Security13ReferencedKey12keyReferenceEv -Security:single module:__ZNK18SSUniqueRecordImpl8databaseEv -Security:single module:__ZNK8Security14CssmDLPolyDatacv9cssm_dateEv -Security:single module:__ZN8Security13ReferencedKey16makeReferenceKeyERNS_13CssmAllocatorEmR8cssm_key -Security:single module:__ZN8Security10CssmClient7KeyImpl8activateEv -Security:single module:__ZN8Security10CssmClient11SSGroupImpl14decodeDataBlobERK9cssm_dataPK23cssm_access_credentialsRNS_13CssmAllocatorERS2_ -Security:single module:__ZN8Security10CssmClient5CryptC2ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient5CryptC4ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient5Crypt3keyERKNS0_3KeyE -Security:single module:__ZN8Security10CssmClient5Crypt4credEPKNS_17AccessCredentialsE -Security:single module:__ZN8Security10CssmClient7Decrypt7decryptEPKNS_8CssmDataEmPS2_m -Security:single module:__ZN8Security10CssmClient7Decrypt4initEv -Security:single module:__ZN8Security10CssmClient5Crypt8activateEv -Security:single module:__ZNK10__cxxabiv117__class_type_info12__do_dyncastEiNS0_10__sub_kindEPKS0_PKvS3_S5_RNS0_16__dyncast_resultE -Security:single module:__ZN12SSCSPSessionC1EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsR14SSCSPDLSessionRN8Security10CssmClient3CSPE -Security:single module:__ZN12SSCSPSessionC4EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsR14SSCSPDLSessionRN8Security10CssmClient3CSPE -Security:single module:__ZN8Security16CSPPluginSession9constructEv -Security:single module:_CSSM_CSP_CreateSymmetricContext -Security:single module:__ZN8Security11ListElement4listEv -Security:single module:__ZN8Security11ListElement4lastEv -Security:single module:__ZN12SSCSPSession13contextCreateEyRKN8Security7ContextE -Security:single module:_CSSM_DecryptDataInit -Security:single module:__Z20cssm_DecryptDataInitmyPK12cssm_contexty -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15DecryptDataInitEyRKNS_7ContextEy -Security:single module:__ZN8Security20CSPFullPluginSession15DecryptDataInitEyRKNS_7ContextEy -Security:single module:__ZN12SSCSPSession12setupContextERPN8Security20CSPFullPluginSession10CSPContextERKNS0_7ContextEb -Security:single module:__ZN9SSFactory5setupER12SSCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextEb -Security:single module:__ZN14SSCryptContextC1ER12SSCSPSession -Security:single module:__ZN14SSCryptContextC4ER12SSCSPSession -Security:single module:__ZN9SSContextC2ER12SSCSPSession -Security:single module:__ZN9SSContextC4ER12SSCSPSession -Security:single module:__ZN14SSCryptContext4initERKN8Security7ContextEb -Security:single module:__ZN9SSContext4initERKN8Security7ContextEb -Security:single module:__ZN9SSContext11clearOutBufEv -Security:single module:__ZN8Security7Context4findEmPK22cssm_context_attributej -Security:single module:__ZN12SSCSPSession9lookupKeyERKN8Security7CssmKeyE -Security:single module:__ZN14SSCSPDLSession9lookupKeyERKN8Security7CssmKeyE -Security:single module:__ZNK8Security7KeyPool7findKeyERK8cssm_key -Security:single module:__ZN8Security13ReferencedKey12keyReferenceERK8cssm_key -Security:single module:__ZNK8Security7KeyPool16findKeyReferenceEm -Security:single module:__ZN5SSKey9keyHandleEv -Security:single module:__ZN5SSKey13clientSessionEv -Security:single module:__ZN14SSDatabaseImpl8dbHandleEv -Security:single module:__ZN8Security14SecurityServer13ClientSession9decodeKeyEmRKNS_8CssmDataERNS_7CssmKey6HeaderE -Security:single module:_ucsp_client_decodeKey -Security:single module:__ZN8Security4n2hiERNS_7CssmKey6HeaderE -Security:single module:__Z31__MIG_check__Reply__decodeKey_tP20__Reply__decodeKey_t -Security:single module:_CSSM_DecryptDataUpdate -Security:single module:__Z22cssm_DecryptDataUpdatemyPK9cssm_datamPS_mPm -Security:single module:__ZThn40_N8Security20CSPFullPluginSession17DecryptDataUpdateEyPKNS_8CssmDataEmPS1_mRm -Security:single module:__ZN8Security20CSPFullPluginSession17DecryptDataUpdateEyPKNS_8CssmDataEmPS1_mRm -Security:single module:__ZN8Security20CSPFullPluginSession6WriterC1EPNS_8CssmDataEmS3_ -Security:single module:__ZN8Security20CSPFullPluginSession6WriterC4EPNS_8CssmDataEmS3_ -Security:single module:__ZN14SSCryptContext10outputSizeEbm -Security:single module:__ZN8Security20CSPFullPluginSession6Writer8allocateEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security20CSPFullPluginSession10makeBufferEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext6updateEPKNS_8CssmDataEmRNS0_6WriterE -Security:single module:__ZN8Security20CSPFullPluginSession6Writer9nextBlockERPvRm -Security:single module:__ZN14SSCryptContext9inputSizeEm -Security:single module:__ZN14SSCryptContext6updateEPvRmS0_S1_ -Security:single module:__ZN8Security20CSPFullPluginSession6Writer3useEm -Security:single module:__ZN8Security20CSPFullPluginSession6Writer5closeEv -Security:single module:__ZN8Security10CssmClient7Decrypt5finalERNS_8CssmDataE -Security:single module:_CSSM_DecryptDataFinal -Security:single module:__Z21cssm_DecryptDataFinalmyP9cssm_data -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16DecryptDataFinalEyRNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession16DecryptDataFinalEyRNS_8CssmDataE -Security:single module:__ZN9SSContext13clientSessionEv -Security:single module:__ZN8Security14SecurityServer13ClientSession7decryptERKNS_7ContextEmRKNS_8CssmDataERS5_RNS_13CssmAllocatorE -Security:single module:__ZN8Security11SendContextC1ERKNS_7ContextE -Security:single module:__ZN8Security11SendContextC4ERKNS_7ContextE -Security:single module:_ucsp_client_decrypt -Security:single module:__ZN8Security10CssmClient7Decrypt7decryptEPKNS_8CssmDataEmPS2_mRS2_ -Security:single module:_CSSM_DecryptData -Security:single module:__Z16cssm_DecryptDatamyPK12cssm_contextPK9cssm_datamPS2_mPmS5_y -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11DecryptDataEyRKNS_7ContextEPKNS_8CssmDataEmPS4_mRmRS4_y -Security:single module:__ZN8Security20CSPFullPluginSession11DecryptDataEyRKNS_7ContextEPKNS_8CssmDataEmPS4_mRmRS4_y -Security:single module:__ZN11DES3Context4initERKN8Security7ContextEb -Security:single module:__ZN15AppleCSPContext16symmetricKeyBitsERKN8Security7ContextEmmRPhRm -Security:single module:_cspValidateIntendedKeyUsage -Security:single module:_cspValidateKeyUsageBits -Security:single module:_cspVerifyKeyTimes -Security:single module:__Z17cspGetUniformDateRK9cssm_date -Security:single module:_desinit -Security:single module:_dessetkey -Security:single module:__ZN12BlockCryptor5setupEmRKN8Security7ContextE -Security:single module:__ZN12BlockCryptor5setupEmmbbNS_7BC_ModeEPKN8Security8CssmDataE -Security:single module:__ZN12BlockCryptor10outputSizeEbm -Security:single module:__ZN12BlockCryptor9inputSizeEm -Security:single module:__ZN12BlockCryptor6updateEPvRmS0_S1_ -Security:single module:__ZN11DES3Context12decryptBlockEPKvPvRmb -Security:single module:_dedes -Security:single module:_permute -Security:single module:_round -Security:single module:_endes -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext5finalERNS0_6WriterERNS_13CssmAllocatorE -Security:single module:__ZN12BlockCryptor5finalERN8Security8CssmDataE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataEPS3_ -Security:single module:_CSSM_UnwrapKey -Security:single module:__Z14cssm_UnwrapKeymyPK12cssm_contextPK8cssm_keyS4_mmPK9cssm_dataPK29cssm_resource_control_contextPS2_PS5_y -Security:single module:__ZN15AppleCSPSession9UnwrapKeyEyRKN8Security7ContextEPKNS0_7CssmKeyERS5_mmPKNS0_8CssmDataEPK29cssm_resource_control_contextRS4_RS8_y -Security:single module:_cspParseKeyAttr -Security:single module:_cspValidateKeyAttr -Security:single module:_setKeyHeader -Security:single module:_copyData -Security:single module:_freeCssmData -Security:single module:__ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPERK8cssm_keyb -Security:single module:__ZN8Security10CssmClient7KeyImplC4ERKNS0_3CSPERK8cssm_keyb -Security:single module:__ZN8Security7CssmKeyC2ERK8cssm_key -Security:single module:__ZN8Security7CssmKeyC4ERK8cssm_key -Security:single module:__ZN8Security10CssmClient7KeyImplD0Ev -Security:single module:__ZN8Security10CssmClient7KeyImplD4Ev -Security:single module:__ZN8Security10CssmClient7KeyImpl10deactivateEv -Security:single module:_CSSM_FreeKey -Security:single module:__Z12cssm_FreeKeymPK23cssm_access_credentialsP8cssm_keyl -Security:single module:__ZN15AppleCSPSession7FreeKeyEPKN8Security17AccessCredentialsERNS0_7CssmKeyEl -Security:single module:__ZN8Security20CSPFullPluginSession7FreeKeyEPKNS_17AccessCredentialsERNS_7CssmKeyEl -Security:single module:__ZN8Security10CssmClient9AclBearerD2Ev -Security:single module:__ZN8Security10CssmClient9AclBearerD4Ev -Security:single module:__ZN8Security10CssmClient9VerifyMac6verifyEPKNS_8CssmDataEmRS3_ -Security:single module:__ZN8Security10CssmClient10MacContext8activateEv -Security:single module:_CSSM_CSP_CreateMacContext -Security:single module:_CSSM_VerifyMac -Security:single module:__Z14cssm_VerifyMacmyPK12cssm_contextPK9cssm_datamS4_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession9VerifyMacEyRKNS_7ContextEPKNS_8CssmDataEmRS5_ -Security:single module:__ZN8Security20CSPFullPluginSession9VerifyMacEyRKNS_7ContextEPKNS_8CssmDataEmRS5_ -Security:single module:__ZN8Security20CSPFullPluginSession13VerifyMacInitEyRKNS_7ContextE -Security:single module:__ZN16MacLegacyContext4initERKN8Security7ContextEb -Security:single module:_hmacLegacyAlloc -Security:single module:_hmacLegacyInit -Security:single module:_sha1Alloc -Security:single module:__ZN8Security20CSPFullPluginSession15VerifyMacUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN16MacLegacyContext6updateERKN8Security8CssmDataE -Security:single module:_hmacLegacyUpdate -Security:single module:_sha1AddData -Security:single module:_sha1Digest -Security:single module:_sha1Reinit -Security:single module:__ZN8Security20CSPFullPluginSession14VerifyMacFinalEyRKNS_8CssmDataE -Security:single module:__ZN16MacLegacyContext5finalERKN8Security8CssmDataE -Security:single module:_hmacLegacyFinal -Security:single module:__ZN16MacLegacyContextD0Ev -Security:single module:__ZN16MacLegacyContextD4Ev -Security:single module:_hmacLegacyFree -Security:single module:_sha1Free -Security:single module:__ZN11DES3ContextD0Ev -Security:single module:__ZN11DES3ContextD4Ev -Security:single module:_desdone -Security:single module:__ZN12BlockCryptorD2Ev -Security:single module:__ZN12BlockCryptorD4Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServer8setTimerEPNS1_5TimerENS_4Time8AbsoluteE -Security:single module:__ZN8Security19NameValueDictionaryC1Ev -Security:single module:__ZN8Security19NameValueDictionaryC4Ev -Security:single module:__ZN8Security19NameValueDictionary41MakeNameValueDictionaryFromDLDbIdentifierERKNS_14DLDbIdentifierERS0_ -Security:single module:__ZN8Security13NameValuePairC1EmRKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePairC4EmRKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePair9CloneDataERKNS_8CssmDataE -Security:single module:__ZN8Security19NameValueDictionary6InsertEPNS_13NameValuePairE -Security:single module:__ZN8Security19NameValueDictionary6ExportERNS_8CssmDataE -Security:single module:__ZNK8Security19NameValueDictionary13CountElementsEv -Security:single module:__ZN8Security19NameValueDictionary10GetElementEi -Security:single module:__ZNK8Security13NameValuePair6ExportERNS_8CssmDataE -Security:single module:__ZN8Security19NameValueDictionaryD1Ev -Security:single module:__ZN8Security19NameValueDictionaryD4Ev -Security:single module:__ZN8Security13NameValuePairD1Ev -Security:single module:__ZN8Security13NameValuePairD4Ev -Security:single module:__ZN8Security9ObjectAcl10importBlobEPKvS2_ -Security:single module:__ZN8Security9ObjectAcl5Entry10importBlobERNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security9ObjectAcl13importSubjectERNS_23LowLevelMemoryUtilities6ReaderES3_ -Security:single module:__ZN8Security9ObjectAcl4makeEmRNS_23LowLevelMemoryUtilities6ReaderES3_ -Security:single module:__ZN8Security9ObjectAcl8makerForEl -Security:single module:__ZNK8Security13AnyAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security9ObjectAcl8AclEntry10importBlobERNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security9ObjectAcl5EntryD2Ev -Security:single module:__ZN8Security9ObjectAcl5EntryD4Ev -Security:single module:__ZN8Security4h2niERNS_7CssmKey6HeaderE -Security:single module:_CSSM_UpdateContextAttributes -Security:single module:__ZN13HandleContext15mergeAttributesEPK22cssm_context_attributem -Security:single module:__ZN8Security16CSPPluginSession13contextUpdateEyRKNS_7ContextERPNS0_13PluginContextE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataE -Security:single module:__ZN15AppleCSPSession12UnwrapKeyCmsEyRKN8Security7ContextERKNS0_7CssmKeyEPK29cssm_resource_control_contextRS4_RNS0_8CssmDataEy13cspKeyStorage -Security:single module:_setUpCssmData -Security:single module:_inferFormat -Security:single module:__ZN15AppleCSPSession12infoProviderERKN8Security7CssmKeyE -Security:single module:__ZN18RSAKeyInfoProvider8providerERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN24SymmetricKeyInfoProvider8providerERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN24SymmetricKeyInfoProviderC1ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN24SymmetricKeyInfoProviderC4ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN24SymmetricKeyInfoProvider15CssmKeyToBinaryEPN8Security7CssmKeyERmPP9BinaryKey -Security:single module:__ZN18SymmetricBinaryKeyC1Ej -Security:single module:__ZN18SymmetricBinaryKeyC4Ej -Security:single module:_copyCssmData -Security:single module:__ZN15AppleCSPSession9addRefKeyER9BinaryKeyRN8Security7CssmKeyE -Security:single module:_setUpData -Security:single module:__ZN22SensitiveCssmAllocator4freeEPv -Security:single module:__ZNK8Security19ThresholdAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security19ThresholdAclSubjectC1EmmRKSt6vectorINS_10RefPointerINS_10AclSubjectEEESaIS4_EE -Security:single module:__ZN8Security19ThresholdAclSubjectC4EmmRKSt6vectorINS_10RefPointerINS_10AclSubjectEEESaIS4_EE -Security:single module:__ZNK8Security23CodeSignatureAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security11CodeSigning9OSXSigner7restoreEmPKvm -Security:single module:__ZN8Security23CodeSignatureAclSubjectC1ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureEPKvm -Security:single module:__ZN8Security23CodeSignatureAclSubjectC4ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureEPKvm -Security:single module:__ZN8Security12CssmAutoData5resetEv -Security:single module:__ZN8Security9ObjectAcl8validateElPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE -Security:single module:__ZNK8Security9ObjectAcl8getRangeEPKcRSt4pairISt17_Rb_tree_iteratorIS3_IKSsNS0_8AclEntryEERKS7_PS8_ESB_E -Security:single module:__ZNK8Security9ObjectAcl8AclEntry10authorizesEl -Security:single module:__ZNK8Security9ObjectAcl8AclEntry8validateERKNS_20AclValidationContextE -Security:single module:__ZNK8Security16SimpleAclSubject8validateERKNS_20AclValidationContextE -Security:single module:__ZNK8Security9TypedList8isProperEv -Security:single module:__ZNK8Security11ListElement4wordEv -Security:single module:__ZNK8Security19ThresholdAclSubject8validateERKNS_20AclValidationContextERKNS_9TypedListE -Security:single module:__ZNK8Security23CodeSignatureAclSubject8validateERKNS_20AclValidationContextE -Security:single module:__ZN8Security11CodeSigning9OSXSigner4signERKNS0_8SignableE -Security:single module:__ZNK8Security11CodeSigning14ExecutableTool12scanContentsERNS0_6Signer5StateE -Security:single module:__ZN8Security11CodeSigning7OSXCode8scanFileEPKcRNS0_6Signer5StateE -Security:single module:__ZN8Security11CodeSigning9OSXSigner8Digester17enumerateContentsEPKvm -Security:single module:__ZN8Security10CssmClient6Digest6digestEPKNS_8CssmDataEm -Security:single module:__ZN14AppleCSPPlugin11makeSessionEmRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN15AppleCSPSessionC1EmR14AppleCSPPluginRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN15AppleCSPSessionC4EmR14AppleCSPPluginRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:_CSSM_DigestDataInit -Security:single module:__Z19cssm_DigestDataInitmyPK12cssm_context -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14DigestDataInitEyRKNS_7ContextE -Security:single module:_CSSM_DigestDataUpdate -Security:single module:__Z21cssm_DigestDataUpdatemyPK9cssm_datam -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16DigestDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient6DigestclERNS_8CssmDataE -Security:single module:_CSSM_DigestDataFinal -Security:single module:__Z20cssm_DigestDataFinalmyP9cssm_data -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15DigestDataFinalEyRNS_8CssmDataE -Security:single module:__ZNK8Security12UnixPlusPlus6UnixDb3getERKNS_8CssmDataERS2_i -Security:single module:__ZN8Security15CssmManagedDataD2Ev -Security:single module:__ZN8Security15CssmManagedDataD4Ev -Security:single module:__ZN8Security20AclValidationContextD2Ev -Security:single module:__ZN8Security20AclValidationContextD4Ev -Security:single module:__ZN8Security24AclValidationEnvironmentD2Ev -Security:single module:__ZN8Security24AclValidationEnvironmentD4Ev -Security:single module:__ZN8Security10CssmClient7Context8overrideERKNS_7ContextE -Security:single module:_CSSM_SetContext -Security:single module:__ZNK8Security7Context14copyAttributesERP22cssm_context_attributeRmRNS_13CssmAllocatorE -Security:single module:__ZN15AppleCSPSession12lookupRefKeyERKN8Security7CssmKeyE -Security:single module:__ZN15AppleCSPSession12lookupKeyRefEm -Security:single module:__Z29__MIG_check__Reply__decrypt_tP18__Reply__decrypt_t -Security:single module:__ZN8Security10DataOutputD1Ev -Security:single module:__ZN8Security10DataOutputD4Ev -Security:single module:__ZN14SSCryptContext5finalERN8Security8CssmDataE -Security:single module:__ZN9SSContext10copyOutBufERN8Security8CssmDataE -Security:single module:__ZN14SSCryptContextD0Ev -Security:single module:__ZN14SSCryptContextD4Ev -Security:single module:__ZN8Security10CssmClient7KeyImplD2Ev -Security:single module:__ZThn40_N12SSCSPSession7FreeKeyEPKN8Security17AccessCredentialsERNS0_7CssmKeyEl -Security:single module:__ZN12SSCSPSession7FreeKeyEPKN8Security17AccessCredentialsERNS0_7CssmKeyEl -Security:single module:__ZN5SSKey4freeEPKN8Security17AccessCredentialsERNS0_7CssmKeyEl -Security:single module:__ZN8Security13ReferencedKey16freeReferenceKeyERNS_13CssmAllocatorER8cssm_key -Security:single module:__ZN8Security14SecurityServer13ClientSession10releaseKeyEm -Security:single module:_ucsp_client_releaseKey -Security:single module:__ZN18SymmetricBinaryKeyD0Ev -Security:single module:__ZN18SymmetricBinaryKeyD4Ev -Security:single module:__ZN8Security9ObjectAclD2Ev -Security:single module:__ZN8Security9ObjectAclD4Ev -Security:single module:__ZN8Security10AclSubjectD2Ev -Security:single module:__ZN8Security10AclSubjectD4Ev -Security:single module:__ZN8Security23CodeSignatureAclSubjectD0Ev -Security:single module:__ZN8Security23CodeSignatureAclSubjectD4Ev -Security:single module:__Z32__MIG_check__Reply__releaseKey_tP21__Reply__releaseKey_t -Security:single module:__ZN5SSKeyD0Ev -Security:single module:__ZN5SSKeyD4Ev -Security:single module:__ZN8Security13ReferencedKeyD2Ev -Security:single module:__ZN8Security13ReferencedKeyD4Ev -Security:single module:__ZN8Security7KeyPool5eraseERNS_13ReferencedKeyE -Security:single module:__ZN8Security7KeyPool5eraseEm -Security:single module:__ZN8Security12KeychainCore15KCEventNotifier17PostKeychainEventEmRKNS0_8KeychainERKNS0_4ItemE -Security:single module:__ZNK8Security12KeychainCore8ItemImpl10primaryKeyEv -Security:single module:__ZN8Security12KeychainCore15KCEventNotifier17PostKeychainEventEmRKNS_14DLDbIdentifierERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security14SecurityServer13ClientSession16postNotificationEmmRKNS_8CssmDataE -Security:single module:_ucsp_client_postNotification -Security:single module:__Z38__MIG_check__Reply__postNotification_tP27__Reply__postNotification_t -Security:single module:__ZN8Security14SecurityServer13ClientSessionD1Ev -Security:single module:__ZN8Security14SecurityServer13ClientSessionD4Ev -Security:single module:__ZN8Security10CssmClient9DeriveKeyclEPNS_8CssmDataERKNS0_7KeySpecE -Security:single module:__ZN8Security10CssmClient9DeriveKey8activateEv -Security:single module:_CSSM_CSP_CreateDeriveKeyContext -Security:single module:__ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPE -Security:single module:_CSSM_DeriveKey -Security:single module:__Z14cssm_DeriveKeymyPK12cssm_contextP9cssm_datammPKS2_PK29cssm_resource_control_contextP8cssm_key -Security:single module:__ZN15AppleCSPSession9DeriveKeyEyRKN8Security7ContextERNS0_8CssmDataEmmPKS4_PK29cssm_resource_control_contextRNS0_7CssmKeyE -Security:single module:__ZN15AppleCSPSession16DeriveKey_PBKDF2ERKN8Security7ContextERKNS0_8CssmDataEP9cssm_data -Security:single module:_pbkdf2 -Security:single module:_F -Security:single module:_hmacsha1 -Security:single module:_hmacInit -Security:single module:_DigestCtxInit -Security:single module:_DigestCtxUpdate -Security:single module:_DigestCtxFinal -Security:single module:_sha1GetDigest -Security:single module:_DigestCtxFree -Security:single module:_freeData -Security:single module:__ZN8Security7CssmKeyC1EmPv -Security:single module:__ZN8Security7CssmKeyC4EmPv -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecE -Security:single module:_fmalloc -Security:single module:__Z8ckMallocj -Security:single module:_spinit -Security:single module:_perminit -Security:single module:__ZN8Security16CSPPluginSession13PluginContext7changedERKNS_7ContextE -Security:single module:__ZN10MacContext4initERKN8Security7ContextEb -Security:single module:_hmacAlloc -Security:single module:__ZN10MacContext6updateERKN8Security8CssmDataE -Security:single module:_hmacUpdate -Security:single module:__ZN10MacContext5finalERKN8Security8CssmDataE -Security:single module:_hmacFinal -Security:single module:__ZN10MacContextD0Ev -Security:single module:__ZN10MacContextD4Ev -Security:single module:_hmacFree -Security:single module:_SecKeychainItemFreeContent -Security:single module:__ZN8Security12KeychainCore8ItemImpl11freeContentEP24SecKeychainAttributeListPv -Security:single module:_SecKeychainItemRelease -Security:single module:__ZN8Security12KeychainCore8ItemImplD1Ev -Security:single module:__ZN8Security12KeychainCore8ItemImplD4Ev -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC1ERK9cssm_data -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC4ERK9cssm_data -Security:single module:__ZN8Security12KeychainCore12KeychainImpl10removeItemERKNS0_10PrimaryKeyEPKNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplD1Ev -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplD4Ev -Security:single module:__ZN8Security10CssmClient6DbImpl5closeEv -Security:single module:_CSSM_DL_DbClose -Security:single module:__Z12cssm_DbClose17cssm_dl_db_handle -Security:single module:__ZThn40_N11SSDLSession7DbCloseEm -Security:single module:__ZN11SSDLSession7DbCloseEm -Security:single module:__ZN11SSDLSession12killDbHandleEm -Security:single module:__ZN8Security15DatabaseSession7DbCloseEm -Security:single module:__ZN8Security15DatabaseManager7dbCloseERNS_9DbContextE -Security:single module:__ZN8Security8Database8_dbCloseERNS_9DbContextE -Security:single module:__ZN8Security13AppleDatabase7dbCloseEv -Security:single module:__ZN8Security10DbModifier13closeDatabaseEv -Security:single module:__ZN8Security9DbVersionD1Ev -Security:single module:__ZN8Security9DbVersionD4Ev -Security:single module:__ZN8Security5TableD1Ev -Security:single module:__ZN8Security5TableD4Ev -Security:single module:__ZN8Security10MetaRecordD1Ev -Security:single module:__ZN8Security10MetaRecordD4Ev -Security:single module:__ZN8Security13MetaAttributeD2Ev -Security:single module:__ZN8Security13MetaAttributeD4Ev -Security:single module:__ZN8Security15DatabaseManager14removeIfUnusedERNS_8DatabaseE -Security:single module:__ZN8Security8Database13hasDbContextsEv -Security:single module:__ZN8Security13AppleDatabaseD0Ev -Security:single module:__ZN8Security13AppleDatabaseD4Ev -Security:single module:__ZN8Security10DbModifierD1Ev -Security:single module:__ZN8Security10DbModifierD4Ev -Security:single module:__ZN8Security10AtomicFileD1Ev -Security:single module:__ZN8Security10AtomicFileD4Ev -Security:single module:__ZN8Security8DatabaseD2Ev -Security:single module:__ZN8Security8DatabaseD4Ev -Security:single module:__ZN8Security14AppleDbContextD0Ev -Security:single module:__ZN8Security14AppleDbContextD4Ev -Security:single module:__ZN8Security9DbContextD2Ev -Security:single module:__ZN8Security9DbContextD4Ev -Security:single module:__ZN14SSDatabaseImplD0Ev -Security:single module:__ZN14SSDatabaseImplD4Ev -Security:single module:__ZN8Security14SecurityServer13ClientSession9releaseDbEm -Security:single module:_ucsp_client_releaseDb -Security:single module:__Z31__MIG_check__Reply__releaseDb_tP20__Reply__releaseDb_t -Security:single module:__ZN8Security9CssmError7throwMeEl -Security:single module:___cxa_allocate_exception -Security:single module:__ZN8Security9CssmErrorC1El -Security:single module:__ZN8Security9CssmErrorC4El -Security:single module:__ZN8Security15CssmCommonErrorC2Ev -Security:single module:__ZN8Security15CssmCommonErrorC4Ev -Security:single module:___cxa_throw -Security:single module:___cxa_get_globals -Security:single module:__Z21get_globals_init_oncev -Security:single module:__Z16get_globals_initv -Security:single module:__Unwind_RaiseException -Security:single module:save_world -Security:single module:_uw_init_context_1 -Security:single module:_uw_frame_state_for -Security:single module:__Unwind_Find_FDE -Security:single module:__Unwind_Find_registered_FDE -Security:single module:_examine_objects -Security:single module:_search_object -Security:single module:_init_object -Security:single module:_classify_object_over_fdes -Security:single module:_get_cie_encoding -Security:single module:_read_uleb128 -Security:single module:_read_sleb128 -Security:single module:_read_encoded_value_with_base -Security:single module:_base_from_object -Security:single module:_size_of_encoded_value -Security:single module:_add_fdes -Security:single module:_fde_split -Security:single module:_fde_single_encoding_compare -Security:single module:_frame_heapsort -Security:single module:_extract_cie_info -Security:single module:_read_uleb128 -Security:single module:_read_sleb128 -Security:single module:_execute_cfa_program -Security:single module:_size_of_encoded_value -Security:single module:_uw_update_context_1 -Security:single module:_base_of_encoded_value -Security:single module:_read_encoded_value_with_base -Security:single module:___gxx_personality_v0 -Security:single module:__Unwind_GetLanguageSpecificData -Security:single module:_uw_update_context -Security:single module:__Z17parse_lsda_headerP15_Unwind_ContextPKhP16lsda_header_info -Security:single module:__Unwind_GetRegionStart -Security:single module:__Z12read_uleb128PKhPj -Security:single module:__Z21base_of_encoded_valuehP15_Unwind_Context -Security:single module:__Unwind_GetIP -Security:single module:__Z28read_encoded_value_with_basehjPKhPj -Security:single module:__Z12read_sleb128PKhPi -Security:single module:__Z15get_ttype_entryP16lsda_header_infoj -Security:single module:__Z21size_of_encoded_valueh -Security:single module:__Z16get_adjusted_ptrPKSt9type_infoS1_PPv -Security:single module:__ZNKSt9type_info14__is_pointer_pEv -Security:single module:__ZNK10__cxxabiv117__class_type_info10__do_catchEPKSt9type_infoPPvj -Security:single module:__ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PPv -Security:single module:__ZNK10__cxxabiv120__si_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE -Security:single module:__ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PKvRNS0_15__upcast_resultE -Security:single module:__Unwind_RaiseException_Phase2 -Security:single module:__Unwind_SetGR -Security:single module:__Unwind_SetIP -Security:single module:_uw_install_context_1 -Security:single module:_init_dwarf_reg_size_table -Security:single module:eh_rest_world_r10 -Security:single module:rest_world_eh_r7r8 -Security:single module:__Unwind_Resume -Security:single module:___cxa_begin_catch -Security:single module:__ZNK8Security15CssmCommonError9cssmErrorEl -Security:single module:__ZNK8Security9CssmError9cssmErrorEv -Security:single module:__ZN8Security9CssmError5mergeEll -Security:single module:___cxa_end_catch -Security:single module:___cxa_get_globals_fast -Security:single module:__Unwind_DeleteException -Security:single module:__Z23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception -Security:single module:__ZN8Security15CssmCommonErrorD2Ev -Security:single module:__ZN8Security15CssmCommonErrorD4Ev -Security:single module:__ZNSt9exceptionD2Ev -Security:single module:__ZNSt9exceptionD4Ev -Security:single module:___cxa_free_exception -Security:single module:_CSSM_ModuleDetach -Security:single module:__ZN8Security12HandleObject5State5eraseERN9__gnu_cxx19_Hashtable_iteratorISt4pairIKmPS0_EmNS2_4hashImEESt10_Select1stIS7_ESt8equal_toImESaIS6_EEE -Security:single module:__ZN10Attachment6detachEb -Security:single module:__ZN8Security10CssmPlugin12moduleDetachEm -Security:single module:__ZN8Security13PluginSession6detachEv -Security:single module:__ZN11SSDLSessionD0Ev -Security:single module:__ZN11SSDLSessionD4Ev -Security:single module:__ZN8Security15DatabaseSessionD2Ev -Security:single module:__ZN8Security15DatabaseSessionD4Ev -Security:single module:__ZN8Security13PluginSessionD2Ev -Security:single module:__ZN8Security13PluginSessionD4Ev -Security:single module:__ZN6Module6detachEP10Attachment -Security:single module:__ZN10AttachmentD2Ev -Security:single module:__ZN10AttachmentD4Ev -Security:single module:__ZN8Security5MutexD2Ev -Security:single module:__ZN8Security10CssmClient6DLImplD0Ev -Security:single module:_CSSM_ModuleUnload -Security:single module:__ZN11CssmManager12unloadModuleERKN8Security4GuidERKNS0_14ModuleCallbackE -Security:single module:__ZN6Module6unloadERKN8Security14ModuleCallbackE -Security:single module:__ZN8Security10CssmPlugin12moduleUnloadERKNS_4GuidES3_RKNS_14ModuleCallbackE -Security:single module:__ZN8Security10CssmPlugin6unloadEv -Security:single module:__ZN8Security17ModuleCallbackSet5eraseERKNS_14ModuleCallbackE -Security:single module:__ZN6ModuleD0Ev -Security:single module:__ZN6ModuleD4Ev -Security:single module:__ZN12MdsComponentD2Ev -Security:single module:__ZN8Security10CssmClient11GenerateMac4signEPKNS_8CssmDataEmRS2_ -Security:single module:_CSSM_GenerateMac -Security:single module:__Z16cssm_GenerateMacmyPK12cssm_contextPK9cssm_datamPS2_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11GenerateMacEyRKNS_7ContextEPKNS_8CssmDataEmRS4_ -Security:single module:__ZN8Security20CSPFullPluginSession11GenerateMacEyRKNS_7ContextEPKNS_8CssmDataEmRS4_ -Security:single module:__ZN8Security20CSPFullPluginSession15GenerateMacInitEyRKNS_7ContextE -Security:single module:__ZN8Security20CSPFullPluginSession17GenerateMacUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN8Security20CSPFullPluginSession16GenerateMacFinalEyRNS_8CssmDataE -Security:single module:__ZN10MacContext10outputSizeEbm -Security:single module:__ZN10MacContext5finalERN8Security8CssmDataE -Security:single module:__ZN11GAESContextC1ER15AppleCSPSession -Security:single module:__ZN11GAESContextC4ER15AppleCSPSession -Security:single module:__ZN11GladmanInit9genTablesEv -Security:single module:_gen_tabs -Security:single module:__ZN11GAESContext4initERKN8Security7ContextEb -Security:single module:__ZN11GAESContext9deleteKeyEv -Security:single module:_set_key -Security:single module:__ZN11GAESContext12decryptBlockEPKvPvRmb -Security:single module:_rDecrypt -Security:single module:__ZN8Security10CssmClient7Encrypt7encryptEPKNS_8CssmDataEmPS2_mRS2_ -Security:single module:_CSSM_EncryptData -Security:single module:__Z16cssm_EncryptDatamyPK12cssm_contextPK9cssm_datamPS2_mPmS5_y -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11EncryptDataEyRKNS_7ContextEPKNS_8CssmDataEmPS4_mRmRS4_y -Security:single module:__ZN8Security20CSPFullPluginSession11EncryptDataEyRKNS_7ContextEPKNS_8CssmDataEmPS4_mRmRS4_y -Security:single module:__ZN11GAESContext12encryptBlockEPKvmPvRmb -Security:single module:_rEncrypt -Security:single module:_SecTrustedApplicationIsUpdateCandidate -Security:single module:__ZN8Security12MachPlusPlus7MessageD1Ev -Security:single module:__ZN8Security12MachPlusPlus7MessageD4Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServer10LoadThread6actionEv -Security:single module:__ZN8Security12MachPlusPlus10MachServer12removeThreadEPNS_6ThreadE -Security:single module:__ZN8Security6Thread6runnerEPv -Security:single module:__ZN8Security6ThreadD2Ev -Security:single module:__ZN8Security6ThreadD4Ev -Security:single module:__Z16get_globals_dtorPv -Security:single module:_SecTrustedApplicationCreateFromPath -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC1EPKc -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC4EPKc -Security:single module:__ZN8Security11CodeSigning9OSXSignerC1Ev -Security:single module:__ZN8Security11CodeSigning9OSXSignerC4Ev -Security:single module:__ZN8Security11CodeSigning7OSXCode2atEPKc -Security:single module:__ZNK8Security11CodeSigning13GenericBundle12scanContentsERNS0_6Signer5StateE -Security:single module:__ZNK8Security11CodeSigning13GenericBundle13canonicalPathEv -Security:single module:__ZN8Security11CodeSigning13GenericBundleD0Ev -Security:single module:__ZN8Security10CssmClient7CSPImplD0Ev -Security:single module:__ZN15AppleCSPSessionD0Ev -Security:single module:__ZN15AppleCSPSessionD4Ev -Security:single module:__ZN11GAESContextD0Ev -Security:single module:__ZN11GAESContextD4Ev -Security:single module:_SecTrustedApplicationMakeEquivalent -Security:single module:__ZNK8Security12KeychainCore18TrustedApplication9signatureEv -Security:single module:__ZNK8Security12KeychainCore18TrustedApplication4pathEv -Security:single module:__ZN8Security14SecurityServer13ClientSession18addCodeEquivalenceERKNS_8CssmDataES4_PKcb -Security:single module:_ucsp_client_addCodeEquivalence -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb3putERKNS_8CssmDataES4_i -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb5flushEi -Security:single module:__Z40__MIG_check__Reply__addCodeEquivalence_tP29__Reply__addCodeEquivalence_t -Security:single module:_SecKeychainCopySearchList -Security:single module:__ZN8Security12KeychainCore14StorageManager23convertFromKeychainListERKSt6vectorINS0_8KeychainESaIS3_EE -Security:single module:_SecKeychainSearchCreateFromAttributes -Security:single module:__ZN8Security12KeychainCore14StorageManager21convertToKeychainListEPK9__CFArrayRSt6vectorINS0_8KeychainESaIS6_EE -Security:single module:_SecKeychainSearchCopyNext -Security:single module:__ZN8Security12KeychainCore6Schema12itemClassForEm -Security:single module:__ZN8Security12KeychainCore7CFClass8hashTypeEPKv -Security:single module:__ZN8Security12KeychainCore11SecCFObject4hashEv -Security:single module:__ZN8Security12KeychainCore7CFClass9equalTypeEPKvS3_ -Security:single module:__ZN8Security12KeychainCore11SecCFObject5equalERS1_ -Security:single module:__ZN8Security12MachPlusPlus10MachServer10clearTimerEPNS1_5TimerE -Security:single module:_SSLNewContext -Security:single module:_sslMalloc -Security:single module:_attachToAll -Security:single module:_attachToModules -Security:single module:__ZN14ModuleAttacher14loadAllModulesERmS0_S0_ -Security:single module:__ZN14ModuleAttacher10loadModuleEmPK9cssm_guidPKc -Security:single module:__ZN14ModuleAttacher8initCssmEv -Security:single module:__ZN11AppleX509CL11makeSessionEmRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN18AppleX509CLSessionC1EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN18AppleX509CLSessionC4EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security15CLPluginSession9constructEv -Security:single module:__ZN7AppleTP11makeSessionEmRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN14AppleTPSessionC1EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN14AppleTPSessionC4EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security15TPPluginSession9constructEv -Security:single module:_SSLSetAllowsExpiredCerts -Security:single module:_sslIsSessionActive -Security:single module:_SSLSetAllowsExpiredRoots -Security:single module:_SSLSetAllowsAnyRoot -Security:single module:_SSLSetEnableCertVerify -Security:single module:_SSLSetPeerDomainName -Security:single module:_SSLSetProtocolVersion -Security:single module:_SSLGetSessionState -Security:single module:_SSLSetIOFuncs -Security:single module:_SSLSetConnection -Security:single module:_SSLDisposeContext -Security:single module:_sslDeleteCertificateChain -Security:single module:_SSLFreeBuffer -Security:single module:_sslFree -Security:single module:_sslFreeKey -Security:single module:_CloseHash -Security:single module:_SSLDisposeCipherSuite -Security:single module:__Z11ssl3FreeMacP13CipherContext -Security:single module:__Z19sslFreeTrustedRootsP10SSLContext -Security:single module:__Z13sslFreeDnListP10SSLContext -Security:single module:_detachFromAll -Security:single module:_sslCleanupSession -Security:single module:__ZN12SessionCache7cleanupEv -Security:single module:_SSLHandshake -Security:single module:_sslBuildCipherSpecArray -Security:single module:__Z19SSLHandshakeProceedP10SSLContext -Security:single module:__Z17SSLInitConnectionP10SSLContext -Security:single module:_SSL2AdvanceHandshake -Security:single module:_SSLInitMessageHashes -Security:single module:_ReadyHash -Security:single module:_SSLAllocBuffer -Security:single module:__Z12HashSHA1InitR9SSLBufferP10SSLContext -Security:single module:__Z12cdsaHashInitR9SSLBufferP10SSLContextm -Security:single module:_attachToCsp -Security:single module:_stAppMalloc -Security:single module:_stAppFree -Security:single module:__Z11HashMD5InitR9SSLBufferP10SSLContext -Security:single module:__ZN9MD5Object10digestInitEv -Security:single module:_MD5Init -Security:single module:_SSL2PrepareAndQueueMessage -Security:single module:_SSL2EncodeClientHello -Security:single module:_sslGetMaxProtVersion -Security:single module:_SSLEncodeInt -Security:single module:_sslRand -Security:single module:__ZN8Security18DevRandomGeneratorC1Eb -Security:single module:__ZN8Security18DevRandomGeneratorC4Eb -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc4openEPKcit -Security:single module:_ssl3WriteRecord -Security:single module:_SSL2WriteRecord -Security:single module:__Z9NullCrypt9SSLBufferS_P13CipherContextP10SSLContext -Security:single module:_IncrementUInt64 -Security:single module:__Z14cdsaHashUpdateR9SSLBufferRKS_ -Security:single module:__ZN9MD5Object12digestUpdateEPKvm -Security:single module:_MD5Update -Security:single module:_MD5Transform -Security:single module:__Z20SSLServiceWriteQueueP10SSLContext -Security:single module:_sslIoWrite -Security:single module:_SSLReadRecord -Security:single module:_sslIoRead -Security:single module:_SSLDecodeInt -Security:single module:__Z17ssl3DecryptRecordhP9SSLBufferP10SSLContext -Security:single module:__Z25SSLProcessProtocolMessageR9SSLRecordP10SSLContext -Security:single module:_SSLProcessHandshakeRecord -Security:single module:__Z26SSLProcessHandshakeMessage15SSLHandshakeMsgP10SSLContext -Security:single module:_SSLProcessServerHello -Security:single module:_sslVerifyProtVersion -Security:single module:_FindCipherSpec -Security:single module:_sslVerifyNegotiatedCipher -Security:single module:_SSLAdvanceHandshake -Security:single module:__Z17tls1DecryptRecordhP9SSLBufferP10SSLContext -Security:single module:_SSLProcessCertificate -Security:single module:_sslVerifyCertChain -Security:single module:_SSLGetCertificateChainLength -Security:single module:_SecCertificateCreateFromData -Security:single module:__ZN8Security12KeychainCore11CertificateC1ERK9cssm_datamm -Security:single module:__ZN8Security12KeychainCore11CertificateC4ERK9cssm_datamm -Security:single module:__ZN8Security12KeychainCore8ItemImplC2EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImplC4EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore11Certificate9clForTypeEm -Security:single module:__ZN8Security10CssmClient6CLImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6CLImplC4ERKNS_4GuidE -Security:single module:_SecPolicySearchCreate -Security:single module:__ZN8Security12KeychainCore12PolicyCursorC1EPK9cssm_dataS4_ -Security:single module:__ZN8Security12KeychainCore12PolicyCursorC4EPK9cssm_dataS4_ -Security:single module:_SecPolicySearchCopyNext -Security:single module:__ZN8Security12KeychainCore12PolicyCursor4nextERNS0_10SecPointerINS0_6PolicyEEE -Security:single module:__ZN8Security10CssmClient6TPImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6TPImplC4ERKNS_4GuidE -Security:single module:__ZN8Security12KeychainCore6PolicyC1ENS_10CssmClient2TPERKNS_8CssmDataE -Security:single module:__ZN8Security12KeychainCore6PolicyC4ENS_10CssmClient2TPERKNS_8CssmDataE -Security:single module:_SecPolicySetValue -Security:single module:_SecTrustCreateWithCertificates -Security:single module:__ZN8Security12KeychainCore5TrustC1EPKvS3_ -Security:single module:__ZN8Security12KeychainCore5TrustC4EPKvS3_ -Security:single module:_SecTrustSetParameters -Security:single module:_SecTrustSetKeychains -Security:single module:_SecTrustEvaluate -Security:single module:__ZN8Security12KeychainCore5Trust8evaluateEv -Security:single module:__ZN8Security12KeychainCore5Trust12clearResultsEv -Security:single module:__Z17cfCertificateDataP23OpaqueSecCertificateRef -Security:single module:__ZN8Security12KeychainCore11Certificate4dataEv -Security:single module:__ZN8Security9CertGroupC1Emmm -Security:single module:__ZN8Security9CertGroupC4Emmm -Security:single module:__ZN8Security10CssmClient20TPBuildVerifyContextC1EmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient20TPBuildVerifyContextC4EmRNS_13CssmAllocatorE -Security:single module:__Z7cfFieldP18OpaqueSecPolicyRef -Security:single module:__ZN8Security12KeychainCore10TrustStoreC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore10TrustStoreC4ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore10TrustStore20copyRootCertificatesEv -Security:single module:__ZN8Security12KeychainCore10TrustStore20loadRootCertificatesEv -Security:single module:__ZN8Security12KeychainCore10TrustStore23refreshRootCertificatesEv -Security:single module:__ZN8Security10CssmClient6DLImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6DLImplC4ERKNS_4GuidE -Security:single module:__ZThn64_N8Security10CssmClient6DLImpl5newDbEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient6DLImpl5newDbEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient6DbImplC1ERKNS0_2DLEPKcPK16cssm_net_address -Security:single module:__ZThn24_N8Security10CssmClient6DbImpl17newDbUniqueRecordEv -Security:single module:__ZN8Security10CssmClient6DbImpl17newDbUniqueRecordEv -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplC1ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplD0Ev -Security:single module:__ZN8Security10CssmClient6DbImplD0Ev -Security:single module:__ZN8Security10CssmClient6TPImpl15certGroupVerifyERKNS_9CertGroupERKNS_15TPVerifyContextEPNS_14TPVerifyResultE -Security:single module:__ZN8Security10CssmClient6TPImpl7setupCLEv -Security:single module:__ZN8Security10CssmClient6TPImpl8setupCSPEv -Security:single module:_CSSM_TP_CertGroupVerify -Security:single module:__Z20cssm_CertGroupVerifymmmPK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__ZThn40_N14AppleTPSession15CertGroupVerifyEmmRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__ZN14AppleTPSession15CertGroupVerifyEmmRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__ZN11TPCertGroupC1ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN11TPCertGroupC4ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN11TPCertGroupC1ERK14cssm_certgroupmmRN8Security13CssmAllocatorEPKcb12TPGroupOwner -Security:single module:__ZN11TPCertGroupC4ERK14cssm_certgroupmmRN8Security13CssmAllocatorEPKcb12TPGroupOwner -Security:single module:__ZN10TPCertInfoC1EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN10TPCertInfoC4EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN12TPClItemInfoC2EmmRK13TPClItemCallsPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN12TPClItemInfoC4EmmRK13TPClItemCallsPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN12TPClItemInfo9cacheItemEPK9cssm_data10TPItemCopy -Security:single module:_CSSM_CL_CertCache -Security:single module:__Z14cssm_CertCachemPK9cssm_dataPm -Security:single module:__ZThn40_N18AppleX509CLSession9CertCacheERKN8Security8CssmDataERm -Security:single module:__ZN18AppleX509CLSession9CertCacheERKN8Security8CssmDataERm -Security:single module:__ZN11DecodedCertC1ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN11DecodedCertC4ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN11DecodedItemC2ER18AppleX509CLSession -Security:single module:__ZN11DecodedItemC4ER18AppleX509CLSession -Security:single module:__ZN11SecNssCoderC1Ej -Security:single module:__ZN11SecNssCoderC4Ej -Security:single module:_PORT_NewArena -Security:single module:_PORT_ZAlloc -Security:single module:_PR_Calloc -Security:single module:_PR_NewLock -Security:single module:_PR_Malloc -Security:single module:_PL_InitArenaPool -Security:single module:_PR_CeilingLog2 -Security:single module:__ZN17DecodedExtensionsC1ER11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__ZN17DecodedExtensionsC4ER11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__ZN11SecNssCoder6decodeEPKvmPK23sec_ASN1Template_structPv -Security:single module:_SEC_ASN1Decode -Security:single module:_SEC_ASN1DecoderStart -Security:single module:_PORT_ArenaZAlloc -Security:single module:_PORT_ArenaAlloc -Security:single module:_PR_Lock -Security:single module:_PL_ArenaAllocate -Security:single module:_LockArena -Security:single module:_UnlockArena -Security:single module:_PR_Unlock -Security:single module:_sec_asn1d_push_state -Security:single module:_sec_asn1d_zalloc -Security:single module:_sec_asn1d_alloc -Security:single module:_sec_asn1d_init_state_based_on_template -Security:single module:_sec_asn1d_scrub_state -Security:single module:_SEC_ASN1DecoderUpdate -Security:single module:_sec_asn1d_parse_identifier -Security:single module:_sec_asn1d_confirm_identifier -Security:single module:_sec_asn1d_parse_length -Security:single module:_sec_asn1d_parse_more_length -Security:single module:_sec_asn1d_prepare_for_contents -Security:single module:_PORT_ArenaMark -Security:single module:_sec_asn1d_notify_before -Security:single module:_SEC_ASN1GetSubtemplate -Security:single module:_sec_asn1d_parse_leaf -Security:single module:_sec_asn1d_prepare_for_end_of_contents -Security:single module:_sec_asn1d_pop_state -Security:single module:_sec_asn1d_free_child -Security:single module:_sec_asn1d_absorb_child -Security:single module:_PORT_ArenaRelease -Security:single module:_sec_asn1d_next_in_sequence -Security:single module:_sec_asn1d_notify_after -Security:single module:_sec_asn1d_record_any_header -Security:single module:_sec_asn1d_add_to_subitems -Security:single module:_sec_asn1d_next_substring -Security:single module:_sec_asn1d_concat_substrings -Security:single module:_sec_asn1d_reuse_encoding -Security:single module:__Z14NSS_ATVChooserPviPKcS_ -Security:single module:_NSS_TaggedTemplateChooser -Security:single module:_sec_asn1d_next_in_group -Security:single module:_sec_asn1d_concat_group -Security:single module:_NSS_TimeChooser -Security:single module:_sec_asn1d_parse_bit_string -Security:single module:_sec_asn1d_parse_more_bit_string -Security:single module:_SEC_ASN1DecoderFinish -Security:single module:_PORT_FreeArena -Security:single module:_PL_FinishArenaPool -Security:single module:_FreeArenaList -Security:single module:_PR_Free -Security:single module:_PORT_ZFree -Security:single module:_PR_DestroyLock -Security:single module:__ZN17DecodedExtensions13decodeFromNssEPP17NSS_CertExtension -Security:single module:__Z14clNssArraySizePPKv -Security:single module:_clOidToNssInfo -Security:single module:__Z17clCompareCssmDataPK9cssm_dataS1_ -Security:single module:__ZN11SecNssCoder6mallocEm -Security:single module:__Z15clNssBoolToCssmRK9cssm_data -Security:single module:__ZN17DecodedExtensions12addExtensionERK9cssm_databPvbPK23sec_ASN1Template_structPS1_ -Security:single module:__ZN8Security13PluginSession7reallocEPvm -Security:single module:__ZN10Attachment13upcallReallocEmPvm -Security:single module:__ZN8Security28CssmMemoryFunctionsAllocator7reallocEPvm -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctions12relayReallocEPvmS1_ -Security:single module:__ZN12DecodedExtenC1ERK9cssm_databPvbPK23sec_ASN1Template_structR11SecNssCoderPS1_ -Security:single module:__ZN12DecodedExtenC4ERK9cssm_databPvbPK23sec_ASN1Template_structR11SecNssCoderPS1_ -Security:single module:__ZN11SecNssCoder13allocCopyItemEPKvmR9cssm_data -Security:single module:__ZN11SecNssCoder9allocItemER9cssm_datam -Security:single module:__ZN13CLCachedEntryC2Ev -Security:single module:__ZN13CLCachedEntryC4Ev -Security:single module:__ZN12TPClItemInfo10fetchFieldEPK9cssm_dataPPS0_ -Security:single module:_CSSM_CL_CertGetFirstCachedFieldValue -Security:single module:__Z33cssm_CertGetFirstCachedFieldValuemmPK9cssm_dataPmS2_PPS_ -Security:single module:__ZThn40_N18AppleX509CLSession28CertGetFirstCachedFieldValueEmRKN8Security8CssmDataERmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession28CertGetFirstCachedFieldValueEmRKN8Security8CssmDataERmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession16lookupCachedCertEm -Security:single module:__ZN11DecodedCert16getCertFieldDataERKN8Security8CssmDataEjRmRNS0_13CssmOwnedDataE -Security:single module:__Z11oidToFieldsRKN8Security8CssmDataE -Security:single module:__Z18getFieldIssuerNormR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_getField_normRDN_NSS -Security:single module:__Z23CL_normalizeX509NameNSSR8NSS_NameR11SecNssCoder -Security:single module:__Z18CL_normalizeStringPcRi -Security:single module:__Z21SecNssEncodeItemOdataPKvPK23sec_ASN1Template_structRN8Security13CssmOwnedDataE -Security:single module:__Z16SecNssEncodeItemPKvPK23sec_ASN1Template_structRN8Security13CssmAllocatorER9cssm_data -Security:single module:_SEC_ASN1Encode -Security:single module:_SEC_ASN1EncoderStart -Security:single module:_sec_asn1e_push_state -Security:single module:_sec_asn1e_init_state_based_on_template -Security:single module:_sec_asn1e_scrub_state -Security:single module:_SEC_ASN1EncoderUpdate -Security:single module:_sec_asn1e_write_header -Security:single module:_sec_asn1e_contents_length -Security:single module:_SEC_ASN1LengthLength -Security:single module:_sec_asn1e_write_identifier_bytes -Security:single module:_sec_asn1e_write_part -Security:single module:_sec_asn1e_encode_item_count -Security:single module:_sec_asn1e_write_length_bytes -Security:single module:_SEC_ASN1EncodeLength -Security:single module:_sec_asn1e_notify_before -Security:single module:_sec_asn1e_write_contents -Security:single module:_sec_asn1e_write_contents_bytes -Security:single module:_sec_asn1e_after_contents -Security:single module:_sec_asn1e_next_in_sequence -Security:single module:_sec_asn1e_notify_after -Security:single module:_sec_asn1e_next_in_group -Security:single module:_SEC_ASN1EncoderFinish -Security:single module:_sec_asn1e_encode_item_store -Security:single module:__ZN11SecNssCoderD1Ev -Security:single module:__ZN11SecNssCoderD4Ev -Security:single module:__ZN7CLQueryC1E11CLQueryTypeRKN8Security8CssmDataEjbm -Security:single module:__ZN7CLQueryC4E11CLQueryTypeRKN8Security8CssmDataEjbm -Security:single module:__ZN8Security12CssmAutoData7releaseEv -Security:single module:_CSSM_CL_CertAbortQuery -Security:single module:__Z19cssm_CertAbortQuerymm -Security:single module:__ZThn40_N18AppleX509CLSession14CertAbortQueryEm -Security:single module:__ZN18AppleX509CLSession14CertAbortQueryEm -Security:single module:__ZN7CLQueryD1Ev -Security:single module:__ZN7CLQueryD4Ev -Security:single module:__Z17getField_TbsAlgIdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_tbsGetCheck -Security:single module:_getField_AlgIdNSS -Security:single module:__Z12CL_copyAlgIdRK30cssm_x509_algorithm_identifierRS_RN8Security13CssmAllocatorE -Security:single module:__Z15clAllocCopyDataRN8Security13CssmAllocatorERK9cssm_dataRS2_ -Security:single module:__Z11clAllocDataRN8Security13CssmAllocatorER9cssm_datam -Security:single module:_cssmOidToAlg -Security:single module:_compareCssmData -Security:single module:__ZN12TPClItemInfo9freeFieldEPK9cssm_dataPS0_ -Security:single module:_CSSM_CL_FreeFieldValue -Security:single module:__Z19cssm_FreeFieldValuemPK9cssm_dataPS_ -Security:single module:__ZThn40_N18AppleX509CLSession14FreeFieldValueERKN8Security8CssmDataERS1_ -Security:single module:__ZN18AppleX509CLSession14FreeFieldValueERKN8Security8CssmDataERS1_ -Security:single module:__ZN11DecodedCert17freeCertFieldDataERKN8Security8CssmDataERNS0_13CssmOwnedDataE -Security:single module:_freeField_AlgId -Security:single module:__ZN8Security14CssmRemoteData5resetEv -Security:single module:__ZN8Security14CssmRemoteData7releaseEv -Security:single module:__ZN12TPClItemInfo19fetchNotBeforeAfterEv -Security:single module:__Z18getField_NotBeforeR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_getField_TimeNSS -Security:single module:__Z16CL_nssTimeToCssmRK14NSS_TaggedItemR14cssm_x509_timeRN8Security13CssmAllocatorE -Security:single module:_timeStringToTm -Security:single module:__Z17getField_NotAfterR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_freeField_Time -Security:single module:__Z15CL_freeCssmTimeP14cssm_x509_timeRN8Security13CssmAllocatorE -Security:single module:__ZN12TPClItemInfo16calculateCurrentEPKc -Security:single module:_nowTime -Security:single module:_compareTimes -Security:single module:__Z19getFieldSubjectNormR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_CSSM_CL_CertGetKeyInfo -Security:single module:__Z19cssm_CertGetKeyInfomPK9cssm_dataPP8cssm_key -Security:single module:__ZThn40_N18AppleX509CLSession14CertGetKeyInfoERKN8Security8CssmDataERP8cssm_key -Security:single module:__ZN18AppleX509CLSession14CertGetKeyInfoERKN8Security8CssmDataERP8cssm_key -Security:single module:__ZNK11DecodedCert14extractCSSMKeyERN8Security13CssmAllocatorE -Security:single module:__Z20CL_extractCSSMKeyNSSRK33cssm_x509_subject_public_key_infoRN8Security13CssmAllocatorEPK11DecodedCert -Security:single module:__Z11CL_oidToAlgRK9cssm_data -Security:single module:__ZNK11DecodedCert13inferKeyUsageEv -Security:single module:__ZNK11DecodedItem14findDecodedExtERK9cssm_databmRm -Security:single module:__ZNK17DecodedExtensions12getExtensionEj -Security:single module:__Z21clBitStringToKeyUsageRK9cssm_data -Security:single module:_getGlobalCspHand -Security:single module:__ZN11CSPAttacher10getCspHandEb -Security:single module:_CSSM_QueryKeySizeInBits -Security:single module:__Z23cssm_QueryKeySizeInBitsmyPK12cssm_contextPK8cssm_keyP13cssm_key_size -Security:single module:__ZThn40_N8Security20CSPFullPluginSession18QueryKeySizeInBitsEyPKNS_7ContextEPKNS_7CssmKeyER13cssm_key_size -Security:single module:__ZN8Security20CSPFullPluginSession18QueryKeySizeInBitsEyPKNS_7ContextEPKNS_7CssmKeyER13cssm_key_size -Security:single module:__ZN15AppleCSPSession10getKeySizeERKN8Security7CssmKeyER13cssm_key_size -Security:single module:__ZN18RSAKeyInfoProviderC4ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18RSAKeyInfoProvider18QueryKeySizeInBitsER13cssm_key_size -Security:single module:_rawCssmKeyToRsa -Security:single module:_RSA_new -Security:single module:_RSA_new_method -Security:single module:_RSA_PKCS1_SSLeay -Security:single module:_CRYPTO_malloc -Security:single module:__Z8osMallocm -Security:single module:_RSA_eay_init -Security:single module:_CRYPTO_new_ex_data -Security:single module:_RSAPublicKeyDecode -Security:single module:_BN_new -Security:single module:_BN_bin2bn -Security:single module:_bn_expand2 -Security:single module:_RSA_size -Security:single module:_BN_num_bits -Security:single module:_RSA_free -Security:single module:_CRYPTO_add_lock -Security:single module:_CRYPTO_free_ex_data -Security:single module:_RSA_eay_finish -Security:single module:_BN_clear_free -Security:single module:_CRYPTO_free -Security:single module:__Z6osFreePv -Security:single module:__ZN11DecodedCertD1Ev -Security:single module:__ZN11DecodedCertD4Ev -Security:single module:__ZN11DecodedItemD2Ev -Security:single module:__ZN11DecodedItemD4Ev -Security:single module:__ZN17DecodedExtensionsD1Ev -Security:single module:__ZN17DecodedExtensionsD4Ev -Security:single module:__ZN12DecodedExtenD1Ev -Security:single module:__ZN12DecodedExtenD4Ev -Security:single module:_tpCompareCssmData -Security:single module:__ZN11TPCertGroup10appendCertEP10TPCertInfo -Security:single module:__ZN14AppleTPSession22CertGroupConstructPrivEmmR11TPCertGroupPK15cssm_dl_db_listPKcmPK9cssm_datamS1_RlSA_S1_ -Security:single module:__ZN11TPCertGroup11certAtIndexEj -Security:single module:__ZN11TPCertGroup12setAllUnusedEv -Security:single module:__ZN11TPCertGroup14buildCertGroupERK12TPClItemInfoPS_PK15cssm_dl_db_listmmPKcmPK9cssm_dataRS_S3_lmRlSD_ -Security:single module:__ZN11TPCertGroup8lastCertEv -Security:single module:__ZN11TPCertGroup22findIssuerForCertOrCrlERK12TPClItemInfoRb -Security:single module:__ZN10TPCertInfo10isIssuerOfERK12TPClItemInfo -Security:single module:_tpDbFindIssuerCert -Security:single module:__Z19cssm_CertAbortCachemm -Security:single module:__ZThn40_N18AppleX509CLSession14CertAbortCacheEm -Security:single module:__ZN18AppleX509CLSession14CertAbortCacheEm -Security:single module:__ZN12CLCachedCertD0Ev -Security:single module:__ZN12CLCachedCertD4Ev -Security:single module:__ZN11DecodedCertD0Ev -Security:single module:_CSSM_CL_CertAbortCache -Security:single module:__ZN12TPClItemInfo16releaseResourcesEv -Security:single module:__ZN10TPCertInfoD4Ev -Security:single module:__ZN12TPClItemInfoD2Ev -Security:single module:__ZN12TPClItemInfoD4Ev -Security:single module:__ZNK12TPClItemInfo16verifyWithIssuerEP10TPCertInfoS1_ -Security:single module:__ZN10TPCertInfo13hasPartialKeyEv -Security:single module:_CSSM_CSP_CreateSignatureContext -Security:single module:_CSSM_CL_CertVerify -Security:single module:__Z15cssm_CertVerifymyPK9cssm_dataS1_PK10cssm_fieldm -Security:single module:__ZThn40_N18AppleX509CLSession10CertVerifyEyRKN8Security8CssmDataEPS2_PK10cssm_fieldm -Security:single module:__ZN18AppleX509CLSession10CertVerifyEyRKN8Security8CssmDataEPS2_PK10cssm_fieldm -Security:single module:__Z26CL_certCrlDecodeComponentsRKN8Security8CssmDataERNS_13CssmOwnedDataES4_S4_ -Security:single module:__ZN18AppleX509CLSession10verifyDataEyRKN8Security8CssmDataES3_ -Security:single module:_CSSM_VerifyData -Security:single module:__Z15cssm_VerifyDatamyPK12cssm_contextPK9cssm_datammS4_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession10VerifyDataEyRKNS_7ContextEPKNS_8CssmDataEmmRS5_ -Security:single module:__ZN8Security20CSPFullPluginSession10VerifyDataEyRKNS_7ContextEPKNS_8CssmDataEmmRS5_ -Security:single module:__ZN8Security20CSPFullPluginSession14VerifyDataInitEyRKNS_7ContextE -Security:single module:__ZN16SignatureContext4initERKN8Security7ContextEb -Security:single module:__ZN9RSASigner10signerInitERKN8Security7ContextEb -Security:single module:__ZN9RSASigner14keyFromContextERKN8Security7ContextE -Security:single module:_contextToRsaKey -Security:single module:_cssmKeyToRsa -Security:single module:_RSA_blinding_off -Security:single module:__ZN8Security20CSPFullPluginSession16VerifyDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN16SignatureContext6updateERKN8Security8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession15VerifyDataFinalEyRKNS_8CssmDataE -Security:single module:__ZN16SignatureContext5finalERKN8Security8CssmDataE -Security:single module:__ZN9RSASigner6verifyEPKvmS1_m -Security:single module:_generateDigestInfo -Security:single module:_RSA_public_decrypt -Security:single module:_RSA_eay_public_decrypt -Security:single module:_BN_init -Security:single module:_BN_CTX_new -Security:single module:_BN_MONT_CTX_new -Security:single module:_BN_MONT_CTX_set -Security:single module:_BN_copy -Security:single module:_BN_set_word -Security:single module:_BN_set_bit -Security:single module:_BN_mod_inverse -Security:single module:_BN_CTX_start -Security:single module:_BN_CTX_get -Security:single module:_BN_div -Security:single module:_BN_ucmp -Security:single module:_BN_lshift -Security:single module:_bn_div_words -Security:single module:_BN_num_bits_word -Security:single module:_bn_mul_words -Security:single module:_BN_sub -Security:single module:_BN_usub -Security:single module:_BN_rshift -Security:single module:_BN_CTX_end -Security:single module:_BN_mul -Security:single module:_BN_add -Security:single module:_BN_uadd -Security:single module:_bn_add_words -Security:single module:_bn_mul_normal -Security:single module:_BN_mod -Security:single module:_BN_sub_word -Security:single module:_BN_free -Security:single module:_BN_mod_exp_mont -Security:single module:_BN_mod_mul_montgomery -Security:single module:_bn_mul_recursive -Security:single module:_bn_cmp_words -Security:single module:_bn_sub_words -Security:single module:_bn_mul_comba8 -Security:single module:_BN_from_montgomery -Security:single module:_bn_mul_add_words -Security:single module:_BN_value_one -Security:single module:_BN_is_bit_set -Security:single module:_BN_sqr -Security:single module:_bn_sqr_recursive -Security:single module:_bn_sqr_comba8 -Security:single module:_BN_bn2bin -Security:single module:_RSA_padding_check_PKCS1_type_1 -Security:single module:_BN_CTX_free -Security:single module:__Z14CL_freeCSSMKeyP8cssm_keyRN8Security13CssmAllocatorEb -Security:single module:__ZN16SignatureContextD0Ev -Security:single module:__ZN16SignatureContextD4Ev -Security:single module:__ZN9RSASignerD0Ev -Security:single module:__ZN9RSASignerD4Ev -Security:single module:_BN_MONT_CTX_free -Security:single module:__ZN10TPCertInfoD1Ev -Security:single module:__ZN10TPCertInfo16releaseResourcesEv -Security:single module:_tpFreePluginMemory -Security:single module:_CSSM_GetAPIMemoryFunctions -Security:single module:__ZN10TPCrlGroupC4EPK13cssm_crlgroupmmRN8Security13CssmAllocatorEPKc12TPGroupOwner -Security:single module:_tp_policyVerify -Security:single module:__Z16iSignGetCertInfoRN8Security13CssmAllocatorEP10TPCertInfoP13iSignCertInfo -Security:single module:__Z19iSignFetchExtensionRN8Security13CssmAllocatorEP10TPCertInfoPK9cssm_dataP14iSignExtenInfo -Security:single module:_getFieldAuthorityKeyId -Security:single module:__Z26CL_nssAuthorityKeyIdToCssmRK18NSS_AuthorityKeyIdR17CE_AuthorityKeyIDR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:_getFieldExtenCommon -Security:single module:__ZNK12DecodedExten13convertToCdsaEPvP19cssm_x509_extensionRN8Security13CssmAllocatorE -Security:single module:__Z16tpSetupExtensionRN8Security13CssmAllocatorEP9cssm_dataP14iSignExtenInfo -Security:single module:_getFieldSubjectKeyId -Security:single module:_getFieldKeyUsage -Security:single module:__Z20clNssBitStringToCssmR9cssm_data -Security:single module:_getFieldExtKeyUsage -Security:single module:_getFieldBasicConstraints -Security:single module:_getFieldNetscapeCertType -Security:single module:_getFieldSubjAltName -Security:single module:__Z28iSignSearchUnknownExtensionsP10TPCertInfoP13iSignCertInfo -Security:single module:_getFieldUnknownExt -Security:single module:_freeFieldUnknownExt -Security:single module:_verifySetFreeExtension -Security:single module:_freeFieldExtenCommon -Security:single module:_CSSM_CL_CertGetNextCachedFieldValue -Security:single module:__Z32cssm_CertGetNextCachedFieldValuemmPP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession27CertGetNextCachedFieldValueEmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession27CertGetNextCachedFieldValueEmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession21CertGetNextFieldValueEmRP9cssm_data -Security:single module:__Z16tp_verifySslOptsR11TPCertGroupPK9cssm_dataRK13iSignCertInfo -Security:single module:_tpToLower -Security:single module:__Z23tpCompareSubjectAltNameRK14iSignExtenInfoPKcm21SubjAltNameSearchTypeRbS5_ -Security:single module:__Z11tpIsNumericPKcj -Security:single module:__Z20tpCompareSubjectNameR10TPCertInfo22SubjSubjNameSearchTypePKcmRb -Security:single module:__Z16getField_SubjectR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:_getField_RDN_NSS -Security:single module:__Z16CL_nssNameToCssmRK8NSS_NameR14cssm_x509_nameRN8Security13CssmAllocatorE -Security:single module:__Z15CL_nssRdnToCssmRK7NSS_RDNR13cssm_x509_rdnRN8Security13CssmAllocatorER11SecNssCoder -Security:single module:__Z15CL_nssAtvToCssmRK7NSS_ATVR25cssm_x509_type_value_pairRN8Security13CssmAllocatorE -Security:single module:_tpCompareHostNames -Security:single module:_freeField_RDN -Security:single module:__Z15CL_freeX509NameP14cssm_x509_nameRN8Security13CssmAllocatorE -Security:single module:__Z14CL_freeX509RdnP13cssm_x509_rdnRN8Security13CssmAllocatorE -Security:single module:__Z17iSignFreeCertInfomP13iSignCertInfo -Security:single module:_freeFieldAuthorityKeyId -Security:single module:__Z21CL_freeAuthorityKeyIdR17CE_AuthorityKeyIDRN8Security13CssmAllocatorE -Security:single module:__Z23CL_freeCssmGeneralNamesP15CE_GeneralNamesRN8Security13CssmAllocatorE -Security:single module:_freeFieldSubjectKeyId -Security:single module:_freeFieldSimpleExtension -Security:single module:_freeFieldExtKeyUsage -Security:single module:_tpVerifyCertGroupWithCrls -Security:single module:__ZN10TPCrlGroupD1Ev -Security:single module:__ZN10TPCrlGroupD4Ev -Security:single module:__ZN11TPCertGroup18buildCssmCertGroupEv -Security:single module:_tpCopyCssmData -Security:single module:__ZN11TPCertGroup21buildCssmEvidenceInfoEv -Security:single module:__ZN11TPCertGroup13getReturnCodeEllll -Security:single module:__ZN11TPCertGroupD1Ev -Security:single module:__ZN11TPCertGroupD4Ev -Security:single module:__ZN8Security12KeychainCore5Trust15diagnoseOutcomeEv -Security:single module:__ZN8Security12KeychainCore5Trust17evaluateUserTrustERKNS_9CertGroupEPK27CSSM_TP_APPLE_EVIDENCE_INFONS_9CFCopyRefIPK9__CFArrayEE -Security:single module:__ZN8Security12KeychainCore10TrustStore4findEPNS0_11CertificateEPNS0_6PolicyE -Security:single module:__ZN8Security12KeychainCore10TrustStore8findItemEPNS0_11CertificateEPNS0_6PolicyE -Security:single module:__ZN8Security12KeychainCore14StorageManager12createCursorEmPK24SecKeychainAttributeList -Security:single module:__ZNK8Security9CssmError8osStatusEv -Security:single module:_stAppRealloc -Security:single module:_sslPubKeyFromCert -Security:single module:_SSLProcessServerHelloDone -Security:single module:_SSLPrepareAndQueueMessage -Security:single module:_SSLEncodeKeyExchange -Security:single module:__Z23SSLEncodeRSAKeyExchangeR9SSLRecordP10SSLContext -Security:single module:__Z27SSLEncodeRSAPremasterSecretP10SSLContext -Security:single module:_sslKeyLengthInBytes -Security:single module:_sslRsaEncrypt -Security:single module:_CSSM_CSP_CreateAsymmetricContext -Security:single module:__ZN16RSA_CryptContext4initERKN8Security7ContextEb -Security:single module:__ZN16RSA_CryptContext10outputSizeEbm -Security:single module:__ZN16RSA_CryptContext12encryptBlockEPKvmPvRmb -Security:single module:_RSA_public_encrypt -Security:single module:_RSA_eay_public_encrypt -Security:single module:_RSA_padding_add_PKCS1_type_2 -Security:single module:_RAND_bytes -Security:single module:_cspGetRandomBytes -Security:single module:__ZN8Security18DevRandomGeneratorC2Eb -Security:single module:__ZN16RSA_CryptContextD0Ev -Security:single module:__ZN16RSA_CryptContextD4Ev -Security:single module:_stFreeCssmData -Security:single module:__Z24tls1GenerateMasterSecretP10SSLContext -Security:single module:_SSLInternal_PRF -Security:single module:__Z8tlsPHashP10SSLContextPK13HMACReferencePKhjPhjS6_j -Security:single module:__Z10HMAC_AllocPK13HMACReferenceP10SSLContextPKvjPP11HMACContext -Security:single module:_sslSetUpSymmKey -Security:single module:__Z9HMAC_HmacP11HMACContextPKvjPvPj -Security:single module:__Z9HMAC_InitP11HMACContext -Security:single module:_CSSM_GenerateMacInit -Security:single module:__Z20cssm_GenerateMacInitmyPK12cssm_context -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15GenerateMacInitEyRKNS_7ContextE -Security:single module:__Z11HMAC_UpdateP11HMACContextPKvj -Security:single module:_CSSM_GenerateMacUpdate -Security:single module:__Z22cssm_GenerateMacUpdatemyPK9cssm_datam -Security:single module:__ZThn40_N8Security20CSPFullPluginSession17GenerateMacUpdateEyPKNS_8CssmDataEm -Security:single module:__Z10HMAC_FinalP11HMACContextPvPj -Security:single module:_CSSM_GenerateMacFinal -Security:single module:__Z21cssm_GenerateMacFinalmyP9cssm_data -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16GenerateMacFinalEyRNS_8CssmDataE -Security:single module:_MD5Final -Security:single module:_SSLInitPendingCiphers -Security:single module:_SSLEncodeChangeCipherSpec -Security:single module:__Z11tls1FreeMacP13CipherContext -Security:single module:_SSLEncodeFinishedMessage -Security:single module:_CloneHashState -Security:single module:__Z13cdsaHashCloneRK9SSLBufferRS_ -Security:single module:_CSSM_DigestDataClone -Security:single module:__Z20cssm_DigestDataClonemyy -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15DigestDataCloneEyy -Security:single module:__ZN8Security20CSPFullPluginSession15DigestDataCloneEyy -Security:single module:__ZN13DigestContext5cloneERN8Security13CssmAllocatorE -Security:single module:__ZNK10SHA1Object11digestCloneEv -Security:single module:__ZNK9MD5Object11digestCloneEv -Security:single module:__Z22tls1ComputeFinishedMacP10SSLContext9SSLBufferS1_S1_h -Security:single module:__Z13cdsaHashFinalR9SSLBufferS0_ -Security:single module:__ZNK9MD5Object17digestSizeInBytesEv -Security:single module:__ZN9MD5Object11digestFinalEPv -Security:single module:__Z9HMAC_FreeP11HMACContext -Security:single module:__Z14tls1ComputeMach9SSLBufferS_P13CipherContext9sslUint64P10SSLContext -Security:single module:_SSLEncodeUInt64 -Security:single module:_CDSASymmEncrypt -Security:single module:_CSSM_EncryptDataUpdate -Security:single module:__Z22cssm_EncryptDataUpdatemyPK9cssm_datamPS_mPm -Security:single module:__ZThn40_N8Security20CSPFullPluginSession17EncryptDataUpdateEyPKNS_8CssmDataEmPS1_mRm -Security:single module:__ZN8Security20CSPFullPluginSession17EncryptDataUpdateEyPKNS_8CssmDataEmPS1_mRm -Security:single module:__ZN10RC4Context10outputSizeEbm -Security:single module:__ZN10RC4Context9inputSizeEm -Security:single module:__ZN10RC4Context6updateEPvRmS0_S1_ -Security:single module:_RC4 -Security:single module:_SSLProcessChangeCipherSpec -Security:single module:_CDSASymmDecrypt -Security:single module:_SSLVerifyMac -Security:single module:_SSLProcessFinished -Security:single module:_SSLWrite -Security:single module:_SSLGetBufferedReadSize -Security:single module:_SSLRead -Security:single module:_SSLClose -Security:single module:_SSLSendAlert -Security:single module:__Z14SSLEncodeAlertR9SSLRecord10AlertLevel16AlertDescriptionP10SSLContext -Security:single module:__ZN8Security12KeychainCore5TrustD1Ev -Security:single module:__ZN8Security12KeychainCore5TrustD4Ev -Security:single module:__ZN8Security12KeychainCore5Trust17releaseTPEvidenceERNS_14TPVerifyResultERNS_13CssmAllocatorE -Security:single module:__ZN8Security9CertGroup7destroyERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore6PolicyD1Ev -Security:single module:__ZN8Security12KeychainCore6PolicyD4Ev -Security:single module:__ZN8Security12KeychainCore11CertificateD1Ev -Security:single module:__ZN8Security12KeychainCore11CertificateD4Ev -Security:single module:__ZN8Security10CssmClient6CLImplD0Ev -Security:single module:__ZN8Security10CssmClient6CLImplD4Ev -Security:single module:__ZN8Security12KeychainCore8ItemImplD2Ev -Security:single module:__ZN8Security10CssmClient6TPImplD0Ev -Security:single module:__ZN8Security10CssmClient6TPImplD4Ev -Security:single module:__ZN18AppleX509CLSessionD0Ev -Security:single module:__ZN18AppleX509CLSessionD4Ev -Security:single module:__ZN14AppleTPSessionD0Ev -Security:single module:__ZN14AppleTPSessionD4Ev -Security:single module:__Z13cdsaHashCloseR9SSLBufferP10SSLContext -Security:single module:_CDSASymmFinish -Security:single module:__Z16disposeCipherCtxP13CipherContext -Security:single module:__ZN10RC4ContextD0Ev -Security:single module:__ZN10RC4ContextD4Ev -Security:single module:__ZN8Security12KeychainCore12PolicyCursorD1Ev -Security:single module:__ZN8Security12KeychainCore12PolicyCursorD4Ev -Security:single module:__Z15sslReleaseArrayPK9__CFArray -Security:single module:_attachToCl -Security:single module:__Z23tls1GenerateKeyMaterial9SSLBufferP10SSLContext -Security:single module:__Z11tls1InitMacP13CipherContextP10SSLContext -Security:single module:_CDSASymmInit -Security:single module:_stSetUpCssmData -Security:single module:_CSSM_EncryptDataInit -Security:single module:__Z20cssm_EncryptDataInitmyPK12cssm_contexty -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15EncryptDataInitEyRKNS_7ContextEy -Security:single module:__ZN8Security20CSPFullPluginSession15EncryptDataInitEyRKNS_7ContextEy -Security:single module:__ZN10RC4Context4initERKN8Security7ContextEb -Security:single module:_RC4_set_key -Security:single module:_SSLReallocBuffer -Security:single module:_sslRealloc -Security:single module:__ZN8Security18DevRandomGenerator10addEntropyEPKvm -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc5writeEPKvm -Security:single module:dyld_stub_binding_helper -Security:single module:cfm_stub_binding_helper -Security:single module:__dyld_func_lookup -Security:single module:___initialize_Cplusplus -Security:single module:__ZN8Security10CssmClient5CryptC1ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient7Encrypt4initEv -Security:single module:__ZN8Security10CssmClient7Encrypt5finalERNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient7Encrypt7encryptEPKNS_8CssmDataEmPS2_m -Security:single module:__ZN8Security10CssmClient11PassThrough8activateEv -Security:single module:__ZN8Security10CssmClient11PassThroughclEmPKvPPv -Security:single module:__ZN8Security10CssmClient6Random4seedERKNS_14CssmCryptoDataE -Security:single module:__ZN8Security10CssmClient6Random4sizeEm -Security:single module:__ZN8Security10CssmClient6Random8activateEv -Security:single module:__ZN8Security10CssmClient6Random8generateERNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient7CSPImpl7freeKeyERNS_7CssmKeyEPKNS_17AccessCredentialsEb -Security:single module:__ZN8Security10CssmClient7CSPImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient7CSPImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient7CSPImplD1Ev -Security:single module:__ZN8Security10CssmClient7Context13getOutputSizeER20cssm_query_size_datamb -Security:single module:__ZN8Security10CssmClient7Context13getOutputSizeEmb -Security:single module:__ZN8Security10CssmClient7Context4initEv -Security:single module:__ZN8Security10CssmClient7Context9algorithmEm -Security:single module:__ZN8Security10CssmClient7ContextC1ERKNS0_3CSPEm -Security:single module:__ZN8Security10CssmClient7ContextD0Ev -Security:single module:__ZN8Security10CssmClient7ContextD1Ev -Security:single module:__ZN8Security10CssmClient10ModuleImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient10ModuleImplC2ERKNS_4GuidERKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient10ModuleImplD1Ev -Security:single module:__ZN8Security10CssmClient10ModuleImplD2Ev -Security:single module:__ZN8Security10CssmClient10ObjectImplC1ERKNS0_6ObjectE -Security:single module:__ZN8Security10CssmClient10ObjectImplC1Ev -Security:single module:__ZN8Security10CssmClient10ObjectImplD0Ev -Security:single module:__ZN8Security10CssmClient10ObjectImplD1Ev -Security:single module:__ZN8Security10CssmClient14AttachmentImplC1ERKNS0_6ModuleEm -Security:single module:__ZN8Security10CssmClient14AttachmentImplC1ERKNS_4GuidEm -Security:single module:__ZN8Security10CssmClient14AttachmentImplD0Ev -Security:single module:__ZN8Security10CssmClient14AttachmentImplD1Ev -Security:single module:__ZN8Security10CssmClient8CssmImpl10deactivateEv -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssm7setCssmEPS1_ -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssm9unsetCssmEPS1_ -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssmD1Ev -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssmD2Ev -Security:single module:__ZN8Security10CssmClient8CssmImpl12StandardCssmD4Ev -Security:single module:__ZN8Security10CssmClient8CssmImpl13atExitHandlerEv -Security:single module:__ZN8Security10CssmClient8CssmImplC1Ev -Security:single module:__ZN8Security10CssmClient8CssmImplC2Eb -Security:single module:__ZN8Security10CssmClient8CssmImplC2Ev -Security:single module:__ZN8Security10CssmClient8CssmImplC4Ev -Security:single module:__ZN8Security10CssmClient8CssmImplD0Ev -Security:single module:__ZN8Security10CssmClient8CssmImplD1Ev -Security:single module:__ZN8Security10CssmClient8CssmImplD2Ev -Security:single module:__ZN8Security10CssmClient8CssmImplD4Ev -Security:single module:__ZNK8Security10CssmClient10ObjectImpleqERKS1_ -Security:single module:__ZNK8Security10CssmClient10ObjectImplltERKS1_ -Security:single module:__ZNK8Security10CssmClient14AttachmentImpl14subserviceMaskEv -Security:single module:__ZNK8Security10CssmClient5Error4whatEv -Security:single module:__ZNK8Security10CssmClient5Error9cssmErrorEv -Security:single module:__ZN8Security10CssmClient12DbAttributesC2ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbAttributesC2Ev -Security:single module:__ZN8Security10CssmClient12DbCursorImpl9allocatorERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC1ERKNS0_6ObjectERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient12DbCursorImplC1ERKNS0_6ObjectEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImpl8activateEv -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplC1ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14DbDbCursorImplD1Ev -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImpl12deleteRecordEv -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImpl6modifyEmPK29cssm_db_record_attribute_dataPK9cssm_datam -Security:single module:__ZN8Security10CssmClient18DbUniqueRecordImplD1Ev -Security:single module:__ZN8Security10CssmClient6DLImpl10getDbNamesEPPc -Security:single module:__ZN8Security10CssmClient6DLImpl12freeNameListEPPc -Security:single module:__ZN8Security10CssmClient6DLImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6DLImplD1Ev -Security:single module:__ZN8Security10CssmClient6DbImpl11getSettingsERmRb -Security:single module:__ZN8Security10CssmClient6DbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient6DbImpl11passThroughEmPKvPPv -Security:single module:__ZN8Security10CssmClient6DbImpl11setSettingsEmb -Security:single module:__ZN8Security10CssmClient6DbImpl12authenticateEmPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient6DbImpl14createRelationEmPKcmPK29cssm_db_schema_attribute_infomPK25cssm_db_schema_index_info -Security:single module:__ZN8Security10CssmClient6DbImpl15destroyRelationEm -Security:single module:__ZN8Security10CssmClient6DbImpl16changePassphraseEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient6DbImpl17getUnlockKeyIndexERNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient6DbImpl4lockEv -Security:single module:__ZN8Security10CssmClient6DbImpl4nameERPc -Security:single module:__ZN8Security10CssmClient6DbImpl6createEv -Security:single module:__ZN8Security10CssmClient6DbImpl6insertEmPK29cssm_db_record_attribute_dataPK9cssm_data -Security:single module:__ZN8Security10CssmClient6DbImpl6renameEPKc -Security:single module:__ZN8Security10CssmClient6DbImpl6unlockERK9cssm_data -Security:single module:__ZN8Security10CssmClient6DbImpl6unlockEv -Security:single module:__ZN8Security10CssmClient6DbImpl8deleteDbEv -Security:single module:__ZN8Security10CssmClient6DbImpl8isLockedEv -Security:single module:__ZN8Security10CssmClient6DbImplD1Ev -Security:single module:__ZNK8Security10CssmClient12DbCursorImpl9allocatorEv -Security:single module:__ZThn20_N8Security10CssmClient6DbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient8DLDbList3addERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security10CssmClient8DLDbList6removeERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security10CssmClient8DLDbList4saveEv -Security:single module:__ZN8Security10CssmClient11GenerateKeyC2ERKNS0_3CSPEmm -Security:single module:__ZN8Security10CssmClient11GenerateKeyC1ERKNS0_3CSPEmm -Security:single module:__ZN8Security10CssmClient11GenerateKeyC4ERKNS0_3CSPEmm -Security:single module:__ZN8Security10CssmClient11GenerateKey8databaseERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient11GenerateKey8activateEv -Security:single module:__ZN8Security10CssmClient11GenerateKeyclERKNS0_7KeySpecE -Security:single module:__ZN8Security10CssmClient11GenerateKeyclERNS_7CssmKeyERKNS0_7KeySpecE -Security:single module:__ZN8Security10CssmClient11GenerateKeyclERNS0_3KeyERKNS0_7KeySpecES3_S6_ -Security:single module:__ZN8Security10CssmClient11GenerateKeyclERNS_7CssmKeyERKNS0_7KeySpecES3_S6_ -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryC4ERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryD2Ev -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryD1Ev -Security:single module:__ZN8Security10CssmClient18KeychainAclFactoryD4Ev -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory15nullCredentialsEv -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory25keychainPromptCredentialsEv -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory31keychainPromptUnlockCredentialsEv -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory25passwordChangeCredentialsERKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory25passwordUnlockCredentialsERKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory19keychainPromptOwnerERKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory8anyOwnerEv -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory7releaseEPNS_13AclEntryInputE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory7commentERNS_9TypedListE -Security:single module:__ZN8Security10CssmClient18KeychainAclFactory9uncommentERNS_9TypedListE -Security:single module:__ZN8Security10CssmClient7KeyImpl11changeOwnerERK24cssm_acl_owner_prototypePK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient7KeyImpl9changeAclERK13cssm_acl_editPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient7KeyImpl9deleteKeyEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPERK9cssm_data -Security:single module:__ZN8Security10CssmClient7KeyImplC2ERKNS0_3CSPERK8cssm_keyb -Security:single module:__ZN8Security10CssmClient7KeyImplC2ERKNS0_3CSPERK9cssm_data -Security:single module:__ZN8Security10CssmClient7KeyImplC4ERKNS0_3CSPERK9cssm_data -Security:single module:__ZN8Security10CssmClient7KeyImplD1Ev -Security:single module:__ZNK8Security10CssmClient7KeyImpl10sizeInBitsEv -Security:single module:__ZNK8Security10CssmClient7KeyImpl6getAclERNS_20AutoAclEntryInfoListEPKc -Security:single module:__ZNK8Security10CssmClient7KeyImpl8getOwnerERNS_21AutoAclOwnerPrototypeE -Security:single module:__ZThn20_N8Security10CssmClient7KeyImpl11changeOwnerERK24cssm_acl_owner_prototypePK23cssm_access_credentials -Security:single module:__ZThn20_N8Security10CssmClient7KeyImpl9changeAclERK13cssm_acl_editPK23cssm_access_credentials -Security:single module:__ZThn20_N8Security10CssmClient7KeyImplD0Ev -Security:single module:__ZThn20_N8Security10CssmClient7KeyImplD1Ev -Security:single module:__ZThn20_NK8Security10CssmClient7KeyImpl6getAclERNS_20AutoAclEntryInfoListEPKc -Security:single module:__ZThn20_NK8Security10CssmClient7KeyImpl8getOwnerERNS_21AutoAclOwnerPrototypeE -Security:single module:__ZN8Security10CssmClient11GenerateMac4initEv -Security:single module:__ZN8Security10CssmClient11GenerateMac4signEPKNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient11GenerateMacclERNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient9VerifyMac4initEv -Security:single module:__ZN8Security10CssmClient9VerifyMac6verifyEPKNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient9VerifyMacclERKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC2ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEbRKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC1ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEbRKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC4ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEbRKNS0_4CssmE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC2ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEb -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC1ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEb -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplC4ERKSt6vectorINS_14DLDbIdentifierESaIS3_EEb -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplD2Ev -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplD1Ev -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplD0Ev -Security:single module:__ZN8Security10CssmClient13MultiDLDbImplD4Ev -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl8databaseERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl4listERKSt6vectorINS_14DLDbIdentifierESaIS3_EE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZThn20_N8Security10CssmClient13MultiDLDbImpl11newDbCursorERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZThn20_N8Security10CssmClient13MultiDLDbImpl11newDbCursorEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl8activateEv -Security:single module:__ZN8Security10CssmClient13MultiDLDbImpl10deactivateEv -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC2ERKNS0_9MultiDLDbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC1ERKNS0_9MultiDLDbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC4ERKNS0_9MultiDLDbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC2ERKNS0_9MultiDLDbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC1ERKNS0_9MultiDLDbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplC4ERKNS0_9MultiDLDbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplD2Ev -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplD1Ev -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplD0Ev -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImplD4Ev -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImpl4nextEPNS0_12DbAttributesEPNS_17CssmDataContainerERNS0_14DbUniqueRecordE -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImpl8activateEv -Security:single module:__ZN8Security10CssmClient21MultiDLDbDbCursorImpl10deactivateEv -Security:single module:__ZN8Security11CodeSigning9OSXSigner6verifyERKNS0_8SignableEPKNS0_9SignatureE -Security:single module:__ZN8Security11CodeSigning9OSXSignerC2Ev -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplC4ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplD1Ev -Security:single module:__ZN8Security10CssmClient11SSCSPDLImplD2Ev -Security:single module:__ZN8Security10CssmClient11SSGroupImpl14encodeDataBlobEPK9cssm_dataPK23cssm_access_credentialsRNS_17CssmDataContainerE -Security:single module:__ZN8Security10CssmClient11SSGroupImplC1ERKNS0_4SSDbEPK29cssm_resource_control_context -Security:single module:__ZN8Security10CssmClient11SSGroupImplC2ERKNS0_4SSDbEPK29cssm_resource_control_context -Security:single module:__ZN8Security10CssmClient11SSGroupImplC2ERKNS0_4SSDbERK9cssm_data -Security:single module:__ZN8Security10CssmClient11SSGroupImplC4ERKNS0_4SSDbEPK29cssm_resource_control_context -Security:single module:__ZN8Security10CssmClient14SSDbCursorImpl10deactivateEv -Security:single module:__ZN8Security10CssmClient14SSDbCursorImpl7nextKeyEPNS0_12DbAttributesERNS0_3KeyERNS0_14DbUniqueRecordE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImpl8activateEv -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC2ERKNS0_2DbERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14SSDbCursorImplC2ERKNS0_2DbEmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl12deleteRecordEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl12deleteRecordEv -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl5groupEv -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl6modifyEmPK29cssm_db_record_attribute_dataPK9cssm_datam -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImpl6modifyEmPK29cssm_db_record_attribute_dataPK9cssm_datamPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplC2ERKNS0_2DbE -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplD1Ev -Security:single module:__ZN8Security10CssmClient20SSDbUniqueRecordImplD2Ev -Security:single module:__ZN8Security10CssmClient8SSDbImpl6createEv -Security:single module:__ZN8Security10CssmClient8SSDbImpl6insertEmPK29cssm_db_record_attribute_dataPK9cssm_dataPK29cssm_resource_control_context -Security:single module:__ZN8Security10CssmClient8SSDbImpl6insertEmPK29cssm_db_record_attribute_dataPK9cssm_dataRKNS0_7SSGroupEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient8SSDbImplC2ERKNS0_7SSCSPDLEPKcPK16cssm_net_address -Security:single module:__ZN8Security10CssmClient8SSDbImplD1Ev -Security:single module:__ZN8Security10CssmClient8SSDbImplD2Ev -Security:single module:__ZN8Security10CssmClient9CSPDLImpl9allocatorERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC1ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient9CSPDLImplC4ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient9CSPDLImplD0Ev -Security:single module:__ZN8Security10CssmClient9CSPDLImplD1Ev -Security:single module:__ZNK8Security10CssmClient11SSGroupImpl5labelEv -Security:single module:__ZNK8Security10CssmClient9CSPDLImpleqERKS1_ -Security:single module:__ZNK8Security10CssmClient9CSPDLImplltERKS1_ -Security:single module:__ZThn64_N8Security10CssmClient11SSCSPDLImpl5newDbEPKcPK16cssm_net_address -Security:single module:__ZThn64_N8Security10CssmClient11SSCSPDLImplD1Ev -Security:single module:__ZThn64_N8Security10CssmClient9CSPDLImpl9allocatorERNS_13CssmAllocatorE -Security:single module:__ZThn64_N8Security10CssmClient9CSPDLImplD0Ev -Security:single module:__ZThn64_N8Security10CssmClient9CSPDLImplD1Ev -Security:single module:__ZN8Security10CssmClient14SigningContext8activateEv -Security:single module:__ZN8Security10CssmClient4Sign4signEPKNS_8CssmDataEmRS2_ -Security:single module:__ZN8Security10CssmClient4Sign4initEv -Security:single module:__ZN8Security10CssmClient4Sign4signEPKNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient4SignclERNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient6Verify6verifyEPKNS_8CssmDataEmRS3_ -Security:single module:__ZN8Security10CssmClient6Verify4initEv -Security:single module:__ZN8Security10CssmClient6Verify6verifyEPKNS_8CssmDataEm -Security:single module:__ZN8Security10CssmClient6VerifyclERKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient7WrapKey8activateEv -Security:single module:__ZN8Security10CssmClient7WrapKeyclERKNS_7CssmKeyERS2_PKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient7WrapKeyclERNS0_3KeyEPKNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient9DeriveKeyclEPNS_8CssmDataERKNS0_7KeySpecERNS_7CssmKeyE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecEPNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERNS0_3KeyE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERNS0_3KeyEPNS_8CssmDataE -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_ -Security:single module:__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PS3_ -Security:single module:__ZN8Security13ReferencedKeyC1ERNS_7KeyPoolE -Security:single module:__ZN8Security13ReferencedKeyD0Ev -Security:single module:__ZN8Security13ReferencedKeyD1Ev -Security:single module:__ZN8Security16CSPPluginSession13PluginContextD0Ev -Security:single module:__ZN8Security16CSPPluginSession13PluginContextD1Ev -Security:single module:__ZN8Security16CSPPluginSession13contextCreateEyRKNS_7ContextE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext10outputSizeEbm -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext15minimumProgressERmS2_ -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext18setDigestAlgorithmEm -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext4initERKNS_7ContextEb -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext5cloneERNS_13CssmAllocatorE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext5finalERKNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext5finalERNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext6updateEPvRmS2_S3_ -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext6updateERKNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext8generateERKNS_7ContextERNS_7CssmKeyES6_ -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext8generateERKNS_7ContextEmRNS_8CssmDataERmRPNS2_4AttrE -Security:single module:__ZN8Security20CSPFullPluginSession10CSPContext9inputSizeEm -Security:single module:__ZN8Security20CSPFullPluginSession10getKeySizeERKNS_7CssmKeyER13cssm_key_size -Security:single module:__ZN8Security20CSPFullPluginSession11GenerateKeyEyRKNS_7ContextEmmPKNS_8CssmDataEPK29cssm_resource_control_contextRNS_7CssmKeyEy -Security:single module:__ZN8Security20CSPFullPluginSession11GetKeyOwnerERKNS_7CssmKeyER24cssm_acl_owner_prototype -Security:single module:__ZN8Security20CSPFullPluginSession11GetLoginAclEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN8Security20CSPFullPluginSession11PassThroughEyRKNS_7ContextEmPKvPPv -Security:single module:__ZN8Security20CSPFullPluginSession12ChangeKeyAclERKNS_17AccessCredentialsERK13cssm_acl_editRKNS_7CssmKeyE -Security:single module:__ZN8Security20CSPFullPluginSession12GetTimeValueEmRNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession12SignDataInitEyRKNS_7ContextE -Security:single module:__ZN8Security20CSPFullPluginSession12VerifyDeviceERKNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession13GetLoginOwnerER24cssm_acl_owner_prototype -Security:single module:__ZN8Security20CSPFullPluginSession13SignDataFinalEyRNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession14ChangeKeyOwnerERKNS_17AccessCredentialsERKNS_7CssmKeyERK24cssm_acl_owner_prototype -Security:single module:__ZN8Security20CSPFullPluginSession14ChangeLoginAclERKNS_17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZN8Security20CSPFullPluginSession14GenerateRandomEyRKNS_7ContextERNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession14SignDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZN8Security20CSPFullPluginSession15GenerateKeyPairEyRKNS_7ContextEmmPKNS_8CssmDataERNS_7CssmKeyEmmS6_PK29cssm_resource_control_contextS8_y -Security:single module:__ZN8Security20CSPFullPluginSession15RetrieveCounterERNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession16ChangeLoginOwnerERKNS_17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZN8Security20CSPFullPluginSession16EncryptDataFinalEyRNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession16RetrieveUniqueIdERNS_8CssmDataE -Security:single module:__ZN8Security20CSPFullPluginSession23GenerateAlgorithmParamsEyRKNS_7ContextEmRNS_8CssmDataERmRP22cssm_context_attribute -Security:single module:__ZN8Security20CSPFullPluginSession24GetOperationalStatisticsERNS_24CSPOperationalStatisticsE -Security:single module:__ZN8Security20CSPFullPluginSession29ObtainPrivateKeyFromPublicKeyERKNS_7CssmKeyERS1_ -Security:single module:__ZN8Security20CSPFullPluginSession5LoginERKNS_17AccessCredentialsEPKNS_8CssmDataEPKv -Security:single module:__ZN8Security20CSPFullPluginSession6LogoutEv -Security:single module:__ZN8Security20CSPFullPluginSession7WrapKeyEyRKNS_7ContextERKNS_17AccessCredentialsERKNS_7CssmKeyEPKNS_8CssmDataERS7_y -Security:single module:__ZN8Security20CSPFullPluginSession8SignDataEyRKNS_7ContextEPKNS_8CssmDataEmmRS4_ -Security:single module:__ZN8Security20CSPFullPluginSession9DeriveKeyEyRKNS_7ContextERNS_8CssmDataEmmPKS4_PK29cssm_resource_control_contextRNS_7CssmKeyE -Security:single module:__ZN8Security20CSPFullPluginSession9GetKeyAclERKNS_7CssmKeyEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN8Security20CSPFullPluginSession9QuerySizeEyRKNS_7ContextElmPNS_13QuerySizeDataE -Security:single module:__ZN8Security20CSPFullPluginSession9UnwrapKeyEyRKNS_7ContextEPKNS_7CssmKeyERS5_mmPKNS_8CssmDataEPK29cssm_resource_control_contextRS4_RS8_y -Security:single module:__ZN8Security7KeyPool7freeKeyERNS_13CssmAllocatorER8cssm_key -Security:single module:__ZN8Security7KeyPoolC1Ev -Security:single module:__ZN8Security7KeyPoolD0Ev -Security:single module:__ZN8Security7KeyPoolD1Ev -Security:single module:__ZN8Security7KeyPoolD2Ev -Security:single module:__ZN8Security7KeyPoolD4Ev -Security:single module:__ZThn40_N8Security16CSPPluginSession11EventNotifyEmyRKNS_7ContextE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11GenerateKeyEyRKNS_7ContextEmmPKNS_8CssmDataEPK29cssm_resource_control_contextRNS_7CssmKeyEy -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11GetKeyOwnerERKNS_7CssmKeyER24cssm_acl_owner_prototype -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11GetLoginAclEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZThn40_N8Security20CSPFullPluginSession11PassThroughEyRKNS_7ContextEmPKvPPv -Security:single module:__ZThn40_N8Security20CSPFullPluginSession12ChangeKeyAclERKNS_17AccessCredentialsERK13cssm_acl_editRKNS_7CssmKeyE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession12GetTimeValueEmRNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession12SignDataInitEyRKNS_7ContextE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession12VerifyDeviceERKNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession13GetLoginOwnerER24cssm_acl_owner_prototype -Security:single module:__ZThn40_N8Security20CSPFullPluginSession13SignDataFinalEyRNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession13VerifyMacInitEyRKNS_7ContextE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14ChangeKeyOwnerERKNS_17AccessCredentialsERKNS_7CssmKeyERK24cssm_acl_owner_prototype -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14ChangeLoginAclERKNS_17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14GenerateRandomEyRKNS_7ContextERNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14SignDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14VerifyDataInitEyRKNS_7ContextE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession14VerifyMacFinalEyRKNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15GenerateKeyPairEyRKNS_7ContextEmmPKNS_8CssmDataERNS_7CssmKeyEmmS6_PK29cssm_resource_control_contextS8_y -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15RetrieveCounterERNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15VerifyDataFinalEyRKNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession15VerifyMacUpdateEyPKNS_8CssmDataEm -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16ChangeLoginOwnerERKNS_17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16EncryptDataFinalEyRNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16RetrieveUniqueIdERNS_8CssmDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession16VerifyDataUpdateEyPKNS_8CssmDataEm -Security:single module:__ZThn40_N8Security20CSPFullPluginSession23GenerateAlgorithmParamsEyRKNS_7ContextEmRNS_8CssmDataERmRP22cssm_context_attribute -Security:single module:__ZThn40_N8Security20CSPFullPluginSession24GetOperationalStatisticsERNS_24CSPOperationalStatisticsE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession29ObtainPrivateKeyFromPublicKeyERKNS_7CssmKeyERS1_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession5LoginERKNS_17AccessCredentialsEPKNS_8CssmDataEPKv -Security:single module:__ZThn40_N8Security20CSPFullPluginSession6LogoutEv -Security:single module:__ZThn40_N8Security20CSPFullPluginSession7FreeKeyEPKNS_17AccessCredentialsERNS_7CssmKeyEl -Security:single module:__ZThn40_N8Security20CSPFullPluginSession7WrapKeyEyRKNS_7ContextERKNS_17AccessCredentialsERKNS_7CssmKeyEPKNS_8CssmDataERS7_y -Security:single module:__ZThn40_N8Security20CSPFullPluginSession8SignDataEyRKNS_7ContextEPKNS_8CssmDataEmmRS4_ -Security:single module:__ZThn40_N8Security20CSPFullPluginSession9DeriveKeyEyRKNS_7ContextERNS_8CssmDataEmmPKS4_PK29cssm_resource_control_contextRNS_7CssmKeyE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession9GetKeyAclERKNS_7CssmKeyEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZThn40_N8Security20CSPFullPluginSession9QuerySizeEyRKNS_7ContextElmPNS_13QuerySizeDataE -Security:single module:__ZThn40_N8Security20CSPFullPluginSession9UnwrapKeyEyRKNS_7ContextEPKNS_7CssmKeyERS5_mmPKNS_8CssmDataEPK29cssm_resource_control_contextRS4_RS8_y -Security:single module:__ZN8Security20CSPFullPluginSession6Writer3putEPvm -Security:single module:__ZN8Security20CSPFullPluginSession6WriterC2EPNS_8CssmDataEmS3_ -Security:single module:__ZN8Security20CSPFullPluginSession6setKeyERNS_7CssmKeyERKNS_7ContextEmmm -Security:single module:__ZN8Security10CssmPluginC1Ev -Security:single module:__ZN8Security10CssmPluginD0Ev -Security:single module:__ZN8Security10CssmPluginD1Ev -Security:single module:__ZN8Security10CssmPluginD2Ev -Security:single module:__ZN8Security10CssmPluginD4Ev -Security:single module:__ZNK8Security10CssmPlugin12sendCallbackEmmm -Security:single module:__ZN8Security15DLPluginSession7reallocEPvm -Security:single module:__ZThn44_N8Security15DLPluginSession7reallocEPvm -Security:single module:__ZN8Security13PluginSessionC1EmRNS_10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN8Security13PluginSessionD0Ev -Security:single module:__ZN8Security13PluginSessionD1Ev -Security:single module:__ZNK8Security13PluginSession12sendCallbackEmmm -Security:single module:__ZNK8Security13AnyAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security13AnyAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security13AnyAclSubject8validateERKNS_20AclValidationContextE -Security:single module:__ZN8Security23CodeSignatureAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security23CodeSignatureAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZN8Security23CodeSignatureAclSubjectC1ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureE -Security:single module:__ZN8Security23CodeSignatureAclSubjectC2ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureE -Security:single module:__ZN8Security23CodeSignatureAclSubjectC2ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureEPKvm -Security:single module:__ZN8Security23CodeSignatureAclSubjectC4ERNS_13CssmAllocatorEPKNS_11CodeSigning9SignatureE -Security:single module:__ZN8Security23CodeSignatureAclSubjectD1Ev -Security:single module:__ZN8Security23CodeSignatureAclSubjectD2Ev -Security:single module:__ZNK8Security23CodeSignatureAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security23CodeSignatureAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security17CommentAclSubject8validateERKNS_20AclValidationContextE -Security:single module:__ZNK8Security17CommentAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security17CommentAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security17CommentAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security17CommentAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security17CommentAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZN8Security18PasswordAclSubjectC2ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security18PasswordAclSubjectC1ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security18PasswordAclSubjectC4ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security18PasswordAclSubjectC2ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZN8Security18PasswordAclSubjectC1ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZN8Security18PasswordAclSubjectC4ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZNK8Security18PasswordAclSubject8validateERKNS_20AclValidationContextERKNS_9TypedListE -Security:single module:__ZNK8Security18PasswordAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security18PasswordAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security18PasswordAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security18PasswordAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security18PasswordAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZNK8Security17ProcessAclSubject8validateERKNS_20AclValidationContextE -Security:single module:__ZNK8Security17ProcessAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security17ProcessAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security17ProcessAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security17ProcessAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security17ProcessAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZNK8Security17ProcessAclSubject11Environment6getuidEv -Security:single module:__ZNK8Security17ProcessAclSubject11Environment6getgidEv -Security:single module:___tcf_0 -Security:single module:__ZN8Security19ThresholdAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security19ThresholdAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZN8Security19ThresholdAclSubjectC2EmmRKSt6vectorINS_10RefPointerINS_10AclSubjectEEESaIS4_EE -Security:single module:__ZNK8Security19ThresholdAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security19ThresholdAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZN8Security10DbModifier11createTableEPNS_10MetaRecordE -Security:single module:__ZN8Security10DbModifier11deleteTableEm -Security:single module:__ZN8Security10DbModifier11insertTableERKNS_25CssmDbRecordAttributeInfoEPK25cssm_db_record_index_infoPK27cssm_db_parsing_module_info -Security:single module:__ZN8Security10DbModifier11insertTableEmRKSsmPK29cssm_db_schema_attribute_infomPK25cssm_db_schema_index_info -Security:single module:__ZN8Security10DbModifier12deleteRecordEmRKNS_8RecordIdE -Security:single module:__ZN8Security10DbModifier12insertRecordEmPK29cssm_db_record_attribute_dataPKNS_8CssmDataE -Security:single module:__ZN8Security10DbModifier12updateRecordEmRKNS_8RecordIdEPK29cssm_db_record_attribute_dataPKNS_8CssmDataEm -Security:single module:__ZN8Security10DbModifier14createDatabaseERK11cssm_dbinfoPK20cssm_acl_entry_inputt -Security:single module:__ZN8Security10DbModifier14deleteDatabaseEv -Security:single module:__ZN8Security10DbModifier14modifyDatabaseEv -Security:single module:__ZN8Security10DbModifier16writeAuthSectionEm -Security:single module:__ZN8Security10DbModifier17insertTableSchemaERKNS_25CssmDbRecordAttributeInfoEPK25cssm_db_record_index_info -Security:single module:__ZN8Security10DbModifier18writeSchemaSectionEm -Security:single module:__ZN8Security10DbModifier8rollbackEv -Security:single module:__ZN8Security10DbModifier9findTableEm -Security:single module:__ZN8Security10DbModifierC2ERNS_10AtomicFileERKNS_13AppleDatabaseE -Security:single module:__ZN8Security10DbModifierD2Ev -Security:single module:__ZN8Security11IndexCursorC2EPNS_10DbQueryKeyERKNS_9DbVersionERKNS_5TableEPKNS_12DbConstIndexE -Security:single module:__ZN8Security11IndexCursorD1Ev -Security:single module:__ZN8Security11IndexCursorD2Ev -Security:single module:__ZN8Security11MultiCursor4nextERmP29cssm_db_record_attribute_dataPNS_8CssmDataERNS_13CssmAllocatorERNS_8RecordIdE -Security:single module:__ZN8Security11MultiCursorC1EPK10cssm_queryRKNS_9DbVersionE -Security:single module:__ZN8Security11MultiCursorC2EPK10cssm_queryRKNS_9DbVersionE -Security:single module:__ZN8Security11MultiCursorC4EPK10cssm_queryRKNS_9DbVersionE -Security:single module:__ZN8Security11MultiCursorD0Ev -Security:single module:__ZN8Security11MultiCursorD1Ev -Security:single module:__ZN8Security11MultiCursorD2Ev -Security:single module:__ZN8Security11MultiCursorD4Ev -Security:single module:__ZN8Security12LinearCursorC2EPK10cssm_queryRKNS_9DbVersionERKNS_5TableE -Security:single module:__ZN8Security12LinearCursorD1Ev -Security:single module:__ZN8Security12LinearCursorD2Ev -Security:single module:__ZN8Security13AppleDatabase10dataDeleteERNS_9DbContextERK21cssm_db_unique_record -Security:single module:__ZN8Security13AppleDatabase10dataInsertERNS_9DbContextEmPK29cssm_db_record_attribute_dataPKNS_8CssmDataE -Security:single module:__ZN8Security13AppleDatabase10dataModifyERNS_9DbContextEmR21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPKNS_8CssmDataEm -Security:single module:__ZN8Security13AppleDatabase10getDbOwnerERNS_9DbContextER24cssm_acl_owner_prototype -Security:single module:__ZN8Security13AppleDatabase11changeDbAclERNS_9DbContextERKNS_17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZN8Security13AppleDatabase11passThroughERNS_9DbContextEmPKvPPv -Security:single module:__ZN8Security13AppleDatabase12authenticateERNS_9DbContextEmRKNS_17AccessCredentialsE -Security:single module:__ZN8Security13AppleDatabase13changeDbOwnerERNS_9DbContextERKNS_17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZN8Security13AppleDatabase14createRelationERNS_9DbContextEmPKcmRK29cssm_db_schema_attribute_infomRK25cssm_db_schema_index_info -Security:single module:__ZN8Security13AppleDatabase15destroyRelationERNS_9DbContextEm -Security:single module:__ZN8Security13AppleDatabase8dbCreateERNS_9DbContextERK11cssm_dbinfoPK20cssm_acl_entry_input -Security:single module:__ZN8Security13AppleDatabase8dbDeleteERNS_15DatabaseSessionEPKNS_17AccessCredentialsE -Security:single module:__ZN8Security13AppleDatabase8getDbAclERNS_9DbContextEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN8Security13AppleDatabaseC2ERKNS_6DbNameEPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security13AppleDatabaseD1Ev -Security:single module:__ZN8Security13AppleDatabaseD2Ev -Security:single module:__ZN8Security13ModifiedTable10writeTableERNS_14AtomicTempFileEm -Security:single module:__ZN8Security13ModifiedTable11modifyTableEv -Security:single module:__ZN8Security13ModifiedTable12deleteRecordERKNS_8RecordIdE -Security:single module:__ZN8Security13ModifiedTable12insertRecordEmPK29cssm_db_record_attribute_dataPKNS_8CssmDataE -Security:single module:__ZN8Security13ModifiedTable12updateRecordERKNS_8RecordIdEPK29cssm_db_record_attribute_dataPKNS_8CssmDataEm -Security:single module:__ZN8Security13ModifiedTable16nextRecordNumberEv -Security:single module:__ZN8Security13ModifiedTable17writeIndexSectionERNS_12WriteSectionEm -Security:single module:__ZN8Security13ModifiedTable20createMutableIndexesEv -Security:single module:__ZN8Security13ModifiedTable9findIndexEmRKNS_10MetaRecordEb -Security:single module:__ZN8Security13ModifiedTableC1EPKNS_5TableE -Security:single module:__ZN8Security13ModifiedTableC1EPNS_10MetaRecordE -Security:single module:__ZN8Security13ModifiedTableC2EPKNS_5TableE -Security:single module:__ZN8Security13ModifiedTableC2EPNS_10MetaRecordE -Security:single module:__ZN8Security13ModifiedTableC4EPKNS_5TableE -Security:single module:__ZN8Security13ModifiedTableC4EPNS_10MetaRecordE -Security:single module:__ZN8Security13ModifiedTableD1Ev -Security:single module:__ZN8Security13ModifiedTableD2Ev -Security:single module:__ZN8Security13ModifiedTableD4Ev -Security:single module:__ZN8Security14AppleDbContextC2ERNS_8DatabaseERNS_15DatabaseSessionEmPKNS_17AccessCredentialsEPKv -Security:single module:__ZN8Security14AppleDbContextD1Ev -Security:single module:__ZN8Security14AppleDbContextD2Ev -Security:single module:__ZN8Security20AppleDatabaseManagerC2EPKNS_22AppleDatabaseTableNameE -Security:single module:__ZN8Security5TableC2ERKNS_11ReadSectionE -Security:single module:__ZN8Security5TableD2Ev -Security:single module:__ZN8Security6CursorD0Ev -Security:single module:__ZN8Security6CursorD1Ev -Security:single module:__ZN8Security9DbVersionC2ERKNS_13AppleDatabaseERKNS_10RefPointerINS_18AtomicBufferedFileEEE -Security:single module:__ZN8Security9DbVersionD2Ev -Security:single module:__ZNK8Security13AppleDatabase10recordNameEm -Security:single module:__ZNK8Security13AppleDatabase19getDbNameFromHandleERKNS_9DbContextE -Security:single module:__ZNK8Security13ModifiedTable13getMetaRecordEv -Security:single module:__ZNK8Security13ModifiedTable17recordNumberCountEv -Security:single module:__ZNK8Security5Table11popFreeListERm -Security:single module:__ZNK8Security5Table14matchesTableIdEm -Security:single module:__ZN8Security10AtomicFile13performDeleteEv -Security:single module:__ZN8Security10AtomicFile5writeEv -Security:single module:__ZN8Security10AtomicFile6createEt -Security:single module:__ZN8Security10AtomicFile6mkpathERKSst -Security:single module:__ZN8Security10AtomicFile6renameERKSs -Security:single module:__ZN8Security10AtomicFileC2ERKSs -Security:single module:__ZN8Security10AtomicFileD2Ev -Security:single module:__ZN8Security14AtomicTempFile5closeEv -Security:single module:__ZN8Security14AtomicTempFile5fsyncEv -Security:single module:__ZN8Security14AtomicTempFile5writeENS_10AtomicFile10OffsetTypeExPKhm -Security:single module:__ZN8Security14AtomicTempFile5writeENS_10AtomicFile10OffsetTypeExPKmm -Security:single module:__ZN8Security14AtomicTempFile5writeENS_10AtomicFile10OffsetTypeExm -Security:single module:__ZN8Security14AtomicTempFile6commitEv -Security:single module:__ZN8Security14AtomicTempFile6createEt -Security:single module:__ZN8Security14AtomicTempFile8rollbackEv -Security:single module:__ZN8Security14AtomicTempFileC1ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEE -Security:single module:__ZN8Security14AtomicTempFileC1ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEEt -Security:single module:__ZN8Security14AtomicTempFileC2ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEE -Security:single module:__ZN8Security14AtomicTempFileC2ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEEt -Security:single module:__ZN8Security14AtomicTempFileC4ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEE -Security:single module:__ZN8Security14AtomicTempFileC4ERNS_10AtomicFileERKNS_10RefPointerINS_16AtomicLockedFileEEEt -Security:single module:__ZN8Security14AtomicTempFileD1Ev -Security:single module:__ZN8Security14AtomicTempFileD2Ev -Security:single module:__ZN8Security14AtomicTempFileD4Ev -Security:single module:__ZN8Security16AtomicLockedFile4lockEt -Security:single module:__ZN8Security16AtomicLockedFile5rlinkEPKcS2_R4stat -Security:single module:__ZN8Security16AtomicLockedFile6uniqueEt -Security:single module:__ZN8Security16AtomicLockedFile6unlockEv -Security:single module:__ZN8Security16AtomicLockedFile6xcreatEPKctRl -Security:single module:__ZN8Security16AtomicLockedFile8myrenameEPKcS2_ -Security:single module:__ZN8Security16AtomicLockedFileC1ERNS_10AtomicFileE -Security:single module:__ZN8Security16AtomicLockedFileC2ERNS_10AtomicFileE -Security:single module:__ZN8Security16AtomicLockedFileC4ERNS_10AtomicFileE -Security:single module:__ZN8Security16AtomicLockedFileD1Ev -Security:single module:__ZN8Security16AtomicLockedFileD2Ev -Security:single module:__ZN8Security16AtomicLockedFileD4Ev -Security:single module:__ZN8Security18AtomicBufferedFileC2ERKSs -Security:single module:__ZN8Security18AtomicBufferedFileD2Ev -Security:single module:__ZNK8Security10AtomicFile4modeEv -Security:single module:__ZN8Security17ModuleCallbackSet6Runner6actionEv -Security:single module:__ZNK8Security14ModuleCallbackclEmRKNS_4GuidEmm -Security:single module:__ZNK8Security17ModuleCallbackSetclEmRKNS_4GuidEmm -Security:single module:__ZN8Security7Context15deleteAttributeEm -Security:single module:__ZN8Security7Context7postIPCEPvP22cssm_context_attribute -Security:single module:__ZN8Security7ContextC1Emm -Security:single module:__ZN8Security10AclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security10AclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__ZN8Security10AclSubject10importBlobERNS_23LowLevelMemoryUtilities6ReaderES3_ -Security:single module:__ZN8Security10AclSubject5Maker5crackERKNS_8CssmListEmPPNS_11ListElementEz -Security:single module:__ZN8Security10AclSubject5Maker7getWordERKNS_11ListElementEii -Security:single module:__ZN8Security10AclSubject5MakerC1El -Security:single module:__ZN8Security10AclSubject5MakerC2El -Security:single module:__ZN8Security10AclSubject5MakerC4El -Security:single module:__ZN8Security10AclSubject5MakerD0Ev -Security:single module:__ZN8Security10AclSubject5MakerD1Ev -Security:single module:__ZN8Security10AclSubject5MakerD2Ev -Security:single module:__ZN8Security10AclSubject5MakerD4Ev -Security:single module:__ZN8Security10AclSubjectD0Ev -Security:single module:__ZN8Security10AclSubjectD1Ev -Security:single module:__ZN8Security20AclValidationContextD0Ev -Security:single module:__ZN8Security20AclValidationContextD1Ev -Security:single module:__ZN8Security24AclValidationEnvironmentD0Ev -Security:single module:__ZN8Security24AclValidationEnvironmentD1Ev -Security:single module:__ZN8Security9ObjectAcl10changedAclEv -Security:single module:__ZN8Security9ObjectAcl10cssmGetAclEPKcRmRPNS_12AclEntryInfoE -Security:single module:__ZN8Security9ObjectAcl10exportBlobERNS_8CssmDataES2_ -Security:single module:__ZN8Security9ObjectAcl12cssmGetOwnerERNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security9ObjectAcl13cssmChangeAclERKNS_7AclEditEPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE -Security:single module:__ZN8Security9ObjectAcl13validateOwnerElPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE -Security:single module:__ZN8Security9ObjectAcl14cssmSetInitialERKNS_10RefPointerINS_10AclSubjectEEE -Security:single module:__ZN8Security9ObjectAcl14cssmSetInitialERKNS_17AclEntryPrototypeE -Security:single module:__ZN8Security9ObjectAcl14instantiateAclEv -Security:single module:__ZN8Security9ObjectAcl15cssmChangeOwnerERKNS_17AclOwnerPrototypeEPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE -Security:single module:__ZN8Security9ObjectAcl15findEntryHandleEm -Security:single module:__ZN8Security9ObjectAcl4makeERKNS_9TypedListE -Security:single module:__ZN8Security9ObjectAcl5Entry4initERKNS_10RefPointerINS_10AclSubjectEEEb -Security:single module:__ZN8Security9ObjectAcl5EntryD0Ev -Security:single module:__ZN8Security9ObjectAcl5EntryD1Ev -Security:single module:__ZN8Security9ObjectAcl8AclEntryC1ERKNS_10RefPointerINS_10AclSubjectEEE -Security:single module:__ZN8Security9ObjectAcl8AclEntryC1ERKNS_17AclEntryPrototypeE -Security:single module:__ZN8Security9ObjectAcl8AclEntryC2ERKNS_10RefPointerINS_10AclSubjectEEE -Security:single module:__ZN8Security9ObjectAcl8AclEntryC2ERKNS_17AclEntryPrototypeE -Security:single module:__ZN8Security9ObjectAcl8AclEntryC4ERKNS_10RefPointerINS_10AclSubjectEEE -Security:single module:__ZN8Security9ObjectAcl8AclEntryC4ERKNS_17AclEntryPrototypeE -Security:single module:__ZN8Security9ObjectAclC1ERKNS_17AclEntryPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security9ObjectAclC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security9ObjectAclC2ERKNS_17AclEntryPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security9ObjectAclC4ERKNS_17AclEntryPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security9ObjectAclD0Ev -Security:single module:__ZN8Security9ObjectAclD1Ev -Security:single module:__ZNK8Security10AclSubject9debugDumpEv -Security:single module:__ZNK8Security9ObjectAcl10OwnerEntry10authorizesEl -Security:single module:__ZNK8Security9ObjectAcl10OwnerEntry8validateERKNS_20AclValidationContextE -Security:single module:__ZNK8Security9ObjectAcl8AclEntry11toEntryInfoER24cssm_acl_entry_prototypeRNS_13CssmAllocatorE -Security:single module:__ZNK8Security9ObjectAcl9debugDumpEPKc -Security:single module:__ZN8Security18AuthorizationGroupC2ERKSt3setIlSt4lessIlESaIlEERNS_13CssmAllocatorE -Security:single module:__ZN8Security18AuthorizationGroupC1ERKSt3setIlSt4lessIlESaIlEERNS_13CssmAllocatorE -Security:single module:__ZN8Security18AuthorizationGroupC4ERKSt3setIlSt4lessIlESaIlEERNS_13CssmAllocatorE -Security:single module:__ZN8Security18AuthorizationGroup7destroyERNS_13CssmAllocatorE -Security:single module:__ZNK8Security18AuthorizationGroup8containsEl -Security:single module:__ZNK8Security18AuthorizationGroupcvSt3setIlSt4lessIlESaIlEEEv -Security:single module:__ZN8Security17AclEntryPrototypeC2ERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security17AclEntryPrototypeC1ERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security17AclEntryPrototypeC4ERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security17AclEntryPrototype3tagEPKc -Security:single module:__ZN8Security21AutoAclOwnerPrototype4makeEv -Security:single module:__ZN8Security21AutoAclOwnerPrototypeD2Ev -Security:single module:__ZN8Security21AutoAclOwnerPrototypeD1Ev -Security:single module:__ZN8Security21AutoAclOwnerPrototypeD4Ev -Security:single module:__ZN8Security21AutoAclOwnerPrototype9allocatorERNS_13CssmAllocatorE -Security:single module:__ZN8Security20AutoAclEntryInfoListD2Ev -Security:single module:__ZN8Security20AutoAclEntryInfoListD1Ev -Security:single module:__ZN8Security20AutoAclEntryInfoListD4Ev -Security:single module:__ZN8Security20AutoAclEntryInfoList9allocatorERNS_13CssmAllocatorE -Security:single module:__ZN22SensitiveCssmAllocator7reallocEPvm -Security:single module:__ZN8Security13CssmAllocatorD0Ev -Security:single module:__ZN8Security13CssmAllocatorD1Ev -Security:single module:__ZN8Security17TrackingAllocatorD0Ev -Security:single module:__ZN8Security17TrackingAllocatorD2Ev -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctions11relayCallocEmmPv -Security:single module:__ZN8Security28CssmAllocatorMemoryFunctionsC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security8CssmHeapdlEPvm -Security:single module:__ZN8Security8CssmHeapdlEPvmPNS_13CssmAllocatorE -Security:single module:__ZN8Security8CssmHeapnwEmPNS_13CssmAllocatorE -Security:single module:__ZNK8Security13CssmAllocatoreqERKS0_ -Security:single module:__ZN8Security15AutoCredentialsC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security15AutoCredentialsC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security15AutoCredentialsC2ERNS_13CssmAllocatorEm -Security:single module:__ZN8Security15AutoCredentialsC4ERNS_13CssmAllocatorE -Security:single module:__ZNK8Security11SampleGroup7collectElRSt4listINS_10CssmSampleESaIS2_EE -Security:single module:__ZN8Security12CssmDateDataC1ERK9cssm_date -Security:single module:__ZN8Security12CssmDateDataC2ERK9cssm_date -Security:single module:__ZN8Security12CssmDateDataC4ERK9cssm_date -Security:single module:__ZN8Security12CssmGuidDataC1ERK9cssm_guid -Security:single module:__ZN8Security12CssmGuidDataC2ERK9cssm_guid -Security:single module:__ZN8Security12CssmGuidDataC4ERK9cssm_guid -Security:single module:__ZN8Security13CssmOwnedData3setERNS_15CssmManagedDataE -Security:single module:__ZN8Security15CssmManagedDataD0Ev -Security:single module:__ZN8Security15CssmManagedDataD1Ev -Security:single module:__ZN8SecurityeqERK9cssm_dataS2_ -Security:single module:__ZNK8Security14CssmDLPolyDatacvNS_4GuidEEv -Security:single module:__ZN8Security8CssmDateC2EPKcS2_S2_ -Security:single module:__ZN8Security8CssmDateC1EPKcS2_S2_ -Security:single module:__ZN8Security8CssmDateC4EPKcS2_S2_ -Security:single module:__ZN8Security8CssmDateC2Eiii -Security:single module:__ZN8Security8CssmDateC1Eiii -Security:single module:__ZN8Security8CssmDateC4Eiii -Security:single module:__ZNK8Security8CssmDate4yearEv -Security:single module:__ZNK8Security8CssmDate5monthEv -Security:single module:__ZNK8Security8CssmDate3dayEv -Security:single module:__ZN8Security8CssmDate6assignEPciPKc -Security:single module:__ZN8Security15CssmUniformDateC2EPK8__CFDate -Security:single module:__ZN8Security15CssmUniformDateC1EPK8__CFDate -Security:single module:__ZN8Security15CssmUniformDateC4EPK8__CFDate -Security:single module:__ZNK8Security15CssmUniformDatecvPK8__CFDateEv -Security:single module:__ZN8Security15CssmUniformDateC2ERKNS_8CssmDateE -Security:single module:__ZN8Security15CssmUniformDateC1ERKNS_8CssmDateE -Security:single module:__ZN8Security15CssmUniformDateC4ERKNS_8CssmDateE -Security:single module:__ZNK8Security15CssmUniformDatecvNS_8CssmDateEEv -Security:single module:__ZN8Security15CssmUniformDateC2ERK9cssm_data -Security:single module:__ZN8Security15CssmUniformDateC1ERK9cssm_data -Security:single module:__ZN8Security15CssmUniformDateC4ERK9cssm_data -Security:single module:__ZNK8Security15CssmUniformDate9convertToERNS_13CssmOwnedDataE -Security:single module:__ZN8Security15CssmUniformDateC2EPKc -Security:single module:__ZN8Security15CssmUniformDateC1EPKc -Security:single module:__ZN8Security15CssmUniformDateC4EPKc -Security:single module:__ZNK8Security15CssmUniformDate9convertToEPcm -Security:single module:__ZN8Security15CssmUniformDate13setFromStringEPKcS2_m -Security:single module:__ZN8Security13CssmAutoQueryC1ERK10cssm_queryRNS_13CssmAllocatorE -Security:single module:__ZN8Security13CssmAutoQueryD1Ev -Security:single module:__ZN8Security19CssmDbAttributeData11deleteValueERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security19CssmDbAttributeData12deleteValuesERKS0_RNS_13CssmAllocatorE -Security:single module:__ZN8Security19CssmDbAttributeData3addERKS0_RNS_13CssmAllocatorE -Security:single module:__ZN8Security25CssmDbRecordAttributeData4findERK22cssm_db_attribute_info -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeData3addERK22cssm_db_attribute_infoRKNS_12CssmPolyDataE -Security:single module:__ZN8Security29CssmAutoDbRecordAttributeDataD1Ev -Security:single module:__ZNK8Security19CssmDbAttributeDataltERKS0_ -Security:single module:__ZNK8Security19CssmDbAttributeInfoeqERKS0_ -Security:single module:__ZNK8Security19CssmDbAttributeInfoltERKS0_ -Security:single module:__ZNK8Security25CssmDbRecordAttributeDataltERKS0_ -Security:single module:__ZN8Security8ErrorMapC2Ev -Security:single module:__ZN8Security8ErrorMapC1Ev -Security:single module:__ZN8Security8ErrorMapC4Ev -Security:single module:_cssmPerror -Security:single module:__ZN8Security15cssmErrorStringEl -Security:single module:__ZN8Security15cssmErrorStringERKNS_15CssmCommonErrorE -Security:single module:__ZN8Security11ListElement4dataEv -Security:single module:__ZN8Security11ListElement5clearERNS_13CssmAllocatorE -Security:single module:__ZN8Security11ListElement9typedListEv -Security:single module:__ZN8Security11ListElementC1ERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC1ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC1ERNS_13CssmAllocatorERKSs -Security:single module:__ZN8Security11ListElementC2ERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC2ERKNS_8CssmListE -Security:single module:__ZN8Security11ListElementC2ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC2ERNS_13CssmAllocatorERKSs -Security:single module:__ZN8Security11ListElementC2El -Security:single module:__ZN8Security11ListElementC4ERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC4ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security11ListElementC4ERNS_13CssmAllocatorERKSs -Security:single module:__ZN8Security8CssmList4snipEv -Security:single module:__ZN8Security8CssmList5clearERNS_13CssmAllocatorE -Security:single module:__ZN8Security8CssmList6insertEPNS_11ListElementES2_ -Security:single module:__ZN8Security8CssmList6removeEPNS_11ListElementE -Security:single module:__ZN8Security9TypedListC1ERNS_13CssmAllocatorElPNS_11ListElementES4_ -Security:single module:__ZN8Security9TypedListC1ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_ -Security:single module:__ZN8Security9TypedListC1ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_S4_ -Security:single module:__ZN8Security9TypedListC2ERNS_13CssmAllocatorEl -Security:single module:__ZN8Security9TypedListC2ERNS_13CssmAllocatorElPNS_11ListElementE -Security:single module:__ZN8Security9TypedListC2ERNS_13CssmAllocatorElPNS_11ListElementES4_ -Security:single module:__ZN8Security9TypedListC2ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_ -Security:single module:__ZN8Security9TypedListC2ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_S4_ -Security:single module:__ZN8Security9TypedListC4ERNS_13CssmAllocatorElPNS_11ListElementES4_ -Security:single module:__ZN8Security9TypedListC4ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_ -Security:single module:__ZN8Security9TypedListC4ERNS_13CssmAllocatorElPNS_11ListElementES4_S4_S4_ -Security:single module:__ZNK8Security11ListElement4dataEv -Security:single module:__ZNK8Security11ListElement4listEv -Security:single module:__ZNK8Security11ListElement9typedListEv -Security:single module:__ZNK8Security8CssmList6lengthEv -Security:single module:__ZNK8Security8CssmListixEj -Security:single module:__ZNK8Security9TypedList11checkProperEl -Security:single module:__ZN8Security6Daemon9incarnateEv -Security:single module:__ZN8Security6Daemon11executeSelfEPPc -Security:single module:__ZN8Security15DatabaseManager10getDbNamesERNS_15DatabaseSessionE -Security:single module:__ZN8Security15DatabaseManager12freeNameListERNS_15DatabaseSessionER14cssm_name_list -Security:single module:__ZN8Security15DatabaseManager8dbCreateERNS_15DatabaseSessionERKNS_6DbNameERK11cssm_dbinfomPK29cssm_resource_control_contextPKv -Security:single module:__ZN8Security15DatabaseManager8dbDeleteERNS_15DatabaseSessionERKNS_6DbNameEPKNS_17AccessCredentialsE -Security:single module:__ZN8Security15DatabaseManagerC1Ev -Security:single module:__ZN8Security15DatabaseManagerD0Ev -Security:single module:__ZN8Security15DatabaseManagerD1Ev -Security:single module:__ZN8Security15DatabaseManagerD2Ev -Security:single module:__ZN8Security15DatabaseManagerD4Ev -Security:single module:__ZN8Security8Database9_dbCreateERNS_15DatabaseSessionERK11cssm_dbinfomPK29cssm_resource_control_contextPKv -Security:single module:__ZN8Security8DatabaseC1ERKNS_6DbNameE -Security:single module:__ZN8Security8DatabaseD0Ev -Security:single module:__ZN8Security8DatabaseD1Ev -Security:single module:__ZN8Security15DatabaseSession10DataDeleteEmRK21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession10DataInsertEmmPK29cssm_db_record_attribute_dataPKNS_8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN8Security15DatabaseSession10DataModifyEmmR21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPKNS_8CssmDataEm -Security:single module:__ZN8Security15DatabaseSession10GetDbNamesERP14cssm_name_list -Security:single module:__ZN8Security15DatabaseSession10GetDbOwnerEmR24cssm_acl_owner_prototype -Security:single module:__ZN8Security15DatabaseSession11ChangeDbAclEmRKNS_17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZN8Security15DatabaseSession11PassThroughEmmPKvPPv -Security:single module:__ZN8Security15DatabaseSession12AuthenticateEmmRKNS_17AccessCredentialsE -Security:single module:__ZN8Security15DatabaseSession12FreeNameListER14cssm_name_list -Security:single module:__ZN8Security15DatabaseSession13ChangeDbOwnerEmRKNS_17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZN8Security15DatabaseSession14CreateRelationEmmPKcmRK29cssm_db_schema_attribute_infomRK25cssm_db_schema_index_info -Security:single module:__ZN8Security15DatabaseSession15DestroyRelationEmm -Security:single module:__ZN8Security15DatabaseSession19GetDbNameFromHandleEmPPc -Security:single module:__ZN8Security15DatabaseSession8DbCreateEPKcPK16cssm_net_addressRK11cssm_dbinfomPK29cssm_resource_control_contextPKvRm -Security:single module:__ZN8Security15DatabaseSession8DbDeleteEPKcPK16cssm_net_addressPKNS_17AccessCredentialsE -Security:single module:__ZN8Security15DatabaseSession8GetDbAclEmPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN8Security15DatabaseSession8closeAllEv -Security:single module:__ZN8Security15DatabaseSessionC1ERNS_15DatabaseManagerE -Security:single module:__ZN8Security15DatabaseSessionD0Ev -Security:single module:__ZN8Security15DatabaseSessionD1Ev -Security:single module:__ZThn4_N8Security15DatabaseSessionD0Ev -Security:single module:__ZThn4_N8Security15DatabaseSessionD1Ev -Security:single module:__ZN8Security9DbContextC1ERNS_8DatabaseERNS_15DatabaseSessionEmPK23cssm_access_credentials -Security:single module:__ZN8Security9DbContextD0Ev -Security:single module:__ZN8Security9DbContextD1Ev -Security:single module:__ZN8Security10DbQueryKeyC2ERKNS_12DbConstIndexE -Security:single module:__ZN8Security12DbConstIndexC1ERKNS_5TableEmb -Security:single module:__ZN8Security12DbConstIndexC2ERKNS_5TableERKNS_11ReadSectionE -Security:single module:__ZN8Security12DbConstIndexC2ERKNS_5TableEmb -Security:single module:__ZN8Security12DbConstIndexC4ERKNS_5TableEmb -Security:single module:__ZN8Security14DbMutableIndex10writeIndexERNS_12WriteSectionEm -Security:single module:__ZN8Security14DbMutableIndex12insertRecordEmRKNS_11ReadSectionE -Security:single module:__ZN8Security14DbMutableIndex12removeRecordEm -Security:single module:__ZN8Security14DbMutableIndex17insertRecordMultiEmRKNS_11ReadSectionEmRNS_12WriteSectionEm -Security:single module:__ZN8Security14DbMutableIndex18insertRecordSingleEmRKNS_11ReadSectionE -Security:single module:__ZN8Security14DbMutableIndexC1ERKNS_10MetaRecordEmb -Security:single module:__ZN8Security14DbMutableIndexC1ERKNS_12DbConstIndexE -Security:single module:__ZN8Security14DbMutableIndexC2ERKNS_10MetaRecordEmb -Security:single module:__ZN8Security14DbMutableIndexC2ERKNS_12DbConstIndexE -Security:single module:__ZN8Security14DbMutableIndexC4ERKNS_10MetaRecordEmb -Security:single module:__ZN8Security14DbMutableIndexC4ERKNS_12DbConstIndexE -Security:single module:__ZN8Security14DbMutableIndexD1Ev -Security:single module:__ZN8Security14DbMutableIndexD2Ev -Security:single module:__ZN8Security14DbMutableIndexD4Ev -Security:single module:__ZN8Security7DbIndexC1ERKNS_10MetaRecordEmb -Security:single module:__ZNK8Security10DbIndexKeyltERKS0_ -Security:single module:__ZN8Security14CssmNetAddressC1ERK16cssm_net_address -Security:single module:__ZN8Security14CssmNetAddressC1EmRKNS_8CssmDataE -Security:single module:__ZN8Security14CssmNetAddressC2ERK16cssm_net_address -Security:single module:__ZN8Security14CssmNetAddressC2EmRKNS_8CssmDataE -Security:single module:__ZN8Security14CssmNetAddressC4ERK16cssm_net_address -Security:single module:__ZN8Security14CssmNetAddressC4EmRKNS_8CssmDataE -Security:single module:__ZN8Security14CssmNetAddressD1Ev -Security:single module:__ZN8Security14CssmNetAddressD2Ev -Security:single module:__ZN8Security14CssmNetAddressD4Ev -Security:single module:__ZN8Security6DbNameC2EPKcPK16cssm_net_address -Security:single module:__ZN8Security6DbNameC2ERKS0_ -Security:single module:__ZN8Security6DbNameD2Ev -Security:single module:__ZN8Security6DbNameaSERKS0_ -Security:single module:__ZN8Security7DbQueryC2Ev -Security:single module:__ZN8Security7DbQueryC1Ev -Security:single module:__ZN8Security7DbQueryC4Ev -Security:single module:__ZN8Security7DbQueryD2Ev -Security:single module:__ZN8Security7DbQueryD1Ev -Security:single module:__ZN8Security7DbQueryD0Ev -Security:single module:__ZN8Security7DbQueryD4Ev -Security:single module:__ZN8Security11BigNumValue7compareEPKhS2_i -Security:single module:__ZN8Security11BigNumValueC1ERK9cssm_data -Security:single module:__ZN8Security11BigNumValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11BigNumValueC2ERK9cssm_data -Security:single module:__ZN8Security11BigNumValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11BigNumValueC4ERK9cssm_data -Security:single module:__ZN8Security11BigNumValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11BigNumValueD0Ev -Security:single module:__ZN8Security11BigNumValueD1Ev -Security:single module:__ZN8Security11BigNumValueD2Ev -Security:single module:__ZN8Security11BigNumValueD4Ev -Security:single module:__ZN8Security11DoubleValueC1ERK9cssm_data -Security:single module:__ZN8Security11DoubleValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11DoubleValueC2ERK9cssm_data -Security:single module:__ZN8Security11DoubleValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11DoubleValueC4ERK9cssm_data -Security:single module:__ZN8Security11DoubleValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11DoubleValueD0Ev -Security:single module:__ZN8Security11DoubleValueD1Ev -Security:single module:__ZN8Security11DoubleValueD2Ev -Security:single module:__ZN8Security11DoubleValueD4Ev -Security:single module:__ZN8Security11SInt32ValueC1ERK9cssm_data -Security:single module:__ZN8Security11SInt32ValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11SInt32ValueC2ERK9cssm_data -Security:single module:__ZN8Security11SInt32ValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11SInt32ValueC4ERK9cssm_data -Security:single module:__ZN8Security11SInt32ValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11SInt32ValueD0Ev -Security:single module:__ZN8Security11SInt32ValueD1Ev -Security:single module:__ZN8Security11SInt32ValueD2Ev -Security:single module:__ZN8Security11SInt32ValueD4Ev -Security:single module:__ZN8Security11StringValue10ComparatorclEPKhS3_m -Security:single module:__ZN8Security11StringValueC1ERK9cssm_data -Security:single module:__ZN8Security11StringValueC2ERK9cssm_data -Security:single module:__ZN8Security11StringValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11StringValueC4ERK9cssm_data -Security:single module:__ZN8Security11StringValueD0Ev -Security:single module:__ZN8Security11StringValueD2Ev -Security:single module:__ZN8Security11UInt32ValueC2ERK9cssm_data -Security:single module:__ZN8Security11UInt32ValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security11UInt32ValueD2Ev -Security:single module:__ZN8Security13TimeDateValueC1ERK9cssm_data -Security:single module:__ZN8Security13TimeDateValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security13TimeDateValueC2ERK9cssm_data -Security:single module:__ZN8Security13TimeDateValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security13TimeDateValueC4ERK9cssm_data -Security:single module:__ZN8Security13TimeDateValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security13TimeDateValueD0Ev -Security:single module:__ZN8Security13TimeDateValueD1Ev -Security:single module:__ZN8Security13TimeDateValueD2Ev -Security:single module:__ZN8Security13TimeDateValueD4Ev -Security:single module:__ZN8Security16MultiUInt32ValueC1ERK9cssm_data -Security:single module:__ZN8Security16MultiUInt32ValueC1ERKNS_11ReadSectionERm -Security:single module:__ZN8Security16MultiUInt32ValueC2ERK9cssm_data -Security:single module:__ZN8Security16MultiUInt32ValueC2ERKNS_11ReadSectionERm -Security:single module:__ZN8Security16MultiUInt32ValueC4ERK9cssm_data -Security:single module:__ZN8Security16MultiUInt32ValueC4ERKNS_11ReadSectionERm -Security:single module:__ZN8Security16MultiUInt32ValueD0Ev -Security:single module:__ZN8Security16MultiUInt32ValueD1Ev -Security:single module:__ZN8Security16MultiUInt32ValueD2Ev -Security:single module:__ZN8Security16MultiUInt32ValueD4Ev -Security:single module:__ZN8Security7DbValueD0Ev -Security:single module:__ZN8Security7DbValueD1Ev -Security:single module:__ZN8Security9BlobValue10ComparatorD0Ev -Security:single module:__ZN8Security9BlobValue10ComparatorD2Ev -Security:single module:__ZN8Security9BlobValueC2ERK9cssm_data -Security:single module:__ZNK8Security11BigNumValue8evaluateERKS0_m -Security:single module:__ZNK8Security11DoubleValue4packERNS_12WriteSectionERm -Security:single module:__ZNK8Security11SInt32Value4packERNS_12WriteSectionERm -Security:single module:__ZNK8Security11StringValue8evaluateERKS0_m -Security:single module:__ZNK8Security11UInt32Value4packERNS_12WriteSectionERm -Security:single module:__ZNK8Security13TimeDateValue10rangeValueEmm -Security:single module:__ZNK8Security13TimeDateValue11isValidDateEv -Security:single module:__ZNK8Security13TimeDateValue4packERNS_12WriteSectionERm -Security:single module:__ZNK8Security16MultiUInt32Value4packERNS_12WriteSectionERm -Security:single module:__ZNK8Security16MultiUInt32Value8evaluateERKS0_m -Security:single module:__ZN8Security5Debug10SyslogSink3putEPKcj -Security:single module:__ZN8Security5Debug10SyslogSink4dumpEPKc -Security:single module:__ZN8Security5Debug10SyslogSink9configureEPKc -Security:single module:__ZN8Security5Debug4dumpEPKcz -Security:single module:__ZN8Security5Debug6Target10terminatorEv -Security:single module:__ZN8Security5Debug6Target18setFromEnvironmentEv -Security:single module:__ZN8Security5Debug6Target2toEP7__sFILE -Security:single module:__ZN8Security5Debug6Target2toEPKc -Security:single module:__ZN8Security5Debug6Target2toEPNS1_4SinkE -Security:single module:__ZN8Security5Debug6Target2toEi -Security:single module:__ZN8Security5Debug6Target4Sink4dumpEPKc -Security:single module:__ZN8Security5Debug6Target4Sink9configureEPKc -Security:single module:__ZN8Security5Debug6Target4SinkD0Ev -Security:single module:__ZN8Security5Debug6Target4SinkD1Ev -Security:single module:__ZN8Security5Debug6Target4SinkD2Ev -Security:single module:__ZN8Security5Debug6Target4SinkD4Ev -Security:single module:__ZN8Security5Debug6Target4dumpEPKc -Security:single module:__ZN8Security5Debug6Target4dumpEPKcPc -Security:single module:__ZN8Security5Debug6Target8SelectorC1Ev -Security:single module:__ZN8Security5Debug6Target8SelectorC2Ev -Security:single module:__ZN8Security5Debug6Target8SelectorC4Ev -Security:single module:__ZN8Security5Debug6Target8SelectoraSEPKc -Security:single module:__ZN8Security5Debug6Target9configureEPKc -Security:single module:__ZN8Security5Debug6Target9configureEv -Security:single module:__ZN8Security5Debug6Target9debuggingEPKc -Security:single module:__ZN8Security5Debug6TargetC1Ev -Security:single module:__ZN8Security5Debug6TargetC2Ev -Security:single module:__ZN8Security5Debug6TargetC4Ev -Security:single module:__ZN8Security5Debug6TargetD0Ev -Security:single module:__ZN8Security5Debug6TargetD1Ev -Security:single module:__ZN8Security5Debug6TargetD2Ev -Security:single module:__ZN8Security5Debug6TargetD4Ev -Security:single module:__ZN8Security5Debug6vdebugEPKcS2_Pc -Security:single module:__ZN8Security5Debug7dumpingEPKc -Security:single module:__ZN8Security5Debug8FileSink3putEPKcj -Security:single module:__ZN8Security5Debug8FileSink4dumpEPKc -Security:single module:__ZN8Security5Debug8FileSink9configureEPKc -Security:single module:__ZN8Security5Debug8dumpDataEPKcPKvm -Security:single module:__ZN8Security5Debug8dumpDataEPKvm -Security:single module:__ZN8Security5Debug9debuggingEPKc -Security:single module:___security_debug -Security:single module:___security_debugging -Security:single module:__ZN8Security11GlobalNexus5ErrorD0Ev -Security:single module:__ZN8Security11GlobalNexus5ErrorD1Ev -Security:single module:__ZN8Security11GlobalNexus5ErrorD2Ev -Security:single module:__ZN8Security11GlobalNexus5ErrorD4Ev -Security:single module:__ZN8Security16ProcessNexusBaseC1EPKc -Security:single module:__ZN8Security16ProcessNexusBaseC2EPKc -Security:single module:__ZN8Security16ProcessNexusBaseC4EPKc -Security:single module:__ZN8Security12HandleObject4lockEv -Security:single module:__ZN8Security12HandleObject5StateC2Ev -Security:single module:__ZN8Security12HandleObject7tryLockEv -Security:single module:__ZN8Security12HandleObjectD0Ev -Security:single module:__ZN8Security12HandleObjectD1Ev -Security:single module:__ZN8Security6Syslog4openEPKcii -Security:single module:__ZN8Security6Syslog6outputEiPKcPc -Security:single module:__ZN8Security6Syslog6syslogEiPKcz -Security:single module:__ZN8Security6Syslog9emergencyEPKcz -Security:single module:__ZN8Security6Syslog5alertEPKcz -Security:single module:__ZN8Security6Syslog8criticalEPKcz -Security:single module:__ZN8Security6Syslog5errorEPKcz -Security:single module:__ZN8Security6Syslog7warningEPKcz -Security:single module:__ZN8Security6Syslog6noticeEPKcz -Security:single module:__ZN8Security6Syslog4infoEPKcz -Security:single module:__ZN8Security6Syslog5debugEPKcz -Security:single module:__ZN8Security6Syslog4maskEv -Security:single module:__ZN8Security6Syslog4uptoEi -Security:single module:__ZN8Security6Syslog6enableEi -Security:single module:__ZN8Security6Syslog7disableEi -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapC2ERKNS0_9BootstrapERKNS0_8TaskPortE -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapD1Ev -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapD2Ev -Security:single module:__ZN8Security12MachPlusPlus11StBootstrapD4Ev -Security:single module:__ZN8Security12MachPlusPlus4Port12cancelNotifyEi -Security:single module:__ZN8Security12MachPlusPlus4Port7getRefsEj -Security:single module:__ZN8Security12MachPlusPlus5Error7throwMeEi -Security:single module:__ZN8Security12MachPlusPlus5ErrorC1Ei -Security:single module:__ZN8Security12MachPlusPlus5ErrorC2Ei -Security:single module:__ZN8Security12MachPlusPlus5ErrorC4Ei -Security:single module:__ZN8Security12MachPlusPlus5ErrorD0Ev -Security:single module:__ZN8Security12MachPlusPlus5ErrorD1Ev -Security:single module:__ZN8Security12MachPlusPlus5ErrorD2Ev -Security:single module:__ZN8Security12MachPlusPlus5ErrorD4Ev -Security:single module:__ZN8Security12MachPlusPlus7Message11sendReceiveEjijj -Security:single module:__ZN8Security12MachPlusPlus7Message4sendEijj -Security:single module:__ZN8Security12MachPlusPlus7Message5checkEi -Security:single module:__ZN8Security12MachPlusPlus7Message7receiveEjijj -Security:single module:__ZN8Security12MachPlusPlus7MessageC1EPvm -Security:single module:__ZN8Security12MachPlusPlus7MessageC1Em -Security:single module:__ZN8Security12MachPlusPlus7MessageC2EPvm -Security:single module:__ZN8Security12MachPlusPlus7MessageC2Em -Security:single module:__ZN8Security12MachPlusPlus7MessageC4EPvm -Security:single module:__ZN8Security12MachPlusPlus7MessageC4Em -Security:single module:__ZN8Security12MachPlusPlus7MessageD0Ev -Security:single module:__ZN8Security12MachPlusPlus7MessageD2Ev -Security:single module:__ZN8Security12MachPlusPlus8TaskPort6forPidEi -Security:single module:__ZN8Security12MachPlusPlus8allocateEm -Security:single module:__ZN8Security12MachPlusPlus9Bootstrap6subsetENS0_4PortE -Security:single module:__ZNK8Security12MachPlusPlus5Error8osStatusEv -Security:single module:__ZNK8Security12MachPlusPlus5Error9cssmErrorEv -Security:single module:__ZNK8Security12MachPlusPlus7PortSet7membersEv -Security:single module:__ZNK8Security12MachPlusPlus7PortSet8containsENS0_4PortE -Security:single module:__ZNK8Security12MachPlusPlus9Bootstrap10registerAsEjPKc -Security:single module:__ZNK8Security12MachPlusPlus9Bootstrap7checkInEPKc -Security:single module:__Xmach_notify_port_destroyed -Security:single module:__Xmach_notify_send_once -Security:single module:_notify_server_routine -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer12alsoListenOnENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServer12stopListenOnENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC1EPKc -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC1EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC2EPKc -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerC4EPKc -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerD0Ev -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerD1Ev -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerD2Ev -Security:single module:__ZN8Security12MachPlusPlus17MachRunLoopServerD4Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServer14NoReplyHandler6handleEP17mach_msg_header_tS4_ -Security:single module:__ZN8Security12MachPlusPlus10MachServer14notifyDeadNameENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus10MachServer14notifySendOnceENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus10MachServer15notifyNoSendersENS0_4PortEj -Security:single module:__ZN8Security12MachPlusPlus10MachServer19notifyPortDestroyedENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus10MachServer3addENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus10MachServer3addERNS1_7HandlerE -Security:single module:__ZN8Security12MachPlusPlus10MachServer3runEmi -Security:single module:__ZN8Security12MachPlusPlus10MachServer5setupEPKc -Security:single module:__ZN8Security12MachPlusPlus10MachServer6removeENS0_4PortE -Security:single module:__ZN8Security12MachPlusPlus10MachServer6removeERNS1_7HandlerE -Security:single module:__ZN8Security12MachPlusPlus10MachServer9addThreadEPNS_6ThreadE -Security:single module:__ZN8Security12MachPlusPlus10MachServerC1EPKc -Security:single module:__ZN8Security12MachPlusPlus10MachServerC1EPKcRKNS0_9BootstrapE -Security:single module:__ZN8Security12MachPlusPlus10MachServerC2EPKc -Security:single module:__ZN8Security12MachPlusPlus10MachServerC4EPKc -Security:single module:__ZN8Security12MachPlusPlus10MachServerD0Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServerD1Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServerD2Ev -Security:single module:__ZN8Security12MachPlusPlus10MachServerD4Ev -Security:single module:__ZNK8Security12MachPlusPlus10MachServer14notifyIfUnusedENS0_4PortEb -Security:single module:_cdsa_mach_notify_port_destroyed -Security:single module:_cdsa_mach_notify_send_once -Security:single module:__ZN8Security13MetaAttributeD0Ev -Security:single module:__ZN8Security13MetaAttributeD1Ev -Security:single module:__ZNK8Security13MetaAttribute13packAttributeERNS_12WriteSectionERmmPK9cssm_data -Security:single module:__ZNK8Security13MetaAttribute14copyValueBytesEmRKNS_11ReadSectionERNS_12WriteSectionERm -Security:single module:__ZNK8Security13MetaAttribute17getNumberOfValuesERKNS_11ReadSectionE -Security:single module:__ZNK8Security13MetaAttribute18packNumberOfValuesERNS_12WriteSectionEmRm -Security:single module:__ZN8Security10MetaRecordC1ERK29cssm_db_record_attribute_info -Security:single module:__ZN8Security10MetaRecordC1EmmPK29cssm_db_schema_attribute_info -Security:single module:__ZN8Security10MetaRecordC2ERK29cssm_db_record_attribute_info -Security:single module:__ZN8Security10MetaRecordC2Em -Security:single module:__ZN8Security10MetaRecordC2EmmPK29cssm_db_schema_attribute_info -Security:single module:__ZN8Security10MetaRecordC4ERK29cssm_db_record_attribute_info -Security:single module:__ZN8Security10MetaRecordC4EmmPK29cssm_db_schema_attribute_info -Security:single module:__ZN8Security10MetaRecordD2Ev -Security:single module:__ZNK8Security10MetaRecord10packRecordERNS_12WriteSectionEPK29cssm_db_record_attribute_dataPKNS_8CssmDataE -Security:single module:__ZNK8Security10MetaRecord12updateRecordERKNS_11ReadSectionERNS_12WriteSectionEPKNS_25CssmDbRecordAttributeDataEPKNS_8CssmDataEm -Security:single module:__ZN8Security11CodeSigning13GenericBundle12lookupSymbolEPKc -Security:single module:__ZN8Security11CodeSigning13GenericBundleD1Ev -Security:single module:__ZN8Security11CodeSigning14LoadableBundle4loadEv -Security:single module:__ZN8Security11CodeSigning14LoadableBundle6unloadEv -Security:single module:__ZNK8Security11CodeSigning14ExecutableTool13canonicalPathEv -Security:single module:__ZNK8Security11CodeSigning14LoadableBundle8isLoadedEv -Security:single module:__ZN8Security18SelectionPredicateC2ERKNS_10MetaRecordERK24cssm_selection_predicate -Security:single module:__ZN8Security18SelectionPredicateD2Ev -Security:single module:__ZN8Security12NestingMutex4lockEv -Security:single module:__ZN8Security12NestingMutex6unlockEv -Security:single module:__ZN8Security12NestingMutex7tryLockEv -Security:single module:__ZN8Security12NestingMutexC1Ev -Security:single module:__ZN8Security12NestingMutexC2Ev -Security:single module:__ZN8Security12NestingMutexC4Ev -Security:single module:__ZN8Security12ThreadRunner6actionEv -Security:single module:__ZN8Security12ThreadRunnerC1EPFvvE -Security:single module:__ZN8Security12ThreadRunnerC2EPFvvE -Security:single module:__ZN8Security12ThreadRunnerC4EPFvvE -Security:single module:__ZN8Security13CountingMutex10finishExitEv -Security:single module:__ZN8Security13CountingMutex5enterEv -Security:single module:__ZN8Security15ThreadStoreSlotC1EPFvPvE -Security:single module:__ZN8Security15ThreadStoreSlotD1Ev -Security:single module:__ZN8Security6Thread3runEv -Security:single module:__ZN8Security6Thread5yieldEv -Security:single module:__ZN8Security6Thread8Identity11getIdStringEPc -Security:single module:__ZN8Security6ThreadD0Ev -Security:single module:__ZN8Security6ThreadD1Ev -Security:single module:__ZN8Security10MacOSError7throwMeEi -Security:single module:__ZN8Security10MacOSErrorC1Ei -Security:single module:__ZN8Security10MacOSErrorC2Ei -Security:single module:__ZN8Security10MacOSErrorC4Ei -Security:single module:__ZN8Security15CryptoDataClassD0Ev -Security:single module:__ZN8Security15CryptoDataClassD1Ev -Security:single module:__ZN8Security15CryptoDataClassD2Ev -Security:single module:__ZN8Security15CryptoDataClassD4Ev -Security:single module:__ZN8Security15CssmCommonErrorC1ERKS0_ -Security:single module:__ZN8Security15CssmCommonErrorC1Ev -Security:single module:__ZN8Security15CssmCommonErrorC2ERKS0_ -Security:single module:__ZN8Security15CssmCommonErrorC4ERKS0_ -Security:single module:__ZN8Security15CssmCommonErrorD0Ev -Security:single module:__ZN8Security15CssmCommonErrorD1Ev -Security:single module:__ZN8Security17CssmSubserviceUidC2ERK9cssm_guidPK12cssm_versionmm -Security:single module:__ZN8Security4GuidC2EPKc -Security:single module:__ZN8Security7CssmKeyC1ERK8cssm_key -Security:single module:__ZN8Security7CssmKeyC1ERK9cssm_data -Security:single module:__ZN8Security7CssmKeyC2ERK9cssm_data -Security:single module:__ZN8Security7CssmKeyC2EmPv -Security:single module:__ZN8Security7CssmKeyC4ERK9cssm_data -Security:single module:__ZN8Security9CssmErrorC2El -Security:single module:__ZN8Security9UnixError4makeEi -Security:single module:__ZN8Security9UnixError7throwMeEi -Security:single module:__ZN8Security9UnixErrorC1Ei -Security:single module:__ZN8Security9UnixErrorC1Ev -Security:single module:__ZN8Security9UnixErrorC2Ei -Security:single module:__ZN8Security9UnixErrorC2Ev -Security:single module:__ZN8Security9UnixErrorC4Ei -Security:single module:__ZN8Security9UnixErrorC4Ev -Security:single module:__ZNK8Security10MacOSError4whatEv -Security:single module:__ZNK8Security10MacOSError8osStatusEv -Security:single module:__ZNK8Security10MacOSError9cssmErrorEv -Security:single module:__ZNK8Security15CssmCommonError13debugDiagnoseEPKv -Security:single module:__ZNK8Security15CssmCommonError8osStatusEv -Security:single module:__ZNK8Security15CssmCommonError9unixErrorEv -Security:single module:__ZNK8Security4Guid8toStringEPc -Security:single module:__ZNK8Security8CssmData8toStringEv -Security:single module:__ZNK8Security9CssmError4whatEv -Security:single module:__ZNK8Security9UnixError4whatEv -Security:single module:__ZNK8Security9UnixError8osStatusEv -Security:single module:__ZNK8Security9UnixError9cssmErrorEv -Security:single module:__ZNK8Security9UnixError9unixErrorEv -Security:single module:__ZN8Security11DataWalkers15ChunkFreeWalker4freeEv -Security:single module:__ZN15AttachmentMakerD0Ev -Security:single module:__ZN15AttachmentMakerD1Ev -Security:single module:__ZN15AttachmentMakerD2Ev -Security:single module:__ZN15AttachmentMakerD4Ev -Security:single module:__ZN17AttachmentFactoryC1Ev -Security:single module:__ZN10Attachment12upcallCallocEmmm -Security:single module:__ZN10Attachment16upcallCcToHandleEyPm -Security:single module:__ZN10Attachment19upcallGetModuleInfoEmP9cssm_guidP12cssm_versionPmS4_S4_S4_P17cssm_memory_funcsP19cssm_func_name_addrm -Security:single module:__ZN10AttachmentC1EP6ModuleRK12cssm_versionmmRK17cssm_memory_funcsmm -Security:single module:__ZN10AttachmentD0Ev -Security:single module:__ZN10AttachmentD1Ev -Security:single module:__ZThn12_N10AttachmentD0Ev -Security:single module:__ZThn12_N10AttachmentD1Ev -Security:single module:_CSSM_GetModuleGUIDFromHandle -Security:single module:_CSSM_GetPrivilege -Security:single module:_CSSM_GetSubserviceUIDFromHandle -Security:single module:_CSSM_Introduce -Security:single module:_CSSM_ListAttachedModuleManagers -Security:single module:_CSSM_SetPrivilege -Security:single module:_CSSM_Terminate -Security:single module:_CSSM_Unintroduce -Security:single module:__ZN13HandleContext4lockEv -Security:single module:__ZN13HandleContextD0Ev -Security:single module:__ZN13HandleContextD2Ev -Security:single module:__ZN12MdsComponent3MDSC2Ev -Security:single module:__ZN12MdsComponent3MDSD1Ev -Security:single module:__ZN12MdsComponent3MDSD2Ev -Security:single module:__ZN12MdsComponent3MDSD4Ev -Security:single module:__ZN12MdsComponentD0Ev -Security:single module:__ZN11CssmManager11unIntroduceERKN8Security4GuidE -Security:single module:__ZN11CssmManager9introduceERKN8Security4GuidEm -Security:single module:__ZN11CssmManager9terminateEv -Security:single module:__ZN11CssmManagerC2Ev -Security:single module:__ZN11CssmManagerD0Ev -Security:single module:__ZN11CssmManagerD1Ev -Security:single module:__ZN11CssmManagerD2Ev -Security:single module:__ZN11CssmManagerD4Ev -Security:single module:__ZN6Module13spiEventRelayEPK9cssm_guidPvmmm -Security:single module:__ZN6Module8spiEventEmRKN8Security4GuidEmm -Security:single module:__ZN6ModuleC2EP11CssmManagerRK12MdsComponentPN8Security6PluginE -Security:single module:__ZN6ModuleD1Ev -Security:single module:__ZN6ModuleD2Ev -Security:single module:_cssmAlgToOid -Security:single module:_CSSM_AC_AuthCompute -Security:single module:_CSSM_AC_PassThrough -Security:single module:_CSSM_CL_CertCreateTemplate -Security:single module:_CSSM_CL_CertDescribeFormat -Security:single module:_CSSM_CL_CertGetAllFields -Security:single module:_CSSM_CL_CertGetAllTemplateFields -Security:single module:_CSSM_CL_CertGetFirstFieldValue -Security:single module:_CSSM_CL_CertGetNextFieldValue -Security:single module:_CSSM_CL_CertGroupFromVerifiedBundle -Security:single module:_CSSM_CL_CertGroupToSignedBundle -Security:single module:_CSSM_CL_CertSign -Security:single module:_CSSM_CL_CertVerifyWithKey -Security:single module:_CSSM_CL_CrlAbortCache -Security:single module:_CSSM_CL_CrlAbortQuery -Security:single module:_CSSM_CL_CrlAddCert -Security:single module:_CSSM_CL_CrlCache -Security:single module:_CSSM_CL_CrlCreateTemplate -Security:single module:_CSSM_CL_CrlDescribeFormat -Security:single module:_CSSM_CL_CrlGetAllCachedRecordFields -Security:single module:_CSSM_CL_CrlGetAllFields -Security:single module:_CSSM_CL_CrlGetFirstCachedFieldValue -Security:single module:_CSSM_CL_CrlGetFirstFieldValue -Security:single module:_CSSM_CL_CrlGetNextCachedFieldValue -Security:single module:_CSSM_CL_CrlGetNextFieldValue -Security:single module:_CSSM_CL_CrlRemoveCert -Security:single module:_CSSM_CL_CrlSetFields -Security:single module:_CSSM_CL_CrlSign -Security:single module:_CSSM_CL_CrlVerify -Security:single module:_CSSM_CL_CrlVerifyWithKey -Security:single module:_CSSM_CL_FreeFields -Security:single module:_CSSM_CL_IsCertInCachedCrl -Security:single module:_CSSM_CL_IsCertInCrl -Security:single module:_CSSM_CL_PassThrough -Security:single module:_CSSM_CSP_ChangeLoginAcl -Security:single module:_CSSM_CSP_ChangeLoginOwner -Security:single module:_CSSM_CSP_CreateKeyGenContext -Security:single module:_CSSM_CSP_CreatePassThroughContext -Security:single module:_CSSM_CSP_CreateRandomGenContext -Security:single module:_CSSM_CSP_GetLoginAcl -Security:single module:_CSSM_CSP_GetLoginOwner -Security:single module:_CSSM_CSP_GetOperationalStatistics -Security:single module:_CSSM_CSP_Login -Security:single module:_CSSM_CSP_Logout -Security:single module:_CSSM_CSP_ObtainPrivateKeyFromPublicKey -Security:single module:_CSSM_CSP_PassThrough -Security:single module:_CSSM_ChangeKeyAcl -Security:single module:_CSSM_ChangeKeyOwner -Security:single module:_CSSM_DL_Authenticate -Security:single module:_CSSM_DL_ChangeDbAcl -Security:single module:_CSSM_DL_ChangeDbOwner -Security:single module:_CSSM_DL_CreateRelation -Security:single module:_CSSM_DL_DataDelete -Security:single module:_CSSM_DL_DataInsert -Security:single module:_CSSM_DL_DataModify -Security:single module:_CSSM_DL_DbCreate -Security:single module:_CSSM_DL_DbDelete -Security:single module:_CSSM_DL_DestroyRelation -Security:single module:_CSSM_DL_FreeNameList -Security:single module:_CSSM_DL_GetDbAcl -Security:single module:_CSSM_DL_GetDbNameFromHandle -Security:single module:_CSSM_DL_GetDbNames -Security:single module:_CSSM_DL_GetDbOwner -Security:single module:_CSSM_DL_PassThrough -Security:single module:_CSSM_DecryptDataInitP -Security:single module:_CSSM_DecryptDataP -Security:single module:_CSSM_DeleteContextAttributes -Security:single module:_CSSM_EncryptDataFinal -Security:single module:_CSSM_EncryptDataInitP -Security:single module:_CSSM_EncryptDataP -Security:single module:_CSSM_FreeContext -Security:single module:_CSSM_GenerateAlgorithmParams -Security:single module:_CSSM_GenerateKey -Security:single module:_CSSM_GenerateKeyP -Security:single module:_CSSM_GenerateKeyPair -Security:single module:_CSSM_GenerateKeyPairP -Security:single module:_CSSM_GenerateRandom -Security:single module:_CSSM_GetContext -Security:single module:_CSSM_GetContextAttribute -Security:single module:_CSSM_GetKeyAcl -Security:single module:_CSSM_GetKeyOwner -Security:single module:_CSSM_GetTimeValue -Security:single module:_CSSM_QuerySize -Security:single module:_CSSM_RetrieveCounter -Security:single module:_CSSM_RetrieveUniqueId -Security:single module:_CSSM_SignData -Security:single module:_CSSM_SignDataFinal -Security:single module:_CSSM_SignDataInit -Security:single module:_CSSM_SignDataUpdate -Security:single module:_CSSM_TP_ApplyCrlToDb -Security:single module:_CSSM_TP_CertCreateTemplate -Security:single module:_CSSM_TP_CertGetAllTemplateFields -Security:single module:_CSSM_TP_CertGroupConstruct -Security:single module:_CSSM_TP_CertGroupPrune -Security:single module:_CSSM_TP_CertGroupToTupleGroup -Security:single module:_CSSM_TP_CertReclaimAbort -Security:single module:_CSSM_TP_CertReclaimKey -Security:single module:_CSSM_TP_CertRemoveFromCrlTemplate -Security:single module:_CSSM_TP_CertRevoke -Security:single module:_CSSM_TP_CertSign -Security:single module:_CSSM_TP_ConfirmCredResult -Security:single module:_CSSM_TP_CrlCreateTemplate -Security:single module:_CSSM_TP_CrlSign -Security:single module:_CSSM_TP_CrlVerify -Security:single module:_CSSM_TP_FormRequest -Security:single module:_CSSM_TP_FormSubmit -Security:single module:_CSSM_TP_PassThrough -Security:single module:_CSSM_TP_ReceiveConfirmation -Security:single module:_CSSM_TP_RetrieveCredResult -Security:single module:_CSSM_TP_SubmitCredRequest -Security:single module:_CSSM_TP_TupleGroupToCertGroup -Security:single module:_CSSM_UnwrapKeyP -Security:single module:_CSSM_VerifyDataFinal -Security:single module:_CSSM_VerifyDataInit -Security:single module:_CSSM_VerifyDataUpdate -Security:single module:_CSSM_VerifyDevice -Security:single module:_CSSM_VerifyMacFinal -Security:single module:_CSSM_VerifyMacInit -Security:single module:_CSSM_VerifyMacUpdate -Security:single module:_CSSM_WrapKey -Security:single module:_CSSM_WrapKeyP -Security:single module:__Z14sslKeyToSigAlgPK8cssm_keyRm -Security:single module:__Z18sslAddBlindingAttry -Security:single module:_attachToTp -Security:single module:_sslDhGenKeyPairClient -Security:single module:_sslDhGenerateKeyPair -Security:single module:_sslDhKeyExchange -Security:single module:_sslGetMaxSigSize -Security:single module:_sslGetPubKeyBits -Security:single module:_sslGetPubKeyFromBits -Security:single module:_sslRawSign -Security:single module:_sslRawVerify -Security:single module:_sslRsaDecrypt -Security:single module:_stAppCalloc -Security:single module:_stMallocCssmData -Security:single module:__ZN12SessionCache10deletePrivEPK9SSLBuffer -Security:single module:__ZN12SessionCache10deletePrivESt15_Deque_iteratorIP17SessionCacheEntryRS2_PS2_E -Security:single module:__ZN12SessionCache10lookupPrivEPK9SSLBuffer -Security:single module:__ZN12SessionCache11deleteEntryE9SSLBuffer -Security:single module:__ZN12SessionCache11lookupEntryE9SSLBufferPS0_ -Security:single module:__ZN12SessionCache8addEntryE9SSLBufferS0_ -Security:single module:__ZN12SessionCacheD1Ev -Security:single module:__ZN12SessionCacheD2Ev -Security:single module:__ZN12SessionCacheD4Ev -Security:single module:__ZN17SessionCacheEntry11sessionDataERK9SSLBuffer -Security:single module:__ZN17SessionCacheEntry7isStaleERKN8Security4Time8AbsoluteE -Security:single module:__ZN17SessionCacheEntry7isStaleEv -Security:single module:__ZN17SessionCacheEntryC1ERK9SSLBufferS2_RKN8Security4Time8AbsoluteE -Security:single module:__ZN17SessionCacheEntryC2ERK9SSLBufferS2_RKN8Security4Time8AbsoluteE -Security:single module:__ZN17SessionCacheEntryC4ERK9SSLBufferS2_RKN8Security4Time8AbsoluteE -Security:single module:__ZN17SessionCacheEntryD1Ev -Security:single module:__ZN17SessionCacheEntryD2Ev -Security:single module:__ZN17SessionCacheEntryD4Ev -Security:single module:__ZNK17SessionCacheEntry8matchKeyERK9SSLBuffer -Security:single module:_sslAddSession -Security:single module:_sslDeleteSession -Security:single module:_sslGetSession -Security:single module:_SSLGetEnabledCiphers -Security:single module:_SSLGetNumberEnabledCiphers -Security:single module:_SSLGetNumberSupportedCiphers -Security:single module:_SSLGetSupportedCiphers -Security:single module:_SSLSetEnabledCiphers -Security:single module:__Z25cipherSpecsToCipherSuitesmPK13SSLCipherSpecPmS2_ -Security:single module:__Z12HashNullInitR9SSLBufferP10SSLContext -Security:single module:__Z13HashNullCloneRK9SSLBufferRS_ -Security:single module:__Z13HashNullCloseR9SSLBufferP10SSLContext -Security:single module:__Z13HashNullFinalR9SSLBufferS0_ -Security:single module:__Z14HashNullUpdateR9SSLBufferRKS_ -Security:single module:_SSLEncodeCertificate -Security:single module:_SSLEncodeCertificateRequest -Security:single module:_SSLEncodeCertificateVerify -Security:single module:_SSLProcessCertificateRequest -Security:single module:_SSLProcessCertificateVerify -Security:single module:_SSLEncodeServerHelloDone -Security:single module:_SSLEncodeClientHello -Security:single module:_SSLEncodeServerHello -Security:single module:_SSLProcessClientHello -Security:single module:__Z15SSLEncodeRandomPhP10SSLContext -Security:single module:_SSLEncodeServerKeyExchange -Security:single module:_SSLProcessKeyExchange -Security:single module:_SSLProcessServerKeyExchange -Security:single module:__Z20SSLDecodeDHKeyParamsP10SSLContextRPhm -Security:single module:__Z20SSLEncodeDHKeyParamsP10SSLContextPh -Security:single module:__Z21SSLEncodeRSAKeyParamsP9SSLBufferPP8cssm_keyP10SSLContext -Security:single module:__Z23SSLDecodeRSAKeyExchange9SSLBufferP10SSLContext -Security:single module:__Z26SSLGenServerDHParamsAndKeyP10SSLContext -Security:single module:__Z28SSLDecodeDHClientKeyExchange9SSLBufferP10SSLContext -Security:single module:__Z28SSLEncodeDHClientKeyExchangeR9SSLRecordP10SSLContext -Security:single module:__Z28SSLGenClientDHKeyAndExchangeP10SSLContext -Security:single module:__Z32SSLDecodeDHanonServerKeyExchange9SSLBufferP10SSLContext -Security:single module:__Z32SSLDecodeSignedServerKeyExchange9SSLBufferP10SSLContext -Security:single module:__Z32SSLEncodeDHanonServerKeyExchangeR9SSLRecordP10SSLContext -Security:single module:__Z32SSLEncodeSignedServerKeyExchangeR9SSLRecordP10SSLContext -Security:single module:__ZN14ServerDhParamsC1Ev -Security:single module:__ZN14ServerDhParamsC2Ev -Security:single module:__ZN14ServerDhParamsC4Ev -Security:single module:__ZN14ServerDhParamsD1Ev -Security:single module:__ZN14ServerDhParamsD2Ev -Security:single module:__ZN14ServerDhParamsD4Ev -Security:single module:__ZN14ModuleAttacher10getCspHandEv -Security:single module:__ZN14ModuleAttacher12unloadModuleEmPK9cssm_guid -Security:single module:__ZN14ModuleAttacher9getClHandEv -Security:single module:__ZN14ModuleAttacher9getTpHandEv -Security:single module:__ZN14ModuleAttacherD1Ev -Security:single module:__ZN14ModuleAttacherD2Ev -Security:single module:__ZN14ModuleAttacherD4Ev -Security:single module:__Z10NullFinishP13CipherContextP10SSLContext -Security:single module:__Z8NullInitPhS_P13CipherContextP10SSLContext -Security:single module:_SSL2EncodeClientFinished -Security:single module:_SSL2EncodeClientMasterKey -Security:single module:_SSL2EncodeServerFinished -Security:single module:_SSL2EncodeServerHello -Security:single module:_SSL2EncodeServerVerify -Security:single module:_SSL2ProcessClientFinished -Security:single module:_SSL2ProcessClientHello -Security:single module:_SSL2ProcessClientMasterKey -Security:single module:_SSL2ProcessServerFinished -Security:single module:_SSL2ProcessServerHello -Security:single module:_SSL2ProcessServerVerify -Security:single module:_SSL2CompareSessionIDs -Security:single module:_SSL2GenerateSessionID -Security:single module:_SSL2InitCiphers -Security:single module:_SSL2InstallSessionKey -Security:single module:_SSL2ProcessMessage -Security:single module:_SSL2ReadRecord -Security:single module:_SSL2SendError -Security:single module:__Z13SSL2VerifyMACR9SSLBufferPhP10SSLContext -Security:single module:__Z16SSL2CalculateMACR9SSLBufferS0_mRK13HashReferenceS0_P10SSLContext -Security:single module:__Z17SSL2DecryptRecordR9SSLBufferP10SSLContext -Security:single module:_SSLFatalSessionAlert -Security:single module:_SSLProcessAlert -Security:single module:__Z21SSLDetectCertRejectedP10SSLContext16AlertDescription -Security:single module:_SSLAllocCopyBuffer -Security:single module:_SSLCopyBuffer -Security:single module:_SSLCopyBufferFromData -Security:single module:_sslAllocCopy -Security:single module:_sslDecodeRsaBlob -Security:single module:_sslEncodeRsaBlob -Security:single module:_sslDecodeDhParams -Security:single module:_sslEncodeDhParams -Security:single module:_SSLAddDistinguishedName -Security:single module:_SSLGetAllowsAnyRoot -Security:single module:_SSLGetAllowsExpiredCerts -Security:single module:_SSLGetAllowsExpiredRoots -Security:single module:_SSLGetClientCertificateState -Security:single module:_SSLGetConnection -Security:single module:_SSLGetDiffieHellmanParams -Security:single module:_SSLGetEnableCertVerify -Security:single module:_SSLGetNegotiatedCipher -Security:single module:_SSLGetNegotiatedProtocolVersion -Security:single module:_SSLGetPeerCertificates -Security:single module:_SSLGetPeerDomainName -Security:single module:_SSLGetPeerDomainNameLength -Security:single module:_SSLGetPeerID -Security:single module:_SSLGetPeerSecTrust -Security:single module:_SSLGetProtocolVersion -Security:single module:_SSLGetProtocolVersionEnabled -Security:single module:_SSLGetResumableSessionInfo -Security:single module:_SSLGetRsaBlinding -Security:single module:_SSLGetTrustedRoots -Security:single module:_SSLInternalClientRandom -Security:single module:_SSLInternalMasterSecret -Security:single module:_SSLInternalServerRandom -Security:single module:_SSLSetCertificate -Security:single module:_SSLSetClientSideAuthenticate -Security:single module:_SSLSetDiffieHellmanParams -Security:single module:_SSLSetEncryptionCertificate -Security:single module:_SSLSetPeerID -Security:single module:_SSLSetProtocolVersionEnabled -Security:single module:_SSLSetRsaBlinding -Security:single module:_SSLSetTrustedRoots -Security:single module:__Z19convertProtToExtern18SSLProtocolVersion -Security:single module:_SSL3ReceiveSSL2ClientHello -Security:single module:__Z16secCertToSslCertP10SSLContextP23OpaqueSecCertificateRefPP14SSLCertificate -Security:single module:_parseIncomingCerts -Security:single module:_SSLAddSessionData -Security:single module:_SSLGetSessionData -Security:single module:_SSLDeleteSessionData -Security:single module:_SSLRetrieveSessionID -Security:single module:_SSLRetrieveSessionProtocolVersion -Security:single module:_SSLInstallSessionFromData -Security:single module:_sslTime -Security:single module:_AuthorizationFreeItemSet -Security:single module:_AuthorizationRightGet -Security:single module:_AuthorizationRightRemove -Security:single module:_AuthorizationRightSet -Security:single module:_AuthorizationExecuteWithPrivileges -Security:single module:__Z9argVectorPKcS0_S0_PKPc -Security:single module:_AuthorizationCopyPrivilegedReference -Security:single module:__Z16cssm_PassThroughmmmyPK15cssm_dl_db_listmPKvPPv -Security:single module:__Z16cssm_AuthComputemPK15cssm_tuplegroupS1_mPK9cssm_listS4_S4_PS_ -Security:single module:__ZN8Security15ACPluginSession9constructEv -Security:single module:__Z12cssm_CrlSignmyPK9cssm_dataPK10cssm_fieldmPS_ -Security:single module:__Z13cssm_CertSignmyPK9cssm_dataPK10cssm_fieldmPS_ -Security:single module:__Z13cssm_CrlCachemPK9cssm_dataPm -Security:single module:__Z14cssm_CrlVerifymyPK9cssm_dataS1_PK10cssm_fieldm -Security:single module:__Z15cssm_CrlAddCertmyPK9cssm_datamPK10cssm_fieldS1_PS_ -Security:single module:__Z15cssm_FreeFieldsmmPP10cssm_field -Security:single module:__Z16cssm_IsCertInCrlmPK9cssm_dataS1_Pl -Security:single module:__Z16cssm_PassThroughmymPKvPPv -Security:single module:__Z17cssm_CrlSetFieldsmmPK10cssm_fieldPK9cssm_dataPS2_ -Security:single module:__Z18cssm_CrlAbortCachemm -Security:single module:__Z18cssm_CrlAbortQuerymm -Security:single module:__Z18cssm_CrlRemoveCertmPK9cssm_dataS1_PS_ -Security:single module:__Z20cssm_CrlGetAllFieldsmPK9cssm_dataPmPP10cssm_field -Security:single module:__Z21cssm_CertGetAllFieldsmPK9cssm_dataPmPP10cssm_field -Security:single module:__Z21cssm_CrlVerifyWithKeymyPK9cssm_data -Security:single module:__Z22cssm_CertVerifyWithKeymyPK9cssm_data -Security:single module:__Z22cssm_CrlCreateTemplatemmPK10cssm_fieldP9cssm_data -Security:single module:__Z22cssm_CrlDescribeFormatmPmPP9cssm_data -Security:single module:__Z22cssm_IsCertInCachedCrlmPK9cssm_datamPlPS_ -Security:single module:__Z23cssm_CertCreateTemplatemmPK10cssm_fieldP9cssm_data -Security:single module:__Z23cssm_CertDescribeFormatmPmPP9cssm_data -Security:single module:__Z25cssm_CrlGetNextFieldValuemmPP9cssm_data -Security:single module:__Z26cssm_CertGetNextFieldValuemmPP9cssm_data -Security:single module:__Z26cssm_CrlGetFirstFieldValuemPK9cssm_dataS1_PmS2_PPS_ -Security:single module:__Z27cssm_CertGetFirstFieldValuemPK9cssm_dataS1_PmS2_PPS_ -Security:single module:__Z28cssm_CertGroupToSignedBundlemyPK14cssm_certgroupPK23cssm_cert_bundle_headerP9cssm_data -Security:single module:__Z29cssm_CertGetAllTemplateFieldsmPK9cssm_dataPmPP10cssm_field -Security:single module:__Z31cssm_CrlGetNextCachedFieldValuemmPP9cssm_data -Security:single module:__Z32cssm_CertGroupFromVerifiedBundlemyPK16cssm_cert_bundlePK9cssm_dataPP14cssm_certgroup -Security:single module:__Z32cssm_CrlGetAllCachedRecordFieldsmmPK9cssm_dataPmPP10cssm_field -Security:single module:__Z32cssm_CrlGetFirstCachedFieldValuemmPK9cssm_dataS1_PmS2_PPS_ -Security:single module:__Z10cssm_LoginmPK23cssm_access_credentialsPK9cssm_dataPKv -Security:single module:__Z11cssm_Logoutm -Security:single module:__Z12cssm_WrapKeymyPK12cssm_contextPK23cssm_access_credentialsPK8cssm_keyPK9cssm_dataPS5_y -Security:single module:__Z13cssm_SignDatamyPK12cssm_contextPK9cssm_datammPS2_ -Security:single module:__Z14cssm_GetKeyAclmPK8cssm_keyPA68_KcPmPP19cssm_acl_entry_info -Security:single module:__Z14cssm_QuerySizemyPK12cssm_contextlmP20cssm_query_size_data -Security:single module:__Z16cssm_GenerateKeymyPK12cssm_contextmmPK9cssm_dataPK29cssm_resource_control_contextP8cssm_keyy -Security:single module:__Z16cssm_GetKeyOwnermPK8cssm_keyP24cssm_acl_owner_prototype -Security:single module:__Z16cssm_GetLoginAclmPA68_KcPmPP19cssm_acl_entry_info -Security:single module:__Z16cssm_PassThroughmyPK12cssm_contextmPKvPPv -Security:single module:__Z17cssm_ChangeKeyAclmPK23cssm_access_credentialsPK13cssm_acl_editPK8cssm_key -Security:single module:__Z17cssm_GetTimeValuemmP9cssm_data -Security:single module:__Z17cssm_SignDataInitmyPK12cssm_context -Security:single module:__Z17cssm_VerifyDevicemPK9cssm_data -Security:single module:__Z18cssm_GetLoginOwnermP24cssm_acl_owner_prototype -Security:single module:__Z18cssm_SignDataFinalmyP9cssm_data -Security:single module:__Z18cssm_VerifyMacInitmyPK12cssm_context -Security:single module:__Z19cssm_ChangeKeyOwnermPK23cssm_access_credentialsPK8cssm_keyPK24cssm_acl_owner_prototype -Security:single module:__Z19cssm_ChangeLoginAclmPK23cssm_access_credentialsPK13cssm_acl_edit -Security:single module:__Z19cssm_GenerateRandommyPK12cssm_contextP9cssm_data -Security:single module:__Z19cssm_SignDataUpdatemyPK9cssm_datam -Security:single module:__Z19cssm_VerifyDataInitmyPK12cssm_context -Security:single module:__Z19cssm_VerifyMacFinalmyPK9cssm_data -Security:single module:__Z20cssm_GenerateKeyPairmyPK12cssm_contextmmPK9cssm_dataP8cssm_keymmS4_PK29cssm_resource_control_contextS6_y -Security:single module:__Z20cssm_RetrieveCountermP9cssm_data -Security:single module:__Z20cssm_VerifyDataFinalmyPK9cssm_data -Security:single module:__Z20cssm_VerifyMacUpdatemyPK9cssm_datam -Security:single module:__Z21cssm_ChangeLoginOwnermPK23cssm_access_credentialsPK24cssm_acl_owner_prototype -Security:single module:__Z21cssm_EncryptDataFinalmyP9cssm_data -Security:single module:__Z21cssm_RetrieveUniqueIdmP9cssm_data -Security:single module:__Z21cssm_VerifyDataUpdatemyPK9cssm_datam -Security:single module:__Z28cssm_GenerateAlgorithmParamsmyPK12cssm_contextmP9cssm_dataPmPP22cssm_context_attribute -Security:single module:__Z29cssm_GetOperationalStatisticsmP31cssm_csp_operational_statistics -Security:single module:__Z34cssm_ObtainPrivateKeyFromPublicKeymPK8cssm_keyPS_ -Security:single module:__Z13cssm_DbCreatemPKcPK16cssm_net_addressPK11cssm_dbinfomPK29cssm_resource_control_contextPKvPm -Security:single module:__Z13cssm_DbDeletemPKcPK16cssm_net_addressPK23cssm_access_credentials -Security:single module:__Z13cssm_GetDbAcl17cssm_dl_db_handlePA68_KcPmPP19cssm_acl_entry_info -Security:single module:__Z15cssm_DataDelete17cssm_dl_db_handlePK21cssm_db_unique_record -Security:single module:__Z15cssm_DataInsert17cssm_dl_db_handlemPK29cssm_db_record_attribute_dataPK9cssm_dataPP21cssm_db_unique_record -Security:single module:__Z15cssm_DataModify17cssm_dl_db_handlemP21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPK9cssm_datam -Security:single module:__Z15cssm_GetDbNamesmPP14cssm_name_list -Security:single module:__Z15cssm_GetDbOwner17cssm_dl_db_handleP24cssm_acl_owner_prototype -Security:single module:__Z16cssm_ChangeDbAcl17cssm_dl_db_handlePK23cssm_access_credentialsPK13cssm_acl_edit -Security:single module:__Z16cssm_PassThrough17cssm_dl_db_handlemPKvPPv -Security:single module:__Z17cssm_Authenticate17cssm_dl_db_handlemPK23cssm_access_credentials -Security:single module:__Z17cssm_FreeNameListmP14cssm_name_list -Security:single module:__Z18cssm_ChangeDbOwner17cssm_dl_db_handlePK23cssm_access_credentialsPK24cssm_acl_owner_prototype -Security:single module:__Z19cssm_CreateRelation17cssm_dl_db_handlemPKcmPK29cssm_db_schema_attribute_infomPK25cssm_db_schema_index_info -Security:single module:__Z20cssm_DestroyRelation17cssm_dl_db_handlem -Security:single module:__Z24cssm_GetDbNameFromHandle17cssm_dl_db_handlePPc -Security:single module:__Z12cssm_CrlSignmmyPK16cssm_encoded_crlPK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultP9cssm_data -Security:single module:__Z13cssm_CertSignmmyPK9cssm_dataPK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultPS_ -Security:single module:__Z14cssm_CrlVerifymmmPK16cssm_encoded_crlPK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__Z15cssm_CertRevokemmmPK9cssm_dataPK14cssm_certgroupS4_PK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultmPS_ -Security:single module:__Z15cssm_FormSubmitmmPK9cssm_dataPK20cssm_tp_authority_idS4_P23cssm_access_credentials -Security:single module:__Z16cssm_FormRequestmPK20cssm_tp_authority_idmP9cssm_data -Security:single module:__Z16cssm_PassThroughmmyPK15cssm_dl_db_listmPKvPPv -Security:single module:__Z17cssm_ApplyCrlToDbmmmPK16cssm_encoded_crlPK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__Z19cssm_CertGroupPrunemmPK15cssm_dl_db_listPK14cssm_certgroupPPS2_ -Security:single module:__Z19cssm_CertReclaimKeymPK14cssm_certgroupmymPK29cssm_resource_control_context -Security:single module:__Z21cssm_CertReclaimAbortmy -Security:single module:__Z22cssm_ConfirmCredResultmPK9cssm_dataPK26cssm_tp_callerauth_contextPK24cssm_tp_confirm_responsePK20cssm_tp_authority_id -Security:single module:__Z22cssm_CrlCreateTemplatemmmPK10cssm_fieldP9cssm_data -Security:single module:__Z22cssm_SubmitCredRequestmPK20cssm_tp_authority_idmPK19cssm_tp_request_setPK26cssm_tp_callerauth_contextPlP9cssm_data -Security:single module:__Z23cssm_CertCreateTemplatemmmPK10cssm_fieldP9cssm_data -Security:single module:__Z23cssm_CertGroupConstructmmmPK15cssm_dl_db_listPKvPK14cssm_certgroupPPS4_ -Security:single module:__Z23cssm_RetrieveCredResultmPK9cssm_dataPK26cssm_tp_callerauth_contextPlS5_PP18cssm_tp_result_set -Security:single module:__Z24cssm_ReceiveConfirmationmPK9cssm_dataPP24cssm_tp_confirm_responsePl -Security:single module:__Z26cssm_CertGroupToTupleGroupmmPK14cssm_certgroupPP15cssm_tuplegroup -Security:single module:__Z26cssm_TupleGroupToCertGroupmmPK15cssm_tuplegroupPP14cssm_certgroup -Security:single module:__Z29cssm_CertGetAllTemplateFieldsmmPK9cssm_dataPmPP10cssm_field -Security:single module:__Z30cssm_CertRemoveFromCrlTemplatemmmPK9cssm_dataPK14cssm_certgroupS4_PK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultPS_ -Security:single module:__ZN8Security14SecurityServer13ClientSession11contactNameEPKc -Security:single module:__ZN8Security14SecurityServer13ClientSession6GlobalC2Ev -Security:single module:__ZN8Security14SecurityServer13ClientSession9terminateEv -Security:single module:__ZN8Security14SecurityServer13ClientSessionD0Ev -Security:single module:__ZN8Security14SecurityServer13ClientSessionD2Ev -Security:single module:__ZNK8Security14SecurityServer13ClientSession11contactNameEv -Security:single module:__ZN8Security10DataOutputD2Ev -Security:single module:__ZN8Security11SendContextC2ERKNS_7ContextE -Security:single module:__ZN8Security14SecurityServer13ClientSession10getDbOwnerEmRNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession11changeDbAclEmRKNS_17AccessCredentialsERKNS_7AclEditE -Security:single module:__ZN8Security14SecurityServer13ClientSession11changeOwnerENS0_7AclKindEmRKNS_17AccessCredentialsERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security14SecurityServer13ClientSession11generateKeyEmRKNS_7ContextEmmPKNS_17AccessCredentialsEPKNS_13AclEntryInputERmRNS_7CssmKey6HeaderE -Security:single module:__ZN8Security14SecurityServer13ClientSession11generateKeyEmRKNS_7ContextEmmmmPKNS_17AccessCredentialsEPKNS_13AclEntryInputERmRNS_7CssmKey6HeaderESB_SE_ -Security:single module:__ZN8Security14SecurityServer13ClientSession11generateMacERKNS_7ContextEmRKNS_8CssmDataERS5_RNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession11getKeyOwnerEmRNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession12changeKeyAclEmRKNS_17AccessCredentialsERKNS_7AclEditE -Security:single module:__ZN8Security14SecurityServer13ClientSession12getKeyDigestEmRNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession13changeDbOwnerEmRKNS_17AccessCredentialsERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security14SecurityServer13ClientSession13getOutputSizeERKNS_7ContextEmmb -Security:single module:__ZN8Security14SecurityServer13ClientSession14authenticateDbEmmPKNS_17AccessCredentialsE -Security:single module:__ZN8Security14SecurityServer13ClientSession14changeKeyOwnerEmRKNS_17AccessCredentialsERKNS_17AclOwnerPrototypeE -Security:single module:__ZN8Security14SecurityServer13ClientSession14generateRandomERNS_8CssmDataE -Security:single module:__ZN8Security14SecurityServer13ClientSession15getDbParametersEmRNS0_12DBParametersE -Security:single module:__ZN8Security14SecurityServer13ClientSession15setDbParametersEmRKNS0_12DBParametersE -Security:single module:__ZN8Security14SecurityServer13ClientSession15verifySignatureERKNS_7ContextEmRKNS_8CssmDataES7_m -Security:single module:__ZN8Security14SecurityServer13ClientSession16changePassphraseEmPKNS_17AccessCredentialsE -Security:single module:__ZN8Security14SecurityServer13ClientSession16extractMasterKeyEmRKNS_7ContextEmmmPKNS_17AccessCredentialsEPKNS_13AclEntryInputERmRNS_7CssmKey6HeaderERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession16stopNotificationENS_12MachPlusPlus4PortE -Security:single module:__ZN8Security14SecurityServer13ClientSession17generateSignatureERKNS_7ContextEmRKNS_8CssmDataERS5_RNS_13CssmAllocatorEm -Security:single module:__ZN8Security14SecurityServer13ClientSession18authorizationdbGetEPKcRNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession18authorizationdbSetERKNS0_17AuthorizationBlobEPKcjPKv -Security:single module:__ZN8Security14SecurityServer13ClientSession18queryKeySizeInBitsEm -Security:single module:__ZN8Security14SecurityServer13ClientSession19getDbSuggestedIndexEmRNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession19requestNotificationENS_12MachPlusPlus4PortEmm -Security:single module:__ZN8Security14SecurityServer13ClientSession20dispatchNotificationEPK17mach_msg_header_tPFlmmPKvmPvES7_ -Security:single module:__ZN8Security14SecurityServer13ClientSession21authorizationdbRemoveERKNS0_17AuthorizationBlobEPKc -Security:single module:__ZN8Security14SecurityServer13ClientSession21removeCodeEquivalenceERKNS_8CssmDataEPKcb -Security:single module:__ZN8Security14SecurityServer13ClientSession22setAlternateSystemRootEPKc -Security:single module:__ZN8Security14SecurityServer13ClientSession4lockEm -Security:single module:__ZN8Security14SecurityServer13ClientSession6getAclENS0_7AclKindEmPKcRmRPNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession6unlockEm -Security:single module:__ZN8Security14SecurityServer13ClientSession6unlockEmRKNS_8CssmDataE -Security:single module:__ZN8Security14SecurityServer13ClientSession7encryptERKNS_7ContextEmRKNS_8CssmDataERS5_RNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession7lockAllEb -Security:single module:__ZN8Security14SecurityServer13ClientSession7wrapKeyERKNS_7ContextEmmPKNS_17AccessCredentialsEPKNS_8CssmDataERNS_7CssmKeyERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession8createDbERKNS_14DLDbIdentifierEPKNS_17AccessCredentialsEPKNS_13AclEntryInputERKNS0_12DBParametersE -Security:single module:__ZN8Security14SecurityServer13ClientSession8encodeDbEmRNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession8getDbAclEmPKcRmRPNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession8getOwnerENS0_7AclKindEmRNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession8isLockedEm -Security:single module:__ZN8Security14SecurityServer13ClientSession9changeAclENS0_7AclKindEmRKNS_17AccessCredentialsERKNS_7AclEditE -Security:single module:__ZN8Security14SecurityServer13ClientSession9deriveKeyEmRKNS_7ContextEmmmRNS_8CssmDataEPKNS_17AccessCredentialsEPKNS_13AclEntryInputERmRNS_7CssmKey6HeaderERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession9encodeKeyEmRNS_8CssmDataEPNS0_6KeyUIDERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession9getKeyAclEmPKcRmRPNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession9unwrapKeyEmRKNS_7ContextEmmRKNS_7CssmKeyEmmPKNS_17AccessCredentialsEPKNS_13AclEntryInputERNS_8CssmDataERmRNS5_6HeaderERNS_13CssmAllocatorE -Security:single module:__ZN8Security14SecurityServer13ClientSession9verifyMacERKNS_7ContextEmRKNS_8CssmDataES7_ -Security:single module:__ZN8Security25DatabaseAccessCredentials12mapKeySampleERmRNS_7CssmKeyE -Security:single module:__ZN8Security25DatabaseAccessCredentialsC2EPKNS_17AccessCredentialsERNS_13CssmAllocatorE -Security:single module:__ZN8Security9chunkCopyERNS_8CssmListERNS_13CssmAllocatorE -Security:single module:__ZN8Security13NameValuePairC1ERKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePairC2ERKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePairC2EmRKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePairC4ERKNS_8CssmDataE -Security:single module:__ZN8Security13NameValuePairD2Ev -Security:single module:__ZN8Security19NameValueDictionary12RemoveByNameEm -Security:single module:__ZN8Security19NameValueDictionary41MakeDLDbIdentifierFromNameValueDictionaryERKS0_ -Security:single module:__ZN8Security19NameValueDictionaryC1ERKNS_8CssmDataE -Security:single module:__ZN8Security19NameValueDictionaryC2ERKNS_8CssmDataE -Security:single module:__ZN8Security19NameValueDictionaryC2Ev -Security:single module:__ZN8Security19NameValueDictionaryC4ERKNS_8CssmDataE -Security:single module:__ZN8Security19NameValueDictionaryD2Ev -Security:single module:__ZNK8Security19NameValueDictionary10FindByNameEm -Security:single module:__ZNK8Security19NameValueDictionary18FindPositionByNameEm -Security:single module:__ZN8Security14SecurityServer13EventListenerC2ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security14SecurityServer13EventListenerC1ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security14SecurityServer13EventListenerC4ERNS_13CssmAllocatorES3_ -Security:single module:__ZN8Security14SecurityServer13EventListenerD2Ev -Security:single module:__ZN8Security14SecurityServer13EventListenerD1Ev -Security:single module:__ZN8Security14SecurityServer13EventListenerD0Ev -Security:single module:__ZN8Security14SecurityServer13EventListenerD4Ev -Security:single module:__ZN8Security14SecurityServer13EventListener8CallbackEP12__CFMachPortPvlS4_ -Security:single module:__ZN8Security14SecurityServer13EventListener10InitializeEv -Security:single module:__ZN8Security14SecurityServer13EventListener14HandleCallbackEP12__CFMachPortPvl -Security:single module:__ZN8Security14SecurityServer13EventListener14ProcessMessageEmmPKvmPv -Security:single module:__ZN8Security14SecurityServer13EventListener13RequestEventsEmm -Security:single module:__ZN8Security14SecurityServer13EventListener13EventReceivedEmmPKvm -Security:single module:__Z28__MIG_check__Reply__getAcl_tP17__Reply__getAcl_t -Security:single module:__Z28__MIG_check__Reply__lockDb_tP17__Reply__lockDb_t -Security:single module:__Z29__MIG_check__Reply__encrypt_tP18__Reply__encrypt_t -Security:single module:__Z29__MIG_check__Reply__lockAll_tP18__Reply__lockAll_t -Security:single module:__Z29__MIG_check__Reply__wrapKey_tP18__Reply__wrapKey_t -Security:single module:__Z30__MIG_check__Reply__createDb_tP19__Reply__createDb_t -Security:single module:__Z30__MIG_check__Reply__encodeDb_tP19__Reply__encodeDb_t -Security:single module:__Z30__MIG_check__Reply__getOwner_tP19__Reply__getOwner_t -Security:single module:__Z30__MIG_check__Reply__isLocked_tP19__Reply__isLocked_t -Security:single module:__Z30__MIG_check__Reply__setOwner_tP19__Reply__setOwner_t -Security:single module:__Z30__MIG_check__Reply__teardown_tP19__Reply__teardown_t -Security:single module:__Z30__MIG_check__Reply__unlockDb_tP19__Reply__unlockDb_t -Security:single module:__Z31__MIG_check__Reply__changeAcl_tP20__Reply__changeAcl_t -Security:single module:__Z31__MIG_check__Reply__deriveKey_tP20__Reply__deriveKey_t -Security:single module:__Z31__MIG_check__Reply__encodeKey_tP20__Reply__encodeKey_t -Security:single module:__Z31__MIG_check__Reply__unwrapKey_tP20__Reply__unwrapKey_t -Security:single module:__Z31__MIG_check__Reply__verifyMac_tP20__Reply__verifyMac_t -Security:single module:__Z32__MIG_check__Reply__getDbIndex_tP21__Reply__getDbIndex_t -Security:single module:__Z33__MIG_check__Reply__generateKey_tP22__Reply__generateKey_t -Security:single module:__Z33__MIG_check__Reply__generateMac_tP22__Reply__generateMac_t -Security:single module:__Z34__MIG_check__Reply__getKeyDigest_tP23__Reply__getKeyDigest_t -Security:single module:__Z35__MIG_check__Reply__getOutputSize_tP24__Reply__getOutputSize_t -Security:single module:__Z36__MIG_check__Reply__authenticateDb_tP25__Reply__authenticateDb_t -Security:single module:__Z36__MIG_check__Reply__generateRandom_tP25__Reply__generateRandom_t -Security:single module:__Z37__MIG_check__Reply__generateKeyPair_tP26__Reply__generateKeyPair_t -Security:single module:__Z37__MIG_check__Reply__getDbParameters_tP26__Reply__getDbParameters_t -Security:single module:__Z37__MIG_check__Reply__setDbParameters_tP26__Reply__setDbParameters_t -Security:single module:__Z37__MIG_check__Reply__verifySignature_tP26__Reply__verifySignature_t -Security:single module:__Z38__MIG_check__Reply__changePassphrase_tP27__Reply__changePassphrase_t -Security:single module:__Z38__MIG_check__Reply__extractMasterKey_tP27__Reply__extractMasterKey_t -Security:single module:__Z38__MIG_check__Reply__stopNotification_tP27__Reply__stopNotification_t -Security:single module:__Z39__MIG_check__Reply__generateSignature_tP28__Reply__generateSignature_t -Security:single module:__Z40__MIG_check__Reply__authorizationdbGet_tP29__Reply__authorizationdbGet_t -Security:single module:__Z40__MIG_check__Reply__authorizationdbSet_tP29__Reply__authorizationdbSet_t -Security:single module:__Z40__MIG_check__Reply__queryKeySizeInBits_tP29__Reply__queryKeySizeInBits_t -Security:single module:__Z41__MIG_check__Reply__requestNotification_tP30__Reply__requestNotification_t -Security:single module:__Z43__MIG_check__Reply__authorizationdbRemove_tP32__Reply__authorizationdbRemove_t -Security:single module:__Z43__MIG_check__Reply__removeCodeEquivalence_tP32__Reply__removeCodeEquivalence_t -Security:single module:__Z44__MIG_check__Reply__setAlternateSystemRoot_tP33__Reply__setAlternateSystemRoot_t -Security:single module:__Z44__MIG_check__Reply__unlockDbWithPassphrase_tP33__Reply__unlockDbWithPassphrase_t -Security:single module:_ucsp_client_authenticateDb -Security:single module:_ucsp_client_authorizationdbGet -Security:single module:_ucsp_client_authorizationdbRemove -Security:single module:_ucsp_client_authorizationdbSet -Security:single module:_ucsp_client_changeAcl -Security:single module:_ucsp_client_changePassphrase -Security:single module:_ucsp_client_createDb -Security:single module:_ucsp_client_deriveKey -Security:single module:_ucsp_client_encodeDb -Security:single module:_ucsp_client_encodeKey -Security:single module:_ucsp_client_encrypt -Security:single module:_ucsp_client_extractMasterKey -Security:single module:_ucsp_client_generateKey -Security:single module:_ucsp_client_generateKeyPair -Security:single module:_ucsp_client_generateMac -Security:single module:_ucsp_client_generateRandom -Security:single module:_ucsp_client_generateSignature -Security:single module:_ucsp_client_getAcl -Security:single module:_ucsp_client_getDbIndex -Security:single module:_ucsp_client_getDbParameters -Security:single module:_ucsp_client_getKeyDigest -Security:single module:_ucsp_client_getOutputSize -Security:single module:_ucsp_client_getOwner -Security:single module:_ucsp_client_isLocked -Security:single module:_ucsp_client_lockAll -Security:single module:_ucsp_client_lockDb -Security:single module:_ucsp_client_queryKeySizeInBits -Security:single module:_ucsp_client_removeCodeEquivalence -Security:single module:_ucsp_client_requestNotification -Security:single module:_ucsp_client_setAlternateSystemRoot -Security:single module:_ucsp_client_setDbParameters -Security:single module:_ucsp_client_setOwner -Security:single module:_ucsp_client_stopNotification -Security:single module:_ucsp_client_teardown -Security:single module:_ucsp_client_unlockDb -Security:single module:_ucsp_client_unlockDbWithPassphrase -Security:single module:_ucsp_client_unwrapKey -Security:single module:_ucsp_client_verifyMac -Security:single module:_ucsp_client_verifySignature -Security:single module:_ucsp_client_wrapKey -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC2Ev -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC1Ev -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC4Ev -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC2EPFlmP23SecKeychainCallbackInfoPvEmS4_ -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC1EPFlmP23SecKeychainCallbackInfoPvEmS4_ -Security:single module:__ZN8Security12KeychainCore12CallbackInfoC4EPFlmP23SecKeychainCallbackInfoPvEmS4_ -Security:single module:__ZN8Security12KeychainCore12CallbackInfoD2Ev -Security:single module:__ZN8Security12KeychainCore12CallbackInfoD1Ev -Security:single module:__ZN8Security12KeychainCore12CallbackInfoD4Ev -Security:single module:__ZNK8Security12KeychainCore12CallbackInfoeqERKS1_ -Security:single module:__ZNK8Security12KeychainCore12CallbackInfoneERKS1_ -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrC2Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrC1Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrC4Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrD2Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrD1Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrD0Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgrD4Ev -Security:single module:__ZN8Security12KeychainCore12CCallbackMgr8InstanceEv -Security:single module:__ZN8Security12KeychainCore12CCallbackMgr11AddCallbackEPFlmP23SecKeychainCallbackInfoPvEmS4_ -Security:single module:__ZN8Security12KeychainCore12CCallbackMgr14RemoveCallbackEPFlmP23SecKeychainCallbackInfoPvE -Security:single module:__ZN8Security12KeychainCore12CCallbackMgr12AlertClientsEmiRKNS0_8KeychainERKNS0_4ItemE -Security:single module:__ZN8Security12KeychainCore12CCallbackMgr5EventEmmRNS_19NameValueDictionaryE -Security:single module:__ZN8Security17CSSMDateTimeUtils25GetCurrentMacLongDateTimeERx -Security:single module:__ZN8Security17CSSMDateTimeUtils22TimeStringToMacSecondsERK9cssm_dataRm -Security:single module:__ZN8Security17CSSMDateTimeUtils27TimeStringToMacLongDateTimeERK9cssm_dataRx -Security:single module:__ZN8Security17CSSMDateTimeUtils22MacSecondsToTimeStringEmmPv -Security:single module:__ZN8Security17CSSMDateTimeUtils27MacLongDateTimeToTimeStringERKxmPv -Security:single module:__ZN8Security14DLDbListCFPref10searchListERKSt6vectorINS_14DLDbIdentifierESaIS2_EE -Security:single module:__ZN8Security14DLDbListCFPref11clearPWInfoEv -Security:single module:__ZN8Security14DLDbListCFPref14StripPathStuffERKSs -Security:single module:__ZN8Security14DLDbListCFPref15AbbreviatedPathERKSs -Security:single module:__ZN8Security14DLDbListCFPref17resetCachedValuesEv -Security:single module:__ZN8Security14DLDbListCFPref17writePropertyListEv -Security:single module:__ZN8Security14DLDbListCFPref19LoginDLDbIdentifierEv -Security:single module:__ZN8Security14DLDbListCFPref19loginDLDbIdentifierERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security14DLDbListCFPref21defaultDLDbIdentifierERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security14DLDbListCFPref31dlDbIdentifierToCFDictionaryRefERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security14DLDbListCFPref3addERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security14DLDbListCFPref3setE20SecPreferencesDomain -Security:single module:__ZN8Security14DLDbListCFPref4saveEv -Security:single module:__ZN8Security14DLDbListCFPref6removeERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security14DLDbListCFPrefC2E20SecPreferencesDomain -Security:single module:__ZN8Security14DLDbListCFPrefD1Ev -Security:single module:__ZN8Security14DLDbListCFPrefD2Ev -Security:single module:__ZN8Security14DLDbListCFPrefD4Ev -Security:single module:__ZN8Security16PasswordDBLookupC2Ev -Security:single module:__ZN8Security12KeychainCore7GlobalsC2Ev -Security:single module:__ZN8Security12KeychainCore4ItemC1ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore4ItemC1ERNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore4ItemC1EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore4ItemC1EmmmPKv -Security:single module:__ZN8Security12KeychainCore4ItemC2EPNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore4ItemC2ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore4ItemC2ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore4ItemC2ERNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore4ItemC2EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore4ItemC2EmmmPKv -Security:single module:__ZN8Security12KeychainCore4ItemC2Ev -Security:single module:__ZN8Security12KeychainCore4ItemC4ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore4ItemC4ERNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore4ItemC4EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore4ItemC4EmmmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImpl12getAttributeER20SecKeychainAttributePm -Security:single module:__ZN8Security12KeychainCore8ItemImpl12setAttributeER20SecKeychainAttribute -Security:single module:__ZN8Security12KeychainCore8ItemImpl12setAttributeERKNS_19CssmDbAttributeInfoERKNS_12CssmPolyDataE -Security:single module:__ZN8Security12KeychainCore8ItemImpl13modifyContentEPK24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImpl15getLocalContentER24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore8ItemImpl16getAttributeFromEPNS_19CssmDbAttributeDataER20SecKeychainAttributePm -Security:single module:__ZN8Security12KeychainCore8ItemImpl20getAttributesAndDataEP24SecKeychainAttributeInfoPmPP24SecKeychainAttributeListS4_PPv -Security:single module:__ZN8Security12KeychainCore8ItemImpl21defaultAttributeValueERK22cssm_db_attribute_info -Security:single module:__ZN8Security12KeychainCore8ItemImpl21freeAttributesAndDataEP24SecKeychainAttributeListPv -Security:single module:__ZN8Security12KeychainCore8ItemImpl23modifyAttributesAndDataEPK24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImpl3addERNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore8ItemImpl5groupEv -Security:single module:__ZN8Security12KeychainCore8ItemImpl6copyToERKNS0_8KeychainEPNS0_6AccessE -Security:single module:__ZN8Security12KeychainCore8ItemImpl6updateEv -Security:single module:__ZN8Security12KeychainCore8ItemImpl7getDataERNS_17CssmDataContainerE -Security:single module:__ZN8Security12KeychainCore8ItemImpl7setDataEmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImpl8getClassER20SecKeychainAttributePm -Security:single module:__ZN8Security12KeychainCore8ItemImpl9didModifyEv -Security:single module:__ZN8Security12KeychainCore8ItemImpl9setAccessEPNS0_6AccessE -Security:single module:__ZN8Security12KeychainCore8ItemImplC1ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore8ItemImplC1ERS1_ -Security:single module:__ZN8Security12KeychainCore8ItemImplC1EmP24SecKeychainAttributeListmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImplC1EmmmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImplC2ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore8ItemImplC2ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore8ItemImplC2ERS1_ -Security:single module:__ZN8Security12KeychainCore8ItemImplC2EmmmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImplC4ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore8ItemImplC4ERS1_ -Security:single module:__ZN8Security12KeychainCore8ItemImplC4EmmmPKv -Security:single module:__ZN8Security12KeychainCore8ItemImplD0Ev -Security:single module:__ZNK8Security12KeychainCore8ItemImpl10isModifiedEv -Security:single module:__ZNK8Security12KeychainCore8ItemImpl12modifiedDataEv -Security:single module:__ZNK8Security12KeychainCore8ItemImpl18modifiedAttributesEv -Security:single module:__ZNK8Security12KeychainCore8ItemImpl8keychainEv -Security:single module:__ZNK8Security12KeychainCore8ItemImplltERKS1_ -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC1ERKSt6vectorINS0_8KeychainESaIS3_EEPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC2ERKSt6vectorINS0_8KeychainESaIS3_EEPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC2ERKSt6vectorINS0_8KeychainESaIS3_EEmPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KCCursorImplC4ERKSt6vectorINS0_8KeychainESaIS3_EEPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KCCursorImplD0Ev -Security:single module:__ZN8Security12KeychainCore12KCCursorImplD2Ev -Security:single module:__ZN8Security8Observer13EventReceivedEmmPKvm -Security:single module:__ZN8Security8ObserverC2Emm -Security:single module:__ZN8Security8ObserverC1Emm -Security:single module:__ZN8Security8ObserverC4Emm -Security:single module:__ZN8Security8ObserverD2Ev -Security:single module:__ZN8Security8ObserverD1Ev -Security:single module:__ZN8Security8ObserverD0Ev -Security:single module:__ZN8Security8ObserverD4Ev -Security:single module:__ZN8Security25GetKeychainErrFromCSSMErrEl -Security:single module:__ZN8Security13StKCAttributeC2EP20SecKeychainAttribute -Security:single module:__ZN8Security13StKCAttributeC1EP20SecKeychainAttribute -Security:single module:__ZN8Security13StKCAttributeC4EP20SecKeychainAttribute -Security:single module:__ZN8Security13StKCAttributeD2Ev -Security:single module:__ZN8Security13StKCAttributeD1Ev -Security:single module:__ZN8Security13StKCAttributeD0Ev -Security:single module:__ZN8Security13StKCAttributeD4Ev -Security:single module:__ZN8Security8StKCItemC2EPP24OpaqueSecKeychainItemRefPl -Security:single module:__ZN8Security8StKCItemC1EPP24OpaqueSecKeychainItemRefPl -Security:single module:__ZN8Security8StKCItemC4EPP24OpaqueSecKeychainItemRefPl -Security:single module:__ZN8Security8StKCItemD2Ev -Security:single module:__ZN8Security8StKCItemD1Ev -Security:single module:__ZN8Security8StKCItemD0Ev -Security:single module:__ZN8Security8StKCItemD4Ev -Security:single module:__ZN8Security12KeychainCore12KeychainImpl10deleteItemERNS0_4ItemE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl11getSettingsERmRb -Security:single module:__ZN8Security12KeychainCore12KeychainImpl11setSettingsEmb -Security:single module:__ZN8Security12KeychainCore12KeychainImpl12authenticateEPK23cssm_access_credentials -Security:single module:__ZN8Security12KeychainCore12KeychainImpl12createCursorEPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KeychainImpl12createCursorEmPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore12KeychainImpl13didDeleteItemEPKNS0_8ItemImplE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl16attributeInfoForEmm -Security:single module:__ZN8Security12KeychainCore12KeychainImpl16changePassphraseEPKhS3_ -Security:single module:__ZN8Security12KeychainCore12KeychainImpl16changePassphraseEmPKvmS3_ -Security:single module:__ZN8Security12KeychainCore12KeychainImpl17freeAttributeInfoEP24SecKeychainAttributeInfo -Security:single module:__ZN8Security12KeychainCore12KeychainImpl25getAttributeInfoForItemIDEmPP24SecKeychainAttributeInfo -Security:single module:__ZN8Security12KeychainCore12KeychainImpl3addERNS0_4ItemE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl3cspEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl4itemERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl4lockEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl4openEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6createEPKNS_22ResourceControlContextE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6createEPKh -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6createEmPKv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6createEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6existsEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6unlockEPKh -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6unlockERKNS_8CssmDataE -Security:single module:__ZN8Security12KeychainCore12KeychainImpl6unlockEv -Security:single module:__ZN8Security12KeychainCore12KeychainImpl9didUpdateEPNS0_8ItemImplERNS0_10PrimaryKeyES5_ -Security:single module:__ZN8Security12KeychainCore12KeychainImplC2ERKNS_10CssmClient2DbE -Security:single module:__ZN8Security12KeychainCore12KeychainImplD0Ev -Security:single module:__ZN8Security12KeychainCore12KeychainImplD2Ev -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplC2ERKNS_10CssmClient2DbE -Security:single module:__ZN8Security12KeychainCore18KeychainSchemaImplD2Ev -Security:single module:__ZN8Security12KeychainCore8Keychain8optionalEP20OpaqueSecKeychainRef -Security:single module:__ZNK8Security12KeychainCore12KeychainImpl6statusEv -Security:single module:__ZNK8Security12KeychainCore12KeychainImpl8isActiveEv -Security:single module:__ZNK8Security12KeychainCore12KeychainImpleqERKS1_ -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl12hasAttributeEmm -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl16attributeInfoForEmm -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl18attributeFormatForEmm -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl18relationInfoMapForEm -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpl29getAttributeInfoForRecordTypeEmPP24SecKeychainAttributeInfo -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImpleqERKS1_ -Security:single module:__ZNK8Security12KeychainCore18KeychainSchemaImplltERKS1_ -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImpl12createCursorERKNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC2ERK9cssm_data -Security:single module:__ZN8Security12KeychainCore14PrimaryKeyImplC2ERKNS_10CssmClient12DbAttributesE -Security:single module:_SecKeychainCopySearchNextItem -Security:single module:_SecKeychainRelease -Security:single module:_SecKeychainSearchRelease -Security:single module:__ZN8Security12KeychainCore14StorageManager11convertListERSt6vectorINS0_8KeychainESaIS3_EERKS2_INS_14DLDbIdentifierESaIS7_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager11convertListERSt6vectorINS_14DLDbIdentifierESaIS3_EERKS2_INS0_8KeychainESaIS7_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager12createCursorEPK24SecKeychainAttributeList -Security:single module:__ZN8Security12KeychainCore14StorageManager12makeKeychainERKNS_14DLDbIdentifierEb -Security:single module:__ZN8Security12KeychainCore14StorageManager12renameUniqueENS0_8KeychainEPK10__CFString -Security:single module:__ZN8Security12KeychainCore14StorageManager13getSearchListE20SecPreferencesDomainRSt6vectorINS0_8KeychainESaIS4_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager13loginKeychainENS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore14StorageManager13loginKeychainEv -Security:single module:__ZN8Security12KeychainCore14StorageManager13resetKeychainEh -Security:single module:__ZN8Security12KeychainCore14StorageManager13setSearchListE20SecPreferencesDomainRKSt6vectorINS0_8KeychainESaIS4_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager13setSearchListERKSt6vectorINS0_8KeychainESaIS3_EE -Security:single module:__ZN8Security12KeychainCore14StorageManager15defaultKeychainE20SecPreferencesDomain -Security:single module:__ZN8Security12KeychainCore14StorageManager15defaultKeychainE20SecPreferencesDomainRKNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore14StorageManager15defaultKeychainERKNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore14StorageManager15defaultKeychainEv -Security:single module:__ZN8Security12KeychainCore14StorageManager15makeLoginAuthUIERNS0_4ItemE -Security:single module:__ZN8Security12KeychainCore14StorageManager17defaultKeychainUIERNS0_4ItemE -Security:single module:__ZN8Security12KeychainCore14StorageManager19changeLoginPasswordEPKhS3_ -Security:single module:__ZN8Security12KeychainCore14StorageManager19changeLoginPasswordEmPKvmS3_ -Security:single module:__ZN8Security12KeychainCore14StorageManager21setDefaultCredentialsERKNS_10CssmClient2DbE -Security:single module:__ZN8Security12KeychainCore14StorageManager2atEj -Security:single module:__ZN8Security12KeychainCore14StorageManager4makeEPKc -Security:single module:__ZN8Security12KeychainCore14StorageManager4makeEPKcb -Security:single module:__ZN8Security12KeychainCore14StorageManager4sizeEv -Security:single module:__ZN8Security12KeychainCore14StorageManager5loginEPK22AuthorizationOpaqueRefmPKc -Security:single module:__ZN8Security12KeychainCore14StorageManager5loginEPKhS3_ -Security:single module:__ZN8Security12KeychainCore14StorageManager5loginEmPKvmS3_ -Security:single module:__ZN8Security12KeychainCore14StorageManager6domainE20SecPreferencesDomain -Security:single module:__ZN8Security12KeychainCore14StorageManager6logoutEv -Security:single module:__ZN8Security12KeychainCore14StorageManager6removeERKSt6vectorINS0_8KeychainESaIS3_EEb -Security:single module:__ZN8Security12KeychainCore14StorageManager6renameENS0_8KeychainEPKc -Security:single module:__ZN8Security12KeychainCore14StorageManager7createdERKNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore14StorageManager7lockAllEv -Security:single module:__ZN8Security12KeychainCore14StorageManager8keychainERKNS_14DLDbIdentifierE -Security:single module:__ZN8Security12KeychainCore14StorageManagerC2Ev -Security:single module:__ZN8Security12KeychainCore14StorageManagerixEj -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreC2Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreC1Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreC4Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreD2Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreD1Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreD0Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCoreD4Ev -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore4openEv -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore5closeEv -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore4readEPvm -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore5writeEPKvm -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore17continueHandshakeEv -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore5stateEv -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore7versionEv -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore7versionE11SSLProtocol -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore19numSupportedCiphersEv -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore16supportedCiphersEPmRm -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore17numEnabledCiphersEv -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore14enabledCiphersEPmRm -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore14enabledCiphersEPmm -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore18allowsExpiredCertsEv -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore18allowsExpiredCertsEb -Security:single module:__ZNK8Security10IPPlusPlus19SecureTransportCore18allowsUnknownRootsEv -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore18allowsUnknownRootsEb -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore6peerIdEPKvm -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore11sslReadFuncEPKvPvPm -Security:single module:__ZN8Security10IPPlusPlus19SecureTransportCore12sslWriteFuncEPKvS3_Pm -Security:single module:__ZN8Security10IPPlusPlus11SocksServer4makeEjRKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus17SocksClientSocket4openERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus17SocksClientSocket4openERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus17SocksClientSocket4openERKNS0_4HostEt -Security:single module:__ZN8Security10IPPlusPlus17SocksClientSocket5setFdEiRKNS0_13IPSockAddressES4_ -Security:single module:__ZN8Security10IPPlusPlus17SocksServerSocket4openERKNS0_13IPSockAddressEi -Security:single module:__ZN8Security10IPPlusPlus17SocksServerSocket7receiveERNS0_17SocksClientSocketE -Security:single module:__ZNK8Security10IPPlusPlus11SocksServer7Support12localAddressERKNS0_6SocketE -Security:single module:__ZNK8Security10IPPlusPlus11SocksServer7Support11peerAddressERKNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks46Server7connectERNS0_17SocksClientSocketERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socks46Server7connectERNS0_17SocksClientSocketERKNS0_4HostEt -Security:single module:__ZN8Security10IPPlusPlus6Socks46Server4bindERNS0_17SocksServerSocketERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socks46Server7receiveERNS0_17SocksServerSocketERNS0_17SocksClientSocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC2ENS1_7CommandERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC1ENS1_7CommandERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC4ENS1_7CommandERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socks47Message4sendERNS0_6SocketEPKc -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC2ERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC1ERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks47MessageC4ERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks56Server4openERNS0_6SocketERNS0_11SocksServer7SupportE -Security:single module:__ZN8Security10IPPlusPlus6Socks56Server7connectERNS0_17SocksClientSocketERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socks56Server7connectERNS0_17SocksClientSocketERKNS0_4HostEt -Security:single module:__ZN8Security10IPPlusPlus6Socks56Server4bindERNS0_17SocksServerSocketERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socks56Server7receiveERNS0_17SocksServerSocketERNS0_17SocksClientSocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC2ENS1_7CommandENS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC1ENS1_7CommandENS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC4ENS1_7CommandENS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC2ENS1_7CommandEPKct -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC1ENS1_7CommandEPKct -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC4ENS1_7CommandEPKct -Security:single module:__ZN8Security10IPPlusPlus6Socks57Message4sendERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC2ERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC1ERNS0_6SocketE -Security:single module:__ZN8Security10IPPlusPlus6Socks57MessageC4ERNS0_6SocketE -Security:single module:__ZN8Security10BufferFifoD2Ev -Security:single module:__ZN8Security10BufferFifoD1Ev -Security:single module:__ZN8Security10BufferFifoD0Ev -Security:single module:__ZN8Security10BufferFifoD4Ev -Security:single module:__ZN8Security10BufferFifo11clearBufferEv -Security:single module:__ZN8Security10BufferFifo7consumeEPKvm -Security:single module:__ZN8Security10BufferFifo3popEv -Security:single module:__ZN8Security9ConstData4BlobC2EPKvmb -Security:single module:__ZN8Security9ConstData4BlobC1EPKvmb -Security:single module:__ZN8Security9ConstData4BlobC4EPKvmb -Security:single module:__ZN8Security10IPPlusPlus9InetReplyC2EPKc -Security:single module:__ZN8Security10IPPlusPlus9InetReplyC1EPKc -Security:single module:__ZN8Security10IPPlusPlus9InetReplyC4EPKc -Security:single module:__ZN8Security10IPPlusPlus9InetReply7analyzeEv -Security:single module:__ZN8Security10IPPlusPlus9InetReply12ContinuationclEPKc -Security:single module:__ZN8Security10IPPlusPlus9InetReply12ContinuationclERKS1_ -Security:single module:__ZN8Security10IPPlusPlus9IPAddressC2EPKc -Security:single module:__ZN8Security10IPPlusPlus9IPAddressC1EPKc -Security:single module:__ZN8Security10IPPlusPlus9IPAddressC4EPKc -Security:single module:__ZNK8Security10IPPlusPlus9IPAddresscvSsEv -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC2Ev -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC1Ev -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC4Ev -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC2ERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC1ERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus13IPSockAddressC4ERKNS0_9IPAddressEt -Security:single module:__ZNK8Security10IPPlusPlus13IPSockAddresscvSsEv -Security:single module:__ZNK8Security10IPPlusPlus13IPSockAddress8defaultsERKS1_ -Security:single module:__ZNK8Security10IPPlusPlus13IPSockAddress8defaultsERKNS0_9IPAddressEt -Security:single module:__ZNK8Security10IPPlusPlus13IPSockAddress8defaultsEt -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC2Ev -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC1Ev -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC4Ev -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC2EPKc -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC1EPKc -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC4EPKc -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC2ERKSs -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC1ERKSs -Security:single module:__ZN8Security10IPPlusPlus13UNSockAddressC4ERKSs -Security:single module:__ZNK8Security10IPPlusPlus13UNSockAddress4pathEv -Security:single module:__ZN8Security10IPPlusPlus6SocketC2Ei -Security:single module:__ZN8Security10IPPlusPlus6SocketC1Ei -Security:single module:__ZN8Security10IPPlusPlus6SocketC4Ei -Security:single module:__ZN8Security10IPPlusPlus6SocketC2Eiii -Security:single module:__ZN8Security10IPPlusPlus6SocketC1Eiii -Security:single module:__ZN8Security10IPPlusPlus6SocketC4Eiii -Security:single module:__ZN8Security10IPPlusPlus6Socket4openEiii -Security:single module:__ZN8Security10IPPlusPlus6Socket7prepareEiiii -Security:single module:__ZN8Security10IPPlusPlus6Socket4bindERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socket4bindERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket4bindERKNS0_13UNSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket6listenEi -Security:single module:__ZN8Security10IPPlusPlus6Socket6acceptERS1_ -Security:single module:__ZN8Security10IPPlusPlus6Socket6acceptERS1_RNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket6acceptERS1_RNS0_13UNSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket7connectERKNS0_13IPSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket7connectERKNS0_9IPAddressEt -Security:single module:__ZN8Security10IPPlusPlus6Socket7connectERKNS0_13UNSockAddressE -Security:single module:__ZN8Security10IPPlusPlus6Socket8shutdownEi -Security:single module:__ZNK8Security10IPPlusPlus6Socket12localAddressEv -Security:single module:__ZNK8Security10IPPlusPlus6Socket11peerAddressEv -Security:single module:__ZNK8Security10IPPlusPlus6Socket9getOptionEPvRiii -Security:single module:__ZNK8Security10IPPlusPlus6Socket9setOptionEPKviii -Security:single module:__ZN8Security10IPPlusPlus6Socket7connectERKNS0_4HostEt -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocket4openERKNS0_13IPSockAddressEi -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocket4openERKNS0_9IPAddressEti -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocket4openERKNS0_4HostEti -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocketD2Ev -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocketD1Ev -Security:single module:__ZN8Security10IPPlusPlus15TCPClientSocketD4Ev -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocket4openERKNS0_13IPSockAddressEi -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocketclERNS0_15TCPClientSocketE -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocket7receiveERNS0_15TCPClientSocketE -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocketD2Ev -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocketD1Ev -Security:single module:__ZN8Security10IPPlusPlus15TCPServerSocketD4Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorC2Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorC1Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorC4Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorD2Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorD1Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorD0Ev -Security:single module:__ZN8Security12UnixPlusPlus8SelectorD4Ev -Security:single module:__ZN8Security12UnixPlusPlus8Selector3addEiRNS1_6ClientEj -Security:single module:__ZN8Security12UnixPlusPlus8Selector6removeEi -Security:single module:__ZN8Security12UnixPlusPlus8Selector3setEij -Security:single module:__ZN8Security12UnixPlusPlus8SelectorclEv -Security:single module:__ZN8Security12UnixPlusPlus8SelectorclENS_4Time8AbsoluteE -Security:single module:__ZN8Security12UnixPlusPlus8Selector10singleStepENS_4Time8IntervalE -Security:single module:__ZNK8Security6Source5stateEv -Security:single module:__ZN8Security6Source7getSizeEv -Security:single module:__ZN8Security4Sink7setSizeEm -Security:single module:__ZN8Security10NullSource7produceEPvRm -Security:single module:__ZNK8Security10NullSource5stateEv -Security:single module:__ZN8Security8NullSink7consumeEPKvm -Security:single module:__ZN8Security10FileSource7produceEPvRm -Security:single module:__ZN8Security10FileSource7getSizeEv -Security:single module:__ZN8Security8FileSink7consumeEPKvm -Security:single module:__ZN8Security12MemorySource7produceEPvRm -Security:single module:__ZN8Security12MemorySource7getSizeEv -Security:single module:__ZNK8Security12MemorySource5stateEv -Security:single module:__ZN8Security10MemorySink7consumeEPKvm -Security:single module:__ZN8Security10MemorySink7setSizeEm -Security:single module:__ZN8Security10MemorySink4growEm -Security:single module:__ZN8Security4Time10resolutionENS0_8AbsoluteE -Security:single module:__ZN8Security4Time8AbsoluteC1ERK7timeval -Security:single module:__ZN8Security4Time8AbsoluteC1ERK8timespec -Security:single module:__ZN8Security4Time8AbsoluteC2ERK7timeval -Security:single module:__ZN8Security4Time8AbsoluteC2ERK8timespec -Security:single module:__ZN8Security4Time8AbsoluteC4ERK7timeval -Security:single module:__ZN8Security4Time8AbsoluteC4ERK8timespec -Security:single module:__ZNK8Security4Time8Absolutecv7timevalEv -Security:single module:__ZNK8Security4Time8Absolutecv8timespecEv -Security:single module:__ZNK8Security4Time8Interval15timevalIntervalEv -Security:single module:__ZN8Security12GenericValueD2Ev -Security:single module:__ZN8Security12GenericValueD1Ev -Security:single module:__ZN8Security12GenericValueD0Ev -Security:single module:__ZN8Security12GenericValueD4Ev -Security:single module:__ZN8Security12UnixPlusPlus7sigMaskENS0_6SigSetEi -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc4mmapEimixPv -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc4seekExi -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc5closeEv -Security:single module:__ZN8Security12UnixPlusPlus8FileDesc6fdopenEPKc -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5fcntlEiPv -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5fcntlEii -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5flagsEi -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5flagsEv -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5fstatER4stat -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc5ioctlEiPv -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc7setFlagEib -Security:single module:__ZNK8Security12UnixPlusPlus8FileDesc8fileSizeEv -Security:single module:__ZN8Security7Network5mkstrEPK10__CFString -Security:single module:__ZN8Security7Network3URLC2Ev -Security:single module:__ZN8Security7Network3URLC1Ev -Security:single module:__ZN8Security7Network3URLC4Ev -Security:single module:__ZN8Security7Network3URLC2EPKc -Security:single module:__ZN8Security7Network3URLC1EPKc -Security:single module:__ZN8Security7Network3URLC4EPKc -Security:single module:__ZN8Security7Network3URLC2EPKcRKS1_ -Security:single module:__ZN8Security7Network3URLC1EPKcRKS1_ -Security:single module:__ZN8Security7Network3URLC4EPKcRKS1_ -Security:single module:__ZN8Security7Network3URLD2Ev -Security:single module:__ZN8Security7Network3URLD1Ev -Security:single module:__ZN8Security7Network3URLD4Ev -Security:single module:__ZNK8Security7Network3URLcvSsEv -Security:single module:__ZNK8Security7Network3URL6schemeEv -Security:single module:__ZNK8Security7Network3URL4hostEv -Security:single module:__ZNK8Security7Network3URL4portEt -Security:single module:__ZNK8Security7Network3URL8usernameEv -Security:single module:__ZNK8Security7Network3URL8passwordEv -Security:single module:__ZNK8Security7Network3URL4pathEv -Security:single module:__ZNK8Security7Network3URL12resourceSpecEv -Security:single module:__ZNK8Security7Network3URL8fullPathEv -Security:single module:__ZNK8Security7Network3URL8basenameEv -Security:single module:__ZNK8Security7Network3URL9extensionEv -Security:single module:__ZN8Security7Network3URL11recreateURLEPKc -Security:single module:__ZN8Security10IPPlusPlus4HostC2EPKc -Security:single module:__ZN8Security10IPPlusPlus4HostC1EPKc -Security:single module:__ZN8Security10IPPlusPlus4HostC4EPKc -Security:single module:__ZNK8Security10IPPlusPlus4HosteqERKS1_ -Security:single module:__ZNK8Security10IPPlusPlus4HostltERKS1_ -Security:single module:__ZNK8Security10IPPlusPlus4HostleERKS1_ -Security:single module:__ZNK8Security10IPPlusPlus14IPv4NumberHost4nameEv -Security:single module:__ZNK8Security10IPPlusPlus14IPv4NumberHost9addressesEv -Security:single module:__ZN8Security10IPPlusPlus9NamedHostC2EPKc -Security:single module:__ZN8Security10IPPlusPlus9NamedHostC1EPKc -Security:single module:__ZN8Security10IPPlusPlus9NamedHostC4EPKc -Security:single module:__ZNK8Security10IPPlusPlus9NamedHost4nameEv -Security:single module:__ZNK8Security10IPPlusPlus9NamedHost9addressesEv -Security:single module:__ZN8Security9HeaderMap12CanonicalKeyC2EPKcc -Security:single module:__ZN8Security9HeaderMap12CanonicalKeyC1EPKcc -Security:single module:__ZN8Security9HeaderMap12CanonicalKeyC4EPKcc -Security:single module:__ZN8Security9HeaderMap3addEPKcS2_ -Security:single module:__ZN8Security9HeaderMap3addEPKc -Security:single module:__ZN8Security9HeaderMap3addERKNS0_12CanonicalKeyEPKc -Security:single module:__ZNK8Security9HeaderMap4findEPKcS2_ -Security:single module:__ZN8Security9HeaderMapixEPKc -Security:single module:__ZN8Security9HeaderMap5mergeESsRSsSs -Security:single module:__ZNK8Security9HeaderMap7collectEPKc -Security:single module:__ZNK8Security9HeaderMap13collectLengthEPKc -Security:single module:__ZN8Security6BufferC2Em -Security:single module:__ZN8Security6BufferC1Em -Security:single module:__ZN8Security6BufferC4Em -Security:single module:__ZN8Security6BufferC2EPvmbb -Security:single module:__ZN8Security6BufferC1EPvmbb -Security:single module:__ZN8Security6BufferC4EPvmbb -Security:single module:__ZN8Security6BufferD2Ev -Security:single module:__ZN8Security6BufferD1Ev -Security:single module:__ZN8Security6BufferD4Ev -Security:single module:__ZN8Security6Buffer7shuffleEm -Security:single module:__ZN8Security6Buffer6printfEPKcz -Security:single module:__ZN8Security6Buffer7vprintfEPKcPc -Security:single module:__ZN8Security12UnixPlusPlus5FDSetD2Ev -Security:single module:__ZN8Security12UnixPlusPlus5FDSetD1Ev -Security:single module:__ZN8Security12UnixPlusPlus5FDSetD4Ev -Security:single module:__ZN8Security12UnixPlusPlus5FDSet4growEii -Security:single module:__ZN8Security12UnixPlusPlus5FDSet4growERPiii -Security:single module:__ZN8Security12UnixPlusPlus5FDSet3setEib -Security:single module:__ZN8Security12UnixPlusPlus5FDSet4makeEi -Security:single module:__ZN8Security12ModuleLoaderC2Ev -Security:single module:__ZN8Security14LoadablePluginC2EPKc -Security:single module:__ZN8Security14LoadablePluginC1EPKc -Security:single module:__ZN8Security14LoadablePluginC4EPKc -Security:single module:__ZN8Security14LoadablePlugin4loadEv -Security:single module:__ZThn4_N8Security14LoadablePlugin4loadEv -Security:single module:__ZN8Security14LoadablePlugin6unloadEv -Security:single module:__ZThn4_N8Security14LoadablePlugin6unloadEv -Security:single module:__ZNK8Security14LoadablePlugin8isLoadedEv -Security:single module:__ZThn4_NK8Security14LoadablePlugin8isLoadedEv -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherC2Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherC1Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherC4Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherD2Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherD1Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherD0Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcherD4Ev -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcher10ioCallbackEPvjjS2_ -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcher15systemWillSleepEv -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcher14systemIsWakingEv -Security:single module:__ZN8Security12MachPlusPlus12PowerWatcher19systemWillPowerDownEv -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherC2Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherC1Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherC4Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherD2Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherD1Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherD0Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcherD4Ev -Security:single module:__ZN8Security12MachPlusPlus16PortPowerWatcher6handleEP17mach_msg_header_t -Security:single module:__ZThn16_N8Security12MachPlusPlus16PortPowerWatcher6handleEP17mach_msg_header_t -Security:single module:_checkpw -Security:single module:__Z17cssm_DataGetFirst17cssm_dl_db_handlePK10cssm_queryPmP29cssm_db_record_attribute_dataP9cssm_dataPP21cssm_db_unique_record -Security:single module:__Z15cssm_DataModify17cssm_dl_db_handlemP21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPK9cssm_datam -Security:single module:__Z24cssm_GetDbNameFromHandle17cssm_dl_db_handlePPc -Security:single module:__Z19cssm_DataAbortQuery17cssm_dl_db_handlem -Security:single module:__Z20cssm_DestroyRelation17cssm_dl_db_handlem -Security:single module:__Z15cssm_DataDelete17cssm_dl_db_handlePK21cssm_db_unique_record -Security:single module:__Z15cssm_DataInsert17cssm_dl_db_handlemPK29cssm_db_record_attribute_dataPK9cssm_dataPP21cssm_db_unique_record -Security:single module:__Z30cssm_DataGetFromUniqueRecordId17cssm_dl_db_handlePK21cssm_db_unique_recordP29cssm_db_record_attribute_dataP9cssm_data -Security:single module:__Z19cssm_CreateRelation17cssm_dl_db_handlemPKcmPK29cssm_db_schema_attribute_infomPK25cssm_db_schema_index_info -Security:single module:__Z21cssm_FreeUniqueRecord17cssm_dl_db_handleP21cssm_db_unique_record -Security:single module:__Z11cssm_DbOpenmPKcPK16cssm_net_addressmPK23cssm_access_credentialsPKvPm -Security:single module:__Z16cssm_DataGetNext17cssm_dl_db_handlemP29cssm_db_record_attribute_dataP9cssm_dataPP21cssm_db_unique_record -Security:single module:__Z15cssm_GetDbNamesmPP14cssm_name_list -Security:single module:__Z12cssm_DbClose17cssm_dl_db_handle -Security:single module:__Z17cssm_FreeNameListmP14cssm_name_list -Security:single module:_MDS_Initialize -Security:single module:_MDS_Terminate -Security:single module:_MDS_Install -Security:single module:_MDS_Uninstall -Security:single module:__ZN8Security9MDSModule3getEv -Security:single module:__ZN8Security9MDSModuleC2Ev -Security:single module:__ZN8Security9MDSModuleC1Ev -Security:single module:__ZN8Security9MDSModuleC4Ev -Security:single module:__ZN8Security9MDSModuleD2Ev -Security:single module:__ZN8Security9MDSModuleD1Ev -Security:single module:__ZN8Security9MDSModuleD4Ev -Security:single module:__ZN8Security9MDSModule13lastScanIsNowEv -Security:single module:__ZN8Security9MDSModule17timeSinceLastScanEv -Security:single module:__ZN8Security9MDSModule9getDbPathEPc -Security:single module:__ZN8Security9MDSModule9setDbPathEPKc -Security:single module:__ZN8Security23MDSRecordTypeToRelationEm -Security:single module:__ZN8Security27MDSRecordTypeNameToRelationEPKc -Security:single module:__ZN8Security12doFilesExistEPKcS1_b -Security:single module:__ZN8Security15doesDirectExistEPKc -Security:single module:__ZN8Security9createDirEPKct -Security:single module:__ZN8Security10MDSSessionC2EPKNS_4GuidERK17cssm_memory_funcs -Security:single module:__ZN8Security10MDSSessionC1EPKNS_4GuidERK17cssm_memory_funcs -Security:single module:__ZN8Security10MDSSessionC4EPKNS_4GuidERK17cssm_memory_funcs -Security:single module:__ZN8Security10MDSSessionD2Ev -Security:single module:__ZN8Security10MDSSessionD1Ev -Security:single module:__ZThn80_N8Security10MDSSessionD1Ev -Security:single module:__ZThn4_N8Security10MDSSessionD1Ev -Security:single module:__ZN8Security10MDSSessionD0Ev -Security:single module:__ZThn80_N8Security10MDSSessionD0Ev -Security:single module:__ZThn4_N8Security10MDSSessionD0Ev -Security:single module:__ZN8Security10MDSSessionD4Ev -Security:single module:__ZN8Security10MDSSession9terminateEv -Security:single module:__ZN8Security10MDSSession7installEv -Security:single module:__ZN8Security10MDSSession9uninstallEv -Security:single module:__ZN8Security10MDSSession6dbOpenEPKc -Security:single module:__ZN8Security10MDSSession6DbOpenEPKcPK16cssm_net_addressmPKNS_17AccessCredentialsEPKvRm -Security:single module:__ZN8Security10MDSSession10GetDbNamesERP14cssm_name_list -Security:single module:__ZN8Security10MDSSession12FreeNameListER14cssm_name_list -Security:single module:__ZN8Security10MDSSession19GetDbNameFromHandleEmPPc -Security:single module:__ZN8Security10MDSSession10obtainLockEPKcRii -Security:single module:__ZN8Security10MDSSession11releaseLockERi -Security:single module:__ZN8Security10MDSSession10dbFullPathEPKcPc -Security:single module:__ZN8Security8isBundleEPK6dirent -Security:single module:__ZN8Security16checkUserBundlesEPKc -Security:single module:__ZN8Security12safeCopyFileEPKcS1_ -Security:single module:__ZN8Security13copySystemDbsEPKc -Security:single module:__ZN8Security10MDSSession15updateDataBasesEv -Security:single module:__ZN8Security10MDSSession20removeRecordsForGuidEPKcm -Security:single module:__ZN8Security10MDSSession22systemDatabasesPresentEb -Security:single module:__ZN8Security10MDSSession20createSystemDatabaseEPKcPKNS_12RelationInfoEjltRm -Security:single module:__ZN8Security10MDSSession21createSystemDatabasesElt -Security:single module:__ZN8Security10MDSSession11DbFilesInfoC2ERS0_PKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfoC1ERS0_PKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfoC4ERS0_PKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfoD2Ev -Security:single module:__ZN8Security10MDSSession11DbFilesInfoD1Ev -Security:single module:__ZN8Security10MDSSession11DbFilesInfoD4Ev -Security:single module:__ZN8Security10MDSSession11DbFilesInfo9objDbHandEv -Security:single module:__ZN8Security10MDSSession11DbFilesInfo12directDbHandEv -Security:single module:__ZN8Security10MDSSession11DbFilesInfo18updateSystemDbInfoEPKcS3_ -Security:single module:__ZN8Security10MDSSession11DbFilesInfo9TbdRecordC2ERK9cssm_data -Security:single module:__ZN8Security10MDSSession11DbFilesInfo9TbdRecordC1ERK9cssm_data -Security:single module:__ZN8Security10MDSSession11DbFilesInfo9TbdRecordC4ERK9cssm_data -Security:single module:__ZN8Security10MDSSession11DbFilesInfo19checkOutdatedPluginERK9cssm_dataS4_RSt6vectorIPNS1_9TbdRecordESaIS7_EE -Security:single module:__ZN8Security10MDSSession11DbFilesInfo21removeOutdatedPluginsEv -Security:single module:__ZN8Security10MDSSession11DbFilesInfo18updateForBundleDirEPKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfo13lookupForPathEPKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfo15updateForBundleEPKc -Security:single module:__ZN8Security10MDSSession11DbFilesInfo10autoCommitEl -Security:single module:__ZN8Security12isNumericStrEPKcb -Security:single module:__ZN8Security8hexDigitEh -Security:single module:__ZN8Security8strToHexEPKc -Security:single module:__ZN8Security18MDSAttrNameToValueEPKcPKNS_16MDSNameValuePairERm -Security:single module:__ZN8Security13MDSAttrParserC2EPKcRNS_10MDSSessionEmm -Security:single module:__ZN8Security13MDSAttrParserC1EPKcRNS_10MDSSessionEmm -Security:single module:__ZN8Security13MDSAttrParserC4EPKcRNS_10MDSSessionEmm -Security:single module:__ZN8Security13MDSAttrParserD2Ev -Security:single module:__ZN8Security13MDSAttrParserD1Ev -Security:single module:__ZN8Security13MDSAttrParserD0Ev -Security:single module:__ZN8Security13MDSAttrParserD4Ev -Security:single module:__ZN8Security13MDSAttrParser10parseAttrsEv -Security:single module:__ZN8Security13MDSAttrParser12logFileErrorEPKcPK7__CFURLPK10__CFStringPl -Security:single module:__ZN8Security13MDSAttrParser13parseCssmInfoEPNS_13MDSDictionaryE -Security:single module:__ZN8Security13MDSAttrParser17parsePluginCommonEPNS_13MDSDictionaryE -Security:single module:__ZN8Security13MDSAttrParser19parsePluginSpecificEPNS_13MDSDictionaryE -Security:single module:__ZN8Security13MDSAttrParser17parseObjectRecordEPNS_13MDSDictionaryE -Security:single module:__ZN8Security13MDSAttrParser14parseMdsRecordEPNS_13MDSDictionaryEPKNS_12RelationInfoEm -Security:single module:__ZN8Security13MDSAttrParser26parseCspCapabilitiesRecordEPNS_13MDSDictionaryE -Security:single module:__ZN8Security13MDSAttrParser23parseTpPolicyOidsRecordEPNS_13MDSDictionaryE -Security:single module:__ZN8Security19MDSRawValueToDbAttrEPKvmmPKcR22cssm_db_attribute_datam -Security:single module:__ZN8Security20MDSFreeDbRecordAttrsEP22cssm_db_attribute_dataj -Security:single module:__ZN8Security20MDSCFStringToCStringEPK10__CFString -Security:single module:__ZN8Security14MDSCopyCstringEPKc -Security:single module:__ZN8Security14MDSCfTypeToIntEPKvPKNS_16MDSNameValuePairEPKcRm -Security:single module:__ZN8Security15MDSInsertRecordEPK22cssm_db_attribute_datajmRNS_10MDSSessionEm -Security:single module:__ZN8Security17MDSStringToUint32EPK10__CFStringPKNS_16MDSNameValuePairERm -Security:single module:__ZN8Security13MDSDictionaryC2EPK7__CFURLPKc -Security:single module:__ZN8Security13MDSDictionaryC1EPK7__CFURLPKc -Security:single module:__ZN8Security13MDSDictionaryC4EPK7__CFURLPKc -Security:single module:__ZN8Security13MDSDictionaryC2EPK14__CFDictionary -Security:single module:__ZN8Security13MDSDictionaryC1EPK14__CFDictionary -Security:single module:__ZN8Security13MDSDictionaryC4EPK14__CFDictionary -Security:single module:__ZN8Security13MDSDictionaryD2Ev -Security:single module:__ZN8Security13MDSDictionaryD1Ev -Security:single module:__ZN8Security13MDSDictionaryD4Ev -Security:single module:__ZN8Security13MDSDictionary6lookupEPKcbm -Security:single module:__ZN8Security13MDSDictionary6lookupEPK10__CFStringbm -Security:single module:__ZN8Security13MDSDictionary14lookupToDbAttrEPKcR22cssm_db_attribute_datamPKNS_16MDSNameValuePairE -Security:single module:__ZN8Security13MDSDictionary16lookupAttributesEPKNS_12RelationInfoEP22cssm_db_attribute_dataRm -Security:single module:__ZN8Security13MDSDictionary18lookupWithIndirectEPKcP10__CFBundlemRb -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC2ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC1ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC4ERNS_13CssmAllocatorERKNS_8CssmDataE -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC2ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC1ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZN8Security27ProtectedPasswordAclSubjectC4ERNS_13CssmAllocatorERNS_15CssmManagedDataE -Security:single module:__ZNK8Security27ProtectedPasswordAclSubject8validateERKNS_20AclValidationContextERKNS_9TypedListE -Security:single module:__ZNK8Security27ProtectedPasswordAclSubject6toListERNS_13CssmAllocatorE -Security:single module:__ZNK8Security27ProtectedPasswordAclSubject5Maker4makeERKNS_9TypedListE -Security:single module:__ZNK8Security27ProtectedPasswordAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_ -Security:single module:__ZN8Security27ProtectedPasswordAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6Writer7CounterES4_ -Security:single module:__ZN8Security27ProtectedPasswordAclSubject10exportBlobERNS_23LowLevelMemoryUtilities6WriterES3_ -Security:single module:__Z13HMAC_FreeNullP11HMACContext -Security:single module:__Z13HMAC_HmacNullP11HMACContextPKvjPvPj -Security:single module:__Z13HMAC_InitNullP11HMACContext -Security:single module:__Z14HMAC_AllocNullPK13HMACReferenceP10SSLContextPKvjPP11HMACContext -Security:single module:__Z14HMAC_FinalNullP11HMACContextPvPj -Security:single module:__Z15HMAC_UpdateNullP11HMACContextPKvj -Security:single module:__Z11ssl3InitMacP13CipherContextP10SSLContext -Security:single module:__Z14ssl3ComputeMach9SSLBufferS_P13CipherContext9sslUint64P10SSLContext -Security:single module:__Z21ssl3ComputeCertVfyMacP10SSLContext9SSLBufferS1_S1_ -Security:single module:__Z22ssl3ComputeFinishedMacP10SSLContext9SSLBufferS1_S1_h -Security:single module:__Z23ssl3GenerateKeyMaterial9SSLBufferP10SSLContext -Security:single module:__Z24ssl3GenerateMasterSecretP10SSLContext -Security:single module:__Z26ssl3GenerateExportKeyAndIvP10SSLContext9SSLBufferS1_S1_S1_S1_S1_ -Security:single module:__Z28ssl3CalculateFinishedMessageP10SSLContext9SSLBufferS1_S1_m -Security:single module:__Z21tls1ComputeCertVfyMacP10SSLContext9SSLBufferS1_S1_ -Security:single module:__Z26tls1GenerateExportKeyAndIvP10SSLContext9SSLBufferS1_S1_S1_S1_S1_ -Security:single module:__ZN8Security12KeychainCore8IdentityC2ERKNS0_10SecPointerINS0_7KeyItemEEERKNS2_INS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityC1ERKNS0_10SecPointerINS0_7KeyItemEEERKNS2_INS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityC4ERKNS0_10SecPointerINS0_7KeyItemEEERKNS2_INS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityC2ERKSt6vectorINS0_8KeychainESaIS3_EERKNS0_10SecPointerINS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityC1ERKSt6vectorINS0_8KeychainESaIS3_EERKNS0_10SecPointerINS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityC4ERKSt6vectorINS0_8KeychainESaIS3_EERKNS0_10SecPointerINS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore8IdentityD2Ev -Security:single module:__ZN8Security12KeychainCore8IdentityD1Ev -Security:single module:__ZN8Security12KeychainCore8IdentityD0Ev -Security:single module:__ZN8Security12KeychainCore8IdentityD4Ev -Security:single module:__ZNK8Security12KeychainCore8Identity10privateKeyEv -Security:single module:__ZNK8Security12KeychainCore8Identity11certificateEv -Security:single module:__ZN8Security12KeychainCore10SecCFTypesC2Ev -Security:single module:__ZN8Security12KeychainCore7CFClass17copyDebugDescTypeEPKv -Security:single module:__ZN8Security12KeychainCore7CFClass22copyFormattingDescTypeEPKvPK14__CFDictionary -Security:single module:__ZN8Security12KeychainCore7CFClassC2EPKc -Security:single module:__ZN8Security12KeychainCore11SecCFObject13copyDebugDescEv -Security:single module:__ZN8Security12KeychainCore11SecCFObject18copyFormattingDescEPK14__CFDictionary -Security:single module:__ZN8Security12KeychainCore11SecCFObjectD0Ev -Security:single module:__ZN8Security12KeychainCore11SecCFObjectD1Ev -Security:single module:__ZN8Security12KeychainCore11SecCFObjectdlEPv -Security:single module:_SecAccessGetTypeID -Security:single module:_SecAccessCreate -Security:single module:_SecAccessCreateFromOwnerAndACL -Security:single module:_SecAccessGetOwnerAndACL -Security:single module:_SecAccessCopyACLList -Security:single module:_SecAccessCopySelectedACLList -Security:single module:_SecCertificateAddToKeychain -Security:single module:_SecCertificateCopyPublicKey -Security:single module:_SecCertificateFindByEmail -Security:single module:_SecCertificateFindByIssuerAndSN -Security:single module:_SecCertificateFindBySubjectKeyID -Security:single module:_SecCertificateGetAlgorithmID -Security:single module:_SecCertificateGetCLHandle -Security:single module:_SecCertificateGetCommonName -Security:single module:_SecCertificateGetData -Security:single module:_SecCertificateGetEmailAddress -Security:single module:_SecCertificateGetIssuer -Security:single module:_SecCertificateGetSubject -Security:single module:_SecCertificateGetType -Security:single module:_SecCertificateGetTypeID -Security:single module:_SecCertificateInferLabel -Security:single module:_SecCertificateRequestGetTypeID -Security:single module:_SecCertificateRequestCreate -Security:single module:_SecCertificateRequestSetPrivateKey -Security:single module:_SecCertificateRequestSetAttribute -Security:single module:_SecCertificateRequestSubmit -Security:single module:_SecCertificateRequestCreateFromItem -Security:single module:_SecCertificateRequestGetType -Security:single module:_SecCertificateRequestGetResult -Security:single module:_SecCertificateBundleImport -Security:single module:_SecCertifcateBundleExport -Security:single module:_SecIdentityGetTypeID -Security:single module:_SecIdentityCopyCertificate -Security:single module:_SecIdentityCopyPrivateKey -Security:single module:_SecIdentityCreateWithCertificate -Security:single module:_SecIdentitySearchGetTypeID -Security:single module:_SecIdentitySearchCreate -Security:single module:_SecIdentitySearchCopyNext -Security:single module:_SecKeyGetTypeID -Security:single module:_SecKeyCreatePair -Security:single module:_SecKeyGetCSSMKey -Security:single module:_SecKeyGetCSPHandle -Security:single module:_SecKeyGetAlgorithmID -Security:single module:_SecKeyGetStrengthInBits -Security:single module:_SecKeyGetCredentials -Security:single module:_SecKeyImportPair -Security:single module:_SecKeyGenerate -Security:single module:_SecKeyCreate -Security:single module:_SecCopyErrorMessageString -Security:single module:_SecKeychainAddCallback -Security:single module:_SecKeychainAddGenericPassword -Security:single module:_SecKeychainAddInternetPassword -Security:single module:_SecKeychainAttributeInfoForItemID -Security:single module:_SecKeychainChangePassword -Security:single module:_SecKeychainCopyAccess -Security:single module:_SecKeychainCopyDefault -Security:single module:_SecKeychainCopyDomainDefault -Security:single module:_SecKeychainCopyDomainSearchList -Security:single module:_SecKeychainCopyLogin -Security:single module:_SecKeychainCopySettings -Security:single module:_SecKeychainCreate -Security:single module:_SecKeychainDelete -Security:single module:_SecKeychainFindInternetPassword -Security:single module:_SecKeychainFreeAttributeInfo -Security:single module:_SecKeychainGetCSPHandle -Security:single module:_SecKeychainGetDLDBHandle -Security:single module:_SecKeychainGetPath -Security:single module:_SecKeychainGetPreferenceDomain -Security:single module:_SecKeychainGetStatus -Security:single module:_SecKeychainGetTypeID -Security:single module:_SecKeychainGetUserInteractionAllowed -Security:single module:_SecKeychainGetVersion -Security:single module:_SecKeychainListCopyKeychainAtIndex -Security:single module:_SecKeychainListGetCount -Security:single module:_SecKeychainListRemoveKeychain -Security:single module:_SecKeychainLock -Security:single module:_SecKeychainLockAll -Security:single module:_SecKeychainLogin -Security:single module:_SecKeychainLogout -Security:single module:_SecKeychainOpen -Security:single module:_SecKeychainRemoveCallback -Security:single module:_SecKeychainResetLogin -Security:single module:_SecKeychainSetAccess -Security:single module:_SecKeychainSetDefault -Security:single module:_SecKeychainSetDomainDefault -Security:single module:_SecKeychainSetDomainSearchList -Security:single module:_SecKeychainSetPreferenceDomain -Security:single module:_SecKeychainSetSearchList -Security:single module:_SecKeychainSetSettings -Security:single module:_SecKeychainSetUserInteractionAllowed -Security:single module:_SecKeychainUnlock -Security:single module:__Z26copyErrorMessageFromBundlelPK10__CFString -Security:single module:_SecKeychainItemCopyAccess -Security:single module:_SecKeychainItemCopyAttributesAndData -Security:single module:_SecKeychainItemCopyKeychain -Security:single module:_SecKeychainItemCreateCopy -Security:single module:_SecKeychainItemCreateFromContent -Security:single module:_SecKeychainItemDelete -Security:single module:_SecKeychainItemFreeAttributesAndData -Security:single module:_SecKeychainItemGetDLDBHandle -Security:single module:_SecKeychainItemGetTypeID -Security:single module:_SecKeychainItemGetUniqueRecordID -Security:single module:_SecKeychainItemModifyAttributesAndData -Security:single module:_SecKeychainItemModifyContent -Security:single module:_SecKeychainItemSetAccess -Security:single module:__Z21SecAccessModifyObjectP18OpaqueSecAccessRefPKv -Security:single module:__Z25SecAccessCreateFromObjectPKvPP18OpaqueSecAccessRef -Security:single module:__Z9aclBearerPKv -Security:single module:_SecKeychainSearchGetTypeID -Security:single module:_SecPolicyGetOID -Security:single module:_SecPolicyGetTPHandle -Security:single module:_SecPolicyGetTypeID -Security:single module:_SecPolicyGetValue -Security:single module:_SecPolicySearchGetTypeID -Security:single module:_SecTrustCopyAnchorCertificates -Security:single module:_SecTrustGetCSSMAnchorCertificates -Security:single module:_SecTrustGetCssmResult -Security:single module:_SecTrustGetCssmResultCode -Security:single module:_SecTrustGetResult -Security:single module:_SecTrustGetTPHandle -Security:single module:_SecTrustGetTypeID -Security:single module:_SecTrustGetUserTrust -Security:single module:_SecTrustSetAnchorCertificates -Security:single module:_SecTrustSetPolicies -Security:single module:_SecTrustSetUserTrust -Security:single module:_SecTrustSetVerifyDate -Security:single module:_SecTrustedApplicationCopyData -Security:single module:_SecTrustedApplicationGetTypeID -Security:single module:_SecTrustedApplicationRemoveEquivalence -Security:single module:_SecTrustedApplicationSetData -Security:single module:_SecTrustedApplicationUseAlternateSystem -Security:single module:_SecTrustedApplicationValidateWithPath -Security:single module:__ZN8Security12KeychainCore14IdentityCursorC2ERKSt6vectorINS0_8KeychainESaIS3_EEm -Security:single module:__ZN8Security12KeychainCore14IdentityCursorC1ERKSt6vectorINS0_8KeychainESaIS3_EEm -Security:single module:__ZN8Security12KeychainCore14IdentityCursorC4ERKSt6vectorINS0_8KeychainESaIS3_EEm -Security:single module:__ZN8Security12KeychainCore14IdentityCursorD2Ev -Security:single module:__ZN8Security12KeychainCore14IdentityCursorD1Ev -Security:single module:__ZN8Security12KeychainCore14IdentityCursorD0Ev -Security:single module:__ZN8Security12KeychainCore14IdentityCursorD4Ev -Security:single module:__ZN8Security12KeychainCore14IdentityCursor4nextERNS0_10SecPointerINS0_8IdentityEEE -Security:single module:__ZN8Security12KeychainCore12PolicyCursorC2EPK9cssm_dataS4_ -Security:single module:__ZN8Security12KeychainCore12PolicyCursorD0Ev -Security:single module:__ZN8Security12KeychainCore12PolicyCursorD2Ev -Security:single module:_SecInferLabelFromX509Name -Security:single module:__Z18findPrintableFieldRK14cssm_x509_namePK9cssm_data -Security:single module:__ZN8Security12KeychainCore11Certificate10certHandleEv -Security:single module:__ZN8Security12KeychainCore11Certificate10commonNameEv -Security:single module:__ZN8Security12KeychainCore11Certificate10getSubjectER14cssm_x509_name -Security:single module:__ZN8Security12KeychainCore11Certificate10inferLabelEbPPK10__CFString -Security:single module:__ZN8Security12KeychainCore11Certificate11algorithmIDEv -Security:single module:__ZN8Security12KeychainCore11Certificate11findByEmailERKSt6vectorINS0_8KeychainESaIS3_EEPKc -Security:single module:__ZN8Security12KeychainCore11Certificate12emailAddressEv -Security:single module:__ZN8Security12KeychainCore11Certificate13publicKeyHashEv -Security:single module:__ZN8Security12KeychainCore11Certificate15copyFieldValuesERK9cssm_data -Security:single module:__ZN8Security12KeychainCore11Certificate17findByIssuerAndSNERKSt6vectorINS0_8KeychainESaIS3_EERKNS_8CssmDataESA_ -Security:single module:__ZN8Security12KeychainCore11Certificate17releaseFieldValueERK9cssm_dataPS2_ -Security:single module:__ZN8Security12KeychainCore11Certificate18addParsedAttributeERK22cssm_db_attribute_infoRK9cssm_data -Security:single module:__ZN8Security12KeychainCore11Certificate18findBySubjectKeyIDERKSt6vectorINS0_8KeychainESaIS3_EERKNS_8CssmDataE -Security:single module:__ZN8Security12KeychainCore11Certificate18populateAttributesEv -Security:single module:__ZN8Security12KeychainCore11Certificate18releaseFieldValuesERK9cssm_dataPPS2_ -Security:single module:__ZN8Security12KeychainCore11Certificate19copyFirstFieldValueERK9cssm_data -Security:single module:__ZN8Security12KeychainCore11Certificate3addERNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore11Certificate4typeEv -Security:single module:__ZN8Security12KeychainCore11Certificate6copyToERKNS0_8KeychainEPNS0_6AccessE -Security:single module:__ZN8Security12KeychainCore11Certificate6updateEv -Security:single module:__ZN8Security12KeychainCore11Certificate8clHandleEv -Security:single module:__ZN8Security12KeychainCore11Certificate8encodingEv -Security:single module:__ZN8Security12KeychainCore11Certificate9didModifyEv -Security:single module:__ZN8Security12KeychainCore11Certificate9getIssuerER14cssm_x509_name -Security:single module:__ZN8Security12KeychainCore11Certificate9publicKeyEv -Security:single module:__ZN8Security12KeychainCore11CertificateC1ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore11CertificateC1ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore11CertificateC1ERS1_ -Security:single module:__ZN8Security12KeychainCore11CertificateC2ERK9cssm_datamm -Security:single module:__ZN8Security12KeychainCore11CertificateC2ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore11CertificateC2ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore11CertificateC2ERS1_ -Security:single module:__ZN8Security12KeychainCore11CertificateC4ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore11CertificateC4ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore11CertificateC4ERS1_ -Security:single module:__ZN8Security12KeychainCore11CertificateD0Ev -Security:single module:__ZN8Security12KeychainCore11CertificateD2Ev -Security:single module:__ZN8Security12KeychainCore11CertificateeqERS1_ -Security:single module:__ZN8Security12KeychainCore11CertificateltERS1_ -Security:single module:__ZN8Security12KeychainCore6PolicyC2ENS_10CssmClient2TPERKNS_8CssmDataE -Security:single module:__ZN8Security12KeychainCore6PolicyD0Ev -Security:single module:__ZN8Security12KeychainCore6PolicyD2Ev -Security:single module:__ZNK8Security12KeychainCore6PolicyeqERKS1_ -Security:single module:__ZNK8Security12KeychainCore6PolicyltERKS1_ -Security:single module:__ZN8Security12KeychainCore6AccessC2Ev -Security:single module:__ZN8Security12KeychainCore6AccessC1Ev -Security:single module:__ZN8Security12KeychainCore6AccessC4Ev -Security:single module:__ZN8Security12KeychainCore6AccessC2ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EE -Security:single module:__ZN8Security12KeychainCore6AccessC1ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EE -Security:single module:__ZN8Security12KeychainCore6AccessC4ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EE -Security:single module:__ZN8Security12KeychainCore6AccessC2ERKSs -Security:single module:__ZN8Security12KeychainCore6AccessC1ERKSs -Security:single module:__ZN8Security12KeychainCore6AccessC4ERKSs -Security:single module:__ZN8Security12KeychainCore6AccessC2ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EERKSt3setIlSt4lessIlESaIlEESI_ -Security:single module:__ZN8Security12KeychainCore6AccessC1ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EERKSt3setIlSt4lessIlESaIlEESI_ -Security:single module:__ZN8Security12KeychainCore6AccessC4ERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EERKSt3setIlSt4lessIlESaIlEESI_ -Security:single module:__ZN8Security12KeychainCore6Access12makeStandardERKSsRKSt6vectorINS0_10SecPointerINS0_18TrustedApplicationEEESaIS7_EERKSt3setIlSt4lessIlESaIlEESI_ -Security:single module:__ZN8Security12KeychainCore6AccessC2ERNS_10CssmClient9AclBearerE -Security:single module:__ZN8Security12KeychainCore6AccessC1ERNS_10CssmClient9AclBearerE -Security:single module:__ZN8Security12KeychainCore6AccessC4ERNS_10CssmClient9AclBearerE -Security:single module:__ZN8Security12KeychainCore6AccessC2ERK24cssm_acl_owner_prototypemPK19cssm_acl_entry_info -Security:single module:__ZN8Security12KeychainCore6AccessC1ERK24cssm_acl_owner_prototypemPK19cssm_acl_entry_info -Security:single module:__ZN8Security12KeychainCore6AccessC4ERK24cssm_acl_owner_prototypemPK19cssm_acl_entry_info -Security:single module:__ZN8Security12KeychainCore6AccessD2Ev -Security:single module:__ZN8Security12KeychainCore6AccessD1Ev -Security:single module:__ZN8Security12KeychainCore6AccessD0Ev -Security:single module:__ZN8Security12KeychainCore6AccessD4Ev -Security:single module:__Z7convertRKN8Security12KeychainCore10SecPointerINS0_3ACLEEE -Security:single module:__ZNK8Security12KeychainCore6Access11copySecACLsEv -Security:single module:__ZNK8Security12KeychainCore6Access11copySecACLsEl -Security:single module:__ZN8Security12KeychainCore6Access9setAccessERNS_10CssmClient9AclBearerEb -Security:single module:__ZN8Security12KeychainCore6Access9setAccessERNS_10CssmClient9AclBearerERNS1_5MakerE -Security:single module:__ZN8Security12KeychainCore6Access10editAccessERNS_10CssmClient9AclBearerEbPKNS_17AccessCredentialsE -Security:single module:__ZN8Security12KeychainCore6Access21addApplicationToRightElPNS0_18TrustedApplicationE -Security:single module:__ZN8Security12KeychainCore6Access15copyOwnerAndAclERP24cssm_acl_owner_prototypeRmRP19cssm_acl_entry_info -Security:single module:__ZNK8Security12KeychainCore6Access17promptDescriptionEv -Security:single module:__ZN8Security12KeychainCore6Access3addEPNS0_3ACLE -Security:single module:__ZN8Security12KeychainCore6Access8addOwnerEPNS0_3ACLE -Security:single module:__ZN8Security12KeychainCore6Access7compileERK24cssm_acl_owner_prototypemPK19cssm_acl_entry_info -Security:single module:__ZN8Security12KeychainCore6Access5MakerC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore6Access5MakerC1ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore6Access5MakerC4ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore6Access5Maker12initialOwnerERNS_22ResourceControlContextEPKNS_17AccessCredentialsE -Security:single module:__ZN8Security12KeychainCore6Access5Maker4credEv -Security:single module:__ZN8Security12KeychainCore18CertificateRequestC2Ei -Security:single module:__ZN8Security12KeychainCore18CertificateRequestC1Ei -Security:single module:__ZN8Security12KeychainCore18CertificateRequestC4Ei -Security:single module:__ZN8Security12KeychainCore18CertificateRequestD2Ev -Security:single module:__ZN8Security12KeychainCore18CertificateRequestD1Ev -Security:single module:__ZN8Security12KeychainCore18CertificateRequestD0Ev -Security:single module:__ZN8Security12KeychainCore18CertificateRequestD4Ev -Security:single module:__ZN8Security12KeychainCore7KeyItemC2ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore7KeyItemC1ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore7KeyItemC4ERKNS0_8KeychainERKNS0_10PrimaryKeyERKNS_10CssmClient14DbUniqueRecordE -Security:single module:__ZN8Security12KeychainCore7KeyItemC2ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemC1ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemC4ERKNS0_8KeychainERKNS0_10PrimaryKeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemC2ERS1_ -Security:single module:__ZN8Security12KeychainCore7KeyItemC1ERS1_ -Security:single module:__ZN8Security12KeychainCore7KeyItemC4ERS1_ -Security:single module:__ZN8Security12KeychainCore7KeyItemC2ERKNS_10CssmClient3KeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemC1ERKNS_10CssmClient3KeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemC4ERKNS_10CssmClient3KeyE -Security:single module:__ZN8Security12KeychainCore7KeyItemD2Ev -Security:single module:__ZN8Security12KeychainCore7KeyItemD1Ev -Security:single module:__ZN8Security12KeychainCore7KeyItemD0Ev -Security:single module:__ZN8Security12KeychainCore7KeyItemD4Ev -Security:single module:__ZN8Security12KeychainCore7KeyItem6updateEv -Security:single module:__ZN8Security12KeychainCore7KeyItem6copyToERKNS0_8KeychainEPNS0_6AccessE -Security:single module:__ZN8Security12KeychainCore7KeyItem9didModifyEv -Security:single module:__ZN8Security12KeychainCore7KeyItem3addERNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore7KeyItem16ssDbUniqueRecordEv -Security:single module:__ZN8Security12KeychainCore7KeyItem3keyEv -Security:single module:__ZN8Security12KeychainCore7KeyItem3cspEv -Security:single module:__ZN8Security12KeychainCore7KeyItem19algorithmIdentifierEv -Security:single module:__ZN8Security12KeychainCore7KeyItem14strengthInBitsEPK30cssm_x509_algorithm_identifier -Security:single module:__ZN8Security12KeychainCore7KeyItem14getCredentialsElm -Security:single module:__ZN8Security12KeychainCore7KeyItem10createPairENS0_8KeychainEmmymmmmNS0_10SecPointerINS0_6AccessEEERNS3_IS1_EES7_ -Security:single module:__ZN8Security12KeychainCore7KeyItem10importPairENS0_8KeychainERK8cssm_keyS5_NS0_10SecPointerINS0_6AccessEEERNS6_IS1_EESA_ -Security:single module:__ZN8Security12KeychainCore7KeyItem8generateENS0_8KeychainEmmymmNS0_10SecPointerINS0_6AccessEEE -Security:single module:__Z10cfKeychainP20OpaqueSecKeychainRef -Security:single module:__Z7convertRKN8Security12KeychainCore10SecPointerINS0_11CertificateEEE -Security:single module:__ZN8Security12KeychainCore5Trust10cssmResultEv -Security:single module:__ZN8Security12KeychainCore5Trust13buildEvidenceERPK9__CFArrayRPNS_14TPEvidenceInfoE -Security:single module:__ZN8Security12KeychainCore5TrustC2EPKvS3_ -Security:single module:__ZN8Security12KeychainCore5TrustD0Ev -Security:single module:__ZN8Security12KeychainCore5TrustD2Ev -Security:single module:__ZNK8Security12KeychainCore5Trust14keychainByDLDbERK17cssm_dl_db_handle -Security:single module:__ZN8Security12KeychainCore12PathDatabaseC1EPKc -Security:single module:__ZN8Security12KeychainCore12PathDatabaseC2EPKc -Security:single module:__ZN8Security12KeychainCore12PathDatabaseC4EPKc -Security:single module:__ZN8Security12KeychainCore18TrustedApplication11makeSubjectERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore18TrustedApplication13calcSignatureEPKcRNS_13CssmOwnedDataE -Security:single module:__ZN8Security12KeychainCore18TrustedApplication13sameSignatureEPKc -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC1ERKNS_8CssmDataES4_ -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC1ERKNS_9TypedListE -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC1Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC2EPKc -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC2ERKNS_8CssmDataES4_ -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC2ERKNS_9TypedListE -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC2Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC4ERKNS_8CssmDataES4_ -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC4ERKNS_9TypedListE -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationC4Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationD0Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationD1Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationD2Ev -Security:single module:__ZN8Security12KeychainCore18TrustedApplicationD4Ev -Security:single module:__ZN8Security10CssmClient20TPBuildVerifyContextC2EmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient6TPImpl3useERNS0_2CLE -Security:single module:__ZN8Security10CssmClient6TPImpl3useERNS0_3CSPE -Security:single module:__ZN8Security10CssmClient6TPImpl6usedCLEv -Security:single module:__ZN8Security10CssmClient6TPImpl7usedCSPEv -Security:single module:__ZN8Security10CssmClient6TPImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6TPImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6TPImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6TPImplC4ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6TPImplD1Ev -Security:single module:__ZN8Security10CssmClient6TPImplD2Ev -Security:single module:__ZN8Security10CssmClient14BuildCertGroupC1EmmmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14BuildCertGroupC2EmmmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient14BuildCertGroupC4EmmmRNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient6CLImplC1ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6CLImplC2ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6CLImplC2ERKNS_4GuidE -Security:single module:__ZN8Security10CssmClient6CLImplC4ERKNS0_6ModuleE -Security:single module:__ZN8Security10CssmClient6CLImplD1Ev -Security:single module:__ZN8Security10CssmClient6CLImplD2Ev -Security:single module:__ZN8Security14TPEvidenceInfo7destroyERNS_13CssmAllocatorE -Security:single module:__ZN8Security18EncodedCertificateC1EmmPK9cssm_data -Security:single module:__ZN8Security18EncodedCertificateC2EmmPK9cssm_data -Security:single module:__ZN8Security18EncodedCertificateC4EmmPK9cssm_data -Security:single module:__ZN8Security9CertGroupC2Emmm -Security:single module:_SecACLGetTypeID -Security:single module:_SecACLCreateFromSimpleContents -Security:single module:_SecACLRemove -Security:single module:__Z7convertRKN8Security12KeychainCore10SecPointerINS0_18TrustedApplicationEEE -Security:single module:_SecACLCopySimpleContents -Security:single module:_SecACLSetSimpleContents -Security:single module:__Z15setApplicationsPN8Security12KeychainCore3ACLEPK9__CFArray -Security:single module:_SecACLGetAuthorizations -Security:single module:_SecACLSetAuthorizations -Security:single module:__ZN8Security12KeychainCore3ACLC2ERNS0_6AccessERKNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC1ERNS0_6AccessERKNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC4ERNS0_6AccessERKNS_12AclEntryInfoERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC2ERNS0_6AccessERKNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC1ERNS0_6AccessERKNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC4ERNS0_6AccessERKNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC2ERNS0_6AccessERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC1ERNS0_6AccessERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC4ERNS0_6AccessERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC2ERNS0_6AccessESsRK33cssm_acl_keychain_prompt_selectorRNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC1ERNS0_6AccessESsRK33cssm_acl_keychain_prompt_selectorRNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLC4ERNS0_6AccessESsRK33cssm_acl_keychain_prompt_selectorRNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACLD2Ev -Security:single module:__ZN8Security12KeychainCore3ACLD1Ev -Security:single module:__ZN8Security12KeychainCore3ACLD0Ev -Security:single module:__ZN8Security12KeychainCore3ACLD4Ev -Security:single module:__ZNK8Security12KeychainCore3ACL10authorizesEl -Security:single module:__ZN8Security12KeychainCore3ACL14addApplicationEPNS0_18TrustedApplicationE -Security:single module:__ZN8Security12KeychainCore3ACL6modifyEv -Security:single module:__ZN8Security12KeychainCore3ACL6removeEv -Security:single module:__ZN8Security12KeychainCore3ACL12copyAclEntryERNS_17AclEntryPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACL12copyAclOwnerERNS_17AclOwnerPrototypeERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore3ACL9setAccessERNS_10CssmClient9AclBearerEbPKNS_17AccessCredentialsE -Security:single module:__ZN8Security12KeychainCore3ACL5parseERKNS_9TypedListE -Security:single module:__ZN8Security12KeychainCore3ACL11parsePromptERKNS_9TypedListE -Security:single module:__ZN8Security12KeychainCore3ACL11makeSubjectEv -Security:single module:__ZN8Security8cfStringEPK10__CFString -Security:single module:__ZN8Security12KeychainCore10TrustStore23getCssmRootCertificatesERNS_9CertGroupE -Security:single module:__ZN8Security12KeychainCore10TrustStore6assignEPNS0_11CertificateEPNS0_6PolicyE18SecTrustResultType -Security:single module:__ZN8Security12KeychainCore10TrustStoreC2ERNS_13CssmAllocatorE -Security:single module:__ZN8Security12KeychainCore10TrustStoreD0Ev -Security:single module:__ZN8Security12KeychainCore10TrustStoreD1Ev -Security:single module:__ZN8Security12KeychainCore10TrustStoreD2Ev -Security:single module:__ZN8Security12KeychainCore10TrustStoreD4Ev -Security:single module:__ZN8Security10CssmClient10AclFactory18AnyResourceContextC1EPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient10AclFactory18AnyResourceContextC2EPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient10AclFactory18AnyResourceContextC4EPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient10AclFactory19KeychainCredentialsD0Ev -Security:single module:__ZN8Security10CssmClient10AclFactory19KeychainCredentialsD1Ev -Security:single module:__ZN8Security10CssmClient10AclFactory19KeychainCredentialsD2Ev -Security:single module:__ZN8Security10CssmClient10AclFactory19KeychainCredentialsD4Ev -Security:single module:__ZN8Security10CssmClient10AclFactory25PasswordChangeCredentialsC1ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactory25PasswordChangeCredentialsC2ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactory25PasswordChangeCredentialsC4ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactory27PassphraseUnlockCredentialsC1ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactory27PassphraseUnlockCredentialsC2ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactory27PassphraseUnlockCredentialsC4ERKNS_8CssmDataERNS_13CssmAllocatorE -Security:single module:__ZN8Security10CssmClient10AclFactoryC2Ev -Security:single module:__ZN8Security10CssmClient10AclFactoryD0Ev -Security:single module:__ZN8Security10CssmClient10AclFactoryD1Ev -Security:single module:__ZN8Security10CssmClient10AclFactoryD2Ev -Security:single module:__ZN8Security10CssmClient10AclFactoryD4Ev -Security:single module:__ZN8Security10CssmClient7StaticsC2Ev -Security:single module:__ZN8Security10CssmClient9AclBearer6addAclERKNS_13AclEntryInputEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient9AclBearer9changeAclEmRKNS_13AclEntryInputEPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient9AclBearer9deleteAclEPKcPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient9AclBearer9deleteAclEmPK23cssm_access_credentials -Security:single module:__ZN8Security10CssmClient9AclBearerD0Ev -Security:single module:__ZN8Security10CssmClient9AclBearerD1Ev -Security:single module:__ZNK8Security10CssmClient10AclFactory10unlockCredEv -Security:single module:__ZNK8Security10CssmClient10AclFactory8nullCredEv -Security:single module:__ZN8Security12KeychainCore13UserTrustItemC2EPNS0_11CertificateEPNS0_6PolicyERKNS1_9TrustDataE -Security:single module:__ZN8Security12KeychainCore13UserTrustItemC1EPNS0_11CertificateEPNS0_6PolicyERKNS1_9TrustDataE -Security:single module:__ZN8Security12KeychainCore13UserTrustItemC4EPNS0_11CertificateEPNS0_6PolicyERKNS1_9TrustDataE -Security:single module:__ZN8Security12KeychainCore13UserTrustItemD2Ev -Security:single module:__ZN8Security12KeychainCore13UserTrustItemD1Ev -Security:single module:__ZN8Security12KeychainCore13UserTrustItemD0Ev -Security:single module:__ZN8Security12KeychainCore13UserTrustItemD4Ev -Security:single module:__ZN8Security12KeychainCore13UserTrustItem5trustEv -Security:single module:__ZN8Security12KeychainCore13UserTrustItem3addERNS0_8KeychainE -Security:single module:__ZN8Security12KeychainCore13UserTrustItem18populateAttributesEv -Security:single module:__ZN8Security10IPPlusPlus7FdMover7ElementnwEmm -Security:single module:__ZN8Security10IPPlusPlus7FdMover7ElementdlEPvm -Security:single module:__ZN8Security10IPPlusPlus7FdMover7ElementC2Eii -Security:single module:__ZN8Security10IPPlusPlus7FdMover7ElementC1Eii -Security:single module:__ZN8Security10IPPlusPlus7FdMover7ElementC4Eii -Security:single module:__ZN8Security10IPPlusPlus7FdMover7MessageC2EPKvm -Security:single module:__ZN8Security10IPPlusPlus7FdMover7MessageC1EPKvm -Security:single module:__ZN8Security10IPPlusPlus7FdMover7MessageC4EPKvm -Security:single module:__ZN8Security10IPPlusPlus7FdMover7Message3setEPNS1_7ElementE -Security:single module:__ZN8Security10IPPlusPlus7FdMover4sendEPKvmRKSt6vectorINS_12UnixPlusPlus8FileDescESaIS6_EE -Security:single module:__ZN8Security10IPPlusPlus7FdMover7receiveEPvmRSt6vectorINS_12UnixPlusPlus8FileDescESaIS5_EE -Security:single module:_AuthorizationBindPrivilegedPort -Security:single module:__Z11startServerv -Security:single module:___authorization_bind -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb4openEPKcii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb4openERKSsii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb5closeEv -Security:single module:__ZN8Security12UnixPlusPlus6UnixDb5eraseERKNS_8CssmDataEi -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC1EPKcii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC1ERKSsii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC1Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC2EPKcii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC2ERKSsii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC2Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC4EPKcii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC4ERKSsii6DBTYPE -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbC4Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbD0Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbD1Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbD2Ev -Security:single module:__ZN8Security12UnixPlusPlus6UnixDbD4Ev -Security:single module:__ZNK8Security12UnixPlusPlus6UnixDb3getERKNS_8CssmDataERNS_13CssmOwnedDataEi -Security:single module:__ZNK8Security12UnixPlusPlus6UnixDb4nextERNS_8CssmDataES3_i -Security:single module:_SecKeychainAddIToolsPassword -Security:single module:_createAccess -Security:single module:_CopyTrustedAppListFromBundle -Security:single module:__Unwind_FindEnclosingFunction -Security:single module:__Unwind_ForcedUnwind -Security:single module:__Unwind_ForcedUnwind_Phase2 -Security:single module:__Unwind_GetDataRelBase -Security:single module:__Unwind_GetGR -Security:single module:__Unwind_GetTextRelBase -Security:single module:___frame_state_for -Security:single module:_execute_stack_op -Security:single module:__ZN10__cxxabiv117__class_type_infoD0Ev -Security:single module:__ZN10__cxxabiv117__class_type_infoD1Ev -Security:single module:__ZN10__cxxabiv117__class_type_infoD2Ev -Security:single module:__ZN10__cxxabiv117__class_type_infoD4Ev -Security:single module:__ZN10__cxxabiv120__si_class_type_infoD0Ev -Security:single module:__ZN10__cxxabiv120__si_class_type_infoD1Ev -Security:single module:__ZN10__cxxabiv120__si_class_type_infoD2Ev -Security:single module:__ZN10__cxxabiv120__si_class_type_infoD4Ev -Security:single module:__ZN10__cxxabiv121__vmi_class_type_infoD0Ev -Security:single module:__ZN10__cxxabiv121__vmi_class_type_infoD1Ev -Security:single module:__ZN10__cxxabiv121__vmi_class_type_infoD2Ev -Security:single module:__ZN10__cxxabiv121__vmi_class_type_infoD4Ev -Security:single module:__ZNK10__cxxabiv117__class_type_info20__do_find_public_srcEiPKvPKS0_S2_ -Security:single module:__ZNK10__cxxabiv120__si_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_ -Security:single module:__ZNK10__cxxabiv121__vmi_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE -Security:single module:__ZNK10__cxxabiv121__vmi_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_ -Security:single module:__ZNKSt9type_info10__do_catchEPKS_PPvj -Security:single module:__ZNKSt9type_info11__do_upcastEPKN10__cxxabiv117__class_type_infoEPPv -Security:single module:__ZNKSt9type_info15__is_function_pEv -Security:single module:__ZNSt10bad_typeidD0Ev -Security:single module:__ZNSt10bad_typeidD1Ev -Security:single module:__ZNSt10bad_typeidD2Ev -Security:single module:__ZNSt10bad_typeidD4Ev -Security:single module:__ZNSt8bad_castD0Ev -Security:single module:__ZNSt8bad_castD1Ev -Security:single module:__ZNSt8bad_castD2Ev -Security:single module:__ZNSt8bad_castD4Ev -Security:single module:__ZNSt9type_infoD0Ev -Security:single module:__ZNSt9type_infoD1Ev -Security:single module:__ZNSt9type_infoD2Ev -Security:single module:__ZNSt9type_infoD4Ev -Security:single module:___cxa_bad_cast -Security:single module:___cxa_bad_typeid -Security:single module:___cxa_pure_virtual -Security:single module:__Z20check_exception_specP16lsda_header_infoPKSt9type_infoPvi -Security:single module:___cxa_call_unexpected -Security:single module:__ZSt18uncaught_exceptionv -Security:single module:__ZNKSaIcE7addressERKc -Security:single module:__ZNKSaIcE7addressERc -Security:single module:__ZNKSaIcE8max_sizeEv -Security:single module:__ZNKSaIwE7addressERKw -Security:single module:__ZNKSaIwE7addressERw -Security:single module:__ZNKSaIwE8max_sizeEv -Security:single module:__ZNSaIcE10deallocateEPcm -Security:single module:__ZNSaIcE7destroyEPc -Security:single module:__ZNSaIcE8allocateEmPKv -Security:single module:__ZNSaIcE9constructEPcRKc -Security:single module:__ZNSaIcEC1ERKS_ -Security:single module:__ZNSaIcEC1Ev -Security:single module:__ZNSaIcEC2ERKS_ -Security:single module:__ZNSaIcEC2Ev -Security:single module:__ZNSaIcEC4ERKS_ -Security:single module:__ZNSaIcEC4Ev -Security:single module:__ZNSaIcED1Ev -Security:single module:__ZNSaIcED2Ev -Security:single module:__ZNSaIcED4Ev -Security:single module:__ZNSaIwE10deallocateEPwm -Security:single module:__ZNSaIwE7destroyEPw -Security:single module:__ZNSaIwE8allocateEmPKv -Security:single module:__ZNSaIwE9constructEPwRKw -Security:single module:__ZNSaIwEC1ERKS_ -Security:single module:__ZNSaIwEC1Ev -Security:single module:__ZNSaIwEC2ERKS_ -Security:single module:__ZNSaIwEC2Ev -Security:single module:__ZNSaIwEC4ERKS_ -Security:single module:__ZNSaIwEC4Ev -Security:single module:__ZNSaIwED1Ev -Security:single module:__ZNSaIwED2Ev -Security:single module:__ZNSaIwED4Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE10reallocateEPvmm -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE11_S_round_upEm -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE17_S_freelist_indexEm -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockC1Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockC2Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev -Security:single module:__ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev -Security:single module:__ZSt21__throw_bad_exceptionv -Security:single module:__ZSt17__throw_bad_allocv -Security:single module:__ZSt16__throw_bad_castv -Security:single module:__ZSt18__throw_bad_typeidv -Security:single module:__ZSt19__throw_logic_errorPKc -Security:single module:__ZSt20__throw_domain_errorPKc -Security:single module:__ZSt24__throw_invalid_argumentPKc -Security:single module:__ZSt20__throw_length_errorPKc -Security:single module:__ZSt20__throw_out_of_rangePKc -Security:single module:__ZSt21__throw_runtime_errorPKc -Security:single module:__ZSt19__throw_range_errorPKc -Security:single module:__ZSt22__throw_overflow_errorPKc -Security:single module:__ZSt23__throw_underflow_errorPKc -Security:single module:__ZN10__cxxabiv111__terminateEPFvvE -Security:single module:__ZSt9terminatev -Security:single module:__ZN10__cxxabiv112__unexpectedEPFvvE -Security:single module:__ZSt10unexpectedv -Security:single module:__ZSt13set_terminatePFvvE -Security:single module:__ZSt14set_unexpectedPFvvE -Security:single module:__ZN9__gnu_cxxeqIPKcSsEEbRKNS_17__normal_iteratorIT_T0_EES8_ -Security:single module:__ZN9__gnu_cxxeqIPcSsEEbRKNS_17__normal_iteratorIT_T0_EES7_ -Security:single module:__ZNKSs12find_last_ofEPKcm -Security:single module:__ZNKSs12find_last_ofEPKcmm -Security:single module:__ZNKSs12find_last_ofERKSsm -Security:single module:__ZNKSs12find_last_ofEcm -Security:single module:__ZNKSs13find_first_ofEPKcm -Security:single module:__ZNKSs13find_first_ofEPKcmm -Security:single module:__ZNKSs13find_first_ofERKSsm -Security:single module:__ZNKSs13find_first_ofEcm -Security:single module:__ZNKSs16find_last_not_ofEPKcm -Security:single module:__ZNKSs16find_last_not_ofEPKcmm -Security:single module:__ZNKSs16find_last_not_ofERKSsm -Security:single module:__ZNKSs16find_last_not_ofEcm -Security:single module:__ZNKSs17find_first_not_ofEPKcm -Security:single module:__ZNKSs17find_first_not_ofEPKcmm -Security:single module:__ZNKSs17find_first_not_ofERKSsm -Security:single module:__ZNKSs17find_first_not_ofEcm -Security:single module:__ZNKSs2atEm -Security:single module:__ZNKSs3endEv -Security:single module:__ZNKSs4_Rep12_M_is_leakedEv -Security:single module:__ZNKSs4_Rep12_M_is_sharedEv -Security:single module:__ZNKSs4copyEPcmm -Security:single module:__ZNKSs4dataEv -Security:single module:__ZNKSs4findEPKcm -Security:single module:__ZNKSs4findERKSsm -Security:single module:__ZNKSs4findEcm -Security:single module:__ZNKSs4rendEv -Security:single module:__ZNKSs4sizeEv -Security:single module:__ZNKSs5beginEv -Security:single module:__ZNKSs5c_strEv -Security:single module:__ZNKSs5emptyEv -Security:single module:__ZNKSs5rfindEPKcm -Security:single module:__ZNKSs5rfindEPKcmm -Security:single module:__ZNKSs5rfindERKSsm -Security:single module:__ZNKSs6_M_repEv -Security:single module:__ZNKSs6lengthEv -Security:single module:__ZNKSs6rbeginEv -Security:single module:__ZNKSs6substrEmm -Security:single module:__ZNKSs7_M_dataEv -Security:single module:__ZNKSs7compareEPKc -Security:single module:__ZNKSs7compareEmmPKc -Security:single module:__ZNKSs7compareEmmPKcm -Security:single module:__ZNKSs7compareEmmRKSs -Security:single module:__ZNKSs7compareEmmRKSsmm -Security:single module:__ZNKSs8capacityEv -Security:single module:__ZNKSs8max_sizeEv -Security:single module:__ZNKSsixEm -Security:single module:__ZNSs10_M_replaceIN9__gnu_cxx17__normal_iteratorIPKcSsEEEERSsNS1_IPcSsEES7_T_S8_St18input_iterator_tag -Security:single module:__ZNSs10_M_replaceIN9__gnu_cxx17__normal_iteratorIPcSsEEEERSsS3_S3_T_S5_St18input_iterator_tag -Security:single module:__ZNSs10_M_replaceIPKcEERSsN9__gnu_cxx17__normal_iteratorIPcSsEES6_T_S7_St18input_iterator_tag -Security:single module:__ZNSs10_M_replaceIPcEERSsN9__gnu_cxx17__normal_iteratorIS0_SsEES4_T_S5_St18input_iterator_tag -Security:single module:__ZNSs12_Alloc_hiderC1EPcRKSaIcE -Security:single module:__ZNSs12_Alloc_hiderC2EPcRKSaIcE -Security:single module:__ZNSs12_M_leak_hardEv -Security:single module:__ZNSs12_S_constructEmcRKSaIcE -Security:single module:__ZNSs12_S_constructIN9__gnu_cxx17__normal_iteratorIPKcSsEEEEPcT_S6_RKSaIcESt20forward_iterator_tag -Security:single module:__ZNSs12_S_constructIPcEES0_T_S1_RKSaIcESt20forward_iterator_tag -Security:single module:__ZNSs12_S_empty_repEv -Security:single module:__ZNSs13_S_copy_charsEPcN9__gnu_cxx17__normal_iteratorIPKcSsEES4_ -Security:single module:__ZNSs13_S_copy_charsEPcPKcS1_ -Security:single module:__ZNSs13_S_copy_charsEPcS_S_ -Security:single module:__ZNSs15_M_replace_safeIN9__gnu_cxx17__normal_iteratorIPKcSsEEEERSsNS1_IPcSsEES7_T_S8_ -Security:single module:__ZNSs15_M_replace_safeIPcEERSsN9__gnu_cxx17__normal_iteratorIS0_SsEES4_T_S5_ -Security:single module:__ZNSs2atEm -Security:single module:__ZNSs3endEv -Security:single module:__ZNSs4_Rep10_M_disposeERKSaIcE -Security:single module:__ZNSs4_Rep10_M_refcopyEv -Security:single module:__ZNSs4_Rep10_M_refdataEv -Security:single module:__ZNSs4_Rep13_M_set_leakedEv -Security:single module:__ZNSs4_Rep15_M_set_sharableEv -Security:single module:__ZNSs4_RepixEm -Security:single module:__ZNSs4rendEv -Security:single module:__ZNSs4swapERSs -Security:single module:__ZNSs5beginEv -Security:single module:__ZNSs5clearEv -Security:single module:__ZNSs5eraseEN9__gnu_cxx17__normal_iteratorIPcSsEE -Security:single module:__ZNSs5eraseEN9__gnu_cxx17__normal_iteratorIPcSsEES2_ -Security:single module:__ZNSs5eraseEmm -Security:single module:__ZNSs6appendEPKc -Security:single module:__ZNSs6appendEPKcm -Security:single module:__ZNSs6appendERKSsmm -Security:single module:__ZNSs6appendEmc -Security:single module:__ZNSs6assignEPKc -Security:single module:__ZNSs6assignERKSsmm -Security:single module:__ZNSs6assignEmc -Security:single module:__ZNSs6insertEN9__gnu_cxx17__normal_iteratorIPcSsEEc -Security:single module:__ZNSs6insertEN9__gnu_cxx17__normal_iteratorIPcSsEEmc -Security:single module:__ZNSs6insertEmPKc -Security:single module:__ZNSs6insertEmPKcm -Security:single module:__ZNSs6insertEmRKSs -Security:single module:__ZNSs6insertEmRKSsmm -Security:single module:__ZNSs6insertEmmc -Security:single module:__ZNSs6rbeginEv -Security:single module:__ZNSs6resizeEm -Security:single module:__ZNSs6resizeEmc -Security:single module:__ZNSs7_M_dataEPc -Security:single module:__ZNSs7_M_leakEv -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_NS0_IPKcSsEES5_ -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_PKc -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_PKcm -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_RKSs -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_S1_S1_ -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_S2_S2_ -Security:single module:__ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_mc -Security:single module:__ZNSs7replaceEmmPKc -Security:single module:__ZNSs7replaceEmmRKSs -Security:single module:__ZNSs7replaceEmmRKSsmm -Security:single module:__ZNSs7replaceEmmmc -Security:single module:__ZNSs9push_backEc -Security:single module:__ZNSsC1ERKSaIcE -Security:single module:__ZNSsC1ERKSsmmRKSaIcE -Security:single module:__ZNSsC1EmcRKSaIcE -Security:single module:__ZNSsC1Ev -Security:single module:__ZNSsC1IN9__gnu_cxx17__normal_iteratorIPKcSsEEEET_S5_RKSaIcE -Security:single module:__ZNSsC1IN9__gnu_cxx17__normal_iteratorIPcSsEEEET_S4_RKSaIcE -Security:single module:__ZNSsC1IPKcEET_S2_RKSaIcE -Security:single module:__ZNSsC1IPcEET_S1_RKSaIcE -Security:single module:__ZNSsC2EPKcRKSaIcE -Security:single module:__ZNSsC2EPKcmRKSaIcE -Security:single module:__ZNSsC2ERKSaIcE -Security:single module:__ZNSsC2ERKSs -Security:single module:__ZNSsC2ERKSsmm -Security:single module:__ZNSsC2ERKSsmmRKSaIcE -Security:single module:__ZNSsC2EmcRKSaIcE -Security:single module:__ZNSsC2Ev -Security:single module:__ZNSsC2IN9__gnu_cxx17__normal_iteratorIPKcSsEEEET_S5_RKSaIcE -Security:single module:__ZNSsC2IN9__gnu_cxx17__normal_iteratorIPcSsEEEET_S4_RKSaIcE -Security:single module:__ZNSsC2IPKcEET_S2_RKSaIcE -Security:single module:__ZNSsC2IPcEET_S1_RKSaIcE -Security:single module:__ZNSsC4ERKSaIcE -Security:single module:__ZNSsC4ERKSsmmRKSaIcE -Security:single module:__ZNSsC4EmcRKSaIcE -Security:single module:__ZNSsC4IN9__gnu_cxx17__normal_iteratorIPKcSsEEEET_S5_RKSaIcE -Security:single module:__ZNSsC4IN9__gnu_cxx17__normal_iteratorIPcSsEEEET_S4_RKSaIcE -Security:single module:__ZNSsC4IPKcEET_S2_RKSaIcE -Security:single module:__ZNSsC4IPcEET_S1_RKSaIcE -Security:single module:__ZNSsD1Ev -Security:single module:__ZNSsD2Ev -Security:single module:__ZNSsD4Ev -Security:single module:__ZNSsaSEPKc -Security:single module:__ZNSsaSERKSs -Security:single module:__ZNSsaSEc -Security:single module:__ZNSsixEm -Security:single module:__ZNSspLEPKc -Security:single module:__ZNSspLERKSs -Security:single module:__ZNSspLEc -Security:single module:__ZSt13__destroy_auxIPSsEvT_S1_12__false_type -Security:single module:__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_ES3_RKS6_ -Security:single module:___cxa_rethrow -Security:single module:__ZSt15set_new_handlerPFvvE -Security:single module:__ZNSt9bad_allocD2Ev -Security:single module:__ZNSt9bad_allocD1Ev -Security:single module:__ZNSt9bad_allocD0Ev -Security:single module:__ZNSt9bad_allocD4Ev -Security:single module:__ZNKSt9type_info6beforeERKS_ -Security:single module:__ZN10__cxxabiv123__fundamental_type_infoD2Ev -Security:single module:__ZN10__cxxabiv123__fundamental_type_infoD1Ev -Security:single module:__ZN10__cxxabiv123__fundamental_type_infoD0Ev -Security:single module:__ZN10__cxxabiv123__fundamental_type_infoD4Ev -Security:single module:__ZN10__cxxabiv117__array_type_infoD2Ev -Security:single module:__ZN10__cxxabiv117__array_type_infoD1Ev -Security:single module:__ZN10__cxxabiv117__array_type_infoD0Ev -Security:single module:__ZN10__cxxabiv117__array_type_infoD4Ev -Security:single module:__ZN10__cxxabiv120__function_type_infoD2Ev -Security:single module:__ZN10__cxxabiv120__function_type_infoD1Ev -Security:single module:__ZN10__cxxabiv120__function_type_infoD0Ev -Security:single module:__ZN10__cxxabiv120__function_type_infoD4Ev -Security:single module:__ZN10__cxxabiv116__enum_type_infoD2Ev -Security:single module:__ZN10__cxxabiv116__enum_type_infoD1Ev -Security:single module:__ZN10__cxxabiv116__enum_type_infoD0Ev -Security:single module:__ZN10__cxxabiv116__enum_type_infoD4Ev -Security:single module:__ZN10__cxxabiv117__pbase_type_infoD2Ev -Security:single module:__ZN10__cxxabiv117__pbase_type_infoD1Ev -Security:single module:__ZN10__cxxabiv117__pbase_type_infoD0Ev -Security:single module:__ZN10__cxxabiv117__pbase_type_infoD4Ev -Security:single module:__ZN10__cxxabiv119__pointer_type_infoD2Ev -Security:single module:__ZN10__cxxabiv119__pointer_type_infoD1Ev -Security:single module:__ZN10__cxxabiv119__pointer_type_infoD0Ev -Security:single module:__ZN10__cxxabiv119__pointer_type_infoD4Ev -Security:single module:__ZN10__cxxabiv129__pointer_to_member_type_infoD2Ev -Security:single module:__ZN10__cxxabiv129__pointer_to_member_type_infoD1Ev -Security:single module:__ZN10__cxxabiv129__pointer_to_member_type_infoD0Ev -Security:single module:__ZN10__cxxabiv129__pointer_to_member_type_infoD4Ev -Security:single module:__ZNK10__cxxabiv119__pointer_type_info14__is_pointer_pEv -Security:single module:__ZNK10__cxxabiv120__function_type_info15__is_function_pEv -Security:single module:__ZNK10__cxxabiv117__pbase_type_info10__do_catchEPKSt9type_infoPPvj -Security:single module:__ZNK10__cxxabiv119__pointer_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj -Security:single module:__ZNK10__cxxabiv129__pointer_to_member_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj -Security:single module:___isctype -Security:single module:_cp_demangle -Security:single module:_demangle_CV_qualifiers -Security:single module:_demangle_array_type -Security:single module:_demangle_bare_function_type -Security:single module:_demangle_call_offset -Security:single module:_demangle_char -Security:single module:_demangle_ctor_dtor_name -Security:single module:_demangle_discriminator -Security:single module:_demangle_encoding -Security:single module:_demangle_expr_primary -Security:single module:_demangle_expression -Security:single module:_demangle_function_type -Security:single module:_demangle_literal -Security:single module:_demangle_local_name -Security:single module:_demangle_mangled_name -Security:single module:_demangle_nested_name -Security:single module:_demangle_nv_offset -Security:single module:_demangle_operator_name -Security:single module:_demangle_prefix -Security:single module:_demangle_scope_expression -Security:single module:_demangle_special_name -Security:single module:_demangle_substitution -Security:single module:_demangle_template_arg -Security:single module:_demangle_template_args -Security:single module:_demangle_template_param -Security:single module:_demangle_v_offset -Security:single module:_int_to_dyn_string -Security:single module:_push_template_arg_list -Security:single module:_result_add_separated_char -Security:single module:_result_get_caret -Security:single module:_result_previous_char_is_space -Security:single module:_result_set_caret -Security:single module:_result_shift_caret -Security:single module:_substitution_get -Security:single module:_template_arg_list_add_arg -Security:single module:_template_arg_list_delete -Security:single module:_template_arg_list_get_arg -Security:single module:_template_arg_list_new -Security:single module:__ZNKSt9exception4whatEv -Security:single module:__ZNSt13bad_exceptionD0Ev -Security:single module:__ZNSt13bad_exceptionD1Ev -Security:single module:__ZNSt13bad_exceptionD2Ev -Security:single module:__ZNSt13bad_exceptionD4Ev -Security:single module:__ZNSt9exceptionD0Ev -Security:single module:__ZNSt9exceptionD1Ev -Security:single module:__ZNSt11logic_errorC2ERKSs -Security:single module:__ZNSt11logic_errorC1ERKSs -Security:single module:__ZNSt11logic_errorC4ERKSs -Security:single module:__ZNSt11logic_errorD2Ev -Security:single module:__ZNSt11logic_errorD1Ev -Security:single module:__ZNSt11logic_errorD0Ev -Security:single module:__ZNSt11logic_errorD4Ev -Security:single module:__ZNKSt11logic_error4whatEv -Security:single module:__ZNSt12domain_errorC2ERKSs -Security:single module:__ZNSt12domain_errorC1ERKSs -Security:single module:__ZNSt12domain_errorC4ERKSs -Security:single module:__ZNSt16invalid_argumentC2ERKSs -Security:single module:__ZNSt16invalid_argumentC1ERKSs -Security:single module:__ZNSt16invalid_argumentC4ERKSs -Security:single module:__ZNSt12length_errorC2ERKSs -Security:single module:__ZNSt12length_errorC1ERKSs -Security:single module:__ZNSt12length_errorC4ERKSs -Security:single module:__ZNSt12out_of_rangeC2ERKSs -Security:single module:__ZNSt12out_of_rangeC1ERKSs -Security:single module:__ZNSt12out_of_rangeC4ERKSs -Security:single module:__ZNSt13runtime_errorC2ERKSs -Security:single module:__ZNSt13runtime_errorC1ERKSs -Security:single module:__ZNSt13runtime_errorC4ERKSs -Security:single module:__ZNSt13runtime_errorD2Ev -Security:single module:__ZNSt13runtime_errorD1Ev -Security:single module:__ZNSt13runtime_errorD0Ev -Security:single module:__ZNSt13runtime_errorD4Ev -Security:single module:__ZNKSt13runtime_error4whatEv -Security:single module:__ZNSt11range_errorC2ERKSs -Security:single module:__ZNSt11range_errorC1ERKSs -Security:single module:__ZNSt11range_errorC4ERKSs -Security:single module:__ZNSt14overflow_errorC2ERKSs -Security:single module:__ZNSt14overflow_errorC1ERKSs -Security:single module:__ZNSt14overflow_errorC4ERKSs -Security:single module:__ZNSt15underflow_errorC2ERKSs -Security:single module:__ZNSt15underflow_errorC1ERKSs -Security:single module:__ZNSt15underflow_errorC4ERKSs -Security:single module:__ZN11SecNssCoder10encodeItemEPKvPK23sec_ASN1Template_structR9cssm_data -Security:single module:__ZN11SecNssCoderC2Ej -Security:single module:__ZN11SecNssCoderD2Ev -Security:single module:___fixdfdi -Security:single module:___floatdidf -Security:single module:__ZN11AppleFileDLC2Ev -Security:single module:__ZN11AppleFileDLD0Ev -Security:single module:__ZN11AppleFileDLD1Ev -Security:single module:__ZN11AppleFileDLD2Ev -Security:single module:__ZN11AppleFileDLD4Ev -Security:single module:__ZN11AppleX509CLC2Ev -Security:single module:__ZN11AppleX509CLD0Ev -Security:single module:__ZN11AppleX509CLD1Ev -Security:single module:__ZN11AppleX509CLD2Ev -Security:single module:__ZN11AppleX509CLD4Ev -Security:single module:__ZN11CSPDLPluginC2Ev -Security:single module:__ZN11CSPDLPluginD0Ev -Security:single module:__ZN11CSPDLPluginD1Ev -Security:single module:__ZN11CSPDLPluginD2Ev -Security:single module:__ZN11CSPDLPluginD4Ev -Security:single module:__ZN13YarrowContext4initERKN8Security7ContextEb -Security:single module:__ZN13YarrowContext5finalERN8Security8CssmDataE -Security:single module:__ZN13YarrowContextC1ER15AppleCSPSession -Security:single module:__ZN13YarrowContextC2ER15AppleCSPSession -Security:single module:__ZN13YarrowContextC4ER15AppleCSPSession -Security:single module:__ZN13YarrowContextD0Ev -Security:single module:__ZN13YarrowContextD1Ev -Security:single module:__ZN13YarrowContextD2Ev -Security:single module:__ZN13YarrowContextD4Ev -Security:single module:__ZN14AppleCSPPluginC2Ev -Security:single module:__ZN14AppleCSPPluginD0Ev -Security:single module:__ZN14AppleCSPPluginD1Ev -Security:single module:__ZN14AppleCSPPluginD2Ev -Security:single module:__ZN14AppleCSPPluginD4Ev -Security:single module:__ZN15AppleCSPSession10addEntropyEmPKh -Security:single module:__ZN15AppleCSPSession11PassThroughEyRKN8Security7ContextEmPKvPPv -Security:single module:__ZN15AppleCSPSession14getRandomBytesEmPh -Security:single module:__ZN15AppleCSPSession5setupERPN8Security20CSPFullPluginSession10CSPContextERKNS0_7ContextE -Security:single module:__ZN15AppleCSPSessionC2EmR14AppleCSPPluginRK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN15AppleCSPSessionD1Ev -Security:single module:__ZN15AppleCSPSessionD2Ev -Security:single module:__ZN7AppleTPC2Ev -Security:single module:__ZN7AppleTPD0Ev -Security:single module:__ZN7AppleTPD1Ev -Security:single module:__ZN7AppleTPD2Ev -Security:single module:__ZN7AppleTPD4Ev -Security:single module:_getField_Unimplemented -Security:single module:_setFieldUnknownExt -Security:single module:_setField_AlgIdNSS -Security:single module:_setField_ReadOnly -Security:single module:_setField_TimeNSS -Security:single module:_tbsSetCheck -Security:single module:___deregister_frame -Security:single module:___deregister_frame_info -Security:single module:___deregister_frame_info_bases -Security:single module:___register_frame -Security:single module:___register_frame_info -Security:single module:___register_frame_info_bases -Security:single module:___register_frame_info_table -Security:single module:___register_frame_info_table_bases -Security:single module:___register_frame_table -Security:single module:_fde_mixed_encoding_compare -Security:single module:_fde_unencoded_compare -Security:single module:_linear_search_fdes -Security:single module:_live_image_destructor -Security:single module:rest_world -Security:single module:___cxa_dyn_string_append -Security:single module:___cxa_dyn_string_append_cstr -Security:single module:___cxa_dyn_string_copy_cstr -Security:single module:___cxa_dyn_string_eq -Security:single module:___cxa_dyn_string_prepend -Security:single module:___cxa_dyn_string_prepend_cstr -Security:single module:___cxa_dyn_string_release -Security:single module:_NSS_Get_SEC_AnyTemplate -Security:single module:_NSS_Get_SEC_BMPStringTemplate -Security:single module:_NSS_Get_SEC_BooleanTemplate -Security:single module:_NSS_Get_SEC_BitStringTemplate -Security:single module:_NSS_Get_SEC_IA5StringTemplate -Security:single module:_NSS_Get_SEC_GeneralizedTimeTemplate -Security:single module:_NSS_Get_SEC_IntegerTemplate -Security:single module:_NSS_Get_SEC_NullTemplate -Security:single module:_NSS_Get_SEC_ObjectIDTemplate -Security:single module:_NSS_Get_SEC_OctetStringTemplate -Security:single module:_NSS_Get_SEC_PointerToAnyTemplate -Security:single module:_NSS_Get_SEC_PointerToOctetStringTemplate -Security:single module:_NSS_Get_SEC_SetOfAnyTemplate -Security:single module:_NSS_Get_SEC_UTCTimeTemplate -Security:single module:_NSS_Get_SEC_UTF8StringTemplate -Security:single module:_NSS_PutEnv -Security:single module:_PORT_Alloc -Security:single module:_PORT_ArenaGrow -Security:single module:_PORT_ArenaStrdup -Security:single module:_PORT_ArenaUnmark -Security:single module:_PORT_Free -Security:single module:_PORT_GetError -Security:single module:_PORT_Realloc -Security:single module:_PORT_SetError -Security:single module:_PORT_SetUCS2_ASCIIConversionFunction -Security:single module:_PORT_SetUCS2_UTF8ConversionFunction -Security:single module:_PORT_SetUCS4_UTF8ConversionFunction -Security:single module:_PORT_Strdup -Security:single module:_PORT_UCS2_ASCIIConversion -Security:single module:_PORT_UCS2_UTF8Conversion -Security:single module:_PORT_UCS4_UTF8Conversion -Security:single module:_PR_GetError -Security:single module:_PR_GetOSError -Security:single module:_PR_Realloc -Security:single module:_PR_SetError -Security:single module:_PR_getThreadErrInfo -Security:single module:_PR_initThreadKey -Security:single module:_SEC_ASN1DecodeInteger -Security:single module:_SEC_ASN1DecodeItem -Security:single module:_SEC_ASN1DecoderClearFilterProc -Security:single module:_SEC_ASN1DecoderClearNotifyProc -Security:single module:_SEC_ASN1DecoderSetFilterProc -Security:single module:_SEC_ASN1DecoderSetNotifyProc -Security:single module:_sec_asn1d_after_choice -Security:single module:_sec_asn1d_before_choice -Security:single module:_sec_asn1d_during_choice -Security:single module:_sec_asn1d_parse_end_of_contents -Security:single module:_sec_asn1d_parse_more_identifier -Security:single module:_sec_asn1d_uinteger -Security:single module:_SEC_ASN1EncodeInteger -Security:single module:_SEC_ASN1EncodeItem -Security:single module:_SEC_ASN1EncodeUnsignedInteger -Security:single module:_SEC_ASN1EncoderClearNotifyProc -Security:single module:_SEC_ASN1EncoderClearStreaming -Security:single module:_SEC_ASN1EncoderClearTakeFromBuf -Security:single module:_SEC_ASN1EncoderSetNotifyProc -Security:single module:_SEC_ASN1EncoderSetStreaming -Security:single module:_SEC_ASN1EncoderSetTakeFromBuf -Security:single module:_sec_asn1e_allocate_item -Security:single module:_sec_asn1e_integer -Security:single module:_sec_asn1e_which_choice -Security:single module:_sec_asn1e_write_end_of_contents_bytes -Security:single module:___fixunsdfdi -Security:single module:__ZN18AppleX509CLSession15lookupCachedCRLEm -Security:single module:__ZN18AppleX509CLSessionC2EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN18AppleX509CLSessionD1Ev -Security:single module:__ZN18AppleX509CLSessionD2Ev -Security:single module:__ZN11SSDLSession10DataDeleteEmRK21cssm_db_unique_record -Security:single module:__ZN11SSDLSession10DataInsertEmmPK29cssm_db_record_attribute_dataPKN8Security8CssmDataERP21cssm_db_unique_record -Security:single module:__ZN11SSDLSession10DataModifyEmmR21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPKN8Security8CssmDataEm -Security:single module:__ZN11SSDLSession10GetDbNamesERP14cssm_name_list -Security:single module:__ZN11SSDLSession10GetDbOwnerEmR24cssm_acl_owner_prototype -Security:single module:__ZN11SSDLSession11ChangeDbAclEmRKN8Security17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZN11SSDLSession11PassThroughEmmPKvPPv -Security:single module:__ZN11SSDLSession12AuthenticateEmmRKN8Security17AccessCredentialsE -Security:single module:__ZN11SSDLSession12FreeNameListER14cssm_name_list -Security:single module:__ZN11SSDLSession13ChangeDbOwnerEmRKN8Security17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZN11SSDLSession14CreateRelationEmmPKcmRK29cssm_db_schema_attribute_infomRK25cssm_db_schema_index_info -Security:single module:__ZN11SSDLSession15DestroyRelationEmm -Security:single module:__ZN11SSDLSession19GetDbNameFromHandleEmPPc -Security:single module:__ZN11SSDLSession8DbCreateEPKcPK16cssm_net_addressRK11cssm_dbinfomPK29cssm_resource_control_contextPKvRm -Security:single module:__ZN11SSDLSession8DbDeleteEPKcPK16cssm_net_addressPKN8Security17AccessCredentialsE -Security:single module:__ZN11SSDLSession8GetDbAclEmPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN11SSDLSessionC2EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsRN8Security15DatabaseManagerER14SSCSPDLSession -Security:single module:__ZN11SSDLSessionD1Ev -Security:single module:__ZN11SSDLSessionD2Ev -Security:single module:__ZThn40_N11SSDLSession10DataDeleteEmRK21cssm_db_unique_record -Security:single module:__ZThn40_N11SSDLSession10DataInsertEmmPK29cssm_db_record_attribute_dataPKN8Security8CssmDataERP21cssm_db_unique_record -Security:single module:__ZThn40_N11SSDLSession10DataModifyEmmR21cssm_db_unique_recordPK29cssm_db_record_attribute_dataPKN8Security8CssmDataEm -Security:single module:__ZThn40_N11SSDLSession10GetDbNamesERP14cssm_name_list -Security:single module:__ZThn40_N11SSDLSession10GetDbOwnerEmR24cssm_acl_owner_prototype -Security:single module:__ZThn40_N11SSDLSession11ChangeDbAclEmRKN8Security17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZThn40_N11SSDLSession11PassThroughEmmPKvPPv -Security:single module:__ZThn40_N11SSDLSession12AuthenticateEmmRKN8Security17AccessCredentialsE -Security:single module:__ZThn40_N11SSDLSession12FreeNameListER14cssm_name_list -Security:single module:__ZThn40_N11SSDLSession13ChangeDbOwnerEmRKN8Security17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZThn40_N11SSDLSession14CreateRelationEmmPKcmRK29cssm_db_schema_attribute_infomRK25cssm_db_schema_index_info -Security:single module:__ZThn40_N11SSDLSession15DestroyRelationEmm -Security:single module:__ZThn40_N11SSDLSession19GetDbNameFromHandleEmPPc -Security:single module:__ZThn40_N11SSDLSession8DbCreateEPKcPK16cssm_net_addressRK11cssm_dbinfomPK29cssm_resource_control_contextPKvRm -Security:single module:__ZThn40_N11SSDLSession8DbDeleteEPKcPK16cssm_net_addressPKN8Security17AccessCredentialsE -Security:single module:__ZThn40_N11SSDLSession8GetDbAclEmPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZThn40_N11SSDLSessionD0Ev -Security:single module:__ZThn40_N11SSDLSessionD1Ev -Security:single module:__ZThn44_N11SSDLSessionD0Ev -Security:single module:__ZThn44_N11SSDLSessionD1Ev -Security:single module:__ZN12SSCSPSession11GenerateKeyEyRKN8Security7ContextEmmPKNS0_8CssmDataEPK29cssm_resource_control_contextRNS0_7CssmKeyEy -Security:single module:__ZN12SSCSPSession11GetKeyOwnerERKN8Security7CssmKeyER24cssm_acl_owner_prototype -Security:single module:__ZN12SSCSPSession11GetLoginAclEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN12SSCSPSession11PassThroughEyRKN8Security7ContextEmPKvPPv -Security:single module:__ZN12SSCSPSession11getDatabaseEP17cssm_dl_db_handle -Security:single module:__ZN12SSCSPSession11getDatabaseERKN8Security7ContextE -Security:single module:__ZN12SSCSPSession12ChangeKeyAclERKN8Security17AccessCredentialsERK13cssm_acl_editRKNS0_7CssmKeyE -Security:single module:__ZN12SSCSPSession12GetTimeValueEmRN8Security8CssmDataE -Security:single module:__ZN12SSCSPSession12VerifyDeviceERKN8Security8CssmDataE -Security:single module:__ZN12SSCSPSession13GetLoginOwnerER24cssm_acl_owner_prototype -Security:single module:__ZN12SSCSPSession14ChangeKeyOwnerERKN8Security17AccessCredentialsERKNS0_7CssmKeyERK24cssm_acl_owner_prototype -Security:single module:__ZN12SSCSPSession14ChangeLoginAclERKN8Security17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZN12SSCSPSession14GenerateRandomEyRKN8Security7ContextERNS0_8CssmDataE -Security:single module:__ZN12SSCSPSession15GenerateKeyPairEyRKN8Security7ContextEmmPKNS0_8CssmDataERNS0_7CssmKeyEmmS6_PK29cssm_resource_control_contextS8_y -Security:single module:__ZN12SSCSPSession15RetrieveCounterERN8Security8CssmDataE -Security:single module:__ZN12SSCSPSession15validateKeyAttrEm -Security:single module:__ZN12SSCSPSession16ChangeLoginOwnerERKN8Security17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZN12SSCSPSession16RetrieveUniqueIdERN8Security8CssmDataE -Security:single module:__ZN12SSCSPSession16makeReferenceKeyEmRN8Security7CssmKeyER10SSDatabasemPKNS0_8CssmDataE -Security:single module:__ZN12SSCSPSession18QueryKeySizeInBitsEyRKN8Security7ContextERKNS0_7CssmKeyER13cssm_key_size -Security:single module:__ZN12SSCSPSession24GetOperationalStatisticsERN8Security24CSPOperationalStatisticsE -Security:single module:__ZN12SSCSPSession29ObtainPrivateKeyFromPublicKeyERKN8Security7CssmKeyERS1_ -Security:single module:__ZN12SSCSPSession5LoginERKN8Security17AccessCredentialsEPKNS0_8CssmDataEPKv -Security:single module:__ZN12SSCSPSession6LogoutEv -Security:single module:__ZN12SSCSPSession7WrapKeyEyRKN8Security7ContextERKNS0_17AccessCredentialsERKNS0_7CssmKeyEPKNS0_8CssmDataERS7_y -Security:single module:__ZN12SSCSPSession9DeriveKeyEyRKN8Security7ContextERNS0_8CssmDataEmmPKS4_PK29cssm_resource_control_contextRNS0_7CssmKeyE -Security:single module:__ZN12SSCSPSession9GetKeyAclERKN8Security7CssmKeyEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZN12SSCSPSession9UnwrapKeyEyRKN8Security7ContextEPKNS0_7CssmKeyERS5_mmPKNS0_8CssmDataEPK29cssm_resource_control_contextRS4_RS8_y -Security:single module:__ZN12SSCSPSessionC2EmR11CSPDLPluginRK12cssm_versionmmmRK12cssm_upcallsR14SSCSPDLSessionRN8Security10CssmClient3CSPE -Security:single module:__ZThn40_N12SSCSPSession11GenerateKeyEyRKN8Security7ContextEmmPKNS0_8CssmDataEPK29cssm_resource_control_contextRNS0_7CssmKeyEy -Security:single module:__ZThn40_N12SSCSPSession11GetKeyOwnerERKN8Security7CssmKeyER24cssm_acl_owner_prototype -Security:single module:__ZThn40_N12SSCSPSession11GetLoginAclEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZThn40_N12SSCSPSession11PassThroughEyRKN8Security7ContextEmPKvPPv -Security:single module:__ZThn40_N12SSCSPSession12ChangeKeyAclERKN8Security17AccessCredentialsERK13cssm_acl_editRKNS0_7CssmKeyE -Security:single module:__ZThn40_N12SSCSPSession12GetTimeValueEmRN8Security8CssmDataE -Security:single module:__ZThn40_N12SSCSPSession12VerifyDeviceERKN8Security8CssmDataE -Security:single module:__ZThn40_N12SSCSPSession13GetLoginOwnerER24cssm_acl_owner_prototype -Security:single module:__ZThn40_N12SSCSPSession14ChangeKeyOwnerERKN8Security17AccessCredentialsERKNS0_7CssmKeyERK24cssm_acl_owner_prototype -Security:single module:__ZThn40_N12SSCSPSession14ChangeLoginAclERKN8Security17AccessCredentialsERK13cssm_acl_edit -Security:single module:__ZThn40_N12SSCSPSession14GenerateRandomEyRKN8Security7ContextERNS0_8CssmDataE -Security:single module:__ZThn40_N12SSCSPSession15GenerateKeyPairEyRKN8Security7ContextEmmPKNS0_8CssmDataERNS0_7CssmKeyEmmS6_PK29cssm_resource_control_contextS8_y -Security:single module:__ZThn40_N12SSCSPSession15RetrieveCounterERN8Security8CssmDataE -Security:single module:__ZThn40_N12SSCSPSession16ChangeLoginOwnerERKN8Security17AccessCredentialsERK24cssm_acl_owner_prototype -Security:single module:__ZThn40_N12SSCSPSession16RetrieveUniqueIdERN8Security8CssmDataE -Security:single module:__ZThn40_N12SSCSPSession24GetOperationalStatisticsERN8Security24CSPOperationalStatisticsE -Security:single module:__ZThn40_N12SSCSPSession29ObtainPrivateKeyFromPublicKeyERKN8Security7CssmKeyERS1_ -Security:single module:__ZThn40_N12SSCSPSession5LoginERKN8Security17AccessCredentialsEPKNS0_8CssmDataEPKv -Security:single module:__ZThn40_N12SSCSPSession6LogoutEv -Security:single module:__ZThn40_N12SSCSPSession7WrapKeyEyRKN8Security7ContextERKNS0_17AccessCredentialsERKNS0_7CssmKeyEPKNS0_8CssmDataERS7_y -Security:single module:__ZThn40_N12SSCSPSession9DeriveKeyEyRKN8Security7ContextERNS0_8CssmDataEmmPKS4_PK29cssm_resource_control_contextRNS0_7CssmKeyE -Security:single module:__ZThn40_N12SSCSPSession9GetKeyAclERKN8Security7CssmKeyEPA68_KcRmRP19cssm_acl_entry_info -Security:single module:__ZThn40_N12SSCSPSession9UnwrapKeyEyRKN8Security7ContextEPKNS0_7CssmKeyERS5_mmPKNS0_8CssmDataEPK29cssm_resource_control_contextRS4_RS8_y -Security:single module:__ZN14SSCSPDLSession16makeReferenceKeyER12SSCSPSessionmRN8Security7CssmKeyER10SSDatabasemPKNS2_8CssmDataE -Security:single module:__ZN14SSCSPDLSessionC2Ev -Security:single module:__ZN20CSPDLDatabaseManager4makeERKN8Security6DbNameE -Security:single module:__ZN10DH_Factory5setupER15AppleCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextE -Security:single module:__ZN10DH_FactoryC2EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN10DH_FactoryD0Ev -Security:single module:__ZN10DH_FactoryD1Ev -Security:single module:__ZN10DH_FactoryD2Ev -Security:single module:__ZN10DH_FactoryD4Ev -Security:single module:__Z13throwComcrypt14comcryptReturnPKc -Security:single module:__Z6ccFreePv -Security:single module:__Z8ccMallocj -Security:single module:__ZN10ASCContext10outputSizeEbm -Security:single module:__ZN10ASCContext15minimumProgressERmS0_ -Security:single module:__ZN10ASCContext4initERKN8Security7ContextEb -Security:single module:__ZN10ASCContext5finalERN8Security8CssmDataE -Security:single module:__ZN10ASCContext6updateEPvRmS0_S1_ -Security:single module:__ZN10ASCContext9inputSizeEm -Security:single module:__ZN10ASCContextD0Ev -Security:single module:__ZN10ASCContextD1Ev -Security:single module:__ZN10ASCContextD2Ev -Security:single module:__ZN10ASCContextD4Ev -Security:single module:__ZN13AscAlgFactory5setupER15AppleCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextE -Security:single module:__ZN13AscAlgFactoryC2EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN15AppleCSPContextD0Ev -Security:single module:__ZN15AppleCSPContextD1Ev -Security:single module:__ZN18SymmetricBinaryKey15generateKeyBlobERN8Security13CssmAllocatorERNS0_8CssmDataERmR15AppleCSPSessionPKNS0_7CssmKeyES5_ -Security:single module:__ZN18SymmetricBinaryKeyC2Ej -Security:single module:__ZN18SymmetricBinaryKeyD1Ev -Security:single module:__ZN18SymmetricBinaryKeyD2Ev -Security:single module:__ZN22AppleKeyPairGenContext8generateERKN8Security7ContextER15AppleCSPSessionRNS0_7CssmKeyEP9BinaryKeyS7_S9_ -Security:single module:__ZN22AppleSymmKeyGenContext14generateSymKeyERKN8Security7ContextER15AppleCSPSessionRNS0_7CssmKeyE -Security:single module:__ZN15AppleCSPSession7WrapKeyEyRKN8Security7ContextERKNS0_17AccessCredentialsERKNS0_7CssmKeyEPKNS0_8CssmDataERS7_y -Security:single module:__Z6ckFreePv -Security:single module:__Z9ckReallocPvj -Security:single module:__ZN15CryptKitFactory5setupER15AppleCSPSessionRPN8Security20CSPFullPluginSession10CSPContextERKNS2_7ContextE -Security:single module:__ZN15CryptKitFactoryC2EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN15CryptKitFactoryD0Ev -Security:single module:__ZN15CryptKitFactoryD1Ev -Security:single module:__ZN15CryptKitFactoryD2Ev -Security:single module:__ZN15CryptKitFactoryD4Ev -Security:single module:__Z9osReallocPvm -Security:single module:__ZN15RSA_DSA_FactoryC2EPN8Security13CssmAllocatorES2_ -Security:single module:__ZN15RSA_DSA_FactoryD0Ev -Security:single module:__ZN15RSA_DSA_FactoryD1Ev -Security:single module:__ZN15RSA_DSA_FactoryD2Ev -Security:single module:__ZN15RSA_DSA_FactoryD4Ev -Security:single module:__ZN11DHBinaryKeyC2EP5dh_st -Security:single module:__ZN11DHBinaryKeyC1EP5dh_st -Security:single module:__ZN11DHBinaryKeyC4EP5dh_st -Security:single module:__ZN11DHBinaryKeyD2Ev -Security:single module:__ZN11DHBinaryKeyD1Ev -Security:single module:__ZN11DHBinaryKeyD0Ev -Security:single module:__ZN11DHBinaryKeyD4Ev -Security:single module:__ZN11DHBinaryKey15generateKeyBlobERN8Security13CssmAllocatorERNS0_8CssmDataERmR15AppleCSPSessionPKNS0_7CssmKeyES5_ -Security:single module:__ZN19DHKeyPairGenContext8generateERKN8Security7ContextERNS0_7CssmKeyES5_ -Security:single module:__ZN19DHKeyPairGenContext8generateERKN8Security7ContextER9BinaryKeyS5_Rm -Security:single module:__ZN17DHKeyInfoProviderC2ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN17DHKeyInfoProviderC1ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN17DHKeyInfoProviderC4ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN17DHKeyInfoProvider8providerERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN17DHKeyInfoProvider15CssmKeyToBinaryEPN8Security7CssmKeyERmPP9BinaryKey -Security:single module:__ZN17DHKeyInfoProvider18QueryKeySizeInBitsER13cssm_key_size -Security:single module:__ZN17DHKeyInfoProvider15getHashableBlobERN8Security13CssmAllocatorERNS0_8CssmDataE -Security:single module:__ZN19DHKeyPairGenContext8generateERKN8Security7ContextEmRNS0_8CssmDataERmRPNS1_4AttrE -Security:single module:__ZN19DHKeyPairGenContext12freeGenAttrsEv -Security:single module:__ZN19DHKeyPairGenContext11dhGenParamsEmjiR15NSS_DHParameterR11SecNssCoder -Security:single module:__ZN12DSABinaryKey15generateKeyBlobERN8Security13CssmAllocatorERNS0_8CssmDataERmR15AppleCSPSessionPKNS0_7CssmKeyES5_ -Security:single module:__ZN12DSABinaryKeyC1EP6dsa_st -Security:single module:__ZN12DSABinaryKeyC2EP6dsa_st -Security:single module:__ZN12DSABinaryKeyC4EP6dsa_st -Security:single module:__ZN12DSABinaryKeyD0Ev -Security:single module:__ZN12DSABinaryKeyD1Ev -Security:single module:__ZN12DSABinaryKeyD2Ev -Security:single module:__ZN12DSABinaryKeyD4Ev -Security:single module:__ZN12RSABinaryKey15generateKeyBlobERN8Security13CssmAllocatorERNS0_8CssmDataERmR15AppleCSPSessionPKNS0_7CssmKeyES5_ -Security:single module:__ZN12RSABinaryKeyC1EP6rsa_st -Security:single module:__ZN12RSABinaryKeyC2EP6rsa_st -Security:single module:__ZN12RSABinaryKeyC4EP6rsa_st -Security:single module:__ZN12RSABinaryKeyD0Ev -Security:single module:__ZN12RSABinaryKeyD1Ev -Security:single module:__ZN12RSABinaryKeyD2Ev -Security:single module:__ZN12RSABinaryKeyD4Ev -Security:single module:__ZN18DSAKeyInfoProvider15CssmKeyToBinaryEPN8Security7CssmKeyERmPP9BinaryKey -Security:single module:__ZN18DSAKeyInfoProvider15getHashableBlobERN8Security13CssmAllocatorERNS0_8CssmDataE -Security:single module:__ZN18DSAKeyInfoProvider18QueryKeySizeInBitsER13cssm_key_size -Security:single module:__ZN18DSAKeyInfoProvider8providerERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18DSAKeyInfoProviderC1ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18DSAKeyInfoProviderC2ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18DSAKeyInfoProviderC4ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18RSAKeyInfoProvider15CssmKeyToBinaryEPN8Security7CssmKeyERmPP9BinaryKey -Security:single module:__ZN18RSAKeyInfoProvider15getHashableBlobERN8Security13CssmAllocatorERNS0_8CssmDataE -Security:single module:__ZN18RSAKeyInfoProviderC1ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN18RSAKeyInfoProviderC2ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN20DSAKeyPairGenContext12dsaGenParamsEmPKvjR16NSS_DSAAlgParamsR11SecNssCoder -Security:single module:__ZN20DSAKeyPairGenContext12freeGenAttrsEv -Security:single module:__ZN20DSAKeyPairGenContext8generateERKN8Security7ContextER9BinaryKeyS5_Rm -Security:single module:__ZN20DSAKeyPairGenContext8generateERKN8Security7ContextERNS0_7CssmKeyES5_ -Security:single module:__ZN20DSAKeyPairGenContext8generateERKN8Security7ContextEmRNS0_8CssmDataERmRPNS1_4AttrE -Security:single module:__ZN20RSAKeyPairGenContext8generateERKN8Security7ContextER9BinaryKeyS5_Rm -Security:single module:__ZN20RSAKeyPairGenContext8generateERKN8Security7ContextERNS0_7CssmKeyES5_ -Security:single module:__ZN24SymmetricKeyInfoProvider15getHashableBlobERN8Security13CssmAllocatorERNS0_8CssmDataE -Security:single module:__ZN24SymmetricKeyInfoProvider18QueryKeySizeInBitsER13cssm_key_size -Security:single module:__ZN24SymmetricKeyInfoProviderC2ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN8CryptKit12FEEBinaryKeyC2EPv -Security:single module:__ZN8CryptKit12FEEBinaryKeyC1EPv -Security:single module:__ZN8CryptKit12FEEBinaryKeyC4EPv -Security:single module:__ZN8CryptKit12FEEBinaryKeyD2Ev -Security:single module:__ZN8CryptKit12FEEBinaryKeyD1Ev -Security:single module:__ZN8CryptKit12FEEBinaryKeyD0Ev -Security:single module:__ZN8CryptKit12FEEBinaryKeyD4Ev -Security:single module:__ZN8CryptKit12FEEBinaryKey15generateKeyBlobERN8Security13CssmAllocatorERNS1_8CssmDataERmR15AppleCSPSessionPKNS1_7CssmKeyES6_ -Security:single module:__ZN8CryptKit20FEEKeyPairGenContext8generateERKN8Security7ContextERNS1_7CssmKeyES6_ -Security:single module:__ZN8CryptKit20FEEKeyPairGenContext8generateERKN8Security7ContextER9BinaryKeyS6_Rm -Security:single module:__ZN8CryptKit18FEEKeyInfoProviderC2ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN8CryptKit18FEEKeyInfoProviderC1ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN8CryptKit18FEEKeyInfoProviderC4ERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN8CryptKit18FEEKeyInfoProvider8providerERKN8Security7CssmKeyER15AppleCSPSession -Security:single module:__ZN8CryptKit18FEEKeyInfoProvider15CssmKeyToBinaryEPN8Security7CssmKeyERmPP9BinaryKey -Security:single module:__ZN8CryptKit18FEEKeyInfoProvider18QueryKeySizeInBitsER13cssm_key_size -Security:single module:__ZN8CryptKit18FEEKeyInfoProvider15getHashableBlobERN8Security13CssmAllocatorERNS1_8CssmDataE -Security:single module:_cspAddEntropy -Security:single module:_copyCssmHeader -Security:single module:_cspCompareCssmData -Security:single module:_cspGenSha1Hash -Security:single module:_requestedKeyFormat -Security:single module:__ZN14AppleTPSession10CertRevokeEmmPKN8Security8CssmDataERK14cssm_certgroupS6_RK22cssm_tp_verify_contextR29cssm_tp_verify_context_resultmRS1_ -Security:single module:__ZN14AppleTPSession10FormSubmitEmRKN8Security8CssmDataEPK20cssm_tp_authority_idS6_PNS0_17AccessCredentialsE -Security:single module:__ZN14AppleTPSession11FormRequestEPK20cssm_tp_authority_idmRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession11PassThroughEmyPK15cssm_dl_db_listmPKvPPv -Security:single module:__ZN14AppleTPSession12ApplyCrlToDbEmmRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextR29cssm_tp_verify_context_result -Security:single module:__ZN14AppleTPSession14CertGroupPruneEmRK15cssm_dl_db_listRK14cssm_certgroupRPS3_ -Security:single module:__ZN14AppleTPSession14CertReclaimKeyERK14cssm_certgroupmymPK29cssm_resource_control_context -Security:single module:__ZN14AppleTPSession16CertReclaimAbortEy -Security:single module:__ZN14AppleTPSession17ConfirmCredResultERKN8Security8CssmDataEPK26cssm_tp_callerauth_contextRK24cssm_tp_confirm_responsePK20cssm_tp_authority_id -Security:single module:__ZN14AppleTPSession17CrlCreateTemplateEmmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession18CertCreateTemplateEmmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession19ReceiveConfirmationERKN8Security8CssmDataERP24cssm_tp_confirm_responseRl -Security:single module:__ZN14AppleTPSession21CertGroupToTupleGroupEmRK14cssm_certgroupRP15cssm_tuplegroup -Security:single module:__ZN14AppleTPSession21TupleGroupToCertGroupEmRK15cssm_tuplegroupRP14cssm_certgroup -Security:single module:__ZN14AppleTPSession24CertGetAllTemplateFieldsEmRKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZN14AppleTPSession25CertRemoveFromCrlTemplateEmmPKN8Security8CssmDataERK14cssm_certgroupS6_RK22cssm_tp_verify_contextR29cssm_tp_verify_context_resultRS1_ -Security:single module:__ZN14AppleTPSession7CrlSignEmyRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession8CertSignEmyRKN8Security8CssmDataERK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultRS1_ -Security:single module:__ZN14AppleTPSession9CrlVerifyEmmRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__ZN14AppleTPSessionC2EmRN8Security10CssmPluginERK12cssm_versionmmmRK12cssm_upcalls -Security:single module:__ZN14AppleTPSessionD1Ev -Security:single module:__ZN14AppleTPSessionD2Ev -Security:single module:__ZThn40_N14AppleTPSession10CertRevokeEmmPKN8Security8CssmDataERK14cssm_certgroupS6_RK22cssm_tp_verify_contextR29cssm_tp_verify_context_resultmRS1_ -Security:single module:__ZThn40_N14AppleTPSession10FormSubmitEmRKN8Security8CssmDataEPK20cssm_tp_authority_idS6_PNS0_17AccessCredentialsE -Security:single module:__ZThn40_N14AppleTPSession11FormRequestEPK20cssm_tp_authority_idmRN8Security8CssmDataE -Security:single module:__ZThn40_N14AppleTPSession11PassThroughEmyPK15cssm_dl_db_listmPKvPPv -Security:single module:__ZThn40_N14AppleTPSession12ApplyCrlToDbEmmRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextR29cssm_tp_verify_context_result -Security:single module:__ZThn40_N14AppleTPSession14CertGroupPruneEmRK15cssm_dl_db_listRK14cssm_certgroupRPS3_ -Security:single module:__ZThn40_N14AppleTPSession14CertReclaimKeyERK14cssm_certgroupmymPK29cssm_resource_control_context -Security:single module:__ZThn40_N14AppleTPSession16CertReclaimAbortEy -Security:single module:__ZThn40_N14AppleTPSession17ConfirmCredResultERKN8Security8CssmDataEPK26cssm_tp_callerauth_contextRK24cssm_tp_confirm_responsePK20cssm_tp_authority_id -Security:single module:__ZThn40_N14AppleTPSession17CrlCreateTemplateEmmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZThn40_N14AppleTPSession18CertCreateTemplateEmmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZThn40_N14AppleTPSession19ReceiveConfirmationERKN8Security8CssmDataERP24cssm_tp_confirm_responseRl -Security:single module:__ZThn40_N14AppleTPSession21CertGroupToTupleGroupEmRK14cssm_certgroupRP15cssm_tuplegroup -Security:single module:__ZThn40_N14AppleTPSession21TupleGroupToCertGroupEmRK15cssm_tuplegroupRP14cssm_certgroup -Security:single module:__ZThn40_N14AppleTPSession24CertGetAllTemplateFieldsEmRKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZThn40_N14AppleTPSession25CertRemoveFromCrlTemplateEmmPKN8Security8CssmDataERK14cssm_certgroupS6_RK22cssm_tp_verify_contextR29cssm_tp_verify_context_resultRS1_ -Security:single module:__ZThn40_N14AppleTPSession7CrlSignEmyRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultRN8Security8CssmDataE -Security:single module:__ZThn40_N14AppleTPSession8CertSignEmyRKN8Security8CssmDataERK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_resultRS1_ -Security:single module:__ZThn40_N14AppleTPSession9CrlVerifyEmmRK16cssm_encoded_crlRK14cssm_certgroupPK22cssm_tp_verify_contextP29cssm_tp_verify_context_result -Security:single module:__Z18NSS_genNameChooserPviPKcS_ -Security:single module:__Z11clDataToIntRK9cssm_datal -Security:single module:__Z11clIntToDatamR9cssm_dataRN8Security13CssmAllocatorE -Security:single module:__Z14clNssNullArraymR11SecNssCoder -Security:single module:__Z15clCssmBoolToNsslR9cssm_dataRN8Security13CssmAllocatorE -Security:single module:__Z16CL_cssmTimeToNssRK14cssm_x509_timeR14NSS_TaggedItemR11SecNssCoder -Security:single module:__Z16CL_freeCssmAlgIdP30cssm_x509_algorithm_identifierRN8Security13CssmAllocatorE -Security:single module:__Z16CL_nullAlgParamsR30cssm_x509_algorithm_identifier -Security:single module:__Z20clCssmBitStringToNssR9cssm_data -Security:single module:__Z21CL_copySubjPubKeyInfoRK33cssm_x509_subject_public_key_infobRS_bRN8Security13CssmAllocatorE -Security:single module:__Z22CL_cssmDistPointsToNssRK22CE_CRLDistPointsSyntaxR25NSS_CRLDistributionPointsR11SecNssCoder -Security:single module:__Z22CL_nssDistPointsToCssmRK25NSS_CRLDistributionPointsR22CE_CRLDistPointsSyntaxR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__Z23CL_certEncodeComponentsRKN8Security8CssmDataES2_S2_RNS_13CssmOwnedDataE -Security:single module:__Z26CL_cssmAuthorityKeyIdToNssRK17CE_AuthorityKeyIDR18NSS_AuthorityKeyIdR11SecNssCoder -Security:single module:__Z28CL_nssIssuingDistPointToCssmP28NSS_IssuingDistributionPointP27CE_IssuingDistributionPointR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__Z29CL_CSSMKeyToSubjPubKeyInfoNSSRK8cssm_keyR33cssm_x509_subject_public_key_infoR11SecNssCoder -Security:single module:__Z30CL_decodeDistributionPointNameRK9cssm_dataR24CE_DistributionPointNameR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__Z30CL_encodeDistributionPointNameR24CE_DistributionPointNameR9cssm_dataR11SecNssCoder -Security:single module:__ZN14ArenaAllocator4freeEPv -Security:single module:__ZN14ArenaAllocator6mallocEm -Security:single module:__ZN14ArenaAllocator7reallocEPvm -Security:single module:__Z15CL_cssmAtvToNssRK25cssm_x509_type_value_pairR7NSS_ATVR11SecNssCoder -Security:single module:__Z15CL_cssmRdnToNssRK13cssm_x509_rdnR7NSS_RDNR11SecNssCoder -Security:single module:__Z15clCopyOtherNameRK12CE_OtherNameRS_RN8Security13CssmAllocatorE -Security:single module:__Z16CL_cssmNameToNssRK14cssm_x509_nameR8NSS_NameR11SecNssCoder -Security:single module:__Z16CL_freeOtherNameP12CE_OtherNameRN8Security13CssmAllocatorE -Security:single module:__Z21CL_freeCssmDistPointsP22CE_CRLDistPointsSyntaxRN8Security13CssmAllocatorE -Security:single module:__Z23CL_cssmGeneralNameToNssR14CE_GeneralNameR14NSS_TaggedItemR11SecNssCoder -Security:single module:__Z23CL_nssGeneralNameToCssmR14NSS_TaggedItemR14CE_GeneralNameR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__Z24CL_cssmGeneralNamesToNssRK15CE_GeneralNamesR16NSS_GeneralNamesR11SecNssCoder -Security:single module:__Z24CL_freeCssmDistPointNameP24CE_DistributionPointNameRN8Security13CssmAllocatorE -Security:single module:__Z24CL_nssGeneralNamesToCssmRK16NSS_GeneralNamesR15CE_GeneralNamesR11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__Z27CL_freeCssmIssuingDistPointP27CE_IssuingDistributionPointRN8Security13CssmAllocatorE -Security:single module:__ZN12DecodedExtenC2ERK9cssm_databPvbPK23sec_ASN1Template_structR11SecNssCoderPS1_ -Security:single module:__ZN12DecodedExtenD2Ev -Security:single module:__ZN17DecodedExtensions11encodeToNssERPP17NSS_CertExtension -Security:single module:__ZN17DecodedExtensionsC2ER11SecNssCoderRN8Security13CssmAllocatorE -Security:single module:__ZN17DecodedExtensionsD2Ev -Security:single module:__ZNK12DecodedExten5parseEP19cssm_x509_extensionRN8Security13CssmAllocatorE -Security:single module:__ZNK17DecodedExtensions13convertToCdsaER20cssm_x509_extensionsRN8Security13CssmAllocatorE -Security:single module:__ZN11DecodedItemC1ER18AppleX509CLSession -Security:single module:__ZN11DecodedItemD0Ev -Security:single module:__ZN11DecodedItemD1Ev -Security:single module:_PL_ArenaFinish -Security:single module:_PL_ArenaGrow -Security:single module:_PL_ArenaRelease -Security:single module:_PL_CompactArenaPool -Security:single module:_PL_FreeArenaPool -Security:single module:_sec_port_ucs4_utf8_conversion_function -Security:single module:_sec_port_ucs2_utf8_conversion_function -Security:single module:___cmpdi2 -Security:single module:__ZN18AppleX509CLSession17CertVerifyWithKeyEyRKN8Security8CssmDataE -Security:single module:__ZN18AppleX509CLSession8CertSignEyRKN8Security8CssmDataEPK10cssm_fieldmRS1_ -Security:single module:__ZN18AppleX509CLSession8signDataEyRKN8Security8CssmDataERNS0_13CssmOwnedDataE -Security:single module:__ZThn40_N18AppleX509CLSession17CertVerifyWithKeyEyRKN8Security8CssmDataE -Security:single module:__ZThn40_N18AppleX509CLSession8CertSignEyRKN8Security8CssmDataEPK10cssm_fieldmRS1_ -Security:single module:__ZN18AppleX509CLSession17CrlDescribeFormatERmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession17CrlDescribeFormatERmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession15CrlGetAllFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZThn40_N18AppleX509CLSession15CrlGetAllFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession21CrlGetFirstFieldValueERKN8Security8CssmDataES3_RmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession21CrlGetFirstFieldValueERKN8Security8CssmDataES3_RmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession20CrlGetNextFieldValueEmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession20CrlGetNextFieldValueEmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession11IsCertInCrlERKN8Security8CssmDataES3_Rl -Security:single module:__ZThn40_N18AppleX509CLSession11IsCertInCrlERKN8Security8CssmDataES3_Rl -Security:single module:__ZN18AppleX509CLSession8CrlCacheERKN8Security8CssmDataERm -Security:single module:__ZThn40_N18AppleX509CLSession8CrlCacheERKN8Security8CssmDataERm -Security:single module:__ZN18AppleX509CLSession27CrlGetFirstCachedFieldValueEmPKN8Security8CssmDataERS2_RmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession27CrlGetFirstCachedFieldValueEmPKN8Security8CssmDataERS2_RmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession26CrlGetNextCachedFieldValueEmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession26CrlGetNextCachedFieldValueEmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession17IsCertInCachedCrlERKN8Security8CssmDataEmRlRS1_ -Security:single module:__ZThn40_N18AppleX509CLSession17IsCertInCachedCrlERKN8Security8CssmDataEmRlRS1_ -Security:single module:__ZN18AppleX509CLSession13CrlAbortCacheEm -Security:single module:__ZThn40_N18AppleX509CLSession13CrlAbortCacheEm -Security:single module:__ZN18AppleX509CLSession13CrlAbortQueryEm -Security:single module:__ZThn40_N18AppleX509CLSession13CrlAbortQueryEm -Security:single module:__ZN18AppleX509CLSession17CrlCreateTemplateEmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZThn40_N18AppleX509CLSession17CrlCreateTemplateEmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZN18AppleX509CLSession12CrlSetFieldsEmPK10cssm_fieldRKN8Security8CssmDataERS4_ -Security:single module:__ZThn40_N18AppleX509CLSession12CrlSetFieldsEmPK10cssm_fieldRKN8Security8CssmDataERS4_ -Security:single module:__ZN18AppleX509CLSession10CrlAddCertEyRKN8Security8CssmDataEmPK10cssm_fieldS3_RS1_ -Security:single module:__ZThn40_N18AppleX509CLSession10CrlAddCertEyRKN8Security8CssmDataEmPK10cssm_fieldS3_RS1_ -Security:single module:__ZN18AppleX509CLSession13CrlRemoveCertERKN8Security8CssmDataES3_RS1_ -Security:single module:__ZThn40_N18AppleX509CLSession13CrlRemoveCertERKN8Security8CssmDataES3_RS1_ -Security:single module:__ZN18AppleX509CLSession27CrlGetAllCachedRecordFieldsEmRKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZThn40_N18AppleX509CLSession27CrlGetAllCachedRecordFieldsEmRKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession16CrlVerifyWithKeyEyRKN8Security8CssmDataE -Security:single module:__ZThn40_N18AppleX509CLSession16CrlVerifyWithKeyEyRKN8Security8CssmDataE -Security:single module:__ZN18AppleX509CLSession9CrlVerifyEyRKN8Security8CssmDataEPS2_PK10cssm_fieldm -Security:single module:__ZThn40_N18AppleX509CLSession9CrlVerifyEyRKN8Security8CssmDataEPS2_PK10cssm_fieldm -Security:single module:__ZN18AppleX509CLSession7CrlSignEyRKN8Security8CssmDataEPK10cssm_fieldmRS1_ -Security:single module:__ZThn40_N18AppleX509CLSession7CrlSignEyRKN8Security8CssmDataEPK10cssm_fieldmRS1_ -Security:single module:__ZN18AppleX509CLSession10FreeFieldsEmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession11PassThroughEymPKvPPv -Security:single module:__ZN18AppleX509CLSession16CertGetAllFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession18CertCreateTemplateEmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZN18AppleX509CLSession18CertDescribeFormatERmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession22CertGetFirstFieldValueERKN8Security8CssmDataES3_RmRP9cssm_data -Security:single module:__ZN18AppleX509CLSession23CertGroupToSignedBundleEyRK14cssm_certgroupPK23cssm_cert_bundle_headerRN8Security8CssmDataE -Security:single module:__ZN18AppleX509CLSession24CertGetAllTemplateFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession27CertGroupFromVerifiedBundleEyRK16cssm_cert_bundlePKN8Security8CssmDataERP14cssm_certgroup -Security:single module:__ZThn40_N18AppleX509CLSession10FreeFieldsEmRP10cssm_field -Security:single module:__ZThn40_N18AppleX509CLSession11PassThroughEymPKvPPv -Security:single module:__ZThn40_N18AppleX509CLSession16CertGetAllFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZThn40_N18AppleX509CLSession18CertCreateTemplateEmPK10cssm_fieldRN8Security8CssmDataE -Security:single module:__ZThn40_N18AppleX509CLSession18CertDescribeFormatERmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession21CertGetNextFieldValueEmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession22CertGetFirstFieldValueERKN8Security8CssmDataES3_RmRP9cssm_data -Security:single module:__ZThn40_N18AppleX509CLSession23CertGroupToSignedBundleEyRK14cssm_certgroupPK23cssm_cert_bundle_headerRN8Security8CssmDataE -Security:single module:__ZThn40_N18AppleX509CLSession24CertGetAllTemplateFieldsERKN8Security8CssmDataERmRP10cssm_field -Security:single module:__ZThn40_N18AppleX509CLSession27CertGroupFromVerifiedBundleEyRK16cssm_cert_bundlePKN8Security8CssmDataERP14cssm_certgroup -Security:single module:__ZN11CLCachedCRLD0Ev -Security:single module:__ZN11CLCachedCRLD1Ev -Security:single module:__ZN11CLCachedCRLD2Ev -Security:single module:__ZN11CLCachedCRLD4Ev -Security:single module:__ZN12CLCachedCertD1Ev -Security:single module:__ZN12CLCachedCertD2Ev -Security:single module:__ZN13CLCachedEntryC1Ev -Security:single module:__ZN7CLQueryC2E11CLQueryTypeRKN8Security8CssmDataEjbm -Security:single module:__ZN7CLQueryD2Ev -Security:single module:__ZN14SSDatabaseImpl11getSettingsERmRb -Security:single module:__ZN14SSDatabaseImpl11setSettingsEmb -Security:single module:__ZN14SSDatabaseImpl12authenticateEmPK23cssm_access_credentials -Security:single module:__ZN14SSDatabaseImpl16changePassphraseEPK23cssm_access_credentials -Security:single module:__ZN14SSDatabaseImpl4lockEv -Security:single module:__ZN14SSDatabaseImpl6createERKN8Security14DLDbIdentifierE -Security:single module:__ZN14SSDatabaseImpl6insertEmPK29cssm_db_record_attribute_dataPK9cssm_datab -Security:single module:__ZN14SSDatabaseImpl6unlockERK9cssm_data -Security:single module:__ZN14SSDatabaseImpl6unlockEv -Security:single module:__ZN14SSDatabaseImpl8isLockedEv -Security:single module:__ZN14SSDatabaseImplC2ERN8Security14SecurityServer13ClientSessionERKNS0_10CssmClient2DLEPKcPK16cssm_net_address -Security:single module:__ZN14SSDatabaseImplD1Ev -Security:single module:__ZN14SSDatabaseImplD2Ev -Security:single module:__ZN18SSUniqueRecordImplC2ERK10SSDatabase -Security:single module:__ZN18SSUniqueRecordImplD1Ev -Security:single module:__ZN18SSUniqueRecordImplD2Ev -Security:single module:__ZN5SSKey11changeOwnerERKN8Security17AccessCredentialsERKNS0_17AclOwnerPrototypeE -Security:single module:__ZN5SSKey6getAclEPKcRmRPN8Security12AclEntryInfoERNS3_13CssmAllocatorE -Security:single module:__ZN5SSKey8getOwnerER24cssm_acl_owner_prototypeRN8Security13CssmAllocatorE -Security:single module:__ZN5SSKey9changeAclERKN8Security17AccessCredentialsERKNS0_7AclEditE -Security:single module:__ZN5SSKeyC1ER12SSCSPSessionmRN8Security7CssmKeyER10SSDatabasemPKNS2_8CssmDataE -Security:single module:__ZN5SSKeyC2ER11SSDLSessionRN8Security7CssmKeyER10SSDatabaseRK14SSUniqueRecordmRNS2_8CssmDataE -Security:single module:__ZN5SSKeyC2ER12SSCSPSessionmRN8Security7CssmKeyER10SSDatabasemPKNS2_8CssmDataE -Security:single module:__ZN5SSKeyC4ER12SSCSPSessionmRN8Security7CssmKeyER10SSDatabasemPKNS2_8CssmDataE -Security:single module:__ZN5SSKeyD1Ev -Security:single module:__ZN5SSKeyD2Ev -Security:single module:_comcryptAlloc -Security:single module:_comcryptBlock -Security:single module:_comcryptData -Security:single module:_comcryptInit -Security:single module:_comcryptMaxInBufSize -Security:single module:_comcryptMaxOutBufSize -Security:single module:_comcryptObjFree -Security:single module:_deComcryptBlock -Security:single module:_deComcryptData -Security:single module:__ZN15AppleCSPSession10WrapKeyCmsEyRKN8Security7ContextERKNS0_17AccessCredentialsERKNS0_7CssmKeyERNS0_8CssmDataEbPKSA_RS7_y -Security:single module:__ZN15AppleCSPSession19pkcs8InferKeyHeaderERN8Security7CssmKeyE -Security:single module:_pkcs8RawKeyFormat -Security:single module:_DeriveKey_PKCS12 -Security:single module:__Z9p12PbeGenRK9cssm_dataPKhjj10P12_PBE_IDmR11SecNssCoderPhj -Security:single module:__Z9p12StrCatPKhjR11SecNssCoderjPh -Security:single module:__Z12DeriveKey_DHRKN8Security7ContextERKNS_8CssmDataEP9cssm_dataR15AppleCSPSession -Security:single module:__ZN8CryptKit13throwCryptKitE9feeReturnPKc -Security:single module:__ZN8CryptKit15contextToFeeKeyERKN8Security7ContextER15AppleCSPSessionmmmRb -Security:single module:__ZN8CryptKit12cssmKeyToFeeERKN8Security7CssmKeyER15AppleCSPSessionRb -Security:single module:__ZN8CryptKit15rawCssmKeyToFeeERKN8Security7CssmKeyE -Security:single module:__ZN8CryptKit15feeRandCallbackEPvPhj -Security:single module:__ZN16SignatureContext10outputSizeEbm -Security:single module:__ZN16SignatureContext18setDigestAlgorithmEm -Security:single module:__ZN16SignatureContext5finalERN8Security8CssmDataE -Security:single module:__ZN16SignatureContextD1Ev -Security:single module:__ZN16SignatureContextD2Ev -Security:single module:__ZN8CryptKit11FEEDContextD2Ev -Security:single module:__ZN8CryptKit11FEEDContextD1Ev -Security:single module:__ZN8CryptKit11FEEDContextD0Ev -Security:single module:__ZN8CryptKit11FEEDContextD4Ev -Security:single module:__ZN8CryptKit11FEEDContext4initERKN8Security7ContextEb -Security:single module:__ZN8CryptKit11FEEDContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN8CryptKit11FEEDContext12decryptBlockEPKvPvRmb -Security:single module:__ZN8CryptKit11FEEDContext9inputSizeEm -Security:single module:__ZN8CryptKit11FEEDContext10outputSizeEbm -Security:single module:__ZN8CryptKit11FEEDContext15minimumProgressERmS1_ -Security:single module:__ZN8CryptKit14FEEDExpContextD2Ev -Security:single module:__ZN8CryptKit14FEEDExpContextD1Ev -Security:single module:__ZN8CryptKit14FEEDExpContextD0Ev -Security:single module:__ZN8CryptKit14FEEDExpContextD4Ev -Security:single module:__ZN8CryptKit14FEEDExpContext4initERKN8Security7ContextEb -Security:single module:__ZN8CryptKit14FEEDExpContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN8CryptKit14FEEDExpContext12decryptBlockEPKvPvRmb -Security:single module:__ZN8CryptKit9FEESignerD2Ev -Security:single module:__ZN8CryptKit9FEESignerD1Ev -Security:single module:__ZN8CryptKit9FEESignerD0Ev -Security:single module:__ZN8CryptKit9FEESignerD4Ev -Security:single module:__ZN8CryptKit9FEESigner14keyFromContextERKN8Security7ContextE -Security:single module:__ZN8CryptKit9FEESigner10signerInitERKN8Security7ContextEb -Security:single module:__ZN8CryptKit12FEERawSigner4signEPKvmPvPm -Security:single module:__ZN8CryptKit12FEERawSigner6verifyEPKvmS2_m -Security:single module:__ZN8CryptKit12FEERawSigner10maxSigSizeEv -Security:single module:__ZN8CryptKit14FEEECDSASigner4signEPKvmPvPm -Security:single module:__ZN8CryptKit14FEEECDSASigner6verifyEPKvmS2_m -Security:single module:__ZN8CryptKit14FEEECDSASigner10maxSigSizeEv -Security:single module:_ffree -Security:single module:_fmallocWithData -Security:single module:_frealloc -Security:single module:_deserializeGiant -Security:single module:_feeReturnString -Security:single module:_giant_with_data -Security:single module:_mem_from_giant -Security:single module:_printCurveParams -Security:single module:_printGiant -Security:single module:_printGiantExp -Security:single module:_printGiantHex -Security:single module:_printKey -Security:single module:_serializeGiant -Security:single module:_terminateCryptKit -Security:single module:_CRYPTO_free_locked -Security:single module:_CRYPTO_get_locked_mem_functions -Security:single module:_CRYPTO_get_mem_debug_functions -Security:single module:_CRYPTO_get_mem_debug_options -Security:single module:_CRYPTO_get_mem_functions -Security:single module:_CRYPTO_malloc_locked -Security:single module:_CRYPTO_realloc -Security:single module:_CRYPTO_remalloc -Security:single module:_CRYPTO_set_mem_debug_functions -Security:single module:_CRYPTO_set_mem_debug_options -Security:single module:__ZN16RSA_CryptContext12decryptBlockEPKvPvRmb -Security:single module:__ZN16RSA_CryptContextD1Ev -Security:single module:__ZN16RSA_CryptContextD2Ev -Security:single module:__ZN9DSASigner10maxSigSizeEv -Security:single module:__ZN9DSASigner10signerInitERKN8Security7ContextEb -Security:single module:__ZN9DSASigner14keyFromContextERKN8Security7ContextE -Security:single module:__ZN9DSASigner4signEPKvmPvPm -Security:single module:__ZN9DSASigner6verifyEPKvmS1_m -Security:single module:__ZN9DSASignerD0Ev -Security:single module:__ZN9DSASignerD1Ev -Security:single module:__ZN9DSASignerD2Ev -Security:single module:__ZN9DSASignerD4Ev -Security:single module:__ZN9RSASigner10maxSigSizeEv -Security:single module:__ZN9RSASigner4signEPKvmPvPm -Security:single module:__ZN9RSASignerD1Ev -Security:single module:__ZN9RSASignerD2Ev -Security:single module:__ZN9MD2Object10digestInitEv -Security:single module:__ZN9MD2Object12digestUpdateEPKvm -Security:single module:__ZN9MD2Object11digestFinalEPv -Security:single module:__ZNK9MD2Object11digestCloneEv -Security:single module:__ZNK9MD2Object17digestSizeInBytesEv -Security:single module:_BN_clear -Security:single module:_BN_clear_bit -Security:single module:_BN_cmp -Security:single module:_BN_dup -Security:single module:_BN_get_word -Security:single module:_BN_mask_bits -Security:single module:_BN_options -Security:single module:_DHParamBlockDecode -Security:single module:_DHPrivateKeyDecode -Security:single module:_DHPrivateKeyEncode -Security:single module:_DHPublicKeyDecode -Security:single module:_DHPublicKeyEncode -Security:single module:_DSADecodeAlgParams -Security:single module:_DSAEncodeAlgParams -Security:single module:_DSAPrivateKeyDecode -Security:single module:_DSAPrivateKeyEncode -Security:single module:_DSAPublicKeyDecode -Security:single module:_DSAPublicKeyEncode -Security:single module:_DSASigDecode -Security:single module:_DSASigEncode -Security:single module:_RSAPrivateKeyDecode -Security:single module:_RSAPrivateKeyEncode -Security:single module:_RSAPublicKeyEncode -Security:single module:__Z16dhToNssAlgIdX942PK5dh_stR29NSS_DHAlgorithmIdentifierX942R11SecNssCoder -Security:single module:__Z21DHPublicKeyDecodeX509P5dh_stR11SecNssCoderPhj -Security:single module:__Z21DHPublicKeyEncodeX509P5dh_stR11SecNssCoderRN8Security13CssmOwnedDataE -Security:single module:__Z22DSAPublicKeyDecodeX509R11SecNssCoderP6dsa_stPvm -Security:single module:__Z22DSAPublicKeyEncodeX509R11SecNssCoderP6dsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z22RSAPublicKeyEncodeX509R11SecNssCoderP6rsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z23DHPrivateKeyDecodePKCS3R11SecNssCoderP5dh_stPhj -Security:single module:__Z23DHPrivateKeyDecodePKCS8R11SecNssCoderP5dh_stPhj -Security:single module:__Z23DHPrivateKeyEncodePKCS3R11SecNssCoderP5dh_stRN8Security13CssmOwnedDataE -Security:single module:__Z23DHPrivateKeyEncodePKCS8R11SecNssCoderP5dh_stRN8Security13CssmOwnedDataE -Security:single module:__Z24DSAPrivateKeyDecodePKCS8R11SecNssCoderP6dsa_stPvj -Security:single module:__Z24DSAPrivateKeyEncodePKCS8R11SecNssCoderP6dsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z24RSAPrivateKeyDecodePKCS1R11SecNssCoderP6rsa_stPvm -Security:single module:__Z24RSAPrivateKeyEncodePKCS1R11SecNssCoderP6rsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z24RSAPrivateKeyEncodePKCS8R11SecNssCoderP6rsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z25DSAPublicKeyDecodeFIPS186R11SecNssCoderP6dsa_stPvj -Security:single module:__Z25DSAPublicKeyEncodeFIPS186R11SecNssCoderP6dsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z26DSAPrivateKeyDecodeFIPS186R11SecNssCoderP6dsa_stPvj -Security:single module:__Z26DSAPrivateKeyDecodeOpensslR11SecNssCoderP6dsa_stPvm -Security:single module:__Z26DSAPrivateKeyEncodeFIPS186R11SecNssCoderP6dsa_stRN8Security13CssmOwnedDataE -Security:single module:__Z26DSAPrivateKeyEncodeOpensslR11SecNssCoderP6dsa_stRN8Security13CssmOwnedDataE -Security:single module:_bnToCssmData -Security:single module:_cssmDataToBn -Security:single module:_cssmDataToInt -Security:single module:_intToCssmData -Security:single module:_DH_new_method -Security:single module:_DH_set_default_method -Security:single module:_DH_get_default_method -Security:single module:_DH_set_method -Security:single module:_DH_new -Security:single module:_DH_free -Security:single module:_DH_get_ex_new_index -Security:single module:_DH_set_ex_data -Security:single module:_DH_get_ex_data -Security:single module:_DH_size -Security:single module:_generate_key -Security:single module:_compute_key -Security:single module:_DH_generate_key -Security:single module:_DH_compute_key -Security:single module:_DH_OpenSSL -Security:single module:_dh_bn_mod_exp -Security:single module:_dh_init -Security:single module:_dh_finish -Security:single module:_DH_generate_parameters -Security:single module:_contextToDhKey -Security:single module:_cssmKeyToDh -Security:single module:_rawCssmKeyToDh -Security:single module:_CRYPTO_mem_ctrl -Security:single module:_RAND_add -Security:single module:_RAND_pseudo_bytes -Security:single module:_SHA1 -Security:single module:__ZN16openSslExceptionC1EiPKc -Security:single module:__ZN16openSslExceptionC2EiPKc -Security:single module:__ZN16openSslExceptionC4EiPKc -Security:single module:_logSslErrInfo -Security:single module:_throwOpensslErr -Security:single module:_throwRsaDsa -Security:single module:_DSA_new_method -Security:single module:_DSA_set_default_method -Security:single module:_DSA_get_default_method -Security:single module:_DSA_new -Security:single module:_DSA_set_method -Security:single module:_DSA_free -Security:single module:_DSA_get_ex_new_index -Security:single module:_DSA_set_ex_data -Security:single module:_DSA_get_ex_data -Security:single module:_DSA_dup_DH -Security:single module:_DSA_generate_key -Security:single module:_DSA_generate_parameters -Security:single module:_RSA_blinding_on -Security:single module:_RSA_flags -Security:single module:_RSA_get_default_method -Security:single module:_RSA_get_ex_data -Security:single module:_RSA_get_ex_new_index -Security:single module:_RSA_get_method -Security:single module:_RSA_memory_lock -Security:single module:_RSA_private_decrypt -Security:single module:_RSA_private_encrypt -Security:single module:_RSA_set_default_method -Security:single module:_RSA_set_ex_data -Security:single module:_RSA_set_method -Security:single module:_RSA_generate_key -Security:single module:_contextToDsaKey -Security:single module:_cssmKeyToDsa -Security:single module:_dsaGetParamsFromKey -Security:single module:_dsaKeyPrivToPub -Security:single module:_rawCssmKeyToDsa -Security:single module:_feePubKeyAlloc -Security:single module:_feePubKeyFree -Security:single module:_feePubKeyInitFromPrivDataKeyBits -Security:single module:_feePubKeyInitFromPrivDataDepth -Security:single module:_feePubKeyInitFromKey -Security:single module:_feePubKeyInitFromKeyString -Security:single module:_feePubKeyCreateKeyString -Security:single module:_feePubKeyCreatePubBlob -Security:single module:_feePubKeyCreatePrivBlob -Security:single module:_feePubKeyInitPubKeyFromPriv -Security:single module:_feePubKeyIsEqual -Security:single module:_feePubKeyIsPrivate -Security:single module:_feePubKeyCreatePad -Security:single module:_feePubKeyCreateSignature -Security:single module:_feePubKeyVerifySignature -Security:single module:_feePubKeyCreateECDSASignature -Security:single module:_feePubKeyVerifyECDSASignature -Security:single module:_feePubKeyBitsize -Security:single module:_feePubKeyPlusCurve -Security:single module:_feePubKeyMinusCurve -Security:single module:_feePubKeyCurveParams -Security:single module:_feePubKeyPrivData -Security:single module:_feePubKeyAlgorithmName -Security:single module:_pubKeyInstAlloc -Security:single module:_pubKeyInstFree -Security:single module:_feeGenPrivate -Security:single module:_printPubKey -Security:single module:_createKeyBlob -Security:single module:_feePubKeyInitFromKeyBlob -Security:single module:_feePubKeyInitFromPubBlob -Security:single module:_feePubKeyInitFromPrivBlob -Security:single module:_feePubKeyCreateDERPubBlob -Security:single module:_feePubKeyCreateDERPrivBlob -Security:single module:_feePubKeyInitFromDERPubBlob -Security:single module:_feePubKeyInitFromDERPrivBlob -Security:single module:__ZN11GAESContextC2ER15AppleCSPSession -Security:single module:__ZN11GAESContextD1Ev -Security:single module:__ZN11GAESContextD2Ev -Security:single module:__ZN16AESKeyGenContext8generateERKN8Security7ContextERNS0_7CssmKeyES5_ -Security:single module:__ZN10AESContextD2Ev -Security:single module:__ZN10AESContextD1Ev -Security:single module:__ZN10AESContextD0Ev -Security:single module:__ZN10AESContextD4Ev -Security:single module:__ZN10AESContext8aesErrorEiPKc -Security:single module:__ZN10AESContext9deleteKeyEv -Security:single module:__ZN10AESContext4initERKN8Security7ContextEb -Security:single module:__ZN10AESContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN10AESContext12decryptBlockEPKvPvRmb -Security:single module:__ZN10DESContext12decryptBlockEPKvPvRmb -Security:single module:__ZN10DESContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN10DESContext4initERKN8Security7ContextEb -Security:single module:__ZN10DESContextD0Ev -Security:single module:__ZN10DESContextD1Ev -Security:single module:__ZN10DESContextD2Ev -Security:single module:__ZN10DESContextD4Ev -Security:single module:__ZN11DES3Context12encryptBlockEPKvmPvRmb -Security:single module:__ZN11DES3ContextD1Ev -Security:single module:__ZN11DES3ContextD2Ev -Security:single module:__ZN10MacContextD1Ev -Security:single module:__ZN10MacContextD2Ev -Security:single module:__ZN16MacLegacyContext10outputSizeEbm -Security:single module:__ZN16MacLegacyContext5finalERN8Security8CssmDataE -Security:single module:__ZN16MacLegacyContextD1Ev -Security:single module:__ZN16MacLegacyContextD2Ev -Security:single module:__ZN10RC2ContextD2Ev -Security:single module:__ZN10RC2ContextD1Ev -Security:single module:__ZN10RC2ContextD0Ev -Security:single module:__ZN10RC2ContextD4Ev -Security:single module:__ZN10RC2Context4initERKN8Security7ContextEb -Security:single module:__ZN10RC2Context12encryptBlockEPKvmPvRmb -Security:single module:__ZN10RC2Context12decryptBlockEPKvPvRmb -Security:single module:__ZN10RC4Context15minimumProgressERmS0_ -Security:single module:__ZN10RC4Context5finalERN8Security8CssmDataE -Security:single module:__ZN10RC4ContextD1Ev -Security:single module:__ZN10RC4ContextD2Ev -Security:single module:__ZN10RC5ContextD2Ev -Security:single module:__ZN10RC5ContextD1Ev -Security:single module:__ZN10RC5ContextD0Ev -Security:single module:__ZN10RC5ContextD4Ev -Security:single module:__ZN10RC5Context4initERKN8Security7ContextEb -Security:single module:__ZN10RC5Context12encryptBlockEPKvmPvRmb -Security:single module:__ZN10RC5Context12decryptBlockEPKvPvRmb -Security:single module:__ZN11CastContextD2Ev -Security:single module:__ZN11CastContextD1Ev -Security:single module:__ZN11CastContextD0Ev -Security:single module:__ZN11CastContextD4Ev -Security:single module:__ZN11CastContext9deleteKeyEv -Security:single module:__ZN11CastContext4initERKN8Security7ContextEb -Security:single module:__ZN11CastContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN11CastContext12decryptBlockEPKvPvRmb -Security:single module:__ZN15BlowfishContextD2Ev -Security:single module:__ZN15BlowfishContextD1Ev -Security:single module:__ZN15BlowfishContextD0Ev -Security:single module:__ZN15BlowfishContextD4Ev -Security:single module:__ZN15BlowfishContext9deleteKeyEv -Security:single module:__ZN15BlowfishContext4initERKN8Security7ContextEb -Security:single module:__ZN15BlowfishContext12encryptBlockEPKvmPvRmb -Security:single module:__ZN15BlowfishContext12decryptBlockEPKvPvRmb -Security:single module:__ZN10TPCertInfo11subjectNameEv -Security:single module:__ZN10TPCertInfo13addStatusCodeEl -Security:single module:__ZN10TPCertInfoC2EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN10TPCertInfoD2Ev -Security:single module:__ZN11TPCertGroup17removeCertAtIndexEj -Security:single module:__ZN11TPCertGroup21verifyWithPartialKeysERK12TPClItemInfo -Security:single module:__ZN11TPCertGroup9firstCertEv -Security:single module:__ZN11TPCertGroupC2ERK14cssm_certgroupmmRN8Security13CssmAllocatorEPKcb12TPGroupOwner -Security:single module:__ZN11TPCertGroupC2ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN11TPCertGroupD2Ev -Security:single module:__ZN12TPClItemInfoC1EmmRK13TPClItemCallsPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN12TPClItemInfoD1Ev -Security:single module:__ZN14AppleTPSession18CertGroupConstructEmmRK15cssm_dl_db_listPKvRK14cssm_certgroupRPS5_ -Security:single module:__ZThn40_N14AppleTPSession18CertGroupConstructEmmRK15cssm_dl_db_listPKvRK14cssm_certgroupRPS5_ -Security:single module:__ZN14AppleTPSession13buildX509NameEPK22CSSM_APPLE_TP_NAME_OIDj -Security:single module:__ZN14AppleTPSession12freeX509NameEP14cssm_x509_name -Security:single module:__ZN14AppleTPSession13buildX509TimeEj -Security:single module:__ZN14AppleTPSession12freeX509TimeEP14cssm_x509_time -Security:single module:__Z8intToDERmR9cssm_dataRN8Security13CssmAllocatorE -Security:single module:__Z8DERToIntRK9cssm_data -Security:single module:__ZN14AppleTPSession11refKeyToRawEmPK8cssm_keyPS0_ -Security:single module:__ZN14AppleTPSession16makeCertTemplateEmmmPK14cssm_x509_nameS2_PK14cssm_x509_timeS5_PK8cssm_keyRK9cssm_dataPSA_SC_P19cssm_x509_extensionjRPS9_ -Security:single module:__ZN14AppleTPSession12addCertToMapEPK9cssm_dataPS0_ -Security:single module:__ZN14AppleTPSession14getCertFromMapEPK9cssm_data -Security:single module:__ZN14AppleTPSession16SubmitCsrRequestERK19cssm_tp_request_setRlRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession17SubmitCredRequestEPK20cssm_tp_authority_idmRK19cssm_tp_request_setPK26cssm_tp_callerauth_contextRlRN8Security8CssmDataE -Security:single module:__ZThn40_N14AppleTPSession17SubmitCredRequestEPK20cssm_tp_authority_idmRK19cssm_tp_request_setPK26cssm_tp_callerauth_contextRlRN8Security8CssmDataE -Security:single module:__ZN14AppleTPSession18RetrieveCredResultERKN8Security8CssmDataEPK26cssm_tp_callerauth_contextRlS7_RP18cssm_tp_result_set -Security:single module:__ZThn40_N14AppleTPSession18RetrieveCredResultERKN8Security8CssmDataEPK26cssm_tp_callerauth_contextRlS7_RP18cssm_tp_result_set -Security:single module:__Z26tpGetFirstCachedFieldValuemmPK9cssm_dataPmS2_PPS_ -Security:single module:__ZN10TPCrlGroup10crlAtIndexEj -Security:single module:__ZN10TPCrlGroup14findCrlForCertER10TPCertInfo -Security:single module:__ZN10TPCrlGroup16removeCrlAtIndexEj -Security:single module:__ZN10TPCrlGroup7lastCrlEv -Security:single module:__ZN10TPCrlGroup8firstCrlEv -Security:single module:__ZN10TPCrlGroup9appendCrlER9TPCrlInfo -Security:single module:__ZN10TPCrlGroup9removeCrlER9TPCrlInfo -Security:single module:__ZN10TPCrlGroupC1EPK13cssm_crlgroupmmRN8Security13CssmAllocatorEPKc12TPGroupOwner -Security:single module:__ZN10TPCrlGroupC1ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN10TPCrlGroupC2EPK13cssm_crlgroupmmRN8Security13CssmAllocatorEPKc12TPGroupOwner -Security:single module:__ZN10TPCrlGroupC2ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN10TPCrlGroupC4ERN8Security13CssmAllocatorE12TPGroupOwner -Security:single module:__ZN10TPCrlGroupD2Ev -Security:single module:__ZN9TPCrlInfo13hasSameIssuerERK10TPCertInfo -Security:single module:__ZN9TPCrlInfo13isCertRevokedER10TPCertInfo -Security:single module:__ZN9TPCrlInfo15parseExtensionsER18TPCrlVerifyContextbmRK20cssm_x509_extensionsP10TPCertInfoRb -Security:single module:__ZN9TPCrlInfo16releaseResourcesEv -Security:single module:__ZN9TPCrlInfo17verifyWithContextER18TPCrlVerifyContextP10TPCertInfob -Security:single module:__ZN9TPCrlInfo3uriERK9cssm_data -Security:single module:__ZN9TPCrlInfoC1EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN9TPCrlInfoC2EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN9TPCrlInfoC4EmmPK9cssm_data10TPItemCopyPKc -Security:single module:__ZN9TPCrlInfoD1Ev -Security:single module:__ZN9TPCrlInfoD2Ev -Security:single module:__ZN9TPCrlInfoD4Ev -Security:single module:__ZN11DecodedCert16encodeExtensionsEv -Security:single module:__ZN11DecodedCert9decodeTbsERKN8Security8CssmDataE -Security:single module:__ZN11DecodedCert9encodeTbsERN8Security13CssmOwnedDataE -Security:single module:__ZN11DecodedCertC1ER18AppleX509CLSession -Security:single module:__ZN11DecodedCertC2ER18AppleX509CLSession -Security:single module:__ZN11DecodedCertC2ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN11DecodedCertC4ER18AppleX509CLSession -Security:single module:__ZN11DecodedCertD2Ev -Security:single module:__Z10CL_reallocPvmS_ -Security:single module:__Z7CL_freePvS_ -Security:single module:__Z9CL_callocmmPv -Security:single module:__Z9CL_mallocmPv -Security:single module:__ZN11CSPAttacherD1Ev -Security:single module:__ZN11CSPAttacherD2Ev -Security:single module:__ZN11CSPAttacherD4Ev -Security:single module:__Z16getField_VersionR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z16setField_VersionR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z15getField_IssuerR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z15setField_IssuerR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z19getField_ThisUpdateR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z19setField_ThisUpdateR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z19getField_NextUpdateR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z19setField_NextUpdateR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z18getFieldIssuerNormR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z20getField_CrlTbsAlgIdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z21nssRevokedEntryToCssmR15NSS_RevokedCertR28cssm_x509_revoked_cert_entryRN8Security13CssmAllocatorE -Security:single module:__Z13freeCssmEntryP28cssm_x509_revoked_cert_entryRN8Security13CssmAllocatorE -Security:single module:__Z20nssRevokedListToCssmPP15NSS_RevokedCertP27cssm_x509_revoked_cert_listRN8Security13CssmAllocatorE -Security:single module:__Z19freeCssmRevokedListP27cssm_x509_revoked_cert_listRN8Security13CssmAllocatorE -Security:single module:__Z18getField_SignedCrlR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z18setField_SignedCrlR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z19freeField_SignedCrlRN8Security13CssmOwnedDataE -Security:single module:__Z11oidToFieldsRKN8Security8CssmDataE -Security:single module:__Z19CL_freeCrlFieldDataRKN8Security8CssmDataERNS_13CssmOwnedDataEb -Security:single module:__Z21CL_freeCssmExtensionsR20cssm_x509_extensionsRN8Security13CssmAllocatorE -Security:single module:__ZN10DecodedCrl15getCrlFieldDataERKN8Security8CssmDataEjRmRNS0_13CssmOwnedDataE -Security:single module:__ZN10DecodedCrl11setCrlFieldERKN8Security8CssmDataES3_ -Security:single module:__ZN10DecodedCrl16freeCrlFieldDataERKN8Security8CssmDataERNS0_13CssmOwnedDataE -Security:single module:__ZN10DecodedCrl21getAllParsedCrlFieldsERmRP10cssm_field -Security:single module:__ZN10DecodedCrl14describeFormatERN8Security13CssmAllocatorERmRP9cssm_data -Security:single module:__ZN10DecodedCrlC2ER18AppleX509CLSession -Security:single module:__ZN10DecodedCrlC1ER18AppleX509CLSession -Security:single module:__ZN10DecodedCrlC4ER18AppleX509CLSession -Security:single module:__ZN10DecodedCrlC2ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN10DecodedCrlC1ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN10DecodedCrlC4ER18AppleX509CLSessionRKN8Security8CssmDataE -Security:single module:__ZN10DecodedCrlD2Ev -Security:single module:__ZN10DecodedCrlD1Ev -Security:single module:__ZN10DecodedCrlD0Ev -Security:single module:__ZN10DecodedCrlD4Ev -Security:single module:__ZN10DecodedCrl9decodeCtsERKN8Security8CssmDataE -Security:single module:__ZN10DecodedCrl16encodeExtensionsEv -Security:single module:__ZN10DecodedCrl9encodeCtsERN8Security13CssmOwnedDataE -Security:single module:__Z15getField_IssuerR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z15setField_IssuerR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z16getField_VersionR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z16setField_SubjectR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z16setField_VersionR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z17getFieldIssuerStdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z17setField_NotAfterR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z17setField_TbsAlgIdR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z18getFieldSubjectStdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z18getField_CertAlgIdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z18getField_SignatureR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z18setField_NotBeforeR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z21getField_SerialNumberR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z21setField_SerialNumberR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z22getField_PublicKeyInfoR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z22setField_PublicKeyInfoR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z23freeField_PublicKeyInfoRN8Security13CssmOwnedDataE -Security:single module:__Z23getField_IssuerUniqueIdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z23setField_IssuerUniqueIdR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z24getField_PublicKeyStructR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z24getField_SubjectUniqueIdR11DecodedItemjRmRN8Security13CssmOwnedDataE -Security:single module:__Z24setField_PublicKeyStructR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z24setField_SubjectUniqueIdR11DecodedItemRKN8Security8CssmDataE -Security:single module:__Z25freeField_PublicKeyStructRN8Security13CssmOwnedDataE -Security:single module:__ZN11DecodedCert12setCertFieldERKN8Security8CssmDataES3_ -Security:single module:__ZN11DecodedCert14describeFormatERN8Security13CssmAllocatorERmRP9cssm_data -Security:single module:__ZN11DecodedCert22getAllParsedCertFieldsERmRP10cssm_field -Security:single module:__ZN18AppleX509CLSession11generateCsrEyPK25CSSM_APPLE_CL_CSR_REQUESTRP9cssm_data -Security:single module:__ZN18AppleX509CLSession9verifyCsrEPK9cssm_data -Security:single module:__ZN12SSMACContext10outputSizeEbm -Security:single module:__ZN12SSMACContext4initERKN8Security7ContextEb -Security:single module:__ZN12SSMACContext5finalERKN8Security8CssmDataE -Security:single module:__ZN12SSMACContext5finalERN8Security8CssmDataE -Security:single module:__ZN12SSMACContext6genMacERN8Security8CssmDataE -Security:single module:__ZN12SSMACContext6updateERKN8Security8CssmDataE -Security:single module:__ZN12SSMACContextC1ER12SSCSPSession -Security:single module:__ZN12SSMACContextC2ER12SSCSPSession -Security:single module:__ZN12SSMACContextC4ER12SSCSPSession -Security:single module:__ZN14SSCryptContext15minimumProgressERmS0_ -Security:single module:__ZN14SSCryptContextC2ER12SSCSPSession -Security:single module:__ZN14SSCryptContextD1Ev -Security:single module:__ZN14SSCryptContextD2Ev -Security:single module:__ZN15SSDigestContext10outputSizeEbm -Security:single module:__ZN15SSDigestContext4initERKN8Security7ContextEb -Security:single module:__ZN15SSDigestContext5finalERN8Security8CssmDataE -Security:single module:__ZN15SSDigestContext6updateERKN8Security8CssmDataE -Security:single module:__ZN15SSDigestContextC1ER12SSCSPSession -Security:single module:__ZN15SSDigestContextC2ER12SSCSPSession -Security:single module:__ZN15SSDigestContextC4ER12SSCSPSession -Security:single module:__ZN15SSDigestContextD0Ev -Security:single module:__ZN15SSDigestContextD1Ev -Security:single module:__ZN15SSDigestContextD2Ev -Security:single module:__ZN15SSDigestContextD4Ev -Security:single module:__ZN15SSRandomContext10outputSizeEbm -Security:single module:__ZN15SSRandomContext4initERKN8Security7ContextEb -Security:single module:__ZN15SSRandomContext5finalERN8Security8CssmDataE -Security:single module:__ZN15SSRandomContextC1ER12SSCSPSession -Security:single module:__ZN15SSRandomContextC2ER12SSCSPSession -Security:single module:__ZN15SSRandomContextC4ER12SSCSPSession -Security:single module:__ZN18SSSignatureContext10outputSizeEbm -Security:single module:__ZN18SSSignatureContext18setDigestAlgorithmEm -Security:single module:__ZN18SSSignatureContext4initERKN8Security7ContextEb -Security:single module:__ZN18SSSignatureContext4signERN8Security8CssmDataE -Security:single module:__ZN18SSSignatureContext5finalERKN8Security8CssmDataE -Security:single module:__ZN18SSSignatureContext5finalERN8Security8CssmDataE -Security:single module:__ZN18SSSignatureContext6updateERKN8Security8CssmDataE -Security:single module:__ZN18SSSignatureContextC1ER12SSCSPSession -Security:single module:__ZN18SSSignatureContextC2ER12SSCSPSession -Security:single module:__ZN18SSSignatureContextC4ER12SSCSPSession -Security:single module:__ZN18SSSignatureContextD0Ev -Security:single module:__ZN18SSSignatureContextD1Ev -Security:single module:__ZN18SSSignatureContextD2Ev -Security:single module:__ZN18SSSignatureContextD4Ev -Security:single module:__ZN9SSContextC1ER12SSCSPSession -Security:single module:_key_perm -Security:single module:_keybyte -Security:single module:_keynybble -Security:single module:_keyHash -Security:single module:_mallocCodeBufs -Security:single module:_initCodeBufs -Security:single module:_freeCodeBufs -Security:single module:_serializeInt -Security:single module:_deserializeInt -Security:single module:_initSigSequence -Security:single module:_sigMunge -Security:single module:_ascMalloc -Security:single module:_ascFree -Security:single module:_BN_add_word -Security:single module:_BN_div_word -Security:single module:_BN_mod_word -Security:single module:_BN_mul_word -Security:single module:_sha1DigestLen -Security:single module:__ZN12BlockCryptor15minimumProgressERmS0_ -Security:single module:__ZN12BlockCryptorD0Ev -Security:single module:__ZN12BlockCryptorD1Ev -Security:single module:_initFromRS -Security:single module:_feeFEEDNewWithPubKey -Security:single module:_feeFEEDFree -Security:single module:_feeFEEDPlainBlockSize -Security:single module:_feeFEEDCipherBlockSize -Security:single module:_feeFEEDCipherBufSize -Security:single module:_feeFEEDCipherTextSize -Security:single module:_feeFEEDPlainTextSize -Security:single module:_feeFEEDEncryptBlock -Security:single module:_feeFEEDDecryptBlock -Security:single module:_feeFEEDEncrypt -Security:single module:_feeFEEDDecrypt -Security:single module:_feeFEEDExpNewWithPubKey -Security:single module:_feeFEEDExpFree -Security:single module:_feeFEEDExpPlainBlockSize -Security:single module:_feeFEEDExpCipherBlockSize -Security:single module:_feeFEEDExpCipherBufSize -Security:single module:_feeFEEDExpCipherTextSize -Security:single module:_feeFEEDExpPlainTextSize -Security:single module:_feeFEEDExpEncryptBlock -Security:single module:_feeFEEDExpDecryptBlock -Security:single module:_feeFEEDExpEncrypt -Security:single module:_feeFEEDExpDecrypt -Security:single module:_feeECDSASign -Security:single module:_feeECDSAVerify -Security:single module:_ECDSA_encode -Security:single module:_ECDSA_decode -Security:single module:_feeECDSASigSize -Security:single module:_sinstAlloc -Security:single module:_feeSigNewWithKey -Security:single module:_feeSigFree -Security:single module:_feeSigPm -Security:single module:_feeSigSign -Security:single module:_feeSigData -Security:single module:_feeSigParse -Security:single module:_borrowPointProj -Security:single module:_returnPointProj -Security:single module:_feeSigVerify -Security:single module:_feeSigVerifyNoProj -Security:single module:_feeSigSize -Security:single module:_CKRaise -Security:single module:_createRandomSeed -Security:single module:_borrowGiant -Security:single module:_returnGiant -Security:single module:_freeGiant -Security:single module:_newGiant -Security:single module:_copyGiant -Security:single module:_bitlen -Security:single module:_bitval -Security:single module:_gsign -Security:single module:_gtrimSign -Security:single module:_isone -Security:single module:_isZero -Security:single module:_gcompg -Security:single module:_gtog -Security:single module:_int_to_giant -Security:single module:_negg -Security:single module:_iaddg -Security:single module:_imulg -Security:single module:_normal_addg -Security:single module:_normal_subg -Security:single module:_reverse_subg -Security:single module:_addg -Security:single module:_subg -Security:single module:_bdivg -Security:single module:_binvaux -Security:single module:_absg -Security:single module:_gshiftleft -Security:single module:_gshiftright -Security:single module:_extractbits -Security:single module:_gmersennemod -Security:single module:_mulg -Security:single module:_grammarSquare -Security:single module:_clearGiant -Security:single module:_make_recip -Security:single module:_divg_via_recip -Security:single module:_modg_via_recip -Security:single module:_modg -Security:single module:_divg -Security:single module:_DSA_SIG_new -Security:single module:_DSA_SIG_free -Security:single module:_DSA_do_sign -Security:single module:_DSA_sign_setup -Security:single module:_DSA_do_verify -Security:single module:_MD2_Update -Security:single module:_md2_block -Security:single module:_MD2_options -Security:single module:_MD2_Init -Security:single module:_MD2_Final -Security:single module:_ERR_get_state -Security:single module:_ERR_add_error_data -Security:single module:_ERR_load_ERR_strings -Security:single module:_ERR_load_strings -Security:single module:_ERR_free_strings -Security:single module:_ERR_put_error -Security:single module:_ERR_clear_error -Security:single module:_ERR_get_error -Security:single module:_ERR_get_error_line -Security:single module:_ERR_get_error_line_data -Security:single module:_ERR_peek_error -Security:single module:_ERR_peek_error_line -Security:single module:_ERR_peek_error_line_data -Security:single module:_ERR_error_string -Security:single module:_ERR_get_string_table -Security:single module:_ERR_get_err_state_table -Security:single module:_ERR_lib_error_string -Security:single module:_ERR_func_error_string -Security:single module:_ERR_reason_error_string -Security:single module:_ERR_remove_state -Security:single module:_ERR_get_next_error_library -Security:single module:_ERR_set_error_data -Security:single module:_err_hash -Security:single module:_err_cmp -Security:single module:_pid_hash -Security:single module:_pid_cmp -Security:single module:_get_error_values -Security:single module:_CRYPTO_get_add_lock_callback -Security:single module:_CRYPTO_get_id_callback -Security:single module:_CRYPTO_get_locking_callback -Security:single module:_CRYPTO_get_new_lockid -Security:single module:_CRYPTO_lock -Security:single module:_CRYPTO_num_locks -Security:single module:_CRYPTO_set_add_lock_callback -Security:single module:_CRYPTO_set_id_callback -Security:single module:_CRYPTO_set_locking_callback -Security:single module:_CRYPTO_thread_id -Security:single module:_CRYPTO_dup_ex_data -Security:single module:_CRYPTO_get_ex_data -Security:single module:_CRYPTO_get_ex_new_index -Security:single module:_CRYPTO_set_ex_data -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_delete -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_delete_ptr -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_dup -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_find -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_free -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_insert -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_new -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_new_null -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_num -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_pop -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_pop_free -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_push -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_set -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_shift -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_sort -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_unshift -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_value -Security:single module:_sk_CRYPTO_EX_DATA_FUNCS_zero -Security:single module:_BN_CTX_init -Security:single module:_BN_MONT_CTX_copy -Security:single module:_BN_MONT_CTX_init -Security:single module:_BN_exp -Security:single module:_BN_mod_exp -Security:single module:_BN_mod_exp_mont_word -Security:single module:_BN_mod_exp_recp -Security:single module:_BN_mod_exp_simple -Security:single module:_BN_mod_mul -Security:single module:_BN_rand_range -Security:single module:_BN_rand -Security:single module:_BN_pseudo_rand -Security:single module:_BN_bntest_rand -Security:single module:_bnrand -Security:single module:_BN_generate_prime -Security:single module:_BN_is_prime_fasttest -Security:single module:_witness -Security:single module:_probable_prime -Security:single module:_probable_prime_dh -Security:single module:_probable_prime_dh_safe -Security:single module:_BN_is_prime -Security:single module:_dsa_do_sign -Security:single module:_dsa_sign_setup -Security:single module:_dsa_do_verify -Security:single module:_DSA_OpenSSL -Security:single module:_dsa_init -Security:single module:_dsa_finish -Security:single module:_dsa_mod_exp -Security:single module:_dsa_bn_mod_exp -Security:single module:_BN_lshift1 -Security:single module:_BN_rshift1 -Security:single module:_BN_BLINDING_new -Security:single module:_BN_BLINDING_free -Security:single module:_BN_BLINDING_update -Security:single module:_BN_BLINDING_convert -Security:single module:_BN_BLINDING_invert -Security:single module:_BN_gcd -Security:single module:_euclid -Security:single module:_RSA_eay_mod_exp -Security:single module:_RSA_eay_private_decrypt -Security:single module:_RSA_eay_private_encrypt -Security:single module:_bn_mul_high -Security:single module:_bn_mul_low_normal -Security:single module:_bn_mul_low_recursive -Security:single module:_bn_mul_part_recursive -Security:single module:_intToByteRep -Security:single module:_shortToByteRep -Security:single module:_giantToByteRep -Security:single module:_keyToByteRep -Security:single module:_curveParamsToByteRep -Security:single module:_sigToByteRep -Security:single module:_lengthOfByteRepGiant -Security:single module:_lengthOfByteRepKey -Security:single module:_lengthOfByteRepCurveParams -Security:single module:_lengthOfByteRepSig -Security:single module:_byteRepToInt -Security:single module:_byteRepToShort -Security:single module:_byteRepToGiant -Security:single module:_byteRepToKey -Security:single module:_byteRepToCurveParams -Security:single module:_byteRepToSig -Security:single module:_arrayToGiant -Security:single module:_newCurveParams -Security:single module:_allocRecipGiants -Security:single module:_curveParamsForDepth -Security:single module:_curveParamsCopy -Security:single module:_freeCurveParams -Security:single module:_curveParamsEquivalent -Security:single module:_lesserX1Order -Security:single module:_curveParamsInferFields -Security:single module:_feeKeyBitsToDepth -Security:single module:_encChunk -Security:single module:_enc64 -Security:single module:_enc64WithLines -Security:single module:_stringCleanse -Security:single module:_dec64 -Security:single module:_isValidEnc64 -Security:single module:__ZN12feeExceptionC2E9feeReturnPKc -Security:single module:__ZN12feeExceptionC1E9feeReturnPKc -Security:single module:__ZN12feeExceptionC4E9feeReturnPKc -Security:single module:__ZN12feeException7throwMeE9feeReturnPKc -Security:single module:_feeSizeOfDERSig -Security:single module:_feeDEREncodeElGamalSignature -Security:single module:_feeDEREncodeECDSASignature -Security:single module:_feeDERDecodeElGamalSignature -Security:single module:_feeDERDecodeECDSASignature -Security:single module:_feeDEREncodePublicKey -Security:single module:_feeDEREncodePrivateKey -Security:single module:_feeDERDecodePublicKey -Security:single module:_feeDERDecodePrivateKey -Security:single module:__Z13cssmDataToIntRK9cssm_data -Security:single module:__Z13intToCssmDatajR9cssm_dataR11SecNssCoder -Security:single module:__Z15cssmDataToGiantRK9cssm_data -Security:single module:__Z15giantToCssmDataP11giantstructR9cssm_dataR11SecNssCoder -Security:single module:__Z20feeCurveParamsToASN1PK11curveParamsR22FEECurveParametersASN1R11SecNssCoder -Security:single module:__Z22feeCurveParamsFromAsn1RK22FEECurveParametersASN1 -Security:single module:_feeHashAlloc -Security:single module:_feeHashReinit -Security:single module:_feeHashFree -Security:single module:_feeHashAddData -Security:single module:_feeHashDigest -Security:single module:_feeHashDigestLen -Security:single module:_which_curve -Security:single module:_new_public -Security:single module:_new_public_with_key -Security:single module:_free_key -Security:single module:_set_priv_key_giant -Security:single module:_key_equal -Security:single module:_make_base -Security:single module:_make_base_prim -Security:single module:_sequalg -Security:single module:_elliptic_simple -Security:single module:_elliptic -Security:single module:_elliptic_add -Security:single module:_make_pad -Security:single module:_ell_even -Security:single module:_ell_odd -Security:single module:_keys_inconsistent -Security:single module:_signature_compare -Security:single module:_numer_double -Security:single module:_numer_plus -Security:single module:_denom_double -Security:single module:_denom_times -Security:single module:_numer_times -Security:single module:_feepowermodg -Security:single module:_curveOrderJustify -Security:single module:_curveOrderJustifyWithRecip -Security:single module:_lesserX1OrderJustify -Security:single module:_calcX1OrderPlusRecip -Security:single module:_x1OrderPlusJustify -Security:single module:_x1OrderPlusMod -Security:single module:_feemod -Security:single module:_calcGiantSizes -Security:single module:_giantMinBytes -Security:single module:_giantMaxDigits -Security:single module:_binvg_cp -Security:single module:_binvg_x1OrderPlus -Security:single module:_makeKey -Security:single module:_rijndaelBlockEncrypt -Security:single module:_rijndaelBlockDecrypt -Security:single module:_RC2_encrypt -Security:single module:_RC2_decrypt -Security:single module:_RC2_set_key -Security:single module:_RC5_32_encrypt -Security:single module:_RC5_32_decrypt -Security:single module:_RC5_32_set_key -Security:single module:_CAST_ecb_encrypt -Security:single module:_CAST_set_key -Security:single module:_BF_ecb_encrypt -Security:single module:_BF_options -Security:single module:_BF_set_key -Security:single module:_timeAtNowPlus -Security:single module:_tpTimeToCssmTimestring -Security:single module:__Z13tpNextDnsCompPKcRmPcS1_ -Security:single module:__Z14tpCompareCompsPKcmS0_m -Security:single module:__Z8tpSubStrPKcmS0_m -Security:single module:_tpCompareEmailAddr -Security:single module:_tpFreeCssmData -Security:single module:_tpMallocCopyCssmData -Security:single module:_tpNormalizeAddrSpec -Security:single module:_tpOidToAldId -Security:single module:_tp_CertFreeAlgId -Security:single module:_tp_CertFreePublicKey -Security:single module:_tp_CertGetAlgId -Security:single module:_tp_CertGetPublicKey -Security:single module:_tp_CompareCerts -Security:single module:__Z11tpCrlLookup17cssm_dl_db_handlePK9cssm_dataPcPmPS0_ -Security:single module:__Z12tpCertLookup17cssm_dl_db_handlePK9cssm_dataPmPS0_ -Security:single module:__Z14tpAddCrlSchema17cssm_dl_db_handle -Security:single module:__Z24tpSearchNumericExtensionPK20cssm_x509_extensionsPK9cssm_dataPm -Security:single module:_tpDbFindIssuerCrl -Security:single module:_tpDbStoreCrl -Security:single module:__Z13tpFetchViaNetRK9cssm_data7LF_TypeRN8Security13CssmAllocatorERS_ -Security:single module:__Z11tpCrlViaNetRK9cssm_dataR18TPCrlVerifyContextR10TPCertInfoRP9TPCrlInfo -Security:single module:__Z18tpIssuerCertViaNetRK9cssm_datammPKcR10TPCertInfoRPS4_ -Security:single module:__Z22tpFetchViaGeneralNamesPK15CE_GeneralNamesR10TPCertInfoP18TPCrlVerifyContextmmPKcPPS2_PP9TPCrlInfo -Security:single module:_tpFetchCrlFromNet -Security:single module:_tpFetchIssuerFromNet -Security:single module:__Z12tpDisposeCrlR9TPCrlInfoR18TPCrlVerifyContext -Security:single module:__Z16tpFindCrlForCertR10TPCertInfoRP9TPCrlInfoR18TPCrlVerifyContext -Security:single module:__ZN10TPCRLCache3addER9TPCrlInfo -Security:single module:__ZN10TPCRLCache6removeER9TPCrlInfo -Security:single module:__ZN10TPCRLCache6searchER10TPCertInfoR18TPCrlVerifyContext -Security:single module:__ZN10TPCRLCache7releaseER9TPCrlInfo -Security:single module:__ZN10TPCRLCacheC1Ev -Security:single module:__ZN10TPCRLCacheC2Ev -Security:single module:__ZN10TPCRLCacheC4Ev -Security:single module:__Z15tpCompIpAddrStrPKcjPK9cssm_data -Security:single module:__Z18tp_verifySmimeOptsR11TPCertGroupPK9cssm_dataRK13iSignCertInfo -Security:single module:_freeFieldCertPolicies -Security:single module:_freeFieldCrlDistPoints -Security:single module:_freeFieldSubjIssuerAltName -Security:single module:_getFieldCertPolicies -Security:single module:_getFieldCrlDistPoints -Security:single module:_getFieldIssuerAltName -Security:single module:_setFieldAuthorityKeyId -Security:single module:_setFieldBasicConstraints -Security:single module:_setFieldCertPolicies -Security:single module:_setFieldCrlDistPoints -Security:single module:_setFieldExtKeyUsage -Security:single module:_setFieldKeyUsage -Security:single module:_setFieldNetscapeCertType -Security:single module:_setFieldSubjIssuerAltName -Security:single module:_setFieldSubjectKeyId -Security:single module:_setFieldCrlNumber -Security:single module:__Z17getFieldCrlCommonR11DecodedItemRK9cssm_datajRmRN8Security13CssmOwnedDataE -Security:single module:_getFieldCrlNumber -Security:single module:_getFieldDeltaCrl -Security:single module:_freeFieldIssuingDistPoint -Security:single module:_freeFieldOidOrData -Security:single module:_bn_mul_comba4 -Security:single module:_bn_sqr_comba4 -Security:single module:_bn_sqr_words -Security:single module:_pmod -Security:single module:_feeRandAllocWithSeed -Security:single module:_feeRandAlloc -Security:single module:_feeRandFree -Security:single module:_feeRandNextNum -Security:single module:_feeRandBytes -Security:single module:_feeRandAddEntropy -Security:single module:_newPointProj -Security:single module:_freePointProj -Security:single module:_ptopProj -Security:single module:_ellDoubleProj -Security:single module:_ellAddProj -Security:single module:_ellNegProj -Security:single module:_ellSubProj -Security:single module:_ellMulProjSimple -Security:single module:_ellMulProj -Security:single module:_normalizeProj -Security:single module:_jacobi_symbol -Security:single module:_powFp2 -Security:single module:_powermodg -Security:single module:_sqrtmod -Security:single module:_findPointProj -Security:single module:_giantAddDigits -Security:single module:_giantAddDouble -Security:single module:_giantSubDigits -Security:single module:_giantMulDigits -Security:single module:_VectorMultiply -Security:single module:_lh_new -Security:single module:_lh_insert -Security:single module:_expand -Security:single module:_getrn -Security:single module:_lh_free -Security:single module:_lh_delete -Security:single module:_lh_retrieve -Security:single module:_lh_doall -Security:single module:_lh_doall_arg -Security:single module:_lh_strhash -Security:single module:_lh_num_items -Security:single module:_contract -Security:single module:_BUF_MEM_grow -Security:single module:_BUF_MEM_new -Security:single module:_BUF_MEM_free -Security:single module:_BUF_strdup -Security:single module:_sk_insert -Security:single module:_sk_set_cmp_func -Security:single module:_sk_dup -Security:single module:_sk_new -Security:single module:_sk_delete_ptr -Security:single module:_sk_delete -Security:single module:_sk_find -Security:single module:_sk_push -Security:single module:_sk_unshift -Security:single module:_sk_shift -Security:single module:_sk_pop -Security:single module:_sk_zero -Security:single module:_sk_pop_free -Security:single module:_sk_free -Security:single module:_sk_num -Security:single module:_sk_value -Security:single module:_sk_set -Security:single module:_sk_sort -Security:single module:_bn_sqr_normal -Security:single module:_BN_div_recp -Security:single module:_BN_reciprocal -Security:single module:_BN_RECP_CTX_init -Security:single module:_BN_RECP_CTX_new -Security:single module:_BN_RECP_CTX_free -Security:single module:_BN_RECP_CTX_set -Security:single module:_BN_mod_mul_reciprocal -Security:single module:_BN_mod_exp2_mont -Security:single module:_RSA_padding_add_PKCS1_type_1 -Security:single module:_RSA_padding_check_PKCS1_type_2 -Security:single module:_RSA_padding_add_SSLv23 -Security:single module:_RSA_padding_check_SSLv23 -Security:single module:_RSA_padding_add_none -Security:single module:_RSA_padding_check_none -Security:single module:_rijndaelKeySched -Security:single module:_rijndaelEncrypt -Security:single module:_rijndaelDecrypt -Security:single module:_KeyAddition -Security:single module:_ShiftRow -Security:single module:_Substitution -Security:single module:_MixColumn -Security:single module:_InvMixColumn -Security:single module:_CAST_encrypt -Security:single module:_CAST_decrypt -Security:single module:_BF_encrypt -Security:single module:_BF_decrypt -Security:single module:_BF_cbc_encrypt diff --git a/Security.pbproj/project.pbxproj b/Security.pbproj/project.pbxproj deleted file mode 100644 index 720cdf7a..00000000 --- a/Security.pbproj/project.pbxproj +++ /dev/null @@ -1,17797 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 38; - objects = { - 01379EAE001E00F311CD296C = { - children = ( - 01FA81B1FFF2B54C11CD283A, - 01FA8239FFF2B54C11CD283A, - 0AD5441E0003C2C511CD296C, - C2EE0104044B56E700CA2E77, - C2EE0105044B56E700CA2E77, - ); - isa = PBXGroup; - name = "Support Files"; - refType = 4; - }; - 014259A8001645E911CD296C = { - children = ( - 01FA8049FFF2B54C11CD283A, - 01FA804AFFF2B54C11CD283A, - 01FA804BFFF2B54C11CD283A, - 01FA804CFFF2B54C11CD283A, - 01FA8061FFF2B54C11CD283A, - 01FA8062FFF2B54C11CD283A, - 01FA806BFFF2B54C11CD283A, - 01FA806CFFF2B54C11CD283A, - 01FA806EFFF2B54C11CD283A, - 01FA806DFFF2B54C11CD283A, - 01FA806FFFF2B54C11CD283A, - 01FA8070FFF2B54C11CD283A, - 01FA8071FFF2B54C11CD283A, - 01FA8072FFF2B54C11CD283A, - 01FA8073FFF2B54C11CD283A, - 01FA8074FFF2B54C11CD283A, - 01FA8075FFF2B54C11CD283A, - 01FA8076FFF2B54C11CD283A, - 01FA8077FFF2B54C11CD283A, - 01FA8078FFF2B54C11CD283A, - 01FA808EFFF2B54C11CD283A, - 01FA808FFFF2B54C11CD283A, - 01FA8090FFF2B54C11CD283A, - 01FA8091FFF2B54C11CD283A, - 01FA809AFFF2B54C11CD283A, - 01FA809EFFF2B54C11CD283A, - 01FA809FFFF2B54C11CD283A, - ); - isa = PBXGroup; - name = Database; - refType = 4; - }; - 014259A9001645E911CD296C = { - children = ( - 01FA803BFFF2B54C11CD283A, - 01FA803CFFF2B54C11CD283A, - 01FA803DFFF2B54C11CD283A, - 01FA803EFFF2B54C11CD283A, - 01FA8040FFF2B54C11CD283A, - 01FA803FFFF2B54C11CD283A, - 01FA8043FFF2B54C11CD283A, - 01FA8044FFF2B54C11CD283A, - 326618CC01C6844C05CA2E77, - 326618CD01C6844C05CA2E77, - 01FA8045FFF2B54C11CD283A, - 01FA8046FFF2B54C11CD283A, - 01FA8047FFF2B54C11CD283A, - 01FA8048FFF2B54C11CD283A, - ); - isa = PBXGroup; - name = "ACL Subjects"; - refType = 4; - }; - 014259AA001645E911CD296C = { - children = ( - 01FA8085FFF2B54C11CD283A, - 01FA8086FFF2B54C11CD283A, - 01FA8087FFF2B54C11CD283A, - 01FA8088FFF2B54C11CD283A, - 01FA808BFFF2B54C11CD283A, - 01FA808CFFF2B54C11CD283A, - 01FA8089FFF2B54C11CD283A, - 01FA808AFFF2B54C11CD283A, - 327DDDF600D7DB7505CD296C, - 327DDDF700D7DB7505CD296C, - ); - isa = PBXGroup; - name = Mach; - refType = 4; - }; - 014880C7005EAE4D11CD283A = { - isa = PBXLibraryReference; - path = libAppleCSP.a; - refType = 3; - }; - 014880C8005EAE4D11CD283A = { - isa = PBXLibraryReference; - path = libAppleFileDL.a; - refType = 3; - }; - 014880C9005EAE4D11CD283A = { - isa = PBXLibraryReference; - path = libAppleCSPDL.a; - refType = 3; - }; - 014880CA005EAE4D11CD283A = { - isa = PBXLibraryReference; - path = libAppleX509CL.a; - refType = 3; - }; - 014880CB005EAE4D11CD283A = { - isa = PBXLibraryReference; - path = libAppleX509TP.a; - refType = 3; - }; - 014880CD005EAE4D11CD283A = { - buildPhases = ( - 014880CF005EAE4D11CD283A, - 014880D0005EAE4D11CD283A, - 014880D1005EAE4D11CD283A, - 014880D2005EAE4D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; - HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\""; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O3 -DNDEBUG"; - OTHER_CFLAGS = "-DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE -DVDADER_RULES -DALLOW_ZERO_PASSWORD -DCRYPTKIT_DER_ENABLE"; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libAppleCSP.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01488164005EB1E311CD283A, - ); - isa = PBXLibraryTarget; - name = AppleCSP; - productInstallPath = /usr/local/lib; - productName = AppleCSP; - productReference = 014880C7005EAE4D11CD283A; - }; - 014880CF005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 014880EC005EB04411CD283A, - 014880ED005EB04411CD283A, - 014880EE005EB04411CD283A, - 014880EF005EB04411CD283A, - 014880F0005EB04411CD283A, - 014880F1005EB04411CD283A, - 014880F2005EB04411CD283A, - 014880F3005EB04411CD283A, - 014880F4005EB04411CD283A, - 014880F5005EB04411CD283A, - 014880F6005EB04411CD283A, - 014880F8005EB04411CD283A, - 014880F9005EB04411CD283A, - 014880FA005EB04411CD283A, - 014880FB005EB04411CD283A, - 014880FC005EB04411CD283A, - 014880FD005EB04411CD283A, - 014880FE005EB04411CD283A, - 014880FF005EB04411CD283A, - 01488100005EB04411CD283A, - 01488101005EB04411CD283A, - 01488102005EB04411CD283A, - 01488104005EB04411CD283A, - 01488105005EB04411CD283A, - 01488106005EB04411CD283A, - 039FF1DF00724E1A7F000001, - 039FF1E300724FFC7F000001, - 2C5247F2007A39B47F000001, - 2C5247F3007A39B47F000001, - 2C5247F4007A39B47F000001, - 2C5247F5007A39B47F000001, - 4A4C766F007A4E317F000001, - 4A4C7670007A4E317F000001, - 4A4C7676007A52DC7F000001, - 52BFC30A007A6A1B7F000001, - 57FCEE95007B8B3D7F000001, - 57FCEE9D007B8D4F7F000001, - 1691956C009480BC7F000001, - 1691956E009485A47F000001, - 169195B60094A63C7F000001, - 169195B70094A63C7F000001, - 169195DB0094A7427F000001, - 169195F40094A8577F000001, - 169195F50094A8577F000001, - 169195F60094A8577F000001, - 169195F70094A8577F000001, - 169195F80094A8577F000001, - 169195F90094A8577F000001, - 169195FA0094A8577F000001, - 169195FB0094A8577F000001, - 169195FC0094A8577F000001, - 169195FD0094A8577F000001, - 169195FE0094A8577F000001, - 169195FF0094A8577F000001, - 169196000094A8577F000001, - 169196010094A8577F000001, - 169196030094A8577F000001, - 169196040094A8577F000001, - 169196050094A8577F000001, - 169196060094A8577F000001, - 169196070094A8577F000001, - 169196080094A8577F000001, - 256C38B00094AE787F000001, - 256C38B10094AE787F000001, - 256C38B50094B2537F000001, - 28B044E00094C5577F000001, - 28B044E50094DC627F000001, - 48855E840095DC957F000001, - 01D5634900974F7C7F000001, - 07E4D6E500A0CD8D7F000001, - 209FCB4F00A738117F000001, - 59375E6C00A848827F000001, - 59375E6F00A849237F000001, - 0149035C00A9DC487F000001, - 0149035D00A9DC487F000001, - 0149035E00A9DC487F000001, - 0149035F00A9DC487F000001, - 0149036500A9DF347F000001, - 9D8F0D2901C815A600003D05, - 9D2C3D0101C826C800003D05, - 9D2C3D0301C82F6100003D05, - 9D206AA701EB68F200003D05, - 9D291880026B504700003D05, - 9D291889026B56DA00003D05, - 9D29188B026B56DA00003D05, - 9D29188D026B56DA00003D05, - 9D291891026B8BBD00003D05, - 05F88FC50410032C00003D05, - 05F88FC70410032C00003D05, - 05F88FCB0410035B00003D05, - 05553B6D042F88F800003D05, - 05553B71042F892F00003D05, - 05553B75042F90DD00003D05, - 05D098CF043C6DD200003D05, - 057C0BB80456E16900BA3D3B, - 057C0BB90456E16900BA3D3B, - 057C0BBC0456E18300BA3D3B, - 057C0BC10457129200BA3D3B, - 057C0BCD04581E3300BA3D3B, - 057C0BCE04581E3300BA3D3B, - 057C0BD804581E6800BA3D3B, - 057C0BE00458299B00BA3D3B, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D0005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 01488107005EB04411CD283A, - 01488108005EB04411CD283A, - 01488109005EB04411CD283A, - 0148810A005EB04411CD283A, - 0148810B005EB04411CD283A, - 0148810C005EB04411CD283A, - 0148810D005EB04411CD283A, - 0148810E005EB04411CD283A, - 0148810F005EB04411CD283A, - 01488111005EB04411CD283A, - 01488112005EB04411CD283A, - 01488113005EB04411CD283A, - 01488114005EB04411CD283A, - 01488115005EB04411CD283A, - 01488116005EB04411CD283A, - 01488117005EB04411CD283A, - 01488118005EB04411CD283A, - 01488119005EB04411CD283A, - 0148811A005EB04411CD283A, - 0148811B005EB04411CD283A, - 0148811C005EB04411CD283A, - 0148811D005EB04411CD283A, - 0148811E005EB04411CD283A, - 0148811F005EB04411CD283A, - 01488120005EB04411CD283A, - 01488122005EB04411CD283A, - 01488123005EB04411CD283A, - 01488124005EB04411CD283A, - 63B97E6700603F0B7F000001, - 039FF1DD00724C3A7F000001, - 039FF1E100724E6E7F000001, - 2C5247F6007A39B47F000001, - 2C5247F7007A39B47F000001, - 2C5247F8007A39B47F000001, - 4A4C7671007A4E317F000001, - 4A4C7673007A4E657F000001, - 4A4C7677007A52DC7F000001, - 52BFC30C007A6A1B7F000001, - 52BFC30D007A6A1B7F000001, - 57FCEE8C007A7B2F7F000001, - 57FCEE99007B8B3D7F000001, - 4AC94A7D0084BE397F000001, - 4AC94A7F0084C0977F000001, - 16919570009486767F000001, - 1691958B0094A5A87F000001, - 1691958C0094A5A87F000001, - 1691958D0094A5A87F000001, - 1691958E0094A5A87F000001, - 1691958F0094A5A87F000001, - 169195900094A5A87F000001, - 169195910094A5A87F000001, - 169195920094A5A87F000001, - 169195940094A5A87F000001, - 169195950094A5A87F000001, - 169195960094A5A87F000001, - 169195970094A5A87F000001, - 169195980094A5A87F000001, - 1691959A0094A5A87F000001, - 1691959B0094A5A87F000001, - 169195B80094A63C7F000001, - 169195B90094A63C7F000001, - 169195BA0094A63C7F000001, - 169195BB0094A63C7F000001, - 169195BC0094A63C7F000001, - 169195BD0094A63C7F000001, - 169195BE0094A63C7F000001, - 169195BF0094A63C7F000001, - 169195C00094A63C7F000001, - 169195C10094A63C7F000001, - 169195C20094A63C7F000001, - 169195C30094A63C7F000001, - 169195C40094A63C7F000001, - 169195C50094A63C7F000001, - 169195C60094A63C7F000001, - 169195C70094A63C7F000001, - 169195C80094A63C7F000001, - 169195C90094A63C7F000001, - 169195CA0094A63C7F000001, - 169195CB0094A63C7F000001, - 169195CC0094A63C7F000001, - 169195CD0094A63C7F000001, - 169195CE0094A63C7F000001, - 169195CF0094A63C7F000001, - 169195D40094A6FD7F000001, - 169195D50094A6FD7F000001, - 169195D60094A6FD7F000001, - 169195DD0094A7427F000001, - 256C38B20094AE787F000001, - 256C38B30094AE787F000001, - 256C38B70094B96F7F000001, - 28B044E20094C6C57F000001, - 28B044E60094DC627F000001, - 48855E860095DD697F000001, - 07E4D6DC00A0CA617F000001, - 07E4D6DD00A0CA617F000001, - 07E4D6DE00A0CA617F000001, - 07E4D6DF00A0CA617F000001, - 07E4D6E000A0CA617F000001, - 07E4D6E100A0CA617F000001, - 07E4D6E200A0CA617F000001, - 07E4D6E300A0CA617F000001, - 209FCB5100A739657F000001, - 59375E7000A849237F000001, - 59375E7200A849BB7F000001, - 0149036000A9DC487F000001, - 0149036100A9DC487F000001, - 0149036200A9DC487F000001, - 0149036300A9DC487F000001, - 9D8F0D2A01C815A600003D05, - 9D8F0D2B01C815A600003D05, - 9D29187A026B502600003D05, - 9D29187B026B502600003D05, - 9D29187C026B502600003D05, - 9D29187D026B502600003D05, - 9D29187E026B502600003D05, - 9D291888026B56DA00003D05, - 9D29188A026B56DA00003D05, - 9D29188C026B56DA00003D05, - 9D291890026B8BBD00003D05, - 05F88FC40410032C00003D05, - 05F88FC60410032C00003D05, - 05F88FCA0410035B00003D05, - 05553B6C042F88F800003D05, - 05553B70042F892F00003D05, - 05553B74042F90DD00003D05, - 05D098D1043C6DE300003D05, - 057C0BB60456E16900BA3D3B, - 057C0BB70456E16900BA3D3B, - 057C0BBA0456E16900BA3D3B, - 057C0BC00457129200BA3D3B, - 057C0BCA04581E3300BA3D3B, - 057C0BCB04581E3300BA3D3B, - 057C0BCC04581E3300BA3D3B, - 057C0BDF0458299B00BA3D3B, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D1005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D2005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D4005EAE4D11CD283A = { - buildPhases = ( - 014880D5005EAE4D11CD283A, - 014880D6005EAE4D11CD283A, - 014880D7005EAE4D11CD283A, - 014880D8005EAE4D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DVDADER_RULES"; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libAppleCSPDL.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01488165005EB22011CD283A, - ); - isa = PBXLibraryTarget; - name = AppleCSPDL; - productInstallPath = /usr/local/lib; - productName = AppleCSPDL; - productReference = 014880C9005EAE4D11CD283A; - }; - 014880D5005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 01488125005EB04411CD283A, - 01488126005EB04411CD283A, - 01488127005EB04411CD283A, - 01488128005EB04411CD283A, - 01488129005EB04411CD283A, - 0148812A005EB04411CD283A, - 0148812B005EB04411CD283A, - 0148812C005EB04411CD283A, - 0148812D005EB04411CD283A, - 0148812E005EB04411CD283A, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D6005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 0148812F005EB04411CD283A, - 01488131005EB04411CD283A, - 01488132005EB04411CD283A, - 01488133005EB04411CD283A, - 01488134005EB04411CD283A, - 01488135005EB04411CD283A, - 01488136005EB04411CD283A, - 01488137005EB04411CD283A, - 01488138005EB04411CD283A, - 327DDDF500D707D805CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D7005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880D8005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880DA005EAE4D11CD283A = { - buildPhases = ( - 014880DB005EAE4D11CD283A, - 014880DC005EAE4D11CD283A, - 014880DD005EAE4D11CD283A, - 014880DE005EAE4D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libAppleFileDL.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01488166005EB22011CD283A, - ); - isa = PBXLibraryTarget; - name = AppleFileDL; - productInstallPath = /usr/local/lib; - productName = AppleFileDL; - productReference = 014880C8005EAE4D11CD283A; - }; - 014880DB005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 01488139005EB04411CD283A, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880DC005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 0148813A005EB04411CD283A, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880DD005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880DE005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E0005EAE4D11CD283A = { - buildPhases = ( - 014880E1005EAE4D11CD283A, - 014880E2005EAE4D11CD283A, - 014880E3005EAE4D11CD283A, - 014880E4005EAE4D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DVDADER_RULES"; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libAppleX509CL.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01488167005EB22011CD283A, - ); - isa = PBXLibraryTarget; - name = AppleX509CL; - productInstallPath = /usr/local/lib; - productName = AppleX509CL; - productReference = 014880CA005EAE4D11CD283A; - }; - 014880E1005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 0148813B005EB04411CD283A, - 0148813D005EB04411CD283A, - 0148813E005EB04411CD283A, - 0148813F005EB04411CD283A, - 01488140005EB04411CD283A, - 01488141005EB04411CD283A, - 01488142005EB04411CD283A, - 01488143005EB04411CD283A, - 9D347A410380197600003D05, - 9D347A430380197600003D05, - 9D347A460380197600003D05, - 9D347A480380197600003D05, - 9D347A4A0380197600003D05, - 05F88FD1041003A500003D05, - 05F88FD3041003A500003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E2005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 01488145005EB04411CD283A, - 01488147005EB04411CD283A, - 01488148005EB04411CD283A, - 01488149005EB04411CD283A, - 0148814A005EB04411CD283A, - 0148814C005EB04411CD283A, - 0148814D005EB04411CD283A, - 0148814E005EB04411CD283A, - 0148814F005EB04411CD283A, - 01488150005EB04411CD283A, - F540EDC3027A41BF01CA2E66, - 9D347A400380197600003D05, - 9D347A420380197600003D05, - 9D347A440380197600003D05, - 9D347A450380197600003D05, - 9D347A470380197600003D05, - 9D347A490380197600003D05, - 05F88FD0041003A500003D05, - 05F88FD2041003A500003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E3005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E4005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E6005EAE4D11CD283A = { - buildPhases = ( - 014880E7005EAE4D11CD283A, - 014880E8005EAE4D11CD283A, - 014880E9005EAE4D11CD283A, - 014880EA005EAE4D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DVDADER_RULES"; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libAppleX509TP.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01488168005EB22011CD283A, - ); - isa = PBXLibraryTarget; - name = AppleX509TP; - productInstallPath = /usr/local/lib; - productName = AppleX509TP; - productReference = 014880CB005EAE4D11CD283A; - }; - 014880E7005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 01488152005EB04411CD283A, - 01488153005EB04411CD283A, - 01488154005EB04411CD283A, - 01488155005EB04411CD283A, - 01488156005EB04411CD283A, - 01488157005EB04411CD283A, - 01488158005EB04411CD283A, - 01488159005EB04411CD283A, - 9D347A54038019EF00003D05, - 9D347A56038019EF00003D05, - 9D347A58038019EF00003D05, - 9D347A5A038019EF00003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E8005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - 0148815A005EB04411CD283A, - 0148815B005EB04411CD283A, - 0148815C005EB04411CD283A, - 01488161005EB04411CD283A, - 01488162005EB04411CD283A, - 01488163005EB04411CD283A, - 9D4B1BC80156C2E500A17CD1, - 9D14AC53020093D100003D05, - 9D9AEFBB02B6BC6C00003D05, - 9D347A53038019EF00003D05, - 9D347A55038019EF00003D05, - 9D347A57038019EF00003D05, - 9D347A59038019EF00003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880E9005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880EA005EAE4D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 014880EC005EB04411CD283A = { - fileRef = 07A0F5EE005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880ED005EB04411CD283A = { - fileRef = 07A0F5EF005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880EE005EB04411CD283A = { - fileRef = 07A0F5F1005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880EF005EB04411CD283A = { - fileRef = 07A0F5F3005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F0005EB04411CD283A = { - fileRef = 07A0F5F6005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F1005EB04411CD283A = { - fileRef = 07A0F5F8005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F2005EB04411CD283A = { - fileRef = 07A0F5F9005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F3005EB04411CD283A = { - fileRef = 07A0F5FB005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F4005EB04411CD283A = { - fileRef = 07A0F5FC005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F5005EB04411CD283A = { - fileRef = 07A0F5FE005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F6005EB04411CD283A = { - fileRef = 07A0F600005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F8005EB04411CD283A = { - fileRef = 07A0F60A005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880F9005EB04411CD283A = { - fileRef = 07A0F60B005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FA005EB04411CD283A = { - fileRef = 07A0F60E005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FB005EB04411CD283A = { - fileRef = 07A0F610005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FC005EB04411CD283A = { - fileRef = 07A0F670005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FD005EB04411CD283A = { - fileRef = 07A0F671005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FE005EB04411CD283A = { - fileRef = 07A0F673005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 014880FF005EB04411CD283A = { - fileRef = 07A0F675005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488100005EB04411CD283A = { - fileRef = 07A0F677005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488101005EB04411CD283A = { - fileRef = 07A0F679005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488102005EB04411CD283A = { - fileRef = 07A0F67B005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488104005EB04411CD283A = { - fileRef = 07A0F67F005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488105005EB04411CD283A = { - fileRef = 07A0F682005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488106005EB04411CD283A = { - fileRef = 07A0F684005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488107005EB04411CD283A = { - fileRef = 07A0F5EC005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488108005EB04411CD283A = { - fileRef = 07A0F5F0005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488109005EB04411CD283A = { - fileRef = 07A0F5F2005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810A005EB04411CD283A = { - fileRef = 07A0F5F5005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810B005EB04411CD283A = { - fileRef = 07A0F5F7005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810C005EB04411CD283A = { - fileRef = 07A0F5FA005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810D005EB04411CD283A = { - fileRef = 07A0F5FD005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810E005EB04411CD283A = { - fileRef = 07A0F5FF005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148810F005EB04411CD283A = { - fileRef = 07A0F601005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488111005EB04411CD283A = { - fileRef = 07A0F604005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488112005EB04411CD283A = { - fileRef = 07A0F605005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488113005EB04411CD283A = { - fileRef = 07A0F607005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488114005EB04411CD283A = { - fileRef = 07A0F608005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488115005EB04411CD283A = { - fileRef = 07A0F609005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488116005EB04411CD283A = { - fileRef = 07A0F60C005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488117005EB04411CD283A = { - fileRef = 07A0F60D005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488118005EB04411CD283A = { - fileRef = 07A0F60F005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488119005EB04411CD283A = { - fileRef = 07A0F611005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811A005EB04411CD283A = { - fileRef = 07A0F612005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811B005EB04411CD283A = { - fileRef = 07A0F66F005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811C005EB04411CD283A = { - fileRef = 07A0F672005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811D005EB04411CD283A = { - fileRef = 07A0F674005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811E005EB04411CD283A = { - fileRef = 07A0F676005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148811F005EB04411CD283A = { - fileRef = 07A0F678005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488120005EB04411CD283A = { - fileRef = 07A0F67A005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488122005EB04411CD283A = { - fileRef = 07A0F67E005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488123005EB04411CD283A = { - fileRef = 07A0F681005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488124005EB04411CD283A = { - fileRef = 07A0F683005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488125005EB04411CD283A = { - fileRef = 07A0F68B005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488126005EB04411CD283A = { - fileRef = 07A0F68D005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488127005EB04411CD283A = { - fileRef = 07A0F691005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488128005EB04411CD283A = { - fileRef = 07A0F693005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488129005EB04411CD283A = { - fileRef = 07A0F695005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812A005EB04411CD283A = { - fileRef = 07A0F697005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812B005EB04411CD283A = { - fileRef = 07A0F699005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812C005EB04411CD283A = { - fileRef = 07A0F69B005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812D005EB04411CD283A = { - fileRef = 07A0F69D005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812E005EB04411CD283A = { - fileRef = 07A0F69F005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148812F005EB04411CD283A = { - fileRef = 07A0F68A005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488131005EB04411CD283A = { - fileRef = 07A0F690005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488132005EB04411CD283A = { - fileRef = 07A0F692005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488133005EB04411CD283A = { - fileRef = 07A0F694005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488134005EB04411CD283A = { - fileRef = 07A0F696005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488135005EB04411CD283A = { - fileRef = 07A0F698005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488136005EB04411CD283A = { - fileRef = 07A0F69A005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488137005EB04411CD283A = { - fileRef = 07A0F69C005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488138005EB04411CD283A = { - fileRef = 07A0F69E005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488139005EB04411CD283A = { - fileRef = 07A0F6A5005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148813A005EB04411CD283A = { - fileRef = 07A0F6A4005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148813B005EB04411CD283A = { - fileRef = 07A0F6AE005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148813D005EB04411CD283A = { - fileRef = 07A0F6B5005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148813E005EB04411CD283A = { - fileRef = 07A0F6B8005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148813F005EB04411CD283A = { - fileRef = 07A0F6BA005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488140005EB04411CD283A = { - fileRef = 07A0F6BE005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488141005EB04411CD283A = { - fileRef = 07A0F6C0005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488142005EB04411CD283A = { - fileRef = 07A0F6C1005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488143005EB04411CD283A = { - fileRef = 07A0F6C3005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488145005EB04411CD283A = { - fileRef = 07A0F6AD005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488147005EB04411CD283A = { - fileRef = 07A0F6B4005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488148005EB04411CD283A = { - fileRef = 07A0F6B6005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488149005EB04411CD283A = { - fileRef = 07A0F6B7005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148814A005EB04411CD283A = { - fileRef = 07A0F6B9005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148814C005EB04411CD283A = { - fileRef = 07A0F6BF005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148814D005EB04411CD283A = { - fileRef = 07A0F6C2005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148814E005EB04411CD283A = { - fileRef = 07A0F6C4005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148814F005EB04411CD283A = { - fileRef = 07A0F6C5005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488150005EB04411CD283A = { - fileRef = 07A0F6C6005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488152005EB04411CD283A = { - fileRef = 07A0F6CC005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488153005EB04411CD283A = { - fileRef = 07A0F6D0005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488154005EB04411CD283A = { - fileRef = 07A0F6D2005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488155005EB04411CD283A = { - fileRef = 07A0F6D6005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488156005EB04411CD283A = { - fileRef = 07A0F6D8005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488157005EB04411CD283A = { - fileRef = 07A0F6DC005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488158005EB04411CD283A = { - fileRef = 07A0F6DE005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488159005EB04411CD283A = { - fileRef = 07A0F6E0005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148815A005EB04411CD283A = { - fileRef = 07A0F6CB005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148815B005EB04411CD283A = { - fileRef = 07A0F6CF005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148815C005EB04411CD283A = { - fileRef = 07A0F6D1005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488161005EB04411CD283A = { - fileRef = 07A0F6DB005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488162005EB04411CD283A = { - fileRef = 07A0F6DD005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488163005EB04411CD283A = { - fileRef = 07A0F6DF005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488164005EB1E311CD283A = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - 01488165005EB22011CD283A = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - 01488166005EB22011CD283A = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - 01488167005EB22011CD283A = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - 01488168005EB22011CD283A = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - 0149035400A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DES.c; - path = MiscCSPAlgs/DES.c; - refType = 4; - }; - 0149035500A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DES.h; - path = MiscCSPAlgs/DES.h; - refType = 4; - }; - 0149035600A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MD5.c; - path = MiscCSPAlgs/MD5.c; - refType = 4; - }; - 0149035700A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MD5.h; - path = MiscCSPAlgs/MD5.h; - refType = 4; - }; - 0149035800A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1_priv.c; - path = MiscCSPAlgs/SHA1_priv.c; - refType = 4; - }; - 0149035900A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1_priv.h; - path = MiscCSPAlgs/SHA1_priv.h; - refType = 4; - }; - 0149035A00A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1.c; - path = MiscCSPAlgs/SHA1.c; - refType = 4; - }; - 0149035B00A9DC487F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1.h; - path = MiscCSPAlgs/SHA1.h; - refType = 4; - }; - 0149035C00A9DC487F000001 = { - fileRef = 0149035500A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149035D00A9DC487F000001 = { - fileRef = 0149035700A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149035E00A9DC487F000001 = { - fileRef = 0149035900A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149035F00A9DC487F000001 = { - fileRef = 0149035B00A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036000A9DC487F000001 = { - fileRef = 0149035400A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036100A9DC487F000001 = { - fileRef = 0149035600A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036200A9DC487F000001 = { - fileRef = 0149035800A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036300A9DC487F000001 = { - fileRef = 0149035A00A9DC487F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036400A9DF347F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = platform.h; - path = MiscCSPAlgs/platform.h; - refType = 4; - }; - 0149036500A9DF347F000001 = { - fileRef = 0149036400A9DF347F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0149036600A9E34D7F000001 = { - isa = PBXFileReference; - path = libComCryption.a; - refType = 3; - }; - 0149036700A9E34D7F000001 = { - isa = PBXFileReference; - path = libCryptKit.a; - refType = 3; - }; - 014989C0006AA1D111CD283A = { - fileRef = 07A0F5F1005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 014989C1006AA1D111CD283A = { - fileRef = 07A0F5F3005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0165238D000BEC3311CD296C = { - children = ( - 01FA8215FFF2B54C11CD283A, - 01FA823BFFF2B54C11CD283A, - 32361F0701F4B28E05CA2E77, - 01FA823CFFF2B54C11CD283A, - 01FA821AFFF2B54C11CD283A, - 01FA821BFFF2B54C11CD283A, - ); - isa = PBXGroup; - name = MIG; - refType = 4; - }; - 0165238E000BEC3311CD296C = { - children = ( - 01FA821FFFF2B54C11CD283A, - 01FA8227FFF2B54C11CD283A, - 01FA8226FFF2B54C11CD283A, - 01FA8229FFF2B54C11CD283A, - 01FA8228FFF2B54C11CD283A, - 563FC2AC03F8454B0DCA289E, - 563FC2AD03F8454B0DCA289E, - 563FC2AE03F8454B0DCA289E, - 563FC2AF03F8454B0DCA289E, - ); - isa = PBXGroup; - name = "Client Library"; - refType = 4; - }; - 0165238F000BEC3311CD296C = { - children = ( - 01FA821DFFF2B54C11CD283A, - 01FA821CFFF2B54C11CD283A, - ); - isa = PBXGroup; - name = "Agent Client Library"; - path = ""; - refType = 4; - }; - 0177F263FFFAA2D311CD283A = { - children = ( - F5786181022EDE8901CA2E64, - F57861F9022F13DF01CA2E64, - F5786222022F2D9701CA2E64, - F5786223022F2DDB01CA2E64, - ); - isa = PBXGroup; - path = Keychain; - refType = 4; - }; - 0177F269FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CCallbackMgr.cp; - refType = 4; - }; - 0177F26AFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CCallbackMgr.h; - refType = 4; - }; - 0177F27EFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdatetime.cpp; - refType = 4; - }; - 0177F27FFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdatetime.h; - refType = 4; - }; - 0177F28AFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLDBListCFPref.cpp; - refType = 4; - }; - 0177F28BFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLDBListCFPref.h; - refType = 4; - }; - 0177F290FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Globals.cpp; - refType = 4; - }; - 0177F291FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Globals.h; - refType = 4; - }; - 0177F292FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Item.cpp; - refType = 4; - }; - 0177F293FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Item.h; - refType = 4; - }; - 0177F29CFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCCursor.cpp; - refType = 4; - }; - 0177F29DFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCCursor.h; - refType = 4; - }; - 0177F29EFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCEventNotifier.cpp; - refType = 4; - }; - 0177F29FFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCEventNotifier.h; - refType = 4; - }; - 0177F2A0FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCEventObserver.cpp; - refType = 4; - }; - 0177F2A1FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCEventObserver.h; - refType = 4; - }; - 0177F2A2FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCExceptions.h; - refType = 4; - }; - 0177F2B7FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Keychains.cpp; - refType = 4; - }; - 0177F2B8FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Keychains.h; - refType = 4; - }; - 0177F2C6FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = PrimaryKey.cpp; - refType = 4; - }; - 0177F2C7FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = PrimaryKey.h; - refType = 4; - }; - 0177F2CCFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Schema.cpp; - refType = 4; - }; - 0177F2CDFFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Schema.h; - refType = 4; - }; - 0177F2D1FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainAPI.cpp; - refType = 4; - }; - 0177F2D2FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainAPI.h; - refType = 4; - }; - 0177F2D3FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainAPIPriv.h; - refType = 4; - }; - 0177F2D6FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = StorageManager.cpp; - refType = 4; - }; - 0177F2D7FFFAA2D311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = StorageManager.h; - refType = 4; - }; - 0177F2DEFFFAA2D311CD283A = { - fileRef = 0177F26AFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2EAFFFAA2D311CD283A = { - fileRef = 0177F27FFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2F0FFFAA2D311CD283A = { - fileRef = 0177F28BFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2F4FFFAA2D311CD283A = { - fileRef = 0177F291FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2F5FFFAA2D311CD283A = { - fileRef = 0177F293FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2FAFFFAA2D311CD283A = { - fileRef = 0177F29DFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2FBFFFAA2D311CD283A = { - fileRef = 0177F29FFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2FCFFFAA2D311CD283A = { - fileRef = 0177F2A1FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F2FDFFFAA2D311CD283A = { - fileRef = 0177F2A2FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F30BFFFAA2D311CD283A = { - fileRef = 0177F2B8FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F315FFFAA2D311CD283A = { - fileRef = 0177F2C7FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F319FFFAA2D311CD283A = { - fileRef = 0177F2CDFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F31AFFFAA2D311CD283A = { - fileRef = 0177F2D2FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F31BFFFAA2D311CD283A = { - fileRef = 0177F2D3FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F31DFFFAA2D311CD283A = { - fileRef = 0177F2D7FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F323FFFAA2D311CD283A = { - fileRef = 0177F269FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F32CFFFAA2D311CD283A = { - fileRef = 0177F27EFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F332FFFAA2D311CD283A = { - fileRef = 0177F28AFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F334FFFAA2D311CD283A = { - fileRef = 0177F290FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F335FFFAA2D311CD283A = { - fileRef = 0177F292FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F33AFFFAA2D311CD283A = { - fileRef = 0177F29CFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F33BFFFAA2D311CD283A = { - fileRef = 0177F29EFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F33CFFFAA2D311CD283A = { - fileRef = 0177F2A0FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F344FFFAA2D311CD283A = { - fileRef = 0177F2B7FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F349FFFAA2D311CD283A = { - fileRef = 0177F2C6FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F34BFFFAA2D311CD283A = { - fileRef = 0177F2CCFFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F34EFFFAA2D311CD283A = { - fileRef = 0177F2D1FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F350FFFAA2D311CD283A = { - fileRef = 0177F2D6FFFAA2D311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0177F352FFFAC61911CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCUtilities.cpp; - refType = 4; - }; - 0177F353FFFAC61911CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KCUtilities.h; - refType = 4; - }; - 0177F354FFFAC61911CD283A = { - fileRef = 0177F353FFFAC61911CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0177F355FFFAC61911CD283A = { - fileRef = 0177F352FFFAC61911CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 017A54F20094AAE57F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "https-proxy-protocol.h"; - refType = 4; - }; - 017A54F30094AAE57F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "https-proxy-protocol.cpp"; - refType = 4; - }; - 017B6CA6009748107F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = buffers.cpp; - refType = 4; - }; - 017B6CA7009748107F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = buffers.h; - refType = 4; - }; - 017B6CA8009748107F000001 = { - fileRef = 017B6CA7009748107F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 017B6CA9009748107F000001 = { - fileRef = 017B6CA6009748107F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 01827D09008CB8707F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ftp-proxy-protocol.h"; - refType = 4; - }; - 01827D0A008CB8707F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ftp-proxy-protocol.cpp"; - refType = 4; - }; - 01CE6B19FFF2B1BA11CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = "-O0 -fno-inline"; - OTHER_CFLAGS = "\U0001 -DDEBUGDUMP"; - SECTORDER_FLAGS = ""; - }; - isa = PBXBuildStyle; - name = Development; - }; - 01CE6B1AFFF2B1BA11CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 01CE6B1BFFF2B31311CD283A = { - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = world; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 01CE6B1CFFF2B31311CD283A, - 125E8604FFF3D96711CD283A, - 01FA8902FFF2BCA811CD283A, - 01FA8903FFF2BCA811CD283A, - C2907DD7042BA6E300CA2E77, - 01FA88F8FFF2BBEB11CD283A, - 9DC1DF0F0299BCB400003D05, - 9D347AA10380366700003D05, - C227CDCC03E7173300CA2E77, - 3283A53602B96AED05CA2E77, - ); - isa = PBXAggregateTarget; - name = world; - productName = world; - }; - 01CE6B1CFFF2B31311CD283A = { - isa = PBXTargetDependency; - target = 0867D69CFE84028FC02AAC07; - }; - 01CE6B1DFFF2B33A11CD283A = { - buildArgumentsString = "-f cdsa/generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\""; - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = generate; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = generate; - passBuildSettingsInEnvironment = 0; - productName = generate; - settingsToExpand = 6; - settingsToPassInEnvironment = 1; - settingsToPassOnCommandLine = 280; - }; - 01D5634800974F7C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = openssl_pkcs7.h; - path = openssl/openssl_pkcs7.h; - refType = 4; - }; - 01D5634900974F7C7F000001 = { - fileRef = 01D5634800974F7C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA7FE6FFF2B54C11CD283A = { - children = ( - 01FA7FE7FFF2B54C11CD283A, - 01FA8039FFF2B54C11CD283A, - 01FA8003FFF2B54C11CD283A, - 01FA8025FFF2B54C11CD283A, - 01FA80AAFFF2B54C11CD283A, - 9D518682018F278000003D05, - 01FA80C6FFF2B54C11CD283A, - 01FA80D6FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = cdsa; - refType = 4; - }; - 01FA7FE7FFF2B54C11CD283A = { - children = ( - 01FA7FE8FFF2B54C11CD283A, - 01FA7FE9FFF2B54C11CD283A, - 01FA7FEAFFF2B54C11CD283A, - 01FA7FEBFFF2B54C11CD283A, - 01FA7FECFFF2B54C11CD283A, - 01FA7FEDFFF2B54C11CD283A, - 01FA7FEEFFF2B54C11CD283A, - 01FA7FEFFFF2B54C11CD283A, - 01FA7FF0FFF2B54C11CD283A, - 01FA7FF1FFF2B54C11CD283A, - 01FA7FF2FFF2B54C11CD283A, - 01FA7FF3FFF2B54C11CD283A, - 01FA7FF4FFF2B54C11CD283A, - 01FA7FF5FFF2B54C11CD283A, - 01FA7FF6FFF2B54C11CD283A, - 01FA7FF7FFF2B54C11CD283A, - 01FA7FF8FFF2B54C11CD283A, - 01FA7FF9FFF2B54C11CD283A, - 01FA7FFAFFF2B54C11CD283A, - 01FA7FFBFFF2B54C11CD283A, - 01FA7FFCFFF2B54C11CD283A, - 01FA7FFDFFF2B54C11CD283A, - 01FA7FFEFFF2B54C11CD283A, - 01FA7FFFFFF2B54C11CD283A, - 01FA8000FFF2B54C11CD283A, - 01FA8001FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = cdsa; - refType = 4; - }; - 01FA7FE8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = certextensions.h; - refType = 4; - }; - 01FA7FE9FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssm.h; - refType = 4; - }; - 01FA7FEAFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmaci.h; - refType = 4; - }; - 01FA7FEBFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmapi.h; - refType = 4; - }; - 01FA7FECFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmapple.h; - refType = 4; - }; - 01FA7FEDFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcli.h; - refType = 4; - }; - 01FA7FEEFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmconfig.h; - refType = 4; - }; - 01FA7FEFFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcspi.h; - refType = 4; - }; - 01FA7FF0FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdli.h; - refType = 4; - }; - 01FA7FF1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmerr.h; - refType = 4; - }; - 01FA7FF2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmkrapi.h; - refType = 4; - }; - 01FA7FF3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmkrspi.h; - refType = 4; - }; - 01FA7FF4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmspi.h; - refType = 4; - }; - 01FA7FF5FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmtpi.h; - refType = 4; - }; - 01FA7FF6FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmtype.h; - refType = 4; - }; - 01FA7FF7FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = eisl.h; - refType = 4; - }; - 01FA7FF8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = emmspi.h; - refType = 4; - }; - 01FA7FF9FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = emmtype.h; - refType = 4; - }; - 01FA7FFAFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = mds.h; - refType = 4; - }; - 01FA7FFBFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = mds_schema.h; - refType = 4; - }; - 01FA7FFCFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidsalg.h; - refType = 4; - }; - 01FA7FFDFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidsattr.h; - refType = 4; - }; - 01FA7FFEFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidsbase.h; - refType = 4; - }; - 01FA7FFFFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidscert.h; - refType = 4; - }; - 01FA8000FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidscrl.h; - refType = 4; - }; - 01FA8001FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = x509defs.h; - refType = 4; - }; - 01FA8003FFF2B54C11CD283A = { - children = ( - 32623CFC024BBA3B05CA2E77, - 01FA8004FFF2B54C11CD283A, - 32867BAB02316C3905CA2E77, - 32867BAC02316C3905CA2E77, - 01FA8008FFF2B54C11CD283A, - 01FA8009FFF2B54C11CD283A, - 01FA800AFFF2B54C11CD283A, - 01FA800BFFF2B54C11CD283A, - 01FA800CFFF2B54C11CD283A, - 01FA800DFFF2B54C11CD283A, - 01FA800EFFF2B54C11CD283A, - 01FA800FFFF2B54C11CD283A, - 01FA8010FFF2B54C11CD283A, - 01FA8011FFF2B54C11CD283A, - 01FA8012FFF2B54C11CD283A, - 01FA8013FFF2B54C11CD283A, - 01FA8014FFF2B54C11CD283A, - 01FA8015FFF2B54C11CD283A, - 01FA8016FFF2B54C11CD283A, - 01FA8017FFF2B54C11CD283A, - 01FA8018FFF2B54C11CD283A, - 01FA8019FFF2B54C11CD283A, - 01FA801AFFF2B54C11CD283A, - 01FA801BFFF2B54C11CD283A, - 01FA801CFFF2B54C11CD283A, - 01FA801DFFF2B54C11CD283A, - 01FA801EFFF2B54C11CD283A, - 01FA801FFFF2B54C11CD283A, - 01FA8020FFF2B54C11CD283A, - 01FA8021FFF2B54C11CD283A, - 32867BA70231611A05CA2E77, - 32867BA80231611A05CA2E77, - 01FA8022FFF2B54C11CD283A, - 01FA8023FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = cdsa_client; - refType = 4; - }; - 01FA8004FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = aclclient.h; - refType = 4; - }; - 01FA8008FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptoclient.cpp; - refType = 4; - }; - 01FA8009FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptoclient.h; - refType = 4; - }; - 01FA800AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspclient.cpp; - refType = 4; - }; - 01FA800BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspclient.h; - refType = 4; - }; - 01FA800CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmclient.cpp; - refType = 4; - }; - 01FA800DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmclient.h; - refType = 4; - }; - 01FA800EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = dlclient.cpp; - refType = 4; - }; - 01FA800FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = dlclient.h; - refType = 4; - }; - 01FA8010FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLDBList.cpp; - refType = 4; - }; - 01FA8011FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLDBList.h; - refType = 4; - }; - 01FA8012FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = genkey.cpp; - refType = 4; - }; - 01FA8013FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = genkey.h; - refType = 4; - }; - 01FA8014FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = keychainacl.cpp; - refType = 4; - }; - 01FA8015FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = keychainacl.h; - refType = 4; - }; - 01FA8016FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = keyclient.cpp; - refType = 4; - }; - 01FA8017FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = keyclient.h; - refType = 4; - }; - 01FA8018FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = macclient.cpp; - refType = 4; - }; - 01FA8019FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = macclient.h; - refType = 4; - }; - 01FA801AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = multidldb.cpp; - refType = 4; - }; - 01FA801BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = multidldb.h; - refType = 4; - }; - 01FA801CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = osxsigner.cpp; - refType = 4; - }; - 01FA801DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = osxsigner.h; - refType = 4; - }; - 01FA801EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = securestorage.cpp; - refType = 4; - }; - 01FA801FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = securestorage.h; - refType = 4; - }; - 01FA8020FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = signclient.cpp; - refType = 4; - }; - 01FA8021FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = signclient.h; - refType = 4; - }; - 01FA8022FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = wrapkey.cpp; - refType = 4; - }; - 01FA8023FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = wrapkey.h; - refType = 4; - }; - 01FA8025FFF2B54C11CD283A = { - children = ( - 01FA8027FFF2B54C11CD283A, - 01FA8028FFF2B54C11CD283A, - 01FA8029FFF2B54C11CD283A, - 01FA802AFFF2B54C11CD283A, - 01FA802BFFF2B54C11CD283A, - 01FA802CFFF2B54C11CD283A, - 01FA802DFFF2B54C11CD283A, - 01FA802EFFF2B54C11CD283A, - 01FA802FFFF2B54C11CD283A, - 01FA8030FFF2B54C11CD283A, - 01FA8031FFF2B54C11CD283A, - 01FA8032FFF2B54C11CD283A, - 01FA8033FFF2B54C11CD283A, - 01FA8034FFF2B54C11CD283A, - 01FA8035FFF2B54C11CD283A, - 01FA8036FFF2B54C11CD283A, - 01FA8037FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = cdsa_pluginlib; - refType = 4; - }; - 01FA8027FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ACsession.h; - refType = 4; - }; - 01FA8028FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "c++plugin.h"; - refType = 4; - }; - 01FA8029FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLsession.h; - refType = 4; - }; - 01FA802AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPsession.cpp; - refType = 4; - }; - 01FA802BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPsession.h; - refType = 4; - }; - 01FA802CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = csputilities.cpp; - refType = 4; - }; - 01FA802DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmplugin.cpp; - refType = 4; - }; - 01FA802EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmplugin.h; - refType = 4; - }; - 01FA802FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLsession.cpp; - refType = 4; - }; - 01FA8030FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLsession.h; - refType = 4; - }; - 01FA8031FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.cfg; - refType = 4; - }; - 01FA8032FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.mk; - refType = 4; - }; - 01FA8033FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.pl; - refType = 4; - }; - 01FA8034FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = pluginsession.cpp; - refType = 4; - }; - 01FA8035FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = pluginsession.h; - refType = 4; - }; - 01FA8036FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = pluginspi.h; - refType = 4; - }; - 01FA8037FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPsession.h; - refType = 4; - }; - 01FA8039FFF2B54C11CD283A = { - children = ( - B6F3F06205E5C8DD003E48D8, - 014259A8001645E911CD296C, - 01FA804DFFF2B54C11CD283A, - 01FA804EFFF2B54C11CD283A, - 01FA804FFFF2B54C11CD283A, - 01FA8050FFF2B54C11CD283A, - 01FA8051FFF2B54C11CD283A, - 01FA8052FFF2B54C11CD283A, - 01FA8055FFF2B54C11CD283A, - 01FA8056FFF2B54C11CD283A, - 01FA8057FFF2B54C11CD283A, - 01FA8058FFF2B54C11CD283A, - 01FA8059FFF2B54C11CD283A, - 01FA805AFFF2B54C11CD283A, - 320F609D0234113505CA2E77, - 320F609E0234113505CA2E77, - 01FA805BFFF2B54C11CD283A, - 01FA805CFFF2B54C11CD283A, - 01FA805DFFF2B54C11CD283A, - 01FA805EFFF2B54C11CD283A, - 01FA805FFFF2B54C11CD283A, - 01FA8060FFF2B54C11CD283A, - 01FA8063FFF2B54C11CD283A, - 01FA8064FFF2B54C11CD283A, - 01FA8065FFF2B54C11CD283A, - 01FA8066FFF2B54C11CD283A, - 32867BB202316E3305CA2E77, - 32867BB302316E3305CA2E77, - 01FA8067FFF2B54C11CD283A, - 01FA8068FFF2B54C11CD283A, - 01FA8069FFF2B54C11CD283A, - 01FA806AFFF2B54C11CD283A, - 01FA8079FFF2B54C11CD283A, - 01FA807AFFF2B54C11CD283A, - 01FA807BFFF2B54C11CD283A, - 9D8B6A2A015A48F500A17CD1, - F581A93B0316D96A01D50C4C, - F52A2F160316DA1901D50C4C, - 01FA807CFFF2B54C11CD283A, - 01FA807DFFF2B54C11CD283A, - 01FA807EFFF2B54C11CD283A, - 01FA807FFFF2B54C11CD283A, - 01FA8080FFF2B54C11CD283A, - 01FA8081FFF2B54C11CD283A, - 01FA8082FFF2B54C11CD283A, - 4EE175A40459EC6F0036F88D, - 01FA8083FFF2B54C11CD283A, - 01FA8084FFF2B54C11CD283A, - C2952B0C044B55BB00CA2E77, - 01FA808DFFF2B54C11CD283A, - 01FA8096FFF2B54C11CD283A, - 01FA8097FFF2B54C11CD283A, - 01FA8098FFF2B54C11CD283A, - 01FA8099FFF2B54C11CD283A, - 01FA809BFFF2B54C11CD283A, - 01FA80A0FFF2B54C11CD283A, - 01FA80A1FFF2B54C11CD283A, - 025C84BB0027360A11CD296C, - 01FA80A2FFF2B54C11CD283A, - 01FA80A3FFF2B54C11CD283A, - F559B18C01D1510A01CA2E64, - 01FA80A4FFF2B54C11CD283A, - 01FA80A5FFF2B54C11CD283A, - 01FA80A6FFF2B54C11CD283A, - 01FA80A7FFF2B54C11CD283A, - 01FA80A8FFF2B54C11CD283A, - 3272260D00E3C7FB05CD296C, - 014259A9001645E911CD296C, - 3244148B0236DD2705CA2E77, - 014259AA001645E911CD296C, - 33BD041F00838F447F000001, - ); - isa = PBXGroup; - path = cdsa_utilities; - refType = 4; - }; - 01FA803BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_any.cpp; - refType = 4; - }; - 01FA803CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_any.h; - refType = 4; - }; - 01FA803DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_codesigning.cpp; - refType = 4; - }; - 01FA803EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_codesigning.h; - refType = 4; - }; - 01FA803FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_comment.cpp; - refType = 4; - }; - 01FA8040FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_comment.h; - refType = 4; - }; - 01FA8043FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_password.cpp; - refType = 4; - }; - 01FA8044FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_password.h; - refType = 4; - }; - 01FA8045FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_process.cpp; - refType = 4; - }; - 01FA8046FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_process.h; - refType = 4; - }; - 01FA8047FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_threshold.cpp; - refType = 4; - }; - 01FA8048FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_threshold.h; - refType = 4; - }; - 01FA8049FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleDatabase.cpp; - refType = 4; - }; - 01FA804AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleDatabase.h; - refType = 4; - }; - 01FA804BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AtomicFile.cpp; - refType = 4; - }; - 01FA804CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AtomicFile.h; - refType = 4; - }; - 01FA804DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = callback.cpp; - refType = 4; - }; - 01FA804EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = callback.h; - refType = 4; - }; - 01FA804FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = codesigning.cpp; - refType = 4; - }; - 01FA8050FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = codesigning.h; - refType = 4; - }; - 01FA8051FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = context.cpp; - refType = 4; - }; - 01FA8052FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = context.h; - refType = 4; - }; - 01FA8055FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmacl.cpp; - refType = 4; - }; - 01FA8056FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmacl.h; - refType = 4; - }; - 01FA8057FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmaclpod.cpp; - refType = 4; - }; - 01FA8058FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmaclpod.h; - refType = 4; - }; - 01FA8059FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmalloc.cpp; - refType = 4; - }; - 01FA805AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmalloc.h; - refType = 4; - }; - 01FA805BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcred.cpp; - refType = 4; - }; - 01FA805CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcred.h; - refType = 4; - }; - 01FA805DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdata.cpp; - refType = 4; - }; - 01FA805EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdata.h; - refType = 4; - }; - 01FA805FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdates.cpp; - refType = 4; - }; - 01FA8060FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdates.h; - refType = 4; - }; - 01FA8061FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdb.cpp; - refType = 4; - }; - 01FA8062FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmdb.h; - refType = 4; - }; - 01FA8063FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmerrno.cpp; - refType = 4; - }; - 01FA8064FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmerrno.h; - refType = 4; - }; - 01FA8065FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmlist.cpp; - refType = 4; - }; - 01FA8066FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmlist.h; - refType = 4; - }; - 01FA8067FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmwalkers.cpp; - refType = 4; - }; - 01FA8068FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmwalkers.h; - refType = 4; - }; - 01FA8069FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = daemon.cpp; - refType = 4; - }; - 01FA806AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = daemon.h; - refType = 4; - }; - 01FA806BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Database.cpp; - refType = 4; - }; - 01FA806CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Database.h; - refType = 4; - }; - 01FA806DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DatabaseSession.cpp; - refType = 4; - }; - 01FA806EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DatabaseSession.h; - refType = 4; - }; - 01FA806FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbContext.cpp; - refType = 4; - }; - 01FA8070FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbContext.h; - refType = 4; - }; - 01FA8071FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbIndex.cpp; - refType = 4; - }; - 01FA8072FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbIndex.h; - refType = 4; - }; - 01FA8073FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbName.cpp; - refType = 4; - }; - 01FA8074FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbName.h; - refType = 4; - }; - 01FA8075FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbQuery.cpp; - refType = 4; - }; - 01FA8076FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbQuery.h; - refType = 4; - }; - 01FA8077FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbValue.cpp; - refType = 4; - }; - 01FA8078FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DbValue.h; - refType = 4; - }; - 01FA8079FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = debugging.cpp; - refType = 4; - }; - 01FA807AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = debugging.h; - refType = 4; - }; - 01FA807BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = debugsupport.h; - refType = 4; - }; - 01FA807CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.mk; - refType = 4; - }; - 01FA807DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.pl; - refType = 4; - }; - 01FA807EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = globalizer.cpp; - refType = 4; - }; - 01FA807FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = globalizer.h; - refType = 4; - }; - 01FA8080FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = guids.cpp; - refType = 4; - }; - 01FA8081FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = handleobject.cpp; - refType = 4; - }; - 01FA8082FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = handleobject.h; - refType = 4; - }; - 01FA8083FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = logging.cpp; - refType = 4; - }; - 01FA8084FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = logging.h; - refType = 4; - }; - 01FA8085FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "mach++.cpp"; - refType = 4; - }; - 01FA8086FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "mach++.h"; - refType = 4; - }; - 01FA8087FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = mach_notify.c; - refType = 4; - }; - 01FA8088FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = mach_notify.h; - refType = 4; - }; - 01FA8089FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = machrunloopserver.cpp; - refType = 4; - }; - 01FA808AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = machrunloopserver.h; - refType = 4; - }; - 01FA808BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = machserver.cpp; - refType = 4; - }; - 01FA808CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = machserver.h; - refType = 4; - }; - 01FA808DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = memutils.h; - refType = 4; - }; - 01FA808EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = MetaAttribute.cpp; - refType = 4; - }; - 01FA808FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = MetaAttribute.h; - refType = 4; - }; - 01FA8090FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = MetaRecord.cpp; - refType = 4; - }; - 01FA8091FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = MetaRecord.h; - refType = 4; - }; - 01FA8096FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = os9utils.cpp; - refType = 4; - }; - 01FA8097FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = os9utils.h; - refType = 4; - }; - 01FA8098FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = osxsigning.cpp; - refType = 4; - }; - 01FA8099FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = osxsigning.h; - refType = 4; - }; - 01FA809AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ReadWriteSection.h; - refType = 4; - }; - 01FA809BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = refcount.h; - refType = 4; - }; - 01FA809EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SelectionPredicate.cpp; - refType = 4; - }; - 01FA809FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SelectionPredicate.h; - refType = 4; - }; - 01FA80A0FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = threading.cpp; - refType = 4; - }; - 01FA80A1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = threading.h; - refType = 4; - }; - 01FA80A2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tqueue.cpp; - refType = 4; - }; - 01FA80A3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tqueue.h; - refType = 4; - }; - 01FA80A4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = utilities.cpp; - refType = 4; - }; - 01FA80A5FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = utilities.h; - refType = 4; - }; - 01FA80A6FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = utility_config.h; - refType = 4; - }; - 01FA80A7FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = walkers.cpp; - refType = 4; - }; - 01FA80A8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = walkers.h; - refType = 4; - }; - 01FA80AAFFF2B54C11CD283A = { - children = ( - 01FA80ACFFF2B54C11CD283A, - 01FA80ADFFF2B54C11CD283A, - 01FA80AEFFF2B54C11CD283A, - 01FA80AFFFF2B54C11CD283A, - 01FA80B0FFF2B54C11CD283A, - 01FA80B1FFF2B54C11CD283A, - 01FA80B2FFF2B54C11CD283A, - 01FA80B3FFF2B54C11CD283A, - 01FA80B4FFF2B54C11CD283A, - 01FA80B5FFF2B54C11CD283A, - 01FA80B6FFF2B54C11CD283A, - 01FA80B7FFF2B54C11CD283A, - 01FA80BBFFF2B54C11CD283A, - 01FA80BCFFF2B54C11CD283A, - 01FA80BEFFF2B54C11CD283A, - 01FA80BFFFF2B54C11CD283A, - 01FA80C0FFF2B54C11CD283A, - 01FA80C1FFF2B54C11CD283A, - 01FA80C2FFF2B54C11CD283A, - 01FA80C3FFF2B54C11CD283A, - 01FA80C4FFF2B54C11CD283A, - 327DDDBD00D6D8E605CD296C, - 01FA80BAFFF2B54C11CD283A, - 01FA80B8FFF2B54C11CD283A, - 01FA80B9FFF2B54C11CD283A, - 01FA80BDFFF2B54C11CD283A, - 9D64BAEF019B173900003D05, - ); - isa = PBXGroup; - path = cssm; - refType = 4; - }; - 01FA80ACFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = attachfactory.cpp; - refType = 4; - }; - 01FA80ADFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = attachfactory.h; - refType = 4; - }; - 01FA80AEFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = attachment.cpp; - refType = 4; - }; - 01FA80AFFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = attachment.h; - refType = 4; - }; - 01FA80B0FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspattachment.cpp; - refType = 4; - }; - 01FA80B1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspattachment.h; - refType = 4; - }; - 01FA80B2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssm.cpp; - refType = 4; - }; - 01FA80B3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcontext.cpp; - refType = 4; - }; - 01FA80B4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcontext.h; - refType = 4; - }; - 01FA80B5FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmint.h; - refType = 4; - }; - 01FA80B6FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmmds.cpp; - refType = 4; - }; - 01FA80B7FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmmds.h; - refType = 4; - }; - 01FA80B8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.cfg; - refType = 4; - }; - 01FA80B9FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.mk; - refType = 4; - }; - 01FA80BAFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.pl; - refType = 4; - }; - 01FA80BBFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = manager.cpp; - refType = 4; - }; - 01FA80BCFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = manager.h; - refType = 4; - }; - 01FA80BDFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = MDS; - refType = 4; - }; - 01FA80BEFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = module.cpp; - refType = 4; - }; - 01FA80BFFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = module.h; - refType = 4; - }; - 01FA80C0FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidsalg.c; - refType = 4; - }; - 01FA80C1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidsattr.c; - refType = 4; - }; - 01FA80C2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidscert.cpp; - refType = 4; - }; - 01FA80C3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = oidscrl.cpp; - refType = 4; - }; - 01FA80C4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = transition.cpp; - refType = 4; - }; - 01FA80C6FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.mk; - refType = 4; - }; - 01FA80D6FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 01FA8126FFF2B54C11CD283A = { - children = ( - 9D384F880301AFD800003D05, - 9D384F850301AF8C00003D05, - 01FA8138FFF2B54C11CD283A, - 01FA8153FFF2B54C11CD283A, - 9D384F890301AFEC00003D05, - 9D384F8A0301B01900003D05, - 33BD042000838F447F000001, - ); - isa = PBXGroup; - path = SecureTransport; - refType = 4; - }; - 01FA8127FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleCdsa.cpp; - refType = 4; - }; - 01FA8129FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleSession.cpp; - refType = 4; - }; - 01FA812AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = cipherSpecs.cpp; - path = SecureTransport/cipherSpecs.cpp; - refType = 4; - }; - 01FA812CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslDigests.cpp; - path = SecureTransport/sslDigests.cpp; - refType = 4; - }; - 01FA812DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslCert.cpp; - refType = 4; - }; - 01FA812EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslChangeCipher.cpp; - refType = 4; - }; - 01FA812FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshakeFinish.cpp; - refType = 4; - }; - 01FA8130FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshakeHello.cpp; - refType = 4; - }; - 01FA8132FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslKeyExchange.cpp; - refType = 4; - }; - 01FA8135FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ModuleAttacher.cpp; - refType = 4; - }; - 01FA8136FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = ModuleAttacher.h; - path = SecureTransport/ModuleAttacher.h; - refType = 2; - }; - 01FA8137FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = sslNullCipher.cpp; - path = SecureTransport/sslNullCipher.cpp; - refType = 4; - }; - 01FA8138FFF2B54C11CD283A = { - children = ( - 01FA8136FFF2B54C11CD283A, - 01FA8139FFF2B54C11CD283A, - 01FA813BFFF2B54C11CD283A, - 01FA813CFFF2B54C11CD283A, - 01FA813DFFF2B54C11CD283A, - 01FA813EFFF2B54C11CD283A, - 01FA8141FFF2B54C11CD283A, - 01FA8142FFF2B54C11CD283A, - 01FA8143FFF2B54C11CD283A, - 01FA8144FFF2B54C11CD283A, - 01FA8145FFF2B54C11CD283A, - 01FA8146FFF2B54C11CD283A, - 01FA8147FFF2B54C11CD283A, - 01FA8148FFF2B54C11CD283A, - 01FA814AFFF2B54C11CD283A, - 01FA814BFFF2B54C11CD283A, - 01FA814CFFF2B54C11CD283A, - 01FA814DFFF2B54C11CD283A, - 01FA814EFFF2B54C11CD283A, - 01FA8150FFF2B54C11CD283A, - 01FA8151FFF2B54C11CD283A, - 9D78BC7201EBB3F900003D05, - 9D78BC7601EBBBED00003D05, - 9DD4620003119BCE00003D05, - ); - isa = PBXGroup; - name = "Private Headers"; - path = privateInc; - refType = 4; - }; - 01FA8139FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleCdsa.h; - refType = 4; - }; - 01FA813BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = appleSession.h; - refType = 4; - }; - 01FA813CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cipherSpecs.h; - refType = 4; - }; - 01FA813DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptType.h; - refType = 4; - }; - 01FA813EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslDigests.h; - refType = 4; - }; - 01FA8141FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl.h; - refType = 4; - }; - 01FA8142FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2.h; - refType = 4; - }; - 01FA8143FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslAlertMessage.h; - refType = 4; - }; - 01FA8144FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslMemory.h; - refType = 4; - }; - 01FA8145FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslBER.h; - refType = 4; - }; - 01FA8146FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslBuildFlags.h; - refType = 4; - }; - 01FA8147FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslContext.h; - refType = 4; - }; - 01FA8148FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslDebug.h; - refType = 4; - }; - 01FA814AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshake.h; - refType = 4; - }; - 01FA814BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslKeychain.h; - refType = 4; - }; - 01FA814CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslPriv.h; - refType = 4; - }; - 01FA814DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslRecord.h; - refType = 4; - }; - 01FA814EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslSession.h; - refType = 4; - }; - 01FA8150FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslUtils.h; - refType = 4; - }; - 01FA8151FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = symCipher.h; - refType = 4; - }; - 01FA8152FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = README; - refType = 4; - }; - 01FA8153FFF2B54C11CD283A = { - children = ( - 01FA8154FFF2B54C11CD283A, - 01FA8155FFF2B54C11CD283A, - ); - isa = PBXGroup; - name = "Public Headers"; - path = SecureTransport; - refType = 4; - }; - 01FA8154FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CipherSuite.h; - refType = 4; - }; - 01FA8155FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecureTransport.h; - refType = 4; - }; - 01FA8158FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2CipherMap.cpp; - refType = 4; - }; - 01FA8159FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Message.cpp; - refType = 4; - }; - 01FA815AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Protocol.cpp; - refType = 4; - }; - 01FA815BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl2Record.cpp; - refType = 4; - }; - 01FA815CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslAlertMessage.cpp; - refType = 4; - }; - 01FA815DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslMemory.cpp; - refType = 4; - }; - 01FA815EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslBER.cpp; - refType = 4; - }; - 01FA815FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslContext.cpp; - refType = 4; - }; - 01FA8161FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslHandshake.cpp; - refType = 4; - }; - 01FA8162FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslKeychain.cpp; - refType = 4; - }; - 01FA8163FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslRecord.cpp; - refType = 4; - }; - 01FA8164FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslSession.cpp; - refType = 4; - }; - 01FA8165FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslTransport.cpp; - refType = 4; - }; - 01FA8166FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sslUtils.cpp; - refType = 4; - }; - 01FA8167FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = symCipher.cpp; - path = SecureTransport/symCipher.cpp; - refType = 4; - }; - 01FA819DFFF2B54C11CD283A = { - children = ( - 01FA8214FFF2B54C11CD283A, - 01FA821EFFF2B54C11CD283A, - 01FA81B5FFF2B54C11CD283A, - 01FA81B4FFF2B54C11CD283A, - 01FA8219FFF2B54C11CD283A, - 01FA8218FFF2B54C11CD283A, - 01FA8223FFF2B54C11CD283A, - 01FA8222FFF2B54C11CD283A, - 125E85A9FFF3CDEF11CD283A, - 125E85A8FFF3CDEF11CD283A, - 01FA81A5FFF2B54C11CD283A, - 01FA81A4FFF2B54C11CD283A, - 01FA8221FFF2B54C11CD283A, - 01FA8220FFF2B54C11CD283A, - 01FA81BDFFF2B54C11CD283A, - 01FA81BCFFF2B54C11CD283A, - 01FA8225FFF2B54C11CD283A, - 01FA8224FFF2B54C11CD283A, - 01FA81A0FFF2B54C11CD283A, - 01FA81A1FFF2B54C11CD283A, - C2C11912047187E800CA2E77, - C2C11913047187E800CA2E77, - 01FA819EFFF2B54C11CD283A, - 01FA819FFFF2B54C11CD283A, - 01FA81A2FFF2B54C11CD283A, - 01FA81A3FFF2B54C11CD283A, - 01FA81B9FFF2B54C11CD283A, - 01FA81B8FFF2B54C11CD283A, - 3253C16401C7D8A005CA2E77, - 3253C16501C7D8A005CA2E77, - C2952B0E044B560900CA2E77, - C2952B0F044B560900CA2E77, - C2952B10044B560900CA2E77, - C2952B11044B560900CA2E77, - 01FA81B2FFF2B54C11CD283A, - 01FA81B3FFF2B54C11CD283A, - 32361EEC01EB8FCF05CA2E77, - 32361EED01EB8FCF05CA2E77, - 01FA823AFFF2B54C11CD283A, - 01379EAE001E00F311CD296C, - 0165238D000BEC3311CD296C, - 0165238E000BEC3311CD296C, - 0165238F000BEC3311CD296C, - 01FA81A6FFF2B54C11CD283A, - 01FA822AFFF2B54C11CD283A, - ); - isa = PBXGroup; - path = SecurityServer; - refType = 4; - }; - 01FA819EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_keychain.cpp; - refType = 4; - }; - 01FA819FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_keychain.h; - refType = 4; - }; - 01FA81A0FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acls.cpp; - refType = 4; - }; - 01FA81A1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = acls.h; - refType = 4; - }; - 01FA81A2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = agentquery.cpp; - refType = 4; - }; - 01FA81A3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = agentquery.h; - refType = 4; - }; - 01FA81A4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = authority.cpp; - refType = 4; - }; - 01FA81A5FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = authority.h; - refType = 4; - }; - 01FA81A6FFF2B54C11CD283A = { - children = ( - 01FA81A8FFF2B54C11CD283A, - 408F00D5045E0650009D840B, - C284B43E042F847900CA2E77, - F5A7F718023D96EA01CA2E64, - 3267644800EBF3A905CD296C, - 01FA81ABFFF2B54C11CD283A, - 01FA81ADFFF2B54C11CD283A, - 01FA81A7FFF2B54C11CD283A, - F5A7F716023D96EA01CA2E64, - F5A7F717023D96EA01CA2E64, - 40ACEF4E0462F6FF0035B857, - 40ACEF4F0462F6FF0035B857, - 01FA81A9FFF2B54C11CD283A, - 01FA81AAFFF2B54C11CD283A, - 40ACEF4A0462F6EC0035B857, - 40ACEF4B0462F6EC0035B857, - 01FA81ACFFF2B54C11CD283A, - 01FA81AEFFF2B54C11CD283A, - 01FA81AFFFF2B54C11CD283A, - C284B440042F856A00CA2E77, - C2907DD8042BA6F800CA2E77, - C2A6D4E0042FC54000CA2E77, - F5A7F715023D96EA01CA2E64, - ); - isa = PBXGroup; - path = Authorization; - refType = 4; - }; - 01FA81A7FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Authorization.cpp; - refType = 4; - }; - 01FA81A8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Authorization.h; - refType = 4; - }; - 01FA81A9FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationEngine.cpp; - refType = 4; - }; - 01FA81AAFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationEngine.h; - refType = 4; - }; - 01FA81ABFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationTags.h; - refType = 4; - }; - 01FA81ACFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationTrampoline.cpp; - refType = 4; - }; - 01FA81ADFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationWalkers.h; - refType = 4; - }; - 01FA81AEFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = trampolineClient.cpp; - refType = 4; - }; - 01FA81AFFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = trampolineServer.cpp; - refType = 4; - }; - 01FA81B1FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = BLOBFORMAT; - refType = 4; - }; - 01FA81B2FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cfnotifier.cpp; - refType = 4; - }; - 01FA81B3FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cfnotifier.h; - refType = 4; - }; - 01FA81B4FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = connection.cpp; - refType = 4; - }; - 01FA81B5FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = connection.h; - refType = 4; - }; - 01FA81B8FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = dbcrypto.cpp; - refType = 4; - }; - 01FA81B9FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = dbcrypto.h; - refType = 4; - }; - 01FA81BCFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = key.cpp; - refType = 4; - }; - 01FA81BDFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = key.h; - refType = 4; - }; - 01FA8214FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = main.cpp; - refType = 4; - }; - 01FA8215FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Makefile; - refType = 4; - }; - 01FA8216FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = Makefile.startup; - path = SecurityServer/Makefile.startup; - refType = 2; - }; - 01FA8218FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = process.cpp; - refType = 4; - }; - 01FA8219FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = process.h; - refType = 4; - }; - 01FA821AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = secagent.defs; - refType = 4; - }; - 01FA821BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = secagent_types.h; - refType = 4; - }; - 01FA821CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecurityAgentClient.cpp; - refType = 4; - }; - 01FA821DFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecurityAgentClient.h; - refType = 4; - }; - 01FA821EFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = securityserver.h; - refType = 4; - }; - 01FA821FFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecurityServerClient.h; - refType = 4; - }; - 01FA8220FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = server.cpp; - refType = 4; - }; - 01FA8221FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = server.h; - refType = 4; - }; - 01FA8222FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = session.cpp; - refType = 4; - }; - 01FA8223FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = session.h; - refType = 4; - }; - 01FA8224FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssblob.cpp; - refType = 4; - }; - 01FA8225FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssblob.h; - refType = 4; - }; - 01FA8226FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssclient.cpp; - refType = 4; - }; - 01FA8227FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssclient.h; - refType = 4; - }; - 01FA8228FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sstransit.cpp; - refType = 4; - }; - 01FA8229FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = sstransit.h; - refType = 4; - }; - 01FA822AFFF2B54C11CD283A = { - children = ( - 01FA8216FFF2B54C11CD283A, - 01FA822BFFF2B54C11CD283A, - 01FA822CFFF2B54C11CD283A, - 21306AAD0030B27011CD283A, - ); - isa = PBXGroup; - path = StartupItems; - refType = 4; - }; - 01FA822BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXExecutableFileReference; - path = SecurityServer; - refType = 4; - }; - 01FA822CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = StartupParameters.plist; - refType = 4; - }; - 01FA8239FFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 01FA823AFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = transition.cpp; - refType = 4; - }; - 01FA823BFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucsp.defs; - refType = 4; - }; - 01FA823CFFF2B54C11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucsp_types.h; - refType = 4; - }; - 01FA848EFFF2B54C11CD283A = { - fileRef = 01FA7FE8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA848FFFF2B54C11CD283A = { - fileRef = 01FA7FE9FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8490FFF2B54C11CD283A = { - fileRef = 01FA7FEAFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8491FFF2B54C11CD283A = { - fileRef = 01FA7FEBFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8492FFF2B54C11CD283A = { - fileRef = 01FA7FECFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8493FFF2B54C11CD283A = { - fileRef = 01FA7FEDFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8494FFF2B54C11CD283A = { - fileRef = 01FA7FEEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8495FFF2B54C11CD283A = { - fileRef = 01FA7FEFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8496FFF2B54C11CD283A = { - fileRef = 01FA7FF0FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8497FFF2B54C11CD283A = { - fileRef = 01FA7FF1FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8498FFF2B54C11CD283A = { - fileRef = 01FA7FF2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8499FFF2B54C11CD283A = { - fileRef = 01FA7FF3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849AFFF2B54C11CD283A = { - fileRef = 01FA7FF4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849BFFF2B54C11CD283A = { - fileRef = 01FA7FF5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849CFFF2B54C11CD283A = { - fileRef = 01FA7FF6FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849DFFF2B54C11CD283A = { - fileRef = 01FA7FF7FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849EFFF2B54C11CD283A = { - fileRef = 01FA7FF8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA849FFFF2B54C11CD283A = { - fileRef = 01FA7FF9FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A0FFF2B54C11CD283A = { - fileRef = 01FA7FFAFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A1FFF2B54C11CD283A = { - fileRef = 01FA7FFBFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A2FFF2B54C11CD283A = { - fileRef = 01FA7FFCFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A3FFF2B54C11CD283A = { - fileRef = 01FA7FFDFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A4FFF2B54C11CD283A = { - fileRef = 01FA7FFEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A5FFF2B54C11CD283A = { - fileRef = 01FA7FFFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A6FFF2B54C11CD283A = { - fileRef = 01FA8000FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A7FFF2B54C11CD283A = { - fileRef = 01FA8001FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA84A8FFF2B54C11CD283A = { - fileRef = 01FA8004FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84AAFFF2B54C11CD283A = { - fileRef = 01FA8009FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84ABFFF2B54C11CD283A = { - fileRef = 01FA800BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84ACFFF2B54C11CD283A = { - fileRef = 01FA800DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84ADFFF2B54C11CD283A = { - fileRef = 01FA800FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84AEFFF2B54C11CD283A = { - fileRef = 01FA8011FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84AFFFF2B54C11CD283A = { - fileRef = 01FA8013FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B0FFF2B54C11CD283A = { - fileRef = 01FA8015FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B1FFF2B54C11CD283A = { - fileRef = 01FA8017FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B2FFF2B54C11CD283A = { - fileRef = 01FA8019FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B3FFF2B54C11CD283A = { - fileRef = 01FA801BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B4FFF2B54C11CD283A = { - fileRef = 01FA801DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B5FFF2B54C11CD283A = { - fileRef = 01FA801FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B6FFF2B54C11CD283A = { - fileRef = 01FA8021FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B7FFF2B54C11CD283A = { - fileRef = 01FA8023FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B8FFF2B54C11CD283A = { - fileRef = 01FA8027FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84B9FFF2B54C11CD283A = { - fileRef = 01FA8028FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BAFFF2B54C11CD283A = { - fileRef = 01FA8029FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BBFFF2B54C11CD283A = { - fileRef = 01FA802BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BCFFF2B54C11CD283A = { - fileRef = 01FA802EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BDFFF2B54C11CD283A = { - fileRef = 01FA8030FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BEFFF2B54C11CD283A = { - fileRef = 01FA8035FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84BFFFF2B54C11CD283A = { - fileRef = 01FA8036FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C0FFF2B54C11CD283A = { - fileRef = 01FA8037FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C1FFF2B54C11CD283A = { - fileRef = 01FA803CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C2FFF2B54C11CD283A = { - fileRef = 01FA803EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C3FFF2B54C11CD283A = { - fileRef = 01FA8040FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C5FFF2B54C11CD283A = { - fileRef = 01FA8044FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C6FFF2B54C11CD283A = { - fileRef = 01FA8046FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C7FFF2B54C11CD283A = { - fileRef = 01FA8048FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C8FFF2B54C11CD283A = { - fileRef = 01FA804AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84C9FFF2B54C11CD283A = { - fileRef = 01FA804CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84CAFFF2B54C11CD283A = { - fileRef = 01FA804EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84CBFFF2B54C11CD283A = { - fileRef = 01FA8050FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84CCFFF2B54C11CD283A = { - fileRef = 01FA8052FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84CEFFF2B54C11CD283A = { - fileRef = 01FA8056FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84CFFFF2B54C11CD283A = { - fileRef = 01FA8058FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D0FFF2B54C11CD283A = { - fileRef = 01FA805AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D1FFF2B54C11CD283A = { - fileRef = 01FA805CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D2FFF2B54C11CD283A = { - fileRef = 01FA805EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D3FFF2B54C11CD283A = { - fileRef = 01FA8060FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D4FFF2B54C11CD283A = { - fileRef = 01FA8062FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D5FFF2B54C11CD283A = { - fileRef = 01FA8064FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D6FFF2B54C11CD283A = { - fileRef = 01FA8066FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D7FFF2B54C11CD283A = { - fileRef = 01FA8068FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D8FFF2B54C11CD283A = { - fileRef = 01FA806AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84D9FFF2B54C11CD283A = { - fileRef = 01FA806CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DAFFF2B54C11CD283A = { - fileRef = 01FA806EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DBFFF2B54C11CD283A = { - fileRef = 01FA8070FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DCFFF2B54C11CD283A = { - fileRef = 01FA8072FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DDFFF2B54C11CD283A = { - fileRef = 01FA8074FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DEFFF2B54C11CD283A = { - fileRef = 01FA8076FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84DFFFF2B54C11CD283A = { - fileRef = 01FA8078FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E0FFF2B54C11CD283A = { - fileRef = 01FA807AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E1FFF2B54C11CD283A = { - fileRef = 01FA807BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E2FFF2B54C11CD283A = { - fileRef = 01FA807FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E3FFF2B54C11CD283A = { - fileRef = 01FA8082FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E4FFF2B54C11CD283A = { - fileRef = 01FA8084FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E5FFF2B54C11CD283A = { - fileRef = 01FA8086FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E6FFF2B54C11CD283A = { - fileRef = 01FA8088FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E7FFF2B54C11CD283A = { - fileRef = 01FA808AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E8FFF2B54C11CD283A = { - fileRef = 01FA808CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84E9FFF2B54C11CD283A = { - fileRef = 01FA808DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84EAFFF2B54C11CD283A = { - fileRef = 01FA808FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84EBFFF2B54C11CD283A = { - fileRef = 01FA8091FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84EDFFF2B54C11CD283A = { - fileRef = 01FA8097FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84EEFFF2B54C11CD283A = { - fileRef = 01FA8099FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84EFFFF2B54C11CD283A = { - fileRef = 01FA809AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F0FFF2B54C11CD283A = { - fileRef = 01FA809BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F2FFF2B54C11CD283A = { - fileRef = 01FA809FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F3FFF2B54C11CD283A = { - fileRef = 01FA80A1FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F4FFF2B54C11CD283A = { - fileRef = 01FA80A3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F5FFF2B54C11CD283A = { - fileRef = 01FA80A5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F6FFF2B54C11CD283A = { - fileRef = 01FA80A6FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F7FFF2B54C11CD283A = { - fileRef = 01FA80A8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F8FFF2B54C11CD283A = { - fileRef = 01FA80ADFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84F9FFF2B54C11CD283A = { - fileRef = 01FA80AFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FAFFF2B54C11CD283A = { - fileRef = 01FA80B1FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FBFFF2B54C11CD283A = { - fileRef = 01FA80B4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FCFFF2B54C11CD283A = { - fileRef = 01FA80B5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FDFFF2B54C11CD283A = { - fileRef = 01FA80B7FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FEFFF2B54C11CD283A = { - fileRef = 01FA80BCFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA84FFFFF2B54C11CD283A = { - fileRef = 01FA80BFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA8517FFF2B54C11CD283A = { - fileRef = 01FA8136FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8518FFF2B54C11CD283A = { - fileRef = 01FA8139FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA851AFFF2B54C11CD283A = { - fileRef = 01FA813BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA851BFFF2B54C11CD283A = { - fileRef = 01FA813CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA851CFFF2B54C11CD283A = { - fileRef = 01FA813DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA851DFFF2B54C11CD283A = { - fileRef = 01FA813EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8520FFF2B54C11CD283A = { - fileRef = 01FA8141FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8521FFF2B54C11CD283A = { - fileRef = 01FA8142FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8522FFF2B54C11CD283A = { - fileRef = 01FA8143FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8523FFF2B54C11CD283A = { - fileRef = 01FA8144FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8524FFF2B54C11CD283A = { - fileRef = 01FA8145FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8525FFF2B54C11CD283A = { - fileRef = 01FA8146FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8526FFF2B54C11CD283A = { - fileRef = 01FA8147FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8527FFF2B54C11CD283A = { - fileRef = 01FA8148FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8529FFF2B54C11CD283A = { - fileRef = 01FA814AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA852AFFF2B54C11CD283A = { - fileRef = 01FA814BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA852BFFF2B54C11CD283A = { - fileRef = 01FA814CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA852CFFF2B54C11CD283A = { - fileRef = 01FA814DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA852DFFF2B54C11CD283A = { - fileRef = 01FA814EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA852FFFF2B54C11CD283A = { - fileRef = 01FA8150FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8530FFF2B54C11CD283A = { - fileRef = 01FA8151FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA8531FFF2B54C11CD283A = { - fileRef = 01FA8154FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8532FFF2B54C11CD283A = { - fileRef = 01FA8155FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8546FFF2B54C11CD283A = { - fileRef = 01FA81A8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8548FFF2B54C11CD283A = { - fileRef = 01FA81ABFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 01FA8549FFF2B54C11CD283A = { - fileRef = 01FA81ADFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA8609FFF2B54C11CD283A = { - fileRef = 01FA80BDFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA86DAFFF2B54C11CD283A = { - fileRef = 01FA8008FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86DBFFF2B54C11CD283A = { - fileRef = 01FA800AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86DCFFF2B54C11CD283A = { - fileRef = 01FA800CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86DDFFF2B54C11CD283A = { - fileRef = 01FA800EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86DEFFF2B54C11CD283A = { - fileRef = 01FA8010FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86DFFFF2B54C11CD283A = { - fileRef = 01FA8012FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E0FFF2B54C11CD283A = { - fileRef = 01FA8014FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E1FFF2B54C11CD283A = { - fileRef = 01FA8016FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E2FFF2B54C11CD283A = { - fileRef = 01FA8018FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E3FFF2B54C11CD283A = { - fileRef = 01FA801AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E4FFF2B54C11CD283A = { - fileRef = 01FA801CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E5FFF2B54C11CD283A = { - fileRef = 01FA801EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E6FFF2B54C11CD283A = { - fileRef = 01FA8020FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E7FFF2B54C11CD283A = { - fileRef = 01FA8022FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86E9FFF2B54C11CD283A = { - fileRef = 01FA802AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86EAFFF2B54C11CD283A = { - fileRef = 01FA802CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86EBFFF2B54C11CD283A = { - fileRef = 01FA802DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86ECFFF2B54C11CD283A = { - fileRef = 01FA802FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86EDFFF2B54C11CD283A = { - fileRef = 01FA8034FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86EFFFF2B54C11CD283A = { - fileRef = 01FA803BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F0FFF2B54C11CD283A = { - fileRef = 01FA803DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F1FFF2B54C11CD283A = { - fileRef = 01FA803FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F3FFF2B54C11CD283A = { - fileRef = 01FA8043FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F4FFF2B54C11CD283A = { - fileRef = 01FA8045FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F5FFF2B54C11CD283A = { - fileRef = 01FA8047FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F6FFF2B54C11CD283A = { - fileRef = 01FA8049FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F7FFF2B54C11CD283A = { - fileRef = 01FA804BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F8FFF2B54C11CD283A = { - fileRef = 01FA804DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86F9FFF2B54C11CD283A = { - fileRef = 01FA804FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86FAFFF2B54C11CD283A = { - fileRef = 01FA8051FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86FCFFF2B54C11CD283A = { - fileRef = 01FA8055FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86FDFFF2B54C11CD283A = { - fileRef = 01FA8057FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86FEFFF2B54C11CD283A = { - fileRef = 01FA8059FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA86FFFFF2B54C11CD283A = { - fileRef = 01FA805BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8700FFF2B54C11CD283A = { - fileRef = 01FA805DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8701FFF2B54C11CD283A = { - fileRef = 01FA805FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8702FFF2B54C11CD283A = { - fileRef = 01FA8061FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8703FFF2B54C11CD283A = { - fileRef = 01FA8063FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8704FFF2B54C11CD283A = { - fileRef = 01FA8065FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8705FFF2B54C11CD283A = { - fileRef = 01FA8067FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8706FFF2B54C11CD283A = { - fileRef = 01FA8069FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8707FFF2B54C11CD283A = { - fileRef = 01FA806BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8708FFF2B54C11CD283A = { - fileRef = 01FA806DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8709FFF2B54C11CD283A = { - fileRef = 01FA806FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870AFFF2B54C11CD283A = { - fileRef = 01FA8071FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870BFFF2B54C11CD283A = { - fileRef = 01FA8073FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870CFFF2B54C11CD283A = { - fileRef = 01FA8075FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870DFFF2B54C11CD283A = { - fileRef = 01FA8077FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870EFFF2B54C11CD283A = { - fileRef = 01FA8079FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA870FFFF2B54C11CD283A = { - fileRef = 01FA807EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8710FFF2B54C11CD283A = { - fileRef = 01FA8080FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8711FFF2B54C11CD283A = { - fileRef = 01FA8081FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8712FFF2B54C11CD283A = { - fileRef = 01FA8083FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8713FFF2B54C11CD283A = { - fileRef = 01FA8085FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8714FFF2B54C11CD283A = { - fileRef = 01FA8087FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8715FFF2B54C11CD283A = { - fileRef = 01FA8089FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8716FFF2B54C11CD283A = { - fileRef = 01FA808BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8717FFF2B54C11CD283A = { - fileRef = 01FA808EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8718FFF2B54C11CD283A = { - fileRef = 01FA8090FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA871BFFF2B54C11CD283A = { - fileRef = 01FA8096FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA871CFFF2B54C11CD283A = { - fileRef = 01FA8098FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA871EFFF2B54C11CD283A = { - fileRef = 01FA809EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA871FFFF2B54C11CD283A = { - fileRef = 01FA80A0FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8720FFF2B54C11CD283A = { - fileRef = 01FA80A2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8721FFF2B54C11CD283A = { - fileRef = 01FA80A4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8722FFF2B54C11CD283A = { - fileRef = 01FA80A7FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8724FFF2B54C11CD283A = { - fileRef = 01FA80ACFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8725FFF2B54C11CD283A = { - fileRef = 01FA80AEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8726FFF2B54C11CD283A = { - fileRef = 01FA80B0FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8727FFF2B54C11CD283A = { - fileRef = 01FA80B2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8728FFF2B54C11CD283A = { - fileRef = 01FA80B3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8729FFF2B54C11CD283A = { - fileRef = 01FA80B6FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872AFFF2B54C11CD283A = { - fileRef = 01FA80BBFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872BFFF2B54C11CD283A = { - fileRef = 01FA80BEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872CFFF2B54C11CD283A = { - fileRef = 01FA80C0FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872DFFF2B54C11CD283A = { - fileRef = 01FA80C1FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872EFFF2B54C11CD283A = { - fileRef = 01FA80C2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA872FFFF2B54C11CD283A = { - fileRef = 01FA80C3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8730FFF2B54C11CD283A = { - fileRef = 01FA80C4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA874FFFF2B54C11CD283A = { - fileRef = 01FA8127FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8751FFF2B54C11CD283A = { - fileRef = 01FA8129FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8752FFF2B54C11CD283A = { - fileRef = 01FA812AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8754FFF2B54C11CD283A = { - fileRef = 01FA812CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8755FFF2B54C11CD283A = { - fileRef = 01FA812DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8756FFF2B54C11CD283A = { - fileRef = 01FA812EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8757FFF2B54C11CD283A = { - fileRef = 01FA812FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8758FFF2B54C11CD283A = { - fileRef = 01FA8130FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA875AFFF2B54C11CD283A = { - fileRef = 01FA8132FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA875CFFF2B54C11CD283A = { - fileRef = 01FA8135FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA875DFFF2B54C11CD283A = { - fileRef = 01FA8137FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8760FFF2B54C11CD283A = { - fileRef = 01FA8158FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8761FFF2B54C11CD283A = { - fileRef = 01FA8159FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8762FFF2B54C11CD283A = { - fileRef = 01FA815AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8763FFF2B54C11CD283A = { - fileRef = 01FA815BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8764FFF2B54C11CD283A = { - fileRef = 01FA815CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8765FFF2B54C11CD283A = { - fileRef = 01FA815DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8766FFF2B54C11CD283A = { - fileRef = 01FA815EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8767FFF2B54C11CD283A = { - fileRef = 01FA815FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8769FFF2B54C11CD283A = { - fileRef = 01FA8161FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876AFFF2B54C11CD283A = { - fileRef = 01FA8162FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876BFFF2B54C11CD283A = { - fileRef = 01FA8163FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876CFFF2B54C11CD283A = { - fileRef = 01FA8164FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876DFFF2B54C11CD283A = { - fileRef = 01FA8165FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876EFFF2B54C11CD283A = { - fileRef = 01FA8166FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA876FFFF2B54C11CD283A = { - fileRef = 01FA8167FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8783FFF2B54C11CD283A = { - fileRef = 01FA81A7FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8786FFF2B54C11CD283A = { - fileRef = 01FA81AEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8787FFF2B54C11CD283A = { - fileRef = 01FA81AFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA88F0FFF2B96911CD283A = { - buildArgumentsString = "-f SecurityServer/Makefile $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\""; - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = "SecurityServer MIG RPC"; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = "SecurityServer MIG RPC"; - passBuildSettingsInEnvironment = 0; - productName = "SecurityServer MIG RPC"; - settingsToExpand = 6; - settingsToPassInEnvironment = 1; - settingsToPassOnCommandLine = 280; - }; - 01FA88F8FFF2BBEB11CD283A = { - isa = PBXTargetDependency; - target = 01FA88F9FFF2BBEB11CD283A; - }; - 01FA88F9FFF2BBEB11CD283A = { - buildArgumentsString = "-f SecurityServer/Makefile.startup $ALL_SETTINGS $ACTION"; - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = "Install Startup Arrangements"; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = "Install Startup Arrangements"; - passBuildSettingsInEnvironment = 0; - productName = "Install Startup Arrangements"; - settingsToExpand = 6; - settingsToPassInEnvironment = 1; - settingsToPassOnCommandLine = 280; - }; - 01FA88FBFFF2BC5611CD283A = { - isa = PBXExecutableFileReference; - path = SecurityServer; - refType = 3; - }; - 01FA88FCFFF2BC5611CD283A = { - buildPhases = ( - C2952B0B044B553F00CA2E77, - 01FA88FDFFF2BC5611CD283A, - 01FA88FEFFF2BC5611CD283A, - 01FA88FFFFF2BC5611CD283A, - 01FA8900FFF2BC5611CD283A, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/derived_src\""; - INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DDatabase=XDatabase"; - OTHER_LDFLAGS = "-twolevel_namespace -lSecurityAgentClient -lbsm"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = SecurityServer; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(SRCROOT)/SecurityServer/SecurityServer.order\" -e start"; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - C25FA84C03CB687400CA2E77, - 1B40D2E3FFF9716411CD283A, - ); - isa = PBXToolTarget; - name = SecurityServer; - productInstallPath = "$(SYSTEM_CORE_SERVICES_DIR)"; - productName = SecurityServer; - productReference = 01FA88FBFFF2BC5611CD283A; - }; - 01FA88FDFFF2BC5611CD283A = { - buildActionMask = 2147483647; - files = ( - 125E85AFFFF3D51B11CD283A, - 125E85B0FFF3D51B11CD283A, - 125E85B1FFF3D51B11CD283A, - 125E85B2FFF3D51B11CD283A, - 125E85B3FFF3D51B11CD283A, - 125E85B9FFF3D54811CD283A, - 125E85BAFFF3D54811CD283A, - 125E85BBFFF3D54811CD283A, - 125E85BFFFF3D5ED11CD283A, - 125E85C0FFF3D5ED11CD283A, - 125E85C1FFF3D5ED11CD283A, - 125E85C2FFF3D5ED11CD283A, - 125E85C3FFF3D5ED11CD283A, - 125E85C4FFF3D5ED11CD283A, - 125E85C5FFF3D5ED11CD283A, - 125E85C6FFF3D5ED11CD283A, - 125E85C7FFF3D5ED11CD283A, - 3253C16601C7D8A105CA2E77, - 32361EEE01EB8FD005CA2E77, - 32361F0A01F4B39505CA2E77, - F5A7F720023D974F01CA2E64, - C2952B13044B560900CA2E77, - C2952B15044B560900CA2E77, - 40ACEF4D0462F6EC0035B857, - 40ACEF510462F6FF0035B857, - C2C11915047187E800CA2E77, - B6F3F06605E5C926003E48D8, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA88FEFFF2BC5611CD283A = { - buildActionMask = 2147483647; - files = ( - 125E85B4FFF3D51B11CD283A, - 125E85B5FFF3D51B11CD283A, - 125E85B6FFF3D51B11CD283A, - 125E85B7FFF3D51B11CD283A, - 125E85B8FFF3D51B11CD283A, - 125E85BCFFF3D54811CD283A, - 125E85BDFFF3D54811CD283A, - 125E85BEFFF3D54811CD283A, - 125E85C8FFF3D5ED11CD283A, - 125E85C9FFF3D5ED11CD283A, - 125E85CAFFF3D5ED11CD283A, - 125E85CCFFF3D5ED11CD283A, - 125E85CDFFF3D5ED11CD283A, - 125E85CEFFF3D5ED11CD283A, - 125E85CFFFF3D5ED11CD283A, - 125E85D0FFF3D5ED11CD283A, - 125E85D1FFF3D5ED11CD283A, - 3253C16701C7D8A105CA2E77, - 32361EEF01EB8FD005CA2E77, - 32554D7C01F4C97405CA2E77, - C2952B12044B560900CA2E77, - C2952B14044B560900CA2E77, - 40ACEF4C0462F6EC0035B857, - 40ACEF500462F6FF0035B857, - C2C11914047187E800CA2E77, - B6F3F06505E5C926003E48D8, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA88FFFFF2BC5611CD283A = { - buildActionMask = 2147483647; - files = ( - 1BA451B20097605B7F000001, - 3949557400CC6A4511CD283A, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA8900FFF2BC5611CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA8901FFF2BCA811CD283A = { - isa = PBXExecutableFileReference; - path = AuthorizationTrampoline; - refType = 3; - }; - 01FA8902FFF2BCA811CD283A = { - isa = PBXTargetDependency; - target = 01FA88FCFFF2BC5611CD283A; - }; - 01FA8903FFF2BCA811CD283A = { - isa = PBXTargetDependency; - target = 01FA8904FFF2BCA811CD283A; - }; - 01FA8904FFF2BCA811CD283A = { - buildPhases = ( - 01FA8905FFF2BCA811CD283A, - 01FA8906FFF2BCA811CD283A, - 01FA8908FFF2BCA811CD283A, - 01FA890AFFF2BCA811CD283A, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_LDFLAGS = "-twolevel_namespace"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AuthorizationTrampoline; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - ); - isa = PBXToolTarget; - name = AuthorizationTrampoline; - productInstallPath = "$(SYSTEM_CORE_SERVICES_DIR)"; - productName = AuthorizationTrampoline; - productReference = 01FA8901FFF2BCA811CD283A; - }; - 01FA8905FFF2BCA811CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA8906FFF2BCA811CD283A = { - buildActionMask = 2147483647; - files = ( - 01FA8907FFF2BCA811CD283A, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA8907FFF2BCA811CD283A = { - fileRef = 01FA81ACFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8908FFF2BCA811CD283A = { - buildActionMask = 2147483647; - files = ( - 1BA451B30097605B7F000001, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA890AFFF2BCA811CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 01FA890DFFF2BD9911CD283A = { - children = ( - 01FA890FFFF2BE3511CD283A, - 01FA8910FFF2BE3511CD283A, - 01FA8911FFF2BE3511CD283A, - 01FA8912FFF2BE3511CD283A, - 01FA8913FFF2BE3511CD283A, - 01FA8914FFF2BE3511CD283A, - 01FA8915FFF2BE3511CD283A, - 01FA8916FFF2BE3511CD283A, - 01FA8917FFF2BE3511CD283A, - 01FA8918FFF2BE3511CD283A, - 01FA8919FFF2BE3511CD283A, - 01FA891AFFF2BE3511CD283A, - 01FA891BFFF2BE3511CD283A, - 01FA891CFFF2BE3511CD283A, - 32554D7901F4C97305CA2E77, - 0177F2CCFFFAA2D311CD283A, - 07A0F690005DAEE111CD283A, - 52F5173004C4B29300D9D6E1, - ); - isa = PBXGroup; - path = derived_src; - refType = 3; - }; - 01FA890EFFF2BD9911CD283A = { - children = ( - 01FA891FFFF2BE3511CD283A, - 01FA8920FFF2BE3511CD283A, - 01FA8926FFF2BE3511CD283A, - 32554D7A01F4C97305CA2E77, - ); - isa = PBXGroup; - name = "derived headers"; - path = include; - refType = 3; - }; - 01FA890FFFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ACabstractsession.cpp; - refType = 4; - }; - 01FA8910FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLabstractsession.cpp; - refType = 4; - }; - 01FA8911FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPabstractsession.cpp; - refType = 4; - }; - 01FA8912FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmexports.gen; - refType = 4; - }; - 01FA8913FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLabstractsession.cpp; - refType = 4; - }; - 01FA8914FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = errorcodes.gen; - refType = 4; - }; - 01FA8915FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = funcnames.gen; - refType = 4; - }; - 01FA8916FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = generator.rpt; - refType = 4; - }; - 01FA8917FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = secagentServer.cpp; - refType = 4; - }; - 01FA8918FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = secagentUser.cpp; - refType = 4; - }; - 01FA8919FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPabstractsession.cpp; - refType = 4; - }; - 01FA891AFFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = transition.gen; - refType = 4; - }; - 01FA891BFFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucspServer.cpp; - refType = 4; - }; - 01FA891CFFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucspUser.cpp; - refType = 4; - }; - 01FA891FFFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = secagent.h; - refType = 4; - }; - 01FA8920FFF2BE3511CD283A = { - children = ( - 01FA8921FFF2BE3511CD283A, - 01FA8922FFF2BE3511CD283A, - 01FA8923FFF2BE3511CD283A, - 01FA8924FFF2BE3511CD283A, - 01FA8925FFF2BE3511CD283A, - ); - isa = PBXGroup; - path = Security; - refType = 4; - }; - 01FA8921FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ACabstractsession.h; - refType = 4; - }; - 01FA8922FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLabstractsession.h; - refType = 4; - }; - 01FA8923FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPabstractsession.h; - refType = 4; - }; - 01FA8924FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DLabstractsession.h; - refType = 4; - }; - 01FA8925FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPabstractsession.h; - refType = 4; - }; - 01FA8926FFF2BE3511CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucsp.h; - refType = 4; - }; - 01FA8929FFF2BE3511CD283A = { - fileRef = 01FA8921FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA892AFFF2BE3511CD283A = { - fileRef = 01FA8922FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA892BFFF2BE3511CD283A = { - fileRef = 01FA8923FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA892CFFF2BE3511CD283A = { - fileRef = 01FA8924FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA892DFFF2BE3511CD283A = { - fileRef = 01FA8925FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01FA8930FFF2BE3511CD283A = { - fileRef = 01FA890FFFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8931FFF2BE3511CD283A = { - fileRef = 01FA8910FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8932FFF2BE3511CD283A = { - fileRef = 01FA8911FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8933FFF2BE3511CD283A = { - fileRef = 01FA8913FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01FA8936FFF2BE3511CD283A = { - fileRef = 01FA8919FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//010 -//011 -//012 -//013 -//014 -//020 -//021 -//022 -//023 -//024 - 025C84BB0027360A11CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = threading_internal.h; - refType = 4; - }; - 025C84BC0027360A11CD296C = { - fileRef = 025C84BB0027360A11CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//020 -//021 -//022 -//023 -//024 -//030 -//031 -//032 -//033 -//034 - 030701E1FFF95F6F11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Security.exp; - refType = 4; - }; - 030701E3FFF96F8511CD283A = { - isa = PBXLibraryReference; - path = libSecurityAgentClient.a; - refType = 3; - }; - 030701E4FFF96F8511CD283A = { - buildPhases = ( - 030701E5FFF96F8511CD283A, - 030701E6FFF96F8511CD283A, - 030701E7FFF96F8511CD283A, - 030701E8FFF96F8511CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - INSTALL_PATH = /usr/local/lib; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DNOSA -DAGENTPATH=\\\\\\\"$(SYSTEM_LIBRARY_DIR)/CoreServices/SecurityAgent.app\\\\\\\" -DAGENTNAME=\\\\\\\"SecurityAgent\\\\\\\""; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libSecurityAgentClient.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 1B40D2E4FFF9716411CD283A, - ); - isa = PBXLibraryTarget; - name = "SecurityAgent Client"; - productInstallPath = /usr/local/lib; - productName = "SecurityAgent Client"; - productReference = 030701E3FFF96F8511CD283A; - }; - 030701E5FFF96F8511CD283A = { - buildActionMask = 2147483647; - files = ( - 406934DF04EDBB8C00447C8E, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 030701E6FFF96F8511CD283A = { - buildActionMask = 2147483647; - files = ( - 030701E9FFF96F9911CD283A, - 030701EAFFF96F9911CD283A, - 406934DE04EDBB8A00447C8E, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 030701E7FFF96F8511CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 030701E8FFF96F8511CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 030701E9FFF96F9911CD283A = { - fileRef = 01FA821CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 030701EAFFF96F9911CD283A = { - fileRef = 01FA8918FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 034768DDFF38A45A11DB9C8B = { - children = ( - 1BA451B10097605B7F000001, - 01FA88FBFFF2BC5611CD283A, - 01FA8901FFF2BCA811CD283A, - 125E85D4FFF3D67D11CD283A, - 030701E3FFF96F8511CD283A, - 325EAA3100D6B2BE05CD296C, - 325EAA3200D6B2BE05CD296C, - F54323B4022DC91501CA2E64, - 9DC1DEF40299BBCD00003D05, - 9D347A6B0380312200003D05, - 9D347A8C0380359B00003D05, - C227CDCA03E7171400CA2E77, - C2907DD5042BA6B100CA2E77, - ); - isa = PBXGroup; - name = Products; - path = ""; - refType = 4; - }; - 039FF1DB00724BE07F000001 = { - children = ( - 057C0BBE0457129200BA3D3B, - 057C0BBF0457129200BA3D3B, - 057C0BDB0458299B00BA3D3B, - 057C0BDC0458299B00BA3D3B, - 039FF1DC00724C3A7F000001, - 039FF1E200724FFC7F000001, - 0149035400A9DC487F000001, - 0149035500A9DC487F000001, - 07A0F672005DAEE111CD283A, - 07A0F673005DAEE111CD283A, - 209FCB5000A739657F000001, - 209FCB4E00A738117F000001, - 59375E6B00A848827F000001, - 0149035600A9DC487F000001, - 0149035700A9DC487F000001, - 05553B6A042F88F800003D05, - 05553B6B042F88F800003D05, - 039FF1E000724E6E7F000001, - 039FF1DE00724E1A7F000001, - 0149036400A9DF347F000001, - 2C5247F0007A39B47F000001, - 2C5247F1007A39B47F000001, - 52BFC307007A6A1B7F000001, - 52BFC308007A6A1B7F000001, - 4A4C7674007A52DC7F000001, - 4A4C7675007A52DC7F000001, - 59375E7100A849BB7F000001, - 0149035800A9DC487F000001, - 0149035900A9DC487F000001, - 0149035A00A9DC487F000001, - 0149035B00A9DC487F000001, - 07A0F675005DAEE111CD283A, - 07A0F674005DAEE111CD283A, - 9D206AA601EB68F200003D05, - ); - isa = PBXGroup; - name = MiscCSPAlgs; - refType = 4; - }; - 039FF1DC00724C3A7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = desContext.cpp; - path = MiscCSPAlgs/desContext.cpp; - refType = 4; - }; - 039FF1DD00724C3A7F000001 = { - fileRef = 039FF1DC00724C3A7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 039FF1DE00724E1A7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = miscAlgFactory.h; - path = MiscCSPAlgs/miscAlgFactory.h; - refType = 4; - }; - 039FF1DF00724E1A7F000001 = { - fileRef = 039FF1DE00724E1A7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 039FF1E000724E6E7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = miscAlgFactory.cpp; - path = MiscCSPAlgs/miscAlgFactory.cpp; - refType = 4; - }; - 039FF1E100724E6E7F000001 = { - fileRef = 039FF1E000724E6E7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 039FF1E200724FFC7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = desContext.h; - path = AppleCSP/MiscCSPAlgs/desContext.h; - refType = 2; - }; - 039FF1E300724FFC7F000001 = { - fileRef = 039FF1E200724FFC7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 03B76D49FFF2D31811CD283A = { - fileRef = 01FA823CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 03B76D4AFFF2D35D11CD283A = { - fileRef = 01FA8227FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 03B76D4BFFF2D35D11CD283A = { - fileRef = 01FA8229FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 03B76D4CFFF2D35D11CD283A = { - fileRef = 01FA821FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 03B76D4DFFF2D35D11CD283A = { - fileRef = 01FA8926FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 03B76D4EFFF2D35D11CD283A = { - fileRef = 01FA8226FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 03B76D4FFFF2D35D11CD283A = { - fileRef = 01FA8228FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 03B76D51FFF2D43011CD283A = { - fileRef = 01FA891CFFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//030 -//031 -//032 -//033 -//034 -//050 -//051 -//052 -//053 -//054 - 05293B8A043916C100003D05 = { - fileRef = 05F88FC30410032C00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 05553B6A042F88F800003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = pkcs12Derive.cpp; - path = MiscCSPAlgs/pkcs12Derive.cpp; - refType = 4; - }; - 05553B6B042F88F800003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = pkcs12Derive.h; - path = MiscCSPAlgs/pkcs12Derive.h; - refType = 4; - }; - 05553B6C042F88F800003D05 = { - fileRef = 05553B6A042F88F800003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05553B6D042F88F800003D05 = { - fileRef = 05553B6B042F88F800003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05553B6E042F892F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = pkcs8.cpp; - refType = 4; - }; - 05553B6F042F892F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = pkcs8.h; - refType = 4; - }; - 05553B70042F892F00003D05 = { - fileRef = 05553B6E042F892F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05553B71042F892F00003D05 = { - fileRef = 05553B6F042F892F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05553B72042F90DD00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = pbkdDigest.cpp; - refType = 4; - }; - 05553B73042F90DD00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = pbkdDigest.h; - refType = 4; - }; - 05553B74042F90DD00003D05 = { - fileRef = 05553B72042F90DD00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05553B75042F90DD00003D05 = { - fileRef = 05553B73042F90DD00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 056015700461B82B00D4A1BF = { - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1; - dstSubfolderSpec = 0; - files = ( - 056015720461B87200D4A1BF, - ); - isa = PBXCopyFilesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 056015710461B87200D4A1BF = { - fileEncoding = 30; - isa = PBXFileReference; - name = certtool.1; - path = CertTool/certtool.1; - refType = 4; - }; - 056015720461B87200D4A1BF = { - fileRef = 056015710461B87200D4A1BF; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BB00456E14700BA3D3B = { - children = ( - 057C0BB10456E16900BA3D3B, - 057C0BB20456E16900BA3D3B, - 057C0BB30456E16900BA3D3B, - 057C0BB40456E16900BA3D3B, - 057C0BB50456E16900BA3D3B, - ); - isa = PBXGroup; - name = bf; - refType = 4; - }; - 057C0BB10456E16900BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bf_ecb.c; - path = bf/bf_ecb.c; - refType = 4; - }; - 057C0BB20456E16900BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bf_enc.c; - path = bf/bf_enc.c; - refType = 4; - }; - 057C0BB30456E16900BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bf_locl.h; - path = bf/bf_locl.h; - refType = 4; - }; - 057C0BB40456E16900BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bf_pi.h; - path = bf/bf_pi.h; - refType = 4; - }; - 057C0BB50456E16900BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bf_skey.c; - path = bf/bf_skey.c; - refType = 4; - }; - 057C0BB60456E16900BA3D3B = { - fileRef = 057C0BB10456E16900BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BB70456E16900BA3D3B = { - fileRef = 057C0BB20456E16900BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BB80456E16900BA3D3B = { - fileRef = 057C0BB30456E16900BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BB90456E16900BA3D3B = { - fileRef = 057C0BB40456E16900BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BBA0456E16900BA3D3B = { - fileRef = 057C0BB50456E16900BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BBB0456E18300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = blowfish.h; - path = openssl/blowfish.h; - refType = 4; - }; - 057C0BBC0456E18300BA3D3B = { - fileRef = 057C0BBB0456E18300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BBE0457129200BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bfContext.cpp; - path = MiscCSPAlgs/bfContext.cpp; - refType = 4; - }; - 057C0BBF0457129200BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = bfContext.h; - path = MiscCSPAlgs/bfContext.h; - refType = 4; - }; - 057C0BC00457129200BA3D3B = { - fileRef = 057C0BBE0457129200BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BC10457129200BA3D3B = { - fileRef = 057C0BBF0457129200BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BC404581E0000BA3D3B = { - children = ( - 057C0BC504581E3300BA3D3B, - 057C0BC604581E3300BA3D3B, - 057C0BC704581E3300BA3D3B, - 057C0BC804581E3300BA3D3B, - 057C0BC904581E3300BA3D3B, - ); - isa = PBXGroup; - name = cast; - refType = 4; - }; - 057C0BC504581E3300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = c_ecb.c; - path = cast/c_ecb.c; - refType = 4; - }; - 057C0BC604581E3300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = c_enc.c; - path = cast/c_enc.c; - refType = 4; - }; - 057C0BC704581E3300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = c_skey.c; - path = cast/c_skey.c; - refType = 4; - }; - 057C0BC804581E3300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = cast_lcl.h; - path = cast/cast_lcl.h; - refType = 4; - }; - 057C0BC904581E3300BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = cast_s.h; - path = cast/cast_s.h; - refType = 4; - }; - 057C0BCA04581E3300BA3D3B = { - fileRef = 057C0BC504581E3300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BCB04581E3300BA3D3B = { - fileRef = 057C0BC604581E3300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BCC04581E3300BA3D3B = { - fileRef = 057C0BC704581E3300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BCD04581E3300BA3D3B = { - fileRef = 057C0BC804581E3300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BCE04581E3300BA3D3B = { - fileRef = 057C0BC904581E3300BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BD704581E6800BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = cast.h; - path = openssl/cast.h; - refType = 4; - }; - 057C0BD804581E6800BA3D3B = { - fileRef = 057C0BD704581E6800BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BDB0458299B00BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = castContext.cpp; - path = MiscCSPAlgs/castContext.cpp; - refType = 4; - }; - 057C0BDC0458299B00BA3D3B = { - fileEncoding = 30; - isa = PBXFileReference; - name = castContext.h; - path = MiscCSPAlgs/castContext.h; - refType = 4; - }; - 057C0BDF0458299B00BA3D3B = { - fileRef = 057C0BDB0458299B00BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 057C0BE00458299B00BA3D3B = { - fileRef = 057C0BDC0458299B00BA3D3B; - isa = PBXBuildFile; - settings = { - }; - }; - 05855484FFF2DA1E11CD283A = { - isa = PBXTargetDependency; - target = 01FA88F0FFF2B96911CD283A; - }; - 05D098CE043C6DD200003D05 = { - fileEncoding = 4; - isa = PBXFileReference; - path = AppleCSPKeys.h; - refType = 4; - }; - 05D098CF043C6DD200003D05 = { - fileRef = 05D098CE043C6DD200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05D098D0043C6DE300003D05 = { - fileEncoding = 4; - isa = PBXFileReference; - path = AppleCSPKeys.cpp; - refType = 4; - }; - 05D098D1043C6DE300003D05 = { - fileRef = 05D098D0043C6DE300003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FC00410032C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslAsn1.cpp; - path = opensslUtils/opensslAsn1.cpp; - refType = 4; - }; - 05F88FC10410032C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslAsn1.h; - path = opensslUtils/opensslAsn1.h; - refType = 4; - }; - 05F88FC20410032C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = osKeyTemplates.cpp; - path = opensslUtils/osKeyTemplates.cpp; - refType = 4; - }; - 05F88FC30410032C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = osKeyTemplates.h; - path = opensslUtils/osKeyTemplates.h; - refType = 4; - }; - 05F88FC40410032C00003D05 = { - fileRef = 05F88FC00410032C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FC50410032C00003D05 = { - fileRef = 05F88FC10410032C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FC60410032C00003D05 = { - fileRef = 05F88FC20410032C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FC70410032C00003D05 = { - fileRef = 05F88FC30410032C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FC80410035B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CryptKitAsn1.cpp; - refType = 4; - }; - 05F88FC90410035B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CryptKitAsn1.h; - refType = 4; - }; - 05F88FCA0410035B00003D05 = { - fileRef = 05F88FC80410035B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FCB0410035B00003D05 = { - fileRef = 05F88FC90410035B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FCC041003A500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clNameUtils.cpp; - refType = 4; - }; - 05F88FCD041003A500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clNameUtils.h; - refType = 4; - }; - 05F88FCE041003A500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clNssUtils.cpp; - refType = 4; - }; - 05F88FCF041003A500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clNssUtils.h; - refType = 4; - }; - 05F88FD0041003A500003D05 = { - fileRef = 05F88FCC041003A500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FD1041003A500003D05 = { - fileRef = 05F88FCD041003A500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FD2041003A500003D05 = { - fileRef = 05F88FCE041003A500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 05F88FD3041003A500003D05 = { - fileRef = 05F88FCF041003A500003D05; - isa = PBXBuildFile; - settings = { - }; - }; -//050 -//051 -//052 -//053 -//054 -//070 -//071 -//072 -//073 -//074 - 07A0F5EA005DAEE111CD283A = { - children = ( - 256C38AB0094AE067F000001, - 57FCEE8D007B8B3D7F000001, - 2C5247EA007A39B47F000001, - 039FF1DB00724BE07F000001, - 07A0F5EB005DAEE111CD283A, - 07A0F5F4005DAEE111CD283A, - 07A0F606005DAEE111CD283A, - 07A0F66E005DAEE111CD283A, - 07A0F680005DAEE111CD283A, - 9D291881026B56B800003D05, - 07A0F685005DAEE111CD283A, - 325EAA3700D6B47405CD296C, - 9D64BAF1019B176100003D05, - 9D64BAF2019B176100003D05, - 9D64BAF3019B176100003D05, - 9DA13D0401B4638200003D05, - ); - isa = PBXGroup; - path = AppleCSP; - refType = 4; - }; - 07A0F5EB005DAEE111CD283A = { - children = ( - 07A0F5EC005DAEE111CD283A, - 07A0F5EE005DAEE111CD283A, - 4AC94A7E0084C0977F000001, - 07A0F5EF005DAEE111CD283A, - 07A0F5F0005DAEE111CD283A, - 07A0F5F1005DAEE111CD283A, - 07A0F5F2005DAEE111CD283A, - 07A0F5F3005DAEE111CD283A, - 4AC94A7C0084BE397F000001, - 9D8F0D1D01C80C0C00003D05, - 9D2C3D0001C826C800003D05, - 9D8F0D1E01C80C0C00003D05, - 9D8F0D1F01C80C0C00003D05, - 9D2C3D0201C82F6000003D05, - ); - isa = PBXGroup; - path = AES; - refType = 4; - }; - 07A0F5EC005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = aescsp.cpp; - refType = 4; - }; - 07A0F5EE005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = aescspi.h; - refType = 4; - }; - 07A0F5EF005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "boxes-ref.h"; - refType = 4; - }; - 07A0F5F0005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "rijndael-alg-ref.c"; - refType = 4; - }; - 07A0F5F1005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = "rijndael-alg-ref.h"; - refType = 4; - }; - 07A0F5F2005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = rijndaelApi.c; - refType = 4; - }; - 07A0F5F3005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = rijndaelApi.h; - refType = 4; - }; - 07A0F5F4005DAEE111CD283A = { - children = ( - 07A0F5F5005DAEE111CD283A, - 07A0F5F6005DAEE111CD283A, - 07A0F5F7005DAEE111CD283A, - 07A0F5F8005DAEE111CD283A, - 05D098D0043C6DE300003D05, - 05D098CE043C6DD200003D05, - 07A0F5F9005DAEE111CD283A, - 07A0F5FA005DAEE111CD283A, - 07A0F5FB005DAEE111CD283A, - 07A0F5FC005DAEE111CD283A, - 07A0F5FD005DAEE111CD283A, - 07A0F5FE005DAEE111CD283A, - 07A0F5FF005DAEE111CD283A, - 07A0F600005DAEE111CD283A, - 07A0F601005DAEE111CD283A, - 05553B6E042F892F00003D05, - 05553B6F042F892F00003D05, - 1691956B009480BC7F000001, - 07A0F604005DAEE111CD283A, - 07A0F605005DAEE111CD283A, - 1691956D009485A47F000001, - 1691956F009486767F000001, - 48855E830095DC957F000001, - 48855E850095DD697F000001, - ); - isa = PBXGroup; - path = AppleCSP; - refType = 4; - }; - 07A0F5F5005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSP.cpp; - refType = 4; - }; - 07A0F5F6005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSP.h; - refType = 4; - }; - 07A0F5F7005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPContext.cpp; - refType = 4; - }; - 07A0F5F8005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPContext.h; - refType = 4; - }; - 07A0F5F9005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPSession.h; - refType = 4; - }; - 07A0F5FA005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPUtils.cpp; - refType = 4; - }; - 07A0F5FB005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPUtils.h; - refType = 4; - }; - 07A0F5FC005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = BinaryKey.h; - refType = 4; - }; - 07A0F5FD005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = BlockCryptor.cpp; - refType = 4; - }; - 07A0F5FE005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = BlockCryptor.h; - refType = 4; - }; - 07A0F5FF005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdebugging.c; - refType = 4; - }; - 07A0F600005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdebugging.h; - refType = 4; - }; - 07A0F601005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = deriveKey.cpp; - refType = 4; - }; - 07A0F604005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = wrapKey.cpp; - refType = 4; - }; - 07A0F605005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = wrapKeyCms.cpp; - refType = 4; - }; - 07A0F606005DAEE111CD283A = { - children = ( - 07A0F607005DAEE111CD283A, - 07A0F608005DAEE111CD283A, - 07A0F609005DAEE111CD283A, - 07A0F60A005DAEE111CD283A, - 07A0F60B005DAEE111CD283A, - 07A0F60C005DAEE111CD283A, - 07A0F60D005DAEE111CD283A, - 07A0F60E005DAEE111CD283A, - 07A0F60F005DAEE111CD283A, - 07A0F610005DAEE111CD283A, - 07A0F611005DAEE111CD283A, - 07A0F612005DAEE111CD283A, - ); - isa = PBXGroup; - path = BSafeCSP; - refType = 4; - }; - 07A0F607005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = algmaker.cpp; - refType = 4; - }; - 07A0F608005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafeAsymmetric.cpp; - refType = 4; - }; - 07A0F609005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafeContext.cpp; - refType = 4; - }; - 07A0F60A005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafecsp.h; - refType = 4; - }; - 07A0F60B005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafecspi.h; - refType = 4; - }; - 07A0F60C005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafeKeyGen.cpp; - refType = 4; - }; - 07A0F60D005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafePKCS1.cpp; - refType = 4; - }; - 07A0F60E005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafePKCS1.h; - refType = 4; - }; - 07A0F60F005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsafeSymmetric.cpp; - refType = 4; - }; - 07A0F610005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = bsobjects.h; - refType = 4; - }; - 07A0F611005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = memory.cpp; - refType = 4; - }; - 07A0F612005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = miscalgorithms.cpp; - refType = 4; - }; - 07A0F66E005DAEE111CD283A = { - children = ( - 07A0F66F005DAEE111CD283A, - 07A0F670005DAEE111CD283A, - 07A0F671005DAEE111CD283A, - 07A0F676005DAEE111CD283A, - 07A0F677005DAEE111CD283A, - 07A0F678005DAEE111CD283A, - 07A0F679005DAEE111CD283A, - 07A0F67A005DAEE111CD283A, - 07A0F67B005DAEE111CD283A, - 07A0F67E005DAEE111CD283A, - 07A0F67F005DAEE111CD283A, - 63B97E6600603F0A7F000001, - 05F88FC80410035B00003D05, - 05F88FC90410035B00003D05, - ); - isa = PBXGroup; - path = CryptKitCSP; - refType = 4; - }; - 07A0F66F005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptkitcsp.cpp; - refType = 4; - }; - 07A0F670005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptkitcsp.h; - refType = 4; - }; - 07A0F671005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CryptKitSpace.h; - refType = 4; - }; - 07A0F672005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = DigestContext.cpp; - path = AppleCSP/MiscCSPAlgs/DigestContext.cpp; - refType = 2; - }; - 07A0F673005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = DigestContext.h; - path = AppleCSP/MiscCSPAlgs/DigestContext.h; - refType = 2; - }; - 07A0F674005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1_MD5_Object.cpp; - path = MiscCSPAlgs/SHA1_MD5_Object.cpp; - refType = 4; - }; - 07A0F675005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - name = SHA1_MD5_Object.h; - path = MiscCSPAlgs/SHA1_MD5_Object.h; - refType = 4; - }; - 07A0F676005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEEAsymmetricContext.cpp; - refType = 4; - }; - 07A0F677005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEEAsymmetricContext.h; - refType = 4; - }; - 07A0F678005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEECSPUtils.cpp; - refType = 4; - }; - 07A0F679005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEECSPUtils.h; - refType = 4; - }; - 07A0F67A005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEEKeys.cpp; - refType = 4; - }; - 07A0F67B005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEEKeys.h; - refType = 4; - }; - 07A0F67E005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEESignatureObject.cpp; - refType = 4; - }; - 07A0F67F005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FEESignatureObject.h; - refType = 4; - }; - 07A0F680005DAEE111CD283A = { - children = ( - 07A0F681005DAEE111CD283A, - 07A0F682005DAEE111CD283A, - 07A0F683005DAEE111CD283A, - 07A0F684005DAEE111CD283A, - 05553B72042F90DD00003D05, - 05553B73042F90DD00003D05, - ); - isa = PBXGroup; - path = PBKDF2; - refType = 4; - }; - 07A0F681005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = HMACSHA1.c; - refType = 4; - }; - 07A0F682005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = HMACSHA1.h; - refType = 4; - }; - 07A0F683005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = pbkdf2.c; - refType = 4; - }; - 07A0F684005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = pbkdf2.h; - refType = 4; - }; - 07A0F685005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 07A0F686005DAEE111CD283A = { - children = ( - 07A0F68A005DAEE111CD283A, - 07A0F68B005DAEE111CD283A, - 07A0F68C005DAEE111CD283A, - 07A0F68D005DAEE111CD283A, - F5E32A1500EAB9A301CD283A, - 07A0F691005DAEE111CD283A, - 07A0F692005DAEE111CD283A, - 07A0F693005DAEE111CD283A, - 07A0F694005DAEE111CD283A, - 07A0F695005DAEE111CD283A, - 07A0F696005DAEE111CD283A, - 07A0F697005DAEE111CD283A, - 07A0F698005DAEE111CD283A, - 07A0F699005DAEE111CD283A, - 07A0F69A005DAEE111CD283A, - 07A0F69B005DAEE111CD283A, - 07A0F69C005DAEE111CD283A, - 07A0F69D005DAEE111CD283A, - 07A0F69E005DAEE111CD283A, - 07A0F69F005DAEE111CD283A, - 327DDDE700D6FC1A05CD296C, - 9DAE2E3201A43D6B00003D05, - 9DAE2E3301A43D6B00003D05, - 9DAE2E3401A43D6B00003D05, - 9DAE2E3501A43D6B00003D05, - ); - isa = PBXGroup; - path = AppleCSPDL; - refType = 4; - }; - 07A0F68A005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPDLDatabase.cpp; - refType = 4; - }; - 07A0F68B005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPDLDatabase.h; - refType = 4; - }; - 07A0F68C005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPDLPlugin.cpp; - refType = 4; - }; - 07A0F68D005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPDLPlugin.h; - refType = 4; - }; - 07A0F690005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KeySchema.cpp; - refType = 4; - }; - 07A0F691005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KeySchema.h; - refType = 4; - }; - 07A0F692005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSContext.cpp; - refType = 4; - }; - 07A0F693005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSContext.h; - refType = 4; - }; - 07A0F694005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSCSPDLSession.cpp; - refType = 4; - }; - 07A0F695005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSCSPDLSession.h; - refType = 4; - }; - 07A0F696005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSCSPSession.cpp; - refType = 4; - }; - 07A0F697005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSCSPSession.h; - refType = 4; - }; - 07A0F698005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSDatabase.cpp; - refType = 4; - }; - 07A0F699005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSDatabase.h; - refType = 4; - }; - 07A0F69A005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSDLSession.cpp; - refType = 4; - }; - 07A0F69B005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSDLSession.h; - refType = 4; - }; - 07A0F69C005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSFactory.cpp; - refType = 4; - }; - 07A0F69D005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSFactory.h; - refType = 4; - }; - 07A0F69E005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSKey.cpp; - refType = 4; - }; - 07A0F69F005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = SSKey.h; - refType = 4; - }; - 07A0F6A0005DAEE111CD283A = { - children = ( - 07A0F6A4005DAEE111CD283A, - 07A0F6A5005DAEE111CD283A, - 07A0F6A8005DAEE111CD283A, - 07A0F6A9005DAEE111CD283A, - 07A0F6AA005DAEE111CD283A, - 3290383500D6BB3705CD296C, - 9DAE2E2D01A3378900003D05, - 9DAE2E2E01A3378900003D05, - ); - isa = PBXGroup; - path = AppleDL; - refType = 4; - }; - 07A0F6A4005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleFileDL.cpp; - refType = 4; - }; - 07A0F6A5005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleFileDL.h; - refType = 4; - }; - 07A0F6A8005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = FORMAT; - refType = 4; - }; - 07A0F6A9005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = ISSUES; - refType = 4; - }; - 07A0F6AA005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 07A0F6AB005DAEE111CD283A = { - children = ( - 07A0F6AD005DAEE111CD283A, - 07A0F6AE005DAEE111CD283A, - 07A0F6B4005DAEE111CD283A, - 07A0F6B5005DAEE111CD283A, - 9D347A350380197600003D05, - 9D347A360380197600003D05, - 07A0F6B6005DAEE111CD283A, - 07A0F6B7005DAEE111CD283A, - 9D347A370380197600003D05, - 07A0F6B8005DAEE111CD283A, - 9D347A380380197600003D05, - 9D347A390380197600003D05, - 07A0F6B9005DAEE111CD283A, - 07A0F6BA005DAEE111CD283A, - 07A0F6BE005DAEE111CD283A, - 07A0F6BF005DAEE111CD283A, - 07A0F6C0005DAEE111CD283A, - 9D347A3A0380197600003D05, - 9D347A3B0380197600003D05, - 9D347A3C0380197600003D05, - 9D347A3D0380197600003D05, - 9D347A3E0380197600003D05, - 9D347A3F0380197600003D05, - 07A0F6C1005DAEE111CD283A, - 07A0F6C2005DAEE111CD283A, - 07A0F6C3005DAEE111CD283A, - 07A0F6C4005DAEE111CD283A, - 07A0F6C5005DAEE111CD283A, - 07A0F6C6005DAEE111CD283A, - F540EDC2027A41BF01CA2E66, - 05F88FCC041003A500003D05, - 05F88FCD041003A500003D05, - 05F88FCE041003A500003D05, - 05F88FCF041003A500003D05, - 07A0F6C9005DAEE111CD283A, - 3290383600D6BB3705CD296C, - 9DAE2E2501A2E63700003D05, - 9DAE2E2601A2E63700003D05, - ); - isa = PBXGroup; - path = AppleX509CL; - refType = 4; - }; - 07A0F6AD005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509CL.cpp; - refType = 4; - }; - 07A0F6AE005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509CL.h; - refType = 4; - }; - 07A0F6B4005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCertExtensions.cpp; - refType = 4; - }; - 07A0F6B5005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCertExtensions.h; - refType = 4; - }; - 07A0F6B6005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CertFields.cpp; - refType = 4; - }; - 07A0F6B7005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCachedEntry.cpp; - refType = 4; - }; - 07A0F6B8005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCachedEntry.h; - refType = 4; - }; - 07A0F6B9005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPAttacher.cpp; - refType = 4; - }; - 07A0F6BA005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = CSPAttacher.h; - refType = 4; - }; - 07A0F6BE005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = cldebugging.h; - refType = 4; - }; - 07A0F6BF005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedCert.cpp; - refType = 4; - }; - 07A0F6C0005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedCert.h; - refType = 4; - }; - 07A0F6C1005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = LockedMap.h; - refType = 4; - }; - 07A0F6C2005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509CLSession.cpp; - refType = 4; - }; - 07A0F6C3005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509CLSession.h; - refType = 4; - }; - 07A0F6C4005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Session_Cert.cpp; - refType = 4; - }; - 07A0F6C5005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Session_CRL.cpp; - refType = 4; - }; - 07A0F6C6005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Session_Crypto.cpp; - refType = 4; - }; - 07A0F6C9005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 07A0F6CA005DAEE111CD283A = { - children = ( - 07A0F6CB005DAEE111CD283A, - 07A0F6CC005DAEE111CD283A, - 07A0F6CF005DAEE111CD283A, - 07A0F6D0005DAEE111CD283A, - 07A0F6D1005DAEE111CD283A, - 07A0F6D2005DAEE111CD283A, - 07A0F6D6005DAEE111CD283A, - 07A0F6D8005DAEE111CD283A, - 07A0F6DB005DAEE111CD283A, - 07A0F6DC005DAEE111CD283A, - 9D4B1BC70156C2E500A17CD1, - 9D347A4B038019EF00003D05, - 9D347A4C038019EF00003D05, - 9D347A4D038019EF00003D05, - 9D347A4E038019EF00003D05, - 9D347A4F038019EF00003D05, - 9D347A50038019EF00003D05, - 9D347A51038019EF00003D05, - 9D347A52038019EF00003D05, - 07A0F6DD005DAEE111CD283A, - 07A0F6DE005DAEE111CD283A, - 07A0F6DF005DAEE111CD283A, - 07A0F6E0005DAEE111CD283A, - 3290383700D6BB3705CD296C, - 9DAE2E2901A2F93200003D05, - 9DAE2E2A01A2F93200003D05, - 9D09B90701B4314500003D05, - 9D14AC52020093D100003D05, - 9D9AEFBA02B6BC6C00003D05, - ); - isa = PBXGroup; - path = AppleX509TP; - refType = 4; - }; - 07A0F6CB005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleTP.cpp; - refType = 4; - }; - 07A0F6CC005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleTP.h; - refType = 4; - }; - 07A0F6CF005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleTPSession.cpp; - refType = 4; - }; - 07A0F6D0005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleTPSession.h; - refType = 4; - }; - 07A0F6D1005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = certGroupUtils.cpp; - refType = 4; - }; - 07A0F6D2005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = certGroupUtils.h; - refType = 4; - }; - 07A0F6D6005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpdebugging.h; - refType = 4; - }; - 07A0F6D8005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = rootCerts.h; - refType = 4; - }; - 07A0F6DB005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPCertInfo.cpp; - refType = 4; - }; - 07A0F6DC005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPCertInfo.h; - refType = 4; - }; - 07A0F6DD005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpPolicies.cpp; - refType = 4; - }; - 07A0F6DE005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpPolicies.h; - refType = 4; - }; - 07A0F6DF005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpTime.c; - refType = 4; - }; - 07A0F6E0005DAEE111CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpTime.h; - refType = 4; - }; - 07E4D6D300A0CA617F000001 = { - children = ( - 07E4D6D400A0CA617F000001, - 07E4D6D500A0CA617F000001, - 07E4D6D600A0CA617F000001, - 07E4D6D700A0CA617F000001, - 07E4D6D800A0CA617F000001, - 07E4D6D900A0CA617F000001, - 07E4D6DA00A0CA617F000001, - 07E4D6DB00A0CA617F000001, - ); - isa = PBXGroup; - name = dsa; - refType = 4; - }; - 07E4D6D400A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_asn1.c; - path = dsa/dsa_asn1.c; - refType = 4; - }; - 07E4D6D500A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_err.c; - path = dsa/dsa_err.c; - refType = 4; - }; - 07E4D6D600A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_gen.c; - path = dsa/dsa_gen.c; - refType = 4; - }; - 07E4D6D700A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_key.c; - path = dsa/dsa_key.c; - refType = 4; - }; - 07E4D6D800A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_lib.c; - path = dsa/dsa_lib.c; - refType = 4; - }; - 07E4D6D900A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_ossl.c; - path = dsa/dsa_ossl.c; - refType = 4; - }; - 07E4D6DA00A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_sign.c; - path = dsa/dsa_sign.c; - refType = 4; - }; - 07E4D6DB00A0CA617F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa_vrf.c; - path = dsa/dsa_vrf.c; - refType = 4; - }; - 07E4D6DC00A0CA617F000001 = { - fileRef = 07E4D6D400A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6DD00A0CA617F000001 = { - fileRef = 07E4D6D500A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6DE00A0CA617F000001 = { - fileRef = 07E4D6D600A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6DF00A0CA617F000001 = { - fileRef = 07E4D6D700A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6E000A0CA617F000001 = { - fileRef = 07E4D6D800A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6E100A0CA617F000001 = { - fileRef = 07E4D6D900A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6E200A0CA617F000001 = { - fileRef = 07E4D6DA00A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6E300A0CA617F000001 = { - fileRef = 07E4D6DB00A0CA617F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 07E4D6E400A0CD8D7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = sha.h; - path = openssl/sha.h; - refType = 4; - }; - 07E4D6E500A0CD8D7F000001 = { - fileRef = 07E4D6E400A0CD8D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//070 -//071 -//072 -//073 -//074 -//080 -//081 -//082 -//083 -//084 - 0867D690FE84028FC02AAC07 = { - buildStyles = ( - 01CE6B1AFFF2B1BA11CD283A, - 01CE6B19FFF2B1BA11CD283A, - C2F346A204D5C05D0039D9E5, - 320C8FE900EA6AD705CD296C, - F58998F803809BCA01CA2A98, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 0867D691FE84028FC02AAC07; - productRefGroup = 034768DDFF38A45A11DB9C8B; - projectDirPath = ""; - targets = ( - 01CE6B1BFFF2B31311CD283A, - 01CE6B1DFFF2B33A11CD283A, - 01FA88F0FFF2B96911CD283A, - 0867D69CFE84028FC02AAC07, - 030701E4FFF96F8511CD283A, - 125E85D5FFF3D67D11CD283A, - 01FA88FCFFF2BC5611CD283A, - 01FA8904FFF2BCA811CD283A, - C2907DD4042BA6B100CA2E77, - 01FA88F9FFF2BBEB11CD283A, - 3290385000D6BB7805CD296C, - 014880CD005EAE4D11CD283A, - 014880D4005EAE4D11CD283A, - 014880DA005EAE4D11CD283A, - 014880E0005EAE4D11CD283A, - 014880E6005EAE4D11CD283A, - 3290383800D6BB3705CD296C, - 325EAA2200D6B08805CD296C, - 3290382200D6BA5905CD296C, - 3290381900D6BA5905CD296C, - 3290382800D6BA5905CD296C, - 3290382E00D6BA5905CD296C, - 9D347A6A0380312200003D05, - 9DC1DEF30299BBCD00003D05, - 9D347A8B0380359B00003D05, - C227CDC903E7171400CA2E77, - 322C5F3B02B9641F05CA2E77, - ); - }; - 0867D691FE84028FC02AAC07 = { - children = ( - 01FA7FE6FFF2B54C11CD283A, - 0177F263FFFAA2D311CD283A, - 0F404EB6008616EE7F000001, - 01FA819DFFF2B54C11CD283A, - 01FA8126FFF2B54C11CD283A, - 07A0F5EA005DAEE111CD283A, - 07A0F686005DAEE111CD283A, - 07A0F6A0005DAEE111CD283A, - 07A0F6AB005DAEE111CD283A, - 07A0F6CA005DAEE111CD283A, - F5A5E50E00FB884E01CD29D4, - 9DC1DEEE0299BBA900003D05, - 9DC1DEEC0299BB8F00003D05, - 9D347A950380362500003D05, - C227CDC203E716B100CA2E77, - 3283A53702B96AF805CA2E77, - 01FA890DFFF2BD9911CD283A, - 01FA890EFFF2BD9911CD283A, - 030701E1FFF95F6F11CD283A, - 0867D69AFE84028FC02AAC07, - 034768DDFF38A45A11DB9C8B, - ); - isa = PBXGroup; - name = Security; - refType = 4; - }; - 0867D69AFE84028FC02AAC07 = { - children = ( - 325EAA2900D6B23F05CD296C, - 125E85ADFFF3D44A11CD283A, - 327DDDFA00D7E81F05CD296C, - 9D347A5F0380300100003D05, - ); - isa = PBXGroup; - name = "External Frameworks and Libraries"; - refType = 4; - }; - 0867D69CFE84028FC02AAC07 = { - buildPhases = ( - 0867D69DFE84028FC02AAC07, - 0867D69EFE84028FC02AAC07, - 0867D69FFE84028FC02AAC07, - 0867D6A0FE84028FC02AAC07, - 0867D6A2FE84028FC02AAC07, - F5DDE3AE00B3358F01CD283A, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; - FRAMEWORK_VERSION = A; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(BUILT_PRODUCTS_DIR)/derived_src\""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - LIBRARY_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = "-DLIMITED_SIGNING -DBUILTIN_PLUGINS -DVDADER_RULES -DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE"; - OTHER_LDFLAGS = "-lComCryption -lCryptKit -twolevel_namespace -lnssasn1"; - PREBINDING = YES; - PRODUCT_NAME = Security; - SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(SRCROOT)/Security.order\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\""; - VERSIONING_SYSTEM = "apple-generic"; - VERSION_INFO_PREFIX = Sec; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = framework; - }; - dependencies = ( - C25FA84D03CB689300CA2E77, - 3290384F00D6BB7805CD296C, - 05855484FFF2DA1E11CD283A, - ); - isa = PBXFrameworkTarget; - name = Security; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - productName = Security; - productReference = F54323B4022DC91501CA2E64; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - Security - CFBundleGetInfoString - Security.framework 2.0, Copyright © 2000-2002 Apple Computer Inc. - CFBundleIconFile - - CFBundleIdentifier - com.apple.security - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - Security - CFBundlePackageType - FMWK - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 0867D69DFE84028FC02AAC07 = { - buildActionMask = 2147483647; - files = ( - 01FA848EFFF2B54C11CD283A, - 01FA848FFFF2B54C11CD283A, - 01FA8490FFF2B54C11CD283A, - 01FA8491FFF2B54C11CD283A, - 01FA8492FFF2B54C11CD283A, - 01FA8493FFF2B54C11CD283A, - 01FA8494FFF2B54C11CD283A, - 01FA8495FFF2B54C11CD283A, - 01FA8496FFF2B54C11CD283A, - 01FA8497FFF2B54C11CD283A, - 01FA8498FFF2B54C11CD283A, - 01FA8499FFF2B54C11CD283A, - 01FA849AFFF2B54C11CD283A, - 01FA849BFFF2B54C11CD283A, - 01FA849CFFF2B54C11CD283A, - 01FA849DFFF2B54C11CD283A, - 01FA849EFFF2B54C11CD283A, - 01FA849FFFF2B54C11CD283A, - 01FA84A0FFF2B54C11CD283A, - 01FA84A1FFF2B54C11CD283A, - 01FA84A2FFF2B54C11CD283A, - 01FA84A3FFF2B54C11CD283A, - 01FA84A4FFF2B54C11CD283A, - 01FA84A5FFF2B54C11CD283A, - 01FA84A6FFF2B54C11CD283A, - 01FA84A7FFF2B54C11CD283A, - 01FA84A8FFF2B54C11CD283A, - 01FA84AAFFF2B54C11CD283A, - 01FA84ABFFF2B54C11CD283A, - 01FA84ACFFF2B54C11CD283A, - 01FA84ADFFF2B54C11CD283A, - 01FA84AEFFF2B54C11CD283A, - 01FA84AFFFF2B54C11CD283A, - 01FA84B0FFF2B54C11CD283A, - 01FA84B1FFF2B54C11CD283A, - 01FA84B2FFF2B54C11CD283A, - 01FA84B3FFF2B54C11CD283A, - 01FA84B4FFF2B54C11CD283A, - 01FA84B5FFF2B54C11CD283A, - 01FA84B6FFF2B54C11CD283A, - 01FA84B7FFF2B54C11CD283A, - 01FA84B8FFF2B54C11CD283A, - 01FA84B9FFF2B54C11CD283A, - 01FA84BAFFF2B54C11CD283A, - 01FA84BBFFF2B54C11CD283A, - 01FA84BCFFF2B54C11CD283A, - 01FA84BDFFF2B54C11CD283A, - 01FA84BEFFF2B54C11CD283A, - 01FA84BFFFF2B54C11CD283A, - 01FA84C0FFF2B54C11CD283A, - 01FA84C1FFF2B54C11CD283A, - 01FA84C2FFF2B54C11CD283A, - 01FA84C3FFF2B54C11CD283A, - 01FA84C5FFF2B54C11CD283A, - 01FA84C6FFF2B54C11CD283A, - 01FA84C7FFF2B54C11CD283A, - 01FA84C8FFF2B54C11CD283A, - 01FA84C9FFF2B54C11CD283A, - 01FA84CAFFF2B54C11CD283A, - 01FA84CBFFF2B54C11CD283A, - 01FA84CCFFF2B54C11CD283A, - 01FA84CEFFF2B54C11CD283A, - 01FA84CFFFF2B54C11CD283A, - 01FA84D0FFF2B54C11CD283A, - 01FA84D1FFF2B54C11CD283A, - 01FA84D2FFF2B54C11CD283A, - 01FA84D3FFF2B54C11CD283A, - 01FA84D4FFF2B54C11CD283A, - 01FA84D5FFF2B54C11CD283A, - 01FA84D6FFF2B54C11CD283A, - 01FA84D7FFF2B54C11CD283A, - 01FA84D8FFF2B54C11CD283A, - 01FA84D9FFF2B54C11CD283A, - 01FA84DAFFF2B54C11CD283A, - 01FA84DBFFF2B54C11CD283A, - 01FA84DCFFF2B54C11CD283A, - 01FA84DDFFF2B54C11CD283A, - 01FA84DEFFF2B54C11CD283A, - 01FA84DFFFF2B54C11CD283A, - 01FA84E0FFF2B54C11CD283A, - 01FA84E1FFF2B54C11CD283A, - 01FA84E2FFF2B54C11CD283A, - 01FA84E3FFF2B54C11CD283A, - 01FA84E4FFF2B54C11CD283A, - 01FA84E5FFF2B54C11CD283A, - 01FA84E6FFF2B54C11CD283A, - 01FA84E7FFF2B54C11CD283A, - 01FA84E8FFF2B54C11CD283A, - 01FA84E9FFF2B54C11CD283A, - 01FA84EAFFF2B54C11CD283A, - 01FA84EBFFF2B54C11CD283A, - 01FA84EDFFF2B54C11CD283A, - 01FA84EEFFF2B54C11CD283A, - 01FA84EFFFF2B54C11CD283A, - 01FA84F0FFF2B54C11CD283A, - 01FA84F2FFF2B54C11CD283A, - 01FA84F3FFF2B54C11CD283A, - 025C84BC0027360A11CD296C, - 01FA84F4FFF2B54C11CD283A, - 01FA84F5FFF2B54C11CD283A, - 01FA84F6FFF2B54C11CD283A, - 01FA84F7FFF2B54C11CD283A, - 01FA84F8FFF2B54C11CD283A, - 01FA84F9FFF2B54C11CD283A, - 01FA84FAFFF2B54C11CD283A, - 01FA84FBFFF2B54C11CD283A, - 01FA84FCFFF2B54C11CD283A, - 01FA84FDFFF2B54C11CD283A, - 01FA84FEFFF2B54C11CD283A, - 01FA84FFFFF2B54C11CD283A, - 01FA8517FFF2B54C11CD283A, - 01FA8518FFF2B54C11CD283A, - 01FA851AFFF2B54C11CD283A, - 01FA851BFFF2B54C11CD283A, - 01FA851CFFF2B54C11CD283A, - 01FA851DFFF2B54C11CD283A, - 01FA8520FFF2B54C11CD283A, - 01FA8521FFF2B54C11CD283A, - 01FA8522FFF2B54C11CD283A, - 01FA8523FFF2B54C11CD283A, - 01FA8524FFF2B54C11CD283A, - 01FA8525FFF2B54C11CD283A, - 01FA8526FFF2B54C11CD283A, - 01FA8527FFF2B54C11CD283A, - 01FA8529FFF2B54C11CD283A, - 01FA852AFFF2B54C11CD283A, - 01FA852BFFF2B54C11CD283A, - 01FA852CFFF2B54C11CD283A, - 01FA852DFFF2B54C11CD283A, - 01FA852FFFF2B54C11CD283A, - 01FA8530FFF2B54C11CD283A, - 01FA8531FFF2B54C11CD283A, - 01FA8532FFF2B54C11CD283A, - 01FA8546FFF2B54C11CD283A, - 01FA8548FFF2B54C11CD283A, - 01FA8549FFF2B54C11CD283A, - 01FA8929FFF2BE3511CD283A, - 01FA892AFFF2BE3511CD283A, - 01FA892BFFF2BE3511CD283A, - 01FA892CFFF2BE3511CD283A, - 01FA892DFFF2BE3511CD283A, - 03B76D49FFF2D31811CD283A, - 03B76D4AFFF2D35D11CD283A, - 56EB36FE03F83C7E0DCA289E, - 03B76D4BFFF2D35D11CD283A, - 03B76D4CFFF2D35D11CD283A, - 03B76D4DFFF2D35D11CD283A, - 2DFDC7A8FFF3E4ED11CD283A, - 31200C5CFFF3E57C11CD283A, - 338005E1FFF3E69711CD283A, - 0177F2DEFFFAA2D311CD283A, - 0177F2EAFFFAA2D311CD283A, - 0177F2F0FFFAA2D311CD283A, - 0177F2F4FFFAA2D311CD283A, - 0177F2F5FFFAA2D311CD283A, - 0177F2FAFFFAA2D311CD283A, - 0177F2FBFFFAA2D311CD283A, - 0177F2FCFFFAA2D311CD283A, - 0177F2FDFFFAA2D311CD283A, - 0177F354FFFAC61911CD283A, - 0177F30BFFFAA2D311CD283A, - 0177F315FFFAA2D311CD283A, - 0177F319FFFAA2D311CD283A, - 0177F31AFFFAA2D311CD283A, - 0177F31BFFFAA2D311CD283A, - 0177F31DFFFAA2D311CD283A, - 014989C0006AA1D111CD283A, - 014989C1006AA1D111CD283A, - 33BD042300838F447F000001, - 33BD042C00838FB17F000001, - 33BD042D00838FB17F000001, - 33BD042E00838FB17F000001, - 33BD0449008390257F000001, - 33BD044A008390257F000001, - 33BD044B008390257F000001, - 33BD044C008390257F000001, - 33BD044D008390257F000001, - 33BD044E008390257F000001, - 33BD044F008390257F000001, - 33BD0450008390257F000001, - 33BD0451008390257F000001, - 33BD0452008390257F000001, - 33BD0460008390B17F000001, - 33BD0464008391C07F000001, - F559B18D01D1510B01CA2E64, - 017B6CA8009748107F000001, - 2F4DD9A700A0A0767F000001, - 3290387000D6C5FE05CD296C, - 327DDDE300D6F8A605CD296C, - 327DDDE400D6F8A605CD296C, - 327DDDF800D7DB7505CD296C, - 32604C2800E3C14505CD296C, - 3272260B00E3C75605CD296C, - 3267644900EBF3AA05CD296C, - F58785CA00FB966001CD29D4, - 9D8B6A2B015A48F500A17CD1, - 9D51868D018F27B500003D05, - 9D51868E018F27B500003D05, - 9D51868F018F27B500003D05, - 9D1DEC1A0198777400003D05, - 9D69C0270198A8E100003D05, - 9D69C02B019AF15E00003D05, - 9D64BAEC019AFD7900003D05, - 326618CE01C6844D05CA2E77, - 9D8F0D2001C80C0C00003D05, - 32554D7B01F4C97305CA2E77, - 9D78BC7301EBB3F900003D05, - 9D78BC7701EBBBED00003D05, - F54323C7022DC98301CA2E64, - F5786217022F1DA301CA2E64, - F54323C9022DC98301CA2E64, - F57861CC022F0F3801CA2E64, - F5786172022EDDE501CA2E64, - F5786180022EDE6401CA2E64, - 8F7ACD2C02357F2503CA2E8C, - F578617A022EDE2B01CA2E64, - 9D2F711403156A7800003D05, - F57861F8022F12FC01CA2E64, - F57861C0022EEF1B01CA2E64, - F578617C022EDE3F01CA2E64, - 4C2ACAB8044267EE00CA2E66, - F57861C4022EEF3401CA2E64, - F57861CA022F0D0A01CA2E64, - BD6FEB7303A5642B03CA2E64, - F5786174022EDDFB01CA2E64, - F5786176022EDE0501CA2E64, - F5786178022EDE1701CA2E64, - F578617E022EDE5C01CA2E64, - F57861C2022EEF2601CA2E64, - F57861C8022EFAE501CA2E64, - F57861C6022EEF4701CA2E64, - 5BA4A43101F4E3F604CA2E82, - F5786226022F32E001CA2E64, - F578622E022F37EB01CA2E64, - F5786233022F39A101CA2E64, - F578623A022F48C601CA2E64, - F578623D023024CC01CA2E64, - F55B3B480230375401CA2E64, - F55B3B4C02303B2A01CA2E64, - F55B3B500230448601CA2E64, - F55B3B7B02304A6001CA2E64, - 32867BAA0231611A05CA2E77, - 32867BAE02316C3905CA2E77, - 32867BB502316E3305CA2E77, - 320F60A00234113505CA2E77, - 8F7ACD320235805903CA2E8C, - 3244148A0236DD1505CA2E77, - 3244148F023837A505CA2E77, - F5A7F71D023D972201CA2E64, - 563FC2B203F845EC0DCA289E, - 563FC2B303F845EC0DCA289E, - F5394A1C0279082901CA2E64, - 3206D1FE029996FC05CA2E77, - 9DD4620103119BCE00003D05, - 9D347A7F038031F000003D05, - 9D347A80038031F100003D05, - 9D347A81038031F200003D05, - 9D347A82038031F300003D05, - 9D347A83038031F400003D05, - 9D347A84038031F500003D05, - 9D347A85038031F600003D05, - 9D347A86038031F700003D05, - 05293B8A043916C100003D05, - C2908499042BC01100CA2E77, - C284B43F042F847900CA2E77, - C2A6D4E1042FC54000CA2E77, - C2B484990450D42900CA2E77, - C213880F0455C01F00CA2E77, - C2952B0D044B55BB00CA2E77, - C2227D96044F404900CA2E77, - 408F00D6045E0650009D840B, - 4EE175A50459EC6F0036F88D, - C2AE352C0469781800CA2E77, - C244C1360479624A00CA2E77, - 52807AD504A3D56C00F46CAB, - 4046155904EE76E70001454E, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 0867D69EFE84028FC02AAC07 = { - buildActionMask = 2147483647; - files = ( - 01FA8609FFF2B54C11CD283A, - 9D64BAF0019B173900003D05, - 9D64BAF4019B176200003D05, - 9D64BAF5019B176200003D05, - 9D64BAF6019B176200003D05, - 9DAE2E2701A2E63800003D05, - 9DAE2E2801A2E63800003D05, - 9DAE2E2B01A2F93200003D05, - 9DAE2E2C01A2F93200003D05, - 9D09B90801B4314500003D05, - 9DAE2E2F01A3378A00003D05, - 9DAE2E3001A3378A00003D05, - 9DAE2E3601A43D6B00003D05, - 9DAE2E3701A43D6B00003D05, - 9DAE2E3801A43D6B00003D05, - 9DAE2E3901A43D6B00003D05, - 9DA13D0501B4638200003D05, - 52807AD204A3D4B800F46CAB, - 5274775904CDF08D00F0AE7D, - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 0867D69FFE84028FC02AAC07 = { - buildActionMask = 2147483647; - files = ( - 01FA86DAFFF2B54C11CD283A, - 01FA86DBFFF2B54C11CD283A, - 01FA86DCFFF2B54C11CD283A, - 01FA86DDFFF2B54C11CD283A, - 01FA86DEFFF2B54C11CD283A, - 01FA86DFFFF2B54C11CD283A, - 01FA86E0FFF2B54C11CD283A, - 01FA86E1FFF2B54C11CD283A, - 01FA86E2FFF2B54C11CD283A, - 01FA86E3FFF2B54C11CD283A, - 01FA86E4FFF2B54C11CD283A, - 01FA86E5FFF2B54C11CD283A, - 01FA86E6FFF2B54C11CD283A, - 01FA86E7FFF2B54C11CD283A, - 01FA86E9FFF2B54C11CD283A, - 01FA86EAFFF2B54C11CD283A, - 01FA86EBFFF2B54C11CD283A, - 01FA86ECFFF2B54C11CD283A, - 01FA86EDFFF2B54C11CD283A, - 01FA86EFFFF2B54C11CD283A, - 01FA86F0FFF2B54C11CD283A, - 01FA86F1FFF2B54C11CD283A, - 01FA86F3FFF2B54C11CD283A, - 01FA86F4FFF2B54C11CD283A, - 01FA86F5FFF2B54C11CD283A, - 01FA86F6FFF2B54C11CD283A, - 01FA86F7FFF2B54C11CD283A, - 01FA86F8FFF2B54C11CD283A, - 01FA86F9FFF2B54C11CD283A, - 01FA86FAFFF2B54C11CD283A, - 01FA86FCFFF2B54C11CD283A, - 01FA86FDFFF2B54C11CD283A, - 01FA86FEFFF2B54C11CD283A, - 01FA86FFFFF2B54C11CD283A, - 01FA8700FFF2B54C11CD283A, - 01FA8701FFF2B54C11CD283A, - 01FA8702FFF2B54C11CD283A, - 01FA8703FFF2B54C11CD283A, - 01FA8704FFF2B54C11CD283A, - 01FA8705FFF2B54C11CD283A, - 01FA8706FFF2B54C11CD283A, - 01FA8707FFF2B54C11CD283A, - 01FA8708FFF2B54C11CD283A, - 01FA8709FFF2B54C11CD283A, - 01FA870AFFF2B54C11CD283A, - 01FA870BFFF2B54C11CD283A, - 01FA870CFFF2B54C11CD283A, - 01FA870DFFF2B54C11CD283A, - 01FA870EFFF2B54C11CD283A, - 01FA870FFFF2B54C11CD283A, - 01FA8710FFF2B54C11CD283A, - 01FA8711FFF2B54C11CD283A, - 01FA8712FFF2B54C11CD283A, - 01FA8713FFF2B54C11CD283A, - 01FA8714FFF2B54C11CD283A, - 01FA8715FFF2B54C11CD283A, - 01FA8716FFF2B54C11CD283A, - 01FA8717FFF2B54C11CD283A, - 01FA8718FFF2B54C11CD283A, - 01FA871BFFF2B54C11CD283A, - 01FA871CFFF2B54C11CD283A, - 01FA871EFFF2B54C11CD283A, - 01FA871FFFF2B54C11CD283A, - 01FA8720FFF2B54C11CD283A, - 01FA8721FFF2B54C11CD283A, - 01FA8722FFF2B54C11CD283A, - 01FA8724FFF2B54C11CD283A, - 01FA8725FFF2B54C11CD283A, - 01FA8726FFF2B54C11CD283A, - 01FA8727FFF2B54C11CD283A, - 01FA8728FFF2B54C11CD283A, - 01FA8729FFF2B54C11CD283A, - 01FA872AFFF2B54C11CD283A, - 01FA872BFFF2B54C11CD283A, - 01FA872CFFF2B54C11CD283A, - 01FA872DFFF2B54C11CD283A, - 01FA872EFFF2B54C11CD283A, - 01FA872FFFF2B54C11CD283A, - 01FA8730FFF2B54C11CD283A, - 01FA874FFFF2B54C11CD283A, - 01FA8751FFF2B54C11CD283A, - 01FA8752FFF2B54C11CD283A, - 01FA8754FFF2B54C11CD283A, - 01FA8755FFF2B54C11CD283A, - 01FA8756FFF2B54C11CD283A, - 01FA8757FFF2B54C11CD283A, - 01FA8758FFF2B54C11CD283A, - 01FA875AFFF2B54C11CD283A, - 01FA875CFFF2B54C11CD283A, - 01FA875DFFF2B54C11CD283A, - 01FA8760FFF2B54C11CD283A, - 01FA8761FFF2B54C11CD283A, - 01FA8762FFF2B54C11CD283A, - 01FA8763FFF2B54C11CD283A, - 01FA8764FFF2B54C11CD283A, - 01FA8765FFF2B54C11CD283A, - 01FA8766FFF2B54C11CD283A, - 01FA8767FFF2B54C11CD283A, - 01FA8769FFF2B54C11CD283A, - 01FA876AFFF2B54C11CD283A, - 01FA876BFFF2B54C11CD283A, - 01FA876CFFF2B54C11CD283A, - 01FA876DFFF2B54C11CD283A, - 01FA876EFFF2B54C11CD283A, - 01FA876FFFF2B54C11CD283A, - 01FA8783FFF2B54C11CD283A, - 01FA8786FFF2B54C11CD283A, - 01FA8787FFF2B54C11CD283A, - 01FA8930FFF2BE3511CD283A, - 01FA8931FFF2BE3511CD283A, - 01FA8932FFF2BE3511CD283A, - 01FA8933FFF2BE3511CD283A, - 01FA8936FFF2BE3511CD283A, - 03B76D4EFFF2D35D11CD283A, - 03B76D4FFFF2D35D11CD283A, - 563FC2B003F8456F0DCA289E, - 563FC2B103F8456F0DCA289E, - 03B76D51FFF2D43011CD283A, - 0177F323FFFAA2D311CD283A, - 0177F32CFFFAA2D311CD283A, - 0177F332FFFAA2D311CD283A, - 0177F334FFFAA2D311CD283A, - 0177F335FFFAA2D311CD283A, - 0177F33AFFFAA2D311CD283A, - 0177F33BFFFAA2D311CD283A, - 0177F33CFFFAA2D311CD283A, - 0177F355FFFAC61911CD283A, - 0177F344FFFAA2D311CD283A, - 0177F349FFFAA2D311CD283A, - 0177F34BFFFAA2D311CD283A, - 0177F34EFFFAA2D311CD283A, - 0177F350FFFAA2D311CD283A, - 33BD042400838F447F000001, - 33BD042F00838FB17F000001, - 33BD043000838FB17F000001, - 33BD043100838FB17F000001, - 33BD0454008390257F000001, - 33BD0455008390257F000001, - 33BD0456008390257F000001, - 33BD0457008390257F000001, - 33BD0458008390257F000001, - 33BD0459008390257F000001, - 33BD045A008390257F000001, - 33BD045B008390257F000001, - 33BD045C008390257F000001, - 33BD045D008390257F000001, - 33BD0461008390B17F000001, - 33BD0465008391C07F000001, - 017B6CA9009748107F000001, - 2F4DD9A800A0A0767F000001, - 3290387100D6C5FE05CD296C, - 327DDDE500D6F8A605CD296C, - 327DDDE600D6F8A605CD296C, - 327DDDF900D7DB7605CD296C, - 32604C2900E3C14505CD296C, - 3272260C00E3C75705CD296C, - F58785CB00FB966001CD29D4, - 9D518690018F27B500003D05, - 9D518692018F27B500003D05, - 9D518693018F27B500003D05, - 9D518694018F27B500003D05, - 9D1DEC1C0198796200003D05, - 9D69C0290198AB3700003D05, - 9D64BAEA019AF3B800003D05, - 9D64BAEE019AFE3700003D05, - 326618CF01C6844D05CA2E77, - 9D78BC7501EBB71A00003D05, - 9D78BC7901EBCA2400003D05, - 9D78BC7B01ECA79D00003D05, - 5BA4A43301F4E3F604CA2E82, - F54323C6022DC98301CA2E64, - F54323C8022DC98301CA2E64, - F57861FB022F1A9301CA2E64, - F57861FD022F1AA001CA2E64, - F57861FF022F1AAB01CA2E64, - F5786201022F1B4001CA2E64, - F5786203022F1B5001CA2E64, - F5786205022F1B5901CA2E64, - F5786207022F1B6501CA2E64, - F5786209022F1B6F01CA2E64, - F578620B022F1B7901CA2E64, - F578620D022F1B8701CA2E64, - F578620F022F1B9301CA2E64, - F5786211022F1B9C01CA2E64, - F5786213022F1BA801CA2E64, - F5786215022F1BB601CA2E64, - F5786227022F32E001CA2E64, - F578622F022F37EB01CA2E64, - F5786232022F39A101CA2E64, - F5786239022F48C601CA2E64, - F578623E023024CC01CA2E64, - F55B3B490230375401CA2E64, - F55B3B4D02303B2A01CA2E64, - F55B3B510230448601CA2E64, - F55B3B7C02304A6001CA2E64, - 32867BA90231611A05CA2E77, - 32867BAD02316C3905CA2E77, - 32867BB402316E3305CA2E77, - 320F609F0234113505CA2E77, - 8F7ACD2D02357F2503CA2E8C, - 8F7ACD330235805903CA2E8C, - 324414890236DD1505CA2E77, - 3244148E023837A505CA2E77, - 32623CFD024BBA3B05CA2E77, - 3206D1FD029996FC05CA2E77, - C2908498042BC01100CA2E77, - C284B441042F856A00CA2E77, - C2227D97044F404900CA2E77, - C2AE352B0469781800CA2E77, - 52807AD304A3D4B800F46CAB, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 0867D6A0FE84028FC02AAC07 = { - buildActionMask = 2147483647; - files = ( - 125E85AEFFF3D44A11CD283A, - 325EAA2A00D6B24005CD296C, - 325EAA2B00D6B24005CD296C, - 325EAA2C00D6B24005CD296C, - 325EAA2D00D6B24005CD296C, - 325EAA2E00D6B24005CD296C, - 327DDDFB00D7E81F05CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 0867D6A2FE84028FC02AAC07 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; -//080 -//081 -//082 -//083 -//084 -//0A0 -//0A1 -//0A2 -//0A3 -//0A4 - 0AD5441E0003C2C511CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecurityServer.order; - refType = 4; - }; -//0A0 -//0A1 -//0A2 -//0A3 -//0A4 -//0F0 -//0F1 -//0F2 -//0F3 -//0F4 - 0F404EB6008616EE7F000001 = { - children = ( - 0F404EB9008618137F000001, - 0F404EBA008618137F000001, - 0F404EBB008618137F000001, - 0F404EBC008618137F000001, - 0F404EBF008618137F000001, - 0F404EC0008618137F000001, - 0F404EC1008618137F000001, - 0F404EC2008618137F000001, - 0F404EC3008618137F000001, - 0F404EC4008618137F000001, - 3264486400D54DD305CD296C, - 3264486500D54DD305CD296C, - 0F404EC5008618137F000001, - 0F404EC7008618137F000001, - 0F404ECA008618137F000001, - 0F404ECB008618137F000001, - 4D37AD3A00AA03857F000001, - 4D37AD3900AA03857F000001, - 4D37AD3C00AA03857F000001, - 4D37AD3B00AA03857F000001, - 4D37AD3E00AA03857F000001, - 4D37AD3D00AA03857F000001, - 4D37AD3F00AA03857F000001, - 4D37AD4100AA03857F000001, - 4D37AD4000AA03857F000001, - 0F404ECC008618137F000001, - 0F404ED5008618137F000001, - ); - isa = PBXGroup; - path = Network; - refType = 4; - }; - 0F404EB9008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = protocol.h; - refType = 4; - }; - 0F404EBA008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = protocol.cpp; - refType = 4; - }; - 0F404EBB008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = transfer.h; - refType = 4; - }; - 0F404EBC008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = transfer.cpp; - refType = 4; - }; - 0F404EBF008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = connectionpool.h; - refType = 4; - }; - 0F404EC0008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = connectionpool.cpp; - refType = 4; - }; - 0F404EC1008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = target.h; - refType = 4; - }; - 0F404EC2008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = target.cpp; - refType = 4; - }; - 0F404EC3008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = observer.h; - refType = 4; - }; - 0F404EC4008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = observer.cpp; - refType = 4; - }; - 0F404EC5008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = parameters.h; - refType = 4; - }; - 0F404EC7008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = parameters.cpp; - refType = 4; - }; - 0F404ECA008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = xfercore.h; - refType = 4; - }; - 0F404ECB008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = xfercore.cpp; - refType = 4; - }; - 0F404ECC008618137F000001 = { - children = ( - 0F404ECD008618137F000001, - 0F404ECE008618137F000001, - 0F404ECF008618137F000001, - 0F404ED0008618137F000001, - 0F404ED1008618137F000001, - 0F404ED2008618137F000001, - 0F404ED3008618137F000001, - 0F404ED4008618137F000001, - 21781539008B941B7F000001, - 2178153A008B941B7F000001, - 01827D09008CB8707F000001, - 01827D0A008CB8707F000001, - 017A54F20094AAE57F000001, - 017A54F30094AAE57F000001, - ); - isa = PBXGroup; - name = Protocols; - refType = 4; - }; - 0F404ECD008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "file-protocol.h"; - refType = 4; - }; - 0F404ECE008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "file-protocol.cpp"; - refType = 4; - }; - 0F404ECF008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ftp-protocol.h"; - refType = 4; - }; - 0F404ED0008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ftp-protocol.cpp"; - refType = 4; - }; - 0F404ED1008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "http-protocol.h"; - refType = 4; - }; - 0F404ED2008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "http-protocol.cpp"; - refType = 4; - }; - 0F404ED3008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "https-protocol.h"; - refType = 4; - }; - 0F404ED4008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "https-protocol.cpp"; - refType = 4; - }; - 0F404ED5008618137F000001 = { - children = ( - 0F404ED6008618137F000001, - 0F404ED7008618137F000001, - ); - isa = PBXGroup; - name = Managers; - refType = 4; - }; - 0F404ED6008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = simplemanager.h; - refType = 4; - }; - 0F404ED7008618137F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = simplemanager.cpp; - refType = 4; - }; -//0F0 -//0F1 -//0F2 -//0F3 -//0F4 -//120 -//121 -//122 -//123 -//124 - 125E85A8FFF3CDEF11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = xdatabase.cpp; - refType = 4; - }; - 125E85A9FFF3CDEF11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = xdatabase.h; - refType = 4; - }; - 125E85ADFFF3D44A11CD283A = { - isa = PBXFrameworkReference; - name = CoreFoundation.framework; - path = /System/Library/Frameworks/CoreFoundation.framework; - refType = 0; - }; - 125E85AEFFF3D44A11CD283A = { - fileRef = 125E85ADFFF3D44A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85AFFFF3D51B11CD283A = { - fileRef = 01FA819FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85B0FFF3D51B11CD283A = { - fileRef = 01FA81A1FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85B1FFF3D51B11CD283A = { - fileRef = 01FA81A3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85B2FFF3D51B11CD283A = { - fileRef = 01FA81A5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85B3FFF3D51B11CD283A = { - fileRef = 01FA81AAFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85B4FFF3D51B11CD283A = { - fileRef = 01FA819EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85B5FFF3D51B11CD283A = { - fileRef = 01FA81A0FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85B6FFF3D51B11CD283A = { - fileRef = 01FA81A2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85B7FFF3D51B11CD283A = { - fileRef = 01FA81A4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85B8FFF3D51B11CD283A = { - fileRef = 01FA81A9FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85B9FFF3D54811CD283A = { - fileRef = 01FA81B3FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85BAFFF3D54811CD283A = { - fileRef = 01FA81B5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85BBFFF3D54811CD283A = { - fileRef = 01FA81B9FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85BCFFF3D54811CD283A = { - fileRef = 01FA81B2FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85BDFFF3D54811CD283A = { - fileRef = 01FA81B4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85BEFFF3D54811CD283A = { - fileRef = 01FA81B8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - COMPILER_FLAGS = "-Wno-invalid-offsetof"; - }; - }; - 125E85BFFFF3D5ED11CD283A = { - fileRef = 01FA81BDFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C0FFF3D5ED11CD283A = { - fileRef = 01FA8219FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C1FFF3D5ED11CD283A = { - fileRef = 01FA821BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C2FFF3D5ED11CD283A = { - fileRef = 01FA821DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C3FFF3D5ED11CD283A = { - fileRef = 01FA821EFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C4FFF3D5ED11CD283A = { - fileRef = 01FA8221FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C5FFF3D5ED11CD283A = { - fileRef = 01FA8223FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C6FFF3D5ED11CD283A = { - fileRef = 01FA8225FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C7FFF3D5ED11CD283A = { - fileRef = 125E85A9FFF3CDEF11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85C8FFF3D5ED11CD283A = { - fileRef = 01FA81BCFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85C9FFF3D5ED11CD283A = { - fileRef = 01FA8214FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85CAFFF3D5ED11CD283A = { - fileRef = 01FA8218FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85CCFFF3D5ED11CD283A = { - fileRef = 01FA8220FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85CDFFF3D5ED11CD283A = { - fileRef = 01FA8222FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85CEFFF3D5ED11CD283A = { - fileRef = 01FA8224FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85CFFFF3D5ED11CD283A = { - fileRef = 01FA823AFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85D0FFF3D5ED11CD283A = { - fileRef = 125E85A8FFF3CDEF11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85D1FFF3D5ED11CD283A = { - fileRef = 01FA891BFFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85D4FFF3D67D11CD283A = { - isa = PBXLibraryReference; - path = libSecurityAgentServer.a; - refType = 3; - }; - 125E85D5FFF3D67D11CD283A = { - buildPhases = ( - 125E85D6FFF3D67D11CD283A, - 125E85D7FFF3D67D11CD283A, - 125E85D9FFF3D67D11CD283A, - 125E85DAFFF3D67D11CD283A, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/include\""; - INSTALL_PATH = /usr/local/lib; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libSecurityAgentServer.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 125E85DCFFF3D76D11CD283A, - ); - isa = PBXLibraryTarget; - name = "SecurityAgent Server"; - productInstallPath = /usr/local/lib; - productName = "SecurityAgent Server"; - productReference = 125E85D4FFF3D67D11CD283A; - }; - 125E85D6FFF3D67D11CD283A = { - buildActionMask = 2147483647; - files = ( - 125E8606FFF3DB3E11CD283A, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 125E85D7FFF3D67D11CD283A = { - buildActionMask = 2147483647; - files = ( - 125E85D8FFF3D67D11CD283A, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 125E85D8FFF3D67D11CD283A = { - fileRef = 01FA8917FFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85D9FFF3D67D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 125E85DAFFF3D67D11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 125E85DCFFF3D76D11CD283A = { - isa = PBXTargetDependency; - target = 01FA88F0FFF2B96911CD283A; - }; - 125E8604FFF3D96711CD283A = { - isa = PBXTargetDependency; - target = 125E85D5FFF3D67D11CD283A; - }; - 125E8606FFF3DB3E11CD283A = { - fileRef = 01FA821BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; -//120 -//121 -//122 -//123 -//124 -//160 -//161 -//162 -//163 -//164 - 1691956B009480BC7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RawSigner.h; - path = AppleCSP/AppleCSP/RawSigner.h; - refType = 2; - }; - 1691956C009480BC7F000001 = { - fileRef = 1691956B009480BC7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691956D009485A47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SignatureContext.h; - refType = 4; - }; - 1691956E009485A47F000001 = { - fileRef = 1691956D009485A47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691956F009486767F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SignatureContext.cpp; - refType = 4; - }; - 16919570009486767F000001 = { - fileRef = 1691956F009486767F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195710094A2ED7F000001 = { - children = ( - 59375E6D00A849237F000001, - 2C5247ED007A39B47F000001, - 2C5247EC007A39B47F000001, - 2C5247EE007A39B47F000001, - 57FCEE8B007A7B2F7F000001, - 52BFC306007A6A1B7F000001, - 4A4C766D007A4E317F000001, - 4A4C766C007A4E317F000001, - 4A4C7672007A4E657F000001, - ); - isa = PBXGroup; - name = misc; - path = ""; - refType = 4; - }; - 169195720094A2ED7F000001 = { - children = ( - 169195DF0094A8577F000001, - 169195E00094A8577F000001, - 169195E10094A8577F000001, - 169195E20094A8577F000001, - 169195E40094A8577F000001, - 169195E50094A8577F000001, - 169195E60094A8577F000001, - 169195E70094A8577F000001, - 169195E80094A8577F000001, - 169195E90094A8577F000001, - 169195EA0094A8577F000001, - 59375E6E00A849237F000001, - 169195EB0094A8577F000001, - 2C5247EB007A39B47F000001, - 169195EC0094A8577F000001, - 01D5634800974F7C7F000001, - 169195EE0094A8577F000001, - 2C5247EF007A39B47F000001, - 52BFC304007A6A1B7F000001, - 4A4C766E007A4E317F000001, - 169195EF0094A8577F000001, - 169195F00094A8577F000001, - 169195F10094A8577F000001, - 07E4D6E400A0CD8D7F000001, - 169195F30094A8577F000001, - 169195F20094A8577F000001, - 9D29187F026B504700003D05, - 057C0BBB0456E18300BA3D3B, - 057C0BD704581E6800BA3D3B, - ); - isa = PBXGroup; - name = openssl; - refType = 4; - }; - 169195730094A5A87F000001 = { - children = ( - 169195740094A5A87F000001, - ); - isa = PBXGroup; - name = stack; - refType = 4; - }; - 169195740094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = stack.c; - path = stack/stack.c; - refType = 4; - }; - 169195750094A5A87F000001 = { - children = ( - 169195760094A5A87F000001, - 169195770094A5A87F000001, - 169195780094A5A87F000001, - 169195790094A5A87F000001, - 1691957A0094A5A87F000001, - 1691957B0094A5A87F000001, - 1691957C0094A5A87F000001, - 1691957E0094A5A87F000001, - 1691957F0094A5A87F000001, - 169195800094A5A87F000001, - 169195810094A5A87F000001, - ); - isa = PBXGroup; - name = rsa; - refType = 4; - }; - 169195760094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_chk.c; - path = rsa/rsa_chk.c; - refType = 4; - }; - 169195770094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_eay.c; - path = rsa/rsa_eay.c; - refType = 4; - }; - 169195780094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_err.c; - path = rsa/rsa_err.c; - refType = 4; - }; - 169195790094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_gen.c; - path = rsa/rsa_gen.c; - refType = 4; - }; - 1691957A0094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_lib.c; - path = rsa/rsa_lib.c; - refType = 4; - }; - 1691957B0094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_none.c; - path = rsa/rsa_none.c; - refType = 4; - }; - 1691957C0094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_null.c; - path = rsa/rsa_null.c; - refType = 4; - }; - 1691957E0094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_pk1.c; - path = rsa/rsa_pk1.c; - refType = 4; - }; - 1691957F0094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_saos.c; - path = rsa/rsa_saos.c; - refType = 4; - }; - 169195800094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_sign.c; - path = rsa/rsa_sign.c; - refType = 4; - }; - 169195810094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa_ssl.c; - path = rsa/rsa_ssl.c; - refType = 4; - }; - 169195820094A5A87F000001 = { - children = ( - 169195830094A5A87F000001, - ); - isa = PBXGroup; - name = lhash; - refType = 4; - }; - 169195830094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = lhash.c; - path = lhash/lhash.c; - refType = 4; - }; - 169195840094A5A87F000001 = { - children = ( - 169195860094A5A87F000001, - 169195870094A5A87F000001, - ); - isa = PBXGroup; - name = err; - refType = 4; - }; - 169195860094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = err_prn.c; - path = err/err_prn.c; - refType = 4; - }; - 169195870094A5A87F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = err.c; - path = err/err.c; - refType = 4; - }; - 169195880094A5A87F000001 = { - children = ( - 1691959C0094A63C7F000001, - 1691959D0094A63C7F000001, - 1691959E0094A63C7F000001, - 1691959F0094A63C7F000001, - 169195A00094A63C7F000001, - 169195A10094A63C7F000001, - 169195A20094A63C7F000001, - 169195A30094A63C7F000001, - 169195A40094A63C7F000001, - 169195A50094A63C7F000001, - 169195A60094A63C7F000001, - 169195A70094A63C7F000001, - 169195A80094A63C7F000001, - 169195A90094A63C7F000001, - 169195AA0094A63C7F000001, - 169195AB0094A63C7F000001, - 169195AC0094A63C7F000001, - 169195AD0094A63C7F000001, - 169195AE0094A63C7F000001, - 169195AF0094A63C7F000001, - 169195B00094A63C7F000001, - 169195B10094A63C7F000001, - ); - isa = PBXGroup; - name = bn; - refType = 4; - }; - 169195890094A5A87F000001 = { - children = ( - 169195B20094A63C7F000001, - 169195B30094A63C7F000001, - ); - isa = PBXGroup; - name = bio; - refType = 4; - }; - 1691958A0094A5A87F000001 = { - children = ( - 169195B40094A63C7F000001, - 169195B50094A63C7F000001, - ); - isa = PBXGroup; - name = buffer; - path = ""; - refType = 4; - }; - 1691958B0094A5A87F000001 = { - fileRef = 169195740094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691958C0094A5A87F000001 = { - fileRef = 169195760094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691958D0094A5A87F000001 = { - fileRef = 169195770094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691958E0094A5A87F000001 = { - fileRef = 169195780094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691958F0094A5A87F000001 = { - fileRef = 169195790094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195900094A5A87F000001 = { - fileRef = 1691957A0094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195910094A5A87F000001 = { - fileRef = 1691957B0094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195920094A5A87F000001 = { - fileRef = 1691957C0094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195940094A5A87F000001 = { - fileRef = 1691957E0094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195950094A5A87F000001 = { - fileRef = 1691957F0094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195960094A5A87F000001 = { - fileRef = 169195800094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195970094A5A87F000001 = { - fileRef = 169195810094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195980094A5A87F000001 = { - fileRef = 169195830094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691959A0094A5A87F000001 = { - fileRef = 169195860094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691959B0094A5A87F000001 = { - fileRef = 169195870094A5A87F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1691959C0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_add.c; - path = bn/bn_add.c; - refType = 4; - }; - 1691959D0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_asm.c; - path = bn/bn_asm.c; - refType = 4; - }; - 1691959E0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_blind.c; - path = bn/bn_blind.c; - refType = 4; - }; - 1691959F0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_ctx.c; - path = bn/bn_ctx.c; - refType = 4; - }; - 169195A00094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_div.c; - path = bn/bn_div.c; - refType = 4; - }; - 169195A10094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_err.c; - path = bn/bn_err.c; - refType = 4; - }; - 169195A20094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_exp.c; - path = bn/bn_exp.c; - refType = 4; - }; - 169195A30094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_exp2.c; - path = bn/bn_exp2.c; - refType = 4; - }; - 169195A40094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_gcd.c; - path = bn/bn_gcd.c; - refType = 4; - }; - 169195A50094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_lcl.h; - path = bn/bn_lcl.h; - refType = 4; - }; - 169195A60094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_lib.c; - path = bn/bn_lib.c; - refType = 4; - }; - 169195A70094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_mont.c; - path = bn/bn_mont.c; - refType = 4; - }; - 169195A80094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_mpi.c; - path = bn/bn_mpi.c; - refType = 4; - }; - 169195A90094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_mul.c; - path = bn/bn_mul.c; - refType = 4; - }; - 169195AA0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_prime.c; - path = bn/bn_prime.c; - refType = 4; - }; - 169195AB0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_prime.h; - path = bn/bn_prime.h; - refType = 4; - }; - 169195AC0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_print.c; - path = bn/bn_print.c; - refType = 4; - }; - 169195AD0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_rand.c; - path = bn/bn_rand.c; - refType = 4; - }; - 169195AE0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_recp.c; - path = bn/bn_recp.c; - refType = 4; - }; - 169195AF0094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_shift.c; - path = bn/bn_shift.c; - refType = 4; - }; - 169195B00094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_sqr.c; - path = bn/bn_sqr.c; - refType = 4; - }; - 169195B10094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn_word.c; - path = bn/bn_word.c; - refType = 4; - }; - 169195B20094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bio_lib.c; - path = bio/bio_lib.c; - refType = 4; - }; - 169195B30094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bss_file.c; - path = bio/bss_file.c; - refType = 4; - }; - 169195B40094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = buf_err.c; - path = buffer/buf_err.c; - refType = 4; - }; - 169195B50094A63C7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = buffer.c; - path = buffer/buffer.c; - refType = 4; - }; - 169195B60094A63C7F000001 = { - fileRef = 169195A50094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195B70094A63C7F000001 = { - fileRef = 169195AB0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195B80094A63C7F000001 = { - fileRef = 1691959C0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195B90094A63C7F000001 = { - fileRef = 1691959D0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BA0094A63C7F000001 = { - fileRef = 1691959E0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BB0094A63C7F000001 = { - fileRef = 1691959F0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BC0094A63C7F000001 = { - fileRef = 169195A00094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BD0094A63C7F000001 = { - fileRef = 169195A10094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BE0094A63C7F000001 = { - fileRef = 169195A20094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195BF0094A63C7F000001 = { - fileRef = 169195A30094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C00094A63C7F000001 = { - fileRef = 169195A40094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C10094A63C7F000001 = { - fileRef = 169195A60094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C20094A63C7F000001 = { - fileRef = 169195A70094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C30094A63C7F000001 = { - fileRef = 169195A80094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C40094A63C7F000001 = { - fileRef = 169195A90094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C50094A63C7F000001 = { - fileRef = 169195AA0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C60094A63C7F000001 = { - fileRef = 169195AC0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C70094A63C7F000001 = { - fileRef = 169195AD0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C80094A63C7F000001 = { - fileRef = 169195AE0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195C90094A63C7F000001 = { - fileRef = 169195AF0094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CA0094A63C7F000001 = { - fileRef = 169195B00094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CB0094A63C7F000001 = { - fileRef = 169195B10094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CC0094A63C7F000001 = { - fileRef = 169195B20094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CD0094A63C7F000001 = { - fileRef = 169195B30094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CE0094A63C7F000001 = { - fileRef = 169195B40094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195CF0094A63C7F000001 = { - fileRef = 169195B50094A63C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195D00094A6FD7F000001 = { - children = ( - 169195D70094A7427F000001, - 169195D80094A7427F000001, - 05F88FC00410032C00003D05, - 05F88FC10410032C00003D05, - 05F88FC20410032C00003D05, - 05F88FC30410032C00003D05, - ); - isa = PBXGroup; - name = opensslUtils; - refType = 4; - }; - 169195D10094A6FD7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptlib.c; - refType = 4; - }; - 169195D20094A6FD7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ex_data.c; - refType = 4; - }; - 169195D30094A6FD7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = mem.c; - refType = 4; - }; - 169195D40094A6FD7F000001 = { - fileRef = 169195D10094A6FD7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195D50094A6FD7F000001 = { - fileRef = 169195D20094A6FD7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195D60094A6FD7F000001 = { - fileRef = 169195D30094A6FD7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195D70094A7427F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslUtils.cpp; - path = opensslUtils/opensslUtils.cpp; - refType = 4; - }; - 169195D80094A7427F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslUtils.h; - path = opensslUtils/opensslUtils.h; - refType = 4; - }; - 169195DB0094A7427F000001 = { - fileRef = 169195D80094A7427F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195DD0094A7427F000001 = { - fileRef = 169195D70094A7427F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195DF0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = asn1.h; - path = openssl/asn1.h; - refType = 4; - }; - 169195E00094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bio.h; - path = openssl/bio.h; - refType = 4; - }; - 169195E10094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = bn.h; - path = openssl/bn.h; - refType = 4; - }; - 169195E20094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = buffer.h; - path = openssl/buffer.h; - refType = 4; - }; - 169195E30094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cryptlib.h; - refType = 4; - }; - 169195E40094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = crypto.h; - path = openssl/crypto.h; - refType = 4; - }; - 169195E50094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dsa.h; - path = openssl/dsa.h; - refType = 4; - }; - 169195E60094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = e_os.h; - path = openssl/e_os.h; - refType = 4; - }; - 169195E70094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = e_os2.h; - path = openssl/e_os2.h; - refType = 4; - }; - 169195E80094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = err.h; - path = openssl/err.h; - refType = 4; - }; - 169195E90094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = evp.h; - path = openssl/evp.h; - refType = 4; - }; - 169195EA0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = lhash.h; - path = openssl/lhash.h; - refType = 4; - }; - 169195EB0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = objects.h; - path = openssl/objects.h; - refType = 4; - }; - 169195EC0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslv.h; - path = openssl/opensslv.h; - refType = 4; - }; - 169195EE0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rand.h; - path = openssl/rand.h; - refType = 4; - }; - 169195EF0094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rsa.h; - path = openssl/rsa.h; - refType = 4; - }; - 169195F00094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = safestack.h; - path = openssl/safestack.h; - refType = 4; - }; - 169195F10094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = stack.h; - path = openssl/stack.h; - refType = 4; - }; - 169195F20094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = x509_vfy.h; - path = openssl/x509_vfy.h; - refType = 4; - }; - 169195F30094A8577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = x509.h; - path = openssl/x509.h; - refType = 4; - }; - 169195F40094A8577F000001 = { - fileRef = 169195DF0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195F50094A8577F000001 = { - fileRef = 169195E00094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195F60094A8577F000001 = { - fileRef = 169195E10094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195F70094A8577F000001 = { - fileRef = 169195E20094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195F80094A8577F000001 = { - fileRef = 169195E30094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195F90094A8577F000001 = { - fileRef = 169195E40094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FA0094A8577F000001 = { - fileRef = 169195E50094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FB0094A8577F000001 = { - fileRef = 169195E60094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FC0094A8577F000001 = { - fileRef = 169195E70094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FD0094A8577F000001 = { - fileRef = 169195E80094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FE0094A8577F000001 = { - fileRef = 169195E90094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169195FF0094A8577F000001 = { - fileRef = 169195EA0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196000094A8577F000001 = { - fileRef = 169195EB0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196010094A8577F000001 = { - fileRef = 169195EC0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196030094A8577F000001 = { - fileRef = 169195EE0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196040094A8577F000001 = { - fileRef = 169195EF0094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196050094A8577F000001 = { - fileRef = 169195F00094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196060094A8577F000001 = { - fileRef = 169195F10094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196070094A8577F000001 = { - fileRef = 169195F20094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 169196080094A8577F000001 = { - fileRef = 169195F30094A8577F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//160 -//161 -//162 -//163 -//164 -//1B0 -//1B1 -//1B2 -//1B3 -//1B4 - 1B40D2E3FFF9716411CD283A = { - isa = PBXTargetDependency; - target = 030701E4FFF96F8511CD283A; - }; - 1B40D2E4FFF9716411CD283A = { - isa = PBXTargetDependency; - target = 01FA88F0FFF2B96911CD283A; - }; - 1BA451B10097605B7F000001 = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 1BA451B20097605B7F000001 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1BA451B30097605B7F000001 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//1B0 -//1B1 -//1B2 -//1B3 -//1B4 -//200 -//201 -//202 -//203 -//204 - 209FCB4E00A738117F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MacContext.h; - path = MiscCSPAlgs/MacContext.h; - refType = 4; - }; - 209FCB4F00A738117F000001 = { - fileRef = 209FCB4E00A738117F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 209FCB5000A739657F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MacContext.cpp; - path = AppleCSP/MiscCSPAlgs/MacContext.cpp; - refType = 2; - }; - 209FCB5100A739657F000001 = { - fileRef = 209FCB5000A739657F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//200 -//201 -//202 -//203 -//204 -//210 -//211 -//212 -//213 -//214 - 21306AAD0030B27011CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Localizable.strings; - refType = 4; - }; - 21781539008B941B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "http-proxy-protocol.h"; - refType = 4; - }; - 2178153A008B941B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "http-proxy-protocol.cpp"; - refType = 4; - }; -//210 -//211 -//212 -//213 -//214 -//250 -//251 -//252 -//253 -//254 - 256C38AB0094AE067F000001 = { - children = ( - 256C38AC0094AE787F000001, - 256C38AD0094AE787F000001, - 256C38AE0094AE787F000001, - 256C38AF0094AE787F000001, - 28B044DF0094C5577F000001, - 28B044E10094C6C57F000001, - 256C38B60094B96F7F000001, - 256C38B40094B2537F000001, - 28B044E30094DC627F000001, - 28B044E40094DC627F000001, - ); - isa = PBXGroup; - name = RSA_DSA; - refType = 4; - }; - 256C38AC0094AE787F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_csp.h; - path = RSA_DSA/RSA_DSA_csp.h; - refType = 4; - }; - 256C38AD0094AE787F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_csp.cpp; - path = RSA_DSA/RSA_DSA_csp.cpp; - refType = 4; - }; - 256C38AE0094AE787F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_keys.cpp; - path = RSA_DSA/RSA_DSA_keys.cpp; - refType = 4; - }; - 256C38AF0094AE787F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_keys.h; - path = RSA_DSA/RSA_DSA_keys.h; - refType = 4; - }; - 256C38B00094AE787F000001 = { - fileRef = 256C38AC0094AE787F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 256C38B10094AE787F000001 = { - fileRef = 256C38AF0094AE787F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 256C38B20094AE787F000001 = { - fileRef = 256C38AD0094AE787F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 256C38B30094AE787F000001 = { - fileRef = 256C38AE0094AE787F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 256C38B40094B2537F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_utils.h; - path = AppleCSP/RSA_DSA/RSA_DSA_utils.h; - refType = 2; - }; - 256C38B50094B2537F000001 = { - fileRef = 256C38B40094B2537F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 256C38B60094B96F7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_utils.cpp; - path = AppleCSP/RSA_DSA/RSA_DSA_utils.cpp; - refType = 2; - }; - 256C38B70094B96F7F000001 = { - fileRef = 256C38B60094B96F7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//250 -//251 -//252 -//253 -//254 -//280 -//281 -//282 -//283 -//284 - 28B044DF0094C5577F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_signature.h; - path = AppleCSP/RSA_DSA/RSA_DSA_signature.h; - refType = 2; - }; - 28B044E00094C5577F000001 = { - fileRef = 28B044DF0094C5577F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 28B044E10094C6C57F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_DSA_signature.cpp; - path = AppleCSP/RSA_DSA/RSA_DSA_signature.cpp; - refType = 2; - }; - 28B044E20094C6C57F000001 = { - fileRef = 28B044E10094C6C57F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 28B044E30094DC627F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_asymmetric.cpp; - path = RSA_DSA/RSA_asymmetric.cpp; - refType = 4; - }; - 28B044E40094DC627F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = RSA_asymmetric.h; - path = RSA_DSA/RSA_asymmetric.h; - refType = 4; - }; - 28B044E50094DC627F000001 = { - fileRef = 28B044E40094DC627F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 28B044E60094DC627F000001 = { - fileRef = 28B044E30094DC627F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//280 -//281 -//282 -//283 -//284 -//2C0 -//2C1 -//2C2 -//2C3 -//2C4 - 2C5247EA007A39B47F000001 = { - children = ( - 057C0BB00456E14700BA3D3B, - 057C0BC404581E0000BA3D3B, - 9D291872026B4FF900003D05, - 07E4D6D300A0CA617F000001, - 169195D00094A6FD7F000001, - 169195890094A5A87F000001, - 169195880094A5A87F000001, - 1691958A0094A5A87F000001, - 169195840094A5A87F000001, - 169195820094A5A87F000001, - 169195710094A2ED7F000001, - 169195750094A5A87F000001, - 169195730094A5A87F000001, - 169195720094A2ED7F000001, - 169195D10094A6FD7F000001, - 169195E30094A8577F000001, - 169195D20094A6FD7F000001, - 169195D30094A6FD7F000001, - ); - isa = PBXGroup; - path = open_ssl; - refType = 4; - }; - 2C5247EB007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = opensslconf.h; - path = openssl/opensslconf.h; - refType = 4; - }; - 2C5247EC007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2_cbc.c; - path = misc/rc2_cbc.c; - refType = 4; - }; - 2C5247ED007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2_locl.h; - path = misc/rc2_locl.h; - refType = 4; - }; - 2C5247EE007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2_skey.c; - path = misc/rc2_skey.c; - refType = 4; - }; - 2C5247EF007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2.h; - path = openssl/rc2.h; - refType = 4; - }; - 2C5247F0007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2Context.cpp; - path = MiscCSPAlgs/rc2Context.cpp; - refType = 4; - }; - 2C5247F1007A39B47F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc2Context.h; - path = MiscCSPAlgs/rc2Context.h; - refType = 4; - }; - 2C5247F2007A39B47F000001 = { - fileRef = 2C5247EB007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F3007A39B47F000001 = { - fileRef = 2C5247ED007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F4007A39B47F000001 = { - fileRef = 2C5247EF007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F5007A39B47F000001 = { - fileRef = 2C5247F1007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F6007A39B47F000001 = { - fileRef = 2C5247EC007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F7007A39B47F000001 = { - fileRef = 2C5247EE007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 2C5247F8007A39B47F000001 = { - fileRef = 2C5247F0007A39B47F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//2C0 -//2C1 -//2C2 -//2C3 -//2C4 -//2D0 -//2D1 -//2D2 -//2D3 -//2D4 - 2DFDC7A8FFF3E4ED11CD283A = { - fileRef = 01FA821DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//2D0 -//2D1 -//2D2 -//2D3 -//2D4 -//2F0 -//2F1 -//2F2 -//2F3 -//2F4 - 2F4DD9A500A0A0767F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = fdsel.h; - refType = 4; - }; - 2F4DD9A600A0A0767F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = fdsel.cpp; - refType = 4; - }; - 2F4DD9A700A0A0767F000001 = { - fileRef = 2F4DD9A500A0A0767F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 2F4DD9A800A0A0767F000001 = { - fileRef = 2F4DD9A600A0A0767F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//2F0 -//2F1 -//2F2 -//2F3 -//2F4 -//310 -//311 -//312 -//313 -//314 - 31200C5CFFF3E57C11CD283A = { - fileRef = 01FA891FFFF2BE3511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//310 -//311 -//312 -//313 -//314 -//320 -//321 -//322 -//323 -//324 - 3206D1FB029996FC05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustItem.cpp; - refType = 4; - }; - 3206D1FC029996FC05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustItem.h; - refType = 4; - }; - 3206D1FD029996FC05CA2E77 = { - fileRef = 3206D1FB029996FC05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3206D1FE029996FC05CA2E77 = { - fileRef = 3206D1FC029996FC05CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 320C8FE900EA6AD705CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_CFLAGS = "\U0001-Wall -W -Winline -Wundef -Wno-unused -Wcast-qual -Wcast-align -Wmissing-noreturn"; - }; - isa = PBXBuildStyle; - name = "Lint Screen"; - }; - 320F609D0234113505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcert.cpp; - refType = 4; - }; - 320F609E0234113505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmcert.h; - refType = 4; - }; - 320F609F0234113505CA2E77 = { - fileRef = 320F609D0234113505CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 320F60A00234113505CA2E77 = { - fileRef = 320F609E0234113505CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 322C5F3B02B9641F05CA2E77 = { - buildArgumentsString = "-f $(SRCROOT)/keychains/Makefile $ACTION"; - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = "System Keychains"; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - buildWorkingDirectory = ""; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = "System Keychains"; - passBuildSettingsInEnvironment = 1; - productName = "System Keychains"; - settingsToExpand = 6; - settingsToPassInEnvironment = 287; - settingsToPassOnCommandLine = 280; - }; - 32361EEC01EB8FCF05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = notifications.h; - refType = 4; - }; - 32361EED01EB8FCF05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = notifications.cpp; - refType = 4; - }; - 32361EEE01EB8FD005CA2E77 = { - fileRef = 32361EEC01EB8FCF05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32361EEF01EB8FD005CA2E77 = { - fileRef = 32361EED01EB8FCF05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32361F0701F4B28E05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucspNotify.defs; - refType = 4; - }; - 32361F0A01F4B39505CA2E77 = { - fileRef = 01FA823CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 324414870236DD1505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cfutilities.cpp; - refType = 4; - }; - 324414880236DD1505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cfutilities.h; - refType = 4; - }; - 324414890236DD1505CA2E77 = { - fileRef = 324414870236DD1505CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3244148A0236DD1505CA2E77 = { - fileRef = 324414880236DD1505CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 3244148B0236DD2705CA2E77 = { - children = ( - 324414880236DD1505CA2E77, - 324414870236DD1505CA2E77, - ); - isa = PBXGroup; - name = CF; - refType = 4; - }; - 3244148C023837A505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustStore.cpp; - refType = 4; - }; - 3244148D023837A505CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustStore.h; - refType = 4; - }; - 3244148E023837A505CA2E77 = { - fileRef = 3244148C023837A505CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3244148F023837A505CA2E77 = { - fileRef = 3244148D023837A505CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 3253C16401C7D8A005CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = entropy.h; - refType = 4; - }; - 3253C16501C7D8A005CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = entropy.cpp; - refType = 4; - }; - 3253C16601C7D8A105CA2E77 = { - fileRef = 3253C16401C7D8A005CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3253C16701C7D8A105CA2E77 = { - fileRef = 3253C16501C7D8A005CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32554D7901F4C97305CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucspNotifySender.cpp; - refType = 4; - }; - 32554D7A01F4C97305CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ucspNotify.h; - refType = 4; - }; - 32554D7B01F4C97305CA2E77 = { - fileRef = 32554D7A01F4C97305CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32554D7C01F4C97405CA2E77 = { - fileRef = 32554D7901F4C97305CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA2100D6B08805CD296C = { - isa = PBXBundleReference; - path = AppleCSP.bundle; - refType = 3; - }; - 325EAA2200D6B08805CD296C = { - buildPhases = ( - 325EAA2400D6B08805CD296C, - 325EAA2500D6B08805CD296C, - 325EAA2600D6B08805CD296C, - 325EAA2700D6B08805CD296C, - 325EAA2800D6B08805CD296C, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleCSP; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - dependencies = ( - 325EAA2300D6B08805CD296C, - ); - isa = PBXBundleTarget; - name = "AppleCSP Plugin"; - productName = "AppleCSP Plugin"; - productReference = 325EAA2100D6B08805CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleCSP - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - BNDL - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 325EAA2300D6B08805CD296C = { - isa = PBXTargetDependency; - target = 014880CD005EAE4D11CD283A; - }; - 325EAA2400D6B08805CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 325EAA2500D6B08805CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 325EAA2600D6B08805CD296C = { - buildActionMask = 2147483647; - files = ( - 325EAA3800D6B47505CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 325EAA2700D6B08805CD296C = { - buildActionMask = 2147483647; - files = ( - 325EAA3300D6B2BF05CD296C, - 325EAA3400D6B2BF05CD296C, - 325EAA3500D6B2BF05CD296C, - 3290381400D6B78A05CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 325EAA2800D6B08805CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 325EAA2900D6B23F05CD296C = { - children = ( - 0149036600A9E34D7F000001, - 0149036700A9E34D7F000001, - ); - isa = PBXGroup; - name = "From BSafe"; - refType = 4; - }; - 325EAA2A00D6B24005CD296C = { - fileRef = 014880C7005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA2B00D6B24005CD296C = { - fileRef = 014880C8005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA2C00D6B24005CD296C = { - fileRef = 014880C9005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA2D00D6B24005CD296C = { - fileRef = 014880CA005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA2E00D6B24005CD296C = { - fileRef = 014880CB005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA3100D6B2BE05CD296C = { - children = ( - 014880C7005EAE4D11CD283A, - 014880C8005EAE4D11CD283A, - 014880C9005EAE4D11CD283A, - 014880CA005EAE4D11CD283A, - 014880CB005EAE4D11CD283A, - ); - isa = PBXGroup; - name = "Plugins as Libraries"; - path = ""; - refType = 4; - }; - 325EAA3200D6B2BE05CD296C = { - children = ( - 325EAA2100D6B08805CD296C, - 3290381500D6BA5905CD296C, - 3290381600D6BA5905CD296C, - 3290381700D6BA5905CD296C, - 3290381800D6BA5905CD296C, - ); - isa = PBXGroup; - name = "Plugins Proper"; - refType = 4; - }; - 325EAA3300D6B2BF05CD296C = { - fileRef = 014880C7005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA3400D6B2BF05CD296C = { - fileRef = 0149036600A9E34D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA3500D6B2BF05CD296C = { - fileRef = 0149036700A9E34D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 325EAA3700D6B47405CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPPlugin.cpp; - refType = 4; - }; - 325EAA3800D6B47505CD296C = { - fileRef = 325EAA3700D6B47405CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 32604C2600E3C14405CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = devrandom.cpp; - refType = 4; - }; - 32604C2700E3C14405CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = devrandom.h; - refType = 4; - }; - 32604C2800E3C14505CD296C = { - fileRef = 32604C2700E3C14405CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 32604C2900E3C14505CD296C = { - fileRef = 32604C2600E3C14405CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 32623CFC024BBA3B05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - name = aclclient.cpp; - path = cdsa/cdsa_client/aclclient.cpp; - refType = 2; - }; - 32623CFD024BBA3B05CA2E77 = { - fileRef = 32623CFC024BBA3B05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3264486400D54DD305CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = multiobserver.h; - refType = 4; - }; - 3264486500D54DD305CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = multiobserver.cpp; - refType = 4; - }; - 326618CC01C6844C05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_protectedpw.cpp; - refType = 4; - }; - 326618CD01C6844C05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = acl_protectedpw.h; - refType = 4; - }; - 326618CE01C6844D05CA2E77 = { - fileRef = 326618CD01C6844C05CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 326618CF01C6844D05CA2E77 = { - fileRef = 326618CC01C6844C05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 3267644800EBF3A905CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthSession.h; - refType = 4; - }; - 3267644900EBF3AA05CD296C = { - fileRef = 3267644800EBF3A905CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 3272260900E3C75605CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = uniformrandom.cpp; - refType = 4; - }; - 3272260A00E3C75605CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = uniformrandom.h; - refType = 4; - }; - 3272260B00E3C75605CD296C = { - fileRef = 3272260A00E3C75605CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 3272260C00E3C75705CD296C = { - fileRef = 3272260900E3C75605CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 3272260D00E3C7FB05CD296C = { - children = ( - 32604C2600E3C14405CD296C, - 32604C2700E3C14405CD296C, - 3272260900E3C75605CD296C, - 3272260A00E3C75605CD296C, - ); - isa = PBXGroup; - name = "Random Numbers"; - path = ""; - refType = 4; - }; - 327DDDBD00D6D8E605CD296C = { - children = ( - 3290386E00D6C5FD05CD296C, - 3290386F00D6C5FD05CD296C, - 327DDDDF00D6F8A505CD296C, - 327DDDE000D6F8A505CD296C, - 327DDDE100D6F8A505CD296C, - 327DDDE200D6F8A505CD296C, - ); - isa = PBXGroup; - name = "Module Loading"; - refType = 4; - }; - 327DDDDF00D6F8A505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modload_plugin.cpp; - refType = 4; - }; - 327DDDE000D6F8A505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modload_plugin.h; - refType = 4; - }; - 327DDDE100D6F8A505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modload_static.cpp; - refType = 4; - }; - 327DDDE200D6F8A505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modload_static.h; - refType = 4; - }; - 327DDDE300D6F8A605CD296C = { - fileRef = 327DDDE000D6F8A505CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDE400D6F8A605CD296C = { - fileRef = 327DDDE200D6F8A505CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDE500D6F8A605CD296C = { - fileRef = 327DDDDF00D6F8A505CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDE600D6F8A605CD296C = { - fileRef = 327DDDE100D6F8A505CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDE700D6FC1A05CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleCSPDLPlugin.cpp; - refType = 4; - }; - 327DDDE800D6FC1B05CD296C = { - fileRef = 327DDDE700D6FC1A05CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDF500D707D805CD296C = { - fileRef = 07A0F68C005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDF600D7DB7505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = powerwatch.cpp; - refType = 4; - }; - 327DDDF700D7DB7505CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = powerwatch.h; - refType = 4; - }; - 327DDDF800D7DB7505CD296C = { - fileRef = 327DDDF700D7DB7505CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 327DDDF900D7DB7605CD296C = { - fileRef = 327DDDF600D7DB7505CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 327DDDFA00D7E81F05CD296C = { - isa = PBXFrameworkReference; - name = IOKit.framework; - path = /System/Library/Frameworks/IOKit.framework; - refType = 0; - }; - 327DDDFB00D7E81F05CD296C = { - fileRef = 327DDDFA00D7E81F05CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 3283A53602B96AED05CA2E77 = { - isa = PBXTargetDependency; - target = 322C5F3B02B9641F05CA2E77; - }; - 3283A53702B96AF805CA2E77 = { - children = ( - 3283A53802B96B2A05CA2E77, - 3283A53902B96B2A05CA2E77, - ); - isa = PBXGroup; - path = keychains; - refType = 4; - }; - 3283A53802B96B2A05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Makefile; - refType = 4; - }; - 3283A53902B96B2A05CA2E77 = { - isa = PBXFileReference; - path = X509Anchors; - refType = 4; - }; - 32867BA70231611A05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpclient.cpp; - refType = 4; - }; - 32867BA80231611A05CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpclient.h; - refType = 4; - }; - 32867BA90231611A05CA2E77 = { - fileRef = 32867BA70231611A05CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32867BAA0231611A05CA2E77 = { - fileRef = 32867BA80231611A05CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 32867BAB02316C3905CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clclient.cpp; - refType = 4; - }; - 32867BAC02316C3905CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = clclient.h; - refType = 4; - }; - 32867BAD02316C3905CA2E77 = { - fileRef = 32867BAB02316C3905CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32867BAE02316C3905CA2E77 = { - fileRef = 32867BAC02316C3905CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 32867BB202316E3305CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmtrust.cpp; - refType = 4; - }; - 32867BB302316E3305CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssmtrust.h; - refType = 4; - }; - 32867BB402316E3305CA2E77 = { - fileRef = 32867BB202316E3305CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - 32867BB502316E3305CA2E77 = { - fileRef = 32867BB302316E3305CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 3290381400D6B78A05CD296C = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 3290381500D6BA5905CD296C = { - isa = PBXBundleReference; - path = AppleDL.bundle; - refType = 3; - }; - 3290381600D6BA5905CD296C = { - isa = PBXBundleReference; - path = AppleCSPDL.bundle; - refType = 3; - }; - 3290381700D6BA5905CD296C = { - isa = PBXBundleReference; - path = AppleX509CL.bundle; - refType = 3; - }; - 3290381800D6BA5905CD296C = { - isa = PBXBundleReference; - path = AppleX509TP.bundle; - refType = 3; - }; - 3290381900D6BA5905CD296C = { - buildPhases = ( - 3290381A00D6BA5905CD296C, - 3290381B00D6BA5905CD296C, - 3290381C00D6BA5905CD296C, - 3290381D00D6BA5905CD296C, - 3290382100D6BA5905CD296C, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleDL; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - dependencies = ( - 3290383B00D6BB3705CD296C, - ); - isa = PBXBundleTarget; - name = "AppleDL Plugin"; - productInstallPath = "$(USER_LIBRARY_DIR)/Bundles"; - productName = "AppleDL Plugin"; - productReference = 3290381500D6BA5905CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleDL - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - BNDL - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 3290381A00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290381B00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290381C00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290383C00D6BB3705CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290381D00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290381E00D6BA5905CD296C, - 3290382000D6BA5905CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290381E00D6BA5905CD296C = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 3290382000D6BA5905CD296C = { - fileRef = 014880C8005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 3290382100D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382200D6BA5905CD296C = { - buildPhases = ( - 3290382300D6BA5905CD296C, - 3290382400D6BA5905CD296C, - 3290382500D6BA5905CD296C, - 3290382600D6BA5905CD296C, - 3290382700D6BA5905CD296C, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleCSPDL; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - dependencies = ( - 3290383E00D6BB3705CD296C, - ); - isa = PBXBundleTarget; - name = "AppleCSPDL Plugin"; - productInstallPath = "$(USER_LIBRARY_DIR)/Bundles"; - productName = "AppleCSPDL Plugin"; - productReference = 3290381600D6BA5905CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleCSPDL - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - BNDL - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 3290382300D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382400D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382500D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 327DDDE800D6FC1B05CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382600D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290384000D6BB3705CD296C, - 3290384100D6BB3705CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382700D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382800D6BA5905CD296C = { - buildPhases = ( - 3290382900D6BA5905CD296C, - 3290382A00D6BA5905CD296C, - 3290382B00D6BA5905CD296C, - 3290382C00D6BA5905CD296C, - 3290382D00D6BA5905CD296C, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleX509CL; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - dependencies = ( - 3290384400D6BB3705CD296C, - ); - isa = PBXBundleTarget; - name = "AppleX509CL Plugin"; - productInstallPath = "$(USER_LIBRARY_DIR)/Bundles"; - productName = "AppleX509CL Plugin"; - productReference = 3290381700D6BA5905CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleX509CL - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - BNDL - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 3290382900D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382A00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382B00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290384500D6BB3705CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382C00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290384600D6BB3705CD296C, - 3290384700D6BB3705CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382D00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290382E00D6BA5905CD296C = { - buildPhases = ( - 3290382F00D6BA5905CD296C, - 3290383000D6BA5905CD296C, - 3290383100D6BA5905CD296C, - 3290383200D6BA5905CD296C, - 3290383300D6BA5905CD296C, - ); - buildSettings = { - CURRENT_PROJECT_VERSION = 179; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleX509TP; - SECTORDER_FLAGS = ""; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - dependencies = ( - 3290384A00D6BB3705CD296C, - ); - isa = PBXBundleTarget; - name = "AppleX509TP Plugin"; - productName = "AppleX509TP Plugin"; - productReference = 3290381800D6BA5905CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleX509TP - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - - CFBundlePackageType - BNDL - CFBundleShortVersionString - 2.4 - CFBundleSignature - ???? - CFBundleVersion - 179 - - -"; - }; - 3290382F00D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290383000D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 9D103F9F01AC72C200003D05, - 9D103FA001AC72C200003D05, - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290383100D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290384B00D6BB3705CD296C, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290383200D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - 3290384C00D6BB3705CD296C, - 3290384D00D6BB3705CD296C, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290383300D6BA5905CD296C = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 3290383500D6BB3705CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleDLPlugin.cpp; - refType = 4; - }; - 3290383600D6BB3705CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509CLPlugin.cpp; - refType = 4; - }; - 3290383700D6BB3705CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = AppleX509TPPlugin.cpp; - refType = 4; - }; - 3290383800D6BB3705CD296C = { - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = "Plugin Bundles"; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 3290383900D6BB3705CD296C, - 3290383A00D6BB3705CD296C, - 3290383D00D6BB3705CD296C, - 3290384300D6BB3705CD296C, - 3290384900D6BB3705CD296C, - ); - isa = PBXAggregateTarget; - name = "Plugin Bundles"; - productName = "Plugin Bundles"; - }; - 3290383900D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 325EAA2200D6B08805CD296C; - }; - 3290383A00D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 3290381900D6BA5905CD296C; - }; - 3290383B00D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 014880DA005EAE4D11CD283A; - }; - 3290383C00D6BB3705CD296C = { - fileRef = 3290383500D6BB3705CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 3290383D00D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 3290382200D6BA5905CD296C; - }; - 3290383E00D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 014880D4005EAE4D11CD283A; - }; - 3290384000D6BB3705CD296C = { - fileRef = 014880C9005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384100D6BB3705CD296C = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384300D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 3290382800D6BA5905CD296C; - }; - 3290384400D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 014880E0005EAE4D11CD283A; - }; - 3290384500D6BB3705CD296C = { - fileRef = 3290383600D6BB3705CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384600D6BB3705CD296C = { - fileRef = 014880CA005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384700D6BB3705CD296C = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384900D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 3290382E00D6BA5905CD296C; - }; - 3290384A00D6BB3705CD296C = { - isa = PBXTargetDependency; - target = 014880E6005EAE4D11CD283A; - }; - 3290384B00D6BB3705CD296C = { - fileRef = 3290383700D6BB3705CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384C00D6BB3705CD296C = { - fileRef = 014880CB005EAE4D11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384D00D6BB3705CD296C = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 3290384F00D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 3290385000D6BB7805CD296C; - }; - 3290385000D6BB7805CD296C = { - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = "Built-in Plugin Code"; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 3290385100D6BB7805CD296C, - 3290385200D6BB7805CD296C, - 3290385300D6BB7805CD296C, - 3290385400D6BB7805CD296C, - 3290385500D6BB7805CD296C, - ); - isa = PBXAggregateTarget; - name = "Built-in Plugin Code"; - productName = "Built-in Plugin Code"; - }; - 3290385100D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 014880CD005EAE4D11CD283A; - }; - 3290385200D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 014880D4005EAE4D11CD283A; - }; - 3290385300D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 014880DA005EAE4D11CD283A; - }; - 3290385400D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 014880E0005EAE4D11CD283A; - }; - 3290385500D6BB7805CD296C = { - isa = PBXTargetDependency; - target = 014880E6005EAE4D11CD283A; - }; - 3290386E00D6C5FD05CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modloader.cpp; - refType = 4; - }; - 3290386F00D6C5FD05CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - path = modloader.h; - refType = 4; - }; - 3290387000D6C5FE05CD296C = { - fileRef = 3290386F00D6C5FD05CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 3290387100D6C5FE05CD296C = { - fileRef = 3290386E00D6C5FD05CD296C; - isa = PBXBuildFile; - settings = { - }; - }; -//320 -//321 -//322 -//323 -//324 -//330 -//331 -//332 -//333 -//334 - 338005E1FFF3E69711CD283A = { - fileRef = 01FA821BFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD041F00838F447F000001 = { - children = ( - 017B6CA6009748107F000001, - 017B6CA7009748107F000001, - 33BD0434008390257F000001, - 33BD0435008390257F000001, - 33BD0436008390257F000001, - 33BD0437008390257F000001, - C2AE35290469781800CA2E77, - C2AE352A0469781800CA2E77, - 33BD0462008391C07F000001, - 33BD0463008391C07F000001, - 33BD045E008390B17F000001, - 33BD045F008390B17F000001, - 33BD0438008390257F000001, - 33BD0439008390257F000001, - 33BD043A008390257F000001, - 33BD043B008390257F000001, - 33BD043C008390257F000001, - 33BD043D008390257F000001, - 2F4DD9A600A0A0767F000001, - 2F4DD9A500A0A0767F000001, - 33BD043E008390257F000001, - 33BD043F008390257F000001, - 33BD0440008390257F000001, - 33BD0441008390257F000001, - 33BD0442008390257F000001, - 33BD0443008390257F000001, - 33BD0444008390257F000001, - 33BD0445008390257F000001, - 33BD0446008390257F000001, - 33BD0447008390257F000001, - C2908496042BC01100CA2E77, - C2908497042BC01100CA2E77, - 33BD042500838F5A7F000001, - ); - isa = PBXGroup; - name = UNIX; - refType = 4; - }; - 33BD042000838F447F000001 = { - children = ( - 33BD042100838F447F000001, - 33BD042200838F447F000001, - ); - isa = PBXGroup; - name = "C++ Interface"; - refType = 4; - }; - 33BD042100838F447F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "securetransport++.cpp"; - refType = 4; - }; - 33BD042200838F447F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "securetransport++.h"; - refType = 4; - }; - 33BD042300838F447F000001 = { - fileRef = 33BD042200838F447F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD042400838F447F000001 = { - fileRef = 33BD042100838F447F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD042500838F5A7F000001 = { - children = ( - 33BD042600838FB17F000001, - 33BD042700838FB17F000001, - 33BD042800838FB17F000001, - 33BD042900838FB17F000001, - 33BD042A00838FB17F000001, - 33BD042B00838FB17F000001, - ); - isa = PBXGroup; - name = Socks; - refType = 4; - }; - 33BD042600838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++.cpp"; - refType = 4; - }; - 33BD042700838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++.h"; - refType = 4; - }; - 33BD042800838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++4.cpp"; - refType = 4; - }; - 33BD042900838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++4.h"; - refType = 4; - }; - 33BD042A00838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++5.cpp"; - refType = 4; - }; - 33BD042B00838FB17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "socks++5.h"; - refType = 4; - }; - 33BD042C00838FB17F000001 = { - fileRef = 33BD042700838FB17F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD042D00838FB17F000001 = { - fileRef = 33BD042900838FB17F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD042E00838FB17F000001 = { - fileRef = 33BD042B00838FB17F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD042F00838FB17F000001 = { - fileRef = 33BD042600838FB17F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD043000838FB17F000001 = { - fileRef = 33BD042800838FB17F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD043100838FB17F000001 = { - fileRef = 33BD042A00838FB17F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0434008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = bufferfifo.cpp; - refType = 4; - }; - 33BD0435008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = bufferfifo.h; - refType = 4; - }; - 33BD0436008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = constdata.cpp; - refType = 4; - }; - 33BD0437008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = constdata.h; - refType = 4; - }; - 33BD0438008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = inetreply.cpp; - refType = 4; - }; - 33BD0439008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = inetreply.h; - refType = 4; - }; - 33BD043A008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ip++.cpp"; - refType = 4; - }; - 33BD043B008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "ip++.h"; - refType = 4; - }; - 33BD043C008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = selector.cpp; - refType = 4; - }; - 33BD043D008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = selector.h; - refType = 4; - }; - 33BD043E008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = streams.cpp; - refType = 4; - }; - 33BD043F008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = streams.h; - refType = 4; - }; - 33BD0440008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = timeflow.cpp; - refType = 4; - }; - 33BD0441008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = timeflow.h; - refType = 4; - }; - 33BD0442008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = typedvalue.cpp; - refType = 4; - }; - 33BD0443008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = typedvalue.h; - refType = 4; - }; - 33BD0444008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "unix++.cpp"; - refType = 4; - }; - 33BD0445008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "unix++.h"; - refType = 4; - }; - 33BD0446008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = url.cpp; - refType = 4; - }; - 33BD0447008390257F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = url.h; - refType = 4; - }; - 33BD0449008390257F000001 = { - fileRef = 33BD0435008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044A008390257F000001 = { - fileRef = 33BD0437008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044B008390257F000001 = { - fileRef = 33BD0439008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044C008390257F000001 = { - fileRef = 33BD043B008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044D008390257F000001 = { - fileRef = 33BD043D008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044E008390257F000001 = { - fileRef = 33BD043F008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD044F008390257F000001 = { - fileRef = 33BD0441008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0450008390257F000001 = { - fileRef = 33BD0443008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0451008390257F000001 = { - fileRef = 33BD0445008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0452008390257F000001 = { - fileRef = 33BD0447008390257F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0454008390257F000001 = { - fileRef = 33BD0434008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0455008390257F000001 = { - fileRef = 33BD0436008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0456008390257F000001 = { - fileRef = 33BD0438008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0457008390257F000001 = { - fileRef = 33BD043A008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0458008390257F000001 = { - fileRef = 33BD043C008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0459008390257F000001 = { - fileRef = 33BD043E008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD045A008390257F000001 = { - fileRef = 33BD0440008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD045B008390257F000001 = { - fileRef = 33BD0442008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD045C008390257F000001 = { - fileRef = 33BD0444008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD045D008390257F000001 = { - fileRef = 33BD0446008390257F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD045E008390B17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = hosts.cpp; - refType = 4; - }; - 33BD045F008390B17F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = hosts.h; - refType = 4; - }; - 33BD0460008390B17F000001 = { - fileRef = 33BD045F008390B17F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0461008390B17F000001 = { - fileRef = 33BD045E008390B17F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 33BD0462008391C07F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = headermap.cpp; - refType = 4; - }; - 33BD0463008391C07F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = headermap.h; - refType = 4; - }; - 33BD0464008391C07F000001 = { - fileRef = 33BD0463008391C07F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 33BD0465008391C07F000001 = { - fileRef = 33BD0462008391C07F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//330 -//331 -//332 -//333 -//334 -//390 -//391 -//392 -//393 -//394 - 3949557400CC6A4511CD283A = { - fileRef = 125E85ADFFF3D44A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; -//390 -//391 -//392 -//393 -//394 -//400 -//401 -//402 -//403 -//404 - 4046155904EE76E70001454E = { - fileRef = F5A7F717023D96EA01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 406934DE04EDBB8A00447C8E = { - fileRef = F5A7F716023D96EA01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - 406934DF04EDBB8C00447C8E = { - fileRef = F5A7F717023D96EA01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - 408F00D5045E0650009D840B = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationDB.h; - refType = 4; - }; - 408F00D6045E0650009D840B = { - fileRef = 408F00D5045E0650009D840B; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 40ACEF4A0462F6EC0035B857 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationDBPlist.cpp; - refType = 4; - }; - 40ACEF4B0462F6EC0035B857 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationDBPlist.h; - refType = 4; - }; - 40ACEF4C0462F6EC0035B857 = { - fileRef = 40ACEF4A0462F6EC0035B857; - isa = PBXBuildFile; - settings = { - }; - }; - 40ACEF4D0462F6EC0035B857 = { - fileRef = 40ACEF4B0462F6EC0035B857; - isa = PBXBuildFile; - settings = { - }; - }; - 40ACEF4E0462F6FF0035B857 = { - fileEncoding = 30; - indentWidth = 4; - isa = PBXFileReference; - path = AuthorizationRule.cpp; - refType = 4; - tabWidth = 4; - usesTabs = 1; - }; - 40ACEF4F0462F6FF0035B857 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationRule.h; - refType = 4; - }; - 40ACEF500462F6FF0035B857 = { - fileRef = 40ACEF4E0462F6FF0035B857; - isa = PBXBuildFile; - settings = { - }; - }; - 40ACEF510462F6FF0035B857 = { - fileRef = 40ACEF4F0462F6FF0035B857; - isa = PBXBuildFile; - settings = { - }; - }; -//400 -//401 -//402 -//403 -//404 -//480 -//481 -//482 -//483 -//484 - 48855E830095DC957F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = YarrowConnection.h; - refType = 4; - }; - 48855E840095DC957F000001 = { - fileRef = 48855E830095DC957F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 48855E850095DD697F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = YarrowConnection.cpp; - refType = 4; - }; - 48855E860095DD697F000001 = { - fileRef = 48855E850095DD697F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//480 -//481 -//482 -//483 -//484 -//4A0 -//4A1 -//4A2 -//4A3 -//4A4 - 4A4C766C007A4E317F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5_enc.c; - path = misc/rc5_enc.c; - refType = 4; - }; - 4A4C766D007A4E317F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5_locl.h; - path = misc/rc5_locl.h; - refType = 4; - }; - 4A4C766E007A4E317F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5.h; - path = openssl/rc5.h; - refType = 4; - }; - 4A4C766F007A4E317F000001 = { - fileRef = 4A4C766D007A4E317F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4A4C7670007A4E317F000001 = { - fileRef = 4A4C766E007A4E317F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4A4C7671007A4E317F000001 = { - fileRef = 4A4C766C007A4E317F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4A4C7672007A4E657F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5_skey.c; - path = misc/rc5_skey.c; - refType = 4; - }; - 4A4C7673007A4E657F000001 = { - fileRef = 4A4C7672007A4E657F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4A4C7674007A52DC7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5Context.cpp; - path = MiscCSPAlgs/rc5Context.cpp; - refType = 4; - }; - 4A4C7675007A52DC7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc5Context.h; - path = MiscCSPAlgs/rc5Context.h; - refType = 4; - }; - 4A4C7676007A52DC7F000001 = { - fileRef = 4A4C7675007A52DC7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4A4C7677007A52DC7F000001 = { - fileRef = 4A4C7674007A52DC7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4AC94A7C0084BE397F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "vRijndael-alg-ref.c"; - refType = 4; - }; - 4AC94A7D0084BE397F000001 = { - fileRef = 4AC94A7C0084BE397F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4AC94A7E0084C0977F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "boxes-ref.c"; - refType = 4; - }; - 4AC94A7F0084C0977F000001 = { - fileRef = 4AC94A7E0084C0977F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//4A0 -//4A1 -//4A2 -//4A3 -//4A4 -//4C0 -//4C1 -//4C2 -//4C3 -//4C4 - 4C2ACAB7044267EE00CA2E66 = { - fileEncoding = 4; - isa = PBXFileReference; - path = SecIdentityPriv.h; - refType = 4; - }; - 4C2ACAB8044267EE00CA2E66 = { - fileRef = 4C2ACAB7044267EE00CA2E66; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//4C0 -//4C1 -//4C2 -//4C3 -//4C4 -//4D0 -//4D1 -//4D2 -//4D3 -//4D4 - 4D37AD3900AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = netconnection.cpp; - refType = 4; - }; - 4D37AD3A00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = netconnection.h; - refType = 4; - }; - 4D37AD3B00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = neterror.cpp; - refType = 4; - }; - 4D37AD3C00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = neterror.h; - refType = 4; - }; - 4D37AD3D00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = netmanager.cpp; - refType = 4; - }; - 4D37AD3E00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = netmanager.h; - refType = 4; - }; - 4D37AD3F00AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = netparameters.h; - refType = 4; - }; - 4D37AD4000AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = networkchooser.cpp; - refType = 4; - }; - 4D37AD4100AA03857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = networkchooser.h; - refType = 4; - }; -//4D0 -//4D1 -//4D2 -//4D3 -//4D4 -//4E0 -//4E1 -//4E2 -//4E3 -//4E4 - 4EE175A40459EC6F0036F88D = { - fileEncoding = 30; - isa = PBXFileReference; - path = ktracecodes.h; - refType = 4; - }; - 4EE175A50459EC6F0036F88D = { - fileRef = 4EE175A40459EC6F0036F88D; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//4E0 -//4E1 -//4E2 -//4E3 -//4E4 -//520 -//521 -//522 -//523 -//524 - 5274775904CDF08D00F0AE7D = { - fileRef = 52F5173004C4B29300D9D6E1; - isa = PBXBuildFile; - settings = { - }; - }; - 52807AD004A3D4B800F46CAB = { - fileEncoding = 30; - isa = PBXFileReference; - path = iToolsTrustedApps.plist; - refType = 4; - }; - 52807AD104A3D4B800F46CAB = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainAddIToolsPassword.c; - refType = 4; - }; - 52807AD204A3D4B800F46CAB = { - fileRef = 52807AD004A3D4B800F46CAB; - isa = PBXBuildFile; - settings = { - }; - }; - 52807AD304A3D4B800F46CAB = { - fileRef = 52807AD104A3D4B800F46CAB; - isa = PBXBuildFile; - settings = { - }; - }; - 52807AD404A3D56C00F46CAB = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecAccessPriv.h; - refType = 4; - }; - 52807AD504A3D56C00F46CAB = { - fileRef = 52807AD404A3D56C00F46CAB; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 52BFC304007A6A1B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc4.h; - path = openssl/rc4.h; - refType = 4; - }; - 52BFC306007A6A1B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc4_skey.c; - path = misc/rc4_skey.c; - refType = 4; - }; - 52BFC307007A6A1B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc4Context.cpp; - path = MiscCSPAlgs/rc4Context.cpp; - refType = 4; - }; - 52BFC308007A6A1B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc4Context.h; - path = MiscCSPAlgs/rc4Context.h; - refType = 4; - }; - 52BFC30A007A6A1B7F000001 = { - fileRef = 52BFC308007A6A1B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 52BFC30C007A6A1B7F000001 = { - fileRef = 52BFC306007A6A1B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 52BFC30D007A6A1B7F000001 = { - fileRef = 52BFC307007A6A1B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 52D4AA9104B3AE3E00393476 = { - fileEncoding = 30; - isa = PBXFileReference; - path = generateErrStrings.pl; - refType = 4; - }; - 52F5173004C4B29300D9D6E1 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecErrorMessages.strings; - refType = 4; - }; -//520 -//521 -//522 -//523 -//524 -//560 -//561 -//562 -//563 -//564 - 563FC2AC03F8454B0DCA289E = { - fileEncoding = 30; - isa = PBXFileReference; - path = dictionary.cpp; - refType = 4; - }; - 563FC2AD03F8454B0DCA289E = { - fileEncoding = 30; - isa = PBXFileReference; - path = dictionary.h; - refType = 4; - }; - 563FC2AE03F8454B0DCA289E = { - fileEncoding = 30; - isa = PBXFileReference; - path = eventlistener.cpp; - refType = 4; - }; - 563FC2AF03F8454B0DCA289E = { - fileEncoding = 30; - isa = PBXFileReference; - path = eventlistener.h; - refType = 4; - }; - 563FC2B003F8456F0DCA289E = { - fileRef = 563FC2AC03F8454B0DCA289E; - isa = PBXBuildFile; - settings = { - }; - }; - 563FC2B103F8456F0DCA289E = { - fileRef = 563FC2AE03F8454B0DCA289E; - isa = PBXBuildFile; - settings = { - }; - }; - 563FC2B203F845EC0DCA289E = { - fileRef = 563FC2AD03F8454B0DCA289E; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 563FC2B303F845EC0DCA289E = { - fileRef = 563FC2AF03F8454B0DCA289E; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 56EB36FE03F83C7E0DCA289E = { - fileRef = 32361EEC01EB8FCF05CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//560 -//561 -//562 -//563 -//564 -//570 -//571 -//572 -//573 -//574 - 57FCEE8B007A7B2F7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = rc4_enc.c; - path = misc/rc4_enc.c; - refType = 4; - }; - 57FCEE8C007A7B2F7F000001 = { - fileRef = 57FCEE8B007A7B2F7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 57FCEE8D007B8B3D7F000001 = { - children = ( - 57FCEE8E007B8B3D7F000001, - 57FCEE8F007B8B3D7F000001, - 57FCEE9C007B8D4F7F000001, - ); - isa = PBXGroup; - name = ComCryption; - refType = 4; - }; - 57FCEE8E007B8B3D7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ascContext.cpp; - path = ComCryption/ascContext.cpp; - refType = 4; - }; - 57FCEE8F007B8B3D7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ascContext.h; - path = ComCryption/ascContext.h; - refType = 4; - }; - 57FCEE95007B8B3D7F000001 = { - fileRef = 57FCEE8F007B8B3D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 57FCEE99007B8B3D7F000001 = { - fileRef = 57FCEE8E007B8B3D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 57FCEE9C007B8D4F7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ascFactory.h; - path = ComCryption/ascFactory.h; - refType = 4; - }; - 57FCEE9D007B8D4F7F000001 = { - fileRef = 57FCEE9C007B8D4F7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//570 -//571 -//572 -//573 -//574 -//590 -//591 -//592 -//593 -//594 - 59375E6B00A848827F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MD2Object.h; - path = MiscCSPAlgs/MD2Object.h; - refType = 4; - }; - 59375E6C00A848827F000001 = { - fileRef = 59375E6B00A848827F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 59375E6D00A849237F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = md2_dgst.c; - path = misc/md2_dgst.c; - refType = 4; - }; - 59375E6E00A849237F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = md2.h; - path = openssl/md2.h; - refType = 4; - }; - 59375E6F00A849237F000001 = { - fileRef = 59375E6E00A849237F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 59375E7000A849237F000001 = { - fileRef = 59375E6D00A849237F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 59375E7100A849BB7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MD2Object.cpp; - path = MiscCSPAlgs/MD2Object.cpp; - refType = 4; - }; - 59375E7200A849BB7F000001 = { - fileRef = 59375E7100A849BB7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//590 -//591 -//592 -//593 -//594 -//5B0 -//5B1 -//5B2 -//5B3 -//5B4 - 5BA4A42D01F4E3F504CA2E82 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Identity.cpp; - refType = 4; - }; - 5BA4A42E01F4E3F504CA2E82 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Identity.h; - refType = 4; - }; - 5BA4A43101F4E3F604CA2E82 = { - fileRef = 5BA4A42E01F4E3F504CA2E82; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 5BA4A43301F4E3F604CA2E82 = { - fileRef = 5BA4A42D01F4E3F504CA2E82; - isa = PBXBuildFile; - settings = { - }; - }; -//5B0 -//5B1 -//5B2 -//5B3 -//5B4 -//630 -//631 -//632 -//633 -//634 - 63B97E6600603F0A7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CryptKitDER.cpp; - refType = 4; - }; - 63B97E6700603F0B7F000001 = { - fileRef = 63B97E6600603F0A7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//630 -//631 -//632 -//633 -//634 -//8F0 -//8F1 -//8F2 -//8F3 -//8F4 - 8F7ACD2A02357F2503CA2E8C = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecACL.h; - refType = 4; - }; - 8F7ACD2B02357F2503CA2E8C = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecACL.cpp; - refType = 4; - }; - 8F7ACD2C02357F2503CA2E8C = { - fileRef = 8F7ACD2A02357F2503CA2E8C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - 8F7ACD2D02357F2503CA2E8C = { - fileRef = 8F7ACD2B02357F2503CA2E8C; - isa = PBXBuildFile; - settings = { - }; - }; - 8F7ACD300235805903CA2E8C = { - fileEncoding = 30; - isa = PBXFileReference; - path = ACL.h; - refType = 4; - }; - 8F7ACD310235805903CA2E8C = { - fileEncoding = 30; - isa = PBXFileReference; - path = ACL.cpp; - refType = 4; - }; - 8F7ACD320235805903CA2E8C = { - fileRef = 8F7ACD300235805903CA2E8C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 8F7ACD330235805903CA2E8C = { - fileRef = 8F7ACD310235805903CA2E8C; - isa = PBXBuildFile; - settings = { - }; - }; -//8F0 -//8F1 -//8F2 -//8F3 -//8F4 -//9D0 -//9D1 -//9D2 -//9D3 -//9D4 - 9D09B90701B4314500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tp_policyOids.mdsinfo; - refType = 4; - }; - 9D09B90801B4314500003D05 = { - fileRef = 9D09B90701B4314500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D103F9F01AC72C200003D05 = { - fileRef = 9DAE2E2A01A2F93200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D103FA001AC72C200003D05 = { - fileRef = 9DAE2E2901A2F93200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D14AC52020093D100003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpCredRequest.cpp; - refType = 4; - }; - 9D14AC53020093D100003D05 = { - fileRef = 9D14AC52020093D100003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D1DEC190198777400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrStrings.h; - path = cdsa/mds/MDSAttrStrings.h; - refType = 4; - }; - 9D1DEC1A0198777400003D05 = { - fileRef = 9D1DEC190198777400003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D1DEC1B0198796200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrStrings.cpp; - path = cdsa/mds/MDSAttrStrings.cpp; - refType = 2; - }; - 9D1DEC1C0198796200003D05 = { - fileRef = 9D1DEC1B0198796200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D206AA601EB68F200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = NullCryptor.h; - path = MiscCSPAlgs/NullCryptor.h; - refType = 4; - }; - 9D206AA701EB68F200003D05 = { - fileRef = 9D206AA601EB68F200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D291872026B4FF900003D05 = { - children = ( - 9D291875026B502600003D05, - 9D291876026B502600003D05, - 9D291877026B502600003D05, - 9D291878026B502600003D05, - 9D291879026B502600003D05, - ); - isa = PBXGroup; - name = dh; - refType = 4; - }; - 9D291875026B502600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh_check.c; - path = dh/dh_check.c; - refType = 4; - }; - 9D291876026B502600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh_err.c; - path = dh/dh_err.c; - refType = 4; - }; - 9D291877026B502600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh_gen.c; - path = dh/dh_gen.c; - refType = 4; - }; - 9D291878026B502600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh_key.c; - path = dh/dh_key.c; - refType = 4; - }; - 9D291879026B502600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh_lib.c; - path = dh/dh_lib.c; - refType = 4; - }; - 9D29187A026B502600003D05 = { - fileRef = 9D291875026B502600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29187B026B502600003D05 = { - fileRef = 9D291876026B502600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29187C026B502600003D05 = { - fileRef = 9D291877026B502600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29187D026B502600003D05 = { - fileRef = 9D291878026B502600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29187E026B502600003D05 = { - fileRef = 9D291879026B502600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29187F026B504700003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = dh.h; - path = openssl/dh.h; - refType = 4; - }; - 9D291880026B504700003D05 = { - fileRef = 9D29187F026B504700003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D291881026B56B800003D05 = { - children = ( - 9D291882026B56DA00003D05, - 9D291883026B56DA00003D05, - 9D291884026B56DA00003D05, - 9D291885026B56DA00003D05, - 9D291886026B56DA00003D05, - 9D291887026B56DA00003D05, - 9D29188E026B8BBD00003D05, - 9D29188F026B8BBD00003D05, - ); - isa = PBXGroup; - name = DiffieHellman; - path = AppleCSP; - refType = 2; - }; - 9D291882026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_csp.cpp; - path = DiffieHellman/DH_csp.cpp; - refType = 4; - }; - 9D291883026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_csp.h; - path = DiffieHellman/DH_csp.h; - refType = 4; - }; - 9D291884026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_exchange.cpp; - path = DiffieHellman/DH_exchange.cpp; - refType = 4; - }; - 9D291885026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_exchange.h; - path = DiffieHellman/DH_exchange.h; - refType = 4; - }; - 9D291886026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_keys.cpp; - path = DiffieHellman/DH_keys.cpp; - refType = 4; - }; - 9D291887026B56DA00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_keys.h; - path = DiffieHellman/DH_keys.h; - refType = 4; - }; - 9D291888026B56DA00003D05 = { - fileRef = 9D291882026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D291889026B56DA00003D05 = { - fileRef = 9D291883026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29188A026B56DA00003D05 = { - fileRef = 9D291884026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29188B026B56DA00003D05 = { - fileRef = 9D291885026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29188C026B56DA00003D05 = { - fileRef = 9D291886026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29188D026B56DA00003D05 = { - fileRef = 9D291887026B56DA00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D29188E026B8BBD00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_utils.cpp; - path = DiffieHellman/DH_utils.cpp; - refType = 4; - }; - 9D29188F026B8BBD00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = DH_utils.h; - path = DiffieHellman/DH_utils.h; - refType = 4; - }; - 9D291890026B8BBD00003D05 = { - fileRef = 9D29188E026B8BBD00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D291891026B8BBD00003D05 = { - fileRef = 9D29188F026B8BBD00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D2C3D0001C826C800003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = gladmanContext.h; - refType = 4; - }; - 9D2C3D0101C826C800003D05 = { - fileRef = 9D2C3D0001C826C800003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D2C3D0201C82F6000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = aesCommon.h; - refType = 4; - }; - 9D2C3D0301C82F6100003D05 = { - fileRef = 9D2C3D0201C82F6000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D2F711303156A7800003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificatePriv.h; - refType = 4; - }; - 9D2F711403156A7800003D05 = { - fileRef = 9D2F711303156A7800003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A350380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCrlExtensions.cpp; - refType = 4; - }; - 9D347A360380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLCrlExtensions.h; - refType = 4; - }; - 9D347A370380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLFieldsCommon.cpp; - refType = 4; - }; - 9D347A380380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CLFieldsCommon.h; - refType = 4; - }; - 9D347A390380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CrlFields.cpp; - refType = 4; - }; - 9D347A3A0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedCrl.cpp; - refType = 4; - }; - 9D347A3B0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedCrl.h; - refType = 4; - }; - 9D347A3C0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedExtensions.cpp; - refType = 4; - }; - 9D347A3D0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedExtensions.h; - refType = 4; - }; - 9D347A3E0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedItem.cpp; - refType = 4; - }; - 9D347A3F0380197600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = DecodedItem.h; - refType = 4; - }; - 9D347A400380197600003D05 = { - fileRef = 9D347A350380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A410380197600003D05 = { - fileRef = 9D347A360380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A420380197600003D05 = { - fileRef = 9D347A370380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A430380197600003D05 = { - fileRef = 9D347A380380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A440380197600003D05 = { - fileRef = 9D347A390380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A450380197600003D05 = { - fileRef = 9D347A3A0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A460380197600003D05 = { - fileRef = 9D347A3B0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A470380197600003D05 = { - fileRef = 9D347A3C0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A480380197600003D05 = { - fileRef = 9D347A3D0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A490380197600003D05 = { - fileRef = 9D347A3E0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A4A0380197600003D05 = { - fileRef = 9D347A3F0380197600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A4B038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPCrlInfo.cpp; - refType = 4; - }; - 9D347A4C038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPCrlInfo.h; - refType = 4; - }; - 9D347A4D038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpCrlVerify.cpp; - refType = 4; - }; - 9D347A4E038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpCrlVerify.h; - refType = 4; - }; - 9D347A4F038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPDatabase.cpp; - refType = 4; - }; - 9D347A50038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPDatabase.h; - refType = 4; - }; - 9D347A51038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPNetwork.cpp; - refType = 4; - }; - 9D347A52038019EF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TPNetwork.h; - refType = 4; - }; - 9D347A53038019EF00003D05 = { - fileRef = 9D347A4B038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A54038019EF00003D05 = { - fileRef = 9D347A4C038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A55038019EF00003D05 = { - fileRef = 9D347A4D038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A56038019EF00003D05 = { - fileRef = 9D347A4E038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A57038019EF00003D05 = { - fileRef = 9D347A4F038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A58038019EF00003D05 = { - fileRef = 9D347A50038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A59038019EF00003D05 = { - fileRef = 9D347A51038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A5A038019EF00003D05 = { - fileRef = 9D347A52038019EF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A5F0380300100003D05 = { - isa = PBXFrameworkReference; - name = LDAP.framework; - path = /System/Library/Frameworks/LDAP.framework; - refType = 0; - }; - 9D347A660380312200003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A70038031AF00003D05, - 9D347A72038031B800003D05, - 9D347A74038031B900003D05, - 9D347A76038031BA00003D05, - 9D347A78038031BB00003D05, - 9D347A7A038031BC00003D05, - 9D347A7C038031BE00003D05, - 9D347A7E038031BE00003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A670380312200003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A6F038031AF00003D05, - 9D347A71038031B800003D05, - 9D347A73038031B900003D05, - 9D347A75038031BA00003D05, - 9D347A77038031BB00003D05, - 9D347A79038031BC00003D05, - 9D347A7B038031BD00003D05, - 9D347A7D038031BE00003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A680380312200003D05 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A690380312200003D05 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A6A0380312200003D05 = { - buildPhases = ( - 9D347A660380312200003D05, - 9D347A670380312200003D05, - 9D347A680380312200003D05, - 9D347A690380312200003D05, - ); - buildSettings = { - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 179; - INSTALL_PATH = /usr/local/lib; - LIBRARY_STYLE = STATIC; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libCdsaUtils.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - ); - isa = PBXLibraryTarget; - name = libCdsaUtils; - productInstallPath = /usr/local/lib; - productName = libCdsaUtils; - productReference = 9D347A6B0380312200003D05; - }; - 9D347A6B0380312200003D05 = { - isa = PBXLibraryReference; - path = libCdsaUtils.a; - refType = 3; - }; - 9D347A6D038031AF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuDbUtils.cpp; - refType = 4; - }; - 9D347A6E038031AF00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuDbUtils.h; - refType = 4; - }; - 9D347A6F038031AF00003D05 = { - fileRef = 9D347A6D038031AF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A70038031AF00003D05 = { - fileRef = 9D347A6E038031AF00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A71038031B800003D05 = { - fileRef = 9DC1DEFC0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A72038031B800003D05 = { - fileRef = 9DC1DEFD0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A73038031B900003D05 = { - fileRef = 9DC1DEFE0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A74038031B900003D05 = { - fileRef = 9DC1DEFF0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A75038031BA00003D05 = { - fileRef = 9DC1DF050299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A76038031BA00003D05 = { - fileRef = 9DC1DF060299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A77038031BB00003D05 = { - fileRef = 9DC1DF070299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A78038031BB00003D05 = { - fileRef = 9DC1DF080299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A79038031BC00003D05 = { - fileRef = 9DC1DF090299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7A038031BC00003D05 = { - fileRef = 9DC1DF0A0299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7B038031BD00003D05 = { - fileRef = 9DC1DF0B0299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7C038031BE00003D05 = { - fileRef = 9DC1DF0C0299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7D038031BE00003D05 = { - fileRef = 9DC1DF0D0299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7E038031BE00003D05 = { - fileRef = 9DC1DF0E0299BC9500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A7F038031F000003D05 = { - fileRef = 9DC1DEFD0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A80038031F100003D05 = { - fileRef = 9D347A6E038031AF00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A81038031F200003D05 = { - fileRef = 9DC1DEFF0299BC7F00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A82038031F300003D05 = { - fileRef = 9DC1DF060299BC9500003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A83038031F400003D05 = { - fileRef = 9DC1DF080299BC9500003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A84038031F500003D05 = { - fileRef = 9DC1DF0A0299BC9500003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A85038031F600003D05 = { - fileRef = 9DC1DF0C0299BC9500003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A86038031F700003D05 = { - fileRef = 9DC1DF0E0299BC9500003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D347A870380359B00003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A9B0380364500003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A880380359B00003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A990380364500003D05, - 9D347A9A0380364500003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A890380359B00003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A9C0380364B00003D05, - 9D347A9D0380364D00003D05, - 9D347A9E0380364E00003D05, - 9D347AA2038036DC00003D05, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A8A0380359B00003D05 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9D347A8B0380359B00003D05 = { - buildPhases = ( - 9D347A870380359B00003D05, - 9D347A880380359B00003D05, - 9D347A890380359B00003D05, - 9D347A8A0380359B00003D05, - ); - buildSettings = { - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\""; - INSTALL_PATH = /usr/bin; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = crlrefresh; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 9D347AA00380365F00003D05, - ); - isa = PBXToolTarget; - name = CrlRefresh; - productInstallPath = /usr/bin; - productName = CrlRefresh; - productReference = 9D347A8C0380359B00003D05; - }; - 9D347A8C0380359B00003D05 = { - isa = PBXExecutableFileReference; - path = crlrefresh; - refType = 3; - }; - 9D347A8E0380360000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = CertTool.cpp; - path = CertTool/CertTool.cpp; - refType = 4; - }; - 9D347A8F0380360000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = CertUI.cpp; - path = CertTool/CertUI.cpp; - refType = 4; - }; - 9D347A900380360000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = CertUI.h; - path = CertTool/CertUI.h; - refType = 4; - }; - 9D347A910380360000003D05 = { - fileRef = 9D347A8E0380360000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A920380360000003D05 = { - fileRef = 9D347A8F0380360000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A930380360000003D05 = { - fileRef = 9D347A900380360000003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A940380361A00003D05 = { - fileRef = 9D347A6B0380312200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A950380362500003D05 = { - children = ( - 9D347A960380364500003D05, - 9D347A970380364500003D05, - 9D347A980380364500003D05, - ); - isa = PBXGroup; - name = CrlRefresh; - path = ""; - refType = 4; - }; - 9D347A960380364500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = crlRefresh.cpp; - path = CrlRefresh/crlRefresh.cpp; - refType = 4; - }; - 9D347A970380364500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ldapFetch.cpp; - path = CrlRefresh/ldapFetch.cpp; - refType = 4; - }; - 9D347A980380364500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = ldapFetch.h; - path = CrlRefresh/ldapFetch.h; - refType = 4; - }; - 9D347A990380364500003D05 = { - fileRef = 9D347A960380364500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9A0380364500003D05 = { - fileRef = 9D347A970380364500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9B0380364500003D05 = { - fileRef = 9D347A980380364500003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9C0380364B00003D05 = { - fileRef = 9D347A5F0380300100003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9D0380364D00003D05 = { - fileRef = 125E85ADFFF3D44A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9E0380364E00003D05 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 9D347A9F0380365900003D05 = { - isa = PBXTargetDependency; - target = 9D347A6A0380312200003D05; - }; - 9D347AA00380365F00003D05 = { - isa = PBXTargetDependency; - target = 9D347A6A0380312200003D05; - }; - 9D347AA10380366700003D05 = { - isa = PBXTargetDependency; - target = 9D347A8B0380359B00003D05; - }; - 9D347AA2038036DC00003D05 = { - fileRef = 9D347A6B0380312200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D384F850301AF8C00003D05 = { - children = ( - 9D384F870301AFC700003D05, - 9D384F860301AFBC00003D05, - 01FA812EFFF2B54C11CD283A, - 01FA815CFFF2B54C11CD283A, - 01FA815FFFF2B54C11CD283A, - 01FA8163FFF2B54C11CD283A, - 01FA8164FFF2B54C11CD283A, - 01FA8165FFF2B54C11CD283A, - 9D78BC7801EBCA2300003D05, - 9D78BC7A01ECA79D00003D05, - ); - isa = PBXGroup; - name = "SSL Core"; - refType = 4; - }; - 9D384F860301AFBC00003D05 = { - children = ( - 01FA815BFFF2B54C11CD283A, - 01FA8158FFF2B54C11CD283A, - 01FA8159FFF2B54C11CD283A, - 01FA815AFFF2B54C11CD283A, - ); - isa = PBXGroup; - name = SSL2; - refType = 4; - }; - 9D384F870301AFC700003D05 = { - children = ( - 01FA812FFFF2B54C11CD283A, - 01FA8130FFF2B54C11CD283A, - 01FA812DFFF2B54C11CD283A, - 01FA8132FFF2B54C11CD283A, - 01FA8161FFF2B54C11CD283A, - ); - isa = PBXGroup; - name = Handshake; - refType = 4; - }; - 9D384F880301AFD800003D05 = { - children = ( - 01FA8135FFF2B54C11CD283A, - 01FA8127FFF2B54C11CD283A, - 01FA8129FFF2B54C11CD283A, - 01FA8162FFF2B54C11CD283A, - ); - isa = PBXGroup; - name = "Apple Custom"; - refType = 4; - }; - 9D384F890301AFEC00003D05 = { - children = ( - 01FA8167FFF2B54C11CD283A, - 9D78BC7401EBB71A00003D05, - 01FA812CFFF2B54C11CD283A, - 01FA812AFFF2B54C11CD283A, - 01FA8137FFF2B54C11CD283A, - ); - isa = PBXGroup; - name = Crypto; - path = ""; - refType = 2; - }; - 9D384F8A0301B01900003D05 = { - children = ( - 01FA8152FFF2B54C11CD283A, - 01FA8166FFF2B54C11CD283A, - 01FA815DFFF2B54C11CD283A, - 01FA815EFFF2B54C11CD283A, - ); - isa = PBXGroup; - name = Misc.; - refType = 4; - }; - 9D4B1BC70156C2E500A17CD1 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tpCertGroup.cpp; - refType = 4; - }; - 9D4B1BC80156C2E500A17CD1 = { - fileRef = 9D4B1BC70156C2E500A17CD1; - isa = PBXBuildFile; - settings = { - }; - }; - 9D518682018F278000003D05 = { - children = ( - 9D518683018F27B400003D05, - 9D1DEC1B0198796200003D05, - 9D1DEC190198777400003D05, - 9D518686018F27B400003D05, - 9D518687018F27B400003D05, - 9D518688018F27B400003D05, - 9D518689018F27B400003D05, - 9D51868A018F27B400003D05, - 9D51868B018F27B400003D05, - 9D69C0260198A8E000003D05, - 9D69C0280198AB3700003D05, - 9D69C02A019AF15E00003D05, - 9D64BAE9019AF3B800003D05, - 9D64BAEB019AFD7900003D05, - 9D64BAED019AFE3600003D05, - ); - isa = PBXGroup; - name = MDS; - path = ""; - refType = 2; - }; - 9D518683018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = mdsapi.cpp; - path = cdsa/mds/mdsapi.cpp; - refType = 4; - }; - 9D518686018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSModule.cpp; - path = cdsa/mds/MDSModule.cpp; - refType = 4; - }; - 9D518687018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSModule.h; - path = cdsa/mds/MDSModule.h; - refType = 4; - }; - 9D518688018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSSchema.cpp; - path = cdsa/mds/MDSSchema.cpp; - refType = 4; - }; - 9D518689018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSSchema.h; - path = cdsa/mds/MDSSchema.h; - refType = 4; - }; - 9D51868A018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSSession.cpp; - path = cdsa/mds/MDSSession.cpp; - refType = 4; - }; - 9D51868B018F27B400003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSSession.h; - path = cdsa/mds/MDSSession.h; - refType = 4; - }; - 9D51868D018F27B500003D05 = { - fileRef = 9D518687018F27B400003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D51868E018F27B500003D05 = { - fileRef = 9D518689018F27B400003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D51868F018F27B500003D05 = { - fileRef = 9D51868B018F27B400003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D518690018F27B500003D05 = { - fileRef = 9D518683018F27B400003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D518692018F27B500003D05 = { - fileRef = 9D518686018F27B400003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D518693018F27B500003D05 = { - fileRef = 9D518688018F27B400003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D518694018F27B500003D05 = { - fileRef = 9D51868A018F27B400003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAE9019AF3B800003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrUtils.cpp; - path = cdsa/mds/MDSAttrUtils.cpp; - refType = 4; - }; - 9D64BAEA019AF3B800003D05 = { - fileRef = 9D64BAE9019AF3B800003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAEB019AFD7900003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSDictionary.h; - path = cdsa/mds/MDSDictionary.h; - refType = 4; - }; - 9D64BAEC019AFD7900003D05 = { - fileRef = 9D64BAEB019AFD7900003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D64BAED019AFE3600003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSDictionary.cpp; - path = cdsa/mds/MDSDictionary.cpp; - refType = 4; - }; - 9D64BAEE019AFE3700003D05 = { - fileRef = 9D64BAED019AFE3600003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAEF019B173900003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cssm.mdsinfo; - refType = 4; - }; - 9D64BAF0019B173900003D05 = { - fileRef = 9D64BAEF019B173900003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAF1019B176100003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = csp_capabilities.mdsinfo; - refType = 4; - }; - 9D64BAF2019B176100003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = csp_common.mdsinfo; - refType = 4; - }; - 9D64BAF3019B176100003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = csp_primary.mdsinfo; - refType = 4; - }; - 9D64BAF4019B176200003D05 = { - fileRef = 9D64BAF1019B176100003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAF5019B176200003D05 = { - fileRef = 9D64BAF2019B176100003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D64BAF6019B176200003D05 = { - fileRef = 9D64BAF3019B176100003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D69C0260198A8E000003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrParser.h; - path = cdsa/mds/MDSAttrParser.h; - refType = 4; - }; - 9D69C0270198A8E100003D05 = { - fileRef = 9D69C0260198A8E000003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D69C0280198AB3700003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrParser.cpp; - path = cdsa/mds/MDSAttrParser.cpp; - refType = 4; - }; - 9D69C0290198AB3700003D05 = { - fileRef = 9D69C0280198AB3700003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D69C02A019AF15E00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = MDSAttrUtils.h; - path = cdsa/mds/MDSAttrUtils.h; - refType = 4; - }; - 9D69C02B019AF15E00003D05 = { - fileRef = 9D69C02A019AF15E00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D78BC7201EBB3F900003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tls_hmac.h; - refType = 4; - }; - 9D78BC7301EBB3F900003D05 = { - fileRef = 9D78BC7201EBB3F900003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D78BC7401EBB71A00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - name = tls_hmac.cpp; - path = SecureTransport/tls_hmac.cpp; - refType = 4; - }; - 9D78BC7501EBB71A00003D05 = { - fileRef = 9D78BC7401EBB71A00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D78BC7601EBBBED00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tls_ssl.h; - refType = 4; - }; - 9D78BC7701EBBBED00003D05 = { - fileRef = 9D78BC7601EBBBED00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D78BC7801EBCA2300003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ssl3Callouts.cpp; - refType = 4; - }; - 9D78BC7901EBCA2400003D05 = { - fileRef = 9D78BC7801EBCA2300003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D78BC7A01ECA79D00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tls1Callouts.cpp; - refType = 4; - }; - 9D78BC7B01ECA79D00003D05 = { - fileRef = 9D78BC7A01ECA79D00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D8B6A2A015A48F500A17CD1 = { - fileEncoding = 30; - isa = PBXFileReference; - path = digestobject.h; - refType = 4; - }; - 9D8B6A2B015A48F500A17CD1 = { - fileRef = 9D8B6A2A015A48F500A17CD1; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 9D8F0D1D01C80C0C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = gladmanContext.cpp; - refType = 4; - }; - 9D8F0D1E01C80C0C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = rijndaelGladman.c; - refType = 4; - }; - 9D8F0D1F01C80C0C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = rijndaelGladman.h; - refType = 4; - }; - 9D8F0D2001C80C0C00003D05 = { - fileRef = 9D8F0D1F01C80C0C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D8F0D2901C815A600003D05 = { - fileRef = 9D8F0D1F01C80C0C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D8F0D2A01C815A600003D05 = { - fileRef = 9D8F0D1D01C80C0C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D8F0D2B01C815A600003D05 = { - fileRef = 9D8F0D1E01C80C0C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9D9AEFBA02B6BC6C00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = rootCerts.cpp; - refType = 4; - }; - 9D9AEFBB02B6BC6C00003D05 = { - fileRef = 9D9AEFBA02B6BC6C00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DA13D0401B4638200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = csp_capabilities_common.mds; - refType = 4; - }; - 9DA13D0501B4638200003D05 = { - fileRef = 9DA13D0401B4638200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E2501A2E63700003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cl_primary.mdsinfo; - refType = 4; - }; - 9DAE2E2601A2E63700003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cl_common.mdsinfo; - refType = 4; - }; - 9DAE2E2701A2E63800003D05 = { - fileRef = 9DAE2E2601A2E63700003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E2801A2E63800003D05 = { - fileRef = 9DAE2E2501A2E63700003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E2901A2F93200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tp_common.mdsinfo; - refType = 4; - }; - 9DAE2E2A01A2F93200003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = tp_primary.mdsinfo; - refType = 4; - }; - 9DAE2E2B01A2F93200003D05 = { - fileRef = 9DAE2E2901A2F93200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E2C01A2F93200003D05 = { - fileRef = 9DAE2E2A01A2F93200003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E2D01A3378900003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = dl_common.mdsinfo; - refType = 4; - }; - 9DAE2E2E01A3378900003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = dl_primary.mdsinfo; - refType = 4; - }; - 9DAE2E2F01A3378A00003D05 = { - fileRef = 9DAE2E2D01A3378900003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E3001A3378A00003D05 = { - fileRef = 9DAE2E2E01A3378900003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E3201A43D6B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdl_common.mdsinfo; - refType = 4; - }; - 9DAE2E3301A43D6B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdl_csp_capabilities.mdsinfo; - refType = 4; - }; - 9DAE2E3401A43D6B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdl_csp_primary.mdsinfo; - refType = 4; - }; - 9DAE2E3501A43D6B00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cspdl_dl_primary.mdsinfo; - refType = 4; - }; - 9DAE2E3601A43D6B00003D05 = { - fileRef = 9DAE2E3201A43D6B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E3701A43D6B00003D05 = { - fileRef = 9DAE2E3301A43D6B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E3801A43D6B00003D05 = { - fileRef = 9DAE2E3401A43D6B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DAE2E3901A43D6B00003D05 = { - fileRef = 9DAE2E3501A43D6B00003D05; - isa = PBXBuildFile; - settings = { - }; - }; - 9DC1DEEC0299BB8F00003D05 = { - children = ( - 9D347A8E0380360000003D05, - 9D347A8F0380360000003D05, - 9D347A900380360000003D05, - 056015710461B87200D4A1BF, - ); - isa = PBXGroup; - name = CertTool; - refType = 4; - }; - 9DC1DEEE0299BBA900003D05 = { - children = ( - 9DC1DEFC0299BC7F00003D05, - 9DC1DEFD0299BC7F00003D05, - 9D347A6D038031AF00003D05, - 9D347A6E038031AF00003D05, - 9DC1DEFE0299BC7F00003D05, - 9DC1DEFF0299BC7F00003D05, - 9DC1DF050299BC9500003D05, - 9DC1DF060299BC9500003D05, - 9DC1DF070299BC9500003D05, - 9DC1DF080299BC9500003D05, - 9DC1DF090299BC9500003D05, - 9DC1DF0A0299BC9500003D05, - 9DC1DF0B0299BC9500003D05, - 9DC1DF0C0299BC9500003D05, - 9DC1DF0D0299BC9500003D05, - 9DC1DF0E0299BC9500003D05, - ); - isa = PBXGroup; - path = CdsaUtils; - refType = 4; - }; - 9DC1DEEF0299BBCD00003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A930380360000003D05, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9DC1DEF00299BBCD00003D05 = { - buildActionMask = 2147483647; - files = ( - 9D347A910380360000003D05, - 9D347A920380360000003D05, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9DC1DEF10299BBCD00003D05 = { - buildActionMask = 2147483647; - files = ( - 9DC1DF100299BD8500003D05, - 9DC1DF110299BD8C00003D05, - 9D347A940380361A00003D05, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9DC1DEF20299BBCD00003D05 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 9DC1DEF30299BBCD00003D05 = { - buildPhases = ( - 9DC1DEEF0299BBCD00003D05, - 9DC1DEF00299BBCD00003D05, - 9DC1DEF10299BBCD00003D05, - 9DC1DEF20299BBCD00003D05, - 056015700461B82B00D4A1BF, - ); - buildSettings = { - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SRCROOT)/CertTool\""; - INSTALL_PATH = /usr/bin; - OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = certtool; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - 9D347A9F0380365900003D05, - ); - isa = PBXToolTarget; - name = CertTool; - productInstallPath = ""; - productName = CertTool; - productReference = 9DC1DEF40299BBCD00003D05; - }; - 9DC1DEF40299BBCD00003D05 = { - isa = PBXExecutableFileReference; - path = certtool; - refType = 3; - }; - 9DC1DEFC0299BC7F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuCdsaUtils.cpp; - refType = 4; - }; - 9DC1DEFD0299BC7F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuCdsaUtils.h; - refType = 4; - }; - 9DC1DEFE0299BC7F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuEnc64.c; - refType = 4; - }; - 9DC1DEFF0299BC7F00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuEnc64.h; - refType = 4; - }; - 9DC1DF050299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuFileIo.c; - refType = 4; - }; - 9DC1DF060299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuFileIo.h; - refType = 4; - }; - 9DC1DF070299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuOidParser.cpp; - refType = 4; - }; - 9DC1DF080299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuOidParser.h; - refType = 4; - }; - 9DC1DF090299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuPem.cpp; - refType = 4; - }; - 9DC1DF0A0299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuPem.h; - refType = 4; - }; - 9DC1DF0B0299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuPrintCert.cpp; - refType = 4; - }; - 9DC1DF0C0299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuPrintCert.h; - refType = 4; - }; - 9DC1DF0D0299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuTimeStr.cpp; - refType = 4; - }; - 9DC1DF0E0299BC9500003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = cuTimeStr.h; - refType = 4; - }; - 9DC1DF0F0299BCB400003D05 = { - isa = PBXTargetDependency; - target = 9DC1DEF30299BBCD00003D05; - }; - 9DC1DF100299BD8500003D05 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 9DC1DF110299BD8C00003D05 = { - fileRef = 125E85ADFFF3D44A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 9DD4620003119BCE00003D05 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecureTransportPriv.h; - refType = 4; - }; - 9DD4620103119BCE00003D05 = { - fileRef = 9DD4620003119BCE00003D05; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//9D0 -//9D1 -//9D2 -//9D3 -//9D4 -//B60 -//B61 -//B62 -//B63 -//B64 - B6F3F06205E5C8DD003E48D8 = { - children = ( - B6F3F06305E5C926003E48D8, - B6F3F06405E5C926003E48D8, - ); - isa = PBXGroup; - name = "Common Criteria"; - refType = 4; - }; - B6F3F06305E5C926003E48D8 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ccaudit.cpp; - refType = 4; - }; - B6F3F06405E5C926003E48D8 = { - fileEncoding = 30; - isa = PBXFileReference; - path = ccaudit.h; - refType = 4; - }; - B6F3F06505E5C926003E48D8 = { - fileRef = B6F3F06305E5C926003E48D8; - isa = PBXBuildFile; - settings = { - }; - }; - B6F3F06605E5C926003E48D8 = { - fileRef = B6F3F06405E5C926003E48D8; - isa = PBXBuildFile; - settings = { - }; - }; -//B60 -//B61 -//B62 -//B63 -//B64 -//BD0 -//BD1 -//BD2 -//BD3 -//BD4 - BD6FEB7203A5642B03CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeyPriv.h; - refType = 4; - }; - BD6FEB7303A5642B03CA2E64 = { - fileRef = BD6FEB7203A5642B03CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; -//BD0 -//BD1 -//BD2 -//BD3 -//BD4 -//C20 -//C21 -//C22 -//C23 -//C24 - C213880E0455C01F00CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecPolicyPriv.h; - refType = 4; - }; - C213880F0455C01F00CA2E77 = { - fileRef = C213880E0455C01F00CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C2227D96044F404900CA2E77 = { - fileRef = F581A93B0316D96A01D50C4C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C2227D97044F404900CA2E77 = { - fileRef = F52A2F160316DA1901D50C4C; - isa = PBXBuildFile; - settings = { - }; - }; - C227CDC203E716B100CA2E77 = { - children = ( - C227CDC303E7170100CA2E77, - ); - isa = PBXGroup; - name = systemkeychain; - path = SecurityServer/StartupItems; - refType = 4; - }; - C227CDC303E7170100CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - name = systemkeychain.cpp; - path = SecurityServer/systemkeychain.cpp; - refType = 2; - }; - C227CDC503E7171400CA2E77 = { - buildActionMask = 2147483647; - files = ( - C227CDD603E7424300CA2E77, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C227CDC603E7171400CA2E77 = { - buildActionMask = 2147483647; - files = ( - C227CDCD03E7175300CA2E77, - C227CDD503E7424200CA2E77, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C227CDC703E7171400CA2E77 = { - buildActionMask = 2147483647; - files = ( - C227CDCE03E71AFB00CA2E77, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C227CDC803E7171400CA2E77 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C227CDC903E7171400CA2E77 = { - buildPhases = ( - C227CDC503E7171400CA2E77, - C227CDC603E7171400CA2E77, - C227CDC703E7171400CA2E77, - C227CDC803E7171400CA2E77, - ); - buildSettings = { - INSTALL_PATH = /usr/sbin; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = systemkeychain; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - ); - isa = PBXToolTarget; - name = systemkeychain; - productInstallPath = /usr/sbin; - productName = systemkeychain; - productReference = C227CDCA03E7171400CA2E77; - }; - C227CDCA03E7171400CA2E77 = { - isa = PBXExecutableFileReference; - path = systemkeychain; - refType = 3; - }; - C227CDCC03E7173300CA2E77 = { - isa = PBXTargetDependency; - target = C227CDC903E7171400CA2E77; - }; - C227CDCD03E7175300CA2E77 = { - fileRef = C227CDC303E7170100CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C227CDCE03E71AFB00CA2E77 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - C227CDD503E7424200CA2E77 = { - fileRef = 01FA8224FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - C227CDD603E7424300CA2E77 = { - fileRef = 01FA8225FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - C244C1350479624A00CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrustedApplicationPriv.h; - refType = 4; - }; - C244C1360479624A00CA2E77 = { - fileRef = C244C1350479624A00CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C25FA84C03CB687400CA2E77 = { - isa = PBXTargetDependency; - target = 0867D69CFE84028FC02AAC07; - }; - C25FA84D03CB689300CA2E77 = { - isa = PBXTargetDependency; - target = 01CE6B1DFFF2B33A11CD283A; - }; - C284B43E042F847900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationPriv.h; - refType = 4; - }; - C284B43F042F847900CA2E77 = { - fileRef = C284B43E042F847900CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C284B440042F856A00CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = privPortClient.cpp; - refType = 4; - }; - C284B441042F856A00CA2E77 = { - fileRef = C284B440042F856A00CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2907DD0042BA6B100CA2E77 = { - buildActionMask = 2147483647; - files = ( - C2A6D4E2042FC54000CA2E77, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C2907DD1042BA6B100CA2E77 = { - buildActionMask = 2147483647; - files = ( - C2907DD9042BA6F800CA2E77, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C2907DD2042BA6B100CA2E77 = { - buildActionMask = 2147483647; - files = ( - C2907DDA042BA71700CA2E77, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C2907DD3042BA6B100CA2E77 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - C2907DD4042BA6B100CA2E77 = { - buildPhases = ( - C2907DD0042BA6B100CA2E77, - C2907DD1042BA6B100CA2E77, - C2907DD2042BA6B100CA2E77, - C2907DD3042BA6B100CA2E77, - ); - buildSettings = { - INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = privportserver; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - C290849A042BC9AF00CA2E77, - ); - isa = PBXToolTarget; - name = PrivPortServer; - productInstallPath = "$(SYSTEM_CORE_SERVICES_DIR)"; - productName = PrivPortServer; - productReference = C2907DD5042BA6B100CA2E77; - }; - C2907DD5042BA6B100CA2E77 = { - isa = PBXExecutableFileReference; - path = privportserver; - refType = 3; - }; - C2907DD7042BA6E300CA2E77 = { - isa = PBXTargetDependency; - target = C2907DD4042BA6B100CA2E77; - }; - C2907DD8042BA6F800CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = privPortServer.cpp; - refType = 4; - }; - C2907DD9042BA6F800CA2E77 = { - fileRef = C2907DD8042BA6F800CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2907DDA042BA71700CA2E77 = { - fileRef = 1BA451B10097605B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - C2908496042BC01100CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = fdmover.cpp; - refType = 4; - }; - C2908497042BC01100CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = fdmover.h; - refType = 4; - }; - C2908498042BC01100CA2E77 = { - fileRef = C2908496042BC01100CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2908499042BC01100CA2E77 = { - fileRef = C2908497042BC01100CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C290849A042BC9AF00CA2E77 = { - isa = PBXTargetDependency; - target = 0867D69CFE84028FC02AAC07; - }; - C2952B0B044B553F00CA2E77 = { - buildActionMask = 2147483647; - files = ( - ); - generatedFileNames = ( - ); - isa = PBXShellScriptBuildPhase; - neededFileNames = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/bash; - shellScript = "${SRCROOT}/SecurityServer/generate.pl ${SRCROOT}/SecurityServer/generate.cf ${BUILT_PRODUCTS_DIR}/include/flip_gen.h ${BUILT_PRODUCTS_DIR}/derived_src/flip_gen.cpp ${SRCROOT}/cdsa/cdsa/cssmtype.h"; - }; - C2952B0C044B55BB00CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = memstreams.h; - refType = 4; - }; - C2952B0D044B55BB00CA2E77 = { - fileRef = C2952B0C044B55BB00CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C2952B0E044B560900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = flippers.cpp; - refType = 4; - }; - C2952B0F044B560900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = flippers.h; - refType = 4; - }; - C2952B10044B560900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = transwalkers.cpp; - refType = 4; - }; - C2952B11044B560900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = transwalkers.h; - refType = 4; - }; - C2952B12044B560900CA2E77 = { - fileRef = C2952B0E044B560900CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2952B13044B560900CA2E77 = { - fileRef = C2952B0F044B560900CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2952B14044B560900CA2E77 = { - fileRef = C2952B10044B560900CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2952B15044B560900CA2E77 = { - fileRef = C2952B11044B560900CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2A6D4E0042FC54000CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = privPort.h; - refType = 4; - }; - C2A6D4E1042FC54000CA2E77 = { - fileRef = C2A6D4E0042FC54000CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - C2A6D4E2042FC54000CA2E77 = { - fileRef = C2A6D4E0042FC54000CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2AE35290469781800CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "db++.cpp"; - refType = 4; - }; - C2AE352A0469781800CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = "db++.h"; - refType = 4; - }; - C2AE352B0469781800CA2E77 = { - fileRef = C2AE35290469781800CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2AE352C0469781800CA2E77 = { - fileRef = C2AE352A0469781800CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C2B484980450D42900CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrustPriv.h; - refType = 4; - }; - C2B484990450D42900CA2E77 = { - fileRef = C2B484980450D42900CA2E77; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - C2C11912047187E800CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = codesigdb.cpp; - refType = 4; - }; - C2C11913047187E800CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = codesigdb.h; - refType = 4; - }; - C2C11914047187E800CA2E77 = { - fileRef = C2C11912047187E800CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2C11915047187E800CA2E77 = { - fileRef = C2C11913047187E800CA2E77; - isa = PBXBuildFile; - settings = { - }; - }; - C2EE0104044B56E700CA2E77 = { - fileEncoding = 30; - isa = PBXFileReference; - path = generate.cf; - refType = 4; - }; - C2EE0105044B56E700CA2E77 = { - fileEncoding = 30; - isa = PBXExecutableFileReference; - path = generate.pl; - refType = 4; - }; - C2F346A204D5C05D0039D9E5 = { - buildRules = ( - ); - buildSettings = { - OTHER_CFLAGS = "\U0001-pg"; - OTHER_LDFLAGS = "\U0001-pg"; - }; - isa = PBXBuildStyle; - name = "Deployment-gprof"; - }; -//C20 -//C21 -//C22 -//C23 -//C24 -//F50 -//F51 -//F52 -//F53 -//F54 - F52A2F160316DA1901D50C4C = { - fileEncoding = 30; - isa = PBXFileReference; - path = endian.cpp; - refType = 4; - }; - F5394A1C0279082901CA2E64 = { - fileRef = 07A0F691005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F540EDC2027A41BF01CA2E66 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Session_CSR.cpp; - refType = 4; - }; - F540EDC3027A41BF01CA2E66 = { - fileRef = F540EDC2027A41BF01CA2E66; - isa = PBXBuildFile; - settings = { - }; - }; - F54323B4022DC91501CA2E64 = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - F54323BD022DC98301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCFTypes.cpp; - refType = 4; - }; - F54323BE022DC98301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCFTypes.h; - refType = 4; - }; - F54323BF022DC98301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecRuntime.cpp; - refType = 4; - }; - F54323C0022DC98301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecRuntime.h; - refType = 4; - }; - F54323C6022DC98301CA2E64 = { - fileRef = F54323BD022DC98301CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F54323C7022DC98301CA2E64 = { - fileRef = F54323BE022DC98301CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F54323C8022DC98301CA2E64 = { - fileRef = F54323BF022DC98301CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F54323C9022DC98301CA2E64 = { - fileRef = F54323C0022DC98301CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F559B18C01D1510A01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = trackingallocator.h; - refType = 4; - }; - F559B18D01D1510B01CA2E64 = { - fileRef = F559B18C01D1510A01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F55B3B460230375401CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CertificateRequest.h; - refType = 4; - }; - F55B3B470230375401CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = CertificateRequest.cpp; - refType = 4; - }; - F55B3B480230375401CA2E64 = { - fileRef = F55B3B460230375401CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F55B3B490230375401CA2E64 = { - fileRef = F55B3B470230375401CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F55B3B4A02303B2A01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = KeyItem.h; - refType = 4; - }; - F55B3B4B02303B2A01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = KeyItem.cpp; - refType = 4; - }; - F55B3B4C02303B2A01CA2E64 = { - fileRef = F55B3B4A02303B2A01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F55B3B4D02303B2A01CA2E64 = { - fileRef = F55B3B4B02303B2A01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F55B3B4E0230448601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Trust.h; - refType = 4; - }; - F55B3B4F0230448601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Trust.cpp; - refType = 4; - }; - F55B3B500230448601CA2E64 = { - fileRef = F55B3B4E0230448601CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F55B3B510230448601CA2E64 = { - fileRef = F55B3B4F0230448601CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F55B3B7902304A6001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustedApplication.h; - refType = 4; - }; - F55B3B7A02304A6001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = TrustedApplication.cpp; - refType = 4; - }; - F55B3B7B02304A6001CA2E64 = { - fileRef = F55B3B7902304A6001CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F55B3B7C02304A6001CA2E64 = { - fileRef = F55B3B7A02304A6001CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786171022EDDE501CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecBase.h; - refType = 4; - }; - F5786172022EDDE501CA2E64 = { - fileRef = F5786171022EDDE501CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F5786173022EDDFB01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychain.h; - refType = 4; - }; - F5786174022EDDFB01CA2E64 = { - fileRef = F5786173022EDDFB01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F5786175022EDE0501CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainItem.h; - refType = 4; - }; - F5786176022EDE0501CA2E64 = { - fileRef = F5786175022EDE0501CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F5786177022EDE1701CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainSearch.h; - refType = 4; - }; - F5786178022EDE1701CA2E64 = { - fileRef = F5786177022EDE1701CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F5786179022EDE2B01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificate.h; - refType = 4; - }; - F578617A022EDE2B01CA2E64 = { - fileRef = F5786179022EDE2B01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F578617B022EDE3F01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecIdentity.h; - refType = 4; - }; - F578617C022EDE3F01CA2E64 = { - fileRef = F578617B022EDE3F01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F578617D022EDE5C01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecPolicy.h; - refType = 4; - }; - F578617E022EDE5C01CA2E64 = { - fileRef = F578617D022EDE5C01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F578617F022EDE6401CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecAccess.h; - refType = 4; - }; - F5786180022EDE6401CA2E64 = { - fileRef = F578617F022EDE6401CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F5786181022EDE8901CA2E64 = { - children = ( - F57861CB022F0F3801CA2E64, - F5786171022EDDE501CA2E64, - F578617F022EDE6401CA2E64, - 52807AD404A3D56C00F46CAB, - 8F7ACD2A02357F2503CA2E8C, - F5786179022EDE2B01CA2E64, - 9D2F711303156A7800003D05, - F57861F7022F12FC01CA2E64, - F57861BF022EEF1B01CA2E64, - F578617B022EDE3F01CA2E64, - 4C2ACAB7044267EE00CA2E66, - F57861C3022EEF3401CA2E64, - F57861C9022F0D0A01CA2E64, - BD6FEB7203A5642B03CA2E64, - F5786173022EDDFB01CA2E64, - F5786175022EDE0501CA2E64, - F5786177022EDE1701CA2E64, - F578617D022EDE5C01CA2E64, - C213880E0455C01F00CA2E77, - F57861C1022EEF2601CA2E64, - F57861C7022EFAE501CA2E64, - C2B484980450D42900CA2E77, - F57861C5022EEF4701CA2E64, - C244C1350479624A00CA2E77, - ); - isa = PBXGroup; - name = "Public API"; - refType = 4; - }; - F57861BF022EEF1B01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificateRequest.h; - refType = 4; - }; - F57861C0022EEF1B01CA2E64 = { - fileRef = F57861BF022EEF1B01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F57861C1022EEF2601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecPolicySearch.h; - refType = 4; - }; - F57861C2022EEF2601CA2E64 = { - fileRef = F57861C1022EEF2601CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861C3022EEF3401CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecIdentitySearch.h; - refType = 4; - }; - F57861C4022EEF3401CA2E64 = { - fileRef = F57861C3022EEF3401CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861C5022EEF4701CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrustedApplication.h; - refType = 4; - }; - F57861C6022EEF4701CA2E64 = { - fileRef = F57861C5022EEF4701CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861C7022EFAE501CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrust.h; - refType = 4; - }; - F57861C8022EFAE501CA2E64 = { - fileRef = F57861C7022EFAE501CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861C9022F0D0A01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKey.h; - refType = 4; - }; - F57861CA022F0D0A01CA2E64 = { - fileRef = F57861C9022F0D0A01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861CB022F0F3801CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Security.h; - refType = 4; - }; - F57861CC022F0F3801CA2E64 = { - fileRef = F57861CB022F0F3801CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Public, - ); - }; - }; - F57861F7022F12FC01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificateBundle.h; - refType = 4; - }; - F57861F8022F12FC01CA2E64 = { - fileRef = F57861F7022F12FC01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F57861F9022F13DF01CA2E64 = { - children = ( - F5786216022F1DA301CA2E64, - F57861FA022F1A9301CA2E64, - 8F7ACD2B02357F2503CA2E8C, - F57861FC022F1AA001CA2E64, - F5786200022F1B4001CA2E64, - F57861FE022F1AAB01CA2E64, - F5786202022F1B5001CA2E64, - F5786204022F1B5901CA2E64, - F5786206022F1B6501CA2E64, - F5786208022F1B6F01CA2E64, - F578620A022F1B7901CA2E64, - F578620C022F1B8701CA2E64, - F578620E022F1B9301CA2E64, - F5786210022F1B9C01CA2E64, - F5786212022F1BA801CA2E64, - F5786214022F1BB601CA2E64, - ); - isa = PBXGroup; - name = "API Bridge"; - path = ""; - refType = 4; - }; - F57861FA022F1A9301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecAccess.cpp; - refType = 4; - }; - F57861FB022F1A9301CA2E64 = { - fileRef = F57861FA022F1A9301CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F57861FC022F1AA001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificate.cpp; - refType = 4; - }; - F57861FD022F1AA001CA2E64 = { - fileRef = F57861FC022F1AA001CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F57861FE022F1AAB01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificateRequest.cpp; - refType = 4; - }; - F57861FF022F1AAB01CA2E64 = { - fileRef = F57861FE022F1AAB01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786200022F1B4001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecCertificateBundle.cpp; - refType = 4; - }; - F5786201022F1B4001CA2E64 = { - fileRef = F5786200022F1B4001CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786202022F1B5001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecIdentity.cpp; - refType = 4; - }; - F5786203022F1B5001CA2E64 = { - fileRef = F5786202022F1B5001CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786204022F1B5901CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecIdentitySearch.cpp; - refType = 4; - }; - F5786205022F1B5901CA2E64 = { - fileRef = F5786204022F1B5901CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786206022F1B6501CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKey.cpp; - refType = 4; - }; - F5786207022F1B6501CA2E64 = { - fileRef = F5786206022F1B6501CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786208022F1B6F01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychain.cpp; - refType = 4; - }; - F5786209022F1B6F01CA2E64 = { - fileRef = F5786208022F1B6F01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F578620A022F1B7901CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainItem.cpp; - refType = 4; - }; - F578620B022F1B7901CA2E64 = { - fileRef = F578620A022F1B7901CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F578620C022F1B8701CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecKeychainSearch.cpp; - refType = 4; - }; - F578620D022F1B8701CA2E64 = { - fileRef = F578620C022F1B8701CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F578620E022F1B9301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecPolicy.cpp; - refType = 4; - }; - F578620F022F1B9301CA2E64 = { - fileRef = F578620E022F1B9301CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786210022F1B9C01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecPolicySearch.cpp; - refType = 4; - }; - F5786211022F1B9C01CA2E64 = { - fileRef = F5786210022F1B9C01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786212022F1BA801CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrust.cpp; - refType = 4; - }; - F5786213022F1BA801CA2E64 = { - fileRef = F5786212022F1BA801CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786214022F1BB601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecTrustedApplication.cpp; - refType = 4; - }; - F5786215022F1BB601CA2E64 = { - fileRef = F5786214022F1BB601CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786216022F1DA301CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = SecBridge.h; - refType = 4; - }; - F5786217022F1DA301CA2E64 = { - fileRef = F5786216022F1DA301CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F5786222022F2D9701CA2E64 = { - children = ( - F54323BD022DC98301CA2E64, - F54323BE022DC98301CA2E64, - F54323BF022DC98301CA2E64, - F54323C0022DC98301CA2E64, - F578623C023024CC01CA2E64, - F578623B023024CC01CA2E64, - 8F7ACD310235805903CA2E8C, - 8F7ACD300235805903CA2E8C, - F5786230022F39A101CA2E64, - F5786231022F39A101CA2E64, - F55B3B470230375401CA2E64, - F55B3B460230375401CA2E64, - 5BA4A42D01F4E3F504CA2E82, - 5BA4A42E01F4E3F504CA2E82, - F5786225022F32E001CA2E64, - F5786224022F32E001CA2E64, - 0177F292FFFAA2D311CD283A, - 0177F293FFFAA2D311CD283A, - 0177F29CFFFAA2D311CD283A, - 0177F29DFFFAA2D311CD283A, - 0177F2B7FFFAA2D311CD283A, - 0177F2B8FFFAA2D311CD283A, - F55B3B4B02303B2A01CA2E64, - F55B3B4A02303B2A01CA2E64, - F5786237022F48C601CA2E64, - F5786238022F48C601CA2E64, - F578622D022F37EB01CA2E64, - F578622C022F37EB01CA2E64, - 0177F290FFFAA2D311CD283A, - 0177F291FFFAA2D311CD283A, - 0177F2D6FFFAA2D311CD283A, - 0177F2D7FFFAA2D311CD283A, - F55B3B4F0230448601CA2E64, - F55B3B4E0230448601CA2E64, - F55B3B7A02304A6001CA2E64, - F55B3B7902304A6001CA2E64, - 52807AD004A3D4B800F46CAB, - 52807AD104A3D4B800F46CAB, - ); - isa = PBXGroup; - name = "API Classes"; - refType = 4; - }; - F5786223022F2DDB01CA2E64 = { - children = ( - 0177F269FFFAA2D311CD283A, - 0177F27EFFFAA2D311CD283A, - 0177F26AFFFAA2D311CD283A, - 0177F27FFFFAA2D311CD283A, - 0177F28AFFFAA2D311CD283A, - 0177F28BFFFAA2D311CD283A, - 0177F29EFFFAA2D311CD283A, - 0177F29FFFFAA2D311CD283A, - 0177F2A0FFFAA2D311CD283A, - 0177F2A1FFFAA2D311CD283A, - 0177F2A2FFFAA2D311CD283A, - 0177F352FFFAC61911CD283A, - 0177F353FFFAC61911CD283A, - 0177F2C6FFFAA2D311CD283A, - 0177F2C7FFFAA2D311CD283A, - F579CFD900E99FC401CD283A, - 0177F2CDFFFAA2D311CD283A, - 0177F2D2FFFAA2D311CD283A, - 0177F2D1FFFAA2D311CD283A, - 0177F2D3FFFAA2D311CD283A, - 3244148C023837A505CA2E77, - 3244148D023837A505CA2E77, - 3206D1FB029996FC05CA2E77, - 3206D1FC029996FC05CA2E77, - 52D4AA9104B3AE3E00393476, - ); - isa = PBXGroup; - name = Internal; - path = ""; - refType = 4; - }; - F5786224022F32E001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = IdentityCursor.h; - refType = 4; - }; - F5786225022F32E001CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = IdentityCursor.cpp; - refType = 4; - }; - F5786226022F32E001CA2E64 = { - fileRef = F5786224022F32E001CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F5786227022F32E001CA2E64 = { - fileRef = F5786225022F32E001CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F578622C022F37EB01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = PolicyCursor.h; - refType = 4; - }; - F578622D022F37EB01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = PolicyCursor.cpp; - refType = 4; - }; - F578622E022F37EB01CA2E64 = { - fileRef = F578622C022F37EB01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F578622F022F37EB01CA2E64 = { - fileRef = F578622D022F37EB01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786230022F39A101CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Certificate.cpp; - refType = 4; - }; - F5786231022F39A101CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Certificate.h; - refType = 4; - }; - F5786232022F39A101CA2E64 = { - fileRef = F5786230022F39A101CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5786233022F39A101CA2E64 = { - fileRef = F5786231022F39A101CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F5786237022F48C601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Policies.cpp; - refType = 4; - }; - F5786238022F48C601CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Policies.h; - refType = 4; - }; - F5786239022F48C601CA2E64 = { - fileRef = F5786237022F48C601CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F578623A022F48C601CA2E64 = { - fileRef = F5786238022F48C601CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F578623B023024CC01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Access.h; - refType = 4; - }; - F578623C023024CC01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = Access.cpp; - refType = 4; - }; - F578623D023024CC01CA2E64 = { - fileRef = F578623B023024CC01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F578623E023024CC01CA2E64 = { - fileRef = F578623C023024CC01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F579CFD900E99FC401CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = Schema.m4; - refType = 4; - }; - F581A93B0316D96A01D50C4C = { - fileEncoding = 30; - isa = PBXFileReference; - path = endian.h; - refType = 4; - }; - F58785C800FB965F01CD29D4 = { - fileEncoding = 30; - isa = PBXFileReference; - name = checkpw.c; - path = checkpw/checkpw.c; - refType = 2; - }; - F58785C900FB965F01CD29D4 = { - fileEncoding = 30; - isa = PBXFileReference; - name = checkpw.h; - path = checkpw/checkpw.h; - refType = 2; - }; - F58785CA00FB966001CD29D4 = { - fileRef = F58785C900FB965F01CD29D4; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F58785CB00FB966001CD29D4 = { - fileRef = F58785C800FB965F01CD29D4; - isa = PBXBuildFile; - settings = { - }; - }; - F58998F803809BCA01CA2A98 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = "-O0 -fno-inline"; - OTHER_CFLAGS = "\U0001 -DDEBUGDUMP -gfull"; - SECTORDER_FLAGS = ""; - i386 = YES; - ppc = YES; - }; - isa = PBXBuildStyle; - name = "Development-fat"; - }; - F5A5E50E00FB884E01CD29D4 = { - children = ( - F58785C800FB965F01CD29D4, - F58785C900FB965F01CD29D4, - ); - isa = PBXGroup; - name = checkpw; - refType = 4; - }; - F5A7F715023D96EA01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = authorization.plist; - refType = 4; - }; - F5A7F716023D96EA01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationData.cpp; - refType = 4; - }; - F5A7F717023D96EA01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationData.h; - refType = 4; - }; - F5A7F718023D96EA01CA2E64 = { - fileEncoding = 30; - isa = PBXFileReference; - path = AuthorizationPlugin.h; - refType = 4; - }; - F5A7F71D023D972201CA2E64 = { - fileRef = F5A7F718023D96EA01CA2E64; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - F5A7F720023D974F01CA2E64 = { - fileRef = F5A7F717023D96EA01CA2E64; - isa = PBXBuildFile; - settings = { - }; - }; - F5DDE3AE00B3358F01CD283A = { - buildActionMask = 12; - files = ( - ); - generatedFileNames = ( - ); - isa = PBXShellScriptBuildPhase; - neededFileNames = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "${SRCROOT}/symbol_strip.sh ${SRCROOT}/Security.exp"; - }; - F5E32A1500EAB9A301CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - path = KeySchema.m4; - refType = 4; - }; - }; - rootObject = 0867D690FE84028FC02AAC07; -} diff --git a/Security.xcode/project.pbxproj b/Security.xcode/project.pbxproj new file mode 100644 index 00000000..a65d7fee --- /dev/null +++ b/Security.xcode/project.pbxproj @@ -0,0 +1,2997 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 39; + objects = { + 014CEA440018CDF011CA2923 = { + buildSettings = { + BUILD_VARIANTS = debug; + SECTORDER_FLAGS = ""; + WARNING_LDFLAGS = ""; + }; + isa = PBXBuildStyle; + name = Development; + }; + 014CEA450018CDF011CA2923 = { + buildSettings = { + GCC_ENABLE_FIX_AND_CONTINUE = NO; + ZERO_LINK = NO; + }; + isa = PBXBuildStyle; + name = Deployment; + }; +//010 +//011 +//012 +//013 +//014 +//030 +//031 +//032 +//033 +//034 + 034768DFFF38A50411DB9C8B = { + children = ( + 034768E0FF38A50411DB9C8B, + 4C216214053639A600CCA0BB, + ); + isa = PBXGroup; + name = Products; + refType = 4; + sourceTree = ""; + }; + 034768E0FF38A50411DB9C8B = { + explicitFileType = wrapper.framework; + isa = PBXFileReference; + path = Security.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; +//030 +//031 +//032 +//033 +//034 +//050 +//051 +//052 +//053 +//054 + 0504B1B406517D230011D5F5 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = osKeyTemplates.h; + refType = 4; + sourceTree = ""; + }; + 0504B1B506517D230011D5F5 = { + fileRef = 0504B1B406517D230011D5F5; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053105C105E19ED400044101 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + name = Foundation.framework; + path = /System/Library/Frameworks/Foundation.framework; + refType = 0; + sourceTree = ""; + }; + 05336D77073AEDA10039907B = { + buildSettings = { + OTHER_LDFLAGS = ""; + }; + isa = PBXBuildStyle; + name = Darwin; + }; + 053C8C8D06503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = asn1Templates.h; + refType = 4; + sourceTree = ""; + }; + 053C8C8E06503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = certExtensionTemplates.h; + refType = 4; + sourceTree = ""; + }; + 053C8C8F06503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = csrTemplates.h; + refType = 4; + sourceTree = ""; + }; + 053C8C9006503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = keyTemplates.h; + refType = 4; + sourceTree = ""; + }; + 053C8C9106503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = nameTemplates.h; + refType = 4; + sourceTree = ""; + }; + 053C8C9206503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecAsn1Coder.h; + refType = 4; + sourceTree = ""; + }; + 053C8C9306503DD80047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = secasn1t.h; + refType = 4; + sourceTree = ""; + }; + 053C8C9406503DD80047C7CA = { + fileRef = 053C8C8D06503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9506503DD80047C7CA = { + fileRef = 053C8C8E06503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9606503DD80047C7CA = { + fileRef = 053C8C8F06503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9706503DD80047C7CA = { + fileRef = 053C8C9006503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9806503DD80047C7CA = { + fileRef = 053C8C9106503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9906503DD80047C7CA = { + fileRef = 053C8C9206503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8C9A06503DD80047C7CA = { + fileRef = 053C8C9306503DD80047C7CA; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 053C8CC706503E9E0047C7CA = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_asn1.exp; + refType = 4; + sourceTree = ""; + }; + 05792F4E065082C100C80DB3 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = X509Templates.h; + refType = 4; + sourceTree = ""; + }; + 05792F4F065082C100C80DB3 = { + fileRef = 05792F4E065082C100C80DB3; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 05B063C705DB2C1C006FA9A6 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecImportExport.h; + refType = 4; + sourceTree = ""; + }; + 05B063C805DB2C1C006FA9A6 = { + fileRef = 05B063C705DB2C1C006FA9A6; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 05D0BC8206A87338001F9A43 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmapplePriv.h; + refType = 4; + sourceTree = ""; + }; + 05D0BC8306A87338001F9A43 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = ocspTemplates.h; + refType = 4; + sourceTree = ""; + }; + 05D0BC8406A87338001F9A43 = { + fileRef = 05D0BC8206A87338001F9A43; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 05D0BC8506A87338001F9A43 = { + fileRef = 05D0BC8306A87338001F9A43; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; +//050 +//051 +//052 +//053 +//054 +//080 +//081 +//082 +//083 +//084 + 0867D690FE84028FC02AAC07 = { + buildSettings = { + }; + buildStyles = ( + 014CEA440018CDF011CA2923, + 014CEA450018CDF011CA2923, + 05336D77073AEDA10039907B, + 4C3A328C079862AC007FDF15, + ); + hasScannedForEncodings = 1; + isa = PBXProject; + knownRegions = ( + English, + Japanese, + French, + German, + Engish, + ); + mainGroup = 0867D691FE84028FC02AAC07; + productRefGroup = 034768DFFF38A50411DB9C8B; + projectDirPath = ""; + targets = ( + 0867D69CFE84028FC02AAC07, + 4C216213053639A600CCA0BB, + 4C60A0A605811A4300C8A016, + ); + }; + 0867D691FE84028FC02AAC07 = { + children = ( + 4CD808CC05360655009F54B0, + 089C1665FE841158C02AAC07, + 4CAF731305363B5200D9DA7C, + 4C5969DA058115A0001507D4, + 0867D69AFE84028FC02AAC07, + 034768DFFF38A50411DB9C8B, + ); + isa = PBXGroup; + name = Security; + refType = 4; + sourceTree = ""; + }; + 0867D69AFE84028FC02AAC07 = { + children = ( + 1058C7B0FEA5585E11CA2CBB, + 1058C7B2FEA5585E11CA2CBB, + ); + isa = PBXGroup; + name = "External Frameworks and Libraries"; + refType = 4; + sourceTree = ""; + }; + 0867D69CFE84028FC02AAC07 = { + buildPhases = ( + 0867D69DFE84028FC02AAC07, + 0867D69EFE84028FC02AAC07, + 0867D69FFE84028FC02AAC07, + 0867D6A0FE84028FC02AAC07, + 4C77DA7506DD0A0200139C22, + ); + buildSettings = { + BUILD_VARIANTS = "normal debug"; + CURRENT_PROJECT_VERSION = 222; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 222; + EXPORTED_SYMBOLS_FILE = "${BUILT_PRODUCTS_DIR}/derived_src/Security.exp"; + FRAMEWORK_SEARCH_PATHS = "/usr/local/SecurityPieces/Components/Security /usr/local/SecurityPieces/Frameworks"; + FRAMEWORK_VERSION = A; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + OPT_LDFLAGS = "-dead_strip"; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS = "-framework \"security_comcryption\" -framework \"security_cryptkit\" "; + OTHER_LDFLAGS_debug = "\"-framework\" \"security_ssl,_debug\" \"-framework\" \"security_keychain,_debug\" \"-framework\" \"security_cssm,_debug\" \"-framework\" \"security_mds,_debug\" \"-framework\" \"security_apple_x509_tp,_debug\" \"-framework\" \"security_apple_x509_cl,_debug\" \"-framework\" \"security_apple_file_dl,_debug\" \"-framework\" \"security_apple_cspdl,_debug\" \"-framework\" \"security_apple_csp,_debug\" \"-framework\" \"security_sd_cspdl,_debug\" \"-framework\" \"security_filedb,_debug\" \"-framework\" \"security_cdsa_plugin,_debug\" \"-framework\" \"security_cdsa_client,_debug\" \"-framework\" \"security_authorization,_debug\" \"-framework\" \"securityd_client,_debug\" \"-framework\" \"security_cdsa_utilities,_debug\" \"-framework\" \"security_utilities,_debug\" \"-framework\" \"security_checkpw,_debug\" \"-framework\" \"security_authorization,_debug\" \"-framework\" \"security_pkcs12,_debug\" \"-framework\" \"security_smime,_debug\" \"-framework\" \"security_manifest,_debug\" \"-framework\" \"security_asn1,_debug\" \"-framework\" \"security_cdsa_utils,_debug\" \"-framework\" \"security_ocspd,_debug\" \"-lstdc++\" \"-lDirectoryServiceMIG\" \"-framework\" \"CoreFoundation\" $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_nopic = "$(OPT_LDFLAGS) \"-framework\" \"security_ssl\" \"-framework\" \"security_keychain\" \"-framework\" \"security_cssm\" \"-framework\" \"security_mds\" \"-framework\" \"security_apple_x509_tp\" \"-framework\" \"security_apple_x509_cl\" \"-framework\" \"security_apple_file_dl\" \"-framework\" \"security_apple_cspdl\" \"-framework\" \"security_apple_csp\" \"-framework\" \"security_sd_cspdl\" \"-framework\" \"security_filedb\" \"-framework\" \"security_cdsa_plugin\" \"-framework\" \"security_cdsa_client\" \"-framework\" \"security_authorization\" \"-framework\" \"securityd_client\" \"-framework\" \"security_cdsa_utilities\" \"-framework\" \"security_utilities\" \"-framework\" \"security_checkpw\" \"-framework\" \"security_authorization\" \"-framework\" \"security_pkcs12\" \"-framework\" \"security_smime\" \"-framework\" \"security_manifest\" \"-framework\" \"security_asn1\" \"-framework\" \"security_cdsa_utils\" \"-framework\" \"security_ocspd\" \"-lstdc++\" \"-lDirectoryServiceMIG\" \"-framework\" \"CoreFoundation\" $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) \"-framework\" \"security_ssl\" \"-framework\" \"security_keychain\" \"-framework\" \"security_cssm\" \"-framework\" \"security_mds\" \"-framework\" \"security_apple_x509_tp\" \"-framework\" \"security_apple_x509_cl\" \"-framework\" \"security_apple_file_dl\" \"-framework\" \"security_apple_cspdl\" \"-framework\" \"security_apple_csp\" \"-framework\" \"security_sd_cspdl\" \"-framework\" \"security_filedb\" \"-framework\" \"security_cdsa_plugin\" \"-framework\" \"security_cdsa_client\" \"-framework\" \"security_authorization\" \"-framework\" \"securityd_client\" \"-framework\" \"security_cdsa_utilities\" \"-framework\" \"security_utilities\" \"-framework\" \"security_checkpw\" \"-framework\" \"security_authorization\" \"-framework\" \"security_pkcs12\" \"-framework\" \"security_smime\" \"-framework\" \"security_manifest\" \"-framework\" \"security_asn1\" \"-framework\" \"security_cdsa_utils\" \"-framework\" \"security_ocspd\" \"-lstdc++\" \"-lDirectoryServiceMIG\" \"-framework\" \"CoreFoundation\" $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) -pg \"-framework\" \"security_ssl,_profile\" \"-framework\" \"security_keychain,_profile\" \"-framework\" \"security_cssm,_profile\" \"-framework\" \"security_mds,_profile\" \"-framework\" \"security_apple_x509_tp,_profile\" \"-framework\" \"security_apple_x509_cl,_profile\" \"-framework\" \"security_apple_file_dl,_profile\" \"-framework\" \"security_apple_cspdl,_profile\" \"-framework\" \"security_apple_csp,_profile\" \"-framework\" \"security_sd_cspdl,_profile\" \"-framework\" \"security_filedb,_profile\" \"-framework\" \"security_cdsa_plugin,_profile\" \"-framework\" \"security_cdsa_client,_profile\" \"-framework\" \"security_authorization,_profile\" \"-framework\" \"securityd_client,_profile\" \"-framework\" \"security_cdsa_utilities,_profile\" \"-framework\" \"security_utilities,_profile\" \"-framework\" \"security_checkpw,_profile\" \"-framework\" \"security_authorization,_profile\" \"-framework\" \"security_pkcs12,_profile\" \"-framework\" \"security_smime,_profile\" \"-framework\" \"security_manifest,_profile\" \"-framework\" \"security_asn1,_profile\" \"-framework\" \"security_cdsa_utils,_profile\" \"-framework\" \"security_ocspd,_profile\" \"-lstdc++\" \"-lDirectoryServiceMIG\" \"-framework\" \"CoreFoundation\" $(OTHER_LDFLAGS)"; + PRODUCT_NAME = Security; + SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(SRCROOT)/lib/Security.order\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\""; + STRIPFLAGS_FOR_GM = "-x"; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; + WRAPPER_EXTENSION = framework; + }; + dependencies = ( + 4CAF730405363B1200D9DA7C, + ); + isa = PBXFrameworkTarget; + name = Security; + productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + productName = Security; + productReference = 034768E0FF38A50411DB9C8B; + productSettingsXML = " + + + + CFBundleDevelopmentRegion + English + CFBundleExecutable + Security + CFBundleGetInfoString + 4.0, Copyright © 2000-2004 Apple Computer Inc., All Rights Reserved + CFBundleIconFile + + CFBundleIdentifier + com.apple.security + CFBundleInfoDictionaryVersion + 6.0 + CFBundlePackageType + FMWK + CFBundleShortVersionString + 4.0 + CFBundleSignature + ???? + CFBundleVersion + 221 + + +"; + }; + 0867D69DFE84028FC02AAC07 = { + buildActionMask = 2147483647; + files = ( + 4C596A41058115A0001507D4, + 4C596A42058115A0001507D4, + 4C596A43058115A0001507D4, + 4C596A44058115A0001507D4, + 4C596A45058115A0001507D4, + 4C596A47058115A0001507D4, + 4C596A48058115A0001507D4, + 4C596A49058115A0001507D4, + 4C596A4A058115A0001507D4, + 4C596A4B058115A0001507D4, + 4C596A4C058115A0001507D4, + 4C596A4D058115A0001507D4, + 4C596A4E058115A0001507D4, + 4C596A4F058115A0001507D4, + 4C596A50058115A0001507D4, + 4C596A51058115A0001507D4, + 4C596A52058115A0001507D4, + 4C596A53058115A0001507D4, + 4C596A54058115A0001507D4, + 4C596A55058115A0001507D4, + 4C596A56058115A0001507D4, + 4C596A57058115A0001507D4, + 4C596A58058115A0001507D4, + 4C596A59058115A0001507D4, + C234BC48069DBAB2006A5163, + 4C596A5A058115A0001507D4, + 4C596A5B058115A0001507D4, + 4C596A5C058115A0001507D4, + 4C596A5D058115A0001507D4, + 4C596A5E058115A0001507D4, + 4C596A5F058115A0001507D4, + 4C596A60058115A0001507D4, + 4C596A61058115A0001507D4, + 4C596A62058115A0001507D4, + 4C596A63058115A0001507D4, + 4C596A64058115A0001507D4, + 4C596A65058115A0001507D4, + 05B063C805DB2C1C006FA9A6, + 4C596A66058115A0001507D4, + 4C596A67058115A0001507D4, + 4C596A69058115A0001507D4, + 4C596A6A058115A0001507D4, + 4C596A6B058115A0001507D4, + 4C596A6C058115A0001507D4, + 4C596A6D058115A0001507D4, + 4C596A6E058115A0001507D4, + 4C596A6F058115A0001507D4, + 4C596A70058115A0001507D4, + 4C596A71058115A0001507D4, + 4C596A72058115A0001507D4, + 4C596A73058115A0001507D4, + 4C596A74058115A0001507D4, + 4C596A46058115A0001507D4, + 4C596A75058115A0001507D4, + 4C868463058A56780072F261, + 4C596A76058115A0001507D4, + 4C596A77058115A0001507D4, + 4C596A78058115A0001507D4, + 4CA9BECA063726BD0013F16F, + 4CA9BECB063726BD0013F16F, + 4CA9BECC063726BD0013F16F, + 4CA9BECD063726BD0013F16F, + 4CA9BECE063726BD0013F16F, + 4CA9BECF063726BD0013F16F, + 4CA9BED0063726BD0013F16F, + 4CA9BED1063726BD0013F16F, + 4CA9BED2063726BD0013F16F, + 4CA9BED3063726BD0013F16F, + 4CA9BED4063726BD0013F16F, + 4CA9BED5063726BD0013F16F, + 4C596A79058115A0001507D4, + 309CD1FA062B3D1900B66530, + 4C596A7B058115A0001507D4, + 4C596A7C058115A0001507D4, + 1B40AAEE062F63E7009BAE74, + 4C596A7D058115A0001507D4, + D6FB4E6A05F934DC0015312A, + 4C596A7E058115A0001507D4, + 4CA9BED6063726BD0013F16F, + 053C8C9406503DD80047C7CA, + 053C8C9506503DD80047C7CA, + 053C8C9606503DD80047C7CA, + 053C8C9706503DD80047C7CA, + 053C8C9806503DD80047C7CA, + 053C8C9906503DD80047C7CA, + 053C8C9A06503DD80047C7CA, + 4C596A7F058115A0001507D4, + 4C596A80058115A0001507D4, + 4C596A81058115A0001507D4, + 05792F4F065082C100C80DB3, + 0504B1B506517D230011D5F5, + 40A2A721066FE6B300858603, + 05D0BC8406A87338001F9A43, + 05D0BC8506A87338001F9A43, + ); + isa = PBXHeadersBuildPhase; + runOnlyForDeploymentPostprocessing = 0; + }; + 0867D69EFE84028FC02AAC07 = { + buildActionMask = 2147483647; + files = ( + 089C1668FE841158C02AAC07, + 5270685507024D6F00C5D30E, + C21204A5056D89280018F475, + 4C596A82058115A0001507D4, + 4C596A83058115A0001507D4, + 4C596A84058115A0001507D4, + 4C596A85058115A0001507D4, + 4C596A86058115A0001507D4, + 4C596A87058115A0001507D4, + 4C596A88058115A0001507D4, + 4C596A89058115A0001507D4, + 4C596A8A058115A0001507D4, + 4C596A8B058115A0001507D4, + 4C596A8C058115A0001507D4, + 4C596A8D058115A0001507D4, + 4C596A8E058115A0001507D4, + 4C8C2C1606D1AE6A00B00C2F, + 4C596A90058115A0001507D4, + 4C596A91058115A0001507D4, + 4C596A92058115A0001507D4, + ); + isa = PBXResourcesBuildPhase; + runOnlyForDeploymentPostprocessing = 0; + }; + 0867D69FFE84028FC02AAC07 = { + buildActionMask = 2147483647; + files = ( + 4C2495B305811D3200DDE4A6, + ); + isa = PBXSourcesBuildPhase; + runOnlyForDeploymentPostprocessing = 0; + }; + 0867D6A0FE84028FC02AAC07 = { + buildActionMask = 2147483647; + files = ( + ); + isa = PBXFrameworksBuildPhase; + runOnlyForDeploymentPostprocessing = 0; + }; + 089C1665FE841158C02AAC07 = { + children = ( + 089C1666FE841158C02AAC07, + ); + isa = PBXGroup; + path = intl; + refType = 4; + sourceTree = ""; + }; + 089C1666FE841158C02AAC07 = { + children = ( + 089C1667FE841158C02AAC07, + ); + isa = PBXVariantGroup; + name = InfoPlist.strings; + refType = 4; + sourceTree = ""; + }; + 089C1667FE841158C02AAC07 = { + fileEncoding = 10; + isa = PBXFileReference; + lastKnownFileType = text.plist.strings; + name = English; + path = English.lproj/InfoPlist.strings; + refType = 4; + sourceTree = ""; + }; + 089C1668FE841158C02AAC07 = { + fileRef = 089C1666FE841158C02AAC07; + isa = PBXBuildFile; + settings = { + }; + }; +//080 +//081 +//082 +//083 +//084 +//100 +//101 +//102 +//103 +//104 + 1058C7B0FEA5585E11CA2CBB = { + children = ( + 4C01DDF10540D04C00A9C9B2, + 4C01DDF20540D04C00A9C9B2, + 4C01DDF30540D04C00A9C9B2, + 4C01DDF40540D04C00A9C9B2, + 4C01DDF50540D04C00A9C9B2, + 4C01DDF60540D04C00A9C9B2, + 4C01DDF70540D04C00A9C9B2, + 4C01DDF80540D04C00A9C9B2, + 4C01DDF90540D04C00A9C9B2, + 4C01DDFA0540D04C00A9C9B2, + 4C01DDFB0540D04C00A9C9B2, + 4C01DDFC0540D04C00A9C9B2, + 4C01DDFD0540D04C00A9C9B2, + 4C01DDFF0540D04C00A9C9B2, + 4C01DE000540D04C00A9C9B2, + 4C01DE010540D04C00A9C9B2, + 4C01DE020540D04C00A9C9B2, + 4C01DE040540D04C00A9C9B2, + 4C01DE050540D04C00A9C9B2, + D6FB4E9405F937900015312A, + D6FB4E9505F937900015312A, + 4C01DDFE0540D04C00A9C9B2, + 4CD8084D0536046D009F54B0, + 053105C105E19ED400044101, + ); + isa = PBXGroup; + name = "Linked Frameworks"; + refType = 4; + sourceTree = ""; + }; + 1058C7B2FEA5585E11CA2CBB = { + children = ( + ); + isa = PBXGroup; + name = "Other Frameworks"; + refType = 4; + sourceTree = ""; + }; +//100 +//101 +//102 +//103 +//104 +//1B0 +//1B1 +//1B2 +//1B3 +//1B4 + 1B40AAED062F63E7009BAE74 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychainSearchPriv.h; + refType = 4; + sourceTree = ""; + }; + 1B40AAEE062F63E7009BAE74 = { + fileRef = 1B40AAED062F63E7009BAE74; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; +//1B0 +//1B1 +//1B2 +//1B3 +//1B4 +//300 +//301 +//302 +//303 +//304 + 309CD1F9062B3D1900B66530 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecIdentitySearchPriv.h; + refType = 4; + sourceTree = ""; + }; + 309CD1FA062B3D1900B66530 = { + fileRef = 309CD1F9062B3D1900B66530; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; +//300 +//301 +//302 +//303 +//304 +//400 +//401 +//402 +//403 +//404 + 40A2A720066FE6B200858603 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecPassword.h; + refType = 4; + sourceTree = ""; + }; + 40A2A721066FE6B300858603 = { + fileRef = 40A2A720066FE6B200858603; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; +//400 +//401 +//402 +//403 +//404 +//4C0 +//4C1 +//4C2 +//4C3 +//4C4 + 4C01DDF10540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_agent_client.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF20540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_apple_csp.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF30540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_apple_cspdl.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF40540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_apple_file_dl.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF50540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_apple_x509_cl.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF60540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_apple_x509_tp.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF70540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_asn1.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF80540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_cdsa_client.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDF90540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_cdsa_plugin.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFA0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_cdsa_utilities.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFB0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_cdsa_utils.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFC0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_checkpw.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFD0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_cssm.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFE0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_filedb.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DDFF0540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_keychain.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DE000540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_mds.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DE010540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_ssl.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DE020540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_utilities.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DE040540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = securityd_client.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C01DE050540D04C00A9C9B2 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = securityd_server.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C216213053639A600CCA0BB = { + buildPhases = ( + 4CAF72FE053639C900D9DA7C, + ); + buildSettings = { + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/SecurityPieces/Headers\" \"$(BUILT_PRODUCTS_DIR)/SecurityPieces/PrivateHeaders\" /usr/local/SecurityPieces/Headers /usr/local/SecurityPieces/PrivateHeaders"; + PRODUCT_NAME = generate; + }; + dependencies = ( + 4C68458305814C85003AC7B2, + ); + isa = PBXToolTarget; + name = generate; + productInstallPath = /usr/local/bin; + productName = generate; + productReference = 4C216214053639A600CCA0BB; + }; + 4C216214053639A600CCA0BB = { + explicitFileType = "compiled.mach-o.executable"; + isa = PBXFileReference; + path = generate; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C2495B305811D3200DDE4A6 = { + fileRef = 4CAF731A05363BD700D9DA7C; + isa = PBXBuildFile; + settings = { + }; + }; + 4C3A328C079862AC007FDF15 = { + buildSettings = { + BUILD_VARIANTS = normal; + COPY_PHASE_STRIP = NO; + CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/SecurityPieces/Headers/Security"; + GCC_OPTIMIZATION_LEVEL = 0; + OPT_LDFLAGS = ""; + OPT_LDXFLAGS = ""; + OPT_LDXNOPIC = ""; + OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CFLAGS) -O0 -fno-inline"; + SECTORDER_FLAGS = ""; + }; + isa = PBXBuildStyle; + name = "normal with debug"; + }; + 4C5969DA058115A0001507D4 = { + children = ( + 4C5969DB058115A0001507D4, + 4C5969E3058115A0001507D4, + 4C596A16058115A0001507D4, + 4C596A28058115A0001507D4, + ); + isa = PBXGroup; + path = SecurityPieces; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4C5969DB058115A0001507D4 = { + children = ( + 4C5969DC058115A0001507D4, + ); + isa = PBXGroup; + path = Exports; + refType = 4; + sourceTree = ""; + }; + 4C5969DC058115A0001507D4 = { + children = ( + 053C8CC706503E9E0047C7CA, + 4C5969DD058115A0001507D4, + 4C5969DE058115A0001507D4, + 4C5969DF058115A0001507D4, + D6FB4E6F05F935690015312A, + 4C5969E0058115A0001507D4, + 4CA9BEDD0637274A0013F16F, + 4C5969E1058115A0001507D4, + 4C5969E2058115A0001507D4, + ); + isa = PBXGroup; + path = Security; + refType = 4; + sourceTree = ""; + }; + 4C5969DD058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_checkpw.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969DE058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_cssm.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969DF058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_keychain.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969E0058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_mds.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969E1058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_ssl.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969E2058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = securityd_client.exp; + refType = 4; + sourceTree = ""; + }; + 4C5969E3058115A0001507D4 = { + children = ( + 4C5969E4058115A0001507D4, + ); + isa = PBXGroup; + path = Headers; + refType = 4; + sourceTree = ""; + }; + 4C5969E4058115A0001507D4 = { + children = ( + 4C5969E5058115A0001507D4, + 4C5969E6058115A0001507D4, + 4C596A18058115A0001507D4, + 4C5969E7058115A0001507D4, + 4C5969E8058115A0001507D4, + 4C5969E9058115A0001507D4, + 4C5969EB058115A0001507D4, + 4C5969EC058115A0001507D4, + 4C5969ED058115A0001507D4, + 4C5969EE058115A0001507D4, + 4C5969EF058115A0001507D4, + 4C5969F0058115A0001507D4, + 4C5969F1058115A0001507D4, + 4C5969F2058115A0001507D4, + 4C5969F3058115A0001507D4, + 4C5969F4058115A0001507D4, + 4C5969F5058115A0001507D4, + 4C5969F6058115A0001507D4, + 4C5969F7058115A0001507D4, + 4C5969F8058115A0001507D4, + 4C5969F9058115A0001507D4, + 4C5969FA058115A0001507D4, + 4C5969FB058115A0001507D4, + 4C5969FC058115A0001507D4, + 4C5969FD058115A0001507D4, + 4C5969FE058115A0001507D4, + 4C5969FF058115A0001507D4, + 4C596A00058115A0001507D4, + 4C596A01058115A0001507D4, + 4C596A02058115A0001507D4, + 4C596A03058115A0001507D4, + 4C596A04058115A0001507D4, + 4C596A05058115A0001507D4, + 4C596A06058115A0001507D4, + 4C596A07058115A0001507D4, + 4C596A08058115A0001507D4, + 4C596A09058115A0001507D4, + 05B063C705DB2C1C006FA9A6, + 4C596A0A058115A0001507D4, + 4C596A0B058115A0001507D4, + 4C596A0D058115A0001507D4, + 4C596A0E058115A0001507D4, + 4C596A0F058115A0001507D4, + 4C596A10058115A0001507D4, + 4C596A11058115A0001507D4, + 4C596A12058115A0001507D4, + 4C596A13058115A0001507D4, + 4C596A14058115A0001507D4, + 4C596A15058115A0001507D4, + ); + isa = PBXGroup; + path = Security; + refType = 4; + sourceTree = ""; + }; + 4C5969E5058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = Authorization.h; + refType = 4; + sourceTree = ""; + }; + 4C5969E6058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthorizationDB.h; + refType = 4; + sourceTree = ""; + }; + 4C5969E7058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthorizationTags.h; + refType = 4; + sourceTree = ""; + }; + 4C5969E8058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthSession.h; + refType = 4; + sourceTree = ""; + }; + 4C5969E9058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = certextensions.h; + refType = 4; + sourceTree = ""; + }; + 4C5969EA058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = checkpw.h; + refType = 4; + sourceTree = ""; + }; + 4C5969EB058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = CipherSuite.h; + refType = 4; + sourceTree = ""; + }; + 4C5969EC058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssm.h; + refType = 4; + sourceTree = ""; + }; + 4C5969ED058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmaci.h; + refType = 4; + sourceTree = ""; + }; + 4C5969EE058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmapi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969EF058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmapple.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F0058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmcli.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F1058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmconfig.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F2058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmcspi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F3058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmdli.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F4058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmerr.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F5058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmkrapi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F6058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmkrspi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F7058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmspi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F8058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmtpi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969F9058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = cssmtype.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FA058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = eisl.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FB058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = emmspi.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FC058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = emmtype.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FD058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = mds.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FE058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = mds_schema.h; + refType = 4; + sourceTree = ""; + }; + 4C5969FF058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = oidsalg.h; + refType = 4; + sourceTree = ""; + }; + 4C596A00058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = oidsattr.h; + refType = 4; + sourceTree = ""; + }; + 4C596A01058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = oidsbase.h; + refType = 4; + sourceTree = ""; + }; + 4C596A02058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = oidscert.h; + refType = 4; + sourceTree = ""; + }; + 4C596A03058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = oidscrl.h; + refType = 4; + sourceTree = ""; + }; + 4C596A04058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecAccess.h; + refType = 4; + sourceTree = ""; + }; + 4C596A05058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecACL.h; + refType = 4; + sourceTree = ""; + }; + 4C596A06058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecBase.h; + refType = 4; + sourceTree = ""; + }; + 4C596A07058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCertificate.h; + refType = 4; + sourceTree = ""; + }; + 4C596A08058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecIdentity.h; + refType = 4; + sourceTree = ""; + }; + 4C596A09058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecIdentitySearch.h; + refType = 4; + sourceTree = ""; + }; + 4C596A0A058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKey.h; + refType = 4; + sourceTree = ""; + }; + 4C596A0B058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychain.h; + refType = 4; + sourceTree = ""; + }; + 4C596A0D058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychainItem.h; + refType = 4; + sourceTree = ""; + }; + 4C596A0E058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychainSearch.h; + refType = 4; + sourceTree = ""; + }; + 4C596A0F058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecPolicy.h; + refType = 4; + sourceTree = ""; + }; + 4C596A10058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecPolicySearch.h; + refType = 4; + sourceTree = ""; + }; + 4C596A11058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecTrust.h; + refType = 4; + sourceTree = ""; + }; + 4C596A12058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecTrustedApplication.h; + refType = 4; + sourceTree = ""; + }; + 4C596A13058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecureTransport.h; + refType = 4; + sourceTree = ""; + }; + 4C596A14058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = Security.h; + refType = 4; + sourceTree = ""; + }; + 4C596A15058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = x509defs.h; + refType = 4; + sourceTree = ""; + }; + 4C596A16058115A0001507D4 = { + children = ( + 4C596A17058115A0001507D4, + ); + isa = PBXGroup; + path = PrivateHeaders; + refType = 4; + sourceTree = ""; + }; + 4C596A17058115A0001507D4 = { + children = ( + 4C596A19058115A0001507D4, + 4C596A1A058115A0001507D4, + 053C8C8E06503DD80047C7CA, + 4C5969EA058115A0001507D4, + 053C8C8F06503DD80047C7CA, + 053C8C9006503DD80047C7CA, + C234BC47069DBAB2006A5163, + 053C8C9106503DD80047C7CA, + 0504B1B406517D230011D5F5, + 4C596A1B058115A0001507D4, + 053C8C9206503DD80047C7CA, + 053C8C9306503DD80047C7CA, + 4C868462058A56780072F261, + 4C596A1C058115A0001507D4, + 4C596A1D058115A0001507D4, + 4C596A1E058115A0001507D4, + 4CA9BEBD063726BD0013F16F, + 4CA9BEBE063726BD0013F16F, + 4CA9BEBF063726BD0013F16F, + 4CA9BEC0063726BD0013F16F, + 4CA9BEC1063726BD0013F16F, + 4CA9BEC2063726BD0013F16F, + 4CA9BEC3063726BD0013F16F, + 4CA9BEC4063726BD0013F16F, + 4CA9BEC5063726BD0013F16F, + 4CA9BEC6063726BD0013F16F, + 4CA9BEC7063726BD0013F16F, + 4CA9BEC8063726BD0013F16F, + 4C596A1F058115A0001507D4, + 309CD1F9062B3D1900B66530, + 4C596A21058115A0001507D4, + 4C596A22058115A0001507D4, + 1B40AAED062F63E7009BAE74, + 4C596A23058115A0001507D4, + D6FB4E6805F934DC0015312A, + 40A2A720066FE6B200858603, + 4C596A24058115A0001507D4, + 4CA9BEC9063726BD0013F16F, + 4C596A25058115A0001507D4, + 4C596A26058115A0001507D4, + 4C596A27058115A0001507D4, + 053C8C8D06503DD80047C7CA, + 05792F4E065082C100C80DB3, + 05D0BC8206A87338001F9A43, + 05D0BC8306A87338001F9A43, + ); + isa = PBXGroup; + path = Security; + refType = 4; + sourceTree = ""; + }; + 4C596A18058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthorizationPlugin.h; + refType = 4; + sourceTree = ""; + }; + 4C596A19058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthorizationPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1A058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = AuthorizationTagsPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1B058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecAccessPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1C058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCertificateBundle.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1D058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCertificatePriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1E058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCertificateRequest.h; + refType = 4; + sourceTree = ""; + }; + 4C596A1F058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecIdentityPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A21058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychainItemPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A22058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeychainPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A23058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecKeyPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A24058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecPolicyPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A25058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecTrustedApplicationPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A26058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecTrustPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A27058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecureTransportPriv.h; + refType = 4; + sourceTree = ""; + }; + 4C596A28058115A0001507D4 = { + children = ( + 4C596A29058115A0001507D4, + ); + isa = PBXGroup; + path = Resources; + refType = 4; + sourceTree = ""; + }; + 4C596A29058115A0001507D4 = { + children = ( + 5270685407024D6F00C5D30E, + 4C596A2A058115A0001507D4, + 4C596A2B058115A0001507D4, + 4C596A2C058115A0001507D4, + 4C596A2D058115A0001507D4, + 4C596A2E058115A0001507D4, + 4C596A2F058115A0001507D4, + 4C596A30058115A0001507D4, + 4C596A31058115A0001507D4, + 4C596A32058115A0001507D4, + 4C596A33058115A0001507D4, + 4C596A34058115A0001507D4, + 4C596A35058115A0001507D4, + 4C596A36058115A0001507D4, + 4C8C2C1506D1AE6A00B00C2F, + 4C596A38058115A0001507D4, + 4C596A39058115A0001507D4, + 4C596A3A058115A0001507D4, + ); + isa = PBXGroup; + path = Security; + refType = 4; + sourceTree = ""; + }; + 4C596A2A058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cl_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A2B058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cl_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A2C058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = csp_capabilities.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A2D058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = csp_capabilities_common.mds; + refType = 4; + sourceTree = ""; + }; + 4C596A2E058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = csp_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A2F058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = csp_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A30058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cspdl_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A31058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cspdl_csp_capabilities.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A32058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cspdl_csp_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A33058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cspdl_dl_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A34058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = cssm.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A35058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = dl_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A36058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = dl_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A38058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = tp_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A39058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = tp_policyOids.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A3A058115A0001507D4 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = tp_primary.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C596A41058115A0001507D4 = { + fileRef = 4C5969E5058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A42058115A0001507D4 = { + fileRef = 4C5969E6058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A43058115A0001507D4 = { + fileRef = 4C5969E7058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A44058115A0001507D4 = { + fileRef = 4C5969E8058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A45058115A0001507D4 = { + fileRef = 4C5969E9058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A46058115A0001507D4 = { + fileRef = 4C5969EA058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A47058115A0001507D4 = { + fileRef = 4C5969EB058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A48058115A0001507D4 = { + fileRef = 4C5969EC058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A49058115A0001507D4 = { + fileRef = 4C5969ED058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4A058115A0001507D4 = { + fileRef = 4C5969EE058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4B058115A0001507D4 = { + fileRef = 4C5969EF058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4C058115A0001507D4 = { + fileRef = 4C5969F0058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4D058115A0001507D4 = { + fileRef = 4C5969F1058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4E058115A0001507D4 = { + fileRef = 4C5969F2058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A4F058115A0001507D4 = { + fileRef = 4C5969F3058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A50058115A0001507D4 = { + fileRef = 4C5969F4058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A51058115A0001507D4 = { + fileRef = 4C5969F5058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A52058115A0001507D4 = { + fileRef = 4C5969F6058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A53058115A0001507D4 = { + fileRef = 4C5969F7058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A54058115A0001507D4 = { + fileRef = 4C5969F8058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A55058115A0001507D4 = { + fileRef = 4C5969F9058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A56058115A0001507D4 = { + fileRef = 4C5969FA058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A57058115A0001507D4 = { + fileRef = 4C5969FB058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A58058115A0001507D4 = { + fileRef = 4C5969FC058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A59058115A0001507D4 = { + fileRef = 4C5969FD058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5A058115A0001507D4 = { + fileRef = 4C5969FE058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5B058115A0001507D4 = { + fileRef = 4C5969FF058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5C058115A0001507D4 = { + fileRef = 4C596A00058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5D058115A0001507D4 = { + fileRef = 4C596A01058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5E058115A0001507D4 = { + fileRef = 4C596A02058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A5F058115A0001507D4 = { + fileRef = 4C596A03058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A60058115A0001507D4 = { + fileRef = 4C596A04058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A61058115A0001507D4 = { + fileRef = 4C596A05058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A62058115A0001507D4 = { + fileRef = 4C596A06058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A63058115A0001507D4 = { + fileRef = 4C596A07058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A64058115A0001507D4 = { + fileRef = 4C596A08058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A65058115A0001507D4 = { + fileRef = 4C596A09058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A66058115A0001507D4 = { + fileRef = 4C596A0A058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A67058115A0001507D4 = { + fileRef = 4C596A0B058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A69058115A0001507D4 = { + fileRef = 4C596A0D058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6A058115A0001507D4 = { + fileRef = 4C596A0E058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6B058115A0001507D4 = { + fileRef = 4C596A0F058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6C058115A0001507D4 = { + fileRef = 4C596A10058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6D058115A0001507D4 = { + fileRef = 4C596A11058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6E058115A0001507D4 = { + fileRef = 4C596A12058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A6F058115A0001507D4 = { + fileRef = 4C596A13058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A70058115A0001507D4 = { + fileRef = 4C596A14058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A71058115A0001507D4 = { + fileRef = 4C596A15058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A72058115A0001507D4 = { + fileRef = 4C596A18058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + 4C596A73058115A0001507D4 = { + fileRef = 4C596A19058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A74058115A0001507D4 = { + fileRef = 4C596A1A058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A75058115A0001507D4 = { + fileRef = 4C596A1B058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A76058115A0001507D4 = { + fileRef = 4C596A1C058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A77058115A0001507D4 = { + fileRef = 4C596A1D058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A78058115A0001507D4 = { + fileRef = 4C596A1E058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A79058115A0001507D4 = { + fileRef = 4C596A1F058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A7B058115A0001507D4 = { + fileRef = 4C596A21058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A7C058115A0001507D4 = { + fileRef = 4C596A22058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A7D058115A0001507D4 = { + fileRef = 4C596A23058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A7E058115A0001507D4 = { + fileRef = 4C596A24058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A7F058115A0001507D4 = { + fileRef = 4C596A25058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A80058115A0001507D4 = { + fileRef = 4C596A26058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A81058115A0001507D4 = { + fileRef = 4C596A27058115A0001507D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C596A82058115A0001507D4 = { + fileRef = 4C596A2A058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A83058115A0001507D4 = { + fileRef = 4C596A2B058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A84058115A0001507D4 = { + fileRef = 4C596A2C058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A85058115A0001507D4 = { + fileRef = 4C596A2D058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A86058115A0001507D4 = { + fileRef = 4C596A2E058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A87058115A0001507D4 = { + fileRef = 4C596A2F058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A88058115A0001507D4 = { + fileRef = 4C596A30058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A89058115A0001507D4 = { + fileRef = 4C596A31058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A8A058115A0001507D4 = { + fileRef = 4C596A32058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A8B058115A0001507D4 = { + fileRef = 4C596A33058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A8C058115A0001507D4 = { + fileRef = 4C596A34058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A8D058115A0001507D4 = { + fileRef = 4C596A35058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A8E058115A0001507D4 = { + fileRef = 4C596A36058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A90058115A0001507D4 = { + fileRef = 4C596A38058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A91058115A0001507D4 = { + fileRef = 4C596A39058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C596A92058115A0001507D4 = { + fileRef = 4C596A3A058115A0001507D4; + isa = PBXBuildFile; + settings = { + }; + }; + 4C60A0A605811A4300C8A016 = { + buildArgumentsString = "-f lib/copy_pieces.mk $ACTION"; + buildPhases = ( + ); + buildSettings = { + PRODUCT_NAME = "copy pieces"; + }; + buildToolPath = /usr/bin/gnumake; + buildWorkingDirectory = ""; + dependencies = ( + ); + isa = PBXLegacyTarget; + name = "copy pieces"; + passBuildSettingsInEnvironment = 1; + productName = "copy pieces"; + }; + 4C60A0B105811AC800C8A016 = { + fileEncoding = 4; + isa = PBXFileReference; + lastKnownFileType = text; + path = copy_pieces.mk; + refType = 4; + sourceTree = ""; + }; + 4C68458205814C85003AC7B2 = { + containerPortal = 0867D690FE84028FC02AAC07; + isa = PBXContainerItemProxy; + proxyType = 1; + remoteGlobalIDString = 4C60A0A605811A4300C8A016; + remoteInfo = "copy pieces"; + }; + 4C68458305814C85003AC7B2 = { + isa = PBXTargetDependency; + target = 4C60A0A605811A4300C8A016; + targetProxy = 4C68458205814C85003AC7B2; + }; + 4C77DA7506DD0A0200139C22 = { + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + isa = PBXShellScriptBuildPhase; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p \"${SYMROOT}/${PRODUCT_NAME}.framework\"\nfor variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" \"${SYMROOT}/${PRODUCT_NAME}.framework/${PRODUCT_NAME}${postfix}\"\ndone\n"; + }; + 4C868462058A56780072F261 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecBasePriv.h; + refType = 4; + sourceTree = ""; + }; + 4C868463058A56780072F261 = { + fileRef = 4C868462058A56780072F261; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4C8C2C1506D1AE6A00B00C2F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = sd_cspdl_common.mdsinfo; + refType = 4; + sourceTree = ""; + }; + 4C8C2C1606D1AE6A00B00C2F = { + fileRef = 4C8C2C1506D1AE6A00B00C2F; + isa = PBXBuildFile; + settings = { + }; + }; + 4CA9BEBD063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsBase.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEBE063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsContentInfo.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEBF063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsDecoder.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC0063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsDigestContext.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC1063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsDigestedData.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC2063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsEncoder.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC3063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsEncryptedData.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC4063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsEnvelopedData.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC5063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsMessage.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC6063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsRecipientInfo.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC7063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsSignedData.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC8063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecCmsSignerInfo.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BEC9063726BD0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecSMIME.h; + refType = 4; + sourceTree = ""; + }; + 4CA9BECA063726BD0013F16F = { + fileRef = 4CA9BEBD063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BECB063726BD0013F16F = { + fileRef = 4CA9BEBE063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BECC063726BD0013F16F = { + fileRef = 4CA9BEBF063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BECD063726BD0013F16F = { + fileRef = 4CA9BEC0063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BECE063726BD0013F16F = { + fileRef = 4CA9BEC1063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BECF063726BD0013F16F = { + fileRef = 4CA9BEC2063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED0063726BD0013F16F = { + fileRef = 4CA9BEC3063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED1063726BD0013F16F = { + fileRef = 4CA9BEC4063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED2063726BD0013F16F = { + fileRef = 4CA9BEC5063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED3063726BD0013F16F = { + fileRef = 4CA9BEC6063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED4063726BD0013F16F = { + fileRef = 4CA9BEC7063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED5063726BD0013F16F = { + fileRef = 4CA9BEC8063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BED6063726BD0013F16F = { + fileRef = 4CA9BEC9063726BD0013F16F; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 4CA9BEDD0637274A0013F16F = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_smime.exp; + refType = 4; + sourceTree = ""; + }; + 4CAF72FE053639C900D9DA7C = { + buildActionMask = 12; + files = ( + ); + inputPaths = ( + ); + isa = PBXShellScriptBuildPhase; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "DERIVED_SRC=\"${BUILT_PRODUCTS_DIR}/derived_src\"\nmkdir -p \"${DERIVED_SRC}\"\n\n# make force loader stub\nEXPORTS=\"${DERIVED_SRC}/Security.exp\"\nsort -u \"${BUILT_PRODUCTS_DIR}/SecurityPieces/Exports/Security/\"*.exp | grep -v '^#' > \"${EXPORTS}.new\"\ncmp -s \"${EXPORTS}.new\" \"${EXPORTS}\" || mv \"${EXPORTS}.new\" \"${EXPORTS}\"\nTARGET=\"${DERIVED_SRC}/security_exports.s\"\nsed 's/^/.reference /' < \"${EXPORTS}\" > \"${TARGET}.new\"\ncmp -s \"${TARGET}.new\" \"${TARGET}\" || mv \"${TARGET}.new\" \"${TARGET}\"\n\n# make error message string files\nERRORSTRINGS=\"${DERIVED_SRC}/English.lproj/SecErrorMessages.strings\"\nmkdir -p \"${DERIVED_SRC}/English.lproj\"\ncat \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/Authorization.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/AuthSession.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/SecureTransport.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/SecBase.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/cssmerr.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/Headers/Security/cssmapple.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/PrivateHeaders/Security/AuthorizationPriv.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/PrivateHeaders/Security/MacOSErrorStrings.h\" \\\n\t\"${BUILT_PRODUCTS_DIR}/SecurityPieces/PrivateHeaders/Security/SecureTransportPriv.h\" \\\n\t> \"${DERIVED_SRC}/errorcodes.new\"\n\nif [ ! -f \"${ERRORSTRINGS}\" -o `cmp -s \"${DERIVED_SRC}/errorcodes.new\" \"${DERIVED_SRC}/errorcodes\"; echo $?` -ne 0 ]\nthen\n\tmv \"${DERIVED_SRC}/errorcodes.new\" \"${DERIVED_SRC}/errorcodes\"\n\tperl \"lib/generateErrStrings.pl\" \"${DERIVED_SRC}/errorcodes\" \"${BUILT_PRODUCTS_DIR}\" \"${ERRORSTRINGS}\"\nfi\n"; + }; + 4CAF730305363B1200D9DA7C = { + containerPortal = 0867D690FE84028FC02AAC07; + isa = PBXContainerItemProxy; + proxyType = 1; + remoteGlobalIDString = 4C216213053639A600CCA0BB; + remoteInfo = generate; + }; + 4CAF730405363B1200D9DA7C = { + isa = PBXTargetDependency; + target = 4C216213053639A600CCA0BB; + targetProxy = 4CAF730305363B1200D9DA7C; + }; + 4CAF731305363B5200D9DA7C = { + children = ( + 4CAF731A05363BD700D9DA7C, + C21204A4056D89280018F475, + ); + isa = PBXGroup; + path = derived_src; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4CAF731A05363BD700D9DA7C = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.asm; + path = security_exports.s; + refType = 4; + sourceTree = ""; + }; + 4CD8084D0536046D009F54B0 = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + name = CoreFoundation.framework; + path = /System/Library/Frameworks/CoreFoundation.framework; + refType = 0; + sourceTree = ""; + }; + 4CD808CC05360655009F54B0 = { + children = ( + 4C60A0B105811AC800C8A016, + C299D086056BF15B004BB123, + C4294290053B28F100470431, + ); + isa = PBXGroup; + path = lib; + refType = 4; + sourceTree = ""; + }; +//4C0 +//4C1 +//4C2 +//4C3 +//4C4 +//520 +//521 +//522 +//523 +//524 + 5270685407024D6F00C5D30E = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.xml; + path = iToolsTrustedApps.plist; + refType = 4; + sourceTree = ""; + }; + 5270685507024D6F00C5D30E = { + fileRef = 5270685407024D6F00C5D30E; + isa = PBXBuildFile; + settings = { + }; + }; +//520 +//521 +//522 +//523 +//524 +//C20 +//C21 +//C22 +//C23 +//C24 + C21204A2056D891E0018F475 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.plist.strings; + name = English; + path = English.lproj/SecErrorMessages.strings; + refType = 4; + sourceTree = ""; + }; + C21204A4056D89280018F475 = { + children = ( + C21204A2056D891E0018F475, + ); + isa = PBXVariantGroup; + name = SecErrorMessages.strings; + refType = 4; + sourceTree = ""; + }; + C21204A5056D89280018F475 = { + fileRef = C21204A4056D89280018F475; + isa = PBXBuildFile; + settings = { + }; + }; + C234BC47069DBAB2006A5163 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = mdspriv.h; + refType = 4; + sourceTree = ""; + }; + C234BC48069DBAB2006A5163 = { + fileRef = C234BC47069DBAB2006A5163; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + C299D086056BF15B004BB123 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text.script.perl; + path = generateErrStrings.pl; + refType = 4; + sourceTree = ""; + }; +//C20 +//C21 +//C22 +//C23 +//C24 +//C40 +//C41 +//C42 +//C43 +//C44 + C4294290053B28F100470431 = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = text; + path = Security.order; + refType = 4; + sourceTree = ""; + }; +//C40 +//C41 +//C42 +//C43 +//C44 +//D60 +//D61 +//D62 +//D63 +//D64 + D6FB4E6805F934DC0015312A = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SecManifest.h; + refType = 4; + sourceTree = ""; + }; + D6FB4E6A05F934DC0015312A = { + fileRef = D6FB4E6805F934DC0015312A; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + D6FB4E6F05F935690015312A = { + fileEncoding = 30; + isa = PBXFileReference; + lastKnownFileType = sourcecode.exports; + path = security_manifest.exp; + refType = 4; + sourceTree = ""; + }; + D6FB4E9405F937900015312A = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_manifest.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + D6FB4E9505F937900015312A = { + isa = PBXFileReference; + lastKnownFileType = wrapper.framework; + path = security_smime.framework; + refType = 3; + sourceTree = BUILT_PRODUCTS_DIR; + }; + }; + rootObject = 0867D690FE84028FC02AAC07; +} diff --git a/Security.xcode/stuartha.mode1 b/Security.xcode/stuartha.mode1 new file mode 100644 index 00000000..20d94e96 --- /dev/null +++ b/Security.xcode/stuartha.mode1 @@ -0,0 +1,1255 @@ + + + + + ActivePerspectiveName + Project + AllowedModules + + + BundleLoadPath + + MaxInstances + n + Module + PBXSmartGroupTreeModule + Name + Groups and Files Outline View + + + BundleLoadPath + + MaxInstances + n + Module + PBXNavigatorGroup + Name + Editor + + + BundleLoadPath + + MaxInstances + n + Module + XCTaskListModule + Name + Task List + + + BundleLoadPath + + MaxInstances + n + Module + XCDetailModule + Name + File and Smart Group Detail Viewer + + + BundleLoadPath + + MaxInstances + 1 + Module + PBXBuildResultsModule + Name + Detailed Build Results Viewer + + + BundleLoadPath + + MaxInstances + 1 + Module + PBXProjectFindModule + Name + Project Batch Find Tool + + + BundleLoadPath + + MaxInstances + n + Module + PBXRunSessionModule + Name + Run Log + + + BundleLoadPath + + MaxInstances + n + Module + PBXBookmarksModule + Name + Bookmarks Tool + + + BundleLoadPath + + MaxInstances + n + Module + PBXClassBrowserModule + Name + Class Browser + + + BundleLoadPath + + MaxInstances + n + Module + PBXCVSModule + Name + Source Code Control Tool + + + BundleLoadPath + + MaxInstances + n + Module + PBXDebugBreakpointsModule + Name + Debug Breakpoints Tool + + + BundleLoadPath + + MaxInstances + n + Module + XCDockableInspector + Name + Inspector + + + BundleLoadPath + + MaxInstances + n + Module + PBXOpenQuicklyModule + Name + Open Quickly Tool + + + BundleLoadPath + + MaxInstances + 1 + Module + PBXDebugSessionModule + Name + Debugger + + + BundleLoadPath + + MaxInstances + 1 + Module + PBXDebugCLIModule + Name + Debug Console + + + Description + DefaultDescriptionKey + DockingSystemVisible + + Extension + mode1 + FavBarConfig + + PBXProjectModuleGUID + D655561307A814A20010B179 + XCBarModuleItemNames + + XCBarModuleItems + + + FirstTimeWindowDisplayed + + Identifier + com.apple.perspectives.project.mode1 + MajorVersion + 31 + MinorVersion + 1 + Name + Default + Notifications + + + XCObserverAutoDisconnectKey + + XCObserverDefintionKey + + PBXStatusErrorsKey + 0 + + XCObserverFactoryKey + XCPerspectivesSpecificationIdentifier + XCObserverGUIDKey + XCObserverProjectIdentifier + XCObserverNotificationKey + PBXStatusBuildStateMessageNotification + XCObserverTargetKey + XCMainBuildResultsModuleGUID + XCObserverTriggerKey + awakenModuleWithObserver: + XCObserverValidationKey + + PBXStatusErrorsKey + 2 + + + + OpenEditors + + PerspectiveWidths + + -1 + -1 + + Perspectives + + + ChosenToolbarItems + + active-target-popup + active-buildstyle-popup + NSToolbarFlexibleSpaceItem + buildOrClean + build-and-runOrDebug + com.apple.ide.PBXToolbarStopButton + get-info + toggle-editor + NSToolbarFlexibleSpaceItem + com.apple.pbx.toolbar.searchfield + + ControllerClassBaseName + + IconName + WindowOfProjectWithEditor + Identifier + perspective.project + IsVertical + + Layout + + + ContentConfiguration + + PBXBottomSmartGroupGIDs + + 1C37FBAC04509CD000000102 + 1C37FAAC04509CD000000102 + 1C08E77C0454961000C914BD + 1C37FABC05509CD000000102 + 1C37FABC05539CD112110102 + E2644B35053B69B200211256 + 1C37FABC04509CD000100104 + 1CC0EA4004350EF90044410B + 1CC0EA4004350EF90041110B + + PBXProjectModuleGUID + 1CE0B1FE06471DED0097A5F4 + PBXProjectModuleLabel + Files + PBXProjectStructureProvided + yes + PBXSmartGroupTreeModuleColumnData + + PBXSmartGroupTreeModuleColumnWidthsKey + + 186 + + PBXSmartGroupTreeModuleColumnsKey_v4 + + MainColumn + + + PBXSmartGroupTreeModuleOutlineStateKey_v7 + + PBXSmartGroupTreeModuleOutlineStateExpansionKey + + 0867D691FE84028FC02AAC07 + 4CD808CC05360655009F54B0 + 1C37FBAC04509CD000000102 + 1C37FABC05509CD000000102 + + PBXSmartGroupTreeModuleOutlineStateSelectionKey + + + 11 + 10 + + + PBXSmartGroupTreeModuleOutlineStateVisibleRectKey + {{0, 0}, {186, 884}} + + PBXTopSmartGroupGIDs + + XCIncludePerspectivesSwitch + + XCSharingToken + com.apple.Xcode.GFSharingToken + + GeometryConfiguration + + Frame + {{0, 0}, {203, 902}} + GroupTreeTableConfiguration + + MainColumn + 186 + + RubberWindowFrame + 0 59 1280 943 0 0 1280 1002 + + Module + PBXSmartGroupTreeModule + Proportion + 203pt + + + Dock + + + ContentConfiguration + + PBXProjectModuleGUID + 1CE0B20306471E060097A5F4 + PBXProjectModuleLabel + MyNewFile14.java + PBXSplitModuleInNavigatorKey + + Split0 + + PBXProjectModuleGUID + 1CE0B20406471E060097A5F4 + PBXProjectModuleLabel + MyNewFile14.java + + SplitCount + 1 + + StatusBarVisibility + + + GeometryConfiguration + + Frame + {{0, 0}, {1072, 0}} + RubberWindowFrame + 0 59 1280 943 0 0 1280 1002 + + Module + PBXNavigatorGroup + Proportion + 0pt + + + BecomeActive + + ContentConfiguration + + PBXProjectModuleGUID + 1CE0B20506471E060097A5F4 + PBXProjectModuleLabel + Detail + + GeometryConfiguration + + Frame + {{0, 5}, {1072, 897}} + RubberWindowFrame + 0 59 1280 943 0 0 1280 1002 + + Module + XCDetailModule + Proportion + 897pt + + + Proportion + 1072pt + + + Name + Project + ServiceClasses + + XCModuleDock + PBXSmartGroupTreeModule + XCModuleDock + PBXNavigatorGroup + XCDetailModule + + TableOfContents + + D6DD115807BAC51400B05B34 + 1CE0B1FE06471DED0097A5F4 + D6DD115907BAC51400B05B34 + 1CE0B20306471E060097A5F4 + 1CE0B20506471E060097A5F4 + + ToolbarConfiguration + xcode.toolbar.config.default + + + ControllerClassBaseName + + IconName + WindowOfProject + Identifier + perspective.morph + IsVertical + 0 + Layout + + + BecomeActive + 1 + ContentConfiguration + + PBXBottomSmartGroupGIDs + + 1C37FBAC04509CD000000102 + 1C37FAAC04509CD000000102 + 1C08E77C0454961000C914BD + 1C37FABC05509CD000000102 + 1C37FABC05539CD112110102 + E2644B35053B69B200211256 + 1C37FABC04509CD000100104 + 1CC0EA4004350EF90044410B + 1CC0EA4004350EF90041110B + + PBXProjectModuleGUID + 11E0B1FE06471DED0097A5F4 + PBXProjectModuleLabel + Files + PBXProjectStructureProvided + yes + PBXSmartGroupTreeModuleColumnData + + PBXSmartGroupTreeModuleColumnWidthsKey + + 186 + + PBXSmartGroupTreeModuleColumnsKey_v4 + + MainColumn + + + PBXSmartGroupTreeModuleOutlineStateKey_v7 + + PBXSmartGroupTreeModuleOutlineStateExpansionKey + + 29B97314FDCFA39411CA2CEA + 1C37FABC05509CD000000102 + + PBXSmartGroupTreeModuleOutlineStateSelectionKey + + + 0 + + + PBXSmartGroupTreeModuleOutlineStateVisibleRectKey + {{0, 0}, {186, 337}} + + PBXTopSmartGroupGIDs + + XCIncludePerspectivesSwitch + 1 + XCSharingToken + com.apple.Xcode.GFSharingToken + + GeometryConfiguration + + Frame + {{0, 0}, {203, 355}} + GroupTreeTableConfiguration + + MainColumn + 186 + + RubberWindowFrame + 373 269 690 397 0 0 1440 878 + + Module + PBXSmartGroupTreeModule + Proportion + 100% + + + Name + Morph + PreferredWidth + 300 + ServiceClasses + + XCModuleDock + PBXSmartGroupTreeModule + + TableOfContents + + 11E0B1FE06471DED0097A5F4 + + ToolbarConfiguration + xcode.toolbar.config.default.short + + + PerspectivesBarVisible + + ShelfIsVisible + + SourceDescription + file at '/System/Library/PrivateFrameworks/DevToolsInterface.framework/Versions/A/Resources/XCPerspectivesSpecificationMode1.xcperspec' + StatusbarIsVisible + + TimeStamp + 129680647.04873 + ToolbarDisplayMode + 1 + ToolbarIsVisible + + ToolbarSizeMode + 1 + Type + Perspectives + UpdateMessage + The Default Workspace in this version of Xcode now includes support to hide and show the detail view (what has been referred to as the "Metro-Morph" feature). You must discard your current Default Workspace settings and update to the latest Default Workspace in order to gain this feature. Do you wish to update to the latest Workspace defaults for project '%@'? + WindowJustification + 5 + WindowOrderList + + /Volumes/Data/workdir/tla/Security/Security.xcode + + WindowString + 0 59 1280 943 0 0 1280 1002 + WindowTools + + + FirstTimeWindowDisplayed + + Identifier + windowTool.build + Layout + + + Dock + + + ContentConfiguration + + PBXProjectModuleGUID + 1CD0528F0623707200166675 + PBXProjectModuleLabel + + StatusBarVisibility + + + GeometryConfiguration + + Frame + {{0, 0}, {1018, 243}} + RubberWindowFrame + 21 443 1018 536 0 0 1280 1002 + + Module + PBXNavigatorGroup + Proportion + 243pt + + + BecomeActive + + ContentConfiguration + + PBXProjectModuleGUID + XCMainBuildResultsModuleGUID + PBXProjectModuleLabel + Build + XCBuildResultsTrigger_Collapse + 1021 + XCBuildResultsTrigger_Open + 1012 + + GeometryConfiguration + + Frame + {{0, 248}, {1018, 247}} + RubberWindowFrame + 21 443 1018 536 0 0 1280 1002 + + Module + PBXBuildResultsModule + Proportion + 247pt + + + Proportion + 495pt + + + Name + Build Results + ServiceClasses + + PBXBuildResultsModule + + StatusbarIsVisible + + TableOfContents + + D67B51AE07BABB9C00FEAAAA + D67B51AF07BABB9C00FEAAAA + 1CD0528F0623707200166675 + XCMainBuildResultsModuleGUID + + ToolbarConfiguration + xcode.toolbar.config.build + WindowString + 21 443 1018 536 0 0 1280 1002 + WindowToolGUID + D67B51AE07BABB9C00FEAAAA + WindowToolIsVisible + + + + Identifier + windowTool.debugger + Layout + + + Dock + + + ContentConfiguration + + Debugger + + HorizontalSplitView + + _collapsingFrameDimension + 0.0 + _indexOfCollapsedView + 0 + _percentageOfCollapsedView + 0.0 + isCollapsed + yes + sizes + + {{0, 0}, {317, 164}} + {{317, 0}, {377, 164}} + + + VerticalSplitView + + _collapsingFrameDimension + 0.0 + _indexOfCollapsedView + 0 + _percentageOfCollapsedView + 0.0 + isCollapsed + yes + sizes + + {{0, 0}, {694, 164}} + {{0, 164}, {694, 216}} + + + + LauncherConfigVersion + 8 + PBXProjectModuleGUID + 1C162984064C10D400B95A72 + PBXProjectModuleLabel + Debug - GLUTExamples (Underwater) + + GeometryConfiguration + + DebugConsoleDrawerSize + {100, 120} + DebugConsoleVisible + None + DebugConsoleWindowFrame + {{200, 200}, {500, 300}} + DebugSTDIOWindowFrame + {{200, 200}, {500, 300}} + Frame + {{0, 0}, {694, 380}} + RubberWindowFrame + 321 238 694 422 0 0 1440 878 + + Module + PBXDebugSessionModule + Proportion + 100% + + + Proportion + 100% + + + Name + Debugger + ServiceClasses + + PBXDebugSessionModule + + StatusbarIsVisible + 1 + TableOfContents + + 1CD10A99069EF8BA00B06720 + 1C0AD2AB069F1E9B00FABCE6 + 1C162984064C10D400B95A72 + 1C0AD2AC069F1E9B00FABCE6 + + ToolbarConfiguration + xcode.toolbar.config.debug + WindowString + 321 238 694 422 0 0 1440 878 + WindowToolGUID + 1CD10A99069EF8BA00B06720 + WindowToolIsVisible + 0 + + + Identifier + windowTool.find + Layout + + + Dock + + + Dock + + + ContentConfiguration + + PBXProjectModuleGUID + 1CDD528C0622207200134675 + PBXProjectModuleLabel + <No Editor> + PBXSplitModuleInNavigatorKey + + Split0 + + PBXProjectModuleGUID + 1CD0528D0623707200166675 + + SplitCount + 1 + + StatusBarVisibility + 1 + + GeometryConfiguration + + Frame + {{0, 0}, {781, 167}} + RubberWindowFrame + 62 385 781 470 0 0 1440 878 + + Module + PBXNavigatorGroup + Proportion + 781pt + + + Proportion + 50% + + + BecomeActive + 1 + ContentConfiguration + + PBXProjectModuleGUID + 1CD0528E0623707200166675 + PBXProjectModuleLabel + Project Find + + GeometryConfiguration + + Frame + {{8, 0}, {773, 254}} + RubberWindowFrame + 62 385 781 470 0 0 1440 878 + + Module + PBXProjectFindModule + Proportion + 50% + + + Proportion + 428pt + + + Name + Project Find + ServiceClasses + + PBXProjectFindModule + + StatusbarIsVisible + 1 + TableOfContents + + 1C530D57069F1CE1000CFCEE + 1C530D58069F1CE1000CFCEE + 1C530D59069F1CE1000CFCEE + 1CDD528C0622207200134675 + 1C530D5A069F1CE1000CFCEE + 1CE0B1FE06471DED0097A5F4 + 1CD0528E0623707200166675 + + WindowString + 62 385 781 470 0 0 1440 878 + WindowToolGUID + 1C530D57069F1CE1000CFCEE + WindowToolIsVisible + 0 + + + Identifier + MENUSEPARATOR + + + Identifier + windowTool.debuggerConsole + Layout + + + Dock + + + BecomeActive + 1 + ContentConfiguration + + PBXProjectModuleGUID + 1C78EAAC065D492600B07095 + PBXProjectModuleLabel + Debugger Console + + GeometryConfiguration + + Frame + {{0, 0}, {440, 358}} + RubberWindowFrame + 650 41 440 400 0 0 1280 1002 + + Module + PBXDebugCLIModule + Proportion + 358pt + + + Proportion + 358pt + + + Name + Debugger Console + ServiceClasses + + PBXDebugCLIModule + + StatusbarIsVisible + 1 + TableOfContents + + 1C78EAAD065D492600B07095 + 1C78EAAE065D492600B07095 + 1C78EAAC065D492600B07095 + + WindowString + 650 41 440 400 0 0 1280 1002 + + + Identifier + windowTool.run + Layout + + + Dock + + + ContentConfiguration + + LauncherConfigVersion + 3 + PBXProjectModuleGUID + 1CD0528B0623707200166675 + PBXProjectModuleLabel + Run + Runner + + HorizontalSplitView + + _collapsingFrameDimension + 0.0 + _indexOfCollapsedView + 0 + _percentageOfCollapsedView + 0.0 + isCollapsed + yes + sizes + + {{0, 0}, {493, 167}} + {{0, 176}, {493, 267}} + + + VerticalSplitView + + _collapsingFrameDimension + 0.0 + _indexOfCollapsedView + 0 + _percentageOfCollapsedView + 0.0 + isCollapsed + yes + sizes + + {{0, 0}, {405, 443}} + {{414, 0}, {514, 443}} + + + + + GeometryConfiguration + + Frame + {{0, 0}, {460, 159}} + RubberWindowFrame + 316 696 459 200 0 0 1280 1002 + + Module + PBXRunSessionModule + Proportion + 159pt + + + Proportion + 159pt + + + Name + Run Log + ServiceClasses + + PBXRunSessionModule + + StatusbarIsVisible + 1 + TableOfContents + + 1C0AD2B3069F1EA900FABCE6 + 1C0AD2B4069F1EA900FABCE6 + 1CD0528B0623707200166675 + 1C0AD2B5069F1EA900FABCE6 + + ToolbarConfiguration + xcode.toolbar.config.run + WindowString + 316 696 459 200 0 0 1280 1002 + WindowToolGUID + 1C0AD2B3069F1EA900FABCE6 + WindowToolIsVisible + 0 + + + Identifier + windowTool.scm + Layout + + + Dock + + + ContentConfiguration + + PBXProjectModuleGUID + 1C78EAB2065D492600B07095 + PBXProjectModuleLabel + <No Editor> + PBXSplitModuleInNavigatorKey + + Split0 + + PBXProjectModuleGUID + 1C78EAB3065D492600B07095 + + SplitCount + 1 + + StatusBarVisibility + 1 + + GeometryConfiguration + + Frame + {{0, 0}, {452, 0}} + RubberWindowFrame + 743 379 452 308 0 0 1280 1002 + + Module + PBXNavigatorGroup + Proportion + 0pt + + + BecomeActive + 1 + ContentConfiguration + + PBXProjectModuleGUID + 1CD052920623707200166675 + PBXProjectModuleLabel + SCM + + GeometryConfiguration + + ConsoleFrame + {{0, 259}, {452, 0}} + Frame + {{0, 7}, {452, 259}} + RubberWindowFrame + 743 379 452 308 0 0 1280 1002 + TableConfiguration + + Status + 30 + FileName + 199 + Path + 197.09500122070312 + + TableFrame + {{0, 0}, {452, 250}} + + Module + PBXCVSModule + Proportion + 262pt + + + Proportion + 266pt + + + Name + SCM + ServiceClasses + + PBXCVSModule + + StatusbarIsVisible + 1 + TableOfContents + + 1C78EAB4065D492600B07095 + 1C78EAB5065D492600B07095 + 1C78EAB2065D492600B07095 + 1CD052920623707200166675 + + ToolbarConfiguration + xcode.toolbar.config.scm + WindowString + 743 379 452 308 0 0 1280 1002 + + + Identifier + windowTool.breakpoints + Layout + + + Dock + + + BecomeActive + 1 + ContentConfiguration + + PBXProjectModuleGUID + 1CD052930623707200166675 + PBXProjectModuleLabel + Breakpoints + + GeometryConfiguration + + BreakpointsTreeTableConfiguration + + enabledColumn + 16 + breakpointColumn + 201.5830078125 + + Frame + {{0, 0}, {240, 195}} + RubberWindowFrame + 342 421 240 216 0 0 1440 878 + + Module + PBXDebugBreakpointsModule + Proportion + 195pt + + + Proportion + 195pt + + + Name + Breakpoints + ServiceClasses + + PBXDebugBreakpointsModule + + StatusbarIsVisible + 0 + TableOfContents + + 1C0AD2AD069F1E9B00FABCE6 + 1C0AD2AE069F1E9B00FABCE6 + 1CD052930623707200166675 + + WindowString + 342 421 240 216 0 0 1440 878 + WindowToolGUID + 1C0AD2AD069F1E9B00FABCE6 + WindowToolIsVisible + 0 + + + Identifier + windowTool.bookmarks + Layout + + + Dock + + + Module + PBXBookmarksModule + Proportion + 100% + + + Proportion + 100% + + + Name + Bookmarks + ServiceClasses + + PBXBookmarksModule + + StatusbarIsVisible + 0 + WindowString + 538 42 401 187 0 0 1280 1002 + + + Identifier + windowTool.classBrowser + Layout + + + Dock + + + BecomeActive + 1 + ContentConfiguration + + OptionsSetName + Hierarchy, all classes + PBXProjectModuleGUID + 1CA6456E063B45B4001379D8 + PBXProjectModuleLabel + Class Browser - NSObject + + GeometryConfiguration + + ClassesFrame + {{0, 0}, {374, 96}} + ClassesTreeTableConfiguration + + PBXClassNameColumnIdentifier + 208 + PBXClassBookColumnIdentifier + 22 + + Frame + {{0, 0}, {630, 331}} + MembersFrame + {{0, 105}, {374, 395}} + MembersTreeTableConfiguration + + PBXMemberTypeIconColumnIdentifier + 22 + PBXMemberNameColumnIdentifier + 216 + PBXMemberTypeColumnIdentifier + 97 + PBXMemberBookColumnIdentifier + 22 + + PBXModuleWindowStatusBarHidden2 + 1 + RubberWindowFrame + 385 179 630 352 0 0 1440 878 + + Module + PBXClassBrowserModule + Proportion + 332pt + + + Proportion + 332pt + + + Name + Class Browser + ServiceClasses + + PBXClassBrowserModule + + StatusbarIsVisible + 0 + TableOfContents + + 1C0AD2AF069F1E9B00FABCE6 + 1C0AD2B0069F1E9B00FABCE6 + 1CA6456E063B45B4001379D8 + + ToolbarConfiguration + xcode.toolbar.config.classbrowser + WindowString + 385 179 630 352 0 0 1440 878 + WindowToolGUID + 1C0AD2AF069F1E9B00FABCE6 + WindowToolIsVisible + 0 + + + + diff --git a/Security.xcode/stuartha.pbxuser b/Security.xcode/stuartha.pbxuser new file mode 100644 index 00000000..44c667d5 --- /dev/null +++ b/Security.xcode/stuartha.pbxuser @@ -0,0 +1,121 @@ +// !$*UTF8*$! +{ + 0867D690FE84028FC02AAC07 = { + activeBuildStyle = 014CEA450018CDF011CA2923; + activeExecutable = D630EE55079F0060005CFFE0; + activeTarget = 0867D69CFE84028FC02AAC07; + codeSenseManager = D630EE85079F0069005CFFE0; + executables = ( + D630EE55079F0060005CFFE0, + ); + perUserDictionary = { + PBXConfiguration.PBXFileTableDataSource3.PBXFileTableDataSource = { + PBXFileTableDataSourceColumnSortingDirectionKey = "-1"; + PBXFileTableDataSourceColumnSortingKey = PBXFileDataSource_Filename_ColumnID; + PBXFileTableDataSourceColumnWidthsKey = ( + 20, + 833, + 20, + 48, + 43, + 43, + 20, + ); + PBXFileTableDataSourceColumnsKey = ( + PBXFileDataSource_FiletypeID, + PBXFileDataSource_Filename_ColumnID, + PBXFileDataSource_Built_ColumnID, + PBXFileDataSource_ObjectSize_ColumnID, + PBXFileDataSource_Errors_ColumnID, + PBXFileDataSource_Warnings_ColumnID, + PBXFileDataSource_Target_ColumnID, + ); + }; + PBXConfiguration.PBXTargetDataSource.PBXTargetDataSource = { + PBXFileTableDataSourceColumnSortingDirectionKey = "-1"; + PBXFileTableDataSourceColumnSortingKey = PBXFileDataSource_Filename_ColumnID; + PBXFileTableDataSourceColumnWidthsKey = ( + 20, + 200, + 653, + 20, + 48, + 43, + 43, + ); + PBXFileTableDataSourceColumnsKey = ( + PBXFileDataSource_FiletypeID, + PBXFileDataSource_Filename_ColumnID, + PBXTargetDataSource_PrimaryAttribute, + PBXFileDataSource_Built_ColumnID, + PBXFileDataSource_ObjectSize_ColumnID, + PBXFileDataSource_Errors_ColumnID, + PBXFileDataSource_Warnings_ColumnID, + ); + }; + PBXPerProjectTemplateStateSaveDate = 129680647; + PBXWorkspaceStateSaveDate = 129680647; + }; + sourceControlManager = D630EE84079F0069005CFFE0; + userBuildSettings = { + }; + }; + 0867D69CFE84028FC02AAC07 = { + activeExec = 0; + }; + 4C216213053639A600CCA0BB = { + activeExec = 0; + executables = ( + D630EE55079F0060005CFFE0, + ); + }; + 4C60A0A605811A4300C8A016 = { + activeExec = 0; + }; + C4294290053B28F100470431 = { + uiCtxt = { + sepNavIntBoundsRect = "{{0, 0}, {1226, 85064}}"; + sepNavSelRange = "{0, 0}"; + sepNavVisRect = "{{0, 0}, {932, 869}}"; + sepNavWindowFrame = "{{15, -1}, {971, 998}}"; + }; + }; + D630EE55079F0060005CFFE0 = { + activeArgIndex = 2147483647; + activeArgIndices = ( + ); + argumentStrings = ( + ); + configStateDict = { + }; + cppStopOnCatchEnabled = 0; + cppStopOnThrowEnabled = 0; + customDataFormattersEnabled = 1; + debuggerPlugin = GDBDebugging; + disassemblyDisplayState = 0; + enableDebugStr = 1; + environmentEntries = ( + ); + executableSystemSymbolLevel = 0; + executableUserSymbolLevel = 0; + isa = PBXExecutable; + libgmallocEnabled = 0; + name = generate; + shlibInfoDictList = ( + ); + sourceDirectories = ( + ); + }; + D630EE84079F0069005CFFE0 = { + fallbackIsa = XCSourceControlManager; + isSCMEnabled = 0; + isa = PBXSourceControlManager; + scmConfiguration = { + }; + scmType = ""; + }; + D630EE85079F0069005CFFE0 = { + indexTemplatePath = ""; + isa = PBXCodeSenseManager; + }; +} diff --git a/SecurityServer/AZNTest.cpp b/SecurityServer/AZNTest.cpp deleted file mode 100644 index a9c263bb..00000000 --- a/SecurityServer/AZNTest.cpp +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AZNTest.cpp - * SecurityServer - * - * Created by michael on Fri Oct 20 2000. - * Copyright (c) 2000 Apple Computer Inc. All rights reserved. - * - */ - -#include - -#include - -using namespace Authorization; - -static const AuthorizationItem gItems[] = -{ - {"login", 0, NULL, NULL}, - {"reboot", 0, NULL, NULL}, - {"shutdown", 0, NULL, NULL}, - {"mount", 0, NULL, NULL}, - {"login.reboot", 0, NULL, NULL}, - {"login.shutdown", 0, NULL, NULL}, - {"unmount", 0, NULL, NULL} -}; - -static const AuthorizationRights gRights = -{ - 7, - const_cast(gItems) -}; - -void -printRights(const RightSet &rightSet) -{ - for(RightSet::const_iterator it = rightSet.begin(); it != rightSet.end(); ++it) - { - printf("right: \"%s\"\n", it->rightName()); - } -} - -int -main(int argc, char **argv) -{ - Engine engine("/tmp/config.plist"); - - const RightSet inputRights(&gRights); - MutableRightSet outputRights; - printf("InputRights:\n"); - printRights(inputRights); - printf("Authorizing:\n"); - OSStatus result = engine.authorize(inputRights, NULL, - kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights | kAuthorizationFlagPartialRights, - NULL, NULL, &outputRights); - printf("Result: %ld\n", result); - printf("OutputRights:\n"); - printRights(outputRights); - return 0; -} diff --git a/SecurityServer/Authorization/AuthSession.h b/SecurityServer/Authorization/AuthSession.h deleted file mode 100644 index dcc69961..00000000 --- a/SecurityServer/Authorization/AuthSession.h +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2000-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthSession.h - * AuthSession - APIs for managing login, authorization, and security Sessions. - */ -#if !defined(__AuthSession__) -#define __AuthSession__ 1 - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @header AuthSession - - The Session API provides specialized applications access to Session management and inquiry - functions. This is a specialized API that should not be of interest to most people. - - The Security subsystem separates all processes into Security "sessions". Each process is in - exactly one session, and session membership inherits across fork/exec. Sessions form boundaries - for security-related state such as authorizations, keychain lock status, and the like. - Typically, each successful login (whether graphical or through ssh & friends) creates - a separate session. System daemons (started at system startup) belong to the "root session" - which has no user nor graphics access. - - Sessions are identified with SecuritySessionIds. A session has a set of attributes - that are set on creation and can be retrieved with SessionGetInfo(). - - There are similar session concepts in the system, related but not necessarily - completely congruous. In particular, graphics sessions track security sessions - (but only for graphic logins). -*/ - - -/*! - @typedef SecuritySessionId - These are externally visible identifiers for authorization sessions. - Different sessions have different identifiers; beyond that, you can't - tell anything from these values. - SessionIds can be compared for equality as you'd expect, but you should be careful - to use attribute bits wherever appropriate. -*/ -typedef UInt32 SecuritySessionId; - - -/*! - @enum SecuritySessionId - Here are some special values for SecuritySessionId. You may specify those - on input to SessionAPI functions. They will never be returned from such - functions. -*/ -enum { - noSecuritySession = 0, /* definitely not a valid SecuritySessionId */ - callerSecuritySession = ((SecuritySessionId)-1) /* the Session I (the caller) am in */ -}; - - -/*! - @enum SessionAttributeBits - Each Session has a set of attribute bits. You can get those from the - SessionGetInfo API function. - */ -typedef UInt32 SessionAttributeBits; - -enum { - sessionIsRoot = 0x0001, /* is the root session (startup/system programs) */ - sessionHasGraphicAccess = 0x0010, /* graphic subsystem (CoreGraphics et al) available */ - sessionHasTTY = 0x0020, /* /dev/tty is available */ - sessionIsRemote = 0x1000, /* session was established over the network */ - - // the following bits are used internally; do not try to set them - sessionWasInitialized = 0x8000 /* session has been set up by its leader */ -}; - - -/*! - @enum SessionCreationFlags - These flags control how a new session is created by SessionCreate. - They have no permanent meaning beyond that. - */ -typedef UInt32 SessionCreationFlags; - -enum { - sessionKeepCurrentBootstrap = 0x8000 /* caller has allocated sub-bootstrap (expert use only) */ -}; - - -/*! - @enum SessionStatus - Error codes returned by AuthSession API. - Note that the AuthSession APIs can also return Authorization API error codes. -*/ -enum { - errSessionSuccess = 0, /* all is well */ - errSessionInvalidId = -60500, /* invalid session id specified */ - errSessionInvalidAttributes = -60501, /* invalid set of requested attribute bits */ - errSessionAuthorizationDenied = -60502, /* you are not allowed to do this */ - - errSessionInternal = errAuthorizationInternal, /* internal error */ - errSessionInvalidFlags = errAuthorizationInvalidFlags /* invalid flags/options */ -}; - - -/*! - @function SessionGetInfo - Obtain information about a session. You can ask about any session whose - identifier you know. Use the callerSecuritySession constant to ask about - your own session (the one your process is in). - - @param session (input) The Session you are asking about. Can be one of the - special constants defined above. - - @param sessionId (output/optional) The actual SecuritySessionId for the session you asked about. - Will never be one of those constants. - - @param attributes (output/optional) Receives the attribute bits for the session. - - @result An OSStatus indicating success (noErr) or an error cause. - - errSessionInvalidId -60500 Invalid session id specified - -*/ -OSStatus SessionGetInfo(SecuritySessionId session, - SecuritySessionId *sessionId, - SessionAttributeBits *attributes); - - -/*! - @function SessionCreate - This (very specialized) function creates a security session. - Upon completion, the new session contains the calling process (and none other). - You cannot create a session for someone else, and cannot avoid being placed - into the new session. This is (currently) the only call that changes a process's - session membership. - By default, a new bootstrap subset port is created for the calling process. The process - acquires this new port as its bootstrap port, which all its children will inherit. - If you happen to have created the subset port on your own, you can pass the - sessionKeepCurrentBootstrap flag, and SessionCreate will use it. Note however that - you cannot supersede a prior SessionCreate call that way; only a single SessionCreate - call is allowed for each Session (however made). - This call will discard any security information established for the calling process. - In particular, any authorization handles acquired will become invalid, and so will any - keychain related information. We recommend that you call SessionCreate before - making any other security-related calls that establish rights of any kind, to the - extent this is practical. Also, we strongly recommend that you do not perform - security-related calls in any other threads while calling SessionCreate. - - @param flags Flags controlling how the session is created. - - @param attributes The set of attribute bits to set for the new session. - Not all bits can be set this way. - - @result An OSStatus indicating success (noErr) or an error cause. - - errSessionInvalidAttributes -60501 Attempt to set invalid attribute bits - errSessionAuthorizationDenied -60502 Attempt to re-initialize a session - errSessionInvalidFlags -60011 Attempt to specify unsupported flag bits - -*/ -OSStatus SessionCreate(SessionCreationFlags flags, - SessionAttributeBits attributes); - - -#if defined(__cplusplus) -} -#endif - -#endif /* ! __AuthSession__ */ diff --git a/SecurityServer/Authorization/Authorization.cpp b/SecurityServer/Authorization/Authorization.cpp deleted file mode 100644 index b8cf83c4..00000000 --- a/SecurityServer/Authorization/Authorization.cpp +++ /dev/null @@ -1,371 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Authorization.cpp -// -// This file is the unified implementation of the Authorization and AuthSession APIs. -// -#include -#include -#include -#include -#include "AuthorizationWalkers.h" -#include -#include -#include -#include -#include - -using namespace SecurityServer; -using namespace MachPlusPlus; - - -// -// Shared cached client object -// -class AuthClient : public SecurityServer::ClientSession { -public: - AuthClient() - : SecurityServer::ClientSession(CssmAllocator::standard(), CssmAllocator::standard()) - { } -}; - -static ModuleNexus server; - - -// -// Create an Authorization -// -OSStatus AuthorizationCreate(const AuthorizationRights *rights, - const AuthorizationEnvironment *environment, - AuthorizationFlags flags, - AuthorizationRef *authorization) -{ - Debug::trace(kSecTraceAuthorizationCreateStart); - BEGIN_API - AuthorizationBlob result; - server().authCreate(rights, environment, flags, result); - if (authorization) - { - *authorization = - (AuthorizationRef) new(server().returnAllocator) AuthorizationBlob(result); - } - else - { - // If no authorizationRef is desired free the one we just created. - server().authRelease(result, flags); - } - Debug::trace(kSecTraceAuthorizationCreateEnd); - END_API(CSSM) -} - - -// -// Free an authorization reference -// -OSStatus AuthorizationFree(AuthorizationRef authorization, AuthorizationFlags flags) -{ - BEGIN_API - AuthorizationBlob *auth = (AuthorizationBlob *)authorization; - server().authRelease(Required(auth, errAuthorizationInvalidRef), flags); - server().returnAllocator.free(auth); - END_API(CSSM) -} - - -// -// Augment and/or interrogate an authorization -// -OSStatus AuthorizationCopyRights(AuthorizationRef authorization, - const AuthorizationRights *rights, - const AuthorizationEnvironment *environment, - AuthorizationFlags flags, - AuthorizationRights **authorizedRights) -{ - Debug::trace(kSecTraceAuthorizationCopyRightsStart); - BEGIN_API - AuthorizationBlob *auth = (AuthorizationBlob *)authorization; - server().authCopyRights(Required(auth, errAuthorizationInvalidRef), - rights, environment, flags, authorizedRights); - Debug::trace(kSecTraceAuthorizationCopyRightsEnd); - END_API(CSSM) -} - - -// -// Retrieve side-band information from an authorization -// -OSStatus AuthorizationCopyInfo(AuthorizationRef authorization, - AuthorizationString tag, - AuthorizationItemSet **info) -{ - Debug::trace(kSecTraceAuthorizationCopyInfoStart); - BEGIN_API - AuthorizationBlob *auth = (AuthorizationBlob *)authorization; - server().authCopyInfo(Required(auth, errAuthorizationInvalidRef), - tag, Required(info)); - Debug::trace(kSecTraceAuthorizationCopyInfoEnd); - END_API(CSSM) -} - - -// -// Externalize and internalize authorizations -// -OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization, - AuthorizationExternalForm *extForm) -{ - BEGIN_API - AuthorizationBlob *auth = (AuthorizationBlob *)authorization; - server().authExternalize(Required(auth, errAuthorizationInvalidRef), *extForm); - END_API(CSSM) -} - -OSStatus AuthorizationCreateFromExternalForm(const AuthorizationExternalForm *extForm, - AuthorizationRef *authorization) -{ - BEGIN_API - AuthorizationBlob result; - server().authInternalize(*extForm, result); - Required(authorization, errAuthorizationInvalidRef) = - (AuthorizationRef) new(server().returnAllocator) AuthorizationBlob(result); - - END_API(CSSM) -} - - -// -// Free an ItemSet structure returned from an API call. This is a local operation. -// Since we allocate returned ItemSets as compact blobs, this is just a simple -// free() call. -// -OSStatus AuthorizationFreeItemSet(AuthorizationItemSet *set) -{ - BEGIN_API - server().returnAllocator.free(set); - return errAuthorizationSuccess; - END_API(CSSM) -} - - -// -// Get session information -// -OSStatus SessionGetInfo(SecuritySessionId session, - SecuritySessionId *sessionId, - SessionAttributeBits *attributes) -{ - BEGIN_API - SecuritySessionId sid = session; - server().getSessionInfo(sid, *attributes); - if (sessionId) - *sessionId = sid; - END_API(CSSM) -} - - -// -// Create a new session -// -OSStatus SessionCreate(SessionCreationFlags flags, - SessionAttributeBits attributes) -{ - BEGIN_API - - // unless the (expert) caller has already done so, create a sub-bootstrap and set it - // note that this is inherently thread-unfriendly; we can't do anything about that - // (caller's responsibility) - Bootstrap bootstrap; - if (!(flags & sessionKeepCurrentBootstrap)) { - TaskPort self; - bootstrap = bootstrap.subset(TaskPort()); - self.bootstrap(bootstrap); - } - - // now call the SecurityServer and tell it to initialize the (new) session - server().setupSession(flags, attributes); - - // retrieve the (new) session id and set it into the process environment - SecuritySessionId id = callerSecuritySession; - SessionAttributeBits attrs; - server().getSessionInfo(id, attrs); - char idString[80]; - snprintf(idString, sizeof(idString), "%lx", id); - setenv("SECURITYSESSIONID", idString, 1); - - END_API(CSSM) -} - - -// -// Modify Authorization rules -// - -// -// AuthorizationRightGet -// -OSStatus AuthorizationRightGet(const char *rightName, CFDictionaryRef *rightDefinition) -{ - BEGIN_API; - Required(rightName); - CssmDataContainer definition(server().returnAllocator); - - server().authorizationdbGet(rightName, definition, server().returnAllocator); - // convert rightDefinition to dictionary - - if (rightDefinition) - { - CFRef data(CFDataCreate(NULL, static_cast(definition.data()), definition.length())); - if (!data) - CssmError::throwMe(errAuthorizationInternal); - - CFRef rightDict(static_cast(CFPropertyListCreateFromXMLData(NULL, data, kCFPropertyListImmutable, NULL))); - if (!rightDict - || CFGetTypeID(rightDict) != CFDictionaryGetTypeID()) - CssmError::throwMe(errAuthorizationInternal); - - CFRetain(rightDict); - *rightDefinition = rightDict; - } - - END_API(CSSM); -} - -// -// AuthorizationRightSet -// -OSStatus AuthorizationRightSet(AuthorizationRef authRef, - const char *rightName, CFTypeRef rightDefinition, - CFStringRef descriptionKey, CFBundleRef bundle, CFStringRef tableName) -{ - BEGIN_API; - Required(rightName); - AuthorizationBlob *auth = (AuthorizationBlob *)authRef; - - CFRef rightDefinitionDict; - if (rightDefinition && (CFGetTypeID(rightDefinition) == CFStringGetTypeID())) - { - rightDefinitionDict = CFDictionaryCreateMutable(NULL, 10, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - if (!rightDefinitionDict) - CssmError::throwMe(errAuthorizationInternal); - CFDictionarySetValue(rightDefinitionDict, CFSTR(kAuthorizationRightRule), rightDefinition); - } - else - if (rightDefinition && (CFGetTypeID(rightDefinition) == CFDictionaryGetTypeID())) - { - rightDefinitionDict = CFDictionaryCreateMutableCopy(NULL, 0, static_cast(rightDefinition)); - if (!rightDefinitionDict) - CssmError::throwMe(errAuthorizationInternal); - } - else - CssmError::throwMe(errAuthorizationDenied); - - if (rightDefinitionDict) - CFRelease(rightDefinitionDict); // we just assigned things that were already retained - - if (descriptionKey) - { - CFRef localizedDescriptions(CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); - - if (!localizedDescriptions) - CssmError::throwMe(errAuthorizationInternal); - - // assigning to perform a retain on either - CFRef clientBundle = bundle ? bundle : CFBundleGetMainBundle(); - - // looks like a list of CFStrings: English us_en etc. - CFRef localizations(CFBundleCopyBundleLocalizations(clientBundle)); - - if (localizations) - { - // for every CFString in localizations do - CFIndex locIndex, allLocs = CFArrayGetCount(localizations); - for (locIndex = 0; locIndex < allLocs; locIndex++) - { - CFStringRef oneLocalization = static_cast(CFArrayGetValueAtIndex(localizations, locIndex)); - - if (!oneLocalization) - continue; - - // @@@ no way to get "Localized" and "strings" as constants? - CFRef locURL(CFBundleCopyResourceURLForLocalization(clientBundle, tableName ? tableName : CFSTR("Localizable"), CFSTR("strings"), NULL /*subDirName*/, oneLocalization)); - - if (!locURL) - continue; - - CFDataRef tableData; - SInt32 errCode; - CFStringRef errStr; - CFPropertyListRef stringTable; - - CFURLCreateDataAndPropertiesFromResource(CFGetAllocator(clientBundle), locURL, &tableData, NULL, NULL, &errCode); - - if (errCode) - { - CFRelease(tableData); - continue; - } - - stringTable = CFPropertyListCreateFromXMLData(CFGetAllocator(clientBundle), tableData, kCFPropertyListImmutable, &errStr); - if (errStr != NULL) { - CFRelease(errStr); - errStr = NULL; - } - CFRelease(tableData); - - CFStringRef value = static_cast(CFDictionaryGetValue(static_cast(stringTable), descriptionKey)); - if (value == NULL || CFEqual(value, CFSTR(""))) { - CFRelease(stringTable); - continue; - } else { - // oneLocalization/value into our dictionary - CFDictionarySetValue(localizedDescriptions, oneLocalization, value); - CFRelease(stringTable); - } - } - } - - // add the description as the default localization into the dictionary - CFDictionarySetValue(localizedDescriptions, CFSTR(""), descriptionKey); - - // stuff localization table into rule definition - CFDictionarySetValue(rightDefinitionDict, CFSTR(kAuthorizationRuleParameterDefaultPrompt), localizedDescriptions); - - } - - // serialize cfdictionary with data into rightDefinitionXML - CFDataRef rightDefinitionXML = CFPropertyListCreateXMLData(NULL, rightDefinitionDict); - - server().authorizationdbSet(Required(auth), rightName, CFDataGetLength(rightDefinitionXML), CFDataGetBytePtr(rightDefinitionXML)); - - END_API(CSSM); -} - -// -// AuthorizationRightRemove -// -OSStatus AuthorizationRightRemove(AuthorizationRef authRef, const char *rightName) -{ - BEGIN_API; - Required(rightName); - AuthorizationBlob *auth = (AuthorizationBlob *)authRef; - server().authorizationdbRemove(Required(auth), rightName); - END_API(CSSM); -} - diff --git a/SecurityServer/Authorization/Authorization.h b/SecurityServer/Authorization/Authorization.h deleted file mode 100644 index b49c2d52..00000000 --- a/SecurityServer/Authorization/Authorization.h +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * Authorization.h -- APIs for implementing access control in applications - * and daemons. - */ - -#ifndef _SECURITY_AUTHORIZATION_H_ -#define _SECURITY_AUTHORIZATION_H_ - -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @header Authorization - Version 1.0 10/16/2000 - - The Authorization API contains all the APIs that a application or tool that need pre-authorization or need an authorization desision made. - - A typical use cases are a preference panel that would start off calling AuthorizationCreate() (without UI) to get an authorization object. Then call AuthorizationCopyRights() to figure out what is currently allowed. - - If any of the operations that the preference panel wishes to perform are currently not allowed the lock icon in the window would show up in the locked state. Otherwise it would show up unlocked. - - When the user locks the lock AuthorizationFree() is called with the kAuthorizationFlagDestroyRights to destroy any authorization rights that have been aquired. - - When the user unlocks the lock AuthorizationCreate() is called with the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagExtendRights flags to obtain all required rights. The old authorization object can be freed by calling AuthorizationFree() with no flags. - -*/ - - - -/*! - @defined kAuthorizationEmptyEnvironment - Parameter to specify to AuthorizationCreate when no environment is being provided. -*/ -#define kAuthorizationEmptyEnvironment NULL - - -/*! - @enum AuthorizationStatus - Error codes returned by Authorization API. -*/ - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -enum { - errAuthorizationSuccess = 0, /* The operation completed successfully. */ - errAuthorizationInvalidSet = -60001, /* The set parameter is invalid. */ - errAuthorizationInvalidRef = -60002, /* The authorization parameter is invalid. */ - errAuthorizationInvalidTag = -60003, /* The tag parameter is invalid. */ - errAuthorizationInvalidPointer = -60004, /* The authorizedRights parameter is invalid. */ - errAuthorizationDenied = -60005, /* The authorization was denied. */ - errAuthorizationCanceled = -60006, /* The authorization was cancelled by the user. */ - errAuthorizationInteractionNotAllowed = -60007, /* The authorization was denied since no user interaction was possible. */ - errAuthorizationInternal = -60008, /* something else went wrong */ - errAuthorizationExternalizeNotAllowed = -60009, /* authorization externalization denied */ - errAuthorizationInternalizeNotAllowed = -60010, /* authorization internalization denied */ - errAuthorizationInvalidFlags = -60011, /* invalid option flag(s) */ - errAuthorizationToolExecuteFailure = -60031, /* cannot execute privileged tool */ - errAuthorizationToolEnvironmentError = -60032, /* privileged tool environment error */ - errAuthorizationBadAddress = -60033, /* invalid socket address requested */ -}; - - -/*! - @enum AuthorizationFlags - Optional flags passed in to serveral Authorization APIs. See the description of AuthorizationCreate, AuthorizationCopyRights and AuthorizationFree for a description of how they affect those calls. -*/ -enum { - kAuthorizationFlagDefaults = 0, - kAuthorizationFlagInteractionAllowed = (1 << 0), - kAuthorizationFlagExtendRights = (1 << 1), - kAuthorizationFlagPartialRights = (1 << 2), - kAuthorizationFlagDestroyRights = (1 << 3), - kAuthorizationFlagPreAuthorize = (1 << 4), - - // private bits (do not use) - kAuthorizationFlagNoData = (1 << 20) -}; - - -/*! - @typedef AuthorizationFlags - Optional flags passed in to AuthorizationCreate. -*/ -typedef UInt32 AuthorizationFlags; - - -/*! - @enum AuthorizationRightFlags - Flags returned in the flags field of ItemSet Items when calling AuthorizationCopyRights(). -*/ -enum { - kAuthorizationFlagCanNotPreAuthorize = (1 << 0) -}; - - -/*! - @typedef AuthorizationRef - Opaque reference to an authorization object. -*/ -typedef const struct AuthorizationOpaqueRef *AuthorizationRef; - - -/*! - @typedef AuthorizationString - A zero terminated string in UTF-8 encoding. -*/ -typedef const char *AuthorizationString; - - -/*! - @struct AuthorizationItem - Each AuthorizationItem describes a single string-named item with optional - parameter value. The value must be contiguous memory of valueLength bytes; - internal structure is defined separately for each name. - - @field name name of the item, as an AuthorizationString. Mandatory. - @field valueLength Number of bytes in parameter value. Must be 0 if no parameter value. - @field value Pointer to the optional parameter value associated with name. - Must be NULL if no parameter value. - @field flags Reserved field. Must be set to 0 on creation. Do not modify after that. -*/ -typedef struct { - AuthorizationString name; - UInt32 valueLength; - void *value; - UInt32 flags; -} AuthorizationItem; - - -/*! - @struct AuthorizationItemSet - An AuthorizationItemSet structure represents a set of zero or more AuthorizationItems. Since it is a set it should not contain any identical AuthorizationItems. - - @field count Number of items identified by items. - @field items Pointer to an array of items. -*/ -typedef struct { - UInt32 count; - AuthorizationItem *items; -} AuthorizationItemSet; - - - -/*! - @struct AuthorizationExternalForm - An AuthorizationExternalForm structure can hold the externalized form of - an AuthorizationRef. As such, it can be transmitted across IPC channels - to other processes, which can re-internalize it to recover a valid AuthorizationRef - handle. - The data contained in an AuthorizationExternalForm should be considered opaque. - - SECURITY NOTE: Applications should take care to not disclose the AuthorizationExternalForm to - potential attackers since it would authorize rights to them. -*/ -enum { - kAuthorizationExternalFormLength = 32 -}; - -typedef struct { - char bytes[kAuthorizationExternalFormLength]; -} AuthorizationExternalForm; - - - -/*! - @typedef AuthorizationRights - An AuthorizationItemSet representing a set of rights each with an associated argument (value). - Each argument value is as defined for the specific right they belong to. Argument values may not contain pointers as the should be copyable to different address spaces. -*/ -typedef AuthorizationItemSet AuthorizationRights; - - -/*! - @typedef AuthorizationEnvironment - An AuthorizationItemSet representing environmental information of potential use - to authorization decisions. -*/ -typedef AuthorizationItemSet AuthorizationEnvironment; - - -/*! - @function AuthorizationCreate - Create a new autorization object which can be used in other authorization calls. When the authorization is no longer needed AuthorizationFree should be called. - - When the kAuthorizationFlagInteractionAllowed flag is set, user interaction will happen when required. Failing to set this flag will result in this call failing with a errAuthorizationInteractionNotAllowed status when interaction is required. - - Setting the kAuthorizationFlagExtendRights flag will extend the currently available rights. If this flag is set the returned AuthorizationRef will grant all the rights requested when errAuthorizationSuccess is returned. If this flag is not set the operation will almost certainly succeed, but no attempt will be made to make the requested rights availible. - Call AuthorizationCopyRights to figure out which of the requested rights are granted by the returned AuthorizationRef. - - Setting the kAuthorizationFlagPartialRights flag will cause this call to succeed if only some of the requested rights are being granted by the returned AuthorizationRef. Unless this flag is set this API will fail if not all the requested rights could be obtained. - - Setting the kAuthorizationFlagDestroyRights flag will prevent any rights obtained during this call from being preserved after returning from this API (This is most useful when the authorization parameter is NULL and the caller doesn't want to affect the session state in any way). - - Setting the kAuthorizationFlagPreAuthorize flag will pre authorize the requested rights so that at a later time -- by calling AuthorizationMakeExternalForm() follow by AuthorizationCreateFromExternalForm() -- the obtained rights can be used in a different process. Rights that can't be preauthorized will be treated as if they were authorized for the sake of returning an error (in other words if all rights are either authorized or could not be preauthorized this call will still succeed). - The rights which could not be preauthorized are not currently authorized and may fail to authorize when a later call to AuthorizationCopyRights() is made, unless the kAuthorizationFlagExtendRights and kAuthorizationFlagInteractionAllowed flags are set. Even then they might still fail if the user does not supply the correct credentials. - The reason for passing in this flag is to provide correct audit trail information and to avoid unnecessary user interaction. - - @param rights (input/optional) An AuthorizationItemSet containing rights for which authorization is being requested. If none are specified the resulting AuthorizationRef will authorize nothing at all. - @param environment (input/optional) An AuthorizationItemSet containing enviroment state used when making the autorization decision. See the AuthorizationEnvironment type for details. - @param flags (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion. - @param authorization (output optional) A pointer to an AuthorizationRef to be returned. When the returned AuthorizationRef is no longer needed AuthorizationFree should be called to prevent anyone from using the aquired rights. If NULL is specified no new rights are returned, but the system will attempt to authorize all the requested rights and return the appropriate status. - - @result errAuthorizationSuccess 0 authorization or all requested rights succeeded. - - errAuthorizationDenied -60005 The authorization for one or more of the requested rights was denied. - - errAuthorizationCanceled -60006 The authorization was cancelled by the user. - - errAuthorizationInteractionNotAllowed -60007 The authorization was denied since no interaction with the user was allowed. -*/ -OSStatus AuthorizationCreate(const AuthorizationRights *rights, - const AuthorizationEnvironment *environment, - AuthorizationFlags flags, - AuthorizationRef *authorization); - - -/*! - @function AuthorizationFree - Destroy an AutorizationRef object. If the kAuthorizationFlagDestroyRights flag is passed, - any rights associated with the authorization are lost. Otherwise, only local resources - are released, and the rights may still be available to other clients. - - Setting the kAuthorizationFlagDestroyRights flag will prevent any rights that were obtained by the specified authorization object to be preserved after returning from this API. This effectivaly locks down all potentially shared authorizations. - - @param authorization (input) The authorization object on which this operation is performed. - - @param flags (input) Bit mask of option flags to this call. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationInvalidRef -60002 The authorization parameter is invalid. -*/ -OSStatus AuthorizationFree(AuthorizationRef authorization, AuthorizationFlags flags); - - -/*! - @function AuthorizationCopyRights - Given a set of rights, return the subset that is currently authorized - by the AuthorizationRef given. - - When the kAuthorizationFlagInteractionAllowed flag is set, user interaction will happen when required. Failing to set this flag will result in this call failing with a errAuthorizationInteractionNotAllowed status when interaction is required. - - Setting the kAuthorizationFlagExtendRights flag will extend the currently available rights. - - Setting the kAuthorizationFlagPartialRights flag will cause this call to succeed if only some of the requested rights are being granted by the returned AuthorizationRef. Unless this flag is set this API will fail if not all the requested rights could be obtained. - - Setting the kAuthorizationFlagDestroyRights flag will prevent any additional rights obtained during this call from being preserved after returning from this API. - - Setting the kAuthorizationFlagPreAuthorize flag will pre authorize the requested rights so that at a later time -- by calling AuthorizationMakeExternalForm() follow by AuthorizationCreateFromExternalForm() -- the obtained rights can be used in a different process. Rights that can't be preauthorized will be treated as if they were authorized for the sake of returning an error (in other words if all rights are either authorized or could not be preauthorized this call will still succeed), and they will be returned in authorizedRights with their kAuthorizationFlagCanNotPreAuthorize bit in the flags field set to 1. - The rights which could not be preauthorized are not currently authorized and may fail to authorize when a later call to AuthorizationCopyRights() is made, unless the kAuthorizationFlagExtendRights and kAuthorizationFlagInteractionAllowed flags are set. Even then they might still fail if the user does not supply the correct credentials. - The reason for passing in this flag is to provide correct audit trail information and to avoid unnecessary user interaction. - - Setting the kAuthorizationFlagPreAuthorize flag will pre authorize the requested rights so that at a later time -- by calling AuthorizationMakeExternalForm() follow by AuthorizationCreateFromExternalForm() -- the obtained rights can be used in a different process. When this flags is specified rights that can't be preauthorized will be returned as if they were authorized with their kAuthorizationFlagCanNotPreAuthorize bit in the flags field set to 1. These rights are not currently authorized and may fail to authorize later unless kAuthorizationFlagExtendRights and kAuthorizationFlagInteractionAllowed flags are set when the actual authorization is done. And even then they might still fail if the user does not supply the correct credentials. - - @param authorization (input) The authorization object on which this operation is performed. - @param rights (input) A rights set (see AuthorizationCreate). - @param environment (input/optional) An AuthorizationItemSet containing enviroment state used when making the autorization decision. See the AuthorizationEnvironment type for details. - @param flags (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion. - @param authorizedRights (output/optional) A pointer to a newly allocated AuthorizationInfoSet in which the authorized subset of rights are returned (authorizedRights should be deallocated by calling AuthorizationFreeItemSet() when it is no longer needed). If NULL the only information returned is the status. Note that if the kAuthorizationFlagPreAuthorize flag was specified rights that could not be preauthorized are returned in authorizedRights, but their flags contains the kAuthorizationFlagCanNotPreAuthorize bit. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationInvalidRef -60002 The authorization parameter is invalid. - - errAuthorizationInvalidSet -60001 The rights parameter is invalid. - - errAuthorizationInvalidPointer -60004 The authorizedRights parameter is invalid. -*/ -OSStatus AuthorizationCopyRights(AuthorizationRef authorization, - const AuthorizationRights *rights, - const AuthorizationEnvironment *environment, - AuthorizationFlags flags, - AuthorizationRights **authorizedRights); - - -/*! - @function AuthorizationCopyInfo - Returns sideband information (e.g. access credentials) obtained from a call to AuthorizationCreate. The format of this data depends of the tag specified. - - @param authorization (input) The authorization object on which this operation is performed. - @param tag (input/optional) An optional string tag specifing which sideband information should be returned. When NULL is specified all available information is returned. - @param flags (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion. - @param info (output) A pointer to a newly allocated AuthorizationInfoSet in which the requested sideband infomation is returned (info should be deallocated by calling AuthorizationFreeItemSet() when it is no longer needed). - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationInvalidRef -60002 The authorization parameter is invalid. - - errAuthorizationInvalidTag -60003 The tag parameter is invalid. - - errAuthorizationInvalidPointer -60004 The info parameter is invalid. -*/ -OSStatus AuthorizationCopyInfo(AuthorizationRef authorization, - AuthorizationString tag, - AuthorizationItemSet **info); - - -/*! - @function AuthorizationMakeExternalForm - Turn an Authorization into an external "byte blob" form so it can be - transmitted to another process. - Note that *storing* the external form somewhere will probably not do what - you want, since authorizations are bounded by sessions, processes, and possibly - time limits. This is for online transmission of authorizations. - - @param authorization The (valid) authorization reference to externalize - @param extForm Pointer to an AuthorizationExternalForm variable to fill. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationExternalizeNotAllowed -60009 Externalizing this authorization is not allowed. - - errAuthorizationInvalidRef -60002 The authorization parameter is invalid. - - -*/ -OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization, - AuthorizationExternalForm *extForm); - - -/*! - @function AuthorizationCreateFromExternalForm - Turn an Authorization into an external "byte blob" form so it can be - transmitted to another process. - Note that *storing* the external form somewhere will probably not do what - you want, since authorizations are bounded by sessions, processes, and possibly - time limits. This is for online transmission of authorizations. - - @param extForm Pointer to an AuthorizationExternalForm value. - @param authorization Will be filled with a valid AuthorizationRef on success. - - @result errAuthorizationInternalizeNotAllowed -60010 Internalizing this authorization is not allowed. -*/ -OSStatus AuthorizationCreateFromExternalForm(const AuthorizationExternalForm *extForm, - AuthorizationRef *authorization); - - -/*! - @function AuthorizationFreeItemSet - Release the memory allocated for an AuthorizationItemSet that was allocated - by an API call. - - @param set The AuthorizationItemSet to deallocate. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationInvalidSet -60001 The set parameter is invalid. -*/ -OSStatus AuthorizationFreeItemSet(AuthorizationItemSet *set); - - -/*! - @function AuthorizationExecuteWithPrivileges - Run an executable tool with enhanced privileges after passing - suitable authorization procedures. - - @param authorization An authorization reference that is used to authorize - access to the enhanced privileges. It is also passed to the tool for - further access control. - @param pathToTool Full pathname to the tool that should be executed - with enhanced privileges. - @param options Option bits (reserved). Must be zero. - @param arguments An argv-style vector of strings to be passed to the tool. - @param communicationsPipe Assigned a UNIX stdio FILE pointer for - a bidirectional pipe to communicate with the tool. The tool will have - this pipe as its standard I/O channels (stdin/stdout). If NULL, do not - establish a communications pipe. - */ -OSStatus AuthorizationExecuteWithPrivileges(AuthorizationRef authorization, - const char *pathToTool, - AuthorizationFlags options, - char * const *arguments, - FILE **communicationsPipe); - - -/*! - @function AuthorizationCopyPrivilegedReference - From within a tool launched via the AuthorizationExecuteWithPrivileges function - ONLY, retrieve the AuthorizationRef originally passed to that function. - While AuthorizationExecuteWithPrivileges already verified the authorization to - launch your tool, the tool may want to avail itself of any additional pre-authorizations - the caller may have obtained through that reference. - */ -OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization, - AuthorizationFlags flags); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_AUTHORIZATION_H_ */ diff --git a/SecurityServer/Authorization/AuthorizationDB.h b/SecurityServer/Authorization/AuthorizationDB.h deleted file mode 100644 index 27cb9737..00000000 --- a/SecurityServer/Authorization/AuthorizationDB.h +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * AuthorizationDB.h -- APIs for managing the authorization policy database - * and daemons. - */ - -#ifndef _SECURITY_AUTHORIZATIONDB_H_ -#define _SECURITY_AUTHORIZATIONDB_H_ - -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @header AuthorizationDB - Version 1.0 - - This API allows for any programs to get, modify, delete and add new right definitions to the policy database. Meta-rights specify whether and what authorization is required to make these modifications. - - AuthorizationRightSet(NULL, "com.ifoo.ifax.send", CFSTR(kRuleIsAdmin), CFSTR("You must authenticate to send a fax."), NULL, NULL) - - add a rule for letting admins send faxes using a canned rule, delegating to a pre-specified rule that authorizes everyone who is an admin. - - AuthorizationRightSet(NULL, "com.ifoo.ifax.send", [[CFSTR(kRightRule), CFSTR(kRuleIsAdmin)], [CFSTR(kRightComment), CFSTR("authorizes sending of 1 fax message")]], CFSTR("Authorize sending of a fax"), NULL, NULL) - - add identical rule, but specify additional attributes this time. - - Keep in mind while specifying a comment to be specific about what you need to authorize for (1 fax), in terms of a general message for user. The means of proof required for kRuleIsAdmin (enter username/password for example) should not be included here, since it could be configured differently. - -*/ - -/*! @define kRightRule - rule delegation key. Instead of specifying exact behavior some canned rules - are shipped that may be switched by configurable security. -*/ -#define kAuthorizationRightRule "rule" - -/*! @defined kRuleIsAdmin - canned rule values for use with rule delegation definitions: require user to be an admin. -*/ -#define kAuthorizationRuleIsAdmin "is-admin" - -/*! @defined kRuleAuthenticateAsSessionUser - canned rule value for use with rule delegation definitions: require user to authenticate as the session owner (logged-in user). -*/ -#define kAuthorizationRuleAuthenticateAsSessionUser "authenticate-session-user" - -/*! @defined kRuleAuthenticateAsAdmin - Canned rule value for use with rule delegation definitions: require user to authenticate as admin. -*/ -#define kAuthorizationRuleAuthenticateAsAdmin "authenticate-admin" - -/*! @defined kAuthorizationRuleClassAllow - Class that allows anything. -*/ -#define kAuthorizationRuleClassAllow "allow" - -/*! @defined kAuthorizationRuleClassDeny - Class that denies anything. -*/ -#define kAuthorizationRuleClassDeny "deny" - -/*! @defined kAuthorizationComment - comments for the administrator on what is being customized here; - as opposed to (localized) descriptions presented to the user. -*/ -#define kAuthorizationComment "comment" - - - -/*! - @function AuthorizationRightGet - - Retrieves a right definition as a dictionary. There are no restrictions to keep anyone from retrieving these definitions. - - @param rightName (input) the rightname (ASCII). Wildcard rightname definitions are okay. - @param rightDefinition (output/optional) the dictionary with all keys defining the right. See documented keys. Passing in NULL will just check if there is a definition. The caller is responsible for releasing the returned dictionary. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationDenied -60005 No definition found. - -*/ -OSStatus AuthorizationRightGet(const char *rightName, - CFDictionaryRef *rightDefinition); - -/*! - @function AuthorizationRightSet - - Create or update a right entry. Only normal rights can be registered (wildcard rights are denied); wildcard rights are considered to be put in by an administrator putting together a site configuration. - - @param authRef (input) authRef to authorize modifications. - @param rightName (input) the rightname (ASCII). Wildcard rightnames are not okay. - @param rightDefinition (input) a CFString of the name of a rule to use (delegate) or CFDictionary containing keys defining one. - @param descriptionKey (input/optional) a CFString to use as a key for looking up localized descriptions. If no localization is found this will be the description itself. - @param bundle (input/optional) a bundle to get localizations from if not the main bundle. - @param localeTableName (input/optional) stringtable name to get localizations from. - - @result errAuthorizationSuccess 0 added right definition successfully. - - errAuthorizationDenied -60005 Unable to create or update right definition. - - errAuthorizationCanceled -60006 Authorization was canceled by user. - - errAuthorizationInteractionNotAllowed -60007 Interaction was required but not possible. - -*/ -OSStatus AuthorizationRightSet(AuthorizationRef authRef, - const char *rightName, - CFTypeRef rightDefinition, - CFStringRef descriptionKey, - CFBundleRef bundle, - CFStringRef localeTableName); - - - -/*! - @function AuthorizationRightRemove - - Request to remove a right from the policy database. - - @param authRef (input) authRef, to be used to authorize this action. - @param rightName (input) the rightname (ASCII). Wildcard rightnames are not okay. - -*/ -OSStatus AuthorizationRightRemove(AuthorizationRef authRef, - const char *rightName); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_AUTHORIZATIONDB_H_ */ - diff --git a/SecurityServer/Authorization/AuthorizationDBPlist.cpp b/SecurityServer/Authorization/AuthorizationDBPlist.cpp deleted file mode 100644 index b55eec3c..00000000 --- a/SecurityServer/Authorization/AuthorizationDBPlist.cpp +++ /dev/null @@ -1,378 +0,0 @@ -/* - * AuthorizationDBPlist.cpp - * Security - * - * Created by Conrad Sauerwald on Tue Mar 18 2003. - * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. - * - */ - -#include "AuthorizationDBPlist.h" - -namespace Authorization -{ - -//using Authorization::AuthorizationDBPlist; - -AuthorizationDBPlist::AuthorizationDBPlist(const char *configFile) : mFileName(configFile), mLastChecked(DBL_MIN) -{ - memset(&mRulesFileMtimespec, 0, sizeof(mRulesFileMtimespec)); -} - -//AuthorizationDBPlist::~AuthorizationDBPlist() -//{ -//} - -void AuthorizationDBPlist::sync(CFAbsoluteTime now) -{ - if (mRules.empty()) - load(now); - else - { - // Don't do anything if we checked the timestamp less than 5 seconds ago - if (mLastChecked > now - 5.0) - return; - - struct stat st; - if (stat(mFileName.c_str(), &st)) - { - Syslog::error("Stating rules file \"%s\": %s", mFileName.c_str(), strerror(errno)); - /* @@@ No rules file found, use defaults: admin group for everything. */ - //UnixError::throwMe(errno); - } - else - { - // @@@ Make sure this is the right way to compare 2 struct timespec thingies - // Technically we should check st_dev and st_ino as well since if either of those change - // we are looking at a different file too. - if (memcmp(&st.st_mtimespec, &mRulesFileMtimespec, sizeof(mRulesFileMtimespec))) - load(now); - } - } - - mLastChecked = now; -} - -void AuthorizationDBPlist::save() const -{ - if (!mConfig) - return; - - StLock _(mReadWriteLock); - - int fd = -1; - string tempFile = mFileName + ","; - - for (;;) - { - fd = open(tempFile.c_str(), O_WRONLY|O_CREAT|O_EXCL, 0644); - if (fd == -1) - { - if (errno == EEXIST) - { - unlink(tempFile.c_str()); - continue; - } - if (errno == EINTR) - continue; - else - break; - } - else - break; - } - - if (fd == -1) - { - Syslog::error("Saving rules file \"%s\": %s", tempFile.c_str(), strerror(errno)); - return; - } - - // convert config to plist - CFDataRef configXML = CFPropertyListCreateXMLData(NULL, mConfig); - - if (!configXML) - return; - - // write out data - SInt32 configSize = CFDataGetLength(configXML); - size_t bytesWritten = write(fd, CFDataGetBytePtr(configXML), configSize); - CFRelease(configXML); - - if (bytesWritten != uint32_t(configSize)) - { - if (bytesWritten == static_cast(-1)) - Syslog::error("Writing rules file \"%s\": %s", tempFile.c_str(), strerror(errno)); - else - Syslog::error("Could only write %lu out of %ld bytes from rules file \"%s\"", - bytesWritten, configSize, tempFile.c_str()); - - close(fd); - unlink(tempFile.c_str()); - } - else - { - close(fd); - if (rename(tempFile.c_str(), mFileName.c_str())) - unlink(tempFile.c_str()); - } - return; -} - -void AuthorizationDBPlist::load(CFTimeInterval now) -{ - StLock _(mReadWriteLock); - - int fd = open(mFileName.c_str(), O_RDONLY, 0); - if (fd == -1) - { - Syslog::error("Opening rules file \"%s\": %s", mFileName.c_str(), strerror(errno)); - return; - } - - struct stat st; - if (fstat(fd, &st)) - { - int error = errno; - close(fd); - UnixError::throwMe(error); - } - - - mRulesFileMtimespec = st.st_mtimespec; - - off_t fileSize = st.st_size; - - CFMutableDataRef xmlData = CFDataCreateMutable(NULL, fileSize); - CFDataSetLength(xmlData, fileSize); - void *buffer = CFDataGetMutableBytePtr(xmlData); - size_t bytesRead = read(fd, buffer, fileSize); - if (bytesRead != fileSize) - { - if (bytesRead == static_cast(-1)) - { - Syslog::error("Reading rules file \"%s\": %s", mFileName.c_str(), strerror(errno)); - CFRelease(xmlData); - return; - } - - Syslog::error("Could only read %ul out of %ul bytes from rules file \"%s\"", - bytesRead, fileSize, mFileName.c_str()); - CFRelease(xmlData); - return; - } - - CFStringRef errorString; - CFDictionaryRef configPlist = reinterpret_cast(CFPropertyListCreateFromXMLData(NULL, xmlData, kCFPropertyListMutableContainersAndLeaves, &errorString)); - - if (!configPlist) - { - char buffer[512]; - const char *error = CFStringGetCStringPtr(errorString, kCFStringEncodingUTF8); - if (error == NULL) - { - if (CFStringGetCString(errorString, buffer, 512, kCFStringEncodingUTF8)) - error = buffer; - } - - Syslog::error("Parsing rules file \"%s\": %s", mFileName.c_str(), error); - if (errorString) - CFRelease(errorString); - - CFRelease(xmlData); - return; - } - - if (CFGetTypeID(configPlist) != CFDictionaryGetTypeID()) - { - - Syslog::error("Rules file \"%s\": is not a dictionary", mFileName.c_str()); - - CFRelease(xmlData); - CFRelease(configPlist); - return; - } - - { - StLock _(mLock); - parseConfig(configPlist); - mLastChecked = now; - } - CFRelease(xmlData); - CFRelease(configPlist); - - close(fd); -} - - - -void -AuthorizationDBPlist::parseConfig(CFDictionaryRef config) -{ - // grab items from top-level dictionary that we care about - CFStringRef rightsKey = CFSTR("rights"); - CFStringRef rulesKey = CFSTR("rules"); - CFMutableDictionaryRef newRights = NULL; - CFMutableDictionaryRef newRules = NULL; - - if (!config) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule file - - if (CFDictionaryContainsKey(config, rulesKey)) - { - newRules = reinterpret_cast(const_cast(CFDictionaryGetValue(config, rulesKey))); - } - - if (CFDictionaryContainsKey(config, rightsKey)) - { - newRights = reinterpret_cast(const_cast(CFDictionaryGetValue(config, rightsKey))); - } - - if (newRules - && newRights - && (CFDictionaryGetTypeID() == CFGetTypeID(newRules)) - && (CFDictionaryGetTypeID() == CFGetTypeID(newRights))) - { - mConfig = config; - mConfigRights = static_cast(newRights); - mConfigRules = static_cast(newRules); - mRules.clear(); - try - { - CFDictionaryApplyFunction(newRights, parseRule, this); - } - catch (...) - { - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule file - } - } - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule file -} - -void AuthorizationDBPlist::parseRule(const void *key, const void *value, void *context) -{ - static_cast(context)->addRight(static_cast(key), static_cast(value)); -} - -void AuthorizationDBPlist::addRight(CFStringRef key, CFDictionaryRef definition) -{ - string keyString = cfString(key); - mRules[keyString] = Rule(keyString, definition, mConfigRules); -} - -bool -AuthorizationDBPlist::validateRule(string inRightName, CFDictionaryRef inRightDefinition) const -{ - try { - Rule newRule(inRightName, inRightDefinition, mConfigRules); - if (newRule->name() == inRightName) - return true; - } - catch (...) - { - secdebug("authrule", "invalid definition for rule %s.\n", inRightName.c_str()); - } - return false; -} - -CFDictionaryRef -AuthorizationDBPlist::getRuleDefinition(string &key) -{ - CFStringRef cfKey = makeCFString(key); - StLock _(mLock); - if (CFDictionaryContainsKey(mConfigRights, cfKey)) - { - CFDictionaryRef definition = reinterpret_cast(const_cast(CFDictionaryGetValue(mConfigRights, cfKey))); - CFRelease(cfKey); - return CFDictionaryCreateCopy(NULL, definition); - } - else - { - CFRelease(cfKey); - return NULL; - } -} - -bool -AuthorizationDBPlist::existRule(string &ruleName) const -{ - map::const_iterator rule = mRules.find(ruleName); - if (rule != mRules.end()) - return true; - - return false; -} - -Rule -AuthorizationDBPlist::getRule(const AuthItemRef &inRight) const -{ - string key(inRight->name()); - // Lock the rulemap - StLock _(mLock); - - if (mRules.empty()) - return Rule(); - - for (;;) - { - map::const_iterator rule = mRules.find(key); - - if (rule != mRules.end()) - return (*rule).second; - - // no default rule - assert (key.size()); - - // any reduction of a combination of two chars is futile - if (key.size() > 2) { - // find last dot with exception of possible dot at end - string::size_type index = key.rfind('.', key.size() - 2); - // cut right after found dot, or make it match default rule - key = key.substr(0, index == string::npos ? 0 : index + 1); - } else - key.erase(); - } -} - -void -AuthorizationDBPlist::setRule(const char *inRightName, CFDictionaryRef inRuleDefinition) -{ - if (!inRuleDefinition || !mConfigRights) - MacOSError::throwMe(errAuthorizationDenied); // errInvalidRule - - CFRef keyRef(CFStringCreateWithCString(NULL, inRightName, kCFStringEncodingASCII)); - if (!keyRef) - return; - - StLock _(mLock); - - CFDictionarySetValue(mConfigRights, keyRef, inRuleDefinition); - // release modification lock here already? - save(); - mLastChecked = 0.0; -} - -void -AuthorizationDBPlist::removeRule(const char *inRightName) -{ - if (!mConfigRights) - MacOSError::throwMe(errAuthorizationDenied); - - CFRef keyRef(CFStringCreateWithCString(NULL, inRightName, kCFStringEncodingASCII)); - if (!keyRef) - return; - - StLock _(mLock); - - if (CFDictionaryContainsKey(mConfigRights, keyRef)) - { - CFDictionaryRemoveValue(mConfigRights, keyRef); - // release modification lock here already? - save(); - mLastChecked = 0.0; - } -} - - -} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationDBPlist.h b/SecurityServer/Authorization/AuthorizationDBPlist.h deleted file mode 100644 index 9b14bdf5..00000000 --- a/SecurityServer/Authorization/AuthorizationDBPlist.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * AuthorizationDBPlist.h - * Security - * - * Created by Conrad Sauerwald on Tue Mar 18 2003. - * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. - * - */ -#ifndef _H_AUTHORIZATIONDBPLIST -#define _H_AUTHORIZATIONDBPLIST 1 - -#include -#include "AuthorizationData.h" -#include "AuthorizationRule.h" - -namespace Authorization -{ - -class AuthorizationDBPlist /* : public AuthorizationDB */ -{ -public: - AuthorizationDBPlist(const char *configFile = "/etc/authorization"); - //~AuthorizationDBPlist(); - - void sync(CFAbsoluteTime now); - bool validateRule(string inRightName, CFDictionaryRef inRightDefinition) const; - CFDictionaryRef getRuleDefinition(string &key); - - bool existRule(string &ruleName) const; - Rule getRule(const AuthItemRef &inRight) const; - - void setRule(const char *inRightName, CFDictionaryRef inRuleDefinition); - void removeRule(const char *inRightName); - -protected: - void load(CFTimeInterval now); - void save() const; - -private: - string mFileName; - -private: - enum { kTypeRight, kTypeRule }; - void parseConfig(CFDictionaryRef config); - static void parseRule(const void *key, const void *value, void *context); - void addRight(CFStringRef key, CFDictionaryRef definition); - - CFAbsoluteTime mLastChecked; - struct timespec mRulesFileMtimespec; - - map mRules; - CFRef mConfig; - CFRef mConfigRights; - CFRef mConfigRules; - - mutable Mutex mLock; // rule map lock - mutable Mutex mReadWriteLock; // file operation lock -}; - -}; /* namespace Authorization */ - -#endif /* ! _H_AUTHORIZATIONDBPLIST */ diff --git a/SecurityServer/Authorization/AuthorizationData.cpp b/SecurityServer/Authorization/AuthorizationData.cpp deleted file mode 100644 index 4cc97ae7..00000000 --- a/SecurityServer/Authorization/AuthorizationData.cpp +++ /dev/null @@ -1,422 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationData.cpp - * Authorization - * - * Created by Michael Brouwer on Thu Oct 12 2000. - * Copyright (c) 2000 Apple Computer Inc. All rights reserved. - * - */ - -#include "AuthorizationData.h" - -#include -#include -#include - -#include "server.h" - - -// checkpw() that uses provided struct passwd -extern "C" -{ -int checkpw_internal( const struct passwd *pw, const char* password ); -} - - -namespace Authorization { - - -AuthValueRef::AuthValueRef(const AuthValue &value) : - RefPointer(new AuthValue(value)) {} - -AuthValueRef::AuthValueRef(const AuthorizationValue &value) : - RefPointer(new AuthValue(value)) {} - -AuthValue::AuthValue(const AuthorizationValue &value) : - mOwnsValue(false) -{ - mValue.length = value.length; - mValue.data = value.data; -} - -AuthValueRef::AuthValueRef(UInt32 length, void *data) : - RefPointer(new AuthValue(length, data)) {} - -AuthValue::AuthValue(UInt32 length, void *data) : - mOwnsValue(true) -{ - mValue.length = length; - mValue.data = new uint8_t[length]; - if (length) - memcpy(mValue.data, data, length); -} - -AuthValue::~AuthValue() -{ - if (mOwnsValue) - delete[] reinterpret_cast(mValue.data); -} - -AuthValue & -AuthValue::operator = (const AuthValue &other) -{ - if (mOwnsValue) - delete[] reinterpret_cast(mValue.data); - - mValue = other.mValue; - mOwnsValue = other.mOwnsValue; - other.mOwnsValue = false; - return *this; -} - -void -AuthValue::fillInAuthorizationValue(AuthorizationValue &value) -{ - value.length = mValue.length; - value.data = mValue.data; -} - -AuthValueVector & -AuthValueVector::operator = (const AuthorizationValueVector& valueVector) -{ - clear(); - for (unsigned int i=0; i < valueVector.count; i++) - push_back(AuthValueRef(valueVector.values[i])); - return *this; -} - -void -AuthValueVector::copy(AuthorizationValueVector **data, size_t *length) const -{ - AuthorizationValueVector valueVector; - valueVector.count = size(); - valueVector.values = new AuthorizationValue[valueVector.count]; - int i = 0; - for (const_iterator it = begin(); it != end(); ++it, ++i) - { - (*it)->fillInAuthorizationValue(valueVector.values[i]); - } - - Copier flatValueVector(&valueVector); - *length = flatValueVector.length(); - *data = flatValueVector.keep(); - - delete[] valueVector.values; -} - -AuthItem::AuthItem(const AuthorizationItem &item) : - mFlags(item.flags), - mOwnsName(true), - mOwnsValue(true) -{ - if (!item.name) - MacOSError::throwMe(errAuthorizationInternal); - size_t nameLen = strlen(item.name) + 1; - mName = new char[nameLen]; - memcpy(const_cast(mName), item.name, nameLen); - - mValue.length = item.valueLength; - mValue.data = new uint8_t[item.valueLength]; - if (mValue.length) - memcpy(mValue.data, item.value, item.valueLength); -} - - -AuthItem::AuthItem(AuthorizationString name) : - mName(name), - mFlags(0), - mOwnsName(false), - mOwnsValue(false) -{ - mValue.length = 0; - mValue.data = NULL; -} - -AuthItem::AuthItem(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags) : - mFlags(flags), - mOwnsName(true), - mOwnsValue(true) -{ - if (!name) - MacOSError::throwMe(errAuthorizationInternal); - size_t nameLen = strlen(name) + 1; - mName = new char[nameLen]; - memcpy(const_cast(mName), name, nameLen); - - mValue.length = value.length; - mValue.data = new uint8_t[value.length]; - if (mValue.length) - memcpy(mValue.data, value.data, value.length); -} - -AuthItem::~AuthItem() -{ - if (mOwnsName) - delete[] mName; - if (mOwnsValue) - delete[] reinterpret_cast(mValue.data); -} - -bool -AuthItem::operator < (const AuthItem &other) const -{ - return strcmp(mName, other.mName) < 0; -} - -AuthItem & -AuthItem::operator = (const AuthItem &other) -{ - if (mOwnsName) - delete[] mName; - if (mOwnsValue) - delete[] reinterpret_cast(mValue.data); - - mName = other.mName; - mValue = other.mValue; - mFlags = other.mFlags; - mOwnsName = other.mOwnsName; - other.mOwnsName = false; - mOwnsValue = other.mOwnsValue; - other.mOwnsValue = false; - return *this; -} - -void -AuthItem::fillInAuthorizationItem(AuthorizationItem &item) -{ - item.name = mName; - item.valueLength = mValue.length; - item.value = mValue.data; - item.flags = mFlags; -} - - -AuthItemRef::AuthItemRef(const AuthorizationItem &item) : RefPointer(new AuthItem(item)) {} - -AuthItemRef::AuthItemRef(AuthorizationString name) : RefPointer(new AuthItem(name)) {} - -AuthItemRef::AuthItemRef(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags) : RefPointer(new AuthItem(name, value, flags)) {} - - -// -// AuthItemSet -// -AuthItemSet::AuthItemSet() -{ -} - -AuthItemSet::~AuthItemSet() -{ -} - -AuthItemSet & -AuthItemSet::operator = (const AuthorizationItemSet& itemSet) -{ - clear(); - - for (unsigned int i=0; i < itemSet.count; i++) - insert(AuthItemRef(itemSet.items[i])); - - return *this; -} - -AuthItemSet::AuthItemSet(const AuthorizationItemSet *itemSet) -{ - if (itemSet) - { - for (unsigned int i=0; i < itemSet->count; i++) - insert(AuthItemRef(itemSet->items[i])); - } -} - -void -AuthItemSet::copy(AuthorizationItemSet *&data, size_t &length, CssmAllocator &alloc) const -{ - AuthorizationItemSet itemSet; - itemSet.count = size(); - itemSet.items = new AuthorizationItem[itemSet.count]; - int i = 0; - for (const_iterator it = begin(); it != end(); ++it, ++i) - { - (*it)->fillInAuthorizationItem(itemSet.items[i]); - } - - Copier flatItemSet(&itemSet, alloc); - length = flatItemSet.length(); - - data = flatItemSet.keep(); - // else flatItemSet disappears again - - delete[] itemSet.items; -} - -// -// CredentialImpl class -// - -// only for testing whether this credential is usable -CredentialImpl::CredentialImpl(const string &username, const uid_t uid, const gid_t gid, bool shared) : -mUsername(username), mShared(shared), mUid(uid), mGid(gid), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true) -{ -} - -// credential with validity based on username/password combination. -CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : -mUsername(username), mShared(shared), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false) -{ - // Calling into DirectoryServices can be a long term operation - Server::active().longTermActivity(); - - // try short name first - const char *user = username.c_str(); - struct passwd *pw = getpwnam(user); - - do { - - if (!pw) - { - secdebug("autheval", "user %s not found, creating invalid credential", user); - break; - } - - mUsername = string ( pw->pw_name ); - mUid = pw->pw_uid; - mGid = pw->pw_gid; - - const char *passwd = password.c_str(); - int checkpw_status = checkpw_internal(pw, passwd); - - if (checkpw_status != CHECKPW_SUCCESS) - { - secdebug("autheval", "checkpw() for user %s failed with error %d, creating invalid credential", user, checkpw_status); - break; - } - - secdebug("autheval", "checkpw() for user %s succeeded, creating%s credential", - user, mShared ? " shared" : ""); - - mValid = true; - - endpwent(); - } - while (0); -} - - -CredentialImpl::~CredentialImpl() -{ -} - -bool -CredentialImpl::operator < (const CredentialImpl &other) const -{ - if (!mShared && other.mShared) - return true; - if (!other.mShared && mShared) - return false; - - return mUsername < other.mUsername; -} - -// Returns true if this CredentialImpl should be shared. -bool -CredentialImpl::isShared() const -{ - return mShared; -} - -// Merge with other -void -CredentialImpl::merge(const CredentialImpl &other) -{ - assert(mUsername == other.mUsername); - - if (other.mValid && (!mValid || mCreationTime < other.mCreationTime)) - { - mCreationTime = other.mCreationTime; - mUid = other.mUid; - mGid = other.mGid; - mValid = true; - } -} - -// The time at which this credential was obtained. -CFAbsoluteTime -CredentialImpl::creationTime() const -{ - return mCreationTime; -} - -// Return true iff this credential is valid. -bool -CredentialImpl::isValid() const -{ - return mValid; -} - -void -CredentialImpl::invalidate() -{ - mValid = false; -} - -// -// Credential class -// -Credential::Credential() : -RefPointer(NULL) -{ -} - -Credential::Credential(CredentialImpl *impl) : -RefPointer(impl) -{ -} - -Credential::Credential(const string &username, const uid_t uid, const gid_t gid, bool shared) : -RefPointer(new CredentialImpl(username, uid, gid, shared)) -{ -} - -Credential::Credential(const string &username, const string &password, bool shared) : -RefPointer(new CredentialImpl(username, password, shared)) -{ -} - -Credential::~Credential() -{ -} - -bool -Credential::operator < (const Credential &other) const -{ - if (!*this) - return other; - - if (!other) - return false; - - return (**this) < (*other); -} - - - -} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationData.h b/SecurityServer/Authorization/AuthorizationData.h deleted file mode 100644 index 92466564..00000000 --- a/SecurityServer/Authorization/AuthorizationData.h +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationData.h - * Authorization - * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved - * - */ - -#ifndef _H_AUTHORIZATIONDATA -#define _H_AUTHORIZATIONDATA 1 - -#include -#include - -#include -#include - -#include -#include -#include - -// ptrdiff_t needed, so including STL type closest -#include - -namespace Authorization -{ - -class AuthValueOverlay : public AuthorizationValue -{ -public: - AuthValueOverlay(const string& stringValue) { length = stringValue.length(); data = const_cast(stringValue.c_str()); } - AuthValueOverlay(UInt32 inLength, void *inData) { length = inLength; data = inData; } -}; - -class AuthValueRef; - -class AuthValue : public RefCount -{ - friend class AuthValueRef; -private: - AuthValue(const AuthValue& value) {} -protected: - AuthValue(const AuthorizationValue &value); - AuthValue(UInt32 length, void *data); -public: - AuthValue &operator = (const AuthValue &other); - ~AuthValue(); - void fillInAuthorizationValue(AuthorizationValue &value); - const AuthorizationValue& value() const { return mValue; } -private: - AuthorizationValue mValue; - mutable bool mOwnsValue; -}; - -// AuthValueRef impl -class AuthValueRef : public RefPointer -{ -public: - AuthValueRef(const AuthValue &value); - AuthValueRef(const AuthorizationValue &value); - AuthValueRef(UInt32 length, void *data); -}; - - -// vector should become a member with accessors -class AuthValueVector : public vector -{ - NOCOPY(AuthValueVector) -public: - AuthValueVector() {} - ~AuthValueVector() {} - - AuthValueVector &operator = (const AuthorizationValueVector& valueVector); - - void copy(AuthorizationValueVector **data, size_t *length) const; -}; - - - -class AuthItemRef; - -class AuthItem : public RefCount -{ - friend class AuthItemRef; -private: - AuthItem(const AuthItem& item); -protected: - AuthItem(const AuthorizationItem &item); - AuthItem(AuthorizationString name); - AuthItem(AuthorizationString name, AuthorizationValue value); - AuthItem(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags); - - bool operator < (const AuthItem &other) const; - -public: - AuthItem &operator = (const AuthItem &other); - ~AuthItem(); - - void fillInAuthorizationItem(AuthorizationItem &item); - - AuthorizationString name() const { return mName; } - const AuthorizationValue& value() const { return mValue; } - string stringValue() const { return string(static_cast(mValue.data), mValue.length); } - AuthorizationFlags flags() const { return mFlags; } - void setFlags(AuthorizationFlags inFlags) { mFlags = inFlags; }; - -private: - AuthorizationString mName; - AuthorizationValue mValue; - AuthorizationFlags mFlags; - mutable bool mOwnsName; - mutable bool mOwnsValue; -}; - -class AuthItemRef : public RefPointer -{ -public: - AuthItemRef(const AuthorizationItem &item); - AuthItemRef(AuthorizationString name); - AuthItemRef(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags = 0); - - bool operator < (const AuthItemRef &other) const - { - return **this < *other; - } -}; - -// set should become a member with accessors -class AuthItemSet : public set -{ -public: - AuthItemSet(); - ~AuthItemSet(); - AuthItemSet(const AuthorizationItemSet *item); - - AuthItemSet &operator = (const AuthorizationItemSet& itemSet); - - void copy(AuthorizationItemSet *&data, size_t &length, CssmAllocator &alloc = CssmAllocator::standard()) const; -}; - -class FindAuthItemByRightName -{ -public: - FindAuthItemByRightName(const char *find_name) : name(find_name) { } - - bool operator()( const AuthItemRef& authitem ) - { - return (!strcmp(name, authitem->name())); - } - bool operator()( const AuthorizationItem* authitem ) - { - return (!strcmp(name, authitem->name)); - } - -private: - const char *name; -}; - - - -/* Credentials are less than comparable so they can be put in sets or maps. */ -class CredentialImpl : public RefCount -{ -public: - CredentialImpl(const string &username, const uid_t uid, gid_t gid, bool shared); - CredentialImpl(const string &username, const string &password, bool shared); - ~CredentialImpl(); - - bool operator < (const CredentialImpl &other) const; - - // Returns true if this credential should be shared. - bool isShared() const; - - // Merge with other - void merge(const CredentialImpl &other); - - // The time at which this credential was obtained. - CFAbsoluteTime creationTime() const; - - // Return true iff this credential is valid. - bool isValid() const; - - // Make this credential invalid. - void invalidate(); - - // We could make Rule a friend but instead we just expose this for now - inline const string& username() const { return mUsername; } - inline const uid_t uid() const { return mUid; } - inline const gid_t gid() const { return mGid; } - - -private: - // The username of the user that provided his password. - // This and mShared are what make this credential unique. - // @@@ We do not deal with the domain as of yet. - string mUsername; - - // True iff this credential is shared. - bool mShared; - - // Fields below are not used by less than operator - - // cached pw-data as returned by getpwnam(mUsername) - uid_t mUid; - gid_t mGid; - - CFAbsoluteTime mCreationTime; - bool mValid; -}; - - -/* Credentials are less than comparable so they can be put in sets or maps. */ -class Credential : public RefPointer -{ -public: - Credential(); - Credential(CredentialImpl *impl); - Credential(const string &username, const uid_t uid, gid_t gid, bool shared); - Credential(const string &username, const string &password, bool shared); - ~Credential(); - - bool operator < (const Credential &other) const; -}; - - -typedef set CredentialSet; - - - - -}; // namespace Authorization - -#endif /* ! _H_AUTHORIZATIONDATA */ diff --git a/SecurityServer/Authorization/AuthorizationEngine.cpp b/SecurityServer/Authorization/AuthorizationEngine.cpp deleted file mode 100644 index 210a4423..00000000 --- a/SecurityServer/Authorization/AuthorizationEngine.cpp +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationEngine.cpp - * Authorization - * - * Created by Michael Brouwer on Thu Oct 12 2000. - * Copyright (c) 2000 Apple Computer Inc. All rights reserved. - * - */ -#include "AuthorizationEngine.h" -#include -#include "AuthorizationPriv.h" -#include "AuthorizationDB.h" - - -#include "authority.h" - -#include -#include -#include -#include -#include "session.h" -#include "server.h" - -#include -#include -#include - -#include -#include -#include - -namespace Authorization { - -// -// Errors to be thrown -// -Error::Error(int err) : error(err) -{ -} - -const char *Error::what() const throw() -{ return "Authorization error"; } - -CSSM_RETURN Error::cssmError() const throw() -{ return error; } // @@@ eventually... - -OSStatus Error::osStatus() const throw() -{ return error; } - -void Error::throwMe(int err) { throw Error(err); } - -// -// Engine class -// -Engine::Engine(const char *configFile) : mAuthdb(configFile) -{ -} - -Engine::~Engine() -{ -} - - -/*! - @function AuthorizationEngine::authorize - - @@@. - - @param inRights (input) List of rights being requested for authorization. - @param environment (optional/input) Environment containing information to be used during evaluation. - @param flags (input) Optional flags @@@ see AuthorizationCreate for a description. - @param inCredentials (input) Credentials already held by the caller. - @param outCredentials (output/optional) Credentials obtained, used or refreshed during this call to authorize the requested rights. - @param outRights (output/optional) Subset of inRights which were actually authorized. - - @results Returns errAuthorizationSuccess if all rights requested are authorized, or if the kAuthorizationFlagPartialRights flag was specified. Might return other status values like errAuthorizationDenied, errAuthorizationCanceled or errAuthorizationInteractionNotAllowed -*/ -OSStatus -Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment, - AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials, - AuthItemSet &outRights, AuthorizationToken &auth) -{ - CredentialSet credentials; - OSStatus status = errAuthorizationSuccess; - - // Get current time of day. - CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); - - // Update rules from database if needed - mAuthdb.sync(now); - - // Check if a credential was passed into the environment and we were asked to extend the rights - if (flags & kAuthorizationFlagExtendRights) - { - string username, password; - bool shared = false; - for (AuthItemSet::iterator item = environment.begin(); item != environment.end(); item ++) - { - if (!strcmp((*item)->name(), kAuthorizationEnvironmentUsername)) - username = (*item)->stringValue(); - else if (!strcmp((*item)->name(), kAuthorizationEnvironmentPassword)) - password = (*item)->stringValue(); - else if (!strcmp((*item)->name(), kAuthorizationEnvironmentShared)) - shared = true; - } - - if (username.length()) - { - // Let's create a credential from the passed in username and password. - Credential newCredential(username, password, shared); - // If it's valid insert it into the credentials list. Normally this is - // only done if it actually authorizes a requested right, but for this - // special case (environment) we do it even when no rights are being requested. - if (newCredential->isValid()) - credentials.insert(newCredential); - } - } - - // generate hints for every authorization - AuthItemSet environmentToClient = environment; - - AuthItemSet::const_iterator end = inRights.end(); - for (AuthItemSet::const_iterator it = inRights.begin(); it != end; ++it) - { - // Get the rule for each right we are trying to obtain. - const Rule &toplevelRule = mAuthdb.getRule(*it); - OSStatus result = toplevelRule->evaluate(*it, toplevelRule, environmentToClient, flags, now, inCredentials, credentials, auth); - secdebug("autheval", "evaluate rule %s for right %s returned %ld.", toplevelRule->name().c_str(), (*it)->name(), result); - - { - CodeSigning::OSXCode *processCode = Server::connection().process.clientCode(); - string processName = processCode ? processCode->canonicalPath() : "unknown"; - CodeSigning::OSXCode *authCreatorCode = auth.creatorCode(); - string authCreatorName = authCreatorCode ? authCreatorCode->canonicalPath() : "unknown"; - - if (result == errAuthorizationSuccess) - Syslog::info("Succeeded authorizing right %s by process %s for authorization created by %s.", (*it)->name(), processName.c_str(), authCreatorName.c_str()); - else if (result == errAuthorizationDenied) - Syslog::notice("Failed to authorize right %s by process %s for authorization created by %s.", (*it)->name(), processName.c_str(), authCreatorName.c_str()); - } - - if (result == errAuthorizationSuccess) - outRights.insert(*it); - else if (result == errAuthorizationDenied || result == errAuthorizationInteractionNotAllowed) - { - // add creator pid to authorization token - if (!(flags & kAuthorizationFlagPartialRights)) - { - status = result; - break; - } - } - else if (result == errAuthorizationCanceled) - { - status = result; - break; - } - else - { - Syslog::error("Engine::authorize: Rule::evaluate returned %ld returning errAuthorizationInternal", result); - status = errAuthorizationInternal; - break; - } - } - - if (outCredentials) - outCredentials->swap(credentials); - - return status; -} - -OSStatus -Engine::verifyModification(string inRightName, bool remove, - const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth) -{ - // Validate right - - // meta rights are constructed as follows: - // we don't allow setting of wildcard rights, so you can only be more specific - // note that you should never restrict things with a wildcard right without disallowing - // changes to the entire domain. ie. - // system.privilege. -> never - // config.add.system.privilege. -> never - // config.modify.system.privilege. -> never - // config.delete.system.privilege. -> never - // For now we don't allow any configuration of configuration rules - // config.config. -> never - - string rightnameToCheck; - - // @@@ verify right name is is not NULL or zero length - if (inRightName.length() == 0) - return errAuthorizationDenied; - - // @@@ make sure it isn't a wildcard right by checking trailing "." - if ( *(inRightName.rbegin()) == '.') - return errAuthorizationDenied; - - // @@@ make sure it isn't a configure right by checking it doesn't start with config. - if (inRightName.find(kConfigRight, 0) != string::npos) - { - // special handling of meta right change: - // config.add. config.modify. config.remove. config.{}. - // check for config. (which always starts with config.config.) - rightnameToCheck = string(kConfigRight) + inRightName; - } - else - { - // regular check of rights - bool existingRule = mAuthdb.existRule(inRightName); - if (!remove) - { - if (existingRule) - rightnameToCheck = string(kAuthorizationConfigRightModify) + inRightName; - else - rightnameToCheck = string(kAuthorizationConfigRightAdd) + inRightName; - } - else - { - if (existingRule) - rightnameToCheck = string(kAuthorizationConfigRightRemove) + inRightName; - else - { - secdebug("engine", "rule %s doesn't exist.", inRightName.c_str()); - return errAuthorizationSuccess; // doesn't exist, done - } - } - } - - - AuthItemSet rights, environment, outRights; - rights.insert(AuthItemRef(rightnameToCheck.c_str())); - secdebug("engine", "authorizing %s for db modification.", rightnameToCheck.c_str()); - return authorize(rights, environment, kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights, inCredentials, outCredentials, outRights, auth); -} - -OSStatus -Engine::getRule(string &inRightName, CFDictionaryRef *outRuleDefinition) -{ - // Get current time of day. - CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); - - // Update rules from database if needed - mAuthdb.sync(now); - - CFDictionaryRef definition = mAuthdb.getRuleDefinition(inRightName); - if (definition) - { - if (outRuleDefinition) - *outRuleDefinition = definition; - else - CFRelease(definition); - - return errAuthorizationSuccess; - } - - return errAuthorizationDenied; -} - -OSStatus -Engine::setRule(const char *inRightName, CFDictionaryRef inRuleDefinition, const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth) -{ - // Get current time of day. - CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); - - // Update rules from database if needed - mAuthdb.sync(now); - - // Validate rule by constructing it from the passed dictionary - if (!mAuthdb.validateRule(inRightName, inRuleDefinition)) - return errAuthorizationDenied; // @@@ separate error for this? - - OSStatus result = verifyModification(inRightName, false /*setting, not removing*/, inCredentials, outCredentials, auth); - if (result != errAuthorizationSuccess) - return result; - - // set the rule for the right and save the database - mAuthdb.setRule(inRightName, inRuleDefinition); - - return errAuthorizationSuccess; -} - -OSStatus -Engine::removeRule(const char *inRightName, const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth) -{ - // Get current time of day. - CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); - - // Update rules from database if needed - mAuthdb.sync(now); - - OSStatus result = verifyModification(inRightName, true /*removing*/, inCredentials, outCredentials, auth); - if (result != errAuthorizationSuccess) - return result; - - // set the rule for the right and save the database - mAuthdb.removeRule(inRightName); - - return errAuthorizationSuccess; -} - -} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationEngine.h b/SecurityServer/Authorization/AuthorizationEngine.h deleted file mode 100644 index f4ce6a06..00000000 --- a/SecurityServer/Authorization/AuthorizationEngine.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationEngine.h - * Authorization - * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved - * - */ - -#ifndef _H_AUTHORIZATIONENGINE -#define _H_AUTHORIZATIONENGINE 1 - -#include -#include -#include "AuthorizationData.h" -#include "AuthorizationDBPlist.h" - -#include -#include - -#include -#include -#include -#include - -class AuthorizationToken; - -using Authorization::AuthorizationDBPlist; - -namespace Authorization -{ - -class Error : public CssmCommonError { -protected: - Error(int err); -public: - const int error; - virtual CSSM_RETURN cssmError() const throw(); - virtual OSStatus osStatus() const throw(); - virtual const char *what () const throw(); - // @@@ Default value should be internal error. - static void throwMe(int err = -1) __attribute((noreturn)); -}; - - -/* The engine which performs the actual authentication and authorization computations. - - The implementation of a typical call to AuthorizationCreate would look like: - - Get the current shared CredentialSet for this session. - Call authorizedRights() with inRights and the shared CredentialSet. - Compute the difference set between the rights requested and the rights returned from authorizedRights(). - Call credentialIds() with the rights computed above (for which we have no credentials yet). - Call aquireCredentials() for the credentialIds returned from credentialIds() - For each credential returned place it in the session (replacing when needed) if shared() returns true. - The authorization returned to the user should now refer to the credentials in the session and the non shared ones returned by aquireCredentials(). - - When a call to AuthorizationCopyRights() is made, just call authorizedRights() using the union of the session credentials and the credentials tied to the authorization specified. - - When a call to AuthorizationCopyInfo() is made, ask the Credential specified by tag for it info and return it. - - When a call to AuthorizationFree() is made, delete all the non-shared credentials ascociated with the authorization specified. If the kAuthorizationFreeFlagDestroy is set. Also delete the shared credentials ascociated with the authorization specified. - */ -class Engine -{ -public: - Engine(const char *configFile); - ~Engine(); - - OSStatus authorize(const AuthItemSet &inRights, const AuthItemSet &environment, - AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials, - AuthItemSet &outRights, AuthorizationToken &auth); - OSStatus getRule(string &inRightName, CFDictionaryRef *outRuleDefinition); - OSStatus setRule(const char *inRightName, CFDictionaryRef inRuleDefinition, const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth); - OSStatus removeRule(const char *inRightName, const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth); - -private: - OSStatus verifyModification(string inRightName, bool remove, - const CredentialSet *inCredentials, CredentialSet *outCredentials, AuthorizationToken &auth); - - AuthorizationDBPlist mAuthdb; - mutable Mutex mLock; -}; - -}; // namespace Authorization - -#endif /* ! _H_AUTHORIZATIONENGINE */ diff --git a/SecurityServer/Authorization/AuthorizationPlugin.h b/SecurityServer/Authorization/AuthorizationPlugin.h deleted file mode 100644 index acd7b095..00000000 --- a/SecurityServer/Authorization/AuthorizationPlugin.h +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright (c) 2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationPlugin.h - * AuthorizationPlugin -- APIs for implementing authorization plugins. - */ - -#if !defined(__AuthorizationPlugin__) -#define __AuthorizationPlugin__ 1 - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @header AuthorizationPlugin - Version 0.3 05/09/2001 - - Foo bar @@@. - -*/ - - -/*! - @typedef AuthorizationValue - @@@ -*/ -typedef struct AuthorizationValue -{ - UInt32 length; - void *data; -} AuthorizationValue; - -typedef struct AuthorizationValueVector -{ - UInt32 count; - AuthorizationValue *values; -} AuthorizationValueVector; - -typedef UInt32 AuthorizationContextFlags; -enum -{ - /* If set, it will be possible to obtain the value of this attribute usingAuthorizationCopyInfo(). */ - kAuthorizationContextFlagExtractable = (1 << 0), - - /* If set, this value will not be remembered in a "credential". @@@ Do we need this? */ - kAuthorizationContextFlagVolatile = (1 << 1) -}; - - -/*! - @typedef AuthorizationMechanismId - @@@ -*/ -typedef const AuthorizationString AuthorizationMechanismId; - -/*! -@typedef AuthorizationPluginId - @@@ Not used by plugin writers - */ -typedef const AuthorizationString AuthorizationPluginId; - - - -/*! - @typedef AuthorizationPluginRef - An instance of a plugin (even though there will probably only be one). -*/ -typedef void *AuthorizationPluginRef; - -/*! - @typedef AuthorizationMechanismRef - An instance of a mechanism in a plugin. -*/ -typedef void *AuthorizationMechanismRef; - -/*! - @typedef AuthorizationEngineRef - The engines handle for an instance of a mechanism in a plugin (corresponds to a particular AuthorizationMechanismRef). -*/ -typedef struct __OpaqueAuthorizationEngine *AuthorizationEngineRef; - - -/*! - @typedef AuthorizationSessionId - A unique value for an AuthorizationSession being evaluated, provided by the authorization engine. - A session is represented by a top level call to an Authorization API. - @@@ Should this be changed to tie a session to the lifetime of an AuthorizationRef? -- Michael -*/ -typedef void *AuthorizationSessionId; - -/*! - @typedef AuthorizationResult - Possible values that SetResult may use. - - @param kAuthorizationResultAllow the operation succeeded and should be allowed as far as this mechanism is concerned. - @param kAuthorizationResultDeny the operation succeeded and should be denied as far as this mechanism is concerned. - @param kAuthorizationResultUndefined the operation failed for some reason and should not be retried for this session. - @param kAuthorizationResultUserCanceled the user has requested that the evaluation be terminated. -*/ -typedef UInt32 AuthorizationResult; -enum -{ - kAuthorizationResultAllow, - kAuthorizationResultDeny, - kAuthorizationResultUndefined, - kAuthorizationResultUserCanceled, -}; - -enum { - kAuthorizationPluginInterfaceVersion = 0 -}; - -enum { - kAuthorizationCallbacksVersion = 0 -}; - - -/* Callback API of the AuthorizationEngine. */ -typedef struct AuthorizationCallbacks { - /* Will be set to kAuthorizationCallbacksVersion. */ - UInt32 version; - - /* Flow control */ - - /* Set a result after a call to AuthorizationSessionInvoke. */ - OSStatus (*SetResult)(AuthorizationEngineRef inEngine, AuthorizationResult inResult); - - /* Request authorization engine to interrupt all mechamisms invoked after this mechamism has called SessionSetResult and then call AuthorizationSessionInvoke again. */ - OSStatus (*RequestInterrupt)(AuthorizationEngineRef inEngine); - - OSStatus (*DidDeactivate)(AuthorizationEngineRef inEngine); - - - /* Getters and setters */ - OSStatus (*GetContextValue)(AuthorizationEngineRef inEngine, - AuthorizationString inKey, - AuthorizationContextFlags *outContextFlags, - const AuthorizationValue **outValue); - - OSStatus (*SetContextValue)(AuthorizationEngineRef inEngine, - AuthorizationString inKey, - AuthorizationContextFlags inContextFlags, - const AuthorizationValue *inValue); - - OSStatus (*GetHintValue)(AuthorizationEngineRef inEngine, - AuthorizationString inKey, - const AuthorizationValue **outValue); - - OSStatus (*SetHintValue)(AuthorizationEngineRef inEngine, - AuthorizationString inKey, - const AuthorizationValue *inValue); - - OSStatus (*GetArguments)(AuthorizationEngineRef inEngine, - const AuthorizationValueVector **outArguments); - - OSStatus (*GetSessionId)(AuthorizationEngineRef inEngine, - AuthorizationSessionId *outSessionId); - - -} AuthorizationCallbacks; - - -/* Functions that must be implemented by each plugin. */ - -typedef struct AuthorizationPluginInterface -{ - /* Must be set to kAuthorizationPluginInterfaceVersion. */ - UInt32 version; - - /* Notify a plugin that it is about to be unloaded so it get a chance to clean up and release any resources it is holding. */ - OSStatus (*PluginDestroy)(AuthorizationPluginRef inPlugin); - - /* The plugin should create an AuthorizationMechanismRef and remeber inEngine, mechanismId and callbacks for future reference. It is guaranteed that MechanismDestroy will be called on the returned AuthorizationMechanismRef sometime after this function. */ - OSStatus (*MechanismCreate)(AuthorizationPluginRef inPlugin, - AuthorizationEngineRef inEngine, - AuthorizationMechanismId mechanismId, - AuthorizationMechanismRef *outMechanism); - - /* Invoke (or evaluate) an instance of a mechanism (created with MechanismCreate). It should call SetResult during or after returning from this function. */ - OSStatus (*MechanismInvoke)(AuthorizationMechanismRef inMechanism); - - /* Plugin should respond with a SessionDidDeactivate asap. */ - OSStatus (*MechanismDeactivate)(AuthorizationMechanismRef inMechanism); - - OSStatus (*MechanismDestroy)(AuthorizationMechanismRef inMechanism); - -} AuthorizationPluginInterface; - - -/* @function AuthorizationPluginCreate - - Initialize a plugin after it gets loaded. This is the main entry point to a plugin. This function will only be called once and after all Mechanism instances have been destroyed outPluginInterface->PluginDestroy will be called. - - @param callbacks (input) A pointer to an AuthorizationCallbacks which contains the callbacks implemented by the AuthorizationEngine. - @param outPlugin (output) On successful completion should contain a valid AuthorizationPluginRef. This will be passed in to any subsequent calls the engine makes to outPluginInterface->MechanismCreate and outPluginInterface->PluginDestroy. - @param outPluginInterface (output) On successful completion should contain a pointer to a AuthorizationPluginInterface that will stay valid until outPluginInterface->PluginDestroy is called. */ -OSStatus AuthorizationPluginCreate(const AuthorizationCallbacks *callbacks, - AuthorizationPluginRef *outPlugin, - const AuthorizationPluginInterface **outPluginInterface); - -#if defined(__cplusplus) -} -#endif - -#endif /* ! __AuthorizationPlugin__ */ diff --git a/SecurityServer/Authorization/AuthorizationPriv.h b/SecurityServer/Authorization/AuthorizationPriv.h deleted file mode 100644 index 55cfb1d2..00000000 --- a/SecurityServer/Authorization/AuthorizationPriv.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationPriv.h -- Authorization SPIs - * Private APIs for implementing access control in applications and daemons. - * - */ - -#ifndef _SECURITY_AUTHORIZATIONPRIV_H_ -#define _SECURITY_AUTHORIZATIONPRIV_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - - -/*! - @header AuthorizationPriv - Version 1.1 04/2003 - - This header contains private APIs for authorization services. - This is the private extension of , a public header file. -*/ - - -/* meta-rightname prefixes that configure authorization for policy changes */ - -/*! - @defined kConfigRightAdd - meta-rightname for prefix adding rights. -*/ -#define kAuthorizationConfigRightAdd "config.add." -/*! - @defined kConfigRightModify - meta-rightname prefix for modifying rights. -*/ -#define kAuthorizationConfigRightModify "config.modify." -/*! - @defined kConfigRightRemove - meta-rightname prefix for removing rights. -*/ -#define kAuthorizationConfigRightRemove "config.remove." -/*! - @defined kConfigRight - meta-rightname prefix. -*/ -#define kConfigRight "config." - -/*! - @defined kRuleIsRoot - canned rule for daemon to daemon convincing (see AuthorizationDB.h for public ones) -*/ -#define kAuthorizationRuleIsRoot "is-root" - -/* rule classes the specify behavior */ - -/*! @defined kAuthorizationRuleClass - Specifying rule class -*/ -#define kAuthorizationRuleClass "class" - -/*! @defined kAuthorizationRuleClassUser - Specifying user class -*/ -#define kAuthorizationRuleClassUser "user" - -/*! @defined kAuthorizationRuleClassMechanisms - Specifying evaluate-mechanisms class -*/ -#define kAuthorizationRuleClassMechanisms "evaluate-mechanisms" - -/* rule attributes to specify above classes */ - -/*! @defined kAuthorizationRuleParameterGroup - string, group specification for user rules. -*/ -#define kAuthorizationRuleParameterGroup "group" - -/*! @defined kAuthorizationRuleParameterKofN - number, k specification for k-of-n -*/ -#define kAuthorizationRuleParameterKofN "k-of-n" - -/*! @defined kAuthorizationRuleParameterRules - rules specification for rule delegation (incl. k-of-n) -*/ -#define kAuthorizationRuleParameterRules "rules" - -/*! @defined kAuthorizationRuleParameterMechanisms - mechanism specification, a sequence of mechanisms to be evaluated */ -#define kAuthorizationRuleParameterMechanisms "mechanisms" - -/*! @defined kAuthorizationRightParameterTimeout - timeout if any when a remembered right expires. - special values: - - not specified retains previous behavior: most privileged, credential based. - - zero grants the right once -(can be achieved with zero credential timeout, needed?) - - all other values are interpreted as number of seconds since granted. -*/ -#define kAuthorizationRightParameterTimeout "timeout-right" - -/*! @defined kAuthorizationRuleParameterCredentialTimeout - timeout if any for the use of cached credentials when authorizing rights. - - not specified allows for any credentials regardless of age; rights will be remembered in authorizations, removing a credential does not stop it from granting this right, specifying a zero timeout for the right will delegate it back to requiring a credential. - - all other values are interpreted as number of seconds since the credential was created - - zero only allows for the use of credentials created "now" // This is deprecated by means of specifying zero for kRightTimeout -*/ -#define kAuthorizationRuleParameterCredentialTimeout "timeout" - -/*! @defined kAuthorizationRuleParameterCredentialShared - boolean that indicates whether credentials acquired during authorization are added to the shared pool. -*/ -#define kAuthorizationRuleParameterCredentialShared "shared" - -/*! @defined kAuthorizationRuleParameterAllowRoot - boolean that indicates whether to grant a right purely because the caller is root */ -#define kAuthorizationRuleParameterAllowRoot "allow-root" - -/*! @defined kAuthorizationRuleParameterCredentialSessionOwner - boolean that indicates whether to grant a right based on a valid session-owner credential */ -#define kAuthorizationRuleParameterCredentialSessionOwner "session-owner" - -/*! @defined kRuleDefaultPrompt - dictionary of localization-name and localized prompt pairs */ -#define kAuthorizationRuleParameterDefaultPrompt "default-prompt" - -/*! - @function AuthorizationBindPrivilegedPort - - @param fileDescriptor (input) - - @param name (input) - - @param authorization (input) The authorization object on which this operation is performed. - - @param flags (input) Bit mask of option flags to this call. - - @result errAuthorizationSuccess 0 No error. -*/ -OSStatus AuthorizationBindPrivilegedPort(int fileDescriptor, - const struct sockaddr_in *name, - AuthorizationRef authorization, - AuthorizationFlags flags); - -int __authorization_bind(int s, const struct sockaddr_in *name); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_AUTHORIZATIONPRIV_H_ */ diff --git a/SecurityServer/Authorization/AuthorizationRule.cpp b/SecurityServer/Authorization/AuthorizationRule.cpp deleted file mode 100644 index a8d4b8f8..00000000 --- a/SecurityServer/Authorization/AuthorizationRule.cpp +++ /dev/null @@ -1,1218 +0,0 @@ -/* - * AuthorizationRule.cpp - * Security - * - * Created by Conrad Sauerwald on Wed Mar 19 2003. - * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. - * - */ - -#include "AuthorizationRule.h" -#include "AuthorizationTags.h" -#include "AuthorizationDB.h" -#include "AuthorizationPriv.h" -#include "authority.h" -#include "server.h" -#include "process.h" - - -#include -#include -#include - -#include -#include -#include "ccaudit.h" - -// -// Rule class -// -namespace Authorization { - -CFStringRef RuleImpl::kUserGroupID = CFSTR(kAuthorizationRuleParameterGroup); -CFStringRef RuleImpl::kTimeoutID = CFSTR(kAuthorizationRuleParameterCredentialTimeout); -CFStringRef RuleImpl::kSharedID = CFSTR(kAuthorizationRuleParameterCredentialShared); -CFStringRef RuleImpl::kAllowRootID = CFSTR(kAuthorizationRuleParameterAllowRoot); -CFStringRef RuleImpl::kMechanismsID = CFSTR(kAuthorizationRuleParameterMechanisms); -CFStringRef RuleImpl::kSessionOwnerID = CFSTR(kAuthorizationRuleParameterCredentialSessionOwner); -CFStringRef RuleImpl::kKofNID = CFSTR(kAuthorizationRuleParameterKofN); -CFStringRef RuleImpl::kPromptID = CFSTR(kAuthorizationRuleParameterDefaultPrompt); - -CFStringRef RuleImpl::kRuleClassID = CFSTR(kAuthorizationRuleClass); -CFStringRef RuleImpl::kRuleAllowID = CFSTR(kAuthorizationRuleClassAllow); -CFStringRef RuleImpl::kRuleDenyID = CFSTR(kAuthorizationRuleClassDeny); -CFStringRef RuleImpl::kRuleUserID = CFSTR(kAuthorizationRuleClassUser); -CFStringRef RuleImpl::kRuleDelegateID = CFSTR(kAuthorizationRightRule); -CFStringRef RuleImpl::kRuleMechanismsID = CFSTR(kAuthorizationRuleClassMechanisms); - - -string -RuleImpl::Attribute::getString(CFDictionaryRef config, CFStringRef key, bool required = false, char *defaultValue = NULL) -{ - CFTypeRef value = CFDictionaryGetValue(config, key); - if (value && (CFGetTypeID(value) == CFStringGetTypeID())) - { - CFStringRef stringValue = reinterpret_cast(value); - char buffer[512]; - const char *ptr = CFStringGetCStringPtr(stringValue, kCFStringEncodingUTF8); - if (ptr == NULL) - { - if (CFStringGetCString(stringValue, buffer, sizeof(buffer), kCFStringEncodingUTF8)) - ptr = buffer; - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - } - - return string(ptr); - } - else - if (!required) - return string(defaultValue); - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule -} - -double -RuleImpl::Attribute::getDouble(CFDictionaryRef config, CFStringRef key, bool required = false, double defaultValue = 0.0) -{ - double doubleValue = 0; - - CFTypeRef value = CFDictionaryGetValue(config, key); - if (value && (CFGetTypeID(value) == CFNumberGetTypeID())) - { - CFNumberGetValue(reinterpret_cast(value), kCFNumberDoubleType, &doubleValue); - } - else - if (!required) - return defaultValue; - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - - return doubleValue; -} - -bool -RuleImpl::Attribute::getBool(CFDictionaryRef config, CFStringRef key, bool required = false, bool defaultValue = false) -{ - bool boolValue = false; - CFTypeRef value = CFDictionaryGetValue(config, key); - - if (value && (CFGetTypeID(value) == CFBooleanGetTypeID())) - { - boolValue = CFBooleanGetValue(reinterpret_cast(value)); - } - else - if (!required) - return defaultValue; - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - - return boolValue; -} - -// add reference to string that we're modifying -void -RuleImpl::Attribute::setString(CFMutableDictionaryRef config, CFStringRef key, string &value) -{ - CFStringRef cfstringValue = CFStringCreateWithCString(NULL /*allocator*/, value.c_str(), kCFStringEncodingUTF8); - - if (cfstringValue) - { - CFDictionarySetValue(config, key, cfstringValue); - CFRelease(cfstringValue); - } - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid attribute -} - -void -RuleImpl::Attribute::setDouble(CFMutableDictionaryRef config, CFStringRef key, double value) -{ - CFNumberRef doubleValue = CFNumberCreate(NULL /*allocator*/, kCFNumberDoubleType, doubleValue); - - if (doubleValue) - { - CFDictionarySetValue(config, key, doubleValue); - CFRelease(doubleValue); - } - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid attribute -} - -void -RuleImpl::Attribute::setBool(CFMutableDictionaryRef config, CFStringRef key, bool value) -{ - if (value) - CFDictionarySetValue(config, key, kCFBooleanTrue); - else - CFDictionarySetValue(config, key, kCFBooleanFalse); -} - -vector -RuleImpl::Attribute::getVector(CFDictionaryRef config, CFStringRef key, bool required = false) -{ - vector valueArray; - - CFTypeRef value = CFDictionaryGetValue(config, key); - if (value && (CFGetTypeID(value) == CFArrayGetTypeID())) - { - CFArrayRef evalArray = reinterpret_cast(value); - - for (int index=0; index < CFArrayGetCount(evalArray); index++) - { - CFTypeRef arrayValue = CFArrayGetValueAtIndex(evalArray, index); - if (arrayValue && (CFGetTypeID(arrayValue) == CFStringGetTypeID())) - { - CFStringRef stringValue = reinterpret_cast(arrayValue); - char buffer[512]; - const char *ptr = CFStringGetCStringPtr(stringValue, kCFStringEncodingUTF8); - if (ptr == NULL) - { - if (CFStringGetCString(stringValue, buffer, sizeof(buffer), kCFStringEncodingUTF8)) - ptr = buffer; - else - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - } - valueArray.push_back(string(ptr)); - } - } - } - else - if (required) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - - return valueArray; -} - - -bool RuleImpl::Attribute::getLocalizedPrompts(CFDictionaryRef config, map &localizedPrompts) -{ - CFIndex numberOfPrompts = 0; - CFDictionaryRef promptsDict; - if (CFDictionaryContainsKey(config, kPromptID)) - { - promptsDict = reinterpret_cast(CFDictionaryGetValue(config, kPromptID)); - if (promptsDict && (CFGetTypeID(promptsDict) == CFDictionaryGetTypeID())) - numberOfPrompts = CFDictionaryGetCount(promptsDict); - } - if (numberOfPrompts == 0) - return false; - - const void *keys[numberOfPrompts+1]; - const void *values[numberOfPrompts+1]; - CFDictionaryGetKeysAndValues(promptsDict, &keys[0], &values[0]); - - while (numberOfPrompts-- > 0) - { - CFStringRef keyRef = reinterpret_cast(keys[numberOfPrompts]); - CFStringRef valueRef = reinterpret_cast(values[numberOfPrompts]); - if (!keyRef || (CFGetTypeID(keyRef) != CFStringGetTypeID())) - continue; - if (!valueRef || (CFGetTypeID(valueRef) != CFStringGetTypeID())) - continue; - string key = cfString(keyRef); - string value = cfString(valueRef); - localizedPrompts["description"+key] = value; - } - - return true; -} - - -// default rule -RuleImpl::RuleImpl() : -mType(kUser), mGroupName("admin"), mMaxCredentialAge(300.0), mShared(true), mAllowRoot(false), mSessionOwner(false), mTries(0) -{ - // XXX/cs read default descriptions from somewhere - // @@@ Default rule is shared admin group with 5 minute timeout -} - -// return rule built from rule definition; throw if invalid. -RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules) : mRightName(inRightName) -{ - // @@@ make sure cfRight is non mutable and never used that way - - if (CFGetTypeID(cfRight) != CFDictionaryGetTypeID()) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - - mTries = 0; - - string classTag = Attribute::getString(cfRight, kRuleClassID, false, ""); - - if (classTag.length()) - { - if (classTag == kAuthorizationRuleClassAllow) - { - secdebug("authrule", "%s : rule allow", inRightName.c_str()); - mType = kAllow; - } - else if (classTag == kAuthorizationRuleClassDeny) - { - secdebug("authrule", "%s : rule deny", inRightName.c_str()); - mType = kDeny; - } - else if (classTag == kAuthorizationRuleClassUser) - { - mType = kUser; - mGroupName = Attribute::getString(cfRight, kUserGroupID); - // grab other user-in-group attributes - mMaxCredentialAge = Attribute::getDouble(cfRight, kTimeoutID, false, DBL_MAX); - mShared = Attribute::getBool(cfRight, kSharedID); - mAllowRoot = Attribute::getBool(cfRight, kAllowRootID); - mSessionOwner = Attribute::getBool(cfRight, kSessionOwnerID); - // authorization tags can have eval now too - mEvalDef = Attribute::getVector(cfRight, kMechanismsID); - mTries = 3; - - secdebug("authrule", "%s : rule user in group \"%s\" timeout %g%s%s", - inRightName.c_str(), - mGroupName.c_str(), mMaxCredentialAge, mShared ? " shared" : "", - mAllowRoot ? " allow-root" : ""); - - } - else if (classTag == kAuthorizationRuleClassMechanisms) - { - secdebug("authrule", "%s : rule evaluate mechanisms", inRightName.c_str()); - mType = kEvaluateMechanisms; - // mechanisms to evaluate - mEvalDef = Attribute::getVector(cfRight, kMechanismsID, true); - } - else if (classTag == kAuthorizationRightRule) - { - assert(cfRules); // this had better not be a rule - secdebug("authrule", "%s : rule delegate rule", inRightName.c_str()); - mType = kRuleDelegation; - - // string or - string ruleDefString = Attribute::getString(cfRight, kRuleDelegateID, false, ""); - if (ruleDefString.length()) - { - CFStringRef ruleDefRef = makeCFString(ruleDefString); - CFDictionaryRef cfRuleDef = reinterpret_cast(CFDictionaryGetValue(cfRules, ruleDefRef)); - if (ruleDefRef) - CFRelease(ruleDefRef); - if (!cfRuleDef || CFGetTypeID(cfRuleDef) != CFDictionaryGetTypeID()) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - mRuleDef.push_back(Rule(ruleDefString, cfRuleDef, NULL)); - } - else // array - { - vector ruleDef = Attribute::getVector(cfRight, kRuleDelegateID, true); - for (vector::const_iterator it = ruleDef.begin(); it != ruleDef.end(); it++) - { - CFStringRef ruleNameRef = makeCFString(*it); - CFDictionaryRef cfRuleDef = reinterpret_cast(CFDictionaryGetValue(cfRules, ruleNameRef)); - if (ruleNameRef) - CFRelease(ruleNameRef); - if (!cfRuleDef || (CFGetTypeID(cfRuleDef) != CFDictionaryGetTypeID())) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - mRuleDef.push_back(Rule(*it, cfRuleDef, NULL)); - } - } - - mKofN = int(Attribute::getDouble(cfRight, kKofNID, false, 0.0)); - if (mKofN) - mType = kKofN; - - } - else - { - secdebug("authrule", "%s : rule class unknown %s.", inRightName.c_str(), classTag.c_str()); - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - } - } - else - { - // no class tag means, this is the abbreviated specification from the API - // it _must_ have a definition for "rule" which will be used as a delegate - // it may have a comment (not extracted here) - // it may have a default prompt, or a whole dictionary of languages (not extracted here) - assert(cfRules); - mType = kRuleDelegation; - string ruleName = Attribute::getString(cfRight, kRuleDelegateID, true); - secdebug("authrule", "%s : rule delegate rule (1): %s", inRightName.c_str(), ruleName.c_str()); - CFStringRef ruleNameRef = makeCFString(ruleName); - CFDictionaryRef cfRuleDef = reinterpret_cast(CFDictionaryGetValue(cfRules, ruleNameRef)); - if (ruleNameRef) - CFRelease(ruleNameRef); - if (!cfRuleDef || CFGetTypeID(cfRuleDef) != CFDictionaryGetTypeID()) - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - mRuleDef.push_back(Rule(ruleName, cfRuleDef, NULL)); - } - - Attribute::getLocalizedPrompts(cfRight, mLocalizedPrompts); -} - -/* -RuleImpl::~Rule() -{ -} -*/ - -void -RuleImpl::setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule, AuthItemSet &environmentToClient, AuthorizationToken &auth) const -{ - string authorizeString(inRight->name()); - environmentToClient.insert(AuthItemRef(AGENT_HINT_AUTHORIZE_RIGHT, AuthValueOverlay(authorizeString))); - - // XXX/cs pid/uid/client should only be added when we're ready to call the agent - pid_t cPid = Server::connection().process.pid(); - environmentToClient.insert(AuthItemRef(AGENT_HINT_CLIENT_PID, AuthValueOverlay(sizeof(pid_t), &cPid))); - - uid_t cUid = auth.creatorUid(); - environmentToClient.insert(AuthItemRef(AGENT_HINT_CLIENT_UID, AuthValueOverlay(sizeof(uid_t), &cUid))); - - pid_t creatorPid = auth.creatorPid(); - environmentToClient.insert(AuthItemRef(AGENT_HINT_CREATOR_PID, AuthValueOverlay(sizeof(pid_t), &creatorPid))); - - { - CodeSigning::OSXCode *osxcode = auth.creatorCode(); - if (!osxcode) - MacOSError::throwMe(errAuthorizationDenied); - - string encodedBundle = osxcode->encode(); - char bundleType = (encodedBundle.c_str())[0]; // yay, no accessor - string bundlePath = osxcode->canonicalPath(); - - environmentToClient.insert(AuthItemRef(AGENT_HINT_CLIENT_TYPE, AuthValueOverlay(sizeof(bundleType), &bundleType))); - environmentToClient.insert(AuthItemRef(AGENT_HINT_CLIENT_PATH, AuthValueOverlay(bundlePath))); - } - - map defaultPrompts = inTopLevelRule->localizedPrompts(); - - if (defaultPrompts.empty()) - defaultPrompts = localizedPrompts(); - - if (!defaultPrompts.empty()) - { - map::const_iterator it; - for (it = defaultPrompts.begin(); it != defaultPrompts.end(); it++) - { - const string &key = it->first; - const string &value = it->second; - environmentToClient.insert(AuthItemRef(key.c_str(), AuthValueOverlay(value))); - } - } - - // add rulename as a hint - string ruleName = name(); - environmentToClient.insert(AuthItemRef(AGENT_HINT_AUTHORIZE_RULE, AuthValueOverlay(ruleName))); -} - -string -RuleImpl::agentNameForAuth(const AuthorizationToken &auth) const -{ - uint8_t hash[20]; - AuthorizationBlob authBlob = auth.handle(); - CssmData hashedData = CssmData::wrap(&hash, sizeof(hash)); - CssmData data = CssmData::wrap(&authBlob, sizeof(authBlob)); - CssmClient::Digest ctx(Server::csp(), CSSM_ALGID_SHA1); - try { - ctx.digest(data, hashedData); - } - catch (CssmError &e) - { - secdebug("auth", "digesting authref failed (%lu)", e.cssmError()); - return string("SecurityAgentMechanism"); - } - - uint8_t *point = static_cast(hashedData.data()); - for (uint8_t i=0; i < hashedData.length(); point++, i++) - { - uint8 value = (*point % 62) + '0'; - if (value > '9') value += 7; - if (value > 'Z') value += 6; - *point = value; - } - return string(static_cast(hashedData.data()), hashedData.length()); -} - -OSStatus -RuleImpl::evaluateMechanism(const AuthItemRef &inRight, const AuthItemSet &environment, AuthorizationToken &auth, CredentialSet &outCredentials) const -{ - string agentName = agentNameForAuth(auth); - - // @@@ configuration does not support arguments - AuthValueVector arguments; - // XXX/cs Move this up - we shouldn't know how to retrieve the ingoing context - AuthItemSet context = auth.infoSet(); - AuthItemSet hints = environment; - - CommonCriteria::AuditRecord auditrec(auth.creatorAuditToken()); - - AuthorizationResult result = kAuthorizationResultAllow; - vector::const_iterator currentMechanism = mEvalDef.begin(); - - while ( (result == kAuthorizationResultAllow) && - (currentMechanism != mEvalDef.end()) ) // iterate mechanisms - { - string::size_type extPlugin = currentMechanism->find(':'); - if (extPlugin != string::npos) - { - // no whitespace removal - string pluginIn(currentMechanism->substr(0, extPlugin)); - string mechanismIn(currentMechanism->substr(extPlugin + 1)); - secdebug("SSevalMech", "external mech %s:%s", pluginIn.c_str(), mechanismIn.c_str()); - - bool mechExecOk = false; // successfully ran a mechanism - - Process &cltProc = Server::active().connection().process; - // Authorization preserves creator's UID in setuid processes - uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); - secdebug("SSevalMech", "Mechanism invocation by process %d (UID %d)", cltProc.pid(), cltUid); - QueryInvokeMechanism client(cltUid, auth, agentName.c_str()); - try - { - mechExecOk = client(pluginIn, mechanismIn, arguments, hints, context, &result); - } - catch (...) { - secdebug("SSevalMech", "exception from mech eval or client death"); - // various server problems, but only if it really failed - if (mechExecOk != true) - result = kAuthorizationResultUndefined; - } - - secdebug("SSevalMech", "evaluate(plugin: %s, mechanism: %s) %s, result: %lu.", pluginIn.c_str(), mechanismIn.c_str(), (mechExecOk == true) ? "succeeded" : "failed", result); - } - else - { - // internal mechanisms - no glue - if (*currentMechanism == "authinternal") - { - secdebug("SSevalMech", "evaluate authinternal"); - result = kAuthorizationResultDeny; - do { - AuthItemSet::iterator found = find_if(context.begin(), context.end(), FindAuthItemByRightName(kAuthorizationEnvironmentUsername) ); - if (found == context.end()) - break; - string username(static_cast((*found)->value().data), (*found)->value().length); - secdebug("SSevalMech", "found username"); - found = find_if(context.begin(), context.end(), FindAuthItemByRightName(kAuthorizationEnvironmentPassword) ); - if (found == context.end()) - break; - string password(static_cast((*found)->value().data), (*found)->value().length); - secdebug("SSevalMech", "found password"); - Credential newCredential(username, password, true); // create a new shared credential - - if (newCredential->isValid()) - { - Syslog::info("authinternal authenticated user %s (uid %lu) for right %s.", newCredential->username().c_str(), newCredential->uid(), inRight->name()); - auditrec.submit(AUE_ssauthint, CommonCriteria::errNone, inRight->name()); - } - else - { - // we can't be sure that the user actually exists so inhibit logging of uid - Syslog::error("authinternal failed to authenticate user %s for right %s.", newCredential->username().c_str(), inRight->name()); - - auditrec.submit(AUE_ssauthint, CommonCriteria::errInvalidCredential, inRight->name()); - } - - if (newCredential->isValid()) - { - outCredentials.clear(); // only keep last one - secdebug("SSevalMech", "inserting new credential"); - outCredentials.insert(newCredential); - result = kAuthorizationResultAllow; - } else - result = kAuthorizationResultDeny; - } while (0); - } - else - if (*currentMechanism == "push_hints_to_context") - { - secdebug("SSevalMech", "evaluate push_hints_to_context"); - mTries = 1; // XXX/cs this should be set in authorization config - result = kAuthorizationResultAllow; // snarfcredential doesn't block evaluation, ever, it may restart - // create out context from input hints, no merge - // @@@ global copy template not being invoked... - context = hints; - } - else - if (*currentMechanism == "switch_to_user") - { - Process &cltProc = Server::active().connection().process; - // Authorization preserves creator's UID in setuid processes - uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); - secdebug("SSevalMech", "terminating agent at request of process %d (UID %d)\n", cltProc.pid(), cltUid); - QueryInvokeMechanism client(cltUid, auth, agentName.c_str()); - - try { - client.terminateAgent(); - } catch (...) { - // Not our agent - } - result = kAuthorizationResultAllow; - } - } - - // we own outHints and outContext - switch(result) - { - case kAuthorizationResultAllow: - secdebug("SSevalMech", "result allow"); - currentMechanism++; - break; - case kAuthorizationResultDeny: - secdebug("SSevalMech", "result deny"); - break; - case kAuthorizationResultUndefined: - secdebug("SSevalMech", "result undefined"); - break; // abort evaluation - case kAuthorizationResultUserCanceled: - secdebug("SSevalMech", "result canceled"); - break; // stop evaluation, return some sideband - default: - break; // abort evaluation - } - } - - // End of evaluation, if last step produced meaningful data, incorporate - if ((result == kAuthorizationResultAllow) || - (result == kAuthorizationResultUserCanceled)) // @@@ can only pass back sideband through context - { - secdebug("SSevalMech", "storing new context for authorization"); - auth.setInfoSet(context); - } - - switch(result) - { - case kAuthorizationResultDeny: - return errAuthorizationDenied; - case kAuthorizationResultUserCanceled: - return errAuthorizationCanceled; - case kAuthorizationResultAllow: - return errAuthorizationSuccess; - default: - return errAuthorizationInternal; - } -} - - - -OSStatus -RuleImpl::evaluateAuthorization(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, - AuthorizationFlags flags, CFAbsoluteTime now, - const CredentialSet *inCredentials, - CredentialSet &credentials, AuthorizationToken &auth) const -{ - OSStatus status = errAuthorizationDenied; - - string usernamehint; - evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, usernamehint); - if (usernamehint.length()) - environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(usernamehint))); - - if ((mType == kUser) && (mGroupName.length())) - environmentToClient.insert(AuthItemRef(AGENT_HINT_REQUIRE_USER_IN_GROUP, AuthValueOverlay(mGroupName))); - - uint32 tries; - SecurityAgent::Reason reason = SecurityAgent::noReason; - - for (tries = 0; tries < mTries; tries++) - { - AuthItemRef retryHint(AGENT_HINT_RETRY_REASON, AuthValueOverlay(sizeof(reason), &reason)); - environmentToClient.erase(retryHint); environmentToClient.insert(retryHint); // replace - AuthItemRef triesHint(AGENT_HINT_TRIES, AuthValueOverlay(sizeof(tries), &tries)); - environmentToClient.erase(triesHint); environmentToClient.insert(triesHint); // replace - - status = evaluateMechanism(inRight, environmentToClient, auth, credentials); - - // successfully ran mechanisms to obtain credential - if (status == errAuthorizationSuccess) - { - // deny is the default - status = errAuthorizationDenied; - - // fetch context and construct a credential to be tested - AuthItemSet inContext = auth.infoSet(); - CredentialSet newCredentials = makeCredentials(inContext); - // clear context after extracting credentials - auth.clearInfoSet(); - - for (CredentialSet::const_iterator it = newCredentials.begin(); it != newCredentials.end(); ++it) - { - const Credential& newCredential = *it; - CommonCriteria::AuditRecord auditrec(auth.creatorAuditToken()); - - // @@@ we log the uid a process was running under when it created the authref, which is misleading in the case of loginwindow - if (newCredential->isValid()) - { - Syslog::info("uid %lu succeeded authenticating as user %s (uid %lu) for right %s.", auth.creatorUid(), newCredential->username().c_str(), newCredential->uid(), inRight->name()); - auditrec.submit(AUE_ssauthorize, CommonCriteria::errNone, inRight->name()); - } - else - { - // we can't be sure that the user actually exists so inhibit logging of uid - Syslog::error("uid %lu failed to authenticate as user %s for right %s.", auth.creatorUid(), newCredential->username().c_str(), inRight->name()); - auditrec.submit(AUE_ssauthorize, CommonCriteria::errInvalidCredential, inRight->name()); - } - - if (!newCredential->isValid()) - { - reason = SecurityAgent::invalidPassphrase; //invalidPassphrase; - continue; - } - - // verify that this credential authorizes right - status = evaluateCredentialForRight(inRight, inRule, environmentToClient, now, newCredential, true); - - if (status == errAuthorizationSuccess) - { - // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent - credentials.erase(newCredential); credentials.insert(newCredential); - // use valid credential to set context info - auth.setCredentialInfo(newCredential); - secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str()); - status = errAuthorizationSuccess; - break; - } - else - { - reason = SecurityAgent::userNotInGroup; //unacceptableUser; // userNotInGroup - // don't audit: we denied on the basis of something - // other than a bad user or password - } - } - - if (status == errAuthorizationSuccess) - break; - } - else - if ((status == errAuthorizationCanceled) || - (status == errAuthorizationInternal)) - { - auth.clearInfoSet(); - break; - } - } - - // If we fell out of the loop because of too many tries, notify user - if (tries == mTries) - { - reason = SecurityAgent::tooManyTries; - AuthItemRef retryHint (AGENT_HINT_RETRY_REASON, AuthValueOverlay(sizeof(reason), &reason)); - environmentToClient.erase(retryHint); environmentToClient.insert(retryHint); // replace - AuthItemRef triesHint(AGENT_HINT_TRIES, AuthValueOverlay(sizeof(tries), &tries)); - environmentToClient.erase(triesHint); environmentToClient.insert(triesHint); // replace - evaluateMechanism(inRight, environmentToClient, auth, credentials); - auth.clearInfoSet(); - } - - Process &cltProc = Server::active().connection().process; - // Authorization preserves creator's UID in setuid processes - uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); - secdebug("SSevalMech", "terminating agent at request of process %d (UID %d)\n", cltProc.pid(), cltUid); - string agentName = agentNameForAuth(auth); - QueryInvokeMechanism client(cltUid, auth, agentName.c_str()); - - try { - client.terminateAgent(); - } catch (...) { - // Not our agent - } - - return status; -} - -// create externally verified credentials on the basis of -// mechanism-provided information -CredentialSet -RuleImpl::makeCredentials(const AuthItemSet &context) const -{ - CredentialSet newCredentials; - - do { - AuthItemSet::const_iterator found = find_if(context.begin(), context.end(), FindAuthItemByRightName(kAuthorizationEnvironmentUsername) ); - if (found == context.end()) - break; - string username = (**found).stringValue(); - secdebug("SSevalMech", "found username"); - - const uid_t *uid = NULL; - found = find_if(context.begin(), context.end(), FindAuthItemByRightName("uid") ); - if (found != context.end()) - { - uid = static_cast((**found).value().data); - secdebug("SSevalMech", "found uid"); - } - - const gid_t *gid = NULL; - found = find_if(context.begin(), context.end(), FindAuthItemByRightName("gid") ); - if (found != context.end()) - { - gid = static_cast((**found).value().data); - secdebug("SSevalMech", "found gid"); - } - - if (username.length() && uid && gid) - { - // credential is valid because mechanism says so - newCredentials.insert(Credential(username, *uid, *gid, mShared)); - } - else - { - found = find_if(context.begin(), context.end(), FindAuthItemByRightName(kAuthorizationEnvironmentPassword) ); - if (found != context.end()) - { - secdebug("SSevalMech", "found password"); - string password = (**found).stringValue(); - secdebug("SSevalMech", "falling back on username/password credential if valid"); - newCredentials.insert(Credential(username, password, mShared)); - } - } - } while(0); - - return newCredentials; -} - -// evaluate whether a good credential of the current session owner would authorize a right -OSStatus -RuleImpl::evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, - const AuthItemSet &environment, - const CFAbsoluteTime now, - const AuthorizationToken &auth, - string& usernamehint) const -{ - // username hint is taken from the user who created the authorization, unless it's clearly ineligible - OSStatus status = noErr; - // @@@ we have no access to current requester uid here and the process uid is only taken when the authorization is created - // meaning that a process like loginwindow that drops privs later is screwed. - uid_t uid = auth.creatorUid(); - - Server::active().longTermActivity(); - struct passwd *pw = getpwuid(uid); - if (pw != NULL) - { - // avoid hinting a locked account (ie. root) - if ( (pw->pw_passwd == NULL) || - strcmp(pw->pw_passwd, "*") ) { - // Check if username will authorize the request and set username to - // be used as a hint to the user if so - status = evaluateCredentialForRight(inRight, inRule, environment, now, Credential(pw->pw_name, pw->pw_uid, pw->pw_gid, mShared), true); - - if (status == errAuthorizationSuccess) - usernamehint = pw->pw_name; - } //fi - endpwent(); - } - return status; -} - - - -// Return errAuthorizationSuccess if this rule allows access based on the specified credential, -// return errAuthorizationDenied otherwise. -OSStatus -RuleImpl::evaluateCredentialForRight(const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, CFAbsoluteTime now, const Credential &credential, bool ignoreShared) const -{ - assert(mType == kUser); - - // Get the username from the credential - const char *user = credential->username().c_str(); - - // If the credential is not valid or it's age is more than the allowed maximum age - // for a credential, deny. - if (!credential->isValid()) - { - secdebug("autheval", "credential for user %s is invalid, denying right %s", user, inRight->name()); - return errAuthorizationDenied; - } - - if (now - credential->creationTime() > mMaxCredentialAge) - { - secdebug("autheval", "credential for user %s has expired, denying right %s", user, inRight->name()); - return errAuthorizationDenied; - } - - if (!ignoreShared && !mShared && credential->isShared()) - { - secdebug("autheval", "shared credential for user %s cannot be used, denying right %s", user, inRight->name()); - return errAuthorizationDenied; - } - - // A root (uid == 0) user can do anything - if (credential->uid() == 0) - { - secdebug("autheval", "user %s has uid 0, granting right %s", user, inRight->name()); - return errAuthorizationSuccess; - } - - // XXX/cs replace with remembered session-owner once that functionality is added to SecurityServer - if (mSessionOwner) - { - uid_t console_user; - struct stat console_stat; - if (!lstat("/dev/console", &console_stat)) - { - console_user = console_stat.st_uid; - if (credential->uid() == console_user) - { - secdebug("autheval", "user %s is session-owner(uid: %d), granting right %s", user, console_user, inRight->name()); - return errAuthorizationSuccess; - } - } - else - secdebug("autheval", "session-owner check failed."); - } - - if (mGroupName.length()) - { - const char *groupname = mGroupName.c_str(); - Server::active().longTermActivity(); - struct group *gr = getgrnam(groupname); - if (!gr) - return errAuthorizationDenied; - - // Is this the default group of this user? - // PR-2875126 declares gr_gid int, as opposed to advertised (getgrent(3)) gid_t - // When this is fixed this warning should go away. - if (credential->gid() == gr->gr_gid) - { - secdebug("autheval", "user %s has group %s(%d) as default group, granting right %s", - user, groupname, gr->gr_gid, inRight->name()); - endgrent(); - return errAuthorizationSuccess; - } - - for (char **group = gr->gr_mem; *group; ++group) - { - if (!strcmp(*group, user)) - { - secdebug("autheval", "user %s is a member of group %s, granting right %s", - user, groupname, inRight->name()); - endgrent(); - return errAuthorizationSuccess; - } - } - - secdebug("autheval", "user %s is not a member of group %s, denying right %s", - user, groupname, inRight->name()); - endgrent(); - } - - return errAuthorizationDenied; -} - -OSStatus -RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, AuthorizationFlags flags, - CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const -{ - // If we got here, this is a kUser type rule, let's start looking for a - // credential that is satisfactory - - // Zeroth -- Here is an extra special saucy ugly hack to allow authorizations - // created by a proccess running as root to automatically get a right. - if (mAllowRoot && auth.creatorUid() == 0) - { - secdebug("autheval", "creator of authorization has uid == 0 granting right %s", - inRight->name()); - return errAuthorizationSuccess; - } - - // if this is a "is-admin" rule check that and return - // XXX/cs add way to specify is-admin class of rule: if (mNoVerify) - if (name() == kAuthorizationRuleIsAdmin) - { - string username; - if (!evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, username)) - return errAuthorizationSuccess; - } - - // First -- go though the credentials we either already used or obtained during this authorize operation. - for (CredentialSet::const_iterator it = credentials.begin(); it != credentials.end(); ++it) - { - OSStatus status = evaluateCredentialForRight(inRight, inRule, environmentToClient, now, *it, true); - if (status != errAuthorizationDenied) - { - // add credential to authinfo - auth.setCredentialInfo(*it); - return status; - } - } - - // Second -- go though the credentials passed in to this authorize operation by the state management layer. - if (inCredentials) - { - for (CredentialSet::const_iterator it = inCredentials->begin(); it != inCredentials->end(); ++it) - { - OSStatus status = evaluateCredentialForRight(inRight, inRule, environmentToClient, now, *it, false); - if (status == errAuthorizationSuccess) - { - // Add the credential we used to the output set. - // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent - credentials.erase(*it); credentials.insert(*it); - // add credential to authinfo - auth.setCredentialInfo(*it); - - return status; - } - else if (status != errAuthorizationDenied) - return status; - } - } - - // Finally -- We didn't find the credential in our passed in credential lists. Obtain a new credential if - // our flags let us do so. - if (!(flags & kAuthorizationFlagExtendRights)) - return errAuthorizationDenied; - - // authorizations that timeout immediately cannot be preauthorized - if ((flags & kAuthorizationFlagPreAuthorize) && - (mMaxCredentialAge == 0.0)) - { - inRight->setFlags(inRight->flags() | kAuthorizationFlagCanNotPreAuthorize); - return errAuthorizationSuccess; - } - - if (!(flags & kAuthorizationFlagInteractionAllowed)) - return errAuthorizationInteractionNotAllowed; - - setAgentHints(inRight, inRule, environmentToClient, auth); - - // If a different evaluation is prescribed, - // we'll run that and validate the credentials from there - // we fall back on a default configuration - if (mEvalDef.size() == 0) - return evaluateAuthorizationOld(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); - else - return evaluateAuthorization(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); -} - -// XXX/cs insert a mechanism that let's the agent live (keep-alive) only in loginwindow's case -OSStatus -RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials) const -{ - uint32 tries = 0; - OSStatus status; - - do - { - setAgentHints(inRight, inRule, environmentToClient, auth); - AuthItemRef triesHint(AGENT_HINT_TRIES, AuthValueOverlay(sizeof(tries), &tries)); - environmentToClient.erase(triesHint); environmentToClient.insert(triesHint); // replace - - status = evaluateMechanism(inRight, environmentToClient, auth, outCredentials); - tries++; - } - while ((status == errAuthorizationDenied) // only if we have an expected failure we continue - && ((mTries == 0) // mTries == 0 means we try forever - || ((mTries > 0) // mTries > 0 means we try up to mTries times - && (tries < mTries)))); - - if (name() != "system.login.console") - { - // terminate agent - string agentName = agentNameForAuth(auth); - Process &cltProc = Server::active().connection().process; - // Authorization preserves creator's UID in setuid processes - uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); - secdebug("SSevalMech", "terminating agent at request of process %d (UID %d)\n", cltProc.pid(), cltUid); - - QueryInvokeMechanism client(cltUid, auth, agentName.c_str()); - - try - { - client.terminateAgent(); - } catch (...) { - // Not our agent - } - } - return status; -} - -OSStatus -RuleImpl::evaluateRules(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, AuthorizationFlags flags, - CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const -{ - // line up the rules to try - if (!mRuleDef.size()) - return errAuthorizationSuccess; - - uint32_t count = 0; - OSStatus status = errAuthorizationSuccess; - vector::const_iterator it; - - for (it = mRuleDef.begin();it != mRuleDef.end(); it++) - { - // are we at k yet? - if ((mType == kKofN) && (count == mKofN)) - return errAuthorizationSuccess; - - // get a rule and try it - status = (*it)->evaluate(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); - - // if status is cancel/internal error abort - if ((status == errAuthorizationCanceled) || (status == errAuthorizationInternal)) - return status; - - if (status != errAuthorizationSuccess) - { - // continue if we're only looking for k of n - if (mType == kKofN) - continue; - - break; - } - else - count++; - } - - return status; // return the last failure -} - - -OSStatus -RuleImpl::evaluate(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, AuthorizationFlags flags, - CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const -{ - switch (mType) - { - case kAllow: - secdebug("autheval", "rule is always allow"); - return errAuthorizationSuccess; - case kDeny: - secdebug("autheval", "rule is always deny"); - return errAuthorizationDenied; - case kUser: - secdebug("autheval", "rule is user"); - return evaluateUser(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); - case kRuleDelegation: - secdebug("autheval", "rule evaluates rules"); - return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); - case kKofN: - secdebug("autheval", "rule evaluates k-of-n rules"); - return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth); - case kEvaluateMechanisms: - secdebug("autheval", "rule evaluates mechanisms"); - return evaluateMechanismOnly(inRight, inRule, environmentToClient, auth, credentials); - default: - MacOSError::throwMe(errAuthorizationInternal); // XXX/cs invalid rule - } -} - - - - -// This is slated to be removed when the new auth panel is fixed up -OSStatus -RuleImpl::evaluateAuthorizationOld(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, - AuthorizationFlags flags, CFAbsoluteTime now, - const CredentialSet *inCredentials, - CredentialSet &credentials, AuthorizationToken &auth) const -{ - Process &cltProc = Server::active().connection().process; - // Authorization preserves creator's UID in setuid processes - uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); - secdebug("autheval", "Auth query from process %d (UID %d)", cltProc.pid(), cltUid); - QueryAuthorizeByGroup query(cltUid, auth); - - string usernamehint; - - evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, usernamehint); - - Credential newCredential; - // @@@ Keep the default reason the same, so the agent only gets userNotInGroup or invalidPassphrase - SecurityAgent::Reason reason = SecurityAgent::userNotInGroup; - - CommonCriteria::AuditRecord auditrec(auth.creatorAuditToken()); - - // @@@ Hardcoded 3 tries to avoid infinite loops. - for (uint32_t tryCount = 0; tryCount < mTries; ++tryCount) - { - // Obtain a new credential. Anything but success is considered an error. - OSStatus status = obtainCredential(query, inRight, environmentToClient, usernamehint.c_str(), newCredential, reason); - if (status) - return status; - - // Now we have successfully obtained a credential we need to make sure it authorizes the requested right - if (!newCredential->isValid()) - { - reason = SecurityAgent::invalidPassphrase; - auditrec.submit(AUE_ssauthorize, CommonCriteria::errInvalidCredential, inRight->name()); - } - else { - status = evaluateCredentialForRight(inRight, inRule, environmentToClient, now, newCredential, true); - if (status == errAuthorizationSuccess) - { - // Add the new credential we obtained to the output set. - // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent - credentials.erase(newCredential); credentials.insert(newCredential); - query.done(); - - // add credential to authinfo - auth.setCredentialInfo(newCredential); - - auditrec.submit(AUE_ssauthorize, CommonCriteria::errNone, inRight->name()); - return errAuthorizationSuccess; - } - else if (status != errAuthorizationDenied) - { - if (status == errAuthorizationCanceled) - auditrec.submit(AUE_ssauthorize, CommonCriteria::errUserCanceled, inRight->name()); - // else don't audit--error not due to bad - // username or password - return status; - } - } - reason = SecurityAgent::userNotInGroup; - } - query.cancel(SecurityAgent::tooManyTries); - - auditrec.submit(AUE_ssauthorize, CommonCriteria::errTooManyTries, inRight->name()); - return errAuthorizationDenied; -} - -OSStatus -RuleImpl::obtainCredential(QueryAuthorizeByGroup &query, const AuthItemRef &inRight, - AuthItemSet &environmentToClient, const char *usernameHint, Credential &outCredential, SecurityAgent::Reason reason) const -{ - char nameBuffer[SecurityAgent::maxUsernameLength]; - char passphraseBuffer[SecurityAgent::maxPassphraseLength]; - OSStatus status = errAuthorizationDenied; - - try { - if (query(mGroupName.c_str(), usernameHint, nameBuffer, passphraseBuffer, reason)) - status = noErr; - } catch (const CssmCommonError &err) { - status = err.osStatus(); - } catch (...) { - status = errAuthorizationInternal; - } - if (status == CSSM_ERRCODE_USER_CANCELED) - { - secdebug("auth", "canceled obtaining credential for user in group %s", mGroupName.c_str()); - return errAuthorizationCanceled; - } - if (status == CSSM_ERRCODE_NO_USER_INTERACTION) - { - secdebug("auth", "user interaction not possible obtaining credential for user in group %s", mGroupName.c_str()); - return errAuthorizationInteractionNotAllowed; - } - - if (status != noErr) - { - secdebug("auth", "failed obtaining credential for user in group %s", mGroupName.c_str()); - return status; - } - - secdebug("auth", "obtained credential for user %s", nameBuffer); - string username(nameBuffer); - string password(passphraseBuffer); - outCredential = Credential(username, password, mShared); - return errAuthorizationSuccess; -} - - -Rule::Rule() : RefPointer(new RuleImpl()) {} -Rule::Rule(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules) : RefPointer(new RuleImpl(inRightName, cfRight, cfRules)) {} - - -} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationRule.h b/SecurityServer/Authorization/AuthorizationRule.h deleted file mode 100644 index a567f099..00000000 --- a/SecurityServer/Authorization/AuthorizationRule.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * AuthorizationRule.h - * Security - * - * Created by Conrad Sauerwald on Wed Mar 19 2003. - * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. - * - */ - -#ifndef _H_AUTHORIZATIONRULE -#define _H_AUTHORIZATIONRULE 1 - -#include -#include "AuthorizationData.h" - -#include "agentquery.h" - - -namespace Authorization -{ - -class Rule; - -class RuleImpl : public RefCount -{ -public: - RuleImpl(); - RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules); - - OSStatus evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, - AuthorizationFlags flags, CFAbsoluteTime now, - const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const; - - string name() const { return mRightName; } - -private: -// internal machinery - - // evaluate credential for right - OSStatus evaluateCredentialForRight(const AuthItemRef &inRight, const Rule &inRule, - const AuthItemSet &environment, - CFAbsoluteTime now, const Credential &credential, bool ignoreShared) const; - - // run mechanisms specified for this rule - OSStatus evaluateMechanism(const AuthItemRef &inRight, const AuthItemSet &environment, AuthorizationToken &auth, CredentialSet &outCredentials) const; - - OSStatus evaluateRules(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, AuthorizationFlags flags, - CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const; - - void setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule, AuthItemSet &environmentToClient, AuthorizationToken &auth) const; - - // perform authorization based on running specified mechanisms (see evaluateMechanism) - OSStatus evaluateAuthorization(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth) const; - - OSStatus evaluateAuthorizationOld(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth) const; - OSStatus obtainCredential(QueryAuthorizeByGroup &query, const AuthItemRef &inRight, AuthItemSet &environmentToClient, const char *usernameHint, Credential &outCredential, SecurityAgent::Reason reason) const; - - OSStatus evaluateUser(const AuthItemRef &inRight, const Rule &inRule, - AuthItemSet &environmentToClient, AuthorizationFlags flags, - CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - AuthorizationToken &auth) const; - - OSStatus evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials) const; - - // find username hint based on session owner - OSStatus evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, const CFAbsoluteTime now, const AuthorizationToken &auth, string& usernamehint) const; - - - string agentNameForAuth(const AuthorizationToken &auth) const; - CredentialSet makeCredentials(const AuthItemSet &context) const; - - map localizedPrompts() const { return mLocalizedPrompts; } - -// parsed attributes -private: - enum Type - { - kDeny, - kAllow, - kUser, - kRuleDelegation, - kKofN, - kEvaluateMechanisms, - } mType; - - string mRightName; - string mGroupName; - CFTimeInterval mMaxCredentialAge; - bool mShared; - bool mAllowRoot; - vector mEvalDef; - bool mSessionOwner; - vector mRuleDef; - uint32_t mKofN; - mutable uint32_t mTries; - map mLocalizedPrompts; - -private: - - class Attribute - { - public: - static bool getBool(CFDictionaryRef config, CFStringRef key, bool required, bool defaultValue); - static double getDouble(CFDictionaryRef config, CFStringRef key, bool required, double defaultValue); - static string getString(CFDictionaryRef config, CFStringRef key, bool required, char *defaultValue); - static vector getVector(CFDictionaryRef config, CFStringRef key, bool required); - static void setString(CFMutableDictionaryRef config, CFStringRef key, string &value); - static void setDouble(CFMutableDictionaryRef config, CFStringRef key, double value); - static void setBool(CFMutableDictionaryRef config, CFStringRef key, bool value); - static bool getLocalizedPrompts(CFDictionaryRef config, map &localizedPrompts); - }; - - -// keys - static CFStringRef kUserGroupID; - static CFStringRef kTimeoutID; - static CFStringRef kSharedID; - static CFStringRef kAllowRootID; - static CFStringRef kMechanismsID; - static CFStringRef kSessionOwnerID; - static CFStringRef kKofNID; - static CFStringRef kPromptID; - - static CFStringRef kRuleClassID; - static CFStringRef kRuleAllowID; - static CFStringRef kRuleDenyID; - static CFStringRef kRuleUserID; - static CFStringRef kRuleDelegateID; - static CFStringRef kRuleMechanismsID; - -}; - -class Rule : public RefPointer -{ -public: - Rule(); - Rule(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules); -}; - -}; /* namespace Authorization */ - -#endif /* ! _H_AUTHORIZATIONRULE */ diff --git a/SecurityServer/Authorization/AuthorizationTags.h b/SecurityServer/Authorization/AuthorizationTags.h deleted file mode 100644 index 0b5c7f76..00000000 --- a/SecurityServer/Authorization/AuthorizationTags.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationTags.h -- Right tags for implementing access control in - * applications and daemons - */ - -#ifndef _SECURITY_AUTHORIZATIONTAGS_H_ -#define _SECURITY_AUTHORIZATIONTAGS_H_ - - -/*! - @header AuthorizationTags - Draft version 2 01/23/2001 - - This header defines some of the supported rights tags to be used in the Authorization API. -*/ - - -/*! - @define kAuthorizationEnvironmentUsername - The name of the AuthorizationItem that should be passed into the environment when specifying a username. The value and valueLength should contain the username itself. -*/ -#define kAuthorizationEnvironmentUsername "username" - -/*! - @define kAuthorizationEnvironmentPassword - The name of the AuthorizationItem that should be passed into the environment when specifying a password for a given username. The value and valueLength should contain the actual password data. -*/ -#define kAuthorizationEnvironmentPassword "password" - -/*! - @define kAuthorizationEnvironmentShared - The name of the AuthorizationItem that should be passed into the environment when specifying a username and password. Adding this entry to the environment will cause the username/password to be added to the shared credential pool of the calling applications session. This means that further calls by other applications in this session will automatically have this credential availible to them. The value is ignored. -*/ -#define kAuthorizationEnvironmentShared "shared" - -/*! - @define kAuthorizationRightExecute - The name of the AuthorizationItem that should be passed into the rights when preauthorizing for a call to AuthorizationExecuteWithPrivileges(). - - You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields. In the future we will limit the right to only execute the requested path, and we will display this information to the user. -*/ -#define kAuthorizationRightExecute "system.privilege.admin" - -/*! - @define kAuthorizationEnvironmentPrompt - The name of the AuthorizationItem that should be passed into the environment when specifying a invocation specific additional text. The value should be a localized UTF8 string. -*/ -#define kAuthorizationEnvironmentPrompt "prompt" - -/*! - @define kAuthorizationEnvironmentIcon - The name of the AuthorizationItem that should be passed into the environment when specifying an alternate icon to be used. The value should be a full path to and image NSImage can deal with. -*/ -#define kAuthorizationEnvironmentIcon "icon" - - -#endif /* !_SECURITY_AUTHORIZATIONTAGS_H_ */ diff --git a/SecurityServer/Authorization/AuthorizationTrampoline.cpp b/SecurityServer/Authorization/AuthorizationTrampoline.cpp deleted file mode 100644 index 4947fae1..00000000 --- a/SecurityServer/Authorization/AuthorizationTrampoline.cpp +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AuthorizationTrampoline - simple suid-root execution trampoline -// for the authorization API. -// -#include -#include -#include -#include -#include -#include -#include - - -#define EXECUTERIGHT "system.privilege.admin" - - -static void fail(OSStatus cause) __attribute__ ((noreturn)); - - -// -// Main program entry point. -// -// Arguments: -// argv[0] = my name -// argv[1] = path to user tool -// argv[2] = "auth n", n=file descriptor of mailbox temp file -// argv[3..n] = arguments to pass on -// -// File descriptors (set by fork/exec code in client): -// 0 -> communications pipe (perhaps /dev/null) -// 1 -> notify pipe write end -// 2 and above -> unchanged from original client -// -int main(int argc, const char *argv[]) -{ - // initial setup - Syslog::open("authexec", LOG_AUTH); - - // validate basic integrity - if (!argv[0] || !argv[1] || !argv[2]) { - Syslog::alert("invalid argument vector"); - exit(1); - } - - // pick up arguments - const char *pathToTool = argv[1]; - const char *mboxFdText = argv[2]; - const char **restOfArguments = argv + 3; - secdebug("authtramp", "trampoline(%s,%s)", pathToTool, mboxFdText); - - // read the external form - AuthorizationExternalForm extForm; - int fd; - if (sscanf(mboxFdText, "auth %d", &fd) != 1) - return errAuthorizationInternal; - if (lseek(fd, 0, SEEK_SET) || - read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) { - close(fd); - return errAuthorizationInternal; - } - - // internalize the authorization - AuthorizationRef auth; - if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth)) - fail(error); - secdebug("authtramp", "authorization recovered"); - - // are we allowed to do this? - AuthorizationItem right = { EXECUTERIGHT, 0, NULL, 0 }; - AuthorizationRights inRights = { 1, &right }; - AuthorizationRights *outRights; - if (OSStatus error = AuthorizationCopyRights(auth, &inRights, NULL /*env*/, - kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, &outRights)) - fail(error); - if (outRights->count != 1 || strcmp(outRights->items[0].name, EXECUTERIGHT)) - fail(errAuthorizationDenied); - - // ----- AT THIS POINT WE COMMIT TO PERMITTING THE EXECUTION ----- - - // let go of our authorization - the client tool will re-internalize it - AuthorizationFree(auth, kAuthorizationFlagDefaults); - - // put the external authorization form into the environment - setenv("__AUTHORIZATION", mboxFdText, true); - - // shuffle file descriptors - int notify = dup(1); // save notify port - fcntl(notify, F_SETFD, 1); // close notify port on (successful) exec - dup2(0, 1); // make stdin, stdout point to the comms pipe - - // prepare the argv for the tool (prepend the "myself" element) - // note how this overwrites a known-existing argv element (that we copied earlier) - *(--restOfArguments) = pathToTool; - - secdebug("authtramp", "trampoline executes %s", pathToTool); - Syslog::notice("executing %s", pathToTool); - execv(pathToTool, (char *const *)restOfArguments); - secdebug("authexec", "exec(%s) failed (errno=%d)", pathToTool, errno); - - // report failure - OSStatus error = errAuthorizationToolExecuteFailure; - write(notify, &error, sizeof(error)); - exit(1); -} - - -void fail(OSStatus cause) -{ - write(1, &cause, sizeof(cause)); // ignore error - can't do anything if error - secdebug("authtramp", "trampoline aborting with status %ld", cause); - exit(1); -} diff --git a/SecurityServer/Authorization/AuthorizationWalkers.h b/SecurityServer/Authorization/AuthorizationWalkers.h deleted file mode 100644 index 73808c13..00000000 --- a/SecurityServer/Authorization/AuthorizationWalkers.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AuthorizationWalkers.h - * SecurityCore - * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved - * - */ - -#if !defined(__AuthorizationWalkers__) -#define __AuthorizationWalkers__ 1 - -#include -#include -#include -#include // char * walker - -namespace Security { -namespace DataWalkers { - - -template -void walk(Action &operate, AuthorizationItem &item) -{ - operate(item); - walk(operate, item.name); - operate.blob(item.value, item.valueLength); - // Ignore reserved -} - -template -AuthorizationItemSet *walk(Action &operate, AuthorizationItemSet * &itemSet) -{ - operate(itemSet); - operate.blob(itemSet->items, itemSet->count * sizeof(itemSet->items[0])); - for (uint32 n = 0; n < itemSet->count; n++) - walk(operate, itemSet->items[n]); - return itemSet; -} - -template -void walk(Action &operate, AuthorizationValue &authvalue) -{ - operate.blob(authvalue.data, authvalue.length); -} - -template -AuthorizationValueVector *walk(Action &operate, AuthorizationValueVector * &valueVector) -{ - operate(valueVector); - operate.blob(valueVector->values, valueVector->count * sizeof(valueVector->values[0])); - for (uint32 n = 0; n < valueVector->count; n++) - walk(operate, valueVector->values[n]); - return valueVector; -} - - - -} // end namespace DataWalkers -} // end namespace Security - -#endif /* ! __AuthorizationWalkers__ */ diff --git a/SecurityServer/Authorization/authorization.plist b/SecurityServer/Authorization/authorization.plist deleted file mode 100644 index 5e22b0ba..00000000 --- a/SecurityServer/Authorization/authorization.plist +++ /dev/null @@ -1,516 +0,0 @@ - - - - - comment - The name of the requested right is matched against the keys. An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction. - -allow rule: this is always allowed -<key>com.apple.TestApp.benign</key> -<string>allow</string> - -deny rule: this is always denied -<key>com.apple.TestApp.dangerous</key> -<string>deny</string> - -user rule: successful authentication as a user in the specified group(5) allows the associated right. - -The shared property specifies whether a credential generated on success is shared with other apps (same "session"). This property defaults to false if not specified. - -The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule. - -The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0. This defaults to false if not specified. - -See remaining rules for examples. - - rights - - - - class - rule - comment - All other rights will be matched by this rule. -Credentials remain valid 5 minutes after they've been obtained. -An acquired credential is shared amongst all clients. - - rule - default - - config.add. - - class - allow - comment - wildcard right for adding rights. Anyone is allowed to add any (non-wildcard) rights - - config.config. - - class - deny - comment - wildcard right for any change to meta-rights for db modification. Not allowed programmatically (just edit this file) - - config.modify. - - class - rule - comment - wildcard right for modifying rights. Admins are allowed to modify any (non-wildcard) rights - rule - authenticate-admin - - config.remove. - - class - rule - comment - wildcard right for deleting rights. Admins are allowed to delete any (non-wildcard) rights - rule - authenticate-admin - - config.remove.system. - - class - deny - comment - wildcard right for deleting system rights. - - sys.openfile. - - class - user - comment - See authopen(1) for information on the use of this right. - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - system.device.dvd.setregion.initial - - class - user - comment - Used by the dvd player to set the regioncode the first time. Note that changed the region code after it has been set requires a different right (system.device.dvd.setregion.change) -Credentials remain valid indefinitely after they've been obtained. -An acquired credential is shared amongst all clients. - group - admin - mechanisms - - builtin:authenticate - - shared - - - system.login.console - - class - evaluate-mechanisms - comment - Login mechanism based rule. Not for general use, yet. -builtin:krb5authenticate can be used to hinge local authentication on a successful kerberos authentication and kdc verification. -builtin:krb5authnoverify skips the kdc verification. Both fall back on local authentication. - mechanisms - - loginwindow_builtin:login - authinternal - loginwindow_builtin:success - builtin:getuserinfo - builtin:sso - - - system.login.done - - class - evaluate-mechanisms - comment - builtin:krb5login can be used to do kerberos authentication as a side-effect of logging in. Local username/password will be used. - mechanisms - - switch_to_user - - - system.login.pam - - class - evaluate-mechanisms - mechanisms - - push_hints_to_context - authinternal - - - system.login.screensaver - - class - rule - comment - the owner as well as any admin can unlock the screensaver;modify the group key to change this. - rule - authenticate-session-owner-or-admin - - system.login.tty - - class - evaluate-mechanisms - mechanisms - - push_hints_to_context - authinternal - - - system.keychain.create.loginkc - - allow-root - - class - evaluate-mechanisms - comment - Used by Security framework when you add an item to a unconfigured default keychain - mechanisms - - loginKC:queryCreate - loginKC:showPasswordUI - authinternal - loginKC:successOrFailure - - session-owner - - shared - - - system.keychain.modify - - class - user - comment - Used by Keychain Access when editing a system keychain. - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - system.preferences - - allow-root - - class - user - comment - This right is checked by the Admin framework when making changes to the system preferences. -Credentials remain valid forever. -An acquired credential is shared amongst all clients. -If the proccess that created the AuthorizationRef has uid = 0 this right will automatically be granted. - group - admin - mechanisms - - builtin:authenticate - - shared - - - system.printingmanager - - class - rule - comment - The following right is checked for printing to locked printers. - rule - authenticate-admin - - system.privilege.admin - - allow-root - - class - user - comment - Used by AuthorizationExecuteWithPrivileges(...) - AuthorizationExecuteWithPrivileges is used by programs requesting - to run a tool as root (ie. some installers). - Credentials remain valid 5 minutes after they've been obtained. - An acquired credential isn't shared with other clients. - Clients running as root will be granted this right automatically. - - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - system.restart - - class - evaluate-mechanisms - comment - Multisession restart mechanisms - mechanisms - - RestartAuthorization:restart - RestartAuthorization:authenticate - RestartAuthorization:success - - - system.shutdown - - class - evaluate-mechanisms - comment - Multisession shutdown mechanisms - mechanisms - - RestartAuthorization:shutdown - RestartAuthorization:authenticate - RestartAuthorization:success - - - system.burn - - class - allow - comment - authorization to burn media - - com.apple.server.admin.streaming - - class - user - comment - Used for admin requests with the QuickTime Streaming Server. - group - admin - shared - - allow-root - - timeout - 0 - - system.install.admin.user - - class - user - comment - Used by installer tool: user installling in admin domain (/Applications) - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - system.install.root.user - - class - user - comment - Used by installer tool: user installling in root domain (/System) - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - system.install.root.admin - - class - user - comment - Used by installer tool: admin installling in root domain (/System) - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - com.apple.appserver.privilege.admin - - class - rule - comment - Used to determine administrative access to the Application Server management tool. - rule - appserver-admin - - com.apple.desktopservices - - class - user - comment - authorize privileged file operations from the finder - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 0 - - com.apple.appserver.privilege.user - - class - rule - comment - Used to determine user access to the Application Server management tool. - k-of-n - 1 - rule - - appserver-admin - appserver-user - - - - rules - - allow - - class - allow - comment - allow anyone - - authenticate-admin - - class - user - comment - require the user asking for authorization to authenticate as an admin - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 0 - - authenticate-session-owner - - class - user - comment - authenticate session owner - mechanisms - - builtin:authenticate - - session-owner - - - authenticate-session-owner-or-admin - - allow-root - - class - user - comment - the owner as well as any admin can authorize - group - admin - mechanisms - - builtin:authenticate - - session-owner - - shared - - - is-admin - - class - user - comment - verify the user asking for authorization is an admin - group - admin - shared - true - - is-root - - allow-root - - class - user - comment - verify the process that created this authref is root - group - nogroup - - appserver-user - - class - user - group - appserverusr - - appserver-admin - - class - user - group - appserveradm - - default - - class - user - comment - All other rights will be matched by this rule. Credentials remain valid 5 minutes after they've been obtained. -An acquired credential is shared amongst all clients. - - group - admin - mechanisms - - builtin:authenticate - - shared - - timeout - 300 - - - - diff --git a/SecurityServer/Authorization/privPort.h b/SecurityServer/Authorization/privPort.h deleted file mode 100644 index b15a3503..00000000 --- a/SecurityServer/Authorization/privPort.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// privPort.h - shared definitions between port server client and server side -// -#ifndef _H_PRIVPORT -#define _H_PRIVPORT - - - -// -// UNIX domain port name for server connection -// -#define kPrivilegedPortBinder "/var/run/bindprivport" - - -// -// Authorization Rights used -// -#define ACCEPTRIGHT "system.privilege.port.accept" -#define CONNECTRIGHT "system.privilege.port.connect" - - -// -// Structure of a request -// -struct Request { - AuthorizationExternalForm authForm; - struct sockaddr_in requestedName; -}; - -struct Reply { - OSStatus status; -}; - - -#endif //_H_PRIVPORT diff --git a/SecurityServer/Authorization/privPortClient.cpp b/SecurityServer/Authorization/privPortClient.cpp deleted file mode 100644 index 324f8cab..00000000 --- a/SecurityServer/Authorization/privPortClient.cpp +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// privPortClient - Authorization privileged-port binding client side -// -#include -#include -#include -#include "privPort.h" - -using namespace UnixPlusPlus; -using namespace IPPlusPlus; - - -// -// Where is the trampoline itself? -// -#if !defined(PORTSERVERPATH) -# define PORTSERVERPATH "/System/Library/CoreServices/privportserver" /* fallback */ -#endif - - -// -// Local functions -// -static void startServer(); - - -// -// The official client function. This does all the work -// -OSStatus AuthorizationBindPrivilegedPort(int fileDescriptor, - const struct sockaddr_in *name, - AuthorizationRef authorization, - AuthorizationFlags flags) -{ - BEGIN_API - unsigned short port = ntohs(name->sin_port); - secdebug("portserve", "bind request fd=%d port=%d", fileDescriptor, port); - - // must request a privileged port (don't check for debug version) -#if defined(NDEBUG) - if (port <= 0 || port >= IPPORT_RESERVED) - return errAuthorizationBadAddress; -#endif //NEBUG - - // no flags recognized so far - if (flags) - return errAuthorizationInvalidFlags; - - // form the request message - Request request; - if (OSStatus err = AuthorizationMakeExternalForm(authorization, &request.authForm)) - return err; - request.requestedName = *name; - - // connect to the port server (start it if we must) - UNSockAddress serverAddress(kPrivilegedPortBinder); - FdMover server; - server.open(AF_UNIX, SOCK_STREAM); - try { - server.connect(serverAddress); - } catch (const UnixError &error) { - switch (error.error) { - case ENOENT: // not bound - case ECONNREFUSED: // was bound, server is dead - startServer(); - server.connect(serverAddress); - break; - default: - throw; - } - } - - // send request - secdebug("portserve", "sending request"); - FdVector fds; - fds.push_back(fileDescriptor); - if (server.send(&request, sizeof(request), fds) != sizeof(request)) - UnixError::throwMe(EIO); - - // read reply - secdebug("portserve", "getting reply"); - Reply reply; - if (server.read(&reply, sizeof(reply)) != sizeof(reply)) - UnixError::throwMe(EIO); - - secdebug("portserve", "server replied %ld", reply.status); - return ntohl(reply.status); - - END_API(CSSM) -} - - -// -// Start the server (fork/exec) -// -static void startServer() -{ - const char *serverpath = PORTSERVERPATH; -#if !defined(NDEBUG) - if (const char *override = getenv("PRIVPORTSERVER")) - serverpath = override; -#endif //!NDEBUG - - secdebug("portserve", "starting %s", serverpath); - switch (fork()) { - case -1: - UnixError::throwMe(); - case 0: // child - execl(serverpath, serverpath, NULL); - secdebug("portserve", "cannot exec %s (errno=%d)", serverpath, errno); - _exit(1); - default: // parent - sleep(1); - break; - } -} - - -// -// A pure-C interface helper function for overriding bind(2). -// This obtains the authorization, then calls AuthorizationBindPrivilegedPort -// -int __authorization_bind(int s, const struct sockaddr_in *name) -{ - // obtain authorization - AuthorizationItem rights[] = { - { "system.privilege.port.connect", 0, NULL, 0 } - }; - AuthorizationRights rightSet = - { sizeof(rights) / sizeof(rights[0]), rights }; - AuthorizationRef auth; - if (AuthorizationCreate(&rightSet, NULL, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights | - kAuthorizationFlagPreAuthorize, - &auth)) { - errno = EPERM; - return -1; - } - - // bind - OSStatus err = AuthorizationBindPrivilegedPort(s, name, auth, 0); - AuthorizationFree(auth, 0); // ignore errors - - if (err) { - errno = (err >= errSecErrnoBase && err <= errSecErrnoLimit) ? - errno = err - errSecErrnoBase : - EPERM; - return -1; - } - return 0; -} diff --git a/SecurityServer/Authorization/privPortServer.cpp b/SecurityServer/Authorization/privPortServer.cpp deleted file mode 100644 index 97633fe3..00000000 --- a/SecurityServer/Authorization/privPortServer.cpp +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// privportserver.cpp - tool-side trampoline support functions -// -#include -#include -#include -#include -#include -#include -#include "privPort.h" - -using namespace UnixPlusPlus; -using namespace IPPlusPlus; - - -// -// Default values -// -#define DEFAULT_TIMEOUT (2 * 60) /* seconds */ - - -// -// Local functions -// -void usage(const char *me); -void serve(FdMover client); -void sigALRM(int signo); - - -// -// Send a reply (successful or otherwise) to the client and clean up. -// -void reply(Socket s, OSStatus error) -{ - Reply reply; - reply.status = htonl(error); - s.write(&reply, sizeof(reply)); - close(s); -} - - -// -// Server main program -// -int main(int argc, char *argv[]) -{ - unsigned timeout = DEFAULT_TIMEOUT; - - extern int optind; - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "t:")) != -1) - switch (arg) { - case 't': - timeout = atoi(optarg); - break; - case '?': - usage(argv[0]); - } - if (optind < argc) - usage(argv[0]); - - umask(0111); // allow world-write on created socket - Socket server(AF_UNIX, SOCK_STREAM); - UNSockAddress serverAddress(kPrivilegedPortBinder); - try { - server.bind(serverAddress); - } catch (const UnixError &error) { - switch (error.error) { - case EADDRINUSE: - unlink(kPrivilegedPortBinder); - server.bind(serverAddress); - break; - default: - throw; - } - } - server.listen(5); - - // prepare signals - SigSet signals; - signals += SIGALRM; - sigMask(signals, SIG_BLOCK); - if (signal(SIGALRM, sigALRM) == SIG_ERR) { - perror("SIGALRM"); - exit(1); - } - - // server loop - for (;;) { - FdMover s; - alarm(timeout); - sigMask(signals, SIG_UNBLOCK); - server.accept(s); - sigMask(signals, SIG_BLOCK); - try { - serve(s); - } catch (const CssmCommonError &error) { - reply(s, error.cssmError()); - } catch (...) { - reply(s, -1); - } - } - - // go away - return 0; -} - - -void usage(const char *me) -{ - fprintf(stderr, "Usage: %s [-t timeout-seconds]\n", me); - exit(2); -} - - -void sigALRM(int signo) -{ - secdebug("portserver", "timeout; quitting"); - unlink(kPrivilegedPortBinder); - exit(0); -} - - -// -// Serve one request -void serve(FdMover client) -{ - secdebug("portserver", "processing port request"); - - // receive request message - Request request; - FdVector fds; - if (client.receive(&request, sizeof(request), fds) != sizeof(request)) { - // short receive - assume sender protocol error - return reply(client, 11111); - return; - } - if (fds.size() != 1) { - // must send exactly one socket to find - return reply(client, 11111); - return; - } - - // internalize the authorization - AuthorizationRef auth; - if (OSStatus err = AuthorizationCreateFromExternalForm(&request.authForm, &auth)) - return reply(client, err); - - // validate authorization; punt if not authorized - AuthorizationItem rights[] = { - { CONNECTRIGHT, 0, NULL, 0 }, - { ACCEPTRIGHT, 0, NULL, 0 } - }; - AuthorizationRights rightSet = { sizeof(rights) / sizeof(rights[0]), rights }; - AuthorizationRights *result; - if (OSStatus err = AuthorizationCopyRights(auth, &rightSet, NULL, - kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights | - kAuthorizationFlagPartialRights, - &result)) - return reply(client, err); - UInt32 count = result ? result->count : 0; - AuthorizationFreeItemSet(result); - if (count == 0) - return reply(client, errAuthorizationDenied); - - // okay, bind as requested - Socket s; s = fds[0]; - s.bind(request.requestedName); - - // all is well. Tell the client - return reply(client, 0); -} diff --git a/SecurityServer/Authorization/trampolineClient.cpp b/SecurityServer/Authorization/trampolineClient.cpp deleted file mode 100644 index b17aebe9..00000000 --- a/SecurityServer/Authorization/trampolineClient.cpp +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// trampolineClient - Authorization trampoline client-side implementation -// -#include -#include -#include -#include -#include -#include -#include -#include - -// -// Where is the trampoline itself? -// -#if !defined(TRAMPOLINE) -# define TRAMPOLINE "/System/Library/CoreServices/AuthorizationTrampoline" /* fallback */ -#endif - - -// -// A few names for clarity's sake -// -enum { - READ = 0, // read end of standard UNIX pipe - WRITE = 1 // write end of standard UNIX pipe -}; - - -// -// Local (static) functions -// -static const char **argVector(const char *trampoline, - const char *tool, const char *commFd, - char *const *arguments); - - -// -// The public client API function. -// -OSStatus AuthorizationExecuteWithPrivileges(AuthorizationRef authorization, - const char *pathToTool, - unsigned long flags, - char *const *arguments, - FILE **communicationsPipe) -{ - // flags are currently reserved - if (flags != 0) - return errAuthorizationInvalidFlags; - - // externalize the authorization - AuthorizationExternalForm extForm; - if (OSStatus err = AuthorizationMakeExternalForm(authorization, &extForm)) - return err; - - // create the mailbox file - FILE *mbox = tmpfile(); - if (!mbox) - return errAuthorizationInternal; - if (fwrite(&extForm, sizeof(extForm), 1, mbox) != 1) { - fclose(mbox); - return errAuthorizationInternal; - } - fflush(mbox); - - // make text representation of the temp-file descriptor - char mboxFdText[20]; - snprintf(mboxFdText, sizeof(mboxFdText), "auth %d", fileno(mbox)); - - // make a notifier pipe - int notify[2]; - if (pipe(notify)) { - fclose(mbox); - return errAuthorizationToolExecuteFailure; - } - - // make the communications pipe if requested - int comm[2]; - if (communicationsPipe && socketpair(AF_UNIX, SOCK_STREAM, 0, comm)) { - close(notify[READ]); close(notify[WRITE]); - fclose(mbox); - return errAuthorizationToolExecuteFailure; - } - - // do the standard forking tango... - int delay = 1; - for (int n = 5;; n--, delay *= 2) { - switch (fork()) { - case -1: // error - if (errno == EAGAIN) { - // potentially recoverable resource shortage - if (n > 0) { - secdebug("authexec", "resource shortage (EAGAIN), delaying %d seconds", delay); - sleep(delay); - continue; - } - } - secdebug("authexec", "fork failed (errno=%d)", errno); - close(notify[READ]); close(notify[WRITE]); - return errAuthorizationToolExecuteFailure; - - default: // parent - // close foreign side of pipes - close(notify[WRITE]); - if (communicationsPipe) - close(comm[WRITE]); - - // close mailbox file (child has it open now) - fclose(mbox); - - // get status notification from child - OSStatus status; - secdebug("authexec", "parent waiting for status"); - switch (IFDEBUG(ssize_t rc =) read(notify[READ], &status, sizeof(status))) { - default: // weird result of read: post error - secdebug("authexec", "unexpected read return value %ld", long(rc)); - status = errAuthorizationToolEnvironmentError; - // fall through - case sizeof(status): // read succeeded: child reported an error - secdebug("authexec", "parent received status=%ld", status); - close(notify[READ]); - if (communicationsPipe) { close(comm[READ]); close(comm[WRITE]); } - return status; - case 0: // end of file: exec succeeded - close(notify[READ]); - if (communicationsPipe) - *communicationsPipe = fdopen(comm[READ], "r+"); - secdebug("authexec", "parent resumes (no error)"); - return noErr; - } - - case 0: // child - // close foreign side of pipes - close(notify[READ]); - if (communicationsPipe) - close(comm[READ]); - - // fd 1 (stdout) holds the notify write end - dup2(notify[WRITE], 1); - close(notify[WRITE]); - - // fd 0 (stdin) holds either the comm-link write-end or /dev/null - if (communicationsPipe) { - dup2(comm[WRITE], 0); - close(comm[WRITE]); - } else { - close(0); - open("/dev/null", O_RDWR); - } - - // where is the trampoline? -#if defined(NDEBUG) - const char *trampoline = TRAMPOLINE; -#else //!NDEBUG - const char *trampoline = getenv("AUTHORIZATIONTRAMPOLINE"); - if (!trampoline) - trampoline = TRAMPOLINE; -#endif //NDEBUG - - // okay, execute the trampoline - secdebug("authexec", "child exec(%s:%s)", - trampoline, pathToTool); - if (const char **argv = argVector(trampoline, pathToTool, mboxFdText, arguments)) - execv(trampoline, (char *const*)argv); - secdebug("authexec", "trampoline exec failed (errno=%d)", errno); - - // execute failed - tell the parent - { - OSStatus error = errAuthorizationToolExecuteFailure; - write(1, &error, sizeof(error)); - _exit(1); - } - } - } -} - - -// -// Build an argv vector -// -static const char **argVector(const char *trampoline, const char *pathToTool, - const char *mboxFdText, char *const *arguments) -{ - int length = 0; - if (arguments) { - for (char *const *p = arguments; *p; p++) - length++; - } - if (const char **args = (const char **)malloc(sizeof(const char *) * (length + 4))) { - args[0] = trampoline; - args[1] = pathToTool; - args[2] = mboxFdText; - if (arguments) - for (int n = 0; arguments[n]; n++) - args[n + 3] = arguments[n]; - args[length + 3] = NULL; - return args; - } - return NULL; -} diff --git a/SecurityServer/Authorization/trampolineServer.cpp b/SecurityServer/Authorization/trampolineServer.cpp deleted file mode 100644 index cf2c5bb4..00000000 --- a/SecurityServer/Authorization/trampolineServer.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// trampolineServer.cpp - tool-side trampoline support functions -// -#include -#include -#include - - -// -// In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy -// of the AuthorizationRef that started it all. -// -OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization, - AuthorizationFlags flags) -{ - // flags are currently reserved - if (flags != 0) - return errAuthorizationInvalidFlags; - - // retrieve hex form of external form from environment - const char *mboxFdText = getenv("__AUTHORIZATION"); - if (!mboxFdText) - return errAuthorizationInvalidRef; - - // retrieve mailbox file and read external form - AuthorizationExternalForm extForm; - int fd; - if (sscanf(mboxFdText, "auth %d", &fd) != 1) - return errAuthorizationInvalidRef; - if (lseek(fd, 0, SEEK_SET) || - read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) { - close(fd); - return errAuthorizationInvalidRef; - } - - // internalize the authorization - AuthorizationRef auth; - if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth)) - return error; - - // well, here you go - *authorization = auth; - return noErr; -} diff --git a/SecurityServer/BLOBFORMAT b/SecurityServer/BLOBFORMAT deleted file mode 100644 index 22528f70..00000000 --- a/SecurityServer/BLOBFORMAT +++ /dev/null @@ -1,64 +0,0 @@ -Description of SecurityServer blob format. - - -Database blob: - - -Creation (input PASSWORD, PRIVATE_DBB_BYTES, PUBLIC_DBB_BYTES) -Update -- change password (same as creation except use passed in DSK and DEK). - -1. Generate a 20 byte (160 bit) random string called SALT. -2. Derive a 24 byte (192 bit -- 168 bit effective because of odd parity in each octet) 3DES key called MK and 8 bytes IV from PASSWORD and SALT using PBKDF2 with PRF = HMACSHA1 and iteration count = 1000. -3. Generate a 24 byte (192 bit -- 168 bit effective because of parity) 3DES key called DEK. -4. Generate a 20 byte (160 bit SHA1HMAC key called DSK. -5. Let TEMP1 = DSK || DEK || PRIVATE_DBB_BYTES -6. Let TEMP2 = ciphertext of TEMP1 encrypted with MK and IV using 3DES in CBC_IV mode. -7. Let TEMP3 = SALT || LEN(PUBLIC_DBB_BYTES) || PUBLIC_DBB_BYTES || TEMP2 -8. Let SIG = SHA1HMAC(DSK, TEMP3) -9. Let DBB = SIG || TEMP3 -10. Outputs DBB, DSK (for signing) and DEK (for encryption) - - -Decode (input DBB and PASSWORD) - -1. Let SIG = First 20 octets of DBB. -2. Let TEMP3 = Octets 20 though end of DBB. -3. Let SALT = Octets 0 though 20 of TEMP3. -4. Derive a 192 bit (168 bit effective because of parity) 3DES key called MK and 8 bytes IV from PASSWORD and SALT using PKDF2 with PRF = HMACSHA1 and iteration count = 1000. -5. Let LEN_PUBLIC_DBB_BYTES = Octets 20 though 24 of TEMP3. -6. Let PUBLIC_DBB_BYTES = Octets 24 though 24 + LEN_PUBLIC_DBB_BYTES of TEMP3. -7. Let TEMP2 = Octets 24 + LEN_PUBLIC_DBB_BYTES though end of TEMP3. -8. Let TEMP1 = plaintext of TEMP2 decrypted with MK and IV using 3DES in CBC_IV mode with PKCS1 padding. -9. Let DSK = First 20 octets of TEMP1 -10. Verify that SHA1HMAC(DSK, TEMP3) == SIG (using VerifyMac) if fail then password is wrong. -11. Let DEK = Octets 20 though 44 of TEMP1 -12. If DEK does not have odd parity in all octets then DBB is corrupt. -13. Let PRIVATE_DBB_BYTES = Octets 44 though end of TEMP1 -14. Outputs PUBLIC_DBB_BYTES, PRIVATE_DBB_BYTES, DSK, DEK - - - -Key blob: - -Creation (input DSK, DEK, PRIVATE_KEY_BYTES, PUBLIC_KEY_BYTES output KB) -(NOTE PRIVATE_KEY_BYTES contains both the key bits (24 bytes) and the private ACL parts) - -1. Generate a 8 byte random string called IV -2. Encrypt PRIVATE_KEY_BYTES using DEK (3DES) and IV in CBC mode with PKCS1 padding. Call the ciphertext TEMP1 -3. Let TEMP2 = IV || TEMP1. -4. Reverse the order of the octects in TEMP2 call the result TEMP3. -5. Encrypt TEMP3 using DEK with an IV of 0x4adda22c79e82105 in CBC mode with PKCS1 padding call the result TEMP4. -6. Concatenate LEN(PUBLIC_KEY_BYTES) | PUBLIC_KEY_BYTES | TEMP4 and call it TEMP5 -7. Compute the 20 byte SHA1HMAC of TEMP5 using DSK and call it SIG. -8. Concatinate TEMP5 | SIG and call the result KB. - -Decode (input DSK, DEK, KB output PRIVATE_KEY_BYTES, PUBLIC_KEY_BYTES) - -1. Split KB in TEMP5 and SIG (SIG is last 20 bytes) TEMP5 is the rest. -2. Verify the 20 byte SHA1HMAC of TEMP5 using DSK against SIG if if fails the blob is invalid. -3. Split TEMP5 in LEN(PUBLIC_KEY_BYTES) , PUBLIC_KEY_BYTES and TEMP4. -4. Decrypt TEMP4 using DEK with an IV of 0x4adda22c79e82105 in CBC mode with PKCS1 padding call the result TEMP3. -5. Reverse the order of the octects in TEMP3 and call the result TEMP2. -6. Split TEMP2 in IV (first 8 bytes) and TEMP1 (rest). -7. Decrypt TEMP1 using DEK (3DES) and IV in CBC mode with PKCS1 padding. Call the plaintext PRIVATE_KEY_BYTES. - diff --git a/SecurityServer/CVSVersionInfo.txt b/SecurityServer/CVSVersionInfo.txt deleted file mode 100644 index 80294d1b..00000000 --- a/SecurityServer/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:00 mb Exp $ -# $Name: $ -ProjectName: SecurityServer -ProjectVersion: 17.1 diff --git a/SecurityServer/Makefile b/SecurityServer/Makefile deleted file mode 100644 index 112c4774..00000000 --- a/SecurityServer/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -# -# Makefile to build MIG-generated sources and headers -# -XSRCROOT:=$(shell cd $(SRCROOT) >/dev/null; pwd) -TARGET:=$(shell cd $(BUILT_PRODUCTS_DIR) >/dev/null; pwd) -SRC:=$(TARGET)/derived_src -HDR:=$(TARGET)/include - -build: $(SRC)/.mig.ucsp $(SRC)/.mig.secagent - -debug: build - -profile: build - -install: build - -installhdrs: build - -installsrc: - -clean: - rm -f $(SRC)/.mig.ucsp $(SRC)/.mig.secagent \ - $(SRC)/ucsp*.cpp $(SRC)/secagent*.cpp $(HDR)/ucsp.h $(HDR)/secagent.h - -$(SRC)/.mig.ucsp: SecurityServer/ucsp.defs SecurityServer/ucspNotify.defs SecurityServer/ucsp_types.h - mkdir -p $(SRC) - mkdir -p $(HDR) - cd /tmp; mig -server $(SRC)/ucspServer.cpp -user $(SRC)/ucspUser.cpp \ - -header $(HDR)/ucsp.h $(XSRCROOT)/SecurityServer/ucsp.defs - cd /tmp; mig -server $(SRC)/ucspNotifyReceiver.cpp -user $(SRC)/ucspNotifySender.cpp \ - -header $(HDR)/ucspNotify.h $(XSRCROOT)/SecurityServer/ucspNotify.defs - touch $(SRC)/.mig.ucsp - -$(SRC)/.mig.secagent: SecurityServer/secagent.defs SecurityServer/secagent_types.h - mkdir -p $(SRC) - mkdir -p $(HDR) - cd /tmp; mig -server $(SRC)/secagentServer.cpp -user $(SRC)/secagentUser.cpp \ - -header $(HDR)/secagent.h $(XSRCROOT)/SecurityServer/secagent.defs - touch $(SRC)/.mig.secagent diff --git a/SecurityServer/Makefile.startup b/SecurityServer/Makefile.startup deleted file mode 100644 index 7102d845..00000000 --- a/SecurityServer/Makefile.startup +++ /dev/null @@ -1,60 +0,0 @@ -# -# Makefile to install the system-startup code for SecurityServer -# - -# wouldn't it be nice if PBX actually $#@?@! defined those? -# Note: CORE_SERVICES_DIR should be absolute path in target environment (don't prefix with DSTROOT) -SYSTEM_LIBRARY_DIR=$(DSTROOT)/System/Library -SYSTEM_CORE_SERVICES_DIR=/System/Library/CoreServices -AUTHORIZATION_LOCATION=$(DSTROOT)/private/etc -AUTHORIZATION_PLIST=$(AUTHORIZATION_LOCATION)/authorization -VARDB=$(DSTROOT)/private/var/db -CANDIDATES=$(VARDB)/CodeEquivalenceCandidates - -DST=$(SYSTEM_LIBRARY_DIR)/StartupItems/SecurityServer -SRC=$(SRCROOT)/SecurityServer - - -# -# The other phases do nothing -# -build: - @echo null build. - -debug: - @echo null debug. - -profile: - @echo null profile. - -# -# Install -# -install: - mkdir -p $(DST)/Resources/English.lproj - cp $(SRC)/StartupItems/StartupParameters.plist $(DST) - sed -e "s:@@@:$(SYSTEM_CORE_SERVICES_DIR):g" $(SRC)/StartupItems/SecurityServer >$(DST)/SecurityServer - cp $(SRC)/StartupItems/Localizable.strings $(DST)/Resources/English.lproj/Localizable.plist - chown -R root.wheel $(DST) - chmod 755 $(DST)/SecurityServer - chmod 644 $(DST)/StartupParameters.plist - chmod 644 $(DST)/Resources/English.lproj/Localizable.plist - chmod 4711 $(DSTROOT)/$(SYSTEM_CORE_SERVICES_DIR)/AuthorizationTrampoline - chmod 4711 $(DSTROOT)/$(SYSTEM_CORE_SERVICES_DIR)/privportserver - mkdir -p $(AUTHORIZATION_LOCATION) - cp $(SRC)/Authorization/authorization.plist $(AUTHORIZATION_PLIST) - chown root.admin $(AUTHORIZATION_PLIST) - chmod 644 $(AUTHORIZATION_PLIST) - mkdir -p $(VARDB) - cp $(SRC)/StartupItems/CodeEquivalenceCandidates $(CANDIDATES) - chown root.admin $(CANDIDATES) - chmod 644 $(CANDIDATES) - -installhdrs: - @echo null installhdrs. - -installsrc: - @echo null installsrc. - -clean: - @echo null clean. diff --git a/SecurityServer/SecurityAgentClient.cpp b/SecurityServer/SecurityAgentClient.cpp deleted file mode 100644 index 9307d4fb..00000000 --- a/SecurityServer/SecurityAgentClient.cpp +++ /dev/null @@ -1,770 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SecurityAgentClient - client interface to SecurityAgent -// -// This file changes behavior depending on two environment variables. -// AGENTNAME/AGENTPATH: if defined, is the name and path to -// the SecurityAgent binary to autolaunch. If undefined, SecurityAgent must be running. -// NOSA: If set, check for NOSA environment variable and if set, simulate the Agent -// using stdio in the client. -// -// A note on message flow: the combined send/receive operation at the heart of each -// secagent_client_* call can receive three types of message: -// (o) SecurityAgent reply -- ok, process -// (o) Dead port notification -- agent died, translated to NO_USER_INTERACTION error thrown -// (o) Cancel message -- will come out as INVALID_ID error and throw -// -// @@@ SA keepalive option. -// -#include "SecurityAgentClient.h" -#include "secagent.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -// @@@ Should be in but it isn't as of Puma5F22 -extern "C" int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); - -namespace Security { -namespace SecurityAgent { - - -using namespace Security; -using namespace MachPlusPlus; - - -// pass structured arguments in/out of IPC calls. See "data walkers" for details -#define COPY(copy) copy, copy.length(), copy -#define COPY_OUT(copy) ©, ©##Length, ©##Base -#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length - - -// -// Encode a requestor -// -class Requestor { -public: - Requestor(const OSXCode *code) { if (code) extForm = code->encode(); } - operator const char * () const { return extForm.c_str(); } - - // use this for debugging only - const char *c_str() const { return extForm.empty() ? "(unknown)" : extForm.c_str(); } - -private: - string extForm; -}; - - -// -// Check a return from a MIG client call -// -void Client::check(kern_return_t error) -{ - // first check the Mach IPC return code - switch (error) { - case KERN_SUCCESS: // peachy - break; - case MIG_SERVER_DIED: // explicit can't-send-it's-dead - stage = mainStage; - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - default: // some random Mach error - stage = mainStage; - MachPlusPlus::Error::throwMe(error); - } - - // now check the OSStatus return from the server side - switch (status) { - case noErr: - case errAuthorizationDenied: - break; - case userCanceledErr: - unstage(); - CssmError::throwMe(CSSM_ERRCODE_USER_CANCELED); - default: - unstage(); - MacOSError::throwMe(status); - } -} - -void Client::unstage() -{ - if (stage != mainStage) { - mStagePort.deallocate(); - stage = mainStage; - } -} - - -// -// NOSA support functions. This is a test mode where the SecurityAgent -// is simulated via stdio in the client. Good for running automated tests -// of client programs. Only available if -DNOSA when compiling. -// -#if defined(NOSA) - -#include - -static void getNoSA(char *buffer, size_t bufferSize, const char *fmt, ...) -{ - // write prompt - va_list args; - va_start(args, fmt); - vfprintf(stdout, fmt, args); - va_end(args); - - // read reply - memset(buffer, 0, bufferSize); - const char *nosa = getenv("NOSA"); - if (!strcmp(nosa, "-")) { - if (fgets(buffer, bufferSize-1, stdin) == NULL) - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - buffer[strlen(buffer)-1] = '\0'; // remove trailing newline - if (!isatty(fileno(stdin))) - printf("%s\n", buffer); // echo to output if input not terminal - } else { - strncpy(buffer, nosa, bufferSize-1); - printf("%s\n", buffer); - } - if (buffer[0] == '\0') // empty input -> cancellation - CssmError::throwMe(CSSM_ERRCODE_USER_CANCELED); -} - -#endif //NOSA - - -// -// Initialize our CSSM interface -// -Client::Client() : mActive(false), desktopUid(0), mKeepAlive(false), stage(mainStage), mAgentName("com.apple.SecurityAgent") -{ -} - -/* - * The new, preferred way to activate the Security Agent. The Security - * Server will take advantage of this interface; the old constructor is - * kept around for compatibility with the only other client, DiskCopy. - * DiskCopy needs to be fixed to use the Security Server itself rather - * than this library. - */ -Client::Client(uid_t clientUID, Bootstrap clientBootstrap, const char *agentName) : - mActive(false), desktopUid(clientUID), - mClientBootstrap(clientBootstrap), mKeepAlive(false), stage(mainStage), mAgentName(agentName) -{ -} - -Client::~Client() -{ - terminate(); -} - - -// -// Activate a session -// -void Client::activate() -{ - if (!mActive) { - - establishServer(); - - // create reply port - mClientPort.allocate(MACH_PORT_RIGHT_RECEIVE); - mClientPort.insertRight(MACH_MSG_TYPE_MAKE_SEND); - - // get notified if the server dies (shouldn't happen, but...) - mServerPort.requestNotify(mClientPort, MACH_NOTIFY_DEAD_NAME, true); - - // ready - mActive = true; - } -} - -void Client::terminate() -{ - if (mActive) { - mServerPort.deallocate(); - mClientPort.destroy(); - mActive = false; - } -} - - -// -// Cancel a client call. -// This actually sends a reply message to the thread waiting for a reply, -// thereby unblocking it. -// @@@ Theoretically we should thread-lock this so only one cancel message -// ever gets sent. But right now, this is only used to completely tear down -// a client session, so duplicate replies don't bother us. -// -void Client::cancel() -{ - // this is the common prefix of SecurityAgent client call replies - struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t result; - OSStatus status; - } request; - - request.Head.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0); - request.Head.msgh_remote_port = mClientPort; - request.Head.msgh_local_port = MACH_PORT_NULL; - request.Head.msgh_id = cancelMessagePseudoID; - request.NDR = NDR_record; - - // set call succeeded, no error status - request.result = KERN_SUCCESS; - request.status = noErr; - - // send it (do not receive a reply). Use zero timeout to avoid hangs - MachPlusPlus::check(mach_msg_overwrite(&request.Head, MACH_SEND_MSG|MACH_SEND_TIMEOUT, - sizeof(request), 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, - MACH_PORT_NULL, (mach_msg_header_t *) NULL, 0)); -} - - -// -// Get the port for the SecurityAgent. -// Start it if necessary (and possible). Throw an exception if we can't get to it. -// Sets mServerPort on success. -// -void Client::establishServer() -{ - // if the server is already running, we're done - if (mServerPort = mClientBootstrap.lookupOptional(mAgentName.c_str())) - return; - -#if defined(AGENTNAME) && defined(AGENTPATH) - // switch the bootstrap port to that of the logged-in user - - StBootstrap bootSaver(mClientBootstrap); - - // try to start the agent - switch (pid_t pid = fork()) { - case 0: // child - { - // Setup the environment for the SecurityAgent - unsetenv("USER"); - unsetenv("LOGNAME"); - unsetenv("HOME"); - - // tell agent which name to register - setenv("AGENTNAME", mAgentName.c_str(), 1); - - if (desktopUid) // if the user is running as root, or we're not told what uid to use, we stick with what we are - { - struct group *grent = getgrnam("nobody"); - gid_t desktopGid = grent ? grent->gr_gid : unsigned(-2); //@@@ questionable - endgrent(); - secdebug("SAclnt", "setgid(%d)", desktopGid); - setgid(desktopGid); // switch to login-user gid - secdebug("SAclnt", "setuid(%d)", desktopUid); - // Must be setuid and not seteuid since we do not want the agent to be able - // to call seteuid(0) successfully. - setuid(desktopUid); // switch to login-user uid - } - // close down any files that might have been open at this point - int maxDescriptors = getdtablesize (); - int i; - - for (i = 3; i < maxDescriptors; ++i) - { - close (i); - } - - // construct path to SecurityAgent - char agentExecutable[PATH_MAX + 1]; - const char *path = getenv("SECURITYAGENT"); - if (!path) - path = AGENTPATH; - snprintf(agentExecutable, sizeof(agentExecutable), "%s/Contents/MacOS/" AGENTNAME, path); - secdebug("SAclnt", "execl(%s)", agentExecutable); - execl(agentExecutable, agentExecutable, NULL); - secdebug("SAclnt", "execl of SecurityAgent failed, errno=%d", errno); - - // Unconditional suicide follows. - // See comments below on why we can't use abort() -#if 1 - _exit(1); -#else - // NOTE: OS X abort() is implemented as kill(getuid()), which fails - // for a setuid-root process that has setuid'd. Go back to root to die... - setuid(0); - abort(); -#endif - } - case -1: // error (in parent) - UnixError::throwMe(); - default: // parent - { - static const int timeout = 300; - - secdebug("SAclnt", "Starting security agent (%d seconds timeout)", timeout); - struct timespec rqtp; - memset(&rqtp, 0, sizeof(rqtp)); - rqtp.tv_nsec = 100000000; /* 10^8 nanaseconds = 1/10th of a second */ - for (int n = timeout; n > 0; nanosleep(&rqtp, NULL), n--) { - if (mServerPort = mClientBootstrap.lookupOptional(mAgentName.c_str())) - break; - int status; - switch (IFDEBUG(pid_t rc =) waitpid(pid, &status, WNOHANG)) { - case 0: // child still running - continue; - case -1: // error - switch (errno) { - case EINTR: - case EAGAIN: // transient - continue; - case ECHILD: // no such child (dead; already reaped elsewhere) - secdebug("SAclnt", "child is dead (reaped elsewhere)"); - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - default: - secdebug("SAclnt", "waitpid failed: errno=%d", errno); - UnixError::throwMe(); - } - default: - assert(rc == pid); - secdebug("SAclnt", "child died without claiming the SecurityAgent port"); - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - } - } - - if (mServerPort == 0) { // couldn't contact Security Agent - secdebug("SAclnt", "Autolaunch failed"); - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - } - secdebug("SAclnt", "SecurityAgent located"); - return; - } - } -#endif - - // well, this didn't work. Too bad - secdebug("SAclnt", "Cannot contact SecurityAgent"); - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); //@@@ or INTERNAL_ERROR? -} - - -// -// Staged query maintainance -// -void Client::finishStagedQuery() -{ - if (stage == mainStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - printf(" [query done]\n"); - stage = mainStage; - return; - } -#endif - check(secagent_client_finishStagedQuery(mStagePort, mClientPort, &status)); - unstage(); - terminate(); -} - -void Client::cancelStagedQuery(Reason reason) -{ - if (stage == mainStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - printf(" [query canceled; reason=%d]\n", reason); - stage = mainStage; - return; - } -#endif - check(secagent_client_cancelStagedQuery(mStagePort, mClientPort, &status, reason)); - unstage(); - terminate(); -} - - -// -// Query the user to unlock a keychain. This is a staged protocol with a private side-port. -// -void Client::queryUnlockDatabase(const OSXCode *requestor, pid_t requestPid, - const char *database, char passphrase[maxPassphraseLength]) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, "Unlock %s [ to cancel]: ", database); - stage = unlockStage; - return; - } -#endif - activate(); - check(secagent_client_unlockDatabase(mServerPort, mClientPort, - &status, req, requestPid, database, &mStagePort.port(), passphrase)); - stage = unlockStage; -} - -void Client::retryUnlockDatabase(Reason reason, char passphrase[maxPassphraseLength]) -{ - if (stage != unlockStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, "Retry unlock [ to cancel]: "); - return; - } -#endif - check(secagent_client_retryUnlockDatabase(mStagePort, mClientPort, - &status, reason, passphrase)); -} - - -// -// Ask for a (new) password for something. -// -void Client::queryNewPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *database, Reason reason, char passphrase[maxPassphraseLength], char oldPassphrase[maxPassphraseLength]) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "New passphrase for %s (reason %d) [ to cancel]: ", - (database ? database : "[NULL database]"), reason); - stage = newPassphraseStage; - return; - } -#endif - activate(); - check(secagent_client_queryNewPassphrase(mServerPort, mClientPort, - &status, req, requestPid, database, reason, - &mStagePort.port(), passphrase, oldPassphrase)); - stage = newPassphraseStage; -} - -void Client::retryNewPassphrase(Reason reason, char passphrase[maxPassphraseLength], char oldPassphrase[maxPassphraseLength]) -{ - if (stage != newPassphraseStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "retry new passphrase (reason %d) [ to cancel]: ", reason); - return; - } -#endif - check(secagent_client_retryNewPassphrase(mStagePort, mClientPort, - &status, reason, passphrase, oldPassphrase)); -} - - -// -// Ask the user permission to use an item. -// This is used by the keychain-style ACL subject type (only). -// -void Client::queryKeychainAccess(const OSXCode *requestor, pid_t requestPid, - const char *database, const char *itemName, AclAuthorization action, - bool needPassphrase, KeychainChoice &choice) -{ - Debug::trace (kSecTraceSecurityServerQueryKeychainAccess); - - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - char answer[maxPassphraseLength+10]; - getNoSA(answer, sizeof(answer), "Allow %s to do %d on %s in %s? [yn][g]%s ", - req.c_str(), int(action), (itemName ? itemName : "[NULL item]"), - (database ? database : "[NULL database]"), - needPassphrase ? ":passphrase" : ""); - // turn passphrase (no ':') into y:passphrase - if (needPassphrase && !strchr(answer, ':')) { - memmove(answer+2, answer, strlen(answer)+1); - memcpy(answer, "y:", 2); - } - choice.allowAccess = answer[0] == 'y'; - choice.continueGrantingToCaller = answer[1] == 'g'; - if (const char *colon = strchr(answer, ':')) - strncpy(choice.passphrase, colon+1, maxPassphraseLength); - else - choice.passphrase[0] = '\0'; - return; - } -#endif - activate(); - check(secagent_client_queryKeychainAccess(mServerPort, mClientPort, - &status, req, requestPid, (database ? database : ""), itemName, action, - needPassphrase, &mStagePort.port(), &choice)); - - stage = queryKeychainAccessStage; -} - - -void Client::retryQueryKeychainAccess (Reason reason, Choice &choice) -{ - if (stage != queryKeychainAccessStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? - - check(secagent_client_retryQueryKeychainAccess (mStagePort, mClientPort, &status, reason, &choice)); -} - - - -// -// Ask the user whether a somewhat (but not cleanly) matching code identity -// should be accepted for access control purposes. -// -void Client::queryCodeIdentity(const OSXCode *requestor, pid_t requestPid, - const char *aclPath, KeychainChoice &choice) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - char answer[10]; - getNoSA(answer, sizeof(answer), - "Allow %s to match an ACL for %s [yn][g]? ", - req.c_str(), aclPath ? aclPath : "(unknown)"); - choice.allowAccess = answer[0] == 'y'; - choice.continueGrantingToCaller = answer[1] == 'g'; - return; - } -#endif - activate(); - check(secagent_client_queryCodeIdentity(mServerPort, mClientPort, - &status, req, requestPid, aclPath, &choice)); - terminate(); -} - - -// -// Query the user for a generic existing passphrase, with selectable prompt. -// -void Client::queryOldGenericPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *prompt, - KeychainBox &addToKeychain, char passphrase[maxPassphraseLength]) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "Old passphrase (\"%s\") [ to cancel]: ", prompt); - // @@@ addToKeychain not hooked up; stays unchanged - stage = oldGenericPassphraseStage; - return; - } -#endif - activate(); - MigBoolean addBox = addToKeychain.setting; - check(secagent_client_queryOldGenericPassphrase(mServerPort, mClientPort, - &status, req, requestPid, prompt, &mStagePort.port(), - addToKeychain.show, &addBox, passphrase)); - addToKeychain.setting = addBox; - stage = oldGenericPassphraseStage; -} - -void Client::retryOldGenericPassphrase(Reason reason, - bool &addToKeychain, char passphrase[maxPassphraseLength]) -{ - if (stage != oldGenericPassphraseStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "Retry old passphrase [ to cancel]: "); - return; - } -#endif - MigBoolean addBox; - check(secagent_client_retryOldGenericPassphrase(mStagePort, mClientPort, - &status, reason, &addBox, passphrase)); - addToKeychain = addBox; -} - - -// -// Ask for a new passphrase for something (with selectable prompt). -// -void Client::queryNewGenericPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *prompt, Reason reason, - KeychainBox &addToKeychain, char passphrase[maxPassphraseLength]) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "New passphrase (\"%s\") (reason %d) [ to cancel]: ", - prompt, reason); - // @@@ addToKeychain not hooked up; stays unchanged - stage = newGenericPassphraseStage; - return; - } -#endif - activate(); - MigBoolean addBox = addToKeychain.setting; - check(secagent_client_queryNewGenericPassphrase(mServerPort, mClientPort, - &status, req, requestPid, prompt, reason, - &mStagePort.port(), addToKeychain.show, &addBox, passphrase)); - addToKeychain.setting = addBox; - stage = newGenericPassphraseStage; -} - -void Client::retryNewGenericPassphrase(Reason reason, - bool &addToKeychain, char passphrase[maxPassphraseLength]) -{ - if (stage != newGenericPassphraseStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(passphrase, maxPassphraseLength, - "retry new passphrase (reason %d) [ to cancel]: ", reason); - return; - } -#endif - MigBoolean addBox; - check(secagent_client_retryNewGenericPassphrase(mStagePort, mClientPort, - &status, reason, &addBox, passphrase)); - addToKeychain = addBox; -} - - -// -// Authorization by authentication -// -bool Client::authorizationAuthenticate(const OSXCode *requestor, pid_t requestPid, - const char *neededGroup, const char *candidateUser, - char user[maxUsernameLength], char passphrase[maxPassphraseLength]) -{ - Requestor req(requestor); - -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(user, maxUsernameLength, - "User to authenticate for group %s (try \"%s\" [\"-\" to deny]): ", - neededGroup, (candidateUser ? candidateUser : "[NULL]")); - if (strcmp(user, "-")) - getNoSA(passphrase, maxPassphraseLength, - "Passphrase for user %s: ", user); - stage = authorizeStage; - return strcmp(user, "-"); - } -#endif - activate(); - check(secagent_client_authorizationAuthenticate(mServerPort, mClientPort, - &status, req, requestPid, neededGroup, candidateUser, &mStagePort.port(), user, passphrase)); - stage = authorizeStage; - return status == noErr; -} - -bool Client::retryAuthorizationAuthenticate(Reason reason, char user[maxUsernameLength], - char passphrase[maxPassphraseLength]) -{ - if (stage != authorizeStage) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ invent a "state mismatch error"? -#if defined(NOSA) - if (getenv("NOSA")) { - getNoSA(user, maxUsernameLength, - "Retry authenticate (reason=%d) ([\"-\" to deny again]): ", reason); - if (strcmp(user, "-")) - getNoSA(passphrase, maxPassphraseLength, - "Passphrase for user %s: ", user); - return strcmp(user, "-"); - } -#endif - check(secagent_client_retryAuthorizationAuthenticate(mStagePort, mClientPort, - &status, reason, user, passphrase)); - return status == noErr; -} - -// -// invokeMechanism old style -// -bool Client::invokeMechanism(const string &inPluginId, const string &inMechanismId, const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult) -{ - AuthorizationValueVector *inArgumentVector; - AuthorizationItemSet *inHintsSet, *inContextSet; - size_t inArgumentVectorLength, inHintsSetLength, inContextSetLength; - - CssmAllocator &alloc = CssmAllocator::standard(); - inArguments.copy(&inArgumentVector, &inArgumentVectorLength); - CssmAutoPtr argGuard(alloc, inArgumentVector); - inHints.copy(inHintsSet, inHintsSetLength, alloc); - CssmAutoPtr hintGuard(alloc, inHintsSet); - inContext.copy(inContextSet, inContextSetLength, alloc); - CssmAutoPtr contextGuard(alloc, inContextSet); - - COPY_OUT_DECL(AuthorizationItemSet, outHintsSet); - COPY_OUT_DECL(AuthorizationItemSet, outContextSet); - - activate(); - - // either noErr (user cancel, allow) or throws authInternal - - check(secagent_client_invokeMechanism(mServerPort, mClientPort, - &status, &mStagePort.port(), inPluginId.c_str(), inMechanismId.c_str(), - inArgumentVector, inArgumentVectorLength, inArgumentVector, - inHintsSet, inHintsSetLength, inHintsSet, - inContextSet, inContextSetLength, inContextSet, - outResult, - COPY_OUT(outHintsSet), - COPY_OUT(outContextSet))); - - VMGuard _(outHintsSet, outHintsSetLength); - VMGuard _2(outContextSet, outContextSetLength); - - if (status != errAuthorizationDenied) - { - relocate(outHintsSet, outHintsSetBase); - inHints = *outHintsSet; - relocate(outContextSet, outContextSetBase); - inContext = *outContextSet; - } - - return (status == noErr); -} - - -void Client::terminateAgent() -{ - // If the agent is (still) running, kill it - if (mClientBootstrap.lookupOptional(mAgentName.c_str())) - { - activate(); - check(secagent_client_terminate(mServerPort, mClientPort)); - } -} - -} // end namespace SecurityAgent -} // end namespace Security diff --git a/SecurityServer/SecurityAgentClient.h b/SecurityServer/SecurityAgentClient.h deleted file mode 100644 index 184092cd..00000000 --- a/SecurityServer/SecurityAgentClient.h +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SecurityAgentClient - client interface to SecurityAgent -// -#ifndef _H_SECURITYAGENTCLIENT -#define _H_SECURITYAGENTCLIENT - -#if defined(__cplusplus) -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using Authorization::AuthItemSet; -using Authorization::AuthValueVector; - -namespace Security { - -using MachPlusPlus::Port; - using MachPlusPlus::Bootstrap; -using CodeSigning::OSXCode; - - -namespace SecurityAgent { - -#endif //C++ only - -// Note: Following section also available to C code for inclusion - -static const unsigned int maxPassphraseLength = 1024; -static const unsigned int maxUsernameLength = 80; - -#define kMaximumAuthorizationTries 3 - -// -// Unified reason codes transmitted to SecurityAgent (and internationalized there) -// -enum Reason { - noReason = 0, // no reason (not used, used as a NULL) - unknownReason, // something else (catch-all internal error) - - // reasons for asking for a new passphrase - newDatabase = 11, // need passphrase for a new database - changePassphrase, // changing passphrase for existing database - - // reasons for retrying an unlock query - invalidPassphrase = 21, // passphrase was wrong - - // reasons for retrying a new passphrase query - passphraseIsNull = 31, // empty passphrase - passphraseTooSimple, // passphrase is not complex enough - passphraseRepeated, // passphrase was used before (must use new one) - passphraseUnacceptable, // passphrase unacceptable for some other reason - oldPassphraseWrong, // the old passphrase given is wrong - - // reasons for retrying an authorization query - userNotInGroup = 41, // authenticated user not in needed group - unacceptableUser, // authenticated user unacceptable for some other reason - - // reasons for canceling a staged query - tooManyTries = 61, // too many failed attempts to get it right - noLongerNeeded, // the queried item is no longer needed - keychainAddFailed, // the requested itemed couldn't be added to the keychain - generalErrorCancel // something went wrong so we have to give up now -}; - -#define AGENT_HINT_SUGGESTED_USER "suggestedUser" -#define AGENT_HINT_REQUIRE_USER_IN_GROUP "requireUserInGroup" -#define AGENT_HINT_CUSTOM_PROMPT "prompt" -#define AGENT_HINT_AUTHORIZE_RIGHT "authorizeRight" -#define AGENT_HINT_CLIENT_PID "clientPid" -#define AGENT_HINT_CLIENT_UID "clientUid" -#define AGENT_HINT_CREATOR_PID "creatorPid" -#define AGENT_HINT_CLIENT_TYPE "clientType" -#define AGENT_HINT_CLIENT_PATH "clientPath" -#define AGENT_HINT_TRIES "tries" -#define AGENT_HINT_RETRY_REASON "reason" -#define AGENT_HINT_AUTHORIZE_RULE "authorizeRule" -// -// "Login Keychain Creation" Right: Hint and context keys -// -#define AGENT_HINT_ATTR_NAME "loginKCCreate:attributeName" -#define AGENT_HINT_LOGIN_KC_NAME "loginKCCreate:pathName" -#define AGENT_HINT_LOGIN_KC_EXISTS_IN_KC_FOLDER "loginKCCreate:exists" -#define AGENT_HINT_LOGIN_KC_USER_NAME "loginKCCreate:userName" -#define AGENT_HINT_LOGIN_KC_CUST_STR1 "loginKCCreate:customStr1" -#define AGENT_HINT_LOGIN_KC_CUST_STR2 "loginKCCreate:customStr2" -#define AGENT_HINT_LOGIN_KC_USER_HAS_OTHER_KCS_STR "loginKCCreate:moreThanOneKeychainExists" - -#define LOGIN_KC_CREATION_RIGHT "system.keychain.create.loginkc" - -#if defined(__cplusplus) - - -// -// The client interface to the SecurityAgent. -// -class Client { -public: - Client(); - Client(uid_t clientUID, Bootstrap clientBootstrap, const char *agentName); - virtual ~Client(); - - virtual void activate(); - virtual void terminate(); - bool isActive() const { return mActive; } - - bool keepAlive() const { return mKeepAlive; } - void keepAlive(bool ka) { mKeepAlive = ka; } - - // common stage termination calls - void finishStagedQuery(); - void cancelStagedQuery(Reason reason); - -public: - struct KeychainBox { - bool show; // show the "save in keychain" checkbox (in) - bool setting; // value of the checkbox (in/out) - }; - -public: - // ask to unlock an existing database. Staged protocol - void queryUnlockDatabase(const OSXCode *requestor, pid_t requestPid, - const char *database, char passphrase[maxPassphraseLength]); - void retryUnlockDatabase(Reason reason, char passphrase[maxPassphraseLength]); - - // ask for a new passphrase for a database. Not yet staged - void queryNewPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *database, Reason reason, char passphrase[maxPassphraseLength], char oldPassphrase[maxPassphraseLength]); - void retryNewPassphrase(Reason reason, char passphrase[maxPassphraseLength], char oldPassphrase[maxPassphraseLength]); - - // ask permission to use an item in a database - struct KeychainChoice { - bool allowAccess; // user said "yes" - bool continueGrantingToCaller; // user wants calling App added to ACL - char passphrase[maxPassphraseLength]; // only if requested - }; - void queryKeychainAccess(const OSXCode *requestor, pid_t requestPid, - const char *database, const char *itemName, AclAuthorization action, - bool needPassphrase, KeychainChoice &choice); - void retryQueryKeychainAccess (Reason reason, KeychainChoice &choice); - - // one-shot code-identity confirmation query - void queryCodeIdentity(const OSXCode *requestor, pid_t requestPid, - const char *aclPath, KeychainChoice &choice); - - // generic old passphrase query - void queryOldGenericPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *prompt, - KeychainBox &addToKeychain, char passphrase[maxPassphraseLength]); - void retryOldGenericPassphrase(Reason reason, - bool &addToKeychain, char passphrase[maxPassphraseLength]); - - // generic new passphrase query - void queryNewGenericPassphrase(const OSXCode *requestor, pid_t requestPid, - const char *prompt, Reason reason, - KeychainBox &addToKeychain, char passphrase[maxPassphraseLength]); - void retryNewGenericPassphrase(Reason reason, - bool &addToKeychain, char passphrase[maxPassphraseLength]); - - // authenticate a user for the purpose of authorization - bool authorizationAuthenticate(const OSXCode *requestor, pid_t requestPid, - const char *neededGroup, const char *candidateUser, - char username[maxUsernameLength], char passphrase[maxPassphraseLength]); - bool retryAuthorizationAuthenticate(Reason reason, - char username[maxUsernameLength], char passphrase[maxPassphraseLength]); - - bool invokeMechanism(const string &inPluginId, const string &inMechanismId, const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult); - - void terminateAgent(); - - // Cancel a pending client call in another thread by sending a cancel message. - // This call (only) may be made from another thread. - void cancel(); - -private: - // used by client call wrappers to receive IPC return-status - OSStatus status; - -private: - Port mServerPort; - Port mClientPort; - bool mActive; - uid_t desktopUid; - Bootstrap mClientBootstrap; - bool mKeepAlive; - - enum Stage { - mainStage, // in between requests - unlockStage, // in unlock sub-protocol - newPassphraseStage, // in get-new-passphrase sub-protocol - newGenericPassphraseStage, // in get-new-generic-passphrase sub-protocol - oldGenericPassphraseStage, // in get-old-generic-passphrase sub-protocol - authorizeStage, // in authorize-by-group-membership sub-protocol - queryKeychainAccessStage, - invokeMechanismStage // in invoke mechanism sub-protocol - } stage; - Port mStagePort; - string mAgentName; - - void locateDesktop(); - void establishServer(); - void check(kern_return_t error); - void unstage(); - -private: - static const int cancelMessagePseudoID = 1200; -}; - -}; // end namespace SecurityAgent - -} // end namespace Security - -#endif //C++ only - -#endif //_H_SECURITYAGENTCLIENT diff --git a/SecurityServer/SecurityServer.order b/SecurityServer/SecurityServer.order deleted file mode 100644 index 20bbfc27..00000000 --- a/SecurityServer/SecurityServer.order +++ /dev/null @@ -1,265 +0,0 @@ -__ZN13Authorization8RightSetD1Ev -__ZN13Authorization8RightSetD4Ev -__ZN13Authorization8RightSetD2Ev -__ZN13Authorization15MutableRightSetD4Ev -__ZN13Authorization15MutableRightSetD1Ev -__ZN6Server6handleEP17mach_msg_header_tS1_ -__Z11ucsp_serverP17mach_msg_header_tS0_ -__ZN6Server14notifyDeadNameEN8Security12MachPlusPlus4PortE -past end of text -__ZN6Server10connectionEj -__ZN6Server15requestCompleteEv -__ZN6Server15setupConnectionENS_12ConnectLevelEN8Security12MachPlusPlus4PortES3_S3_RK16security_token_tPKNS1_14SecurityServer15ClientSetupInfoEPKc -__ZN6Server10connectionEb -__ZN10Connection9checkWorkEv -__ZN7ProcessD4Ev -__ZN7Session4findEN8Security12MachPlusPlus4PortE -__ZN7ProcessC4EN8Security12MachPlusPlus4PortENS1_8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoEPKcjj -__ZNK13Authorization4Rule17evaluateMechanismEPK20AuthorizationItemSetR18AuthorizationTokenRSt3setINS_10CredentialESt4lessIS7_ESaIS7_EE -__ZNK13Authorization4Rule16agentNameForAuthERK18AuthorizationToken -__ZN7Process13endConnectionER10Connection -__ZN10Connection7endWorkEv -__ZN7Process15beginConnectionER10Connection -__ZN10Connection9beginWorkEv -__ZN18AuthorizationToken4findERKN8Security14SecurityServer17AuthorizationBlobE -__Z17ucsp_server_setupjj16security_token_tPljN8Security14SecurityServer15ClientSetupInfoEPKc -__ZN13Authorization4RuleC4ERKSsPK14__CFDictionaryS5_ -__ZN7Process18checkAuthorizationEP18AuthorizationToken -__ZNK13Authorization20AuthorizationDBPlist7getRuleERKNS_5RightE -__ZN7Session16mergeCredentialsERSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE -__ZN13Authorization15MutableRightSet9push_backERKNS_5RightE -__ZN13Authorization6Engine9authorizeERKNS_8RightSetEPK20AuthorizationItemSetmPKSt3setINS_10CredentialESt4lessIS8_ESaIS8_EEPSC_PNS_15MutableRightSetER18AuthorizationToken -__ZN7Session13authGetRightsERKN8Security14SecurityServer17AuthorizationBlobERKN13Authorization8RightSetEPK20AuthorizationItemSetmRNS5_15MutableRightSetE -__Z26ucsp_server_getSessionInfojj16security_token_tPlPmS1_ -__Z35ucsp_server_authorizationCopyRightsjj16security_token_tPlN8Security14SecurityServer17AuthorizationBlobEP20AuthorizationItemSetjS5_mS5_jS5_PS5_PjS6_ -__ZN10ConnectionC4ER7ProcessN8Security12MachPlusPlus4PortE -__ZN7Session10addProcessEP7Process -__ZN18AuthorizationToken16mergeCredentialsERKSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE -__ZNK13Authorization4Rule21evaluateMechanismOnlyERKNS_5RightERKS0_RNS_15MutableRightSetER18AuthorizationTokenRSt3setINS_10CredentialESt4lessISB_ESaISB_EE -__ZN7Session10authCreateERKN13Authorization8RightSetEPK20AuthorizationItemSetmRN8Security14SecurityServer17AuthorizationBlobE -__ZN10Connection5abortEb -__ZN7Session13authorizationERKN8Security14SecurityServer17AuthorizationBlobE -__ZN18AuthorizationTokenC4ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EE -__ZNK18AuthorizationToken14effectiveCredsEv -__ZN10ConnectionC1ER7ProcessN8Security12MachPlusPlus4PortE -__ZN9XDatabaseC4ERKN8Security14DLDbIdentifierEPKNS0_14SecurityServer6DbBlobER7ProcessPKNS0_17AccessCredentialsE -__ZN7ProcessC1EN8Security12MachPlusPlus4PortENS1_8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoEPKcjj -__ZN5DbKeyC4EcRKN8Security8CssmDataEbj -__ZN18AuthorizationToken10endProcessER7Process -__Z7_XsetupP17mach_msg_header_tS0_ -__ZN13Authorization5RightD1Ev -__ZN13Authorization5RightD4Ev -__ZN7Process19removeAuthorizationEP18AuthorizationToken -__ZN7Session13removeProcessEP7Process -__ZN7Session4findEm -__ZNK13Authorization4Rule12evaluateUserERKNS_5RightERKS0_RNS_15MutableRightSetEmdPKSt3setINS_10CredentialESt4lessIS9_ESaIS9_EERSD_R18AuthorizationToken -__ZN18AuthorizationToken17setCredentialInfoERKN13Authorization10CredentialE -__Z16_XgetSessionInfoP17mach_msg_header_tS0_ -__ZN18SecurityAgentQuery8activateEv -__ZN13Authorization4Rule9Attribute9getVectorEPK14__CFDictionaryPK10__CFStringb -__ZN13Authorization8RightSetC1EPK20AuthorizationItemSet -__ZN13Authorization8RightSetC4EPK20AuthorizationItemSet -__ZN13Authorization8RightSetC2EPK20AuthorizationItemSet -__ZN18DatabaseCryptoCore10decodeCoreEPN8Security14SecurityServer6DbBlobEPPv -__ZN18DatabaseCryptoCore10makeRawKeyEPvmmm -__ZNK13Authorization4Rule26evaluateCredentialForRightERKNS_5RightERKS0_PK20AuthorizationItemSetdRKNS_10CredentialEb -__ZN14CodeSignatures7addLinkERKN8Security8CssmDataES3_PKcb -__ZN13Authorization4RuleD4Ev -__ZN14CodeSignatures8makeLinkERNS_8IdentityERKSsbj -__ZN13Authorization20AuthorizationDBPlist4syncEd -__ZN13Authorization15MutableRightSetC4EmRKNS_5RightE -__ZN13Authorization15MutableRightSetC1EmRKNS_5RightE -__ZN13Authorization5RightC1Ev -__ZN7ProcessD0Ev -__ZN13Authorization5RightC4Ev -__ZN17AuthorizationItemC2Ev -__ZN17AuthorizationItemC4Ev -__Z31ucsp_server_authorizationCreatejj16security_token_tPlP20AuthorizationItemSetjS2_mS2_jS2_PN8Security14SecurityServer17AuthorizationBlobE -__Z20ucsp_server_decodeDbjj16security_token_tPlPmPN8Security11DataWalkers18DLDbFlatIdentifierEjS5_PNS2_17AccessCredentialsEjS7_Pvj -__ZN13Authorization15MutableRightSet4growEm -__ZN13Authorization10CredentialD4Ev -__ZN13Authorization10CredentialD1Ev -__ZN13Authorization5RightC1EPKcmPKv -__ZN13Authorization5RightC4EPKcmPKv -__Z20ucsp_server_isLockedjj16security_token_tPlmPi -__ZN14CodeSignatures8IdentityC2Ev -__ZN14CodeSignatures8IdentityC4Ev -__ZN18AuthorizationToken10addProcessER7Process -__ZN7Process16addAuthorizationEP18AuthorizationToken -__ZN18SecurityAgentQuery9terminateEv -__Z29__MIG_check__Request__setup_tP18__Request__setup_t -__ZN7Session15authExternalizeERKN8Security14SecurityServer17AuthorizationBlobER25AuthorizationExternalForm -__Z38__MIG_check__Request__getSessionInfo_tP27__Request__getSessionInfo_t -__ZN26CheckingReconstituteWalkerC4EPvS0_mb -__Z20ucsp_server_setupNewjj16security_token_tPljN8Security14SecurityServer15ClientSetupInfoEPKcPj -__ZN18AuthorizationToken7DeleterC4ERKN8Security14SecurityServer17AuthorizationBlobE -__ZN7Session8authFreeERKN8Security14SecurityServer17AuthorizationBlobEm -__ZN14DynamicSessionC4ERKN8Security12MachPlusPlus9BootstrapE -__ZN13Authorization15MutableRightSetC4ERKNS_8RightSetE -__ZN13Authorization15MutableRightSetC1ERKNS_8RightSetE -__ZN7Process4killEb -__ZN20QueryInvokeMechanismclERKSsS1_PK24AuthorizationValueVectorRKN13Authorization8RightSetES8_PmRP20AuthorizationItemSetSC_ -__ZNK13Authorization14CredentialImplltERKS0_ -__Z30ucsp_server_addCodeEquivalencejj16security_token_tPlPvjS1_jPKci -__ZN18AuthorizationToken7infoSetEv -__ZN10ConnectionD0Ev -__ZN10ConnectionD4Ev -__ZN7SessionC4EN8Security12MachPlusPlus9BootstrapENS1_4PortEm -__ZN14CodeSignatures8IdentityD2Ev -__ZN14CodeSignatures8IdentityD4Ev -__ZN5DbKeyC1EcRKN8Security8CssmDataEbj -__ZN13Authorization4RuleD1Ev -__Z10_XisLockedP17mach_msg_header_tS0_ -__ZNK13Authorization4Rule8evaluateERKNS_5RightERKS0_RNS_15MutableRightSetEmdPKSt3setINS_10CredentialESt4lessIS9_ESaIS9_EERSD_R18AuthorizationToken -__Z25_XauthorizationCopyRightsP17mach_msg_header_tS0_ -__ZN13Authorization4RuleC1ERKSsPK14__CFDictionaryS5_ -__ZN18AuthorizationTokenD4Ev -__Z32ucsp_server_authorizationReleasejj16security_token_tPlN8Security14SecurityServer17AuthorizationBlobEm -__ZN7Process11addDatabaseEP9XDatabase -__ZN7Session15authInternalizeERK25AuthorizationExternalFormRN8Security14SecurityServer17AuthorizationBlobE -__ZN7Process14removeDatabaseEP9XDatabase -__ZN9XDatabaseD4Ev -__ZN7Session16addAuthorizationEP18AuthorizationToken -__ZNK13Authorization14CredentialImpl7isValidEv -__ZN13Authorization20AuthorizationDBPlist4loadEv -__ZN18AuthorizationToken10setInfoSetER20AuthorizationItemSet -__ZN13Authorization4Rule9Attribute7getBoolEPK14__CFDictionaryPK10__CFStringbb -__ZN7Session19removeAuthorizationEP18AuthorizationToken -__ZN13Authorization4Rule9Attribute9getStringEPK14__CFDictionaryPK10__CFStringbPc -__Z36ucsp_server_authorizationExternalizejj16security_token_tPlN8Security14SecurityServer17AuthorizationBlobEP25AuthorizationExternalForm -__ZN20QueryInvokeMechanismC1EjRK18AuthorizationTokenPKc -__ZN18SecurityAgentQueryD4Ev -__ZN20QueryInvokeMechanismC4EjRK18AuthorizationTokenPKc -__ZN18SecurityAgentQueryC2EjR7SessionPKc -__ZN18SecurityAgentQueryC4EjR7SessionPKc -__ZN18AuthorizationToken7DeleterC1ERKN8Security14SecurityServer17AuthorizationBlobE -__ZNK18DatabaseCryptoCore17deriveDbMasterKeyERKN8Security8CssmDataE -__ZN18AuthorizationTokenC1ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EE -__ZNK13Authorization14CredentialImpl8isSharedEv -__Z21_XauthorizationCreateP17mach_msg_header_tS0_ -__Z22_XauthorizationReleaseP17mach_msg_header_tS0_ -__Z23ucsp_server_setupThreadjj16security_token_tPlj -__Z33ucsp_server_authorizationCopyInfojj16security_token_tPlN8Security14SecurityServer17AuthorizationBlobEPKcPP20AuthorizationItemSetPjS8_ -__ZN7Session11authGetInfoERKN8Security14SecurityServer17AuthorizationBlobEPKcRP20AuthorizationItemSet -__ZN7Session14clearResourcesEv -__ZN8Listener6removeEN8Security12MachPlusPlus4PortE -__ZN8ListenerC4ER7ProcessN8Security12MachPlusPlus4PortEmm -__ZN6Server8loadCssmEv -__Z47__MIG_check__Request__authorizationCopyRights_tP36__Request__authorizationCopyRights_t -__ZN13Authorization4Rule9Attribute19getLocalizedPromptsEPK14__CFDictionaryRSt3mapISsSsSt4lessISsESaISt4pairIKSsSsEEE -__Z32__MIG_check__Request__isLocked_tP21__Request__isLocked_t -__ZN13Authorization15MutableRightSet4swapERS0_ -__ZN9XDatabaseC1ERKN8Security14DLDbIdentifierEPKNS0_14SecurityServer6DbBlobER7ProcessPKNS0_17AccessCredentialsE -__Z36ucsp_server_authorizationInternalizejj16security_token_tPl25AuthorizationExternalFormPN8Security14SecurityServer17AuthorizationBlobE -__Z20_XaddCodeEquivalenceP17mach_msg_header_tS0_ -__ZN8Listener6notifyEmmRKN8Security8CssmDataE -__Z10_XdecodeDbP17mach_msg_header_tS0_ -__Z21ucsp_server_releaseDbjj16security_token_tPlm -__Z26_XauthorizationExternalizeP17mach_msg_header_tS0_ -_main -__ZN18AuthorizationToken7Deleter6removeEv -__ZN18DatabaseCryptoCoreC4Ev -__ZN18AuthorizationTokenD1Ev -__ZN18AuthorizationToken14mayInternalizeER7Processb -__ZN7Session9eliminateEN8Security12MachPlusPlus4PortE -__ZN13Authorization14CredentialImpl5mergeERKS0_ -__ZN9XDatabase6Common6unlockEPN8Security14SecurityServer6DbBlobEPPv -__ZN13Authorization14CredentialImplC4ERKSsS2_b -__ZN9XDatabase6Common8activityEv -__ZN6ServerC4ER9AuthorityR14CodeSignaturesPKc -__ZN7SessionC2EN8Security12MachPlusPlus9BootstrapENS1_4PortEm -__Z44__MIG_check__Request__authorizationRelease_tP33__Request__authorizationRelease_t -__Z43__MIG_check__Request__authorizationCreate_tP32__Request__authorizationCreate_t -__ZN9XDatabaseD0Ev -__Z11_XreleaseDbP17mach_msg_header_tS0_ -__ZN14DynamicSessionC1ERKN8Security12MachPlusPlus9BootstrapE -__Z26_XauthorizationInternalizeP17mach_msg_header_tS0_ -__Z24ucsp_server_setupSessionjj16security_token_tPlmm -__Z10_XsetupNewP17mach_msg_header_tS0_ -__ZN9XDatabase6CommonC4ERKNS_12DbIdentifierERNS_9CommonMapE -__ZN9XDatabase6CommonC1ERKNS_12DbIdentifierERNS_9CommonMapE -__ZN18DatabaseCryptoCoreC2Ev -__Z14_XsetupSessionP17mach_msg_header_tS0_ -__Z34ucsp_server_unlockDbWithPassphrasejj16security_token_tPlmPvj -__ZN7Session5setupEmm -__ZN7Session15setupAttributesEm -__Z48__MIG_check__Request__authorizationExternalize_tP37__Request__authorizationExternalize_t -__ZN14CodeSignatures8Identity13canonicalNameERKSs -__Z32__MIG_check__Request__decodeDb_tP21__Request__decodeDb_t -__ZN13Authorization4Rule9Attribute9getDoubleEPK14__CFDictionaryPK10__CFStringbd -__Z42__MIG_check__Request__addCodeEquivalence_tP31__Request__addCodeEquivalence_tPS0_ -__ZN8Listener8notifyMeEmmRKN8Security8CssmDataE -__ZNK18AuthorizationToken14mayExternalizeER7Process -__ZN14EntropyManager17updateEntropyFileEv -__ZNK13Authorization14CredentialImpl12creationTimeEv -__ZN9XDatabase6decodeEv -__ZNK8Security14SecurityServer10CommonBlob8validateEl -__ZNK8Security14SecurityServer10CommonBlob7isValidEv -__Z13_XsetupThreadP17mach_msg_header_tS0_ -__ZN9XDatabase6unlockERKN8Security8CssmDataE -__Z23_XauthorizationCopyInfoP17mach_msg_header_tS0_ -__Z31ucsp_server_requestNotificationjj16security_token_tPljmm -__ZN16KeychainNotifier6notifyERKN8Security14DLDbIdentifierEi -__ZN18DatabaseCryptoCore5setupEPKN8Security14SecurityServer6DbBlobERKNS0_8CssmDataE -__ZN14DynamicSessionD4Ev -__ZN9XDatabase16lockAllDatabasesERNS_9CommonMapEb -__ZN9XDatabase6CommonD4Ev -__ZN13Authorization14CredentialImplC1ERKSsS2_b -__ZN13Authorization10CredentialC4ERKSsS2_b -__ZN13Authorization10CredentialC1ERKSsS2_b -__ZN20QueryInvokeMechanism14terminateAgentEv -__ZN9XDatabase6decodeERKN8Security8CssmDataE -__ZN9XDatabase12makeUnlockedERKN8Security8CssmDataE -__ZN17SecurityServerAclD2Ev -__Z36__MIG_check__Request__setupSession_tP25__Request__setupSession_t -__ZN17SecurityServerAclD4Ev -__Z32__MIG_check__Request__setupNew_tP21__Request__setupNew_t -__ZN13Authorization20AuthorizationDBPlist11parseConfigEP14__CFDictionary -__Z48__MIG_check__Request__authorizationInternalize_tP37__Request__authorizationInternalize_t -__ZN14EntropyManagerC4ERN8Security12MachPlusPlus10MachServerEPKc -__Z33__MIG_check__Request__releaseDb_tP22__Request__releaseDb_t -__ZN14EntropyManager6actionEv -__ZN16KeychainNotifier6unlockERKN8Security14DLDbIdentifierE -__ZN7SessionD4Ev -__Z21_XrequestNotificationP17mach_msg_header_tS0_ -__ZN11RootSessionC4EN8Security12MachPlusPlus4PortEm -__Z24_XunlockDbWithPassphraseP17mach_msg_header_tS0_ -__Z7initMdsv -__Z45__MIG_check__Request__authorizationCopyInfo_tP34__Request__authorizationCopyInfo_t -__Z13handleSIGCHLDi -__Z35__MIG_check__Request__setupThread_tP24__Request__setupThread_t -__ZN13Authorization20AuthorizationDBPlistC4EPKc -__ZN18DatabaseCryptoCoreD4Ev -__Z28ucsp_server_stopNotificationjj16security_token_tPlj -__ZN6Server15notifyNoSendersEN8Security12MachPlusPlus4PortEj -__ZN7Process20requestNotificationsEN8Security12MachPlusPlus4PortEmm -__ZN8ListenerC1ER7ProcessN8Security12MachPlusPlus4PortEmm -__ZN11RootSessionC1EN8Security12MachPlusPlus4PortEm -__Z46__MIG_check__Request__unlockDbWithPassphrase_tP35__Request__unlockDbWithPassphrase_t -__ZN14EntropyManagerC1ERN8Security12MachPlusPlus10MachServerEPKc -__Z43__MIG_check__Request__requestNotification_tP32__Request__requestNotification_t -__ZN6ServerC1ER9AuthorityR14CodeSignaturesPKc -__ZN18DatabaseCryptoCoreD2Ev -__ZN7Process17stopNotificationsEN8Security12MachPlusPlus4PortE -__ZN7SessionD2Ev -__ZN14DynamicSession7releaseEv -__Z18_XstopNotificationP17mach_msg_header_tS0_ -__ZN14DynamicSessionD0Ev -__Z40__MIG_check__Request__stopNotification_tP29__Request__stopNotification_t -__ZN13Authorization20AuthorizationDBPlistC1EPKc -__ZN9XDatabase6CommonD0Ev -__ZN9XDatabase7discardEPNS_6CommonE -__ZN13Authorization14CredentialImpl10invalidateEv -__ZN13Authorization6EngineC4EPKc -__ZN8ListenerD4Ev -__ZN8ListenerD0Ev -__Z14handleSIGOtheri -__ZN13Authorization6EngineC2EPKc -__ZN9AuthorityC1EPKc -__ZN9AuthorityC4EPKc -__ZN14CodeSignaturesC1EPKc -__ZN14EntropyManager14collectEntropyEv -__ZN14CodeSignaturesC4EPKc -_ucsp_notify_sender_notify -__ZN6Server3runEv -__ZN13Authorization14CredentialImplD4Ev diff --git a/SecurityServer/SecurityServerClient.h b/SecurityServer/SecurityServerClient.h deleted file mode 100644 index 7558af7b..00000000 --- a/SecurityServer/SecurityServerClient.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef __SECURITYSERVERCLIENT_SECURITYSERVERCLIENT_H__ -#define __SECURITYSERVERCLIENT_SECURITYSERVERCLIENT_H__ 1 - -#include - -#endif /* __SECURITYSERVERCLIENT_SECURITYSERVERCLIENT_H__ */ diff --git a/SecurityServer/SettingsDialog/English.lproj/InfoPlist.strings b/SecurityServer/SettingsDialog/English.lproj/InfoPlist.strings deleted file mode 100755 index 89c3cf81..00000000 --- a/SecurityServer/SettingsDialog/English.lproj/InfoPlist.strings +++ /dev/null @@ -1,6 +0,0 @@ -/* Localized versions of Info.plist keys */ - -CFBundleName = "Security Settings"; -CFBundleShortVersionString = "Security Settings version 0.0.1d1"; -CFBundleGetInfoString = "Security Settings version 0.0.1d1, Copyright 2000, Apple Computer, Inc."; -NSHumanReadableCopyright = "Copyright 2000, Apple Computer, Inc."; diff --git a/SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/classes.nib b/SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/classes.nib deleted file mode 100755 index dae612c5aca2d0152968f8204e260723d2b406ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 316 zcmb2|=3oE;Cg!)79P^tDMA$#f`zvCbcXCrhVu69RLgBe1CzLkK-DsDtuHBZ@V_5TD z)OGVriOq-0Zv5NNT&r3CV6Vu;rBRdjg%%yE>&lH>_qgEL&c~H`d!@oQOU=7#CVsn6 z_k5Xe!|mMNwa0fHtvl#7J@cTYu&@xf*12cbiWl|#wY(ix%ha5=;XnTm+x=Ox=TfWJ zWYr1q9|}wnincv}y?=_XukLc$xY8ffQw+W=w)(EX9oy%rUu?Sck&4L|_rFKpfA`Uw zvxil^eDRZ&=5~A1MP{;eehOZ;>*4g@X+e8m ziLYGt^H;QRi>J+-qr2_yng4!%zUIxNHM?K!x+z&Qf8_Z>V MQ|Ph>g9ZZw0P|Om!vFvP diff --git a/SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/objects.nib b/SecurityServer/SettingsDialog/English.lproj/MainMenu.nib/objects.nib deleted file mode 100755 index bfdd2b0cb8682bf196f43bcb1133b4282f197b0d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2226 zcmV;j2u=4NiwFP!000021MOFRY#c`wpFMxYj=z#Pv_%v)qEVF+B0Ei-a4O9?E~cl} zcH4_6pNiIdbMZEJyJl}Mw!=re*V&Z-3Cdv)@s;Wnj7XFmiI7_rq^hnWSqcLR{}rUf zQUnMkQuB|cNFkAYyqVd%ixXV>4+x=sws&`C-n{qbz2AFpY>mBybtk*aG{(?>iu!tc z`}gcok*e<5x38bSfqH|ts_yIEw-=s$d-{9#_4NaT+PAxJ@8d}AMgIlLWgX2{Riuw$ z{V2BA<(nMGIF0`AsBxn+J%N*1$HrR5ZMa617$Kx{BoRM2DxmR{=4dXuO2~$hgq%TM zL9z^j@2rfR+%ZEUF}}5HBr%+Gw6Qc!IJRLPQN+&Rdxj{V=@>~2OiZK=U2_b}^gW*_ z#-}Lk+&Gdrgr}S#1E-S@5z-0@EYq>A^bSIrM-pE$@Z=7`^#aaLSY{G}HB%sO6ucrL z?J=NKK+?LviUHf!rV$}6pjLd&6q~vIVAR2!<5(v8S)o)!B@f6&r1Q`=gbr;hlnNgI zA&rKv$B+U7NPBh1AWo+bi1C2V&%no;m6b9o zH~XFkilT_yIZs-%S;OFpVlKM)kdpWFu?px!J~;sokDM)j0yOR3FE#Z@O;3Z=G&%-P z2lVMkJKIr~(qW757sxN}a?PLbam_sU$}dmlN%f$oL0@F_sDH-uekH6rf39vz85Wfe z-#aJdzFw2N$we1jrDGRD{JBQ9z)}qn+_j%SbxQgb#iY7tU$k=Rq&jWo)UX+3l)^oPuOsgrZIXN3=57Z4`APssf z#w}>!AWU0;v~n|P2;!KS&N?{b!)LoL5h{3m@|$u4iKJ4m9(e4`S;gn$=7rw^TX(?5 z4^wA-69JD87*nF2&mq|a0JEkZdqX&foGdCF-HU;vA`w?<+sob5wzse--Q)uXyv@g5 zr8CYKI^#9iwxm+An6B#pn$yx}!e5&b)l&}zr{;(DFEm6@LD~RmF|0wdPCZ#qi)}9Q zquUXRZofM|9@+e911K7e@}!gCJB3h0fi2O^NXb8S8q}XGMhaD!1Q0Rno?a3ViR6Fx z!~j4`l$WhYD}sA4_f>+dixzX+*_VsqOvj#V>9QXKg>Yw zi}5TtF}ERs?PCVykq_ZS9Qa*_p{56uoZshFtxfKYLvpyvKOkOzdWY|BjGHNo?}WO0 zrLasoKx{lN@DepZ{@mOH17lXsQET8#1V{7BDF1S$Qb8OP-PMKzc|db6vUI$WHK$R9{8o6^TA@(J*uYF$rgF;0h}5t~H^Fk%p{rm0L5A zpGLi)>k9OppS#Mdve4z9n?h(!BdO&ouM<^ye9*`*Y<|g8NFx`A_PdR*xD5}Ml{dL4 zWoyAJM}kj(mR?+<=Sy^g`zy~wlW?#r4_E8M!8|L80X+lP!ael)9&PMX;E>54~tcnYl5*XPso zFxy&{2ICgktL*ma4R}ZTVB!{^fOnhdUv!bT6Vb_idVz;YUR{0K6!0zZaNc#Z@#*bP z(o3?r)oljGB@W+eKlbUo90skAcKr+Q(4stgO?IDX>h1MAId+h^Xz&lXjmHr%oGi9; zuB{`95o2tydZRH-xYk>?i~cCC({f49ZJJrQ>A`8XOkg`@*%@9o_;ms*N0eXhKD%&- zFL!A&hvTNm;9#kZFSTaJtx1mlVDc89Y!AfoY7)#}<&k>Wvf;8XWI*jUlbW3r4dXe@ z#OZ+X`Yd<*IF#mK;s%%4=3qNxn1JkH_B@YqgLO0*F7aV!^(r`O!tEhgnfGAjp6!J6 z2tSPGoHTas_Ry|{9v+Sjndu-9z&*Gy%cXBf;xs-YIu5ki;!gNC$!I#l`oGO?f1S;{ z=zHwu18i1daBn}szTl!Fd;h!apo`|%f{T8@o^a7D>wT2nfd5U{)hMex%(}L+<w@iDWs4>3Mr(JLJBFQkU|P6r2j?wCvXo~l>jIJ0JCga ABLDyZ diff --git a/SecurityServer/SettingsDialog/SecuritySettings.icns b/SecurityServer/SettingsDialog/SecuritySettings.icns deleted file mode 100755 index 51efe9bb460736b422e27bd36a35671e08ea510a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38637 zcmeHQ2Ut@{*Pfd~0-=Kx!HOb?y;o3F6bp(XiXsZ4fGDB@DkvoM-ivf;RumMGj-a9l z%Gy8_D_Gavb=8eX%l*$y2pw0!?|Z)Ie;i11@04@S%$zwh^WKw*#a63*2!;P?v2~vk zLTCxz8d~DNiv1n`cl^g8O)Kkn*MGq4aVH`PV?r(nwCA+H#khYWe+&ODcSNpQya*K` z1axK~gwc6qnwpxLIlN2ay{QGqTbkSMIjO{DhYUm#r#&5S(r2;0e&yyOayF^e*Eck% z=@ZuwQrQTpHR|g(@^0~_FKTSHCVl;;*89}2^jhx#y5ut8yLpOL@{;pul(TJt4NN~cbOD7IqDY>{4gIqHEy#}bC zcS&|9ZWR4zASo{;{i0!Tv%pUnp#zI#uUR-F5_z`)6H)C}A-h-#3o%5jheK~2UXMh_ zU?34i0^ZEm`yfnS+68rzU3+9F+2?@lG@k70GjAat=9(5Ax#bwCjsyu~ALr8mp4wxh`CCwT*{`murf2b#9gV1Hn zy}yp*FNWdx4S2D{aU2!l9OMSCGw|{On}y*xNdm{MZ?h-`z7Tv8ai{@4Kf>pW4+wky24O{Sm{?IAlU!6+L}nVp>p7E*wm{AKuc2^FnADwM zQYoz_l_wLJ#)by{rVh5XHJq@^~4Z@c%YHH0up4C|2wTtxCzCwn2 zwT4uE$kSasRy`5a*i8*;UmL!Dfk~`$NY($U|MhD_a|6@?>d0`>HMEvs5u}^d>iP3IFGDJ@chgt>u6+aKTH31H@>Rc+WNjj}UT}IW-yv7i zH;Z@3$h)-INh~P@OuZ0IY)zP-Pk@0`C=wjZw4bJ+Fu~eeH5ic`o$sduhouk|kS<0R!5P&dk z6K5nq8a{H>3PkopVi=-1?Qx$iGks@t@<|IRDnyZyaNNDhG8?}zk1Hj2110>CsJ!<- z3a$;z#E`xIA0(mq;_ZufEx*6GYIexo|AcF? z6XuO1ND;5@J$d%*P0byv)8|uSO-naHPTJ`kWp^s8UX+&UIJtTo+g=>$gTw`rO0ut% zRpj0EoRd&ou=dUdUnGHT&Ce^ikbkSr!0AekXUfCCDG)g;F)=FrEK84h`Bk;;@wi%3 zU@pGM-q^l!7Lq?48QsL%Rd{i-FA`VUW}UWJ6b(OMcjVwCzbgd?d=Yt|c~}q=2~nrG zoi{`(8F^`gyb*=G`ap&b3klNp=2;@eh@xxjAyQzY>nRx)62eT1tq^5#$)zJyFGL=* zFMdC)y;c<1kkHVS;*zNlx703kGQ_PdI3$SZoA2Lr^h6ZF_3jaLh@6${Du&R2lOJ3> z5m{{Oxh*b;g6ZY>$}$mYwAXNml(n-T1d*hrX~Dywx2UR;&|4}eV<$yIrzQI;!w0r{ z4*4YdhJFle)sFyq(2upP`mtTVRX;F7KPY_tpjgY1NG^yZ4YC&?jE4Xy2ca#5@nArD&$dH{&S$dn!V)Od8^50J|yDJ%eDzy4FZ+(&Z7| z(?!xY@*~GyR^?x|e~N@e@ot0^Y|hHJ$Mdg5S6p{JI96~j>)v0Dg~Rxov{7f}5e}5%5UTw1Q^DT$8r~eS?9D+n5Kfd*IGIzH|B=f>Wa_0;Q z{Djueq}F{|Yc7G`I;V3ix}@LkoPKF!7y7%ucFJ%^w=;XB@d?sDmRIrDL`S-$FCms* zK2tWeuIMb;ck9SEQ{U`oTTNF`Un(*68J#hSY#ZDQpGf-R> z>LmRNzc+j(Y-TMwrM zyh0t`N%VGN2V7-3r1WsffQ@Z?u&^Q4nwk|vOePX@FfleZ*=BBOX<=eyuvS;+J(AwI z)qM9srdM!KNN7l)pYs7L6N43-UL(16##V=Y!(tN?QxfCi5{@4`ksK4q+-bC0w-zbr zZr|e^6qA$~73}NEJYai}=^A(>;pE9^kKG$qJx7DL?Q{x>IU4EjxXWan?(!vzm#kQA zu+7#rA|*A}W&7&sPmu6#JD($Q5$@I-mrs$SyCMc==Ff9uc8N|0|XIM`|6!~%_pgP&-jOPY0F7@6U44_69p-(V&BO?8WRG}Le7Y?>1xOdDhq?ML{sj%9Igp1h0!7bd4dRv-DU52 zh=n26Whf78UfseZ13JRu5Hx{QaE{{ykP^d0d8zb?r!LwIfe13pDj4h^=BAyp90ci5 z@e*hRSmFC#4xWdwXoN;F5ktT_KU9waSs@)LV9rR8Y*KJ+yBtKwL?Ti6m>QkoGLvWt z3_%uHc@uQ$Q<94V7Qr*eDKSF)1b zyzahyR-1F!U_Z;<%ge{x%gghKzk7Vf#q7L-!ou8(r;}69WaN5nCY7U!O1_mfRrzt* zS5E8=seAgg^2Gj~4lV>2A1^Qen4NoL&t1&Q&do2nTy*~E*|WLX&bzLFy>LO3q@1c= z)ZWQU2t1t^?fLleqsK+DTXx#BcAM;V_w(_Nu`_dt&$w_gJ2$VO_-fASbLp2;?VzNh zGnzs+y;fWICOt6Pa9e16^5aLdGd5he1MOiuW#bkRSS=tJ%8b1 zR!(mIrQ)27^pY&c>xfKY-hIY=PLBy$gpin7SvB*%Qh|?C@Ue`XoO205e*V7EE{i7k zpEz^weCEZRoVtEFvsuIlll z+Z7L=`0JWjyE!?zdjLL7bqNVF zlP^E6t$SHl`;1jH;rY`iPoF=1TK%A^>Ry)9!p%GEz5GK%!@`b4g!;K2ve|RM(IY%2 z`gm%3MpjaGW=7Dk0;IuADSuX5_x!=b>PIzCpMxMTp4ZeodGe^L@_uC@)7WI6Pw&WVVL`Dh+9=6cQZr*yX><{Wr5<@EW4tlWf%3HeAcJpa-2 zn$n5~PoFdED6ihUe*1>`R_#^Y^M_T{cPeh*KJK~8+S>N8o2NSy${+R&jEaqoyS2+T zD&hFqsEhfLA*1t!^5QLPFv-x7|LWv2iD^CwSV^ za*;&%^~yUXH}Bl5d{F(6=#OX5SkGB6Mm>LCbF-|xr2M?Ig@aE-9287QOagm!{A5bP zg#+6?10tg@lzaG_N_F+aM~_%F z=n3<&@{^j1!fQnpnckbNoI?}9N*#|s;^pM%j zr1VDlt%}=s?%uBgd4SNvN6s}PtIM*l=D*0_yJ?qmXk6?Oufq<`?!gg}(ZT-ayAHYd zx}L4@I=F?Ni=^xe%QEvWmz0#2->l$LsjRAGKESFUu&PJgE51;i`~2eGb=!8^+SD=S%5Bkz}G zXXlkY@iWsgFgxHK9_jDy?&2L1li+D?x$gke>)^4Q3Hvq*=OHQQqHDz$^DY%%zFKmP zOXauUZnN&7d(68dZWdn1%YK(>WMpW%``{s#r+-xJ(P%GES98m~c8(s0gRWh1w;G?1 zB%KRO^3$^O3X6)bfGDM9<>j}S71(bT%-=?q7iZ+;2o()Q~2xDsQu-_a#B?|NSBb|rEF65kblCco(7ne+?9 zByj0caWV7C=&L1HuM}pbW#pVIsf%>ow9&-!pnppCrJ|xsg@u=ju16a0cZn{zTAJ#< zfm(>f41$lR<`ib9pFNie9gtVxd`Y!1Kl}W-jI50OKc58c+O=oz0k??LxkZ;RU%3jE zyme%)V`65}LK#`Hal0^BFatZhKqV z?6Y<9gCeEnw{DbVo=uE!Gzm}3F1mKDG$Ul=ltJ?OX#SqK)MF{>S$R1b8R_X~)6Sne zn~|Q8nVoeZJ^#07wXu8c_8&Ox8FRk4wCF-gu$Pmqxzz#Bqi1poj^~wK%SrdMT)z;k z;PwOli7Clx7jkoQb1o2tv$L|ZE@q?_yvVzH%;w;s!z?$jTH$^y&%l_oS*(2?fl(>x zg_+Fw8>MAs*G?QZEkKN6wh2io$;VEBiO*(UoS2!JaW3s-O5wAFy}r!Dj{Emm?X)`R z5qUEE`tADc- z|K_nBmNvW1w;65S#fr`-t%Nz|-rcHl51a6Ww2ZuxQV-X-n`O7|R2^|P0pl^voD~*& z`e=}cZ(>r6Yjjd#{P~;bkHnvfx6xc-uxjH0C-3O9#kcNNR#jJ3Rz9row~arM!t^Qo zE!Hix_;yillD_)vTr}UpJH{tDE6&r=H97f^U3_Bvsau)hCaa8emFP+n)He78#im`p z0~61qikgSjk1GSLgZ=jF=;htZV}_l5km$Tfk&%bwtb!u~Bi-$H8athgG2NMv7<)0( zS9hSGAlVrWUl$mcd?G0zx9)Y`##^7r7ITOy!q%oGVPD2wNHY#*jR1YV(wI2dD1Ps z=(h;>Aq7ZERnN}a!bERHOu{zPL&s0W9WM_W1BDGv?N`>=U~K-BZKD?avF^?D$gLI@ zI}UjVpS*wFCH#0zT*UH1B)R+0PGbY@U8h+l+x;r?B2E{Ds=Fhl%~?BU8SmO@a-VIh z=JL;9f4z#{W_8dzC@LTW@}t!O@yGCW|vWAo}I{wK}0?@E4uaO>d!$H`E7 z+tuCktoK+Mma-jGJUdXqi@wdK1q)n!!=l4e?%#0>N_=|qh-E$!o3U=U zB{Ij=YInHozN=*in91eV?_N);acBwQUdV7AejiB_+N&AoNIN_>G!akBEx0 zK<|lpNKAF1v6-$;OuUKN!L&D)v#3yXeb_E7o4poGGTCRwn%6NG3Nq*y26 zE=Y8idth+L^`~cCj@+pB4_uv#M3uBQtlp3e4di~QYV$;RP$W8N#>U+{m%FoTr)ob6 zSS1Ce2JZ6@2uy!+%Q5`atE33q93(n-;hK#)4yX5TH;;Q2vr-`diHOeJyhF#6{bK5} znvhkpE&vd3@%0Ugxc@A|JLci_AkX<(NK8w6?UoHIqZ3Wc4yFCETb&+=gyq)l(D7zJ zo3iw6?CRlAim~0tJ20@gHpeNVur4CRGz*C?S#P>s&-Apb@%D&{%LXbz+(N6Z+3#j7 zc$=_B1qvw~^z-xyOnzGB8g%US`3NQyT5Yy%>oWI~JIt()y?0+M0fpq(?_9r`&0aCH zohWyl3l%XqbZxM zJ3TMmK+P42t#Ng8_Ycf}S?Um)^ET;-)kP#ScaxR&zErzy=0{&7t{xJC7z@p|n6ud{ zXJ0K`KhYJ557XV@>=l^w?3tHO?91!XE;5-&WZ`CG?eL_n+YhJxxo18D%1kjdHDj|^ zPrp{GKiLh52~OGV<{wh=CfzBbqAohrAQK5MHdR)NMyy9-8vhOI-6_@zIJcxgb2jYGF^LteNN5d=>c_dC?d1@ zu(Ov($zSCMLks@8bZj3KS-aP4(cyS=3+tFyM^?&&BjJgwcj;#lW!@Z|FXw^87Vma+ z_e_5G*26pTef2rdF= zilv!j~#~!6R4`mRscS ze}%fly?tHit8@m5Xc!sjg*lm+dgj(_pF)Nb^Ve_nhw-`eam)%OZzQtZp5;^Z`HF35 z**`^I)6O8_MJCJkgqd4f1-wYmSBOGF%Z!8B&nIiYJ+7ky*(Vs=yJmcPdDtiIpB$(0 zsi48y8<%-`ZZ9fszn_E??(aaBV}| z@o+h0-l`Q-W=x}fK_rDCqB!FHo%vsZlBfL(l&mx5TTrr0Z&32!UZ7;g*509HN_Qw( zo(CmUWdTY)&>2b=6>Wo(RmsBbP%;bfIsl^E;bcr?*ew{zJUE$)xw863}E0q<}4e3=}S)4B)Rm0Ll_PKv{$kk~A3rWr9L0oJ?k1M?$S|G68u5 zo=YR}YA%!v*Gxz&d&>oQ#p0j3Hqz$jrl!Atwk*?uZ``4MtL(@nc@5 zb^w_uGviwT@_=sx$bxMEGPE(#Wgm&dp~%b{>~Y^= zN6zmbj+~j5^$SP-g(G*tk!5?tkzvi}@(W7-1ttH2l7B(Tzo6t_Q1UM*`4^P@{|HJR z{w*k3xi=_Tyk{tR65Y3VC|Rxxlnmc0!&fr6ab$pB zi9-f>F3DUBSztL2LuLUqNI=L8!Xug1>XD39baO~1cW_9?NRr@?JiOf@nMMYOWGTKw zGVmfClKB8KK#zn&GL-;$xem#Ibpn7)7i@D##;Bp-@r(g5%5zBuoOJ$mM59x9F3Hh| zB*^vQ9l>)(CXpdgpw$@}5OTs7c{)hn?u$&hh8TldeUSkO#*TIZk0FNZha3ygG6=G{819-SEg$o+TLGd>KV*;cV z;HA>}xG{JR3y)|AjxnBGT<>FW9!CRW5QFb}3~)Auj~Rndq6B7)wPD6U8{=cf@FjUn zw42W{6KHotjOA3O_lg+b+1I9!90T_deecybJq4yN~1sDtT3o!1d-*NE&OThT`4+6&XxPHf6z__-q?&ko; zq?fN=F<+~_c@2nhzZ{QU04@H0r{kZ97T@oy)A9c>T3p%D>G(U*Vws+tj)9H~xEy~U zR4migU>_9shDW{^fT3%kB7=+i}0#j%~Q7+RW>8stx*qKoT3Z*wn?>557F@ zV5BjOLHdER{mx1f9&ZwP`NiK~8;MZ=*P~otJ!M+I$$l>ZiN(G*{_J#yA*bO@zV*2F zqeZ@#QeW~3O!j+BoFRj^G<^P0_u|#Z&)fqgIiIfX9`ax41&OVt#0fY}f8I$8urXhw zt8aB6s_4llII4&9_sIpVXSejFUf)%Qq~Q4$PS$C7e9BTweV*pxWh<5~($tu*KFq;h#n>pQ*WgwXV)GtwmbPb#!#J=FT-f_a_MU_8@T*$A2uS zo`Yk9*x74mELf?tVCtBWgXLuvhp9}MqqTJLT=o68An{Y6^nXqOx!5M0^WJxk`tqf- zRpcdv=u`@oDj*~-Gkk)E*8CYOPQq!lA8p`tv;Ry3FdW%9=gIy_^OwvTCC#9c$?)I< z0+}KpEIn+Z`uyqh$A2P_SH6OCt;{DaSU6cxmx6SXl-fJ4Xa={fP@QRajPe+T0nM$KgQlD9QhX0OTEP zyy?Vj&3S4vf>d%FcR~c>hAJehJax|W#U&j4jgG+27XTY_1;_6$*VG&QChLCa34xzF6<{RF#HV;; z;Npejrs&uAx_hf3cLN zlYd?VU}U;%LJQ~2GL6v#gt*o3${y~a0myX8VN>R6<>Sr%0~wT`$Dc$I9+{6f1}&MP zBte{1)vfkiaXSE^dMxPqJXaCgd6x*7p*CSM5(~P7b?(ALb9W# z%@1qB^T$dF{(#nRf@!u_GsmKcb zqya#pGGtZMH&(**H&P1DSolW3$TVqHzefD#x;eoACrtq)3h|<>oMp_9_(w~5#q5je%rY~9J z^%?)_H&C#r`G+Jqdw1fM%4dH*uX@yi|K+T|Y{qaHsy&kX;Yf@kC_Q|t)+(do7X0m2 zNwBcfRR&Nykf9G;9De^Z?EhNBr?a-prwjr6({oF8DEVENF#Sjjo~XG>-@X>-RN4h* z-F|Q-X@?T8c4UdMtDMqmT2FIr6`-LqKvO~FC#gRiNGKqtFh+g3oelG#G;&J1Je;R*GKtxV;=CUQ(>L|HoKm61Q2Wd~P zk5eZ7r2a=3l_8@vWs$B~2KQKCU_$gY=O*hj|B&5wzHL|a!Ne)JKP6yPLCL`r=5Ng4 z!Y;s}1wa6Jf6>MaE}Hm>{K!u>#Nn1dA;8L7P<+ss`B7iEq=_G6fd8(6dsuR($j9?~ zF%>^36Tx3>;ApEiTxAEj~HM8v&Z%LNyb*c6vB5?UD%r4+|Hs`9jO=@kA z{r)nO_+6e3;jL!xYsDWB03%TaC5G(h>0W){y7eZfdQ|#*K7c-S49y`zKf?rJB*wUH zK2Ld+|Jb!^jmxth>tFw%-30P7-%UCF=KXiXZ31-25@E=y%=f3C4Su#qj zxAj`L%JvXJb?ed4e18+OZU@zNQ}GJS4-0!*cu^<(kzDSo?_ic~+= ze}E<{1pd+YA^7>>r2v(FU=RT33kg|CiPHA$^~J3I1g5_g(mZVJ=xPcjnYd6DLkS@^Ac` zj{^z{>;Jwg0DRdpu#*D(Ui2T8Qk4Ahw9 zkd>j-A3u9}Evc`oUj7tE|0-oJ(8QESaS?SXxwwP8SrBT>GXY zFT8rUjnj@zE>Ao5*o(OYT;G?mPn3ZfP$aUwSK0pSbTlU`$%ug44@E#wWYpdc!hvVZ z{;gY#Hf(aZ(m|?*!+qX<@c1j{x7WYYOn31twL#)gCBoZ6NL>Cf@mp*B@c!Ty!wu{7 zRx>-=<-)=JYJZwxyZvcCwsy&!@xulPa~%N4RJw@dB)3QH&GY-d^?IvU>8#jP$(IN| z|6J9N{Xa(60B;(8czVm$u`5=B5rOj^mf9fSVEdifG?N7GuC(Ow2`juh*= z0?-W0+WV4ob=|y)z+RAOP{P-MN@Ix2s(1j&O6!V)0|9WuZ=us+TCN1vt3x8~jzCVUF?Py?XOy`duO!(e# z%_;DQ9-xa3E^Oz&PkE5M!cdi&o#tgunoM6C09)3se0X!3&TJJquI_P%GdN+u`cP=V zv9>1qx^Kt;2??1YYBqnh#er~j^ZIH5F~ys0mBT+A)|xU*vV%1t1fbAFx3-P8CND(^ z218s&Um4c74!}rD|7s)iH9}{mvP|d23`;;8Yn&a{sk{DW?v zOaL4w&|!kF-KoXf%Xcv5+y;Yc~5#n?zO+;p>>Nu^AHt^xZzH|VlkkGD0pWT2Z#;3|4%7P`W1Jvr$PF(w3H~GsT|`Pj&FWeQ0ZNDeXa``}y7um8`!1g~ zitxGZ+Wk;}ntz*?zFNQq8^J1z%MDiE(qZNPaea5y;n$$&PmF5QzPhe5iF^&&2RXaLax3d1IL0IyqOM0@DFo;h=4F>FW?pDf;#qN_1RzGom0!^GNVpuhCE zU_1B#2}{Wj9^ug8F>#)3cisI4dpO0$q#b*EXQw@V#DJa`(ile7`?FQjFXmvN38P31 z0fnKO*V=jp&mZ_>+YpSN*fxMTB^xv+4DMwg0~S#EZY%$KOIZT$f@u+!hH{EZs|)xl z%sC<7v-rKW0VbN=*8KIs+?l^8?StYNWevan^_KEH{-A+k(jdT!)Yb(|le?VAk8}W> zYgE$4|B+djnZJ|JnAB;0OEo&d`h@V!g>?Z#Oj>^M$ax7o0PnN;j{%VwX+#_D)qEPX z4`%*uwwEUcS(jgZyd`WPx0Zwk(1pbZ3>>Pg?hnh8mQO{Ce+&nQgYBR5>;K`9HcUM| z4t_!cp>{=SIl|*l?AxiZKa(A#Gy{!UB z$_*VgcKq0pijv=G!LBU;-7l!@Q2hJnSLu5;tkRqS7}huX4pV;0*T7q2+HTSM zBC;bUYiO_3U9oVQG7P?NsxIv)-vHNX!2Yzoo?J^z6`;`sxZl`lllb2*K>b8zM@*Wl zrM*NGMh>)TJIx--lFj(rR>6M zZ}mQqz{a=Q%I4@1(w+DdL%B8d%&Ny&;7=8jR2VU4!bBK2|E{^1_(h%q{JvpmSN=Q+ zdSugkBr$)ANDUk^eE48F2?l)G=-X|Fkq>a!8JxT+J@D_HO|L1?YZRD2r3Oe#h;YAa z)N4*|0)}aFCkysL)xq8C|Lw9prxF4P(1jR6FmApBy~YNYH-7o>$2pCWgF5S9&(yyo zmarZ0%|+``^F}Et{M%UhS6ZzZxFd)69k+ik0?(<$C8ZRG4j&>X zM*D`P{&z|pa`47Yhlt)UiTMile1irLloI~_S+;k2Kbk@q3?cCW^71k~aPmjX_cuRi j3jqd8ON%pT|2A0r%d4mIyw#qBq_{8v4fmAe8*%>!!Kmtz diff --git a/SecurityServer/SettingsDialog/SecuritySettings.pbproj/project.pbxproj b/SecurityServer/SettingsDialog/SecuritySettings.pbproj/project.pbxproj deleted file mode 100755 index 8a2098fe..00000000 --- a/SecurityServer/SettingsDialog/SecuritySettings.pbproj/project.pbxproj +++ /dev/null @@ -1,336 +0,0 @@ -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 30; - objects = { - 027CEFC5FF37673611CD287F = { - isa = PBXApplicationReference; - path = SecuritySettings.app; - refType = 3; - }; - 027CEFC7FF376BA311CD287F = { - isa = PBXFileReference; - path = main.m; - refType = 4; - }; - 027CEFC8FF376BA311CD287F = { - fileRef = 027CEFC7FF376BA311CD287F; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 027CEFCAFF3770A311CD287F = { - children = ( - 027CEFD0FF37724411CD287F, - ); - isa = PBXGroup; - name = Headers; - path = ""; - refType = 4; - }; - 027CEFCFFF37724411CD287F = { - isa = PBXFileReference; - path = SettingsWindow.m; - refType = 4; - }; - 027CEFD0FF37724411CD287F = { - isa = PBXFileReference; - path = SettingsWindow.h; - refType = 4; - }; - 027CEFD1FF37724411CD287F = { - fileRef = 027CEFD0FF37724411CD287F; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 027CEFD2FF37724411CD287F = { - fileRef = 027CEFCFFF37724411CD287F; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 043355C9FE30361CC02AAC07 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 080E96DCFE201CFB7F000001 = { - fileRef = 29B97318FDCFA39411CA2CEA; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 080E96DDFE201D6D7F000001 = { - children = ( - 027CEFCFFF37724411CD287F, - ); - isa = PBXGroup; - name = Classes; - refType = 4; - }; - 089C165CFE840E0CC02AAC07 = { - children = ( - 089C165DFE840E0CC02AAC07, - ); - isa = PBXVariantGroup; - name = InfoPlist.strings; - refType = 4; - }; - 089C165DFE840E0CC02AAC07 = { - isa = PBXFileReference; - name = English; - path = English.lproj/InfoPlist.strings; - refType = 4; - }; - 089C165EFE840E0CC02AAC07 = { - fileRef = 089C165CFE840E0CC02AAC07; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 1058C7A0FEA54F0111CA2CBB = { - children = ( - 1058C7A1FEA54F0111CA2CBB, - ); - isa = PBXGroup; - name = "Linked Frameworks"; - refType = 4; - }; - 1058C7A1FEA54F0111CA2CBB = { - isa = PBXFrameworkReference; - name = Cocoa.framework; - path = /System/Library/Frameworks/Cocoa.framework; - refType = 0; - }; - 1058C7A2FEA54F0111CA2CBB = { - children = ( - 29B97325FDCFA39411CA2CEA, - 29B97324FDCFA39411CA2CEA, - ); - isa = PBXGroup; - name = "Other Frameworks"; - refType = 4; - }; - 1058C7A3FEA54F0111CA2CBB = { - fileRef = 1058C7A1FEA54F0111CA2CBB; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 19C28FACFE9D520D11CA2CBB = { - children = ( - 027CEFC5FF37673611CD287F, - ); - isa = PBXGroup; - name = Products; - refType = 4; - }; - 29B97313FDCFA39411CA2CEA = { - isa = PBXProject; - mainGroup = 29B97314FDCFA39411CA2CEA; - targets = ( - 29B97326FDCFA39411CA2CEA, - ); - }; - 29B97314FDCFA39411CA2CEA = { - children = ( - 080E96DDFE201D6D7F000001, - 027CEFCAFF3770A311CD287F, - 29B97315FDCFA39411CA2CEA, - 29B97317FDCFA39411CA2CEA, - 29B97323FDCFA39411CA2CEA, - 19C28FACFE9D520D11CA2CBB, - ); - isa = PBXGroup; - name = CocoaApp; - path = ""; - refType = 4; - }; - 29B97315FDCFA39411CA2CEA = { - children = ( - 027CEFC7FF376BA311CD287F, - ); - isa = PBXGroup; - name = "Other Sources"; - path = ""; - refType = 4; - }; - 29B97317FDCFA39411CA2CEA = { - children = ( - 29B97318FDCFA39411CA2CEA, - 089C165CFE840E0CC02AAC07, - ); - isa = PBXGroup; - name = Resources; - path = ""; - refType = 4; - }; - 29B97318FDCFA39411CA2CEA = { - children = ( - 29B97319FDCFA39411CA2CEA, - ); - isa = PBXVariantGroup; - name = MainMenu.nib; - path = ""; - refType = 4; - }; - 29B97319FDCFA39411CA2CEA = { - isa = PBXFileReference; - name = English; - path = English.lproj/MainMenu.nib; - refType = 4; - }; - 29B97323FDCFA39411CA2CEA = { - children = ( - 1058C7A0FEA54F0111CA2CBB, - 1058C7A2FEA54F0111CA2CBB, - ); - isa = PBXGroup; - name = Frameworks; - path = ""; - refType = 4; - }; - 29B97324FDCFA39411CA2CEA = { - isa = PBXFrameworkReference; - name = AppKit.framework; - path = /System/Library/Frameworks/AppKit.framework; - refType = 0; - }; - 29B97325FDCFA39411CA2CEA = { - isa = PBXFrameworkReference; - name = Foundation.framework; - path = /System/Library/Frameworks/Foundation.framework; - refType = 0; - }; - 29B97326FDCFA39411CA2CEA = { - buildPhases = ( - 29B97327FDCFA39411CA2CEA, - 29B97328FDCFA39411CA2CEA, - 29B9732BFDCFA39411CA2CEA, - 29B9732DFDCFA39411CA2CEA, - 043355C9FE30361CC02AAC07, - ); - buildSettings = { - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = app; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXApplicationTarget; - name = SecuritySettings; - productInstallPath = "$(HOME)/Applications"; - productName = SecuritySettings; - productReference = 027CEFC5FF37673611CD287F; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - SecuritySettings - CFBundleIconFile - - CFBundleInfoDictionaryVersion - 6.0 - CFBundlePackageType - APPL - CFBundleSignature - ???? - CFBundleVersion - 0.0.1d1 - NSMainNibFile - MainMenu - NSPrincipalClass - NSApplication - - -"; - shouldUseHeadermap = 1; - }; - 29B97327FDCFA39411CA2CEA = { - buildActionMask = 2147483647; - files = ( - 027CEFD1FF37724411CD287F, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 29B97328FDCFA39411CA2CEA = { - buildActionMask = 2147483647; - files = ( - 080E96DCFE201CFB7F000001, - 089C165EFE840E0CC02AAC07, - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 29B9732BFDCFA39411CA2CEA = { - buildActionMask = 2147483647; - files = ( - 027CEFC8FF376BA311CD287F, - 027CEFD2FF37724411CD287F, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 29B9732DFDCFA39411CA2CEA = { - buildActionMask = 2147483647; - files = ( - 1058C7A3FEA54F0111CA2CBB, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - }; - rootObject = 29B97313FDCFA39411CA2CEA; -} diff --git a/SecurityServer/SettingsDialog/SettingsWindow.h b/SecurityServer/SettingsDialog/SettingsWindow.h deleted file mode 100755 index 377c3667..00000000 --- a/SecurityServer/SettingsDialog/SettingsWindow.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#import - -@interface SettingsWindow : NSObject -{ - NSWindow *myWindow; - BOOL securityOnOffSetting; -} -- (void)cancel:(id)sender; -- (void)ok:(id)sender; -- (void)securityOnOff:(id)sender; -@end diff --git a/SecurityServer/SettingsDialog/SettingsWindow.m b/SecurityServer/SettingsDialog/SettingsWindow.m deleted file mode 100644 index 12aa56f2..00000000 --- a/SecurityServer/SettingsDialog/SettingsWindow.m +++ /dev/null @@ -1,53 +0,0 @@ -#import "SettingsWindow.h" - -// @@@ need to add code to remember the radio button settings as a pref - -@implementation SettingsWindow - -- (void)applicationDidFinishLaunching:(NSNotification *)val -{ - [myWindow makeKeyAndOrderFront:self]; - [NSApp activateIgnoringOtherApps:YES]; -} - -// @@@ don't need this right now as the nib is connected to terminate -- (void)cancel:(id)sender -{ - -} - -- (void)ok:(id)sender -{ - int status; - char commandLine[256]; - - strcpy(commandLine, "/System/Library/StartupItems/SecurityServer/enable "); - strcat(commandLine, (securityOnOffSetting ? "no" : "yes")); - - status=system(commandLine); - if ( status ) - { - NSRunAlertPanel(@"Alert", @"Error executing the enable component.\nSecurity settings not changed.", @"OK", nil, nil, nil); - } - - - [[NSApplication sharedApplication] terminate:self]; - -} - -- (void)securityOnOff:(id)sender -{ - switch ([sender selectedRow]) - { - case 0: securityOnOffSetting = 0; - break; - case 1: securityOnOffSetting = 1; - break; - } -} - - - - - -@end diff --git a/SecurityServer/SettingsDialog/main.m b/SecurityServer/SettingsDialog/main.m deleted file mode 100755 index 2bc3a7b6..00000000 --- a/SecurityServer/SettingsDialog/main.m +++ /dev/null @@ -1,5 +0,0 @@ -#import - -int main(int argc, const char *argv[]) { - return NSApplicationMain(argc, argv); -} diff --git a/SecurityServer/StartupItems/CodeEquivalenceCandidates b/SecurityServer/StartupItems/CodeEquivalenceCandidates deleted file mode 100644 index faf851b4..00000000 --- a/SecurityServer/StartupItems/CodeEquivalenceCandidates +++ /dev/null @@ -1,33 +0,0 @@ -/System/Library/CoreServices/Finder.app -/Applications/iChat.app -/Applications/Internet Connect.app -/Applications/iSync.app -/Applications/Mail.app -/Applications/Safari.app -/Applications/Server/QTSS Publisher.app -/Applications/Server/Server Admin.app -/Applications/Server/Server Monitor.app -/Applications/Server/Workgroup Manager.app -/Applications/Utilities/AirPort Admin Utility.app -/Applications/Utilities/Keychain Access.app -/Applications/Utilities/Keychain Access.app/Contents/Resources/Keychain Agent -/System/Library/CoreServices/loginwindow.app -/System/Library/CoreServices/MirrorAgent.app -/System/Library/CoreServices/SecurityAgent.app -/System/Library/CoreServices/SyncServer.app -/System/Library/CoreServices/SystemUIServer.app -/System/Library/Filesystems/ftp.fs/mount_ftp -/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/Support/AEServer -/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig -/System/Library/PrivateFrameworks/InstantMessage.framework/iChatAgent.app -/System/Library/ScriptingAdditions/Keychain Scripting.app -/sbin/mount_smbfs -/sbin/mount_webdav -/usr/bin/certtool -/usr/bin/crlrefresh -/usr/bin/security -/usr/bin/smbutil -/usr/local/bin/cmsutil -/usr/sbin/pppd -/usr/sbin/racoon -/usr/sbin/systemkeychain diff --git a/SecurityServer/StartupItems/Localizable.strings b/SecurityServer/StartupItems/Localizable.strings deleted file mode 100644 index 2d6f3c5c..00000000 --- a/SecurityServer/StartupItems/Localizable.strings +++ /dev/null @@ -1,11 +0,0 @@ - - - - - Starting SecurityServer - Starting SecurityServer - Stopping SecurityServer - Stopping SecurityServer - - - diff --git a/SecurityServer/StartupItems/SecurityServer b/SecurityServer/StartupItems/SecurityServer deleted file mode 100755 index 62fa1787..00000000 --- a/SecurityServer/StartupItems/SecurityServer +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -. /etc/rc.common - -# we could make this optional, but the system depends on SecurityServer A LOT... - -ConsoleMessage "Starting SecurityServer" - -export DEBUGDEST=LOG_AUTHPRIV -#export DEBUGOPTIONS=thread,scope # only useful with -#export DEBUGSCOPE=-mutex # debug-enabled SecurityServers -/System/Library/CoreServices/SecurityServer -X - -if [ ! -f /Library/Keychains/System.keychain -a -x /usr/sbin/systemkeychain ]; then - # no system keychain; make one - ConsoleMessage "Creating System Keychain" - if [ ! -d /Library/Keychains ]; then - mkdir -p /Library/Keychains - chown root.admin /Library/Keychains - chmod 755 /Library/Keychains # do NOT make this 775 -- Security! - fi - sleep 2 # give SecurityServer a chance to come up - /usr/sbin/systemkeychain -C - touch /Library/Keychains/.fixed - -elif [ ! -f /Library/Keychains/.fixed -a -x /usr/sbin/systemkeychain ]; then - # temporary fix: replace broken (early) system keychains (missing db schema) - sleep 2 - rm -f /Library/Keychains/System.keychain - /usr/sbin/systemkeychain -C - touch /Library/Keychains/.fixed -fi diff --git a/SecurityServer/StartupItems/StartupParameters.plist b/SecurityServer/StartupItems/StartupParameters.plist deleted file mode 100644 index 8f4fd0e3..00000000 --- a/SecurityServer/StartupItems/StartupParameters.plist +++ /dev/null @@ -1,10 +0,0 @@ -{ - Description = "Apple Security Server"; - Provides = ("SecurityServer"); - OrderPreference = "None"; - Messages = - { - start = "Starting SecurityServer"; - stop = "Stopping SecurityServer"; - }; -} diff --git a/SecurityServer/TODO b/SecurityServer/TODO deleted file mode 100644 index f3d66f72..00000000 --- a/SecurityServer/TODO +++ /dev/null @@ -1 +0,0 @@ -SecurityServer is a work in progress. diff --git a/SecurityServer/acl_keychain.cpp b/SecurityServer/acl_keychain.cpp deleted file mode 100644 index eb8408db..00000000 --- a/SecurityServer/acl_keychain.cpp +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_keychain - a subject type for the protected-path -// keychain prompt interaction model. -// -// Arguments in CSSM_LIST form: -// list[1] = CssmData: CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR structure -// list[2] = CssmData: Descriptive String (presented to user in protected dialogs) -// For legacy compatibility, we accept a single-entry form -// list[1] = CssmData: Descriptive String -// which defaults to a particular CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR structure value. -// This is never produced by current code, and is considered purely a legacy feature. -// -// On-disk (flattened) representation: -// In order to accommodate legacy formats nicely, we use the binary-versioning feature -// of the ACL machinery. Version 0 is the legacy format (storing only the description -// string), while Version 1 contains both selector and description. To allow for -// maximum backward compatibility, legacy-compatible forms are written out as version 0. -// See isLegacyCompatible(). -// -// Some notes on Acl Update Triggers: -// When the user checks the "don't ask me again" checkbox in the access confirmation -// dialog, we respond by returning the informational error code -// CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT, and setting a count-down trigger -// in the connection. The caller is entitled to bypass our dialog (it succeeds -// automatically) within the next few (Connection::aclUpdateTriggerLimit == 3) -// requests, in order to update the object's ACL as requested. It must then retry -// the original access operation (which will presumably pass because of that edit). -// These are the rules: for the trigger to apply, the access must be to the same -// object, from the same connection, and within the next aclUpdateTriggerLimit accesses. -// (Currently, these are for a "get acl", "get owner", and the "change acl" calls.) -// Damage Control Department: The worst this mechanism could do, if subverted, is -// to bypass our confirmation dialog (making it appear to succeed to the ACL validation). -// But that is exactly what the "don't ask me again" checkbox is meant to do, so any -// subversion would be based on a (perhaps intentional) miscommunication between user -// and client process as to what the user consents not to be asked about (any more). -// The user can always examine the resulting ACL (in Keychain Access or elsewhere), and -// edit it to suit her needs. -// -#include "acl_keychain.h" -#include "agentquery.h" -#include "acls.h" -#include "connection.h" -#include "xdatabase.h" -#include "server.h" -#include -#include - - -#define ACCEPT_LEGACY_FORM 1 -#define FECKLESS_KEYCHAIN_ACCESS_EXCEPTION 1 - - -// -// The default for the selector structure. -// -CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR KeychainPromptAclSubject::defaultSelector = { - CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, // version - 0 // flags -}; - - -// -// Validate a credential set against this subject. -// -bool KeychainPromptAclSubject::validate(const AclValidationContext &context, - const TypedList &sample) const -{ - if (SecurityServerEnvironment *env = context.environment()) { - // check for special ACL-update override - if (context.authorization() == CSSM_ACL_AUTHORIZATION_CHANGE_ACL - && Server::connection().aclWasSetForUpdateTrigger(env->acl)) { - secdebug("kcacl", "honoring acl update trigger for %p(%s)", - &env->acl, description.c_str()); - return true; - } - - // does the user need to type in the passphrase? - const Database *db = env->database(); - bool needPassphrase = db && (selector.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE); - - // ask the user -#if FECKLESS_KEYCHAIN_ACCESS_EXCEPTION - Process &process = Server::active().connection().process; - secdebug("kcacl", "Keychain query from process %d (UID %d)", process.pid(), process.uid()); - if (process.clientCode()) - needPassphrase |= - process.clientCode()->canonicalPath() == "/Applications/Utilities/Keychain Access.app"; -#endif - QueryKeychainUse query(needPassphrase); - const char* dbName = db ? db->dbName() : NULL; - query.queryUser(db, dbName, description.c_str(), context.authorization()); - - // process "always allow..." response - if (query.continueGrantingToCaller) { - // mark for special ACL-update override (really soon) later - Server::connection().setAclUpdateTrigger(env->acl); - secdebug("kcacl", "setting acl update trigger for %p(%s)", - &env->acl, description.c_str()); - // fail with prejudice (caller will retry) - CssmError::throwMe(CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT); - } - - // finally, return the actual user response - return query.allowAccess; - } - return false; // default to deny without prejudice -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList KeychainPromptAclSubject::toList(CssmAllocator &alloc) const -{ - // always issue new (non-legacy) form - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(alloc) ListElement(alloc, CssmData::wrap(selector)), - new(alloc) ListElement(alloc, description)); -} - - -// -// Create a KeychainPromptAclSubject -// -KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(const TypedList &list) const -{ - switch (list.length()) { -#if ACCEPT_LEGACY_FORM - case 2: // legacy case: just description - { - ListElement *params[1]; - crack(list, 1, params, CSSM_LIST_ELEMENT_DATUM); - return new KeychainPromptAclSubject(*params[0], defaultSelector); - } -#endif //ACCEPT_LEGACY_FORM - case 3: // standard case: selector + description - { - ListElement *params[2]; - crack(list, 2, params, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM); - return new KeychainPromptAclSubject(*params[1], - *params[0]->data().interpretedAs(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE)); - } - default: - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - } -} - -KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(Version version, - Reader &pub, Reader &) const -{ - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR selector; - const char *description; - switch (version) { - case pumaVersion: - selector = defaultSelector; - pub(description); - break; - case jaguarVersion: - pub(selector); - selector.version = n2h (selector.version); - selector.flags = n2h (selector.flags); - pub(description); - break; - } - return new KeychainPromptAclSubject(description, selector); -} - -KeychainPromptAclSubject::KeychainPromptAclSubject(string descr, - const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &sel) - : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT), - selector(sel), description(descr) -{ - // check selector version - if (selector.version != CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - - // determine binary compatibility version - if (selector.flags == 0) // compatible with old form - version(pumaVersion); - else - version(jaguarVersion); -} - - -// -// Export the subject to a memory blob -// -void KeychainPromptAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - if (version() != 0) { - selector.version = h2n (selector.version); - selector.flags = h2n (selector.flags); - pub(selector); - } - - pub.insert(description.size() + 1); -} - -void KeychainPromptAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - if (version() != 0) { - selector.version = h2n (selector.version); - selector.flags = h2n (selector.flags); - pub(selector); - } - pub(description.c_str()); -} - - -// -// Determine whether this ACL subject is in "legacy compatible" form. -// Legacy (<10.2) form contained no selector. -// -bool KeychainPromptAclSubject::isLegacyCompatible() const -{ - return selector.flags == 0; -} - - -#ifdef DEBUGDUMP - -void KeychainPromptAclSubject::debugDump() const -{ - Debug::dump("KeychainPrompt:%s(%s)", - description.c_str(), - (selector.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE) ? "passphrase" : "standard"); -} - -#endif //DEBUGDUMP diff --git a/SecurityServer/acl_keychain.h b/SecurityServer/acl_keychain.h deleted file mode 100644 index b8ea562a..00000000 --- a/SecurityServer/acl_keychain.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_keychain - a subject type for the protected-path -// keychain prompt interaction model. -// -#ifndef _ACL_KEYCHAIN -#define _ACL_KEYCHAIN - -#include -#include "SecurityAgentClient.h" -#include - - -// -// This is the actual subject implementation class -// -class KeychainPromptAclSubject : public SimpleAclSubject { - static const Version pumaVersion = 0; // 10.0, 10.1 -> default selector (not stored) - static const Version jaguarVersion = 1; // 10.2 et al -> first version selector -public: - bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; - CssmList toList(CssmAllocator &alloc) const; - - KeychainPromptAclSubject(string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &selector); - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - - class Maker : public AclSubject::Maker { - public: - Maker(CSSM_ACL_SUBJECT_TYPE type = CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT) - : AclSubject::Maker(type) { } - KeychainPromptAclSubject *make(const TypedList &list) const; - KeychainPromptAclSubject *make(Version version, Reader &pub, Reader &priv) const; - }; - -private: - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR selector; // selector structure - string description; // description blob (string) - -private: - static CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector; - - typedef uint32 VersionMarker; - static const VersionMarker currentVersion = 0x3BD5910D; - - bool isLegacyCompatible() const; -}; - - -#endif //_ACL_KEYCHAIN diff --git a/SecurityServer/acls.cpp b/SecurityServer/acls.cpp deleted file mode 100644 index c797248f..00000000 --- a/SecurityServer/acls.cpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acls - SecurityServer ACL implementation -// -#include "acls.h" -#include "connection.h" -#include "server.h" -#include "SecurityAgentClient.h" -#include -#include -#include - - -// -// SecurityServerAcl is virtual -// -SecurityServerAcl::~SecurityServerAcl() -{ } - - -// -// Each SecurityServerAcl type must provide some indication of a database -// it is associated with. The default, naturally, is "none". -// -const Database *SecurityServerAcl::relatedDatabase() const -{ return NULL; } - - -// -// Provide environmental information to get/change-ACL calls. -// Also make them virtual so our children can override them. -// -void SecurityServerAcl::cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred) -{ - SecurityServerEnvironment env(*this); - ObjectAcl::cssmChangeAcl(edit, cred, &env); -} - -void SecurityServerAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner, - const AccessCredentials *cred) -{ - SecurityServerEnvironment env(*this); - ObjectAcl::cssmChangeOwner(newOwner, cred, &env); -} - - -// -// Modified validate() methods to connect all the conduits... -// -void SecurityServerAcl::validate(AclAuthorization auth, const AccessCredentials *cred) -{ - SecurityServerEnvironment env(*this); - StLock objectSequence(aclSequence); - StLock processSequence(Server::connection().process.aclSequence); - ObjectAcl::validate(auth, cred, &env); -} - -void SecurityServerAcl::validate(AclAuthorization auth, const Context &context) -{ - validate(auth, - context.get(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS)); -} - - -// -// Implement our environment object -// -uid_t SecurityServerEnvironment::getuid() const -{ - return Server::connection().process.uid(); -} - -gid_t SecurityServerEnvironment::getgid() const -{ - return Server::connection().process.gid(); -} - -pid_t SecurityServerEnvironment::getpid() const -{ - return Server::connection().process.pid(); -} - -bool SecurityServerEnvironment::verifyCodeSignature(const CodeSigning::Signature *signature, - const CssmData *comment) -{ - return Server::codeSignatures().verify(Server::connection().process, signature, comment); -} diff --git a/SecurityServer/acls.h b/SecurityServer/acls.h deleted file mode 100644 index a23e8820..00000000 --- a/SecurityServer/acls.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acls - SecurityServer ACL implementation -// -#ifndef _H_ACLS -#define _H_ACLS - -#include "securityserver.h" -#include -#include -#include - - -class Connection; -class Database; - - -// -// ACL implementation as used by the SecurityServer -// -class SecurityServerAcl : public ObjectAcl { -public: - SecurityServerAcl(AclKind k, CssmAllocator &alloc) :ObjectAcl(alloc), mKind(k) { } - virtual ~SecurityServerAcl(); - - AclKind kind() const { return mKind; } - - // validation calls restated - void validate(AclAuthorization auth, const AccessCredentials *cred); - void validate(AclAuthorization auth, const Context &context); - - void cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred); - void cssmChangeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred); - - virtual const Database *relatedDatabase() const; - - // aclSequence is taken to serialize ACL validations to pick up mutual changes - Mutex aclSequence; - -private: - AclKind mKind; -}; - - -// -// Our implementation of an ACL validation environment uses information -// derived from a Connection object. It implements context for -// -- ProcessAclSubjects (getuid/getgid) -// -- KeychainPromptAclSubjects (connection link) -// -class SecurityServerEnvironment : public virtual AclValidationEnvironment, - public virtual ProcessAclSubject::Environment, - public virtual CodeSignatureAclSubject::Environment { -public: - SecurityServerEnvironment(const SecurityServerAcl &baseAcl) - : acl(baseAcl) { } - - const SecurityServerAcl &acl; - - const Database *database() const { return acl.relatedDatabase(); } - uid_t getuid() const; - gid_t getgid() const; - pid_t getpid() const; - bool verifyCodeSignature(const CodeSigning::Signature *signature, const CssmData *comment); -}; - - -#endif //_H_ACLS diff --git a/SecurityServer/agentquery.cpp b/SecurityServer/agentquery.cpp deleted file mode 100644 index 2e663a2a..00000000 --- a/SecurityServer/agentquery.cpp +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// passphrases - canonical code to obtain passphrases -// -#include "agentquery.h" -#include "authority.h" -#include "server.h" -#include "session.h" - -using namespace SecurityAgent; - - -// -// The default Mach service name for SecurityAgent -// -const char SecurityAgentQuery::defaultName[] = "com.apple.SecurityAgent"; - - -// -// Construct a query object -// -SecurityAgentQuery::SecurityAgentQuery() : - SecurityAgent::Client(Server::active().connection().process.uid(), - Server::active().connection().process.session.bootstrapPort(), - defaultName), - mClientSession(Server::active().connection().process.session) -{ -} - -SecurityAgentQuery::SecurityAgentQuery(uid_t clientUID, - Session &clientSession, - const char *agentName) : - SecurityAgent::Client(clientUID, clientSession.bootstrapPort(), agentName), - mClientSession(clientSession) -{ -} - -SecurityAgentQuery::~SecurityAgentQuery() -{ - terminate(); -} - -void -SecurityAgentQuery::activate() -{ - if (isActive()) - return; - - // Before popping up an agent: is UI session allowed? - if (!(mClientSession.attributes() & sessionHasGraphicAccess)) - CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); - - // this may take a while - Server::active().longTermActivity(); - Server::connection().useAgent(this); - - try { - SecurityAgent::Client::activate(); - } catch (...) { - Server::connection().useAgent(NULL); // guess not - throw; - } -} - -void -SecurityAgentQuery::terminate() -{ - if (!isActive()) - return; - - Server::connection(true).useAgent(NULL); - - SecurityAgent::Client::terminate(); -} - - -// -// Perform the "rogue app" access query dialog -// -void QueryKeychainUse::queryUser (const Database *db, const char *database, const char *description, - AclAuthorization action) -{ - Reason reason; - int retryCount = 0; - queryKeychainAccess(Server::connection().process.clientCode(), - Server::connection().process.pid(), - database, description, action, needPassphrase, *this); - - CssmData data (passphrase, strlen (passphrase)); - - - if (needPassphrase) { - while (reason = (const_cast(db)->decode(data) ? noReason : invalidPassphrase)) { - if (++retryCount > kMaximumAuthorizationTries) { - cancelStagedQuery(tooManyTries); - return; - } - else { - retryQueryKeychainAccess (reason, *this); - data = CssmData (passphrase, strlen (passphrase)); - } - } - - finishStagedQuery (); // since we are only staged if we needed a passphrase - } - -} - -QueryKeychainUse::~QueryKeychainUse() -{ - // clear passphrase component (sensitive) - memset(passphrase, 0, sizeof(passphrase)); -} - - -// -// Perform code signature ACL access adjustment dialogs -// -void QueryCodeCheck::operator () (const char *aclPath) -{ - queryCodeIdentity(Server::connection().process.clientCode(), - Server::connection().process.pid(), aclPath, *this); -} - - -// -// Obtain passphrases and submit them to the accept() method until it is accepted -// or we can't get another passphrase. Accept() should consume the passphrase -// if it is accepted. If no passphrase is acceptable, throw out of here. -// -Reason QueryUnlock::query() -{ - CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive)); - int retryCount = 0; - queryInteractive(passphrase); - while (Reason reason = accept(passphrase)) { - if (++retryCount > maxTries) { - cancelStagedQuery(tooManyTries); - return reason; - } else { - retryInteractive(passphrase, reason); - } - } - // accepted - finishStagedQuery(); - return noReason; -} - - -// -// Get existing passphrase (unlock) Query -// -Reason QueryUnlock::operator () () -{ - return query(); -} - -Reason QueryUnlock::accept(CssmManagedData &passphrase) -{ - return database.decode(passphrase) ? noReason : invalidPassphrase; -} - -void QueryUnlock::queryInteractive(CssmOwnedData &passphrase) -{ - char passString[maxPassphraseLength]; - queryUnlockDatabase(Server::connection().process.clientCode(), - Server::connection().process.pid(), - database.dbName(), passString); - passphrase.copy(passString, strlen(passString)); -} - -void QueryUnlock::retryInteractive(CssmOwnedData &passphrase, Reason reason) -{ - char passString[maxPassphraseLength]; - retryUnlockDatabase(reason, passString); - passphrase.copy(passString, strlen(passString)); -} - - -// -// Obtain passphrases and submit them to the accept() method until it is accepted -// or we can't get another passphrase. Accept() should consume the passphrase -// if it is accepted. If no passphrase is acceptable, throw out of here. -// -Reason QueryNewPassphrase::query() -{ - CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive)); - CssmAutoData oldPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)); - int retryCount = 0; - queryInteractive(passphrase, oldPassphrase); - while (Reason reason = accept(passphrase, - (initialReason == changePassphrase) ? &oldPassphrase.get() : NULL)) { - if (++retryCount > maxTries) { - cancelStagedQuery(tooManyTries); - return reason; - } else { - retryInteractive(passphrase, oldPassphrase, reason); - } - } - // accepted - finishStagedQuery(); - return noReason; -} - - -// -// Get new passphrase Query -// -Reason QueryNewPassphrase::operator () (CssmOwnedData &passphrase) -{ - if (Reason result = query()) - return result; // failed - passphrase = mPassphrase; - return noReason; // success -} - -Reason QueryNewPassphrase::accept(CssmManagedData &passphrase, CssmData *oldPassphrase) -{ - //@@@ acceptance criteria are currently hardwired here - //@@@ This validation presumes ASCII - UTF8 might be more lenient - - // if we have an old passphrase, check it - if (oldPassphrase && !database.validatePassphrase(*oldPassphrase)) - return oldPassphraseWrong; - - // sanity check the new passphrase (but allow user override) - if (!(mPassphraseValid && passphrase.get() == mPassphrase)) { - mPassphrase = passphrase; - mPassphraseValid = true; - if (mPassphrase.length() == 0) - return passphraseIsNull; - if (mPassphrase.length() < 6) - return passphraseTooSimple; - } - - // accept this - return noReason; -} - -void QueryNewPassphrase::queryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase) -{ - char passString[maxPassphraseLength], oldPassString[maxPassphraseLength]; - queryNewPassphrase(Server::connection().process.clientCode(), - Server::connection().process.pid(), - database.dbName(), initialReason, passString, oldPassString); - passphrase.copy(passString, strlen(passString)); - oldPassphrase.copy(oldPassString, strlen(oldPassString)); -} - -void QueryNewPassphrase::retryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase, Reason reason) -{ - char passString[maxPassphraseLength], oldPassString[maxPassphraseLength]; - retryNewPassphrase(reason, passString, oldPassString); - passphrase.copy(passString, strlen(passString)); - oldPassphrase.copy(oldPassString, strlen(oldPassString)); -} - - -// -// Authorize by group membership -// -QueryAuthorizeByGroup::QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth) : - SecurityAgentQuery(Server::active().connection().process.uid(), auth.session), - authorization(auth), mActive(false) { } - - -void QueryAuthorizeByGroup::cancel(Reason reason) -{ - if (mActive) { - cancelStagedQuery(reason); - mActive = false; - } -} - -void QueryAuthorizeByGroup::done() -{ - if (mActive) { - finishStagedQuery(); - mActive = false; - } -} - -uid_t QueryAuthorizeByGroup::uid() -{ - return Server::connection().process.uid(); -} - -bool QueryAuthorizeByGroup::operator () (const char *group, const char *candidateUser, - char username[maxUsernameLength], char passphrase[maxPassphraseLength], Reason reason) -{ - if (mActive) { - return retryAuthorizationAuthenticate(reason, username, passphrase); - } else { - bool result = authorizationAuthenticate(authorization.creatorCode(), - Server::connection().process.pid(), group, candidateUser, username, passphrase); - mActive = true; - return result; - } -} - -QueryInvokeMechanism::QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth, const char *agentName) : - SecurityAgentQuery(clientUID, auth.session, agentName) {} - -bool QueryInvokeMechanism::operator () (const string &inPluginId, const string &inMechanismId, const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult) -{ - bool result = invokeMechanism(inPluginId, inMechanismId, inArguments, inHints, inContext, outResult); - return result; -} - -void QueryInvokeMechanism::terminateAgent() -{ - SecurityAgentQuery::terminateAgent(); -} diff --git a/SecurityServer/agentquery.h b/SecurityServer/agentquery.h deleted file mode 100644 index f66d302f..00000000 --- a/SecurityServer/agentquery.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// passphrases - canonical code to obtain passphrases -// -#ifndef _H_AGENTQUERY -#define _H_AGENTQUERY - -#include "securityserver.h" -#include "xdatabase.h" -#include -#include "SecurityAgentClient.h" -#include "AuthorizationData.h" - -using Authorization::AuthItemSet; - -// -// The common machinery of retryable SecurityAgent queries -// -class Session; - -class SecurityAgentQuery : protected SecurityAgent::Client { -public: - typedef SecurityAgent::Reason Reason; - - static const char defaultName[]; - - SecurityAgentQuery(); - SecurityAgentQuery(uid_t clientUID, Session &clientSession, const char *agentName = defaultName); - virtual ~SecurityAgentQuery(); - - virtual void activate(); - virtual void terminate(); - -private: - Session &mClientSession; -}; - - -// -// Specialized for "rogue app" alert queries -// -class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery { -public: - QueryKeychainUse(bool needPass) : needPassphrase(needPass) { } - void queryUser (const Database *db, const char* database, const char *description, AclAuthorization action); - ~QueryKeychainUse(); - - const bool needPassphrase; -}; - - -// -// Specialized for code signature adjustment queries -// -class QueryCodeCheck : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery { -public: - void operator () (const char *aclPath); -}; - - -// -// A query for an existing passphrase -// -class QueryUnlock : public SecurityAgentQuery { - static const int maxTries = kMaximumAuthorizationTries; -public: - QueryUnlock(Database &db) : database(db) { } - - Database &database; - - Reason operator () (); - -protected: - Reason query(); - void queryInteractive(CssmOwnedData &passphrase); - void retryInteractive(CssmOwnedData &passphrase, Reason reason); - Reason accept(CssmManagedData &passphrase); -}; - - -// -// A query for a new passphrase -// -class QueryNewPassphrase : public SecurityAgentQuery { - static const int maxTries = 7; -public: - QueryNewPassphrase(Database &db, Reason reason) : - database(db), initialReason(reason), - mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)), - mPassphraseValid(false) { } - - Database &database; - - Reason operator () (CssmOwnedData &passphrase); - -protected: - Reason query(); - void queryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase); - void retryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase, Reason reason); - Reason accept(CssmManagedData &passphrase, CssmData *oldPassphrase); - -private: - Reason initialReason; - CssmAutoData mPassphrase; - bool mPassphraseValid; -}; - - -// -// The "give user/passphrase in group" authorization dialog. -// This class is not self-contained, since the AuthorizationEngine wants -// to micro-manage the retry process. -// -class AuthorizationToken; - -class QueryAuthorizeByGroup : public SecurityAgentQuery { -public: - QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth); - - bool operator () (const char *group, const char *candidateUser, char username[SecurityAgent::maxUsernameLength], char passphrase[SecurityAgent::maxPassphraseLength], Reason reason = SecurityAgent::userNotInGroup); - void cancel(Reason reason); - void done(); - - uid_t uid(); - - const AuthorizationToken &authorization; - -private: - bool mActive; -}; - - -using Authorization::AuthValueVector; - -class QueryInvokeMechanism : public SecurityAgentQuery { -public: - QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth, const char *agentName); - bool operator () (const string &inPluginId, const string &inMechanismId, const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult); - void terminateAgent(); -}; - -#endif //_H_AGENTQUERY diff --git a/SecurityServer/authority.cpp b/SecurityServer/authority.cpp deleted file mode 100644 index 533dff60..00000000 --- a/SecurityServer/authority.cpp +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// authority - authorization manager -// -#include "authority.h" -#include "server.h" -#include "connection.h" -#include "session.h" -#include "process.h" - -#include "AuthorizationWalkers.h" - -using Authorization::AuthItemSet; -using Authorization::AuthItemRef; -using Authorization::AuthValue; -using Authorization::AuthValueOverlay; - -// -// The global dictionary of extant AuthorizationTokens -// -AuthorizationToken::AuthMap AuthorizationToken::authMap; // set of extant authorizations -Mutex AuthorizationToken::authMapLock; // lock for mAuthorizations (only) - - -// -// Construct an Authority -// -Authority::Authority(const char *configFile) -: Authorization::Engine(configFile) -{ -} - -Authority::~Authority() -{ -} - - -// -// Create an authorization token. -// -AuthorizationToken::AuthorizationToken(Session &ssn, const CredentialSet &base, const audit_token_t &auditToken) - : session(ssn), mBaseCreds(base), mTransferCount(INT_MAX), - mCreatorUid(auditToken.val[1]), - mCreatorGid(auditToken.val[2]), - mCreatorCode(Server::connection().process.clientCode()), - mCreatorPid(Server::connection().process.pid()), - mCreatorAuditToken(auditToken) -{ - // generate our (random) handle - Server::active().random(mHandle); - - // register handle in the global map - StLock _(authMapLock); - authMap[mHandle] = this; - - // register with parent session - session.addAuthorization(this); - - // all ready - secdebug("SSauth", "Authorization %p created using %d credentials; owner=%s", - this, int(mBaseCreds.size()), - mCreatorCode ? mCreatorCode->encode().c_str() : "unknown"); -} - -AuthorizationToken::~AuthorizationToken() -{ - // we better be clean - assert(mUsingProcesses.empty()); - - // deregister from parent session - if (session.removeAuthorization(this)) - delete &session; - - secdebug("SSauth", "Authorization %p destroyed", this); -} - - -// -// Locate an authorization given its blob. -// -AuthorizationToken &AuthorizationToken::find(const AuthorizationBlob &blob) -{ - StLock _(authMapLock); - AuthMap::iterator it = authMap.find(blob); - if (it == authMap.end()) - Authorization::Error::throwMe(errAuthorizationInvalidRef); - return *it->second; -} - - -// -// Handle atomic deletion of AuthorizationToken objects -// -AuthorizationToken::Deleter::Deleter(const AuthorizationBlob &blob) - : lock(authMapLock) -{ - AuthMap::iterator it = authMap.find(blob); - if (it == authMap.end()) - Authorization::Error::throwMe(errAuthorizationInvalidRef); - mAuth = it->second; -} - -void AuthorizationToken::Deleter::remove() -{ - if (mAuth) { - authMap.erase(mAuth->handle()); - delete mAuth; - mAuth = NULL; - } -} - - -// -// Given a set of credentials, add it to our private credentials and return the result -// -// must hold Session::mCredsLock -CredentialSet AuthorizationToken::effectiveCreds() const -{ - secdebug("SSauth", "Authorization %p grabbing session %p creds %p", - this, &session, &session.authCredentials()); - CredentialSet result = session.authCredentials(); - for (CredentialSet::const_iterator it = mBaseCreds.begin(); it != mBaseCreds.end(); it++) - if (!(*it)->isShared()) - result.insert(*it); - return result; -} - - -// -// Add more credential dependencies to an authorization -// -// must hold Session::mCredsLock -void AuthorizationToken::mergeCredentials(const CredentialSet &add) -{ - secdebug("SSauth", "Authorization %p merge creds %p", this, &add); - for (CredentialSet::const_iterator it = add.begin(); it != add.end(); it++) { - mBaseCreds.erase(*it); - mBaseCreds.insert(*it); - } - secdebug("SSauth", "Authorization %p merged %d new credentials for %d total", - this, int(add.size()), int(mBaseCreds.size())); -} - - -// -// Register a new process that uses this authorization token. -// This is an idempotent operation. -// -void AuthorizationToken::addProcess(Process &proc) -{ - StLock _(mLock); - mUsingProcesses.insert(&proc); - secdebug("SSauth", "Authorization %p added process %p(%d)", this, &proc, proc.pid()); -} - - -// -// Completely unregister client process. -// It does not matter how often it was registered with addProcess before. -// This returns true if no more processes use this token. Presumably you -// would then want to clean up, though that's up to you. -// -bool AuthorizationToken::endProcess(Process &proc) -{ - StLock _(mLock); - assert(mUsingProcesses.find(&proc) != mUsingProcesses.end()); - mUsingProcesses.erase(&proc); - secdebug("SSauth", "Authorization %p removed process %p(%d)%s", - this, &proc, proc.pid(), mUsingProcesses.empty() ? " FINAL" : ""); - return mUsingProcesses.empty(); -} - - -// -// Check whether internalization/externalization is allowed -// -bool AuthorizationToken::mayExternalize(Process &) const -{ - return mTransferCount > 0; -} - -bool AuthorizationToken::mayInternalize(Process &, bool countIt) -{ - StLock _(mLock); - if (mTransferCount > 0) { - if (countIt) { - mTransferCount--; - secdebug("SSauth", "Authorization %p decrement intcount to %d", this, mTransferCount); - } - return true; - } - return false; -} - -AuthItemSet -AuthorizationToken::infoSet(AuthorizationString tag) -{ - StLock _(mLock); // consider a separate lock - - AuthItemSet tempSet; - - if (tag) - { - AuthItemSet::iterator found = find_if(mInfoSet.begin(), mInfoSet.end(), - Authorization::FindAuthItemByRightName(tag)); - if (found != mInfoSet.end()) - tempSet.insert(AuthItemRef(*found)); - - } - else - tempSet = mInfoSet; - - secdebug("SSauth", "Authorization %p returning copy of context %s%s.", this, tag ? "for tag " : "", tag ? "" : tag); - - return tempSet; -} - -void -AuthorizationToken::setInfoSet(AuthItemSet &newInfoSet) -{ - StLock _(mLock); // consider a separate lock - secdebug("SSauth", "Authorization %p setting new context", this); - mInfoSet = newInfoSet; -} - -// This is destructive (non-merging) -void -AuthorizationToken::setCredentialInfo(const Credential &inCred) -{ - AuthItemSet dstInfoSet; - char uid_string[16]; // fit a uid_t(u_int32_t) - - if (snprintf(uid_string, sizeof(uid_string), "%u", inCred->uid()) >= - int(sizeof(uid_string))) - uid_string[0] = '\0'; - AuthItemRef uidHint("uid", AuthValueOverlay(uid_string ? strlen(uid_string) + 1 : 0, uid_string), 0); - dstInfoSet.insert(uidHint); - - AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0); - dstInfoSet.insert(userHint); - - setInfoSet(dstInfoSet); -} - -void -AuthorizationToken::clearInfoSet() -{ - AuthItemSet dstInfoSet; - secdebug("SSauth", "Authorization %p clearing context", this); - setInfoSet(dstInfoSet); -} - diff --git a/SecurityServer/authority.h b/SecurityServer/authority.h deleted file mode 100644 index 80a940e0..00000000 --- a/SecurityServer/authority.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// authority - authorization manager -// -#ifndef _H_AUTHORITY -#define _H_AUTHORITY - -#include "securityserver.h" -#include "AuthorizationEngine.h" - -using Authorization::Credential; -using Authorization::CredentialSet; -using Authorization::AuthItemSet; - -class Process; -class Session; - - -class AuthorizationToken { -public: - AuthorizationToken(Session &ssn, const CredentialSet &base, const audit_token_t &auditToken); - ~AuthorizationToken(); - - Session &session; - - const AuthorizationBlob &handle() const { return mHandle; } - const CredentialSet &baseCreds() const { return mBaseCreds; } - CredentialSet effectiveCreds() const; - - typedef CredentialSet::iterator iterator; - iterator begin() { return mBaseCreds.begin(); } - iterator end() { return mBaseCreds.end(); } - - // add more credential dependencies - void mergeCredentials(const CredentialSet &more); - - // maintain process-owning links - void addProcess(Process &proc); - bool endProcess(Process &proc); - - // access control for external representations - bool mayExternalize(Process &proc) const; - bool mayInternalize(Process &proc, bool countIt = true); - - uid_t creatorUid() const { return mCreatorUid; } - uid_t creatorGid() const { return mCreatorGid; } - CodeSigning::OSXCode *creatorCode() const { return mCreatorCode; } - pid_t creatorPid() const { return mCreatorPid; } - - audit_token_t creatorAuditToken() const {return mCreatorAuditToken; } - - AuthItemSet infoSet(AuthorizationString tag = NULL); - void setInfoSet(AuthItemSet &newInfoSet); - void setCredentialInfo(const Credential &inCred); - void clearInfoSet(); - -public: - static AuthorizationToken &find(const AuthorizationBlob &blob); - - class Deleter { - public: - Deleter(const AuthorizationBlob &blob); - - void remove(); - operator AuthorizationToken &() const { return *mAuth; } - - private: - AuthorizationToken *mAuth; - StLock lock; - }; - -private: - Mutex mLock; // object lock - AuthorizationBlob mHandle; // official randomized blob marker - CredentialSet mBaseCreds; // credentials we're based on - - unsigned int mTransferCount; // number of internalizations remaining - - typedef set ProcessSet; - ProcessSet mUsingProcesses; // set of process objects using this token - - uid_t mCreatorUid; // Uid of proccess that created this authorization - gid_t mCreatorGid; // Gid of proccess that created this authorization - RefPointer mCreatorCode; // code id of creator - pid_t mCreatorPid; // Pid of processs that created this authorization - - audit_token_t mCreatorAuditToken; // Audit token of the process that created this authorization - - AuthItemSet mInfoSet; // Side band info gathered from evaluations in this session - -private: - typedef map AuthMap; - static AuthMap authMap; // set of extant authorizations - static Mutex authMapLock; // lock for mAuthorizations (only) -}; - - -// -// The authority itself. You will usually only have one of these. -// -class Authority : public Authorization::Engine { -public: - Authority(const char *configFile); - ~Authority(); -}; - - -#endif //_H_AUTHORITY diff --git a/SecurityServer/cfnotifier.cpp b/SecurityServer/cfnotifier.cpp deleted file mode 100644 index 2baad673..00000000 --- a/SecurityServer/cfnotifier.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cfnotifier - quick & dirty code to send keychain lock notification -// -#include "cfnotifier.h" -#include "notifications.h" -#include -#include "dictionary.h" - -#include "session.h" - -using namespace Security; -using namespace Security::MachPlusPlus; - - - -// -// Main methods -// -void KeychainNotifier::lock(const DLDbIdentifier &db) -{ notify(db, Listener::lockedEvent); } - -void KeychainNotifier::unlock(const DLDbIdentifier &db) -{ notify(db, Listener::unlockedEvent); } - -void KeychainNotifier::passphraseChanged(const DLDbIdentifier &db) -{ notify(db, Listener::passphraseChangedEvent); } - - -// -// Lock and unlock notifications -// -void KeychainNotifier::notify(const DLDbIdentifier &db, int event) -{ - // export the dbID to a dictionary - NameValueDictionary nvd; - NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier (db, nvd); - - // flatten the dictionary - CssmData data; - nvd.Export (data); - - Listener::notify (Listener::databaseNotifications, event, data); - free (data.data ()); -} - diff --git a/SecurityServer/cfnotifier.h b/SecurityServer/cfnotifier.h deleted file mode 100644 index d3e49c09..00000000 --- a/SecurityServer/cfnotifier.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cfnotifier - quick & dirty code to send keychain lock notification -// -#ifndef _H_CFNOTIFIER -#define _H_CFNOTIFIER - -#include "securityserver.h" - -// -// A KeychainNotifier object can send keychain-related lock state broadcasts. -// -class KeychainNotifier { -public: - static void lock(const DLDbIdentifier &db); - static void unlock(const DLDbIdentifier &db); - static void passphraseChanged(const DLDbIdentifier &db); - -private: - static void notify(const DLDbIdentifier &db, int event); -}; - - -#endif //_H_CFNOTIFIER diff --git a/SecurityServer/codesigdb.cpp b/SecurityServer/codesigdb.cpp deleted file mode 100644 index 4eed9ef4..00000000 --- a/SecurityServer/codesigdb.cpp +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// codesigdb - code-hash equivalence database -// -#include "codesigdb.h" -#include "process.h" -#include "server.h" -#include "agentquery.h" -#include - - -// -// A self-constructing database key class. -// Key format is -// where -// single ASCII character type code ('H' for hash links) -// decimal userid of owning user, or 'S' for system entries. Followed by null byte. -// variable length key value (binary). -// -class DbKey : public CssmAutoData { -public: - DbKey(char type, const CssmData &key, bool perUser = false, uid_t user = 0); -}; - -DbKey::DbKey(char type, const CssmData &key, bool perUser, uid_t user) - : CssmAutoData(CssmAllocator::standard()) -{ - using namespace LowLevelMemoryUtilities; - char header[20]; - size_t headerLength; - if (perUser) - headerLength = 1 + sprintf(header, "%c%d", type, user); - else - headerLength = 1 + sprintf(header, "%cS", type); - malloc(headerLength + key.length()); - memcpy(this->data(), header, headerLength); - memcpy(get().at(headerLength), key.data(), key.length()); -} - - -// -// A subclass of Identity made of whole cloth (from a raw CodeSignature ACL information) -// -class AclIdentity : public CodeSignatures::Identity { -public: - AclIdentity(const CodeSigning::Signature *sig, const char *comment) - : mHash(*sig), mPath(comment ? comment : "") { } - AclIdentity(const CssmData &hash, const char *comment) - : mHash(hash), mPath(comment ? comment : "") { } - -protected: - std::string getPath() const { return mPath; } - const CssmData getHash(CodeSigning::OSXSigner &) const { return mHash; } - -private: - const CssmData mHash; - std::string mPath; -}; - - -// -// Construct a CodeSignatures objects -// -CodeSignatures::CodeSignatures(const char *path) -{ - try { - mDb.open(path, O_RDWR | O_CREAT, 0644); - } catch (const CssmCommonError &err) { - try { - mDb.open(path, O_RDONLY, 0644); - Syslog::warning("database %s opened READONLY (R/W failed errno=%d)", path, err.unixError()); - secdebug("codesign", "database %s opened READONLY (R/W failed errno=%d)", path, err.unixError()); - } catch (...) { - Syslog::warning("cannot open %s; using no code equivalents", path); - secdebug("codesign", "unable to open %s; using no code equivalents", path); - } - } - if (mDb) - mDb.flush(); // in case we just created it - IFDUMPING("equiv", debugDump("open")); -} - -CodeSignatures::~CodeSignatures() -{ -} - - -// -// (Re)open the equivalence database. -// This is useful to switch to database in another volume. -// -void CodeSignatures::open(const char *path) -{ - mDb.open(path, O_RDWR | O_CREAT, 0644); - mDb.flush(); - IFDUMPING("equiv", debugDump("reopen")); -} - - -// -// Basic Identity objects -// -CodeSignatures::Identity::Identity() : mState(untried) -{ } - -CodeSignatures::Identity::~Identity() -{ } - -string CodeSignatures::Identity::canonicalName(const string &path) -{ - string::size_type slash = path.rfind('/'); - if (slash == string::npos) // bloody unlikely, but whatever... - return path; - return path.substr(slash+1); -} - - -// -// Find and store database objects (primitive layer) -// -bool CodeSignatures::find(Identity &id, uid_t user) -{ - if (id.mState != Identity::untried) - return id.mState == Identity::valid; - try { - DbKey userKey('H', id.getHash(mSigner), true, user); - CssmData linkValue; - if (mDb.get(userKey, linkValue)) { - id.mName = string(linkValue.interpretedAs(), linkValue.length()); - IFDUMPING("equiv", id.debugDump("found/user")); - id.mState = Identity::valid; - return true; - } - DbKey sysKey('H', id.getHash(mSigner)); - if (mDb.get(sysKey, linkValue)) { - id.mName = string(linkValue.interpretedAs(), linkValue.length()); - IFDUMPING("equiv", id.debugDump("found/system")); - id.mState = Identity::valid; - return true; - } - } catch (...) { - secdebug("codesign", "exception validating identity for %s - marking failed", id.path().c_str()); - id.mState = Identity::invalid; - } - return id.mState == Identity::valid; -} - -void CodeSignatures::makeLink(Identity &id, const string &ident, bool forUser, uid_t user) -{ - DbKey key('H', id.getHash(mSigner), forUser, user); - if (!mDb.put(key, StringData(ident))) - UnixError::throwMe(); -} - -void CodeSignatures::makeApplication(const std::string &name, const std::string &path) -{ - //@@@ create app record and fill (later) -} - - -// -// Administrative manipulation calls -// -void CodeSignatures::addLink(const CssmData &oldHash, const CssmData &newHash, - const char *inName, bool forSystem) -{ - string name = Identity::canonicalName(inName); - uid_t user = Server::connection().process.uid(); - if (forSystem && user) // only root user can establish forSystem links - UnixError::throwMe(EACCES); - if (!forSystem) // in fact, for now we don't allow per-user calls at all - UnixError::throwMe(EACCES); - AclIdentity oldCode(oldHash, name.c_str()); - AclIdentity newCode(newHash, name.c_str()); - secdebug("codesign", "addlink for name %s", name.c_str()); - StLock _(mDatabaseLock); - if (oldCode) { - if (oldCode.trustedName() != name) { - secdebug("codesign", "addlink does not match existing name %s", - oldCode.trustedName().c_str()); - MacOSError::throwMe(CSSMERR_CSP_VERIFY_FAILED); - } - } else { - makeLink(oldCode, name, !forSystem, user); - } - if (!newCode) - makeLink(newCode, name, !forSystem, user); - mDb.flush(); -} - -void CodeSignatures::removeLink(const CssmData &hash, const char *name, bool forSystem) -{ - AclIdentity code(hash, name); - uid_t user = Server::connection().process.uid(); - if (forSystem && user) // only root user can remove forSystem links - UnixError::throwMe(EACCES); - DbKey key('H', hash, !forSystem, user); - StLock _(mDatabaseLock); - mDb.erase(key); - mDb.flush(); -} - - -// -// Verify signature matches -// -bool CodeSignatures::verify(Process &process, - const CodeSigning::Signature *trustedSignature, const CssmData *comment) -{ - secdebug("codesign", "start verify"); - - // if we have no client code, we cannot possibly match this - if (!process.clientCode()) { - secdebug("codesign", "no code base: fail"); - return false; - } - - // first of all, if the signature directly matches the client's code, we're obviously fine - // we don't even need the database for that... - Identity &clientIdentity = process; - try { - if (clientIdentity.getHash(mSigner) == CssmData(*trustedSignature)) { - secdebug("codesign", "direct match: pass"); - return true; - } - } catch (...) { - secdebug("codesign", "exception getting client code hash: fail"); - return false; - } - - // ah well. Establish mediator objects for database signature links - AclIdentity aclIdentity(trustedSignature, comment ? comment->interpretedAs() : NULL); - - uid_t user = process.uid(); - { - StLock _(mDatabaseLock); - find(aclIdentity, user); - find(clientIdentity, user); - } - - // if both links exist, we can decide this right now - if (aclIdentity && clientIdentity) { - if (aclIdentity.trustedName() == clientIdentity.trustedName()) { - secdebug("codesign", "app references match: pass"); - return true; - } else { - secdebug("codesign", "client/acl links exist but are unequal: fail"); - return false; - } - } - - // check for name equality - secdebug("codesign", "matching client %s against acl %s", - clientIdentity.name().c_str(), aclIdentity.name().c_str()); - if (aclIdentity.name() != clientIdentity.name()) { - secdebug("codesign", "name/path mismatch: fail"); - return false; - } - - // The names match - we have a possible update. - - // Take the UI lock now to serialize "update rushes". - Server::active().longTermActivity(); - StLock uiLocker(mUILock); - - // re-read the database in case some other thread beat us to the update - { - StLock _(mDatabaseLock); - find(aclIdentity, user); - find(clientIdentity, user); - } - if (aclIdentity && clientIdentity) { - if (aclIdentity.trustedName() == clientIdentity.trustedName()) { - secdebug("codesign", "app references match: pass (on the rematch)"); - return true; - } else { - secdebug("codesign", "client/acl links exist but are unequal: fail (on the rematch)"); - return false; - } - } - - // ask the user - QueryCodeCheck query; - query(aclIdentity.path().c_str()); - if (!query.allowAccess) { - secdebug("codesign", "user declined equivalence: fail"); - return false; - } - - // take the database lock back for real - StLock _(mDatabaseLock); - - // user wants us to go ahead and establish trust (if possible) - if (aclIdentity) { - // acl is linked but new client: link the client to this application - makeLink(clientIdentity, aclIdentity.trustedName(), true, user); - mDb.flush(); - secdebug("codesign", "client %s linked to application %s: pass", - clientIdentity.path().c_str(), aclIdentity.trustedName().c_str()); - return true; - } - - if (clientIdentity) { // code link exists, acl link missing - // client is linked but ACL (hash) never seen: link the ACL to this app - makeLink(aclIdentity, clientIdentity.trustedName(), true, user); - mDb.flush(); - secdebug("codesign", "acl %s linked to client %s: pass", - aclIdentity.path().c_str(), clientIdentity.trustedName().c_str()); - return true; - } - - // the De Novo case: no links, must create everything - string ident = clientIdentity.name(); - makeApplication(ident, clientIdentity.path()); - makeLink(clientIdentity, ident, true, user); - makeLink(aclIdentity, ident, true, user); - mDb.flush(); - secdebug("codesign", "new linkages established: pass"); - return true; -} - - -// -// Debug dumping support -// -#if defined(DEBUGDUMP) - -void CodeSignatures::debugDump(const char *how) const -{ - using namespace Debug; - using namespace LowLevelMemoryUtilities; - if (!how) - how = "dump"; - CssmData key, value; - if (!mDb.first(key, value)) { - dump("CODE EQUIVALENTS DATABASE IS EMPTY (%s)\n", how); - } else { - dump("CODE EQUIVALENTS DATABASE DUMP (%s)\n", how); - do { - const char *header = key.interpretedAs(); - size_t headerLength = strlen(header) + 1; - dump("%s:", header); - dumpData(key.at(headerLength), key.length() - headerLength); - dump(" => "); - dumpData(value); - dump("\n"); - } while (mDb.next(key, value)); - dump("END DUMP\n"); - } -} - -void CodeSignatures::Identity::debugDump(const char *how) const -{ - using namespace Debug; - if (!how) - how = "dump"; - dump("IDENTITY (%s) path=%s", how, getPath().c_str()); - dump(" name=%s hash=", mName.empty() ? "(unset)" : mName.c_str()); - CodeSigning::OSXSigner signer; - dumpData(getHash(signer)); - dump("\n"); -} - -#endif //DEBUGDUMP \ No newline at end of file diff --git a/SecurityServer/codesigdb.h b/SecurityServer/codesigdb.h deleted file mode 100644 index 328381b8..00000000 --- a/SecurityServer/codesigdb.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// codesigdb - code-hash equivalence database -// -#ifndef _H_CODESIGDB -#define _H_CODESIGDB - -#include -#include - - -class Process; -class CodeSignatures; - - -// -// A CodeSignaturse object represents a database of code-signature equivalencies -// as (previously) expressed by a user and/or the system. -// You'll usually only need one of these. -// -class CodeSignatures { -public: - // - // Identity is an abstract class modeling a code-identity in the database. - // It can represent either an existing or latent code-hash link. - // Subclass must provide path and hash source functions. - // - class Identity { - friend class CodeSignatures; - public: - Identity(); - virtual ~Identity(); - - operator bool () const { return mState == valid; } - std::string path() { return getPath(); } - std::string name() { return canonicalName(path()); } - std::string trustedName() const { return mName; } - - static std::string canonicalName(const std::string &path); - - IFDUMP(void debugDump(const char *how = NULL) const); - - virtual std::string getPath() const = 0; - virtual const CssmData getHash(CodeSigning::OSXSigner &signer) const = 0; - - private: - enum { untried, valid, invalid } mState; - std::string mName; // link db value (canonical name linked to) - }; - -public: - CodeSignatures(const char *path); - ~CodeSignatures(); - - void open(const char *path); - -public: - bool find(Identity &id, uid_t user); - - void makeLink(Identity &id, const std::string &ident, bool forUser = false, uid_t user = 0); - void makeApplication(const std::string &name, const std::string &path); - - void addLink(const CssmData &oldHash, const CssmData &newHash, - const char *name, bool forSystem); - void removeLink(const CssmData &hash, const char *name, bool forSystem); - - IFDUMP(void debugDump(const char *how = NULL) const); - -public: - bool verify(Process &process, - const CodeSigning::Signature *trustedSignature, const CssmData *comment); - -private: - UnixPlusPlus::UnixDb mDb; - CodeSigning::OSXSigner mSigner; - - // lock hierarchy: mUILock first, then mDatabaseLock, no back-off - Mutex mDatabaseLock; // controls mDb access - Mutex mUILock; // serializes user interaction -}; - - - -#endif //_H_CODESIGDB diff --git a/SecurityServer/connection.cpp b/SecurityServer/connection.cpp deleted file mode 100644 index 7d8a9d65..00000000 --- a/SecurityServer/connection.cpp +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connection - manage connections to clients. -// -// Note that Connection objects are single-threaded; only one request can be outstanding -// per connection. The various operational calls (e.g. generateMac) can be called by -// multiple threads, but each call will be for a different connection (the one the request -// came in on). Thus, locking happens elsewhere as needed. -// -#include "connection.h" -#include "key.h" -#include "server.h" -#include "session.h" -#include -#include -#include -#include -#include -#include - - -// -// Construct a Connection object. -// -Connection::Connection(Process &proc, Port rPort) - : process(proc), mClientPort(rPort), state(idle), agentWait(NULL), - aclUpdateTrigger(NULL) -{ - // bump the send-rights count on the reply port so we keep the right after replying - mClientPort.modRefs(MACH_PORT_RIGHT_SEND, +1); - - secdebug("SS", "New connection %p for process %d clientport=%d", - this, process.pid(), int(rPort)); -} - - -// -// When a Connection's destructor executes, the connection must already have been -// terminated. All we have to do here is clean up a bit. -// -Connection::~Connection() -{ - secdebug("SS", "Connection %p destroyed", this); - assert(!agentWait); -} - - -// -// Terminate a Connection normally. -// This is assumed to be properly sequenced, so no thread races are possible. -// -void Connection::terminate() -{ - // cleanly discard port rights - assert(state == idle); - mClientPort.modRefs(MACH_PORT_RIGHT_SEND, -1); // discard surplus send right - assert(mClientPort.getRefs(MACH_PORT_RIGHT_SEND) == 1); // one left for final reply - secdebug("SS", "Connection %p terminated", this); -} - - -// -// Abort a Connection. -// This may be called from thread A while thread B is working a request for the Connection, -// so we must be careful. -// -bool Connection::abort(bool keepReplyPort) -{ - StLock _(lock); - if (!keepReplyPort) - mClientPort.destroy(); // dead as a doornail already - switch (state) { - case idle: - secdebug("SS", "Connection %p aborted", this); - return true; // just shoot me - case busy: - state = dying; // shoot me soon, please - if (agentWait) - agentWait->cancel(); - secdebug("SS", "Connection %p abort deferred (busy)", this); - return false; // but not quite yet - default: - assert(false); // impossible (we hope) - return true; // placebo - } -} - - -// -// Service request framing. -// These are here so "hanging" connection service threads don't fall -// into the Big Bad Void as Connections and processes drop out from -// under them. -// -void Connection::beginWork() -{ - switch (state) { - case idle: - state = busy; - process.beginConnection(*this); - break; - case busy: - secdebug("SS", "Attempt to re-enter connection %p(port %d)", this, mClientPort.port()); - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ some state-error code instead? - default: - assert(false); - } -} - -void Connection::checkWork() -{ - StLock _(lock); - switch (state) { - case busy: - return; - case dying: - agentWait = NULL; // obviously we're not waiting on this - throw this; - default: - assert(false); - } -} - -bool Connection::endWork() -{ - switch (state) { - case busy: - // process the n-step aclUpdateTrigger - if (aclUpdateTrigger) { - if (--aclUpdateTriggerCount == 0) { - aclUpdateTrigger = NULL; - secdebug("kcacl", "acl update trigger expires"); - } else - secdebug("kcacl", "acl update trigger armed for %d calls", - aclUpdateTriggerCount); - } - // end involvement - state = idle; - process.endConnection(*this); - return false; - case dying: - secdebug("SS", "Connection %p abort resuming", this); - if (process.endConnection(*this)) - delete &process; - return true; - default: - assert(false); - return true; // placebo - } -} - - -// -// Key creation and release -// -void Connection::releaseKey(Key::Handle key) -{ - delete &Server::key(key); -} - - -// -// Key inquiries -// -CSSM_KEY_SIZE Connection::queryKeySize(Key &key) -{ - CssmClient::Key theKey(Server::csp(), key); - return theKey.sizeInBits(); -} - - -// -// Signatures and MACs -// -void Connection::generateSignature(const Context &context, Key &key, - CSSM_ALGORITHMS signOnlyAlgorithm, const CssmData &data, CssmData &signature) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - key.validate(CSSM_ACL_AUTHORIZATION_SIGN, context); - CssmClient::Sign signer(Server::csp(), context.algorithm(), signOnlyAlgorithm); - signer.override(context); - signer.sign(data, signature); -} - -void Connection::verifySignature(const Context &context, Key &key, - CSSM_ALGORITHMS verifyOnlyAlgorithm, const CssmData &data, const CssmData &signature) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - CssmClient::Verify verifier(Server::csp(), context.algorithm(), verifyOnlyAlgorithm); - verifier.override(context); - verifier.verify(data, signature); -} - -void Connection::generateMac(const Context &context, Key &key, - const CssmData &data, CssmData &mac) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - key.validate(CSSM_ACL_AUTHORIZATION_MAC, context); - CssmClient::GenerateMac signer(Server::csp(), context.algorithm()); - signer.override(context); - signer.sign(data, mac); -} - -void Connection::verifyMac(const Context &context, Key &key, - const CssmData &data, const CssmData &mac) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - key.validate(CSSM_ACL_AUTHORIZATION_MAC, context); - CssmClient::VerifyMac verifier(Server::csp(), context.algorithm()); - verifier.override(context); - verifier.verify(data, mac); -} - - -// -// Encryption/decryption -// -void Connection::encrypt(const Context &context, Key &key, - const CssmData &clear, CssmData &cipher) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - key.validate(CSSM_ACL_AUTHORIZATION_ENCRYPT, context); - CssmClient::Encrypt cryptor(Server::csp(), context.algorithm()); - cryptor.override(context); - CssmData remData; - size_t totalLength = cryptor.encrypt(clear, cipher, remData); - // shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it - if (remData) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - cipher.length(totalLength); -} - -void Connection::decrypt(const Context &context, Key &key, - const CssmData &cipher, CssmData &clear) -{ - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - key.validate(CSSM_ACL_AUTHORIZATION_DECRYPT, context); - CssmClient::Decrypt cryptor(Server::csp(), context.algorithm()); - cryptor.override(context); - CssmData remData; - size_t totalLength = cryptor.decrypt(cipher, clear, remData); - // shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it - if (remData) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - clear.length(totalLength); -} - - -// -// Key generation and derivation. -// Currently, we consider symmetric key generation to be fast, but -// asymmetric key generation to be (potentially) slow. -// -void Connection::generateKey(Database *db, const Context &context, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs, Key * &newKey) -{ - // prepare a context - CssmClient::GenerateKey generate(Server::csp(), context.algorithm()); - generate.override(context); - - // generate key - // @@@ turn "none" return into reference if permanent (only) - CssmKey key; - generate(key, Key::KeySpec(usage, attrs)); - - // register and return the generated key - newKey = new Key(db, key, attrs & Key::managedAttributes, owner); -} - -void Connection::generateKey(Database *db, const Context &context, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs, - Key * &publicKey, Key * &privateKey) -{ - // prepare a context - CssmClient::GenerateKey generate(Server::csp(), context.algorithm()); - generate.override(context); - - // this may take a while; let our server object know - Server::active().longTermActivity(); - - // generate keys - // @@@ turn "none" return into reference if permanent (only) - CssmKey pubKey, privKey; - generate(pubKey, Key::KeySpec(pubUsage, pubAttrs), - privKey, Key::KeySpec(privUsage, privAttrs)); - - // register and return the generated keys - publicKey = new Key(db, pubKey, pubAttrs & Key::managedAttributes, owner); - privateKey = new Key(db, privKey, privAttrs & Key::managedAttributes, owner); -} - -Key &Connection::deriveKey(Database *db, const Context &context, Key *baseKey, - const AccessCredentials *cred, const AclEntryPrototype *owner, - CssmData *param, uint32 usage, uint32 attrs) -{ - // prepare a key-derivation context - if (baseKey) { - baseKey->validate(CSSM_ACL_AUTHORIZATION_DERIVE, cred); - context.replace(CSSM_ATTRIBUTE_KEY, baseKey->cssmKey()); - } - CssmClient::DeriveKey derive(Server::csp(), context.algorithm(), CSSM_ALGID_NONE); - derive.override(context); - - // derive key - // @@@ turn "none" return into reference if permanent (only) - CssmKey key; - derive(param, Key::KeySpec(usage, attrs), key); - - // register and return the generated key - return *new Key(db, key, attrs & Key::managedAttributes, owner); -} - - -// -// Key wrapping and unwrapping. -// Note that the key argument (the key in the context) is optional because of the special -// case of "cleartext" (null algorithm) wrapping for import/export. -// - -void Connection::wrapKey(const Context &context, Key *key, - Key &keyToBeWrapped, const AccessCredentials *cred, - const CssmData &descriptiveData, CssmKey &wrappedKey) -{ - keyToBeWrapped.validate(context.algorithm() == CSSM_ALGID_NONE ? - CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR : CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED, - cred); - if(!(keyToBeWrapped.attributes() & CSSM_KEYATTR_EXTRACTABLE)) { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - } - if (key) - context.replace(CSSM_ATTRIBUTE_KEY, key->cssmKey()); - CssmClient::WrapKey wrap(Server::csp(), context.algorithm()); - wrap.override(context); - wrap.cred(const_cast(cred)); //@@@ const madness - fix in client/pod - wrap(keyToBeWrapped, wrappedKey, &descriptiveData); -} - -Key &Connection::unwrapKey(Database *db, const Context &context, Key *key, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs, const CssmKey wrappedKey, - Key *publicKey, CssmData *descriptiveData) -{ - if (key) - context.replace(CSSM_ATTRIBUTE_KEY, key->cssmKey()); - CssmClient::UnwrapKey unwrap(Server::csp(), context.algorithm()); - unwrap.override(context); - CssmKey unwrappedKey; - unwrap.cred(const_cast(cred)); //@@@ const madness - fix in client/pod - if (owner) { - AclEntryInput ownerInput(*owner); //@@@ const trouble - fix in client/pod - unwrap.aclEntry(ownerInput); - } - - // @@@ Invoking conversion operator to CssmKey & on *publicKey and take the address of the result. - unwrap(wrappedKey, Key::KeySpec(usage, attrs), unwrappedKey, - descriptiveData, publicKey ? &static_cast(*publicKey) : NULL); - - return *new Key(db, unwrappedKey, attrs & Key::managedAttributes, owner); -} - - -// -// Miscellaneous CSSM functions -// -uint32 Connection::getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt) -{ - // We're fudging here somewhat, since the context can be any type. - // ctx.override will fix the type, and no-one's the wiser. - context.replace(CSSM_ATTRIBUTE_KEY, key.cssmKey()); - CssmClient::Digest ctx(Server::csp(), context.algorithm()); - ctx.override(context); - return ctx.getOutputSize(inputSize, encrypt); -} - diff --git a/SecurityServer/connection.h b/SecurityServer/connection.h deleted file mode 100644 index d15dc278..00000000 --- a/SecurityServer/connection.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// connection - manage connections to clients -// -#ifndef _H_CONNECTION -#define _H_CONNECTION - -#include "securityserver.h" -#include "SecurityAgentClient.h" -#include -#include "process.h" -#include "key.h" -#include - -using MachPlusPlus::Port; -using MachPlusPlus::TaskPort; - -class Session; - - -// -// A Connection object represents an established connection between a client -// and the SecurityServer. Note that in principle, a client process can have -// multiple Connections (each represented by an IPC channel), though there will -// usually be only one. -// -class Connection { - typedef Key::Handle KeyHandle; -public: - Connection(Process &proc, Port rPort); - virtual ~Connection(); - void terminate(); // normal termination - bool abort(bool keepReplyPort = false); // abnormal termination - - Port clientPort() const { return mClientPort; } - - // work framing - called as work threads pick up connection work - void beginWork(); // I've got it - void checkWork(); // everything still okay? - bool endWork(); // Done with this - - // notify that a SecurityAgent call may hang the active worker thread for a while - void useAgent(SecurityAgent::Client *client) - { StLock _(lock); agentWait = client; } - - // special UI convenience - set a don't-ask-again trigger for Keychain-style ACLs - void setAclUpdateTrigger(const SecurityServerAcl &object) - { aclUpdateTrigger = &object; aclUpdateTriggerCount = aclUpdateTriggerLimit + 1; } - bool aclWasSetForUpdateTrigger(const SecurityServerAcl &object) const - { return aclUpdateTriggerCount > 0 && aclUpdateTrigger == &object; } - - Process &process; - -public: - void releaseKey(KeyHandle key); - CSSM_KEY_SIZE queryKeySize(Key &key); - - // service calls - void generateSignature(const Context &context, Key &key, CSSM_ALGORITHMS signOnlyAlgorithm, - const CssmData &data, CssmData &signature); - void verifySignature(const Context &context, Key &key, CSSM_ALGORITHMS verifyOnlyAlgorithm, - const CssmData &data, const CssmData &signature); - void generateMac(const Context &context, Key &key, - const CssmData &data, CssmData &mac); - void verifyMac(const Context &context, Key &key, - const CssmData &data, const CssmData &mac); - - void encrypt(const Context &context, Key &key, const CssmData &clear, CssmData &cipher); - void decrypt(const Context &context, Key &key, const CssmData &cipher, CssmData &clear); - - void generateKey(Database *db, const Context &context, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs, Key * &newKey); - void generateKey(Database *db, const Context &context, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs, - Key * &publicKey, Key * &privateKey); - Key &deriveKey(Database *db, const Context &context, Key *key, - const AccessCredentials *cred, const AclEntryPrototype *owner, - CssmData *param, uint32 usage, uint32 attrs); - - void wrapKey(const Context &context, Key *key, - Key &keyToBeWrapped, const AccessCredentials *cred, - const CssmData &descriptiveData, CssmKey &wrappedKey); - Key &unwrapKey(Database *db, const Context &context, Key *key, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs, const CssmKey wrappedKey, - Key *publicKey, CssmData *descriptiveData); - - uint32 getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt = true); - -private: - // peer state: established during connection startup; fixed thereafter - Port mClientPort; - - // transient state (altered as we go) - Mutex lock; - enum State { - idle, // no thread services us - busy, // a thread is busy servicing us - dying // busy and scheduled to die as soon as possible - } state; - SecurityAgent::Client *agentWait; // SA client session we may be waiting on - - // see KeychainPromptAclSubject in acl_keychain.cpp for more information on this - const SecurityServerAcl *aclUpdateTrigger; // update trigger set for this (NULL if none) - uint8 aclUpdateTriggerCount; // number of back-to-back requests honored - static const uint8 aclUpdateTriggerLimit = 3; // 3 calls (getAcl+getOwner+changeAcl) -}; - - -#endif //_H_CONNECTION diff --git a/SecurityServer/dbcrypto.cpp b/SecurityServer/dbcrypto.cpp deleted file mode 100644 index a50d12b5..00000000 --- a/SecurityServer/dbcrypto.cpp +++ /dev/null @@ -1,469 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dbcrypto - cryptographic core for database and key blob cryptography -// -#include "dbcrypto.h" -#include "ssblob.h" -#include "server.h" // just for Server::csp() -#include -#include -#include -#include -#include - - -using namespace CssmClient; - - -DatabaseCryptoCore::DatabaseCryptoCore() : mHaveMaster(false), mIsValid(false) -{ -} - - -DatabaseCryptoCore::~DatabaseCryptoCore() -{ - // key objects take care of themselves -} - - -// -// Forget the secrets -// -void DatabaseCryptoCore::invalidate() -{ - mMasterKey.release(); - mHaveMaster = false; - - mEncryptionKey.release(); - mSigningKey.release(); - mIsValid = false; -} - - -// -// Generate new secrets for this crypto core. -// -void DatabaseCryptoCore::generateNewSecrets() -{ - // create a random DES3 key - GenerateKey desGenerator(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE, 24 * 8); - mEncryptionKey = desGenerator(KeySpec(CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE)); - - // create a random 20 byte HMAC/SHA1 signing "key" - GenerateKey signGenerator(Server::csp(), CSSM_ALGID_SHA1HMAC, - sizeof(DbBlob::PrivateBlob::SigningKey) * 8); - mSigningKey = signGenerator(KeySpec(CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE)); - - // secrets established - mIsValid = true; -} - - -CssmClient::Key DatabaseCryptoCore::masterKey() -{ - assert(mHaveMaster); - return mMasterKey; -} - - -// -// Establish the master secret as derived from a passphrase passed in. -// If a DbBlob is passed, take the salt from it and remember it. -// If a NULL DbBlob is passed, generate a new (random) salt. -// Note that the passphrase is NOT remembered; only the master key. -// -void DatabaseCryptoCore::setup(const DbBlob *blob, const CssmData &passphrase) -{ - if (blob) - memcpy(mSalt, blob->salt, sizeof(mSalt)); - else - Server::active().random(mSalt); - mMasterKey = deriveDbMasterKey(passphrase); - mHaveMaster = true; -} - - -// -// Establish the master secret directly from a master key passed in. -// We will copy the KeyData (caller still owns its copy). -// Blob/salt handling as above. -// -void DatabaseCryptoCore::setup(const DbBlob *blob, CssmClient::Key master) -{ - // pre-screen the key - CssmKey::Header header = master.header(); - if (header.keyClass() != CSSM_KEYCLASS_SESSION_KEY) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - if (header.algorithm() != CSSM_ALGID_3DES_3KEY_EDE) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - - // accept it - if (blob) - memcpy(mSalt, blob->salt, sizeof(mSalt)); - else - Server::active().random(mSalt); - mMasterKey = master; - mHaveMaster = true; -} - - -// -// Given a putative passphrase, determine whether that passphrase -// properly generates the database's master secret. -// Return a boolean accordingly. Do not change our state. -// The database must have a master secret (to compare with). -// Note that any errors thrown by the cryptography here will actually -// throw out of validatePassphrase, since they "should not happen" and -// thus indicate a problem *beyond* (just) a bad passphrase. -// -bool DatabaseCryptoCore::validatePassphrase(const CssmData &passphrase) -{ - assert(hasMaster()); - CssmClient::Key master = deriveDbMasterKey(passphrase); - - // to compare master with mMaster, see if they encrypt alike - StringData probe - ("Now is the time for all good processes to come to the aid of their kernel."); - CssmData noRemainder((void *)1, 0); // no cipher overflow - Encrypt cryptor(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE); - cryptor.mode(CSSM_ALGMODE_CBCPadIV8); - cryptor.padding(CSSM_PADDING_PKCS1); - uint8 iv[8]; // leave uninitialized; pseudo-random is cool - cryptor.initVector(CssmData::wrap(iv)); - - cryptor.key(master); - CssmAutoData cipher1(Server::csp().allocator()); - cryptor.encrypt(probe, cipher1.get(), noRemainder); - - cryptor.key(mMasterKey); - CssmAutoData cipher2(Server::csp().allocator()); - cryptor.encrypt(probe, cipher2.get(), noRemainder); - - return cipher1 == cipher2; -} - - -// -// Encode a database blob from the core. -// -DbBlob *DatabaseCryptoCore::encodeCore(const DbBlob &blobTemplate, - const CssmData &publicAcl, const CssmData &privateAcl) const -{ - assert(isValid()); // must have secrets to work from - - // make a new IV - uint8 iv[8]; - Server::active().random(iv); - - // build the encrypted section blob - CssmData &encryptionBits = *mEncryptionKey; - CssmData &signingBits = *mSigningKey; - CssmData incrypt[3]; - incrypt[0] = encryptionBits; - incrypt[1] = signingBits; - incrypt[2] = privateAcl; - CssmData cryptoBlob, remData; - Encrypt cryptor(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE); - cryptor.mode(CSSM_ALGMODE_CBCPadIV8); - cryptor.padding(CSSM_PADDING_PKCS1); - cryptor.key(mMasterKey); - CssmData ivd(iv, sizeof(iv)); cryptor.initVector(ivd); - cryptor.encrypt(incrypt, 3, &cryptoBlob, 1, remData); - - // allocate the final DbBlob, uh, blob - size_t length = sizeof(DbBlob) + publicAcl.length() + cryptoBlob.length(); - DbBlob *blob = CssmAllocator::standard().malloc(length); - - // assemble the DbBlob - memset(blob, 0x7d, sizeof(DbBlob)); // deterministically fill any alignment gaps - blob->initialize(); - blob->randomSignature = blobTemplate.randomSignature; - blob->sequence = blobTemplate.sequence; - blob->params = blobTemplate.params; - memcpy(blob->salt, mSalt, sizeof(blob->salt)); - memcpy(blob->iv, iv, sizeof(iv)); - memcpy(blob->publicAclBlob(), publicAcl, publicAcl.length()); - blob->startCryptoBlob = sizeof(DbBlob) + publicAcl.length(); - memcpy(blob->cryptoBlob(), cryptoBlob, cryptoBlob.length()); - blob->totalLength = blob->startCryptoBlob + cryptoBlob.length(); - - // sign the blob - CssmData signChunk[] = { - CssmData(blob->data(), offsetof(DbBlob, blobSignature)), - CssmData(blob->publicAclBlob(), publicAcl.length() + cryptoBlob.length()) - }; - CssmData signature(blob->blobSignature, sizeof(blob->blobSignature)); - GenerateMac signer(Server::csp(), CSSM_ALGID_SHA1HMAC_LEGACY); //@@@!!! CRUD - signer.key(mSigningKey); - signer.sign(signChunk, 2, signature); - assert(signature.length() == sizeof(blob->blobSignature)); - - // all done. Clean up - Server::csp()->allocator().free(cryptoBlob); - return blob; -} - - -// -// Decode a database blob into the core. -// Throws exceptions if decoding fails. -// Memory returned in privateAclBlob is allocated and becomes owned by caller. -// -void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) -{ - assert(mHaveMaster); // must have master key installed - - // try to decrypt the cryptoblob section - Decrypt decryptor(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE); - decryptor.mode(CSSM_ALGMODE_CBCPadIV8); - decryptor.padding(CSSM_PADDING_PKCS1); - decryptor.key(mMasterKey); - CssmData ivd(blob->iv, sizeof(blob->iv)); decryptor.initVector(ivd); - CssmData cryptoBlob(blob->cryptoBlob(), blob->cryptoBlobLength()); - CssmData decryptedBlob, remData; - decryptor.decrypt(cryptoBlob, decryptedBlob, remData); - DbBlob::PrivateBlob *privateBlob = decryptedBlob.interpretedAs(); - - // tentatively establish keys - mEncryptionKey = makeRawKey(privateBlob->encryptionKey, - sizeof(privateBlob->encryptionKey), CSSM_ALGID_3DES_3KEY_EDE, - CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP); - mSigningKey = makeRawKey(privateBlob->signingKey, - sizeof(privateBlob->signingKey), CSSM_ALGID_SHA1HMAC, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY); - - // verify signature on the whole blob - CssmData signChunk[] = { - CssmData(blob->data(), offsetof(DbBlob, blobSignature)), - CssmData(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) - }; - CSSM_ALGORITHMS verifyAlgorithm = CSSM_ALGID_SHA1HMAC; -#if defined(COMPAT_OSX_10_0) - if (blob->version() == blob->version_MacOS_10_0) - verifyAlgorithm = CSSM_ALGID_SHA1HMAC_LEGACY; // BSafe bug compatibility -#endif - VerifyMac verifier(Server::csp(), verifyAlgorithm); - verifier.key(mSigningKey); - verifier.verify(signChunk, 2, CssmData(blob->blobSignature, sizeof(blob->blobSignature))); - - // all checks out; start extracting fields - this->mEncryptionKey = mEncryptionKey; - this->mSigningKey = mSigningKey; - if (privateAclBlob) { - // extract private ACL blob as a separately allocated area - uint32 blobLength = decryptedBlob.length() - sizeof(DbBlob::PrivateBlob); - *privateAclBlob = CssmAllocator::standard().malloc(blobLength); - memcpy(*privateAclBlob, privateBlob->privateAclBlob(), blobLength); - } - - // secrets have been established - mIsValid = true; - CssmAllocator::standard().free(privateBlob); -} - - -// -// Encode a key blob -// -KeyBlob *DatabaseCryptoCore::encodeKeyCore(const CssmKey &inKey, - const CssmData &publicAcl, const CssmData &privateAcl) const -{ - assert(isValid()); // need our database secrets - - // create new IV - uint8 iv[8]; - Server::active().random(iv); - - // extract and hold some header bits the CSP does not want to see - CssmKey key = inKey; - uint32 heldAttributes = key.attributes() & managedAttributes; - key.clearAttribute(managedAttributes); - key.setAttribute(forcedAttributes); - - // use a CMS wrap to encrypt the key - WrapKey wrap(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE); - wrap.key(mEncryptionKey); - wrap.mode(CSSM_ALGMODE_CBCPadIV8); - wrap.padding(CSSM_PADDING_PKCS1); - CssmData ivd(iv, sizeof(iv)); wrap.initVector(ivd); - wrap.add(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT, - uint32(CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM)); - CssmKey wrappedKey; - wrap(key, wrappedKey, &privateAcl); - - // stick the held attribute bits back in - key.clearAttribute(forcedAttributes); - key.setAttribute(heldAttributes); - - // allocate the final KeyBlob, uh, blob - size_t length = sizeof(KeyBlob) + publicAcl.length() + wrappedKey.length(); - KeyBlob *blob = CssmAllocator::standard().malloc(length); - - // assemble the KeyBlob - memset(blob, 0, sizeof(KeyBlob)); // fill alignment gaps - blob->initialize(); - memcpy(blob->iv, iv, sizeof(iv)); - blob->header = key.header(); - h2ni(blob->header); // endian-correct the header - blob->wrappedHeader.blobType = wrappedKey.blobType(); - blob->wrappedHeader.blobFormat = wrappedKey.blobFormat(); - blob->wrappedHeader.wrapAlgorithm = wrappedKey.wrapAlgorithm(); - blob->wrappedHeader.wrapMode = wrappedKey.wrapMode(); - memcpy(blob->publicAclBlob(), publicAcl, publicAcl.length()); - blob->startCryptoBlob = sizeof(KeyBlob) + publicAcl.length(); - memcpy(blob->cryptoBlob(), wrappedKey.data(), wrappedKey.length()); - blob->totalLength = blob->startCryptoBlob + wrappedKey.length(); - - // sign the blob - CssmData signChunk[] = { - CssmData(blob->data(), offsetof(KeyBlob, blobSignature)), - CssmData(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) - }; - CssmData signature(blob->blobSignature, sizeof(blob->blobSignature)); - GenerateMac signer(Server::csp(), CSSM_ALGID_SHA1HMAC_LEGACY); //@@@!!! CRUD - signer.key(mSigningKey); - signer.sign(signChunk, 2, signature); - assert(signature.length() == sizeof(blob->blobSignature)); - - // all done. Clean up - Server::csp()->allocator().free(wrappedKey); - return blob; -} - - -// -// Decode a key blob -// -void DatabaseCryptoCore::decodeKeyCore(KeyBlob *blob, - CssmKey &key, void * &pubAcl, void * &privAcl) const -{ - assert(isValid()); // need our database secrets - - // Assemble the encrypted blob as a CSSM "wrapped key" - CssmKey wrappedKey; - wrappedKey.KeyHeader = blob->header; - h2ni(wrappedKey.KeyHeader); - wrappedKey.blobType(blob->wrappedHeader.blobType); - wrappedKey.blobFormat(blob->wrappedHeader.blobFormat); - wrappedKey.wrapAlgorithm(blob->wrappedHeader.wrapAlgorithm); - wrappedKey.wrapMode(blob->wrappedHeader.wrapMode); - wrappedKey.KeyData = CssmData(blob->cryptoBlob(), blob->cryptoBlobLength()); - - // verify signature (check against corruption) - CssmData signChunk[] = { - CssmData::wrap(blob, offsetof(KeyBlob, blobSignature)), - CssmData(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) - }; - CSSM_ALGORITHMS verifyAlgorithm = CSSM_ALGID_SHA1HMAC; -#if defined(COMPAT_OSX_10_0) - if (blob->version() == blob->version_MacOS_10_0) - verifyAlgorithm = CSSM_ALGID_SHA1HMAC_LEGACY; // BSafe bug compatibility -#endif - VerifyMac verifier(Server::csp(), verifyAlgorithm); - verifier.key(mSigningKey); - CssmData signature(blob->blobSignature, sizeof(blob->blobSignature)); - verifier.verify(signChunk, 2, signature); - - // extract and hold some header bits the CSP does not want to see - uint32 heldAttributes = n2h(blob->header.attributes()) & managedAttributes; - - // decrypt the key using an unwrapping operation - UnwrapKey unwrap(Server::csp(), CSSM_ALGID_3DES_3KEY_EDE); - unwrap.key(mEncryptionKey); - unwrap.mode(CSSM_ALGMODE_CBCPadIV8); - unwrap.padding(CSSM_PADDING_PKCS1); - CssmData ivd(blob->iv, sizeof(blob->iv)); unwrap.initVector(ivd); - unwrap.add(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT, - uint32(CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM)); - CssmData privAclData; - wrappedKey.clearAttribute(managedAttributes); //@@@ shouldn't be needed(?) - unwrap(wrappedKey, - KeySpec(n2h(blob->header.usage()), - (n2h(blob->header.attributes()) & ~managedAttributes) | forcedAttributes), - key, &privAclData); - - // compare retrieved key headers with blob headers (sanity check) - // @@@ this should probably be checked over carefully - CssmKey::Header &real = key.header(); - CssmKey::Header &incoming = blob->header; - n2hi(incoming); - - if (real.HeaderVersion != incoming.HeaderVersion || - real.cspGuid() != incoming.cspGuid()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - if (real.algorithm() != incoming.algorithm()) - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); - - // re-insert held bits - key.header().KeyAttr |= heldAttributes; - - // got a valid key: return the pieces - pubAcl = blob->publicAclBlob(); // points into blob (shared) - privAcl = privAclData; // was allocated by CSP decrypt - // key was set by unwrap operation -} - - -// -// Derive the blob-specific database blob encryption key from the passphrase and the salt. -// -CssmClient::Key DatabaseCryptoCore::deriveDbMasterKey(const CssmData &passphrase) const -{ - // derive an encryption key and IV from passphrase and salt - CssmClient::DeriveKey makeKey(Server::csp(), - CSSM_ALGID_PKCS5_PBKDF2, CSSM_ALGID_3DES_3KEY_EDE, 24 * 8); - makeKey.iterationCount(1000); - makeKey.salt(CssmData::wrap(mSalt)); - CSSM_PKCS5_PBKDF2_PARAMS params; - params.Passphrase = passphrase; - params.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; - CssmData paramData = CssmData::wrap(params); - return makeKey(¶mData, KeySpec(CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE)); -} - - -// -// Turn raw keybits into a symmetric key in the CSP -// -CssmClient::Key DatabaseCryptoCore::makeRawKey(void *data, size_t length, - CSSM_ALGORITHMS algid, CSSM_KEYUSE usage) -{ - // build a fake key - CssmKey key; - key.header().BlobType = CSSM_KEYBLOB_RAW; - key.header().Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - key.header().AlgorithmId = algid; - key.header().KeyClass = CSSM_KEYCLASS_SESSION_KEY; - key.header().KeyUsage = usage; - key.header().KeyAttr = 0; - key.KeyData = CssmData(data, length); - - // unwrap it into the CSP (but keep it raw) - UnwrapKey unwrap(Server::csp(), CSSM_ALGID_NONE); - CssmKey unwrappedKey; - CssmData descriptiveData; - unwrap(key, - KeySpec(CSSM_KEYUSE_ANY, CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE), - unwrappedKey, &descriptiveData, NULL); - return CssmClient::Key(Server::csp(), unwrappedKey); -} diff --git a/SecurityServer/dbcrypto.h b/SecurityServer/dbcrypto.h deleted file mode 100644 index 3b71d198..00000000 --- a/SecurityServer/dbcrypto.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dbcrypto - cryptographic core for database and key blob cryptography -// -#ifndef _H_DBCRYPTO -#define _H_DBCRYPTO - -#include "securityserver.h" -#include -#include - - -// -// A DatabaseCryptoCore object encapsulates the secret state of a database. -// It provides for encoding and decoding of database blobs and key blobs, -// and holds all state related to the database secrets. -// -class DatabaseCryptoCore { -public: - DatabaseCryptoCore(); - virtual ~DatabaseCryptoCore(); - - bool isValid() const { return mIsValid; } - bool hasMaster() const { return mHaveMaster; } - void invalidate(); - - void generateNewSecrets(); - CssmClient::Key masterKey(); - - void setup(const DbBlob *blob, const CssmData &passphrase); - void setup(const DbBlob *blob, CssmClient::Key master); - - void decodeCore(DbBlob *blob, void **privateAclBlob = NULL); - DbBlob *encodeCore(const DbBlob &blobTemplate, - const CssmData &publicAcl, const CssmData &privateAcl) const; - - KeyBlob *encodeKeyCore(const CssmKey &key, - const CssmData &publicAcl, const CssmData &privateAcl) const; - void decodeKeyCore(KeyBlob *blob, - CssmKey &key, void * &pubAcl, void * &privAcl) const; - - static const uint32 managedAttributes = KeyBlob::managedAttributes; - static const uint32 forcedAttributes = KeyBlob::forcedAttributes; - -public: - bool validatePassphrase(const CssmData &passphrase); - -private: - bool mHaveMaster; // master key has been entered (setup) - bool mIsValid; // master secrets are valid (decode or generateNew) - - CssmClient::Key mMasterKey; // database master key - uint8 mSalt[20]; // salt for master key derivation from passphrase (only) - - CssmClient::Key mEncryptionKey; // master encryption key - CssmClient::Key mSigningKey; // master signing key - - CssmClient::Key deriveDbMasterKey(const CssmData &passphrase) const; - CssmClient::Key makeRawKey(void *data, size_t length, - CSSM_ALGORITHMS algid, CSSM_KEYUSE usage); -}; - - -#endif //_H_DBCRYPTO diff --git a/SecurityServer/dictionary.cpp b/SecurityServer/dictionary.cpp deleted file mode 100644 index 9f43c743..00000000 --- a/SecurityServer/dictionary.cpp +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include "dictionary.h" -#include - -namespace Security { - -CssmData NameValuePair::CloneData (const CssmData &value) -{ - void* clonedData = (void*) new unsigned char [value.length ()]; - memcpy (clonedData, value.data (), value.length ()); - return CssmData (clonedData, value.length ()); -} - - - -NameValuePair::NameValuePair (uint32 name, const CssmData &value) : mName (name), mValue (CloneData (value)) -{ -} - - - -NameValuePair::NameValuePair (const CssmData &data) -{ - // the first four bytes are the name - unsigned char* finger = (unsigned char*) data.data (); - mName = 0; - - unsigned int i; - for (i = 0; i < sizeof (uint32); ++i) - { - mName = (mName << 8) | *finger++; - } - - // the next four bytes are the length - uint32 length = 0; - for (i = 0; i < sizeof (uint32); ++i) - { - length = (length << 8) | *finger++; - } - - // what's left is the data - mValue = CloneData (CssmData (finger, length)); -} - - - -NameValuePair::~NameValuePair () -{ - delete (unsigned char*) mValue.data (); -} - - - -void NameValuePair::Export (CssmData &data) const -{ - // export the data in the format name length data - uint32 outSize = 2 * sizeof (uint32) + mValue.length (); - unsigned char* d = new unsigned char [outSize]; - unsigned char* finger = d; - - // export the name - uint32 intBuffer = mName; - - int i; - for (i = sizeof (uint32) - 1; i >= 0; --i) - { - finger[i] = intBuffer & 0xFF; - intBuffer >>= 8; - } - - // export the length - finger += sizeof (uint32); - intBuffer = mValue.length (); - for (i = sizeof (uint32) - 1; i >= 0; --i) - { - finger[i] = intBuffer & 0xFF; - intBuffer >>= 8; - } - - // export the data - finger += sizeof (uint32); - memcpy (finger, mValue.data (), mValue.length ()); - - data = CssmData (d, outSize); -} - - - -NameValueDictionary::NameValueDictionary () -{ -} - - - -NameValueDictionary::~NameValueDictionary () -{ - // to prevent leaks, delete all members of the vector - int i = mVector.size (); - while (i > 0) - { - delete mVector[--i]; - - mVector.erase (mVector.begin () + i); - } -} - - - -NameValueDictionary::NameValueDictionary (const CssmData &data) -{ - // reconstruct a name value dictionary from a series of exported NameValuePair blobs - unsigned char* finger = (unsigned char*) data.data (); - unsigned char* target = finger + data.length (); - - do - { - // compute the length of data blob - unsigned int i; - uint32 length = 0; - for (i = sizeof (uint32); i < 2 * sizeof (uint32); ++i) - { - length = (length << 8) | finger[i]; - } - - // add the length of the "header" - length += 2 * sizeof (uint32); - Insert (new NameValuePair (CssmData (finger, length))); - - // skip to the next data - finger += length; - } while (finger < target); -} - - - -void NameValueDictionary::Insert (NameValuePair* pair) -{ - mVector.push_back (pair); -} - - - -void NameValueDictionary::RemoveByName (uint32 name) -{ - int which = FindPositionByName (name); - if (which != -1) - { - NameValuePair* nvp = mVector[which]; - mVector.erase (mVector.begin () + which); - delete nvp; - } -} - - - -int NameValueDictionary::FindPositionByName (uint32 name) const -{ - int target = CountElements (); - int i; - - for (i = 0; i < target; ++i) - { - if (mVector[i]->Name () == name) - { - return i; - } - } - - return -1; -} - - - -const NameValuePair* NameValueDictionary::FindByName (uint32 name) const -{ - int which = FindPositionByName (name); - return which == -1 ? NULL : mVector[which]; -} - - - - -int NameValueDictionary::CountElements () const -{ - return mVector.size (); -} - - - -const NameValuePair* NameValueDictionary::GetElement (int which) -{ - return mVector[which]; -} - - - -void NameValueDictionary::Export (CssmData &outData) -{ - // get each element in the dictionary, and add it to the data blob - int i; - uint32 length = 0; - unsigned char* data = 0; - - for (i = 0; i < CountElements (); ++i) - { - CssmData exportedData; - const NameValuePair *nvp = GetElement (i); - nvp->Export (exportedData); - - uint32 oldLength = length; - length += exportedData.length (); - data = (unsigned char*) realloc (data, length); - - memcpy (data + oldLength, exportedData.data (), exportedData.length ()); - - delete (unsigned char*) exportedData.data (); - } - - outData = CssmData (data, length); -} - - - -void NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier (const DLDbIdentifier &identifier, NameValueDictionary &nvd) -{ - // get the subserviceID - const CssmSubserviceUid &ssuid = identifier.ssuid (); - const CSSM_SUBSERVICE_UID* baseID = &ssuid; - nvd.Insert (new NameValuePair (SSUID_KEY, CssmData ((void*) (baseID), sizeof (CSSM_SUBSERVICE_UID)))); - - // get the name - const char* dbName = identifier.dbName (); - nvd.Insert (new NameValuePair (DB_NAME, CssmData ((void*) (dbName), strlen (dbName) + 1))); - - // get the net address - const CSSM_NET_ADDRESS* add = identifier.dbLocation (); - if (add != NULL) - { - nvd.Insert (new NameValuePair (DB_LOCATION, CssmData ((void*) add, sizeof (CSSM_NET_ADDRESS)))); - } -} - - - -DLDbIdentifier NameValueDictionary::MakeDLDbIdentifierFromNameValueDictionary (const NameValueDictionary &nvd) -{ - CSSM_SUBSERVICE_UID* uid = (CSSM_SUBSERVICE_UID*) nvd.FindByName (SSUID_KEY)->Value ().data (); - char* name = (char*) nvd.FindByName (DB_NAME)->Value ().data (); - - const NameValuePair* nvp = nvd.FindByName (DB_LOCATION); - CSSM_NET_ADDRESS* address = nvp ? (CSSM_NET_ADDRESS*) nvp->Value ().data () : NULL; - - return DLDbIdentifier (*uid, name, address); -} - -}; // end Security namespace diff --git a/SecurityServer/dictionary.h b/SecurityServer/dictionary.h deleted file mode 100644 index 8efd1c39..00000000 --- a/SecurityServer/dictionary.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _DICTIONARY_H__ -#define _DICTIONARY_H__ - - -#include -#include "cssmdb.h" - -namespace Security { - - - -#define PID_KEY 'pidk' -#define ITEM_KEY 'item' -#define SSUID_KEY 'ssui' -#define DB_NAME 'dbnm' -#define DB_LOCATION 'dblc' - - - -class NameValuePair -{ -protected: - uint32 mName; - CssmData mValue; - - CssmData CloneData (const CssmData &value); - -public: - NameValuePair (uint32 name, const CssmData &value); - NameValuePair (const CssmData &data); - ~NameValuePair (); - - const uint32 Name () {return mName;} - const CssmData& Value () const {return mValue;} - void Export (CssmData &data) const; -}; - - - -typedef std::vector NameValuePairVector; - - - -class NameValueDictionary -{ -protected: - NameValuePairVector mVector; - - int FindPositionByName (uint32 name) const; - -public: - NameValueDictionary (); - ~NameValueDictionary (); - NameValueDictionary (const CssmData &data); - - void Insert (NameValuePair* pair); - void RemoveByName (uint32 name); - const NameValuePair* FindByName (uint32 name) const; - - int CountElements () const; - const NameValuePair* GetElement (int which); - void Export (CssmData &data); - - // utility functions - static void MakeNameValueDictionaryFromDLDbIdentifier (const DLDbIdentifier &identifier, NameValueDictionary &nvd); - static DLDbIdentifier MakeDLDbIdentifierFromNameValueDictionary (const NameValueDictionary &nvd); -}; - - -}; - -#endif diff --git a/SecurityServer/entropy.cpp b/SecurityServer/entropy.cpp deleted file mode 100644 index 8801e850..00000000 --- a/SecurityServer/entropy.cpp +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// EntropyManager - manage entropy on the system. -// -// Here is our mission: -// (1) On startup, read the entropy file and seed it into the RNG for initial use -// (2) Periodically, collect entropy from the system and seed it into the RNG -// (3) Once in a while, take entropy from the RNG and write it to the entropy file -// for use across reboots. -// -// This class will fail to operate if the process has (and retains) root privileges. -// We re-open the entropy file on each use so that we don't work with a "phantom" -// file that some fool administrator removed yesterday. -// -#include "entropy.h" -#include -#include -#include -#include -#include -#include - -/* when true, action() called every 15 seconds */ -#define ENTROPY_QUICK_UPDATE 0 -#if ENTROPY_QUICK_UPDATE -#define COLLECT_INTERVAL 15 -#else -#define COLLECT_INTERVAL collectInterval -#endif //ENTROPY_QUICK_UPDATE - -using namespace UnixPlusPlus; - - -// -// During construction, we perform initial entropy file recovery. -// -EntropyManager::EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile) - : DevRandomGenerator(true), server(srv), - mEntropyFilePath(entropyFile), mNextUpdate(Time::now()) -{ - // Read the entropy file and seed the RNG. It is not an error if we can't find one. - try { - AutoFileDesc oldEntropyFile(entropyFile, O_RDONLY); - char buffer[entropyFileSize]; - if (size_t size = oldEntropyFile.read(buffer)) - addEntropy(buffer, size); - } catch (...) { } - - // go through a collect/update/reschedule cycle immediately - action(); -} - - -// -// Timer action -// -void EntropyManager::action() -{ - collectEntropy(); - updateEntropyFile(); - - server.setTimer(this, Time::Interval(COLLECT_INTERVAL)); // drifting reschedule (desired) -} - - -// -// Collect system timings and seed into the RNG. -// Note that the sysctl will block until the buffer is full or the timeout expires. -// We currently use a 1ms timeout, which almost always fills the buffer and -// does not provide enough of a delay to worry about it. If we ever get worried, -// we could call longTermActivity on the server object to get another thread going. -// -void EntropyManager::collectEntropy() -{ - int mib[4]; - mib[0] = CTL_KERN; - mib[1] = KERN_KDEBUG; - mib[2] = KERN_KDGETENTROPY; - mib[3] = 1; // milliseconds maximum delay - mach_timespec_t timings[timingsToCollect]; - size_t size = sizeof(timings); - int ret = sysctl(mib, 4, timings, &size, NULL, 0); - if (ret == -1) { - Syslog::alert("entropy collection failed (errno=%d)", errno); - return; - } - char buffer[timingsToCollect]; - for (unsigned n = 0; n < size; n++) - buffer[n] = timings[n].tv_nsec; // truncating to LSB - secdebug("entropy", "Entropy size %d: %02x %02x %02x %02x %02x %02x %02x %02x...", - (int)size, - (unsigned char)buffer[0], (unsigned char)buffer[1], (unsigned char)buffer[2], - (unsigned char)buffer[3], (unsigned char)buffer[4], (unsigned char)buffer[5], - (unsigned char)buffer[6], (unsigned char)buffer[7]); - addEntropy(buffer, size); -} - - -// -// (Re)write the entropy file with random data pulled from the RNG -// -void EntropyManager::updateEntropyFile() -{ - if (Time::now() >= mNextUpdate) { - try { - mNextUpdate = Time::now() + Time::Interval(updateInterval); - secdebug("entropy", "updating %s", mEntropyFilePath.c_str()); - char buffer[entropyFileSize]; - random(buffer, entropyFileSize); - AutoFileDesc entropyFile(mEntropyFilePath.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0600); - if (entropyFile.write(buffer) != entropyFileSize) - Syslog::warning("short write on entropy file %s", mEntropyFilePath.c_str()); - } catch (...) { - Syslog::warning("error writing entropy file %s", mEntropyFilePath.c_str()); - } - } -} - diff --git a/SecurityServer/entropy.h b/SecurityServer/entropy.h deleted file mode 100644 index 7f5e3482..00000000 --- a/SecurityServer/entropy.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// yarrowseed - periodical to collect and seed entropy into /dev/random -// -#ifndef _H_ENTROPY -#define _H_ENTROPY - -#include -#include -#include - -using namespace Security; -using MachPlusPlus::MachServer; - - -// -// A (one-off) timer object that manages system entropy -// -class EntropyManager : public MachServer::Timer, private DevRandomGenerator { - // all the parameters you ever (should) want to change :-) - static const int collectInterval = 600; // collect every 10 minutes - static const int updateInterval = 3600; // update file every hour - static const int timingsToCollect = 40; // how many timings? - -public: - EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile); - - void action(); - - MachPlusPlus::MachServer &server; // to which we do setTimer() - -private: - string mEntropyFilePath; // absolute path to entropy file - Time::Absolute mNextUpdate; // next time for entropy file update - - void collectEntropy(); // collect system timings and seed RNG - void updateEntropyFile(); // update entropy file from RNG if it's time - - static const size_t entropyFileSize = 20; // bytes (effectively one SHA-1 worth) -}; - -#endif //_H_ENTROPY diff --git a/SecurityServer/eventlistener.cpp b/SecurityServer/eventlistener.cpp deleted file mode 100644 index e5b227e6..00000000 --- a/SecurityServer/eventlistener.cpp +++ /dev/null @@ -1,118 +0,0 @@ -#include "eventlistener.h" - - -namespace Security { -namespace SecurityServer { - -EventListener::EventListener (CssmAllocator &standard, CssmAllocator &returning) : mClientSession (standard, returning), - mMachPortRef (NULL), - mRunLoopSourceRef (NULL) - -{ - Initialize (); -} - - - -EventListener::~EventListener () -{ - if (mMachPortRef != NULL) - { - mach_port_t mp = CFMachPortGetPort (mMachPortRef); - mClientSession.stopNotification (mp); - CFRelease (mMachPortRef); - } - - if (mRunLoopSourceRef != NULL) - { - CFRelease (mRunLoopSourceRef); - } -} - - - -void EventListener::Callback (CFMachPortRef port, void *msg, CFIndex size, void *info) -{ - reinterpret_cast(info)->HandleCallback (port, msg, size); -} - - - -void EventListener::Initialize () -{ - // create a callback information structure - CFMachPortContext context = {1, this, NULL, NULL, NULL}; - - // create the CFMachPort - mMachPortRef = CFMachPortCreate (NULL, Callback, &context, NULL); - if (mMachPortRef == NULL) - { - return; - } - - // set the buffer limit for the port - mach_port_t mp = CFMachPortGetPort (mMachPortRef); - - mach_port_limits_t limits; - limits.mpl_qlimit = MACH_PORT_QLIMIT_MAX; - kern_return_t result = - mach_port_set_attributes (mach_task_self (), mp, MACH_PORT_LIMITS_INFO, - mach_port_info_t (&limits), MACH_PORT_LIMITS_INFO_COUNT); - - if (result != KERN_SUCCESS) - { - secdebug ("notify", "Got error %d when trying to maximize queue size", result); - } - - // make a run loop source for this ref - mRunLoopSourceRef = CFMachPortCreateRunLoopSource (NULL, mMachPortRef, NULL); - if (mRunLoopSourceRef == NULL) - { - CFRelease (mMachPortRef); - return; - } - - // attach this run loop source to the main run loop - CFRunLoopAddSource (CFRunLoopGetCurrent (), mRunLoopSourceRef, kCFRunLoopDefaultMode); - - // extract the actual port from the run loop, and request callbacks on that port - mClientSession.requestNotification (mp, Listener::databaseNotifications, - Listener::allEvents); -} - - - -void EventListener::HandleCallback (CFMachPortRef port, void *msg, CFIndex size) -{ - // we need to parse the message and see what happened - mClientSession.dispatchNotification (reinterpret_cast(msg), ProcessMessage, this); -} - - - -OSStatus EventListener::ProcessMessage (Listener::Domain domain, Listener::Event event, const void *data, size_t dataLength, void *context) -{ - reinterpret_cast(context)->EventReceived (domain, event, data, dataLength); - return noErr; -} - - - -void EventListener::RequestEvents (Listener::Domain whichDomain, Listener::EventMask whichEvents) -{ - // stop the old event request and change to the new one - mach_port_t mp = CFMachPortGetPort (mMachPortRef); - mClientSession.stopNotification (mp); - mClientSession.requestNotification (mp, whichDomain, whichEvents); -} - - - -void EventListener::EventReceived (Listener::Domain domain, Listener::Event event, const void* data, size_t dataLength) -{ -} - - - -}; -}; diff --git a/SecurityServer/eventlistener.h b/SecurityServer/eventlistener.h deleted file mode 100644 index 921e3c14..00000000 --- a/SecurityServer/eventlistener.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef _H_EVENTLISTENER -#define _H_EVENTLISTENER - -#include - - - -#undef verify - -namespace Security { -namespace SecurityServer { - - -class EventListener -{ -protected: - ClientSession mClientSession; - CFMachPortRef mMachPortRef; - CFRunLoopSourceRef mRunLoopSourceRef; - - static void Callback (CFMachPortRef port, void *msg, CFIndex size, void *info); - static OSStatus ProcessMessage (Listener::Domain domain, Listener::Event event, const void *data, size_t dataLength, void *context); - void HandleCallback (CFMachPortRef port, void *msg, CFIndex size); - void HandleMessage (); - void Initialize (); - -public: - EventListener (CssmAllocator &standard = CssmAllocator::standard(), CssmAllocator &returning = CssmAllocator::standard()); - virtual ~EventListener (); - - void RequestEvents (Listener::Domain domain, Listener::EventMask eventMask); - virtual void EventReceived (Listener::Domain domain, Listener::Event event, const void* data, size_t dataLength); -}; - - -}; // end namespace SecurityServer -}; // end namespace Security - - - -#endif diff --git a/SecurityServer/flippers.cpp b/SecurityServer/flippers.cpp deleted file mode 100644 index 795b732d..00000000 --- a/SecurityServer/flippers.cpp +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// process - track a single client process and its belongings -// -#include "flippers.h" -#include "memutils.h" - -using namespace LowLevelMemoryUtilities; - - -namespace Flippers { - - -// -// Automatically generated flippers -// -#include "flip_gen.cpp" - - -// -// The raw byte reversal flipper -// -void flip(void *addr, size_t size) -{ - assert(size > 1 && (size % 2 == 0)); - Byte *word = reinterpret_cast(addr); - for (size_t n = 0; n < size/2; n++) { - Byte b = word[n]; - word[n] = word[size-1-n]; - word[size-1-n] = b; - } -} - - -// -// Basic flippers -// -void flip(uint32 &obj) { flip(&obj, sizeof(obj)); } -void flip(uint16 &obj) { flip(&obj, sizeof(obj)); } -void flip(sint32 &obj) { flip(&obj, sizeof(obj)); } -void flip(sint16 &obj) { flip(&obj, sizeof(obj)); } - - -// -// Flip a context attribute. This is heavily polymorphic. -// -void flip(CSSM_CONTEXT_ATTRIBUTE &obj) -{ - flip(obj.AttributeType); - flip(obj.AttributeLength); - switch (obj.AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) { - case CSSM_ATTRIBUTE_DATA_UINT32: - flip(obj.Attribute.Uint32); - break; - // all other alternatives are handled by CSSM_CONTEXT_ATTRIBUTE's walker - default: - break; - } -} - - -} // end namespace Flippers diff --git a/SecurityServer/flippers.h b/SecurityServer/flippers.h deleted file mode 100644 index 68d7c157..00000000 --- a/SecurityServer/flippers.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// process - track a single client process and its belongings -// -#ifndef _H_FLIPPERS -#define _H_FLIPPERS - -#include -#include - -// various types we make flippers for -#include -#include -#include -#include -#include -#include -#include - - -namespace Flippers { - - -// -// The default flipper does nothing -// -template -inline void flip(T &obj) -{ } - - -// -// It's a bad idea to try to flip a const, so flag that -// -template -inline void flip(const T &) -{ tryingToFlipAConstWontWork(); } - - -// -// Basic flippers -// -void flip(uint32 &obj); -void flip(uint16 &obj); -void flip(sint32 &obj); -void flip(sint16 &obj); - -template -inline void flip(Base * &obj) { flip(&obj, sizeof(obj)); } - - -// -// The raw byte reversal flipper -// -void flip(void *addr, size_t size); - - -// -// Include automatically generated flipper declarations -// -#include "flip_gen.h" - - -} // end namespace flippers - - -#endif //_H_FLIPPERS diff --git a/SecurityServer/generate.cf b/SecurityServer/generate.cf deleted file mode 100644 index 8557c3ef..00000000 --- a/SecurityServer/generate.cf +++ /dev/null @@ -1,42 +0,0 @@ -# -# Byte flipper generator configuration. -# -# Syntax of each non-comment line: -# cssmType[/podwrapperType] field1 ... fieldn -# cssmType[/podwrapperType] * -# Generates flippers for each cssmType (with forwarders for podwrapperType if present), -# flipping the fields given. If '*' is used, take field definitions from cssmtype.h. -# - -# -# CSSM standard structures -# -CSSM_DATA/CssmData Length -CSSM_VERSION * -CSSM_SUBSERVICE_UID/CssmSubserviceUid * -CSSM_NET_ADDRESS * -CSSM_LIST_ELEMENT/ListElement WordID ElementType -CSSM_DL_DB_HANDLE * -CSSM_CONTEXT_ATTRIBUTE/Context::Attr CUSTOM -CSSM_CONTEXT/Context * -CSSM_LIST/CssmList/TypedList ListType Tail -CSSM_SAMPLE/CssmSample * -CSSM_SAMPLEGROUP/SampleGroup NumberOfSamples -CSSM_ACCESS_CREDENTIALS/AccessCredentials Callback CallerCtx -CSSM_AUTHORIZATIONGROUP/AuthorizationGroup NumberOfAuthTags -CSSM_ACL_VALIDITY_PERIOD * -CSSM_ACL_ENTRY_PROTOTYPE/AclEntryPrototype Delegate -CSSM_ACL_OWNER_PROTOTYPE/AclOwnerPrototype Delegate -CSSM_ACL_ENTRY_INPUT/AclEntryInput Callback CallerContext -CSSM_ACL_ENTRY_INFO/AclEntryInfo EntryHandle -CSSM_RANGE * -CSSM_KEY_SIZE/CssmKeySize * -CSSM_KEYHEADER/CssmKey::Header * -CSSM_KEY/CssmKey KeyHeader - - -# -# Authorization structures -# -AuthorizationItem valueLength flags -AuthorizationItemSet count diff --git a/SecurityServer/generate.pl b/SecurityServer/generate.pl deleted file mode 100755 index 3426267e..00000000 --- a/SecurityServer/generate.pl +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/perl -# -# -# -use strict; - -my $disclaimer = "Automatically generated - do not edit on penalty of futility!"; - - -# arguments -my ($configfile, $out_h, $out_cpp, $types) = @ARGV; - - -# open configuration file -open(CFG, "$configfile") || die "$configfile: $!"; - -# open and load cssmtypes file -open(TYPES, "$types") || die "$types: $!"; -$/=undef; -my $types_h = ; -close(TYPES); $/="\n"; - -# open output files -open(H, ">$out_h") || die "$out_h: $!"; -open(CPP, ">$out_cpp") || die "$out_cpp: $!"; - -# cautionary headings to each file -print H <) { - chomp; - next if /^[ ]*#/; - next if /^[ ]*$/; - - my @args = split; - $_ = shift @args; - my ($cssmName, @aliases) = split /\//; - - print H "void flip($cssmName &obj);\n"; - for my $alias (@aliases) { - print H "inline void flip($alias &obj) { flip(static_cast<$cssmName &>(obj)); }\n"; - } - - next if ($args[0] eq 'CUSTOM'); - - if ($args[0] eq '*') { - # extract definition from types file - my ($list) = $types_h =~ /{\s+([^}]+)\s+}\s*$cssmName,/; - die "cannot find struct definition for $cssmName in $types" unless $list; - @args = $list =~ /([A-Za-z0-9_]+);/gm; - } - - print CPP "void flip($cssmName &obj)\n{\n"; - for my $field (@args) { - print CPP "\tflip(obj.$field);\n"; - } - print CPP "}\n\n"; -} diff --git a/SecurityServer/key.cpp b/SecurityServer/key.cpp deleted file mode 100644 index f26d3b54..00000000 --- a/SecurityServer/key.cpp +++ /dev/null @@ -1,289 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// key - representation of SecurityServer key objects -// -#include "key.h" -#include "server.h" -#include "xdatabase.h" -#include - - -// -// Create a Key object from a database-encoded blob. -// Note that this doesn't decode the blob (yet). -// -Key::Key(Database &db, const KeyBlob *blob) -: SecurityServerAcl(keyAcl, CssmAllocator::standard()), mDigest(Server::csp().allocator()) -{ - // perform basic validation on the incoming blob - assert(blob); - blob->validate(CSSMERR_APPLEDL_INVALID_KEY_BLOB); - switch (blob->version()) { -#if defined(COMPAT_OSX_10_0) - case blob->version_MacOS_10_0: - break; -#endif - case blob->version_MacOS_10_1: - break; - default: - CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB); - } - - // set it up - mDatabase = &db; - mBlob = blob->copy(CssmAllocator::standard()); - mAttributes = 0; - mValidBlob = true; - mValidKey = false; - mValidUID = false; - secdebug("SSkey", "%p (handle 0x%lx) created from blob version %lx", - this, handle(), blob->version()); -} - - -// -// Create a Key from an explicit CssmKey. -// -Key::Key(Database *db, const CssmKey &newKey, uint32 moreAttributes, - const AclEntryPrototype *owner) -: SecurityServerAcl(keyAcl, CssmAllocator::standard()), mDigest(Server::csp().allocator()) -{ - if (moreAttributes & CSSM_KEYATTR_PERMANENT) { - // better have a database to make it permanent in... - if (!db) - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE); - } else { - // non-permanent; ignore database - db = NULL; - } - - mDatabase = db; - mValidKey = true; - mBlob = NULL; - mValidBlob = false; - mValidUID = false; - setup(newKey, moreAttributes); - - // establish initial ACL; reinterpret empty (null-list) owner as NULL for resilence's sake - if (owner && !owner->subject().empty()) - cssmSetInitial(*owner); // specified - else - cssmSetInitial(new AnyAclSubject()); // defaulted - secdebug("SSkey", "%p (handle 0x%lx) created from key alg=%ld use=0x%lx attr=0x%lx db=%p", - this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, db); -} - - -// -// Set up the CssmKey part of this Key according to instructions. -// -void Key::setup(const CssmKey &newKey, uint32 moreAttributes) -{ - mKey = CssmClient::Key(Server::csp(), newKey, false); - CssmKey::Header &header = mKey->header(); - - // copy key header - header = newKey.header(); - mAttributes = (header.attributes() & ~forcedAttributes) | moreAttributes; - - // apply initial values of derived attributes (these are all in managedAttributes) - if (!(mAttributes & CSSM_KEYATTR_EXTRACTABLE)) - mAttributes |= CSSM_KEYATTR_NEVER_EXTRACTABLE; - if (mAttributes & CSSM_KEYATTR_SENSITIVE) - mAttributes |= CSSM_KEYATTR_ALWAYS_SENSITIVE; - - // verify internal/external attribute separation - assert((header.attributes() & managedAttributes) == forcedAttributes); -} - - -Key::~Key() -{ - CssmAllocator::standard().free(mBlob); - secdebug("SSkey", "%p destroyed", this); -} - - -// -// Form a KeySpec with checking and masking -// -Key::KeySpec::KeySpec(uint32 usage, uint32 attrs) - : CssmClient::KeySpec(usage, (attrs & ~managedAttributes) | forcedAttributes) -{ - if (attrs & generatedAttributes) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); -} - -Key::KeySpec::KeySpec(uint32 usage, uint32 attrs, const CssmData &label) - : CssmClient::KeySpec(usage, (attrs & ~managedAttributes) | forcedAttributes, label) -{ - if (attrs & generatedAttributes) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); -} - - -// -// Retrieve the actual CssmKey value for the key object. -// This will decode its blob if needed (and appropriate). -// -CssmClient::Key Key::keyValue() -{ - decode(); - return mKey; -} - - -// -// Ensure that a key is fully decoded. -// This makes the mKey key value available for use, as well as its ACL. -// -void Key::decode() -{ - if (!mValidKey) { - assert(mDatabase); // have to have a database (to decode the blob) - assert(mValidBlob); // must have a blob to decode - - // decode the key - void *publicAcl, *privateAcl; - CssmKey key; - database()->decodeKey(mBlob, key, publicAcl, privateAcl); - mKey = CssmClient::Key(Server::csp(), key); - importBlob(publicAcl, privateAcl); - // publicAcl points into the blob; privateAcl was allocated for us - CssmAllocator::standard().free(privateAcl); - - // extract managed attribute bits - mAttributes = mKey.header().attributes() & managedAttributes; - mKey.header().clearAttribute(managedAttributes); - mKey.header().setAttribute(forcedAttributes); - - // key is valid now - mValidKey = true; - } -} - - -// -// Return a key's handle and header in external form -// -void Key::returnKey(Handle &h, CssmKey::Header &hdr) -{ - // return handle - h = handle(); - - // obtain the key header, from the valid key or the blob if no valid key - if (mValidKey) { - hdr = mKey.header(); - } else { - assert(mValidBlob); - hdr = mBlob->header; - n2hi(hdr); // correct for endian-ness - } - - // adjust for external attributes - hdr.clearAttribute(forcedAttributes); - hdr.setAttribute(mAttributes); -} - - -// -// Generate the canonical key digest. -// This is defined by a CSP feature that we invoke here. -// -const CssmData &Key::canonicalDigest() -{ - if (!mDigest) { - CssmClient::PassThrough ctx(Server::csp()); - ctx.key(keyValue()); - CssmData *digest = NULL; - ctx(CSSM_APPLECSP_KEYDIGEST, (const void *)NULL, &digest); - assert(digest); - mDigest.set(*digest); // takes ownership of digest data - Server::csp().allocator().free(digest); // the CssmData itself - } - return mDigest.get(); -} - - -// -// Encode a key into a blob. -// We'll have to ask our Database to do this - we don't have its keys. -// Note that this returns memory we own and keep. -// -KeyBlob *Key::blob() -{ - if (mDatabase == NULL) // can't encode independent keys - CssmError::throwMe(CSSMERR_DL_INVALID_DB_HANDLE); - if (!mValidBlob) { - assert(mValidKey); // must have valid key to encode - //@@@ release mBlob memory here - - // export Key ACL to blob form - CssmData pubAcl, privAcl; - exportBlob(pubAcl, privAcl); - - // assemble external key form - CssmKey externalKey = mKey; - externalKey.clearAttribute(forcedAttributes); - externalKey.setAttribute(mAttributes); - - // encode the key and replace blob - KeyBlob *newBlob = database()->encodeKey(externalKey, pubAcl, privAcl); - CssmAllocator::standard().free(mBlob); - mBlob = newBlob; - mValidBlob = true; - - // clean up and go - database()->allocator.free(pubAcl); - database()->allocator.free(privAcl); - } - return mBlob; -} - - -// -// Return the UID of a key (the hash of its bits) -// -KeyUID &Key::uid() -{ - if (!mValidUID) { - //@@@ calculate UID here - memset(&mUID, 0, sizeof(mUID)); - mValidUID = true; - } - return mUID; -} - - -// -// Intercept ACL change requests and reset blob validity -// -void Key::instantiateAcl() -{ - decode(); -} - -void Key::changedAcl() -{ - mValidBlob = false; -} - -const Database *Key::relatedDatabase() const -{ return database(); } diff --git a/SecurityServer/key.h b/SecurityServer/key.h deleted file mode 100644 index 222bea06..00000000 --- a/SecurityServer/key.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// key - representation of SecurityServer key objects -// -#ifndef _H_KEY -#define _H_KEY - -#include "securityserver.h" -#include "acls.h" -#include -#include -#include - - -class Database; - -// -// A Key object represents a CSSM_KEY known to the SecurityServer. -// We give each Key a handle that allows our clients to access it, while we use -// the Key's ACL to control such accesses. -// A Key can be used by multiple Connections. Whether more than one Key can represent -// the same actual key object is up to the CSP we use, so let's be tolerant about that. -// -// A note on key attributes: We keep two sets of attribute bits. The internal bits are used -// when talking to our CSP; the external bits are used when negotiating with our client(s). -// The difference is the bits in managedAttributes, which relate to persistent key storage -// and are not digestible by our CSP. The internal attributes are kept in mKey. The external -// ones are kept in mAttributes. -// -class Key : public HandleObject, public SecurityServerAcl { -public: - Key(Database &db, const KeyBlob *blob); - Key(Database *db, const CssmKey &newKey, uint32 moreAttributes, - const AclEntryPrototype *owner = NULL); - virtual ~Key(); - - Database *database() const { return mDatabase; } - bool hasDatabase() const { return mDatabase != NULL; } - - // yield the decoded internal key -- internal attributes - CssmClient::Key key() { return keyValue(); } - const CssmKey &cssmKey() { return keyValue(); } - operator CssmClient::Key () { return keyValue(); } - operator const CssmKey &() { return keyValue(); } - operator const CSSM_KEY & () { return keyValue(); } - - // yield the approximate external key header -- external attributes - void returnKey(Handle &h, CssmKey::Header &hdr); - - // generate the canonical key digest - const CssmData &canonicalDigest(); - - // we can also yield an encoded KeyBlob *if* we belong to a database - KeyBlob *blob(); - - // calculate the UID value for this key (if possible) - KeyUID &uid(); - - // ACL state management hooks - void instantiateAcl(); - void changedAcl(); - const Database *relatedDatabase() const; - - // key attributes that should not be passed on to the CSP - static const uint32 managedAttributes = KeyBlob::managedAttributes; - // these attributes are "forced on" in internal keys (but not always in external attributes) - static const uint32 forcedAttributes = KeyBlob::forcedAttributes; - // these attributes are internally generated, and invalid on input - static const uint32 generatedAttributes = - CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE; - - // a version of KeySpec that self-checks and masks for CSP operation - class KeySpec : public CssmClient::KeySpec { - public: - KeySpec(uint32 usage, uint32 attrs); - KeySpec(uint32 usage, uint32 attrs, const CssmData &label); - }; - CSSM_KEYATTR_FLAGS attributes() { return mAttributes; } - -private: - void setup(const CssmKey &newKey, uint32 attrs); - void decode(); - CssmClient::Key keyValue(); - -private: - CssmClient::Key mKey; // clear form CssmKey (attributes modified) - CssmKey::Header mHeaderCache; // cached, cleaned blob header cache - CSSM_KEYATTR_FLAGS mAttributes; // full attributes (external form) - bool mValidKey; // CssmKey form is valid - CssmAutoData mDigest; // computed key digest (cached) - - Database *mDatabase; // the database we belong to, NULL if independent - - KeyBlob *mBlob; // key blob encoded by mDatabase - bool mValidBlob; // mBlob is valid key encoding - - KeyUID mUID; // cached UID - bool mValidUID; // UID has been calculated -}; - - -#endif //_H_KEY diff --git a/SecurityServer/main.cpp b/SecurityServer/main.cpp deleted file mode 100644 index 46568c6e..00000000 --- a/SecurityServer/main.cpp +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SecurityServer - Apple security services daemon. -// -#include "securityserver.h" -#include "server.h" -#include "entropy.h" - -#include -#include -#include "authority.h" -#include "session.h" - -#include -#include - -#include -#include -#include - -#include "ktracecodes.h" - -// ACL subject types (their makers are instantiated here) -#include -#include -#include -#include -#include -#include -#include -#include "acl_keychain.h" - - -namespace Security -{ - -// -// Program options (set by argument scan and environment) -// -uint32 debugMode = 0; -const char *bootstrapName = NULL; - -} // end namespace Security - - -// -// Local functions of the main program driver -// -static void usage(const char *me); -static void handleSIGCHLD(int); -static void handleSIGOther(int); - - -// -// Main driver -// -int main(int argc, char *argv[]) -{ - Debug::trace (kSecTraceSecurityServerStart); - - // program arguments (preset to defaults) - bool forceCssmInit = false; - bool reExecute = false; - int workerTimeout = 0; - int maxThreads = 0; - const char *authorizationConfig = "/etc/authorization"; - const char *entropyFile = "/var/db/SystemEntropyCache"; - const char *equivDbFile = EQUIVALENCEDBPATH; - - // parse command line arguments - extern char *optarg; - extern int optind; - int arg; - while ((arg = getopt(argc, argv, "a:de:E:fN:t:T:X")) != -1) { - switch (arg) { - case 'a': - authorizationConfig = optarg; - break; - case 'd': - debugMode++; - break; - case 'e': - equivDbFile = optarg; - break; - case 'E': - entropyFile = optarg; - break; - case 'f': - forceCssmInit = true; - break; - case 'N': - bootstrapName = optarg; - break; - case 't': - if ((maxThreads = atoi(optarg)) < 0) - maxThreads = 0; - break; - case 'T': - if ((workerTimeout = atoi(optarg)) < 0) - workerTimeout = 0; - break; - case 'X': - reExecute = true; - break; - default: - usage(argv[0]); - } - } - - // take no non-option arguments - if (optind < argc) - usage(argv[0]); - - // figure out the bootstrap name - IFDEBUG(if (!bootstrapName) bootstrapName = getenv(SECURITYSERVER_BOOTSTRAP_ENV)); - - if (!bootstrapName) { - bootstrapName = SECURITYSERVER_BOOTSTRAP_NAME; - } - - // configure logging first - if (debugMode) { - Syslog::open(bootstrapName, LOG_AUTHPRIV, LOG_PERROR); - Syslog::notice("SecurityServer started in debug mode"); - } else { - Syslog::open(bootstrapName, LOG_AUTHPRIV, LOG_CONS); - } - - // if we're not running as root in production mode, fail - // in debug mode, issue a warning - if (uid_t uid = getuid()) { -#if defined(NDEBUG) - Syslog::alert("Tried to run SecurityServer as user %d: aborted", uid); - fprintf(stderr, "You are not allowed to run SecurityServer\n"); - exit(1); -#else - fprintf(stderr, "SecurityServer is unprivileged; some features may not work.\n"); - secdebug("SS", "Running as user %d (you have been warned)", uid); -#endif //NDEBUG - } - - // turn into a properly diabolical daemon unless debugMode is on - if (!debugMode) { - if (!Daemon::incarnate()) - exit(1); // can't daemonize - - if (reExecute && !Daemon::executeSelf(argv)) - exit(1); // can't self-execute - } - - // create a code signing engine - CodeSigning::OSXSigner signer; - - // create an Authorization engine - Authority authority(authorizationConfig); - - // establish the ACL machinery - new AnyAclSubject::Maker(); - new PasswordAclSubject::Maker(); - new ProtectedPasswordAclSubject::Maker(); - new ThresholdAclSubject::Maker(); - new CommentAclSubject::Maker(); - new ProcessAclSubject::Maker(); - new CodeSignatureAclSubject::Maker(signer); - new KeychainPromptAclSubject::Maker(); - - // add a temporary registration for a subject type that went out in 10.2 seed 1 - // this should probably be removed for the next major release >10.2 - new KeychainPromptAclSubject::Maker(CSSM_WORDID__RESERVED_1); - - // establish the code equivalents database - CodeSignatures codeSignatures(equivDbFile); - - // create the main server object and register it - Server server(authority, codeSignatures, bootstrapName); - - // set server configuration from arguments, if specified - if (workerTimeout) - server.timeout(workerTimeout); - if (maxThreads) - server.maxThreads(maxThreads); - - // add the RNG seed timer to it -# if defined(NDEBUG) - EntropyManager entropy(server, entropyFile); -# else - if (!getuid()) new EntropyManager(server, entropyFile); -# endif - - // create the RootSession object (if -d, give it graphics and tty attributes) - RootSession rootSession(server.primaryServicePort(), - debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0); - - // set up signal handlers - if (signal(SIGCHLD, handleSIGCHLD) == SIG_ERR) - secdebug("SS", "Cannot ignore SIGCHLD: errno=%d", errno); - if (signal(SIGINT, handleSIGOther) == SIG_ERR) - secdebug("SS", "Cannot handle SIGINT: errno=%d", errno); - if (signal(SIGTERM, handleSIGOther) == SIG_ERR) - secdebug("SS", "Cannot handle SIGTERM: errno=%d", errno); - - // initialize CSSM now if requested - if (forceCssmInit) - server.loadCssm(); - - Syslog::notice("Entering service"); - secdebug("SS", "%s initialized", bootstrapName); - - Debug::trace (kSecTraceSecurityServerStart); - - server.run(); - - // fell out of runloop (should not happen) - Syslog::alert("Aborting"); - return 1; -} - - -// -// Issue usage message and die -// -static void usage(const char *me) -{ - fprintf(stderr, "Usage: %s [-df] [-t maxthreads] [-T threadTimeout]" - "\t[-N bootstrapName] [-a authConfigFile]\n", me); - exit(2); -} - - -// -// Handle SIGCHLD signals to reap our children (zombie cleanup) -// -static void handleSIGCHLD(int) -{ - int status; - pid_t pid = waitpid(-1, &status, WNOHANG); - switch (pid) { - case 0: - //secdebug("SS", "Spurious SIGCHLD ignored"); - return; - case -1: - //secdebug("SS", "waitpid after SIGCHLD failed: errno=%d", errno); - return; - default: - //secdebug("SS", "Reaping child pid=%d", pid); - return; - } -} - - -// -// Handle some other signals to shut down cleanly (and with logging) -// -static void handleSIGOther(int sig) -{ - switch (sig) { - case SIGINT: - //secdebug("SS", "Interrupt signal; terminating"); - Syslog::notice("received interrupt signal; terminating"); - exit(0); - case SIGTERM: - //secdebug("SS", "Termination signal; terminating"); - Syslog::notice("received termination signal; terminating"); - exit(0); - } -} diff --git a/SecurityServer/notifications.cpp b/SecurityServer/notifications.cpp deleted file mode 100644 index df74d3bb..00000000 --- a/SecurityServer/notifications.cpp +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// EntropyManager - manage entropy on the system. -// -#include "notifications.h" -#include "server.h" -#include "ucspNotify.h" - - -Listener::ListenerMap Listener::listeners; -Mutex Listener::setLock; - - -// -// Construct a new Listener and hook it up -// -Listener::Listener(Process &proc, Port receiver, Domain dom, EventMask evs) - : process(proc), domain(dom), events(evs), mNotificationPort(receiver) -{ - assert(events); // what's the point? - - // register in listener set - StLock _(setLock); - listeners.insert(ListenerMap::value_type(receiver, this)); - - // let's get told when the receiver port dies - Server::active().notifyIfDead(receiver); - - secdebug("notify", "%p created domain %ld events 0x%lx port %d", - this, domain, events, mNotificationPort.port()); -} - - -// -// Destroy a listener. Cleans up. -// -Listener::~Listener() -{ - secdebug("notify", "%p destroyed", this); -} - - -// -// Send a single notification for this listener -// -void Listener::notifyMe(Domain domain, Event event, const CssmData &data) -{ - if (domain != this->domain || !(event & events)) - return; // not interested - - secdebug("notify", "%p sending domain %ld event 0x%lx to port %d process %d", - this, domain, event, mNotificationPort.port(), process.pid()); - - // send mach message (via MIG simpleroutine) - if (IFDEBUG(kern_return_t rc =) ucsp_notify_sender_notify(mNotificationPort, - MACH_SEND_TIMEOUT, 0, - domain, event, data.data(), data.length(), - 0 /*@@@ placeholder for sender ID */)) - secdebug("notify", "%p send failed (error=%d)", this, rc); -} - - -// -// Send a notification to all registered listeners -// -void Listener::notify(Domain domain, Event event, const CssmData &data) -{ - for (ListenerMap::const_iterator it = listeners.begin(); - it != listeners.end(); it++) - it->second->notifyMe(domain, event, data); -} - - -// -// Handle a port death or deallocation by removing all Listeners using that port. -// Returns true iff we had one. -// -bool Listener::remove(Port port) -{ - typedef ListenerMap::iterator Iterator; - StLock _(setLock); - pair range = listeners.equal_range(port); - if (range.first == range.second) - return false; // not one of ours - - for (Iterator it = range.first; it != range.second; it++) - delete it->second; - listeners.erase(range.first, range.second); - port.destroy(); - return true; // got it -} diff --git a/SecurityServer/notifications.h b/SecurityServer/notifications.h deleted file mode 100644 index cac05b3a..00000000 --- a/SecurityServer/notifications.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// -// -#ifndef _H_NOTIFICATIONS -#define _H_NOTIFICATIONS - -#include -#include -#include - - -using namespace MachPlusPlus; - - -class Process; - - -// -// A registered receiver of notifications. -// Each one is for a particular database (or all), set of events, -// and to a particular Mach port. A process may have any number -// of listeners, each independent; so that multiple notifications can -// be sent to the same process if it registers repeatedly. -// -class Listener { -public: - enum { - lockedEvent = 1, // a keychain was locked - unlockedEvent = 2, // a keychain was unlocked - passphraseChangedEvent = 6, // a keychain password was (possibly) changed - - allEvents = lockedEvent | unlockedEvent | passphraseChangedEvent - }; - typedef uint32 Event, EventMask; - - enum { - allNotifications = 0, // all domains (useful for testing only) - databaseNotifications = 1 // something happened to a database (aka keychain) - }; - typedef uint32 Domain; - -public: - Listener(Process &proc, Port receiver, Domain domain, EventMask evs = allEvents); - virtual ~Listener(); - - Process &process; - const Domain domain; - const EventMask events; - - virtual void notifyMe(Domain domain, Event event, const CssmData &data); - static void notify(Domain domain, Event event, const CssmData &data); - static bool remove(Port port); - -protected: - Port mNotificationPort; - -private: - typedef multimap ListenerMap; - static ListenerMap listeners; - static Mutex setLock; -}; - - -#endif //_H_NOTIFICATIONS diff --git a/SecurityServer/process.cpp b/SecurityServer/process.cpp deleted file mode 100644 index 8de3420f..00000000 --- a/SecurityServer/process.cpp +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// process - track a single client process and its belongings -// -#include "process.h" -#include "server.h" -#include "session.h" -#include "authority.h" -#include "flippers.h" - - -// -// Construct a Process object. -// -Process::Process(Port servicePort, TaskPort taskPort, - const ClientSetupInfo *info, const char *identity, uid_t uid, gid_t gid) - : session(Session::find(servicePort)), mBusyCount(0), mDying(false), - mTaskPort(taskPort), mByteFlipped(false), mUid(uid), mGid(gid), - mClientIdent(deferred) -{ - // examine info passed - assert(info); - uint32 pversion = info->version; - if (pversion == SSPROTOVERSION) { - // correct protocol, same byte order, cool - } else { - Flippers::flip(pversion); - if (pversion == SSPROTOVERSION) { - // correct protocol, reversed byte order - mByteFlipped = true; - } else { - // unsupported protocol version - CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION); - } - } - - // let's take a look at our wannabe client... - mPid = mTaskPort.pid(); - - // register with the session - session.addProcess(this); - - secdebug("SS", "New process %p(%d) uid=%d gid=%d session=%p TP=%d %sfor %s", - this, mPid, mUid, mGid, &session, - mTaskPort.port(), - mByteFlipped ? "FLIP " : "", - (identity && identity[0]) ? identity : "(unknown)"); - - try { - mClientCode = CodeSigning::OSXCode::decode(identity); - } catch (...) { - secdebug("SS", "process %p(%d) identity decode threw exception", this, pid()); - } - if (!mClientCode) { - mClientIdent = unknown; // no chance to squeeze a code identity from this - secdebug("SS", "process %p(%d) no clientCode - marked anonymous", this, pid()); - } -} - - -Process::~Process() -{ - assert(mBusyCount == 0); // mustn't die with Connections referencing us - - // tell all our authorizations that we're gone - IFDEBUG(if (!mAuthorizations.empty()) - secdebug("SS", "Process %p(%d) clearing %d authorizations", - this, mPid, int(mAuthorizations.size()))); - for (AuthorizationSet::iterator it = mAuthorizations.begin(); - it != mAuthorizations.end(); ) { - AuthorizationToken *auth = *it; - while (++it != mAuthorizations.end() && *it == auth) ; // Skip duplicates - if (auth->endProcess(*this)) - delete auth; - } - - // remove all database handles that belong to this process - IFDEBUG(if (!mDatabases.empty()) - secdebug("SS", "Process %p(%d) clearing %d database handles", - this, mPid, int(mDatabases.size()))); - for (DatabaseSet::iterator it = mDatabases.begin(); - it != mDatabases.end(); it++) - delete *it; - - // no need to lock here; the client process has no more active threads - secdebug("SS", "Process %p(%d) has died", this, mPid); - - // release our name for the process's task port - if (mTaskPort) - mTaskPort.destroy(); - - // deregister from session - if (session.removeProcess(this)) - delete &session; -} - -bool Process::kill(bool keepTaskPort) -{ - StLock _(mLock); - if (keepTaskPort) - mTaskPort = Port(); // clear port so we don't destroy it later - if (mBusyCount == 0) { - return true; // destroy me now - } else { - secdebug("SS", "Process %p(%d) destruction deferred for %d busy connections", - this, mPid, int(mBusyCount)); - mDying = true; - return false; // destroy me later - } -} - - -// -// Connection management -// -void Process::beginConnection(Connection &) -{ - StLock _(mLock); - mBusyCount++; -} - -bool Process::endConnection(Connection &) -{ - StLock _(mLock); - return --mBusyCount == 0 && mDying; -} - - -// -// Database management -// -void Process::addDatabase(Database *database) -{ - StLock _(mLock); - mDatabases.insert(database); -} - -void Process::removeDatabase(Database *database) -{ - StLock _(mLock); - assert(mDatabases.find(database) != mDatabases.end()); - mDatabases.erase(database); -} - - -// -// CodeSignatures implementation of Identity. -// The caller must make sure we have a valid (not necessarily hash-able) clientCode(). -// -string Process::getPath() const -{ - assert(mClientCode); - return mClientCode->canonicalPath(); -} - -const CssmData Process::getHash(CodeSigning::OSXSigner &signer) const -{ - switch (mClientIdent) { - case deferred: - try { - // try to calculate our signature hash (first time use) - mCachedSignature.reset(mClientCode->sign(signer)); - assert(mCachedSignature.get()); - mClientIdent = known; - secdebug("SS", "process %p(%d) code signature computed", this, pid()); - break; - } catch (...) { - // couldn't get client signature (unreadable, gone, hack attack, ...) - mClientIdent = unknown; - secdebug("SS", "process %p(%d) no code signature - anonymous", this, pid()); - CssmError::throwMe(CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION); - } - case known: - assert(mCachedSignature.get()); - break; - case unknown: - CssmError::throwMe(CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION); - } - return CssmData(*mCachedSignature); -} - - -// -// Authorization set maintainance -// -void Process::addAuthorization(AuthorizationToken *auth) -{ - assert(auth); - StLock _(mLock); - mAuthorizations.insert(auth); - auth->addProcess(*this); -} - -void Process::checkAuthorization(AuthorizationToken *auth) -{ - assert(auth); - StLock _(mLock); - if (mAuthorizations.find(auth) == mAuthorizations.end()) - MacOSError::throwMe(errAuthorizationInvalidRef); -} - -bool Process::removeAuthorization(AuthorizationToken *auth) -{ - assert(auth); - StLock _(mLock); - // we do everything with a single set lookup call... - typedef AuthorizationSet::iterator Iter; - Iter it = mAuthorizations.lower_bound(auth); - bool isLast; - if (it == mAuthorizations.end() || auth != *it) { - Syslog::error("process is missing authorization to remove"); // temp. diagnostic - isLast = true; - } else { - Iter next = it; ++next; // following element - isLast = (next == mAuthorizations.end()) || auth != *next; - mAuthorizations.erase(it); // remove first match - } - if (isLast) { - if (auth->endProcess(*this)) // ... tell it to remove us, - return true; // ... and tell the caller - } - return false; // keep the auth; it's still in use -} - - -// -// Notification client maintainance -// -void Process::requestNotifications(Port port, Listener::Domain domain, Listener::EventMask events) -{ - new Listener(*this, port, domain, events); -} - -void Process::stopNotifications(Port port) -{ - if (!Listener::remove(port)) - CssmError::throwMe(CSSMERR_CSSM_INVALID_HANDLE_USAGE); //@@@ bad name (should be "no such callback") -} - -void Process::postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data) -{ - Listener::notify(domain, event, data); -} - diff --git a/SecurityServer/process.h b/SecurityServer/process.h deleted file mode 100644 index 7d5a3721..00000000 --- a/SecurityServer/process.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// process - track a single client process and its belongings -// -#ifndef _H_PROCESS -#define _H_PROCESS - -#include "securityserver.h" -#include "SecurityAgentClient.h" -#include -#include "key.h" -#include "codesigdb.h" -#include "notifications.h" -#include - -using MachPlusPlus::Port; -using MachPlusPlus::TaskPort; - -class Session; -class AuthorizationToken; - - -// -// A Process object represents a UNIX process (and associated Mach Task) that has -// had contact with us and may have some state associated with it. -// -class Process : public CodeSignatures::Identity { -public: - Process(Port servicePort, TaskPort tPort, - const ClientSetupInfo *info, const char *identity, - uid_t uid, gid_t gid); - virtual ~Process(); - - uid_t uid() const { return mUid; } - gid_t gid() const { return mGid; } - pid_t pid() const { return mPid; } - TaskPort taskPort() const { return mTaskPort; } - bool byteFlipped() const { return mByteFlipped; } - - CodeSigning::OSXCode *clientCode() const { return (mClientIdent == unknown) ? NULL : mClientCode; } - - void addAuthorization(AuthorizationToken *auth); - void checkAuthorization(AuthorizationToken *auth); - bool removeAuthorization(AuthorizationToken *auth); - - void beginConnection(Connection &); - bool endConnection(Connection &); - bool kill(bool keepTaskPort = false); - - void addDatabase(Database *database); - void removeDatabase(Database *database); - - void requestNotifications(Port port, Listener::Domain domain, Listener::EventMask events); - void stopNotifications(Port port); - void postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data); - - Session &session; - - // aclSequence is taken to serialize ACL validations to pick up mutual changes - Mutex aclSequence; - -protected: - std::string getPath() const; - const CssmData getHash(CodeSigning::OSXSigner &signer) const; - -private: - Mutex mLock; // object lock - uint32 mBusyCount; // number of Connection references - bool mDying; // process is dead; waiting for Connections to drain - - // peer state: established during connection startup; fixed thereafter - TaskPort mTaskPort; // task port - bool mByteFlipped; // client's byte order is reverse of ours - pid_t mPid; // process id - uid_t mUid; // UNIX uid credential - gid_t mGid; // primary UNIX gid credential - - RefPointer mClientCode; // code object for client (NULL if unknown) - mutable enum { deferred, known, unknown } mClientIdent; // state of client identity - mutable auto_ptr mCachedSignature; // cached signature (if already known) - - // authorization dictionary - typedef multiset AuthorizationSet; - AuthorizationSet mAuthorizations; // set of valid authorizations for process - - // database dictionary - typedef set DatabaseSet; - DatabaseSet mDatabases; // set of valid database handles -}; - - -#endif //_H_PROCESS diff --git a/SecurityServer/secagent.defs b/SecurityServer/secagent.defs deleted file mode 100644 index 7f55bead..00000000 --- a/SecurityServer/secagent.defs +++ /dev/null @@ -1,137 +0,0 @@ -// -// secagent.defs - Client-side Mach RPC interface to SecurityAgent. -// -// Note: one additional message ID code (Client::cancelMessagePseudoID) is used -// explicitly without showing up in this file. -// -#include -#include - -subsystem secagent 1000; -serverprefix secagent_server_; -userprefix secagent_client_; - -import ; - - -// -// Data types -// -type OSStatus = int32; -type pid_t = int32; -type AclAuthorization = unsigned32; -type Reason = unsigned32; -type String = c_string[*:2048]; -type ConstString = c_string[*:2048]; -type Username = c_string[*:80]; -type Choice = struct[2] of unsigned32; -type MigBoolean = unsigned32; - -type Data = array [] of char; - -type AuthorizationString = c_string[*:1024]; -type AuthorizationItemSetBlob = Data - ctype: AuthorizationItemSetPtr; -type AuthorizationItemSetPtr = unsigned32; -type AuthorizationValueVectorBlob = Data - ctype: AuthorizationValueVectorPtr; -type AuthorizationValueVectorPtr = unsigned32; - -type AuthorizationResultInt = unsigned32; - - -// -// Common argument profiles -// - -#define UCSP_PORTS requestport sport: mach_port_t; \ - replyport rport: mach_port_t; \ - out status: OSStatus -#define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr -#define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr - - -// -// Staged query maintainance (common to all staged queries) -// -routine finishStagedQuery(UCSP_PORTS); -routine cancelStagedQuery(UCSP_PORTS; in reason: Reason); - - -// -// Unlocking keychains by user input -// -routine unlockDatabase(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in database: ConstString; - out stagePort: mach_port_copy_send_t; out passphrase: String); -routine retryUnlockDatabase(UCSP_PORTS; in reason: Reason; out passphrase: String); - -// -// Get a new passphrase for a database -// -routine queryNewPassphrase(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in database: ConstString; - in reason: Reason; - out stagePort: mach_port_copy_send_t; out passphrase: String; out oldPassphrase: String); -routine retryNewPassphrase(UCSP_PORTS; in reason: Reason; out passphrase: String; out oldPassphrase: String); - -// -// "Rogue App" alert/confirm function -// -routine queryKeychainAccess(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in database: ConstString; - in item: ConstString; in operation: AclAuthorization; in needPassphrase: MigBoolean; - out stagePort: mach_port_copy_send_t; out choice: Choice); - -routine retryQueryKeychainAccess (UCSP_PORTS; - in reason: Reason; out choice: Choice); - -routine queryCodeIdentity(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in aclPath: ConstString; out choice: Choice); - -// -// Generic new/old password prompt interface -// -routine queryNewGenericPassphrase(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString; - in reason: Reason; out stagePort: mach_port_copy_send_t; - in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String); -routine retryNewGenericPassphrase(UCSP_PORTS; in reason: Reason; - out addBox: MigBoolean; out passphrase: String); - -routine queryOldGenericPassphrase(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString; - out stagePort: mach_port_copy_send_t; - in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String); -routine retryOldGenericPassphrase(UCSP_PORTS; in reason: Reason; - out addBox: MigBoolean; out passphrase: String); - -// -// Authorization subsystem authentication option -// -routine authorizationAuthenticate(UCSP_PORTS; - in requestor: ConstString; in requestPid: pid_t; - in neededGroup: ConstString; in candidateUser: ConstString; - out stagePort: mach_port_copy_send_t; - out authenticatedUser: Username; out authenticatedPassword: String); -routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason; - out authenticatedUser: Username; out authenticatedPassword: String); - -routine invokeMechanism(UCSP_PORTS; - out stagePort: mach_port_copy_send_t; -// plugin id - in pluginId: AuthorizationString; -// mechanism id - in mechanismId: AuthorizationString; - IN_BLOB(argumentsIn,AuthorizationValueVector); - IN_BLOB(hintsIn,AuthorizationItemSet); - IN_BLOB(contextIn,AuthorizationItemSet); -// result - out resultOut: AuthorizationResultInt; - OUT_BLOB(hintsOut,AuthorizationItemSet); - OUT_BLOB(contextOut,AuthorizationItemSet) -); - -routine terminate(requestport sport: mach_port_t; - replyport rport: mach_port_t); - diff --git a/SecurityServer/secagent_types.h b/SecurityServer/secagent_types.h deleted file mode 100644 index 8b328bf2..00000000 --- a/SecurityServer/secagent_types.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// secagent_types - type equivalence declarations for SecurityAgent MIG -// -#include "SecurityAgentClient.h" -#include -#include - -// @@@ who forgot that one? -extern "C" kern_return_t mig_deallocate(vm_address_t addr, vm_size_t size); - -namespace Security -{ - -using namespace SecurityAgent; - -typedef void *Data; - -typedef char *String; -typedef const char *ConstString; -typedef Client::KeychainChoice Choice; -typedef char *Username; -typedef uint32 MigBoolean; - -typedef AuthorizationItemSet AuthorizationItemSetBlob; -typedef AuthorizationItemSet *AuthorizationItemSetPtr; -typedef AuthorizationValueVector AuthorizationValueVectorBlob; -typedef AuthorizationValueVector *AuthorizationValueVectorPtr; - -typedef AuthorizationMechanismId PluginId; -typedef AuthorizationMechanismId MechanismId; -typedef uint32 AuthorizationResultInt; - - -// -// Customization macros for MIG code -// -#define __AfterSendRpc(id, name) \ - if (msg_result == MACH_MSG_SUCCESS && Out0P->Head.msgh_id == MACH_NOTIFY_DEAD_NAME) \ - return MIG_SERVER_DIED; - -#define UseStaticTemplates 0 - - -} // end namespace Security diff --git a/SecurityServer/securityserver.h b/SecurityServer/securityserver.h deleted file mode 100644 index 58be6f75..00000000 --- a/SecurityServer/securityserver.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// securityserver.h - master header file for the SecurityServer. -// -#ifndef _H_SECURITYSERVER -#define _H_SECURITYSERVER - -#include "ssblob.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Security { - -using namespace SecurityServer; -using namespace UnixPlusPlus; - - -// -// Logging and verbosity levels -// -extern uint32 debugMode; -extern const char *bootstrapName; - -} // end namespace Security - -#endif //_H_SECURITYSERVER diff --git a/SecurityServer/server.cpp b/SecurityServer/server.cpp deleted file mode 100644 index a26998bb..00000000 --- a/SecurityServer/server.cpp +++ /dev/null @@ -1,347 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// server - the actual SecurityServer server object -// -#include "server.h" -#include "session.h" -#include "acls.h" -#include "notifications.h" -#include "ucsp.h" -#include -#include -#include -#include -#include -#include -#include "ccaudit.h" - -using namespace MachPlusPlus; - -// -// Construct the server object -// -Server::Server(Authority &authority, CodeSignatures &signatures, const char *bootstrapName) - : MachServer(bootstrapName), - mBootstrapName(bootstrapName), - mCurrentConnection(false), - mCSPModule(gGuidAppleCSP, mCssm), mCSP(mCSPModule), - mAuthority(authority), - mCodeSignatures(signatures) -{ - - initAudit(); - - // engage the subsidiary port handler for sleep notifications - add(sleepWatcher); -} - - -// -// Clean up the server object -// -Server::~Server() -{ - //@@@ more later -} - - -// -// Locate a connection by reply port and make it the current connection -// of this thread. The connection will be marked busy, and can be accessed -// by calling Server::connection() [no argument] until it is released by -// calling Connection::endWork(). -// -Connection &Server::connection(mach_port_t port) -{ - Server &server = active(); - StLock _(server.lock); - ConnectionMap::iterator it = server.connections.find(port); - if (it == server.connections.end()) // unknown client port -- could be a hack attempt - CssmError::throwMe(CSSM_ERRCODE_INVALID_CONTEXT_HANDLE); - Connection *conn = it->second; - active().mCurrentConnection = conn; - conn->beginWork(); - return *conn; -} - -Connection &Server::connection(bool tolerant) -{ - Connection *conn = active().mCurrentConnection; - assert(conn); // have to have one - if (!tolerant) - conn->checkWork(); - return *conn; -} - -void Server::requestComplete() -{ - // note: there may not be an active connection if connection setup failed - if (Connection *conn = active().mCurrentConnection) { - if (conn->endWork()) - delete conn; - active().mCurrentConnection = NULL; - } -} - - -// -// Locate an ACL bearer (database or key) by handle -// -SecurityServerAcl &Server::aclBearer(AclKind kind, CSSM_HANDLE handle) -{ - SecurityServerAcl &bearer = findHandle(handle); - if (kind != bearer.kind()) - CssmError::throwMe(CSSMERR_CSSM_INVALID_HANDLE_USAGE); - return bearer; -} - - -// -// Run the server. This will not return until the server is forced to exit. -// -void Server::run() -{ - MachServer::run(0x10000, - MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0) | - MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AUDIT)); -} - - -// -// The primary server run-loop function. -// Invokes the MIG-generated main dispatch function (ucsp_server). -// For debug builds, look up request names in a MIG-generated table -// for better debug-log messages. -// -boolean_t ucsp_server(mach_msg_header_t *, mach_msg_header_t *); - -#if defined(NDEBUG) - -boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out) -{ - return ucsp_server(in, out); -} - -#else //NDEBUG - -static const struct IPCName { const char *name; int ipc; } ipcNames[] = - { subsystem_to_name_map_ucsp }; // macro generated by MIG, from ucsp.h - -boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out) -{ - const int first = ipcNames[0].ipc; - const char *name = (in->msgh_id >= first && in->msgh_id < first + ucsp_MSG_COUNT) ? - ipcNames[in->msgh_id - first].name : "OUT OF BOUNDS"; - secdebug("SSreq", "begin %s (%d)", name, in->msgh_id); - boolean_t result = ucsp_server(in, out); - secdebug("SSreq", "end %s (%d)", name, in->msgh_id); - return result; -} - -#endif //NDEBUG - - -// -// Set up a new Connection. This establishes the environment (process et al) as needed -// and registers a properly initialized Connection object to run with. -// Type indicates how "deep" we need to initialize (new session, process, or connection). -// Everything at and below that level is constructed. This is straight-forward except -// in the case of session re-initialization (see below). -// -// audit_token_t.val[1] is the EUID, audit_token_t.val[2] is the EGID. -// -void Server::setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort, - const audit_token_t &auditToken, - const ClientSetupInfo *info, const char *identity) -{ - // first, make or find the process based on task port - StLock _(lock); - Process * &proc = processes[taskPort]; - if (type == connectNewSession && proc) { - // The client has talked to us before and now wants to create a new session. - // We'll unmoor the old process object and cast it adrift (it will die either now - // or later following the usual deferred-death mechanics). - // The connection object will die (it's probably already dead) because the client - // has destroyed its replyPort. So we don't worry about this here. - secdebug("server", "session setup - marooning old process %p(%d) of session %p", - proc, proc->pid(), &proc->session); - if (proc->kill(true)) - delete proc; - proc = NULL; - } - if (!proc) { - if (type == connectNewThread) // client error (or attack) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - assert(info && identity); - proc = new Process(servicePort, taskPort, info, identity, - auditToken.val[1], auditToken.val[2]); - notifyIfDead(taskPort); - } - - // now, establish a connection and register it in the server - Connection *connection = new Connection(*proc, replyPort); - if (connections[replyPort]) // malicious re-entry attempt? - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ error code? (client error) - connections[replyPort] = connection; - notifyIfDead(replyPort); -} - - -// -// Synchronously end a Connection. -// This is due to a request from the client, so no thread races are possible. -// -void Server::endConnection(Port replyPort) -{ - StLock _(lock); - Connection *connection = connections[replyPort]; - assert(connection); - connections.erase(replyPort); - connection->terminate(); - delete connection; -} - - -// -// Handling dead-port notifications. -// This receives DPNs for all kinds of ports we're interested in. -// -void Server::notifyDeadName(Port port) -{ - StLock _(lock); - secdebug("SSports", "port %d is dead", port.port()); - - // is it a connection? - ConnectionMap::iterator conIt = connections.find(port); - if (conIt != connections.end()) { - Connection *connection = conIt->second; - if (connection->abort()) - delete connection; - connections.erase(conIt); - return; - } - - // is it a process? - ProcessMap::iterator procIt = processes.find(port); - if (procIt != processes.end()) { - Process *process = procIt->second; - if (process->kill()) - delete process; - processes.erase(procIt); - return; - } - - // is it a notification client? - if (Listener::remove(port)) - return; - - secdebug("server", "spurious dead port notification for port %d", port.port()); -} - - -// -// Handling no-senders notifications. -// This is currently only used for (subsidiary) service ports -// -void Server::notifyNoSenders(Port port, mach_port_mscount_t) -{ - secdebug("SSports", "port %d no senders", port.port()); - Session::eliminate(port); -} - - -// -// Notifier for system sleep events -// -void Server::SleepWatcher::systemWillSleep() -{ - secdebug("SS", "sleep notification received"); - Session::lockAllDatabases(true); -} - -void Server::initAudit(void) -{ - secdebug("SS", "initializing Common Criteria auditing"); - mAudit.auditId(geteuid()); - // Set the class mask so only the audit records we submit are written. - mAudit.eventMask().set(AUE_NULL, AUE_NULL); - mAudit.terminalId().set(); - // XXX If we use SS session IDs instead, get the RootSession ID - mAudit.sessionId(getpid()); - mAudit.registerSession(); -} - -// -// Return the primary Cryptographic Service Provider. -// This will be lazily loaded when it is first requested. -// -CssmClient::CSP &Server::getCsp() -{ - if (!mCssm->isActive()) - loadCssm(); - return mCSP; -} - - -// -// Initialize the CSSM/MDS subsystem. -// This is thread-safe and can be done lazily. -// -static void initMds(); - -void Server::loadCssm() -{ - if (!mCssm->isActive()) { - StLock _(lock); - if (!mCssm->isActive()) { - try { - initMds(); - } catch (const CssmError &error) { - switch (error.cssmError()) { - case CSSMERR_DL_MDS_ERROR: - case CSSMERR_DL_OS_ACCESS_DENIED: - secdebug("SS", "MDS initialization failed; continuing"); - Syslog::warning("MDS initialization failed; continuing"); - break; - default: - throw; - } - } - secdebug("SS", "CSSM initializing"); - mCssm->init(); - mCSP->attach(); - IFDEBUG(char guids[Guid::stringRepLength+1]); - secdebug("SS", "CSSM ready with CSP %s", mCSP->guid().toString(guids)); - } - } -} - -#include - -static void initMds() -{ - secdebug("SS", "MDS initializing"); - CssmAllocatorMemoryFunctions memory(CssmAllocator::standard()); - MDS_FUNCS functions; - MDS_HANDLE handle; - CssmError::check(MDS_Initialize(NULL, &memory, &functions, &handle)); - CssmError::check(MDS_Install(handle)); - CssmError::check(MDS_Terminate(handle)); -} diff --git a/SecurityServer/server.h b/SecurityServer/server.h deleted file mode 100644 index 38ff0628..00000000 --- a/SecurityServer/server.h +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// server - the actual Server object -// -#ifndef _H_SERVER -#define _H_SERVER - -#include "securityserver.h" -#include -#include -#include -#include -#include -#include -#include -#include "codesigdb.h" -#include "connection.h" -#include "key.h" -#include "xdatabase.h" -#include "authority.h" -#include -#include "ccaudit.h" - -#define EQUIVALENCEDBPATH "/var/db/CodeEquivalenceDatabase" - - -class Server : public MachPlusPlus::MachServer, - public UniformRandomBlobs { -public: - Server(Authority &myAuthority, CodeSignatures &signatures, const char *bootstrapName); - ~Server(); - - // run the server until it shuts down - void run(); - - // - // Retrieve pieces of the Server's object web. - // These are all static methods that use the active() Server of this thread. - // - static Server &active() { return safer_cast(MachServer::active()); } - static const char *bootstrapName() { return active().mBootstrapName.c_str(); } - - static Connection &connection(mach_port_t replyPort); - static Connection &connection(bool tolerant = false); - static void requestComplete(); - - static Key &key(KeyHandle key) - { return findHandle(key, CSSMERR_CSP_INVALID_KEY_REFERENCE); } - static Key *optionalKey(KeyHandle k) { return (k == noKey) ? NULL : &key(k); } - static Database &database(DbHandle db) - { return findHandle(db, CSSMERR_DL_INVALID_DB_HANDLE); } - static Database *optionalDatabase(DbHandle db) { return db ? &database(db) : NULL; } - static Authority &authority() { return active().mAuthority; } - static CodeSignatures &codeSignatures() { return active().mCodeSignatures; } - static SecurityServerAcl &aclBearer(AclKind kind, CSSM_HANDLE handle); - static CssmClient::CSP &csp() { return active().getCsp(); } - - void loadCssm(); - -public: - // set up a new connection - enum ConnectLevel { - connectNewSession, - connectNewProcess, - connectNewThread - }; - void setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort, - const audit_token_t &auditToken, - const ClientSetupInfo *info = NULL, const char *executablePath = NULL); - - void endConnection(Port replyPort); - - static void releaseWhenDone(CssmAllocator &alloc, void *memory) - { MachServer::active().releaseWhenDone(alloc, memory); } - static void releaseWhenDone(void *memory) - { releaseWhenDone(CssmAllocator::standard(), memory); } - -protected: - // implementation methods of MachServer - boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out); - void notifyDeadName(Port port); - void notifyNoSenders(Port port, mach_port_mscount_t); - -private: - class SleepWatcher : public MachPlusPlus::PortPowerWatcher { - public: - void systemWillSleep(); - }; - SleepWatcher sleepWatcher; - - void initAudit(void); - -private: - Mutex lock; // master lock - - // mach bootstrap registration name - std::string mBootstrapName; - - // map of connections (by client reply port) - typedef map ConnectionMap; - ConnectionMap connections; - - // map of processes (by process task port) - typedef map ProcessMap; - ProcessMap processes; - - // Current connection, if any (per thread). - // Set as a side effect of calling connection(mach_port_t) - // and returned by connection(bool). - PerThreadPointer mCurrentConnection; - - // CSSM components - CssmClient::Cssm mCssm; // CSSM instance - CssmClient::Module mCSPModule; // CSP module - CssmClient::CSP mCSP; // CSP attachment - CssmClient::CSP &getCsp(); // lazily initialize, then return CSP attachment - - Authority &mAuthority; - CodeSignatures &mCodeSignatures; - - // Per-process audit initialization. - CommonCriteria::AuditSession mAudit; -}; - -#endif //_H_SERVER diff --git a/SecurityServer/session.cpp b/SecurityServer/session.cpp deleted file mode 100644 index 5c16649c..00000000 --- a/SecurityServer/session.cpp +++ /dev/null @@ -1,485 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// session - authentication session domains -// -// A Session is defined by a mach_init bootstrap dictionary. These dictionaries are -// hierarchical and inherited, so they work well for characterization of processes -// that "belong" together. (Of course, if your mach_init is broken, you're in bad shape.) -// -// Sessions are multi-threaded objects. -// -#include "session.h" -#include "connection.h" -#include "server.h" - - -// -// The static session map -// -Session::SessionMap Session::sessionMap; -Mutex Session::sessionMapLock; - - -// -// Create a Session object from initial parameters (create) -// -Session::Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs) - : mBootstrap(bootstrap), mServicePort(servicePort), - mAttributes(attrs), mProcessCount(0), mAuthCount(0), mDying(false) -{ - secdebug("SSsession", "%p CREATED: handle=0x%lx bootstrap=%d service=%d attrs=0x%lx", - this, handle(), mBootstrap.port(), mServicePort.port(), mAttributes); -} - - -void Session::release() -{ - // nothing by default -} - - -// -// The root session inherits the startup bootstrap and service port -// -RootSession::RootSession(Port servicePort, SessionAttributeBits attrs) - : Session(Bootstrap(), servicePort, sessionIsRoot | sessionWasInitialized | attrs) -{ - // self-install (no thread safety issues here) - sessionMap[mServicePort] = this; -} - - -// -// Dynamic sessions use the given bootstrap and re-register in it -// -DynamicSession::DynamicSession(const Bootstrap &bootstrap) - : ReceivePort(Server::active().bootstrapName(), bootstrap), - Session(bootstrap, *this) -{ - // tell the server to listen to our port - Server::active().add(*this); - - // register for port notifications - Server::active().notifyIfDead(bootstrapPort()); //@@@??? still needed? - Server::active().notifyIfUnused(*this); - - // self-register - StLock _(sessionMapLock); - sessionMap[*this] = this; -} - -DynamicSession::~DynamicSession() -{ - // remove our service port from the server - Server::active().remove(*this); - - // if this is a (the) graphic login session, lock all databases - secdebug("session", "%p Locking all %ld databases", - this, databases().size()); - Database::lockAllDatabases(databases()); -} - - -void DynamicSession::release() -{ - mBootstrap.destroy(); -} - - -// -// Destroy a Session -// -Session::~Session() -{ - assert(mProcessCount == 0); // can't die with processes still alive - secdebug("SSsession", "%p DESTROYED: handle=0x%lx bootstrap=%d", - this, handle(), mBootstrap.port()); -} - - -// -// Locate a session object by service port or (Session API) identifier -// -Session &Session::find(Port servicePort) -{ - StLock _(sessionMapLock); - SessionMap::const_iterator it = sessionMap.find(servicePort); - assert(it != sessionMap.end()); - return *it->second; -} - -Session &Session::find(SecuritySessionId id) -{ - switch (id) { - case callerSecuritySession: - return Server::connection().process.session; - default: - return findHandle(id); - } -} - - -// -// Act on a death notification for a session's (sub)bootstrap port. -// We may not destroy the Session outright here (due to processes that use it), -// but we do clear out its accumulated wealth. -// -void Session::eliminate(Port servPort) -{ - // remove session from session map - StLock _(sessionMapLock); - SessionMap::iterator it = sessionMap.find(servPort); - assert(it != sessionMap.end()); - Session *session = it->second; - sessionMap.erase(it); - - // destroy the session service port (this releases mach_init to proceed) - session->release(); - - // clear resources - if (session->clearResources()) - delete session; - else - secdebug("SSsession", "session %p zombified for %d processes and %d auths", - session, int(session->mProcessCount), int(session->mAuthCount)); -} - -bool Session::clearResources() -{ - StLock _(mLock); - - // this session is now officially dying - mDying = true; - - // invalidate shared credentials - { - StLock _(mCredsLock); - - IFDEBUG(if (!mSessionCreds.empty()) - secdebug("SSauth", "session %p clearing %d shared credentials", - this, int(mSessionCreds.size()))); - for (CredentialSet::iterator it = mSessionCreds.begin(); it != mSessionCreds.end(); it++) - (*it)->invalidate(); - } - // let the caller know if we are ready to die NOW - return mProcessCount == 0 && mAuthCount == 0; -} - - -// -// Relay lockAllDatabases to all known sessions -// -void Session::lockAllDatabases(bool forSleep) -{ - StLock _(sessionMapLock); - for (SessionMap::const_iterator it = begin(); it != end(); it++) { - secdebug("SSdb", "locking all %d known databases %s in session %p", - int(it->second->databases().size()), forSleep ? " for sleep" : "", it->second); - Database::lockAllDatabases(it->second->databases(), forSleep); - } -} - - -// -// Process management -// -void Session::addProcess(Process *) -{ - StLock _(mLock); - mProcessCount++; -} - -bool Session::removeProcess(Process *) -{ - StLock _(mLock); - assert(mProcessCount > 0); - return --mProcessCount == 0 && mDying && mAuthCount == 0; -} - - -// -// Authorization retention management. -// -void Session::addAuthorization(AuthorizationToken *) -{ - StLock _(mLock); - mAuthCount++; -} - -bool Session::removeAuthorization(AuthorizationToken *) -{ - StLock _(mLock); - assert(mAuthCount > 0); - return --mAuthCount == 0 && mDying && mProcessCount == 0; -} - - -// -// Authorization operations -// -OSStatus Session::authCreate(const AuthItemSet &rights, - const AuthItemSet &environment, - AuthorizationFlags flags, - AuthorizationBlob &newHandle, - const audit_token_t &auditToken) -{ - // invoke the authorization computation engine - CredentialSet resultCreds; - - // this will acquire mLock, so we delay acquiring it - auto_ptr auth(new AuthorizationToken(*this, resultCreds, auditToken)); - - // Make a copy of the mSessionCreds - CredentialSet sessionCreds; - { - StLock _(mCredsLock); - sessionCreds = mSessionCreds; - } - - AuthItemSet outRights; - OSStatus result = Server::authority().authorize(rights, environment, flags, - &sessionCreds, &resultCreds, outRights, *auth); - newHandle = auth->handle(); - - // merge resulting creds into shared pool - if ((flags & kAuthorizationFlagExtendRights) && - !(flags & kAuthorizationFlagDestroyRights)) - { - StLock _(mCredsLock); - mergeCredentials(resultCreds); - auth->mergeCredentials(resultCreds); - } - - // Make sure that this isn't done until the auth(AuthorizationToken) is guaranteed to - // not be destroyed anymore since it's destructor asserts it has no processes - Server::connection().process.addAuthorization(auth.get()); - auth.release(); - return result; -} - -void Session::authFree(const AuthorizationBlob &authBlob, AuthorizationFlags flags) -{ - AuthorizationToken::Deleter deleter(authBlob); - AuthorizationToken &auth = deleter; - Process &process = Server::connection().process; - process.checkAuthorization(&auth); - - if (flags & kAuthorizationFlagDestroyRights) { - // explicitly invalidate all shared credentials and remove them from the session - for (CredentialSet::const_iterator it = auth.begin(); it != auth.end(); it++) - if ((*it)->isShared()) - (*it)->invalidate(); - } - - // now get rid of the authorization itself - if (process.removeAuthorization(&auth)) - deleter.remove(); -} - -OSStatus Session::authGetRights(const AuthorizationBlob &authBlob, - const AuthItemSet &rights, const AuthItemSet &environment, - AuthorizationFlags flags, - AuthItemSet &grantedRights) -{ - CredentialSet resultCreds; - AuthorizationToken &auth = authorization(authBlob); - CredentialSet effective; - { - StLock _(mCredsLock); - effective = auth.effectiveCreds(); - } - OSStatus result = Server::authority().authorize(rights, environment, flags, - &effective, &resultCreds, grantedRights, auth); - - // merge resulting creds into shared pool - if ((flags & kAuthorizationFlagExtendRights) && !(flags & kAuthorizationFlagDestroyRights)) - { - StLock _(mCredsLock); - mergeCredentials(resultCreds); - auth.mergeCredentials(resultCreds); - } - - secdebug("SSauth", "Authorization %p copyRights asked for %d got %d", - &authorization(authBlob), int(rights.size()), int(grantedRights.size())); - return result; -} - -OSStatus Session::authGetInfo(const AuthorizationBlob &authBlob, - const char *tag, - AuthItemSet &contextInfo) -{ - AuthorizationToken &auth = authorization(authBlob); - secdebug("SSauth", "Authorization %p get-info", &auth); - contextInfo = auth.infoSet(tag); - return noErr; -} - -OSStatus Session::authExternalize(const AuthorizationBlob &authBlob, - AuthorizationExternalForm &extForm) -{ - const AuthorizationToken &auth = authorization(authBlob); - StLock _(mLock); - if (auth.mayExternalize(Server::connection().process)) { - memset(&extForm, 0, sizeof(extForm)); - AuthorizationExternalBlob &extBlob = - reinterpret_cast(extForm); - extBlob.blob = auth.handle(); - extBlob.session = bootstrapPort(); - secdebug("SSauth", "Authorization %p externalized", &auth); - return noErr; - } else - return errAuthorizationExternalizeNotAllowed; -} - -OSStatus Session::authInternalize(const AuthorizationExternalForm &extForm, - AuthorizationBlob &authBlob) -{ - // interpret the external form - const AuthorizationExternalBlob &extBlob = - reinterpret_cast(extForm); - - // locate source authorization - AuthorizationToken &sourceAuth = AuthorizationToken::find(extBlob.blob); - - // check for permission and do it - if (sourceAuth.mayInternalize(Server::connection().process, true)) { - StLock _(mLock); - authBlob = extBlob.blob; - Server::connection().process.addAuthorization(&sourceAuth); - mAuthCount++; - secdebug("SSauth", "Authorization %p internalized", &sourceAuth); - return noErr; - } else - return errAuthorizationInternalizeNotAllowed; -} - - -// -// Set up a (new-ish) Session. -// This call must be made from a process within the session, and it must be the first -// such process to make the call. -// -void Session::setup(SessionCreationFlags flags, SessionAttributeBits attrs) -{ - // check current process object - it may have been cached before the client's bootstrap switch - Process *process = &Server::connection().process; - process->session.setupAttributes(attrs); -} - - -void Session::setupAttributes(SessionAttributeBits attrs) -{ - secdebug("SSsession", "%p setup attrs=0x%lx", this, attrs); - if (attrs & ~settableAttributes) - MacOSError::throwMe(errSessionInvalidAttributes); - if (attribute(sessionWasInitialized)) - MacOSError::throwMe(errSessionAuthorizationDenied); - setAttributes(attrs | sessionWasInitialized); -} - - -OSStatus Session::authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict) -{ - string rightName(inRightName); - return Server::authority().getRule(rightName, rightDict); -} - - -OSStatus Session::authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict) -{ - CredentialSet resultCreds; - AuthorizationToken &auth = authorization(authBlob); - CredentialSet effective; - - { - StLock _(mCredsLock); - effective = auth.effectiveCreds(); - } - - OSStatus result = Server::authority().setRule(inRightName, rightDict, &effective, &resultCreds, auth); - - { - StLock _(mCredsLock); - mergeCredentials(resultCreds); - auth.mergeCredentials(resultCreds); - } - - secdebug("SSauth", "Authorization %p authorizationdbSet %s (result=%ld)", - &authorization(authBlob), inRightName, result); - return result; -} - - -OSStatus Session::authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName) -{ - CredentialSet resultCreds; - AuthorizationToken &auth = authorization(authBlob); - CredentialSet effective; - - { - StLock _(mCredsLock); - effective = auth.effectiveCreds(); - } - - OSStatus result = Server::authority().removeRule(inRightName, &effective, &resultCreds, auth); - - { - StLock _(mCredsLock); - mergeCredentials(resultCreds); - auth.mergeCredentials(resultCreds); - } - - secdebug("SSauth", "Authorization %p authorizationdbRemove %s (result=%ld)", - &authorization(authBlob), inRightName, result); - return result; -} - - -// -// Merge a set of credentials into the shared-session credential pool -// -// must hold mCredsLock -void Session::mergeCredentials(CredentialSet &creds) -{ - secdebug("SSsession", "%p merge creds @%p", this, &creds); - for (CredentialSet::const_iterator it = creds.begin(); it != creds.end(); it++) - if (((*it)->isShared() && (*it)->isValid())) { - CredentialSet::iterator old = mSessionCreds.find(*it); - if (old == mSessionCreds.end()) { - mSessionCreds.insert(*it); - } else { - // replace "new" with "old" in input set to retain synchronization - (*old)->merge(**it); - creds.erase(it); - creds.insert(*old); - } - } -} - - -// -// Locate an AuthorizationToken given a blob -// -AuthorizationToken &Session::authorization(const AuthorizationBlob &blob) -{ - AuthorizationToken &auth = AuthorizationToken::find(blob); - Server::connection().process.checkAuthorization(&auth); - return auth; -} diff --git a/SecurityServer/session.h b/SecurityServer/session.h deleted file mode 100644 index 35c89fca..00000000 --- a/SecurityServer/session.h +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// session - authentication session domains -// -#ifndef _H_SESSION -#define _H_SESSION - -#include "securityserver.h" -#include "acls.h" -#include "authority.h" -#include -#include -#include -#include - -#if __GNUC__ > 2 -#include -using __gnu_cxx::hash_map; -#else -#include -#endif - - -class Key; -class Connection; -class Database; -class Database::CommonMap; - - -// -// A Session object represents one or more Connections that are known to -// belong to the same authentication domain. Informally this means just -// about "the same user", for the right definition of "user." The upshot -// is that global credentials can be shared by Connections of one Session -// with a modicum of security, and so Sessions are the natural nexus of -// single-sign-on functionality. -// -class Session : public HandleObject { -public: - typedef MachPlusPlus::Bootstrap Bootstrap; - - Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs = 0); - virtual ~Session(); - - Bootstrap bootstrapPort() const { return mBootstrap; } - Port servicePort() const { return mServicePort; } - - void addProcess(Process *proc); - bool removeProcess(Process *proc); - - virtual void release(); - - void addAuthorization(AuthorizationToken *auth); - bool removeAuthorization(AuthorizationToken *auth); - -public: - static const SessionAttributeBits settableAttributes = - sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote; - - SessionAttributeBits attributes() const { return mAttributes; } - bool attribute(SessionAttributeBits bits) const { return mAttributes & bits; } - - static void setup(SessionCreationFlags flags, SessionAttributeBits attrs); - void setupAttributes(SessionAttributeBits attrs); - -protected: - void setAttributes(SessionAttributeBits attrs) { mAttributes |= attrs; } - -public: - const CredentialSet &authCredentials() const { return mSessionCreds; } - - OSStatus authCreate(const AuthItemSet &rights, const AuthItemSet &environment, - AuthorizationFlags flags, AuthorizationBlob &newHandle, const audit_token_t &auditToken); - void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags); - OSStatus authGetRights(const AuthorizationBlob &auth, - const AuthItemSet &requestedRights, const AuthItemSet &environment, - AuthorizationFlags flags, AuthItemSet &grantedRights); - OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthItemSet &contextInfo); - - OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm); - OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth); - - OSStatus authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict); - OSStatus authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict); - OSStatus authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName); - -private: - struct AuthorizationExternalBlob { - AuthorizationBlob blob; - mach_port_t session; - }; - -protected: - AuthorizationToken &authorization(const AuthorizationBlob &blob); - void mergeCredentials(CredentialSet &creds); - - bool clearResources(); - -public: - static Session &find(Port servPort); - static Session &find(SecuritySessionId id); - static void eliminate(Port servPort); - - static void lockAllDatabases(bool forSleep = false); - -protected: - mutable Mutex mLock; // object lock - - Bootstrap mBootstrap; // session bootstrap port - Port mServicePort; // SecurityServer service port for this session - SessionAttributeBits mAttributes; // attribute bits (see AuthSession.h) - unsigned int mProcessCount; // number of active processes in session - unsigned int mAuthCount; // number of AuthorizationTokens belonging to us - bool mDying; // session is dying - - mutable Mutex mCredsLock; // lock for mSessionCreds - CredentialSet mSessionCreds; // shared session authorization credentials - -private: - typedef map SessionMap; - static SessionMap sessionMap; - static Mutex sessionMapLock; - -public: - typedef SessionMap::iterator Iterator; - static Iterator begin() { return sessionMap.begin(); } - static Iterator end() { return sessionMap.end(); } - -private: - Database::CommonMap mCommons; // all database commons open in this session - -public: - Database::CommonMap &databases() - { return mCommons; } -}; - - -// -// The RootSession is the session (i.e. bootstrap dictionary) of system daemons that are -// started early and don't belong to anything more restrictive. The RootSession is considered -// immortal. -// Currently, telnet sessions et al also default into this session, but this will change -// (we hope). -// -class RootSession : public Session { -public: - RootSession(Port servicePort, SessionAttributeBits attrs = 0); -}; - - -// -// A DynamicSession is the default type of session object. We create one when a new -// Connection initializes whose bootstrap port we haven't seen before. These Sessions -// are torn down when their bootstrap object disappears (which happens when mach_init -// destroys it due to its requestor referent vanishing). -// -class DynamicSession : private ReceivePort, public Session { -public: - DynamicSession(const Bootstrap &bootstrap); - ~DynamicSession(); - -protected: - void release(); -}; - - -#endif //_H_SESSION diff --git a/SecurityServer/ssblob.cpp b/SecurityServer/ssblob.cpp deleted file mode 100644 index 705ffc48..00000000 --- a/SecurityServer/ssblob.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ssclient - SecurityServer client interface library -// -#include "ssblob.h" - - -namespace Security { -namespace SecurityServer { - - -// -// Initialize the blob header for a given version -// -void CommonBlob::initialize(uint32 version) -{ - magic = magicNumber; - this->blobVersion = version; -} - - -// -// Verify the blob header for basic sane-ness. -// -bool CommonBlob::isValid() const -{ - return magic == magicNumber; -} - -void CommonBlob::validate(CSSM_RETURN failureCode) const -{ - if (!isValid()) - CssmError::throwMe(failureCode); -} - - - -} // end namespace SecurityServer - -} // end namespace Security diff --git a/SecurityServer/ssblob.h b/SecurityServer/ssblob.h deleted file mode 100644 index 490746c0..00000000 --- a/SecurityServer/ssblob.h +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ssblob - objects to represent persistent blobs used by SecurityServer -// -#ifndef _H_SSBLOB -#define _H_SSBLOB - -#include -#include -#include -#include -#include -#include -#include - - -namespace Security { -namespace SecurityServer { - -using LowLevelMemoryUtilities::increment; - - -// -// A generic blob. -// Note that Blob and its subclasses are meant to be Byte Order Corrected. -// Make sure all non-byte fields are Endian<> qualified. -// -class Blob { -public: - typedef Endian uint32e; - typedef Endian sint32e; - -protected: - template - T *at(off_t offset) { return LowLevelMemoryUtilities::increment(this, offset); } - void *at(off_t offset) { return LowLevelMemoryUtilities::increment(this, offset); } -}; - - -// -// The common features of our blobs -// -class CommonBlob : public Blob { -public: - // initial fixed fields for versioning - uint32e magic; // magic number - uint32e blobVersion; // version code - uint32 version() const { return blobVersion; } - - static const uint32 magicNumber = 0xfade0711; - - static const uint32 version_MacOS_10_0 = 0x00000100; // MacOS 10.0.x - static const uint32 version_MacOS_10_1 = 0x00000101; // MacOS 10.1.x and on - static const uint32 currentVersion = version_MacOS_10_0; - -public: - void initialize(uint32 version = currentVersion); - bool isValid() const; - void validate(CSSM_RETURN failureCode) const; - - void *data() { return at(0); } -}; - - -// -// A Database blob -// -class DbBlob : public CommonBlob { -public: - struct Signature { - uint8 bytes[16]; - - bool operator < (const Signature &sig) const - { return memcmp(bytes, sig.bytes, sizeof(bytes)) < 0; } - bool operator == (const Signature &sig) const - { return memcmp(bytes, sig.bytes, sizeof(bytes)) == 0; } - }; - - struct PrivateBlob : public Blob { - typedef uint8 EncryptionKey[24]; - typedef uint8 SigningKey[20]; - - EncryptionKey encryptionKey; // master encryption key - SigningKey signingKey; // master signing key - - // private ACL blob follows, to the end - void *privateAclBlob() { return at(sizeof(PrivateBlob)); } - }; - -public: - // position separators between variable-length fields (see below) - uint32e startCryptoBlob; // end of public ACL; start of crypto blob - uint32e totalLength; // end of crypto blob; end of entire blob - - Signature randomSignature; // randomizing database signature - uint32e sequence; // database sequence number - DBParameters params; // database settable parameters - - uint8 salt[20]; // derivation salt - uint8 iv[8]; // encryption iv - - uint8 blobSignature[20]; // HMAC/SHA1 of entire blob except itself - - // variable length fields: - void *publicAclBlob() { return at(sizeof(DbBlob)); } - size_t publicAclBlobLength() const - { return startCryptoBlob - sizeof(DbBlob); } - - void *cryptoBlob() { return at(startCryptoBlob); } - size_t cryptoBlobLength() const { return totalLength - startCryptoBlob; } - - uint32 length() const { return totalLength; } - - DbBlob *copy(CssmAllocator &alloc = CssmAllocator::standard()) const - { - DbBlob *blob = alloc.malloc(length()); - memcpy(blob, this, length()); - return blob; - } -}; - - -// -// A key blob -// -class KeyBlob : public CommonBlob { -public: - uint32e startCryptoBlob; // end of public ACL; start of crypto blob - uint32e totalLength; // end of crypto blob; end of entire blob - - uint8 iv[8]; // encryption iv - - CssmKey::Header header; // key header as-is - struct WrappedFields { - Endian blobType; - Endian blobFormat; - Endian wrapAlgorithm; - Endian wrapMode; - } wrappedHeader; - - uint8 blobSignature[20]; // HMAC/SHA1 of entire blob except itself - - // variable length fields: - void *publicAclBlob() { return at(sizeof(KeyBlob)); } - size_t publicAclBlobLength() const - { return startCryptoBlob - sizeof(KeyBlob); } - - void *cryptoBlob() { return at(startCryptoBlob); } - size_t cryptoBlobLength() const { return totalLength - startCryptoBlob; } - - uint32 length() const { return totalLength; } - - // these bits are managed internally by the SecurityServer (and not passed to the CSPs) - static const uint32 managedAttributes = - CSSM_KEYATTR_ALWAYS_SENSITIVE | - CSSM_KEYATTR_NEVER_EXTRACTABLE | - CSSM_KEYATTR_PERMANENT | - CSSM_KEYATTR_EXTRACTABLE; - static const uint32 forcedAttributes = - CSSM_KEYATTR_EXTRACTABLE; - -public: - KeyBlob *copy(CssmAllocator &alloc) const - { - KeyBlob *blob = alloc.malloc(length()); - memcpy(blob, this, length()); - return blob; - } -}; - - -// -// An auto-unlock record (database identity plus raw unlock key) -// -class UnlockBlob : public CommonBlob { -public: - typedef uint8 MasterKey[24]; - MasterKey masterKey; // raw bits (triple-DES) - make your own CssmKey - DbBlob::Signature signature; // signature is index -}; - - -} // end namespace SecurityServer -} // end namespace Security - - -#endif //_H_SSBLOB diff --git a/SecurityServer/ssclient.cpp b/SecurityServer/ssclient.cpp deleted file mode 100644 index 010abdc1..00000000 --- a/SecurityServer/ssclient.cpp +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ssclient - SecurityServer client interface library -// -#include "sstransit.h" -#include -#include - -using MachPlusPlus::check; -using MachPlusPlus::Bootstrap; -using CodeSigning::OSXCode; - - -namespace Security { -namespace SecurityServer { - -// -// Static callback stuff -// -ClientSession::DidChangeKeyAclCallback *ClientSession::mCallback = NULL; -void *ClientSession::mCallbackContext = NULL; - -// -// The process-global object -// -UnixPlusPlus::StaticForkMonitor ClientSession::mHasForked; -ModuleNexus ClientSession::mGlobal; -bool ClientSession::mSetupSession; -const char *ClientSession::mContactName; - -// -// Construct a client session -// -ClientSession::ClientSession(CssmAllocator &std, CssmAllocator &rtn) -: internalAllocator(std), returnAllocator(rtn) -{ } - - -// -// Destroy a session -// -ClientSession::~ClientSession() -{ } - - -void -ClientSession::registerForAclEdits(DidChangeKeyAclCallback *callback, void *context) -{ - mCallback = callback; - mCallbackContext = context; -} - -// -// Activate a client session: This connects to the SecurityServer and executes -// application authentication -// -void ClientSession::activate() -{ - // Guard against fork-without-exec. If we are the child of a fork - // (that has not exec'ed), our apparent connection to SecurityServer - // is just a mirage, and we better reset it. - if (mHasForked()) { - secdebug("SSclnt", "process has forked (now pid=%d) - resetting connection object", getpid()); - mGlobal.reset(); - } - - // now pick up the (new or existing) connection state - Global &global = mGlobal(); - Thread &thread = global.thread(); - if (!thread) { - // first time for this thread - use abbreviated registration - IPCN(ucsp_client_setupThread(UCSP_ARGS, mach_task_self())); - thread.registered = true; - global.serverPort.requestNotify(thread.replyPort, MACH_NOTIFY_DEAD_NAME, true); - secdebug("SSclnt", "Thread registered with %s", mContactName); - } -} - - -// -// The contactName method allows the caller to explicitly override the bootstrap -// name under which SecurityServer is located. Use this only with great caution, -// and probably only for debugging. -// Note that no explicit locking is done here. It is the caller's responsibility -// to make sure this is called from thread-safe context before the real dance begins. -// -void ClientSession::contactName(const char *name) -{ - mContactName = name; -} - -const char *ClientSession::contactName() const -{ - return mContactName; -} - - -// -// Construct the process-global state object. -// The ModuleNexus construction magic will ensure that this happens uniquely -// even if the face of multithreaded attack. -// Do note that the mSetupSession (session creation) case is gated by a global flag, -// and it's the caller's responsibility not to multithread-race it. -// -ClientSession::Global::Global() -{ - // find server port - IFDEBUG(if (!mContactName) mContactName = getenv(SECURITYSERVER_BOOTSTRAP_ENV)); - if (!mContactName) - mContactName = SECURITYSERVER_BOOTSTRAP_NAME; - secdebug("SSclnt", "Locating %s", mContactName); - serverPort = Bootstrap().lookup(mContactName); - secdebug("SSclnt", "contacting %s at port %d", mContactName, serverPort.port()); - - // send identification/setup message - string extForm; - try { - myself = OSXCode::main(); - extForm = myself->encode(); - secdebug("SSclnt", "my OSXCode extForm=%s", extForm.c_str()); - } catch (...) { - // leave extForm empty - secdebug("SSclnt", "failed to obtain my own OSXCode"); - } - - ClientSetupInfo info = { SSPROTOVERSION }; - - // cannot use UCSP_ARGS here because it uses mGlobal() -> deadlock - Thread &thread = this->thread(); - - if (mSetupSession) { - secdebug("SSclnt", "sending session setup request"); - mSetupSession = false; - IPCN(ucsp_client_setupNew(serverPort, thread.replyPort, &rcode, - mach_task_self(), info, extForm.c_str(), &serverPort.port())); - secdebug("SSclnt", "new session server port is %d", serverPort.port()); - } else { - IPCN(ucsp_client_setup(serverPort, thread.replyPort, &rcode, - mach_task_self(), info, extForm.c_str())); - } - thread.registered = true; // as a side-effect of setup call above - serverPort.requestNotify(thread.replyPort, MACH_NOTIFY_DEAD_NAME, true); - secdebug("SSclnt", "contact with %s established", mContactName); -} - - -// -// Terminate a session. This is called by the session destructor, or explicitly. -// -void ClientSession::terminate() -{ - // currently defunct - secdebug("SSclnt", "ClientSession::terminate() call ignored"); -} - - -void ClientSession::addApplicationAclSubject(KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag) -{ - /* Notify our client if they are interested. */ - if (mCallback && mCallbackContext) - { - secdebug("keyacl", "ClientSession::addApplicationAclSubject(keyHandle: %lu tag: %lu)", key, tag); - mCallback(mCallbackContext, *this, key, tag); - } - else - secdebug("keyacl", "ClientSession::addApplicationAclSubject() with NULL mCallback"); -} - - -} // end namespace SecurityServer -} // end namespace Security diff --git a/SecurityServer/ssclient.h b/SecurityServer/ssclient.h deleted file mode 100644 index fb8ab35c..00000000 --- a/SecurityServer/ssclient.h +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ssclient - SecurityServer client interface library -// -// This interface is private to the Security system. It is not a public interface, -// and it may change at any time. You have been warned. -// -#ifndef _H_SSCLIENT -#define _H_SSCLIENT - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace SecurityServer { - -using MachPlusPlus::Port; -using MachPlusPlus::ReceivePort; - - -// -// The default Mach bootstrap registration name for SecurityServer, -// and the environment variable to override it -// -#define SECURITYSERVER_BOOTSTRAP_NAME "com.apple.SecurityServer" -#define SECURITYSERVER_BOOTSTRAP_ENV "SECURITYSERVER" - - -// -// Common data types -// -typedef CSSM_HANDLE KeyHandle; -typedef CSSM_HANDLE DbHandle; - -static const CSSM_HANDLE noDb = 0; -static const CSSM_HANDLE noKey = 0; - -struct KeyUID { - uint8 signature[20]; -}; - -struct AuthorizationBlob { - uint32 data[2]; - - bool operator < (const AuthorizationBlob &other) const - { return memcmp(data, other.data, sizeof(data)) < 0; } - - bool operator == (const AuthorizationBlob &other) const - { return memcmp(data, other.data, sizeof(data)) == 0; } - - size_t hash() const { //@@@ revisit this hash - return data[0] ^ data[1] << 3; - } -}; - -struct ClientSetupInfo { - uint32 version; -}; -#define SSPROTOVERSION 4 - -enum AclKind { dbAcl, keyAcl, loginAcl }; - - -// -// Database parameter structure -// -class DBParameters { -public: - uint32 idleTimeout; // seconds idle timout lock - uint8 lockOnSleep; // lock keychain when system sleeps -}; - - -// -// A client connection (session) -// -class ClientSession { - NOCOPY(ClientSession) -public: - typedef void DidChangeKeyAclCallback(void *context, ClientSession &clientSession, - KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag); - - ClientSession(CssmAllocator &standard, CssmAllocator &returning); - virtual ~ClientSession(); - - void registerForAclEdits(DidChangeKeyAclCallback *callback, void *context); - - CssmAllocator &internalAllocator; - CssmAllocator &returnAllocator; - -public: - typedef CSSM_DB_ACCESS_TYPE DBAccessType; - typedef Security::Context Context; - -public: - void activate(); - void terminate(); - -public: - // use this only if you know what you're doing... - void contactName(const char *name); - const char *contactName() const; - -public: - // database sessions - DbHandle createDb(const DLDbIdentifier &dbId, - const AccessCredentials *cred, const AclEntryInput *owner, - const DBParameters ¶ms); - DbHandle decodeDb(const DLDbIdentifier &dbId, - const AccessCredentials *cred, const CssmData &blob); - void encodeDb(DbHandle db, CssmData &blob, CssmAllocator &alloc); - void encodeDb(DbHandle db, CssmData &blob) { return encodeDb(db, blob, returnAllocator); } - void releaseDb(DbHandle db); - void authenticateDb(DbHandle db, DBAccessType type, const AccessCredentials *cred); - void setDbParameters(DbHandle db, const DBParameters ¶ms); - void getDbParameters(DbHandle db, DBParameters ¶ms); - void getDbSuggestedIndex(DbHandle db, CssmData &index, CssmAllocator &alloc); - void getDbSuggestedIndex(DbHandle db, CssmData &index) - { return getDbSuggestedIndex(db, index, returnAllocator); } - void changePassphrase(DbHandle db, const AccessCredentials *cred); - void lock(DbHandle db); - void lockAll(bool forSleep); - void unlock(DbHandle db); - void unlock(DbHandle db, const CssmData &passPhrase); - bool isLocked(DbHandle db); - - // key objects - void encodeKey(KeyHandle key, CssmData &blob, KeyUID *uid, CssmAllocator &alloc); - void encodeKey(KeyHandle key, CssmData &blob, KeyUID *uid = NULL) - { return encodeKey(key, blob, uid, returnAllocator); } - KeyHandle decodeKey(DbHandle db, const CssmData &blob, CssmKey::Header &header); - void releaseKey(KeyHandle key); - - CssmKeySize queryKeySizeInBits(KeyHandle key); - uint32 getOutputSize(const Security::Context &context, KeyHandle key, - uint32 inputSize, bool encrypt = true); - - void getKeyDigest(KeyHandle key, CssmData &digest, CssmAllocator &alloc); - void getKeyDigest(KeyHandle key, CssmData &digest) - { return getKeyDigest(key, digest, returnAllocator); } - - -public: - // key wrapping and unwrapping - void wrapKey(const Security::Context &context, KeyHandle key, KeyHandle keyToBeWrapped, - const AccessCredentials *cred, - const CssmData *descriptiveData, CssmWrappedKey &wrappedKey, CssmAllocator &alloc); - void wrapKey(const Security::Context &context, KeyHandle key, KeyHandle keyToBeWrapped, - const AccessCredentials *cred, - const CssmData *descriptiveData, CssmWrappedKey &wrappedKey) - { return wrapKey(context, key, keyToBeWrapped, cred, - descriptiveData, wrappedKey, returnAllocator); } - - void unwrapKey(DbHandle db, const Security::Context &context, KeyHandle key, KeyHandle publicKey, - const CssmWrappedKey &wrappedKey, uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - CssmData &data, KeyHandle &newKey, CssmKey::Header &newKeyHeader, CssmAllocator &alloc); - void unwrapKey(DbHandle db, const Security::Context &context, KeyHandle key, KeyHandle publicKey, - const CssmWrappedKey &wrappedKey, uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, CssmData &data, - KeyHandle &newKey, CssmKey::Header &newKeyHeader) - { return unwrapKey(db, context, key, publicKey, wrappedKey, keyUsage, keyAttr, - cred, owner, data, newKey, newKeyHeader, returnAllocator); } - - // key generation and derivation - void generateKey(DbHandle db, const Security::Context &context, uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader); - void generateKey(DbHandle db, const Security::Context &context, - uint32 pubKeyUsage, uint32 pubKeyAttr, - uint32 privKeyUsage, uint32 privKeyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &pubKey, CssmKey::Header &pubHeader, - KeyHandle &privKey, CssmKey::Header &privHeader); - void deriveKey(DbHandle db, const Security::Context &context, KeyHandle baseKey, - uint32 keyUsage, uint32 keyAttr, CssmData ¶m, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &alloc); - void deriveKey(DbHandle db, const Security::Context &context, KeyHandle baseKey, - uint32 keyUsage, uint32 keyAttr, CssmData ¶m, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader) - { return deriveKey(db, context, baseKey, keyUsage, keyAttr, param, cred, owner, newKey, newHeader, returnAllocator); } - //void generateAlgorithmParameters(); // not implemented - - void generateRandom(CssmData &data); - - // encrypt/decrypt - void encrypt(const Security::Context &context, KeyHandle key, - const CssmData &in, CssmData &out, CssmAllocator &alloc); - void encrypt(const Security::Context &context, KeyHandle key, const CssmData &in, CssmData &out) - { return encrypt(context, key, in, out, returnAllocator); } - void decrypt(const Security::Context &context, KeyHandle key, - const CssmData &in, CssmData &out, CssmAllocator &alloc); - void decrypt(const Security::Context &context, KeyHandle key, const CssmData &in, CssmData &out) - { return decrypt(context, key, in, out, returnAllocator); } - - // signatures - void generateSignature(const Security::Context &context, KeyHandle key, - const CssmData &data, CssmData &signature, CssmAllocator &alloc, - CSSM_ALGORITHMS signOnlyAlgorithm = CSSM_ALGID_NONE); - void generateSignature(const Security::Context &context, KeyHandle key, - const CssmData &data, CssmData &signature, CSSM_ALGORITHMS signOnlyAlgorithm = CSSM_ALGID_NONE) - { return generateSignature(context, key, data, signature, returnAllocator, signOnlyAlgorithm); } - void verifySignature(const Security::Context &context, KeyHandle key, - const CssmData &data, const CssmData &signature, - CSSM_ALGORITHMS verifyOnlyAlgorithm = CSSM_ALGID_NONE); - - // MACs - void generateMac(const Security::Context &context, KeyHandle key, - const CssmData &data, CssmData &mac, CssmAllocator &alloc); - void generateMac(const Security::Context &context, KeyHandle key, - const CssmData &data, CssmData &mac) - { return generateMac(context, key, data, mac, returnAllocator); } - void verifyMac(const Security::Context &context, KeyHandle key, - const CssmData &data, const CssmData &mac); - - // key ACL management - void getKeyAcl(KeyHandle key, const char *tag, - uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc); - void getKeyAcl(KeyHandle key, const char *tag, - uint32 &count, AclEntryInfo * &info) - { return getKeyAcl(key, tag, count, info, returnAllocator); } - void changeKeyAcl(KeyHandle key, const AccessCredentials &cred, const AclEdit &edit); - void getKeyOwner(KeyHandle key, AclOwnerPrototype &owner, CssmAllocator &alloc); - void getKeyOwner(KeyHandle key, AclOwnerPrototype &owner) - { return getKeyOwner(key, owner, returnAllocator); } - void changeKeyOwner(KeyHandle key, const AccessCredentials &cred, - const AclOwnerPrototype &edit); - - // database ACL management - void getDbAcl(DbHandle db, const char *tag, - uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc); - void getDbAcl(DbHandle db, const char *tag, - uint32 &count, AclEntryInfo * &info) - { return getDbAcl(db, tag, count, info, returnAllocator); } - void changeDbAcl(DbHandle db, const AccessCredentials &cred, const AclEdit &edit); - void getDbOwner(DbHandle db, AclOwnerPrototype &owner, CssmAllocator &alloc); - void getDbOwner(DbHandle db, AclOwnerPrototype &owner) - { return getDbOwner(db, owner, returnAllocator); } - void changeDbOwner(DbHandle db, const AccessCredentials &cred, - const AclOwnerPrototype &edit); - - // database key manipulations - void extractMasterKey(DbHandle db, const Context &context, DbHandle sourceDb, - uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &alloc); - void extractMasterKey(DbHandle db, const Context &context, DbHandle sourceDb, - uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader) - { return extractMasterKey(db, context, sourceDb, keyUsage, keyAttr, cred, owner, - newKey, newHeader, returnAllocator); } - -public: - // Authorization API support - void authCreate(const AuthorizationItemSet *rights, const AuthorizationItemSet *environment, - AuthorizationFlags flags,AuthorizationBlob &result); - void authRelease(const AuthorizationBlob &auth, AuthorizationFlags flags); - void authCopyRights(const AuthorizationBlob &auth, - const AuthorizationItemSet *rights, const AuthorizationItemSet *environment, - AuthorizationFlags flags, AuthorizationItemSet **result); - void authCopyInfo(const AuthorizationBlob &auth, const char *tag, AuthorizationItemSet * &info); - void authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm); - void authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth); - -public: - // Session API support - void getSessionInfo(SecuritySessionId &sessionId, SessionAttributeBits &attrs); - void setupSession(SessionCreationFlags flags, SessionAttributeBits attrs); - -public: - // Notification core support - void requestNotification(Port receiver, Listener::Domain domain, Listener::EventMask events); - void stopNotification(Port receiver); - void postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data); - - typedef OSStatus ConsumeNotification(Listener::Domain domain, Listener::Event event, - const void *data, size_t dataLength, void *context); - OSStatus dispatchNotification(const mach_msg_header_t *message, - ConsumeNotification *consumer, void *context) throw(); - -public: - // AuthorizationDB API - void authorizationdbGet(const AuthorizationString rightname, CssmData &rightDefinition, CssmAllocator &alloc); - void authorizationdbSet(const AuthorizationBlob &auth, const AuthorizationString rightname, uint32_t rightdefinitionLength, const void *rightdefinition); - void authorizationdbRemove(const AuthorizationBlob &auth, const AuthorizationString rightname); - -public: - // miscellaneous administrative calls - void addCodeEquivalence(const CssmData &oldCode, const CssmData &newCode, - const char *name, bool forSystem = false); - void removeCodeEquivalence(const CssmData &code, const char *name, bool forSystem = false); - void setAlternateSystemRoot(const char *path); - -private: - void getAcl(AclKind kind, KeyHandle key, const char *tag, - uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc); - void changeAcl(AclKind kind, KeyHandle key, - const AccessCredentials &cred, const AclEdit &edit); - void getOwner(AclKind kind, KeyHandle key, AclOwnerPrototype &owner, CssmAllocator &alloc); - void changeOwner(AclKind kind, KeyHandle key, const AccessCredentials &cred, - const AclOwnerPrototype &edit); - - void addApplicationAclSubject(KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag); - -private: - static DidChangeKeyAclCallback *mCallback; - static void *mCallbackContext; - - static UnixPlusPlus::StaticForkMonitor mHasForked; // global fork indicator - - struct Thread { - Thread() : registered(false) { } - operator bool() const { return registered; } - - ReceivePort replyPort; // dedicated reply port (send right held by SecurityServer) - bool registered; // has been registered with SecurityServer - }; - - struct Global { - Global(); - Port serverPort; - RefPointer myself; - ThreadNexus thread; - }; - - static ModuleNexus mGlobal; - static bool mSetupSession; - static const char *mContactName; -}; - - -} // end namespace SecurityServer -} // end namespace Security - - -#endif //_H_SSCLIENT diff --git a/SecurityServer/sstransit.cpp b/SecurityServer/sstransit.cpp deleted file mode 100644 index 33a478a0..00000000 --- a/SecurityServer/sstransit.cpp +++ /dev/null @@ -1,826 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// sstransit - SecurityServer client library transition code. -// -// These are the functions that implement CssmClient methods in terms of -// MIG IPC client calls, plus their supporting machinery. -// -#include "sstransit.h" -#include -#include -#include - -namespace Security { - -using MachPlusPlus::check; -using MachPlusPlus::VMGuard; - - -// -// DataOutput helper. -// This happens "at the end" of a glue method, via the DataOutput destructor. -// -DataOutput::~DataOutput() -{ - VMGuard _(mData, mLength); - if (mData) { // was assigned to; IPC returned OK - if (argument) { // buffer was provided - if (argument.length() < mLength) - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - argument.length(mLength); - } else { // allocate buffer - argument = CssmData(allocator.malloc(mLength), mLength); - } - memcpy(argument.data(), mData, mLength); - } -} - - -CssmList chunkCopy(CssmList &list, CssmAllocator &alloc) -{ - CssmList copy = list; - ChunkCopyWalker w(alloc); - walk(w, copy); - return copy; -} - - -// -// Create a packaged-up Context for IPC transmission. -// In addition to collecting the context into a contiguous blob for transmission, -// we also evaluate CssmCryptoData callbacks at this time. -// -SendContext::SendContext(const Security::Context &ctx) : context(ctx) -{ - CssmCryptoData cryptoDataValue; // holding area for CssmCryptoData element - IFDEBUG(uint32 cryptoDataUsed = 0); - Context::Builder builder(CssmAllocator::standard()); - for (unsigned n = 0; n < ctx.attributesInUse(); n++) { - switch (ctx[n].baseType()) { - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: { - CssmCryptoData &data = ctx[n]; // extract CssmCryptoData value - cryptoDataValue = data(); // evaluate callback (if any) - builder.setup(&cryptoDataValue); // use evaluted value - IFDEBUG(cryptoDataUsed++); - break; - } - default: - builder.setup(ctx[n]); - break; - } - } - attributeSize = builder.make(); - for (unsigned n = 0; n < ctx.attributesInUse(); n++) { - const Context::Attr &attr = ctx[n]; - switch (attr.baseType()) { - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - builder.put(attr.type(), &cryptoDataValue); - break; - default: - builder.put(attr); - break; - } - } - uint32 count; // not needed - builder.done(attributes, count); - assert(cryptoDataUsed <= 1); // no more than one slot converted -} - - -// -// Copy an AccessCredentials for shipment. -// In addition, scan the samples for "special" database locking samples -// and translate certain items for safe shipment. Note that this overwrites -// part of the CssmList value (CSPHandle -> SS/KeyHandle), but we do it on -// the COPY, so that's okay. -// -DatabaseAccessCredentials::DatabaseAccessCredentials(const AccessCredentials *creds, CssmAllocator &alloc) - : Copier(creds, alloc) -{ - if (creds) { - for (uint32 n = 0; n < value()->samples().length(); n++) { - TypedList sample = value()->samples()[n]; - sample.checkProper(); - switch (sample.type()) { - case CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK: - case CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK: - sample.snip(); // skip sample type - sample.checkProper(); - if (sample.type() == CSSM_WORDID_SYMMETRIC_KEY) { - secdebug("SSclient", "key sample encountered"); - // proper form is sample[1] = DATA:CSPHandle, sample[2] = DATA:CSSM_KEY - if (sample.length() != 3 - || sample[1].type() != CSSM_LIST_ELEMENT_DATUM - || sample[2].type() != CSSM_LIST_ELEMENT_DATUM) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - mapKeySample( - *sample[1].data().interpretedAs(CSSM_ERRCODE_INVALID_SAMPLE_VALUE), - *sample[2].data().interpretedAs(CSSM_ERRCODE_INVALID_SAMPLE_VALUE)); - } - break; - default: - break; - } - } - } -} - -void DatabaseAccessCredentials::mapKeySample(CSSM_CSP_HANDLE &cspHandle, CssmKey &key) -{ - // if the key belongs to the AppleCSPDL, look it up and write the SS KeyHandle - // into the CSPHandle element for transmission - if (key.header().cspGuid() == gGuidAppleCSPDL) { - // @@@ can't use CssmClient (it makes its own attachments) - CSSM_CC_HANDLE ctx; - if (CSSM_RETURN err = CSSM_CSP_CreatePassThroughContext(cspHandle, &key, &ctx)) - CssmError::throwMe(err); - KeyHandle ssKey; - CSSM_RETURN passthroughError = - CSSM_CSP_PassThrough(ctx, CSSM_APPLESCPDL_CSP_GET_KEYHANDLE, NULL, (void **)&ssKey); - CSSM_DeleteContext(ctx); // ignore error - if (passthroughError) - CssmError::throwMe(passthroughError); - // we happen to know that they're both uint32 values - assert(sizeof(CSSM_CSP_HANDLE) >= sizeof(KeyHandle)); - cspHandle = ssKey; - secdebug("SSclient", "key sample mapped to key 0x%lx", ssKey); - } -} - - -namespace SecurityServer -{ - -// -// Database control -// -DbHandle ClientSession::createDb(const DLDbIdentifier &dbId, - const AccessCredentials *cred, const AclEntryInput *owner, - const DBParameters ¶ms) -{ - DatabaseAccessCredentials creds(cred, internalAllocator); - Copier proto(&owner->proto(), internalAllocator); - DataWalkers::DLDbFlatIdentifier ident(dbId); - Copier id(&ident, internalAllocator); - DbHandle db; - IPC(ucsp_client_createDb(UCSP_ARGS, &db, COPY(id), COPY(creds), COPY(proto), params)); - return db; -} - -DbHandle ClientSession::decodeDb(const DLDbIdentifier &dbId, - const AccessCredentials *cred, const CssmData &blob) -{ - DatabaseAccessCredentials creds(cred, internalAllocator); - DataWalkers::DLDbFlatIdentifier ident(dbId); - Copier id(&ident, internalAllocator); - DbHandle db; - IPC(ucsp_client_decodeDb(UCSP_ARGS, &db, COPY(id), COPY(creds), DATA(blob))); - return db; -} - -void ClientSession::encodeDb(DbHandle db, CssmData &blob, CssmAllocator &alloc) -{ - DataOutput outBlob(blob, alloc); - IPC(ucsp_client_encodeDb(UCSP_ARGS, db, DATA(outBlob))); -} - -void ClientSession::releaseDb(DbHandle db) -{ - IPC(ucsp_client_releaseDb(UCSP_ARGS, db)); -} - -void ClientSession::getDbSuggestedIndex(DbHandle db, CssmData &index, CssmAllocator &alloc) -{ - DataOutput outBlob(index, alloc); - IPC(ucsp_client_getDbIndex(UCSP_ARGS, db, DATA(outBlob))); -} - -void ClientSession::authenticateDb(DbHandle db, DBAccessType type, - const AccessCredentials *cred) -{ - DatabaseAccessCredentials creds(cred, internalAllocator); - IPC(ucsp_client_authenticateDb(UCSP_ARGS, db, COPY(creds))); -} - -void ClientSession::setDbParameters(DbHandle db, const DBParameters ¶ms) -{ - IPC(ucsp_client_setDbParameters(UCSP_ARGS, db, params)); -} - -void ClientSession::getDbParameters(DbHandle db, DBParameters ¶ms) -{ - IPC(ucsp_client_getDbParameters(UCSP_ARGS, db, ¶ms)); -} - -void ClientSession::changePassphrase(DbHandle db, const AccessCredentials *cred) -{ - Copier creds(cred, internalAllocator); - IPC(ucsp_client_changePassphrase(UCSP_ARGS, db, COPY(creds))); -} - - -void ClientSession::lock(DbHandle db) -{ - IPC(ucsp_client_lockDb(UCSP_ARGS, db)); -} - -void ClientSession::lockAll (bool forSleep) -{ - IPC(ucsp_client_lockAll (UCSP_ARGS, forSleep)); -} - -void ClientSession::unlock(DbHandle db) -{ - IPC(ucsp_client_unlockDb(UCSP_ARGS, db)); -} - -void ClientSession::unlock(DbHandle db, const CssmData &passphrase) -{ - IPC(ucsp_client_unlockDbWithPassphrase(UCSP_ARGS, db, DATA(passphrase))); -} - -bool ClientSession::isLocked(DbHandle db) -{ - boolean_t locked; - IPC(ucsp_client_isLocked(UCSP_ARGS, db, &locked)); - return locked; -} - - -// -// Key control -// -void ClientSession::encodeKey(KeyHandle key, CssmData &blob, - KeyUID *uid, CssmAllocator &alloc) -{ - DataOutput oBlob(blob, alloc); - void *uidp; - mach_msg_type_number_t uidLength; - IPC(ucsp_client_encodeKey(UCSP_ARGS, key, oBlob.data(), oBlob.length(), - (uid != NULL), &uidp, &uidLength)); - // return key uid if requested - if (uid) { - assert(uidLength == sizeof(KeyUID)); - memcpy(uid, uidp, sizeof(KeyUID)); - } -} - - -KeyHandle ClientSession::decodeKey(DbHandle db, const CssmData &blob, CssmKey::Header &header) -{ - KeyHandle key; - IPC(ucsp_client_decodeKey(UCSP_ARGS, &key, &header, db, blob.data(), blob.length())); - return key; -} - -void ClientSession::releaseKey(KeyHandle key) -{ - IPC(ucsp_client_releaseKey(UCSP_ARGS, key)); -} - - -CssmKeySize ClientSession::queryKeySizeInBits(KeyHandle key) -{ - CssmKeySize length; - IPC(ucsp_client_queryKeySizeInBits(UCSP_ARGS, key, &length)); - return length; -} - - -uint32 ClientSession::getOutputSize(const Context &context, KeyHandle key, - uint32 inputSize, bool encrypt) -{ - SendContext ctx(context); - uint32 outputSize; - IPC(ucsp_client_getOutputSize(UCSP_ARGS, CONTEXT(ctx), key, inputSize, encrypt, &outputSize)); - return outputSize; -} - - -// -// Random number generation. -// This interfaces to the secure RNG inside the SecurityServer; it does not access -// a PRNG in its CSP. If you need a reproducible PRNG, attach a local CSP and use it. -// Note that this function does not allocate a buffer; it always fills the buffer provided. -// -void ClientSession::generateRandom(CssmData &data) -{ - void *result; - mach_msg_type_number_t resultLength; - IPC(ucsp_client_generateRandom(UCSP_ARGS, data.length(), &result, &resultLength)); - assert(resultLength == data.length()); - memcpy(data.data(), result, data.length()); -} - - -// -// Signatures and MACs -// -void ClientSession::generateSignature(const Context &context, KeyHandle key, - const CssmData &data, CssmData &signature, CssmAllocator &alloc, CSSM_ALGORITHMS signOnlyAlgorithm) -{ - SendContext ctx(context); - DataOutput sig(signature, alloc); - IPCKEY(ucsp_client_generateSignature(UCSP_ARGS, CONTEXT(ctx), key, signOnlyAlgorithm, - DATA(data), DATA(sig)), - key, CSSM_ACL_AUTHORIZATION_SIGN); -} - -void ClientSession::verifySignature(const Context &context, KeyHandle key, - const CssmData &data, const CssmData &signature, CSSM_ALGORITHMS verifyOnlyAlgorithm) -{ - SendContext ctx(context); - IPC(ucsp_client_verifySignature(UCSP_ARGS, CONTEXT(ctx), key, verifyOnlyAlgorithm, - DATA(data), DATA(signature))); -} - - -void ClientSession::generateMac(const Context &context, KeyHandle key, - const CssmData &data, CssmData &signature, CssmAllocator &alloc) -{ - SendContext ctx(context); - DataOutput sig(signature, alloc); - IPCKEY(ucsp_client_generateMac(UCSP_ARGS, CONTEXT(ctx), key, - DATA(data), DATA(sig)), - key, CSSM_ACL_AUTHORIZATION_MAC); -} - -void ClientSession::verifyMac(const Context &context, KeyHandle key, - const CssmData &data, const CssmData &signature) -{ - SendContext ctx(context); - IPCKEY(ucsp_client_verifyMac(UCSP_ARGS, CONTEXT(ctx), key, - DATA(data), DATA(signature)), - key, CSSM_ACL_AUTHORIZATION_MAC); -} - - -// -// Encryption/Decryption -// - -void ClientSession::encrypt(const Context &context, KeyHandle key, - const CssmData &clear, CssmData &cipher, CssmAllocator &alloc) -{ - SendContext ctx(context); - DataOutput cipherOut(cipher, alloc); - IPCKEY(ucsp_client_encrypt(UCSP_ARGS, CONTEXT(ctx), key, DATA(clear), DATA(cipherOut)), - key, CSSM_ACL_AUTHORIZATION_ENCRYPT); -} - -void ClientSession::decrypt(const Context &context, KeyHandle key, - const CssmData &cipher, CssmData &clear, CssmAllocator &alloc) -{ - Debug::trace (kSecTraceUCSPServerDecryptBegin); - - SendContext ctx(context); - DataOutput clearOut(clear, alloc); - IPCKEY(ucsp_client_decrypt(UCSP_ARGS, CONTEXT(ctx), key, DATA(cipher), DATA(clearOut)), - key, CSSM_ACL_AUTHORIZATION_DECRYPT); -} - - -// -// Key generation -// -void ClientSession::generateKey(DbHandle db, const Context &context, uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader) -{ - SendContext ctx(context); - Copier creds(cred, internalAllocator); - Copier proto(&owner->proto(), internalAllocator); - IPC(ucsp_client_generateKey(UCSP_ARGS, db, CONTEXT(ctx), - COPY(creds), COPY(proto), keyUsage, keyAttr, &newKey, &newHeader)); -} - -void ClientSession::generateKey(DbHandle db, const Context &context, - uint32 pubKeyUsage, uint32 pubKeyAttr, - uint32 privKeyUsage, uint32 privKeyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &pubKey, CssmKey::Header &pubHeader, - KeyHandle &privKey, CssmKey::Header &privHeader) -{ - SendContext ctx(context); - Copier creds(cred, internalAllocator); - Copier proto(&owner->proto(), internalAllocator); - IPC(ucsp_client_generateKeyPair(UCSP_ARGS, db, CONTEXT(ctx), - COPY(creds), COPY(proto), - pubKeyUsage, pubKeyAttr, privKeyUsage, privKeyAttr, - &pubKey, &pubHeader, &privKey, &privHeader)); -} - - -// -// Key derivation -// This is a bit strained; the incoming 'param' value may have structure -// and needs to be handled on a per-algorithm basis, which means we have to -// know which key derivation algorithms we support for passing to our CSP(s). -// The default behavior is to handle "flat" data blobs, which is as good -// a default as we can manage. -// NOTE: The param-specific handling must be synchronized with the server -// transition layer code (in transition.cpp). -// -void ClientSession::deriveKey(DbHandle db, const Context &context, KeyHandle baseKey, - uint32 keyUsage, uint32 keyAttr, CssmData ¶m, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &allocator) -{ - SendContext ctx(context); - Copier creds(cred, internalAllocator); - Copier proto(&owner->proto(), internalAllocator); - DataOutput paramOutput(param, allocator); - switch (context.algorithm()) { - case CSSM_ALGID_PKCS5_PBKDF2: { - typedef CSSM_PKCS5_PBKDF2_PARAMS Params; - Copier params(param.interpretedAs(CSSM_ERRCODE_INVALID_INPUT_POINTER), - internalAllocator); - IPCKEY(ucsp_client_deriveKey(UCSP_ARGS, db, CONTEXT(ctx), baseKey, - COPY(creds), COPY(proto), COPY(params), DATA(paramOutput), - keyUsage, keyAttr, &newKey, &newHeader), - baseKey, CSSM_ACL_AUTHORIZATION_DERIVE); - break; } - default: { - IPCKEY(ucsp_client_deriveKey(UCSP_ARGS, db, CONTEXT(ctx), baseKey, - COPY(creds), COPY(proto), - param.data(), param.length(), param.data(), - DATA(paramOutput), - keyUsage, keyAttr, &newKey, &newHeader), - baseKey, CSSM_ACL_AUTHORIZATION_DERIVE); - break; } - } -} - - -// -// Digest generation -// -void ClientSession::getKeyDigest(KeyHandle key, CssmData &digest, CssmAllocator &allocator) -{ - DataOutput dig(digest, allocator); - IPC(ucsp_client_getKeyDigest(UCSP_ARGS, key, DATA(dig))); -} - - -// -// Key wrapping and unwrapping -// -void ClientSession::wrapKey(const Context &context, KeyHandle wrappingKey, - KeyHandle keyToBeWrapped, const AccessCredentials *cred, - const CssmData *descriptiveData, CssmWrappedKey &wrappedKey, CssmAllocator &alloc) -{ - SendContext ctx(context); - Copier creds(cred, internalAllocator); - DataOutput keyData(wrappedKey, alloc); - /* @@@ When : CSSM_WrapKey doesn't check the acl of the key doing the wrapping. is fixed, we need to potentially edit the CSSM_ACL_AUTHORIZATION_ENCRYPT acl of the wrapping key as opposed to the key being wrapped. We need to know which of the 2 keys to edit though somehow. */ - IPCKEY(ucsp_client_wrapKey(UCSP_ARGS, CONTEXT(ctx), wrappingKey, COPY(creds), - keyToBeWrapped, OPTIONALDATA(descriptiveData), - &wrappedKey, DATA(keyData)), - keyToBeWrapped, - context.algorithm() == CSSM_ALGID_NONE - ? CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR : CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED); - wrappedKey = CssmData(); // null out data section (force allocation for key data) -} - -void ClientSession::unwrapKey(DbHandle db, const Context &context, KeyHandle key, - KeyHandle publicKey, const CssmWrappedKey &wrappedKey, - uint32 usage, uint32 attr, - const AccessCredentials *cred, const AclEntryInput *acl, - CssmData &descriptiveData, - KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &alloc) -{ - SendContext ctx(context); - DataOutput descriptor(descriptiveData, alloc); - Copier creds(cred, internalAllocator); - Copier proto(&acl->proto(), internalAllocator); - IPCKEY(ucsp_client_unwrapKey(UCSP_ARGS, db, CONTEXT(ctx), key, - COPY(creds), COPY(proto), - publicKey, wrappedKey, DATA(wrappedKey), usage, attr, DATA(descriptor), - &newKey, &newHeader), - key, CSSM_ACL_AUTHORIZATION_DECRYPT); -} - - -// -// ACL management -// -void ClientSession::getAcl(AclKind kind, KeyHandle key, const char *tag, - uint32 &infoCount, AclEntryInfo * &infoArray, CssmAllocator &alloc) -{ - uint32 count; - AclEntryInfo *info, *infoBase; - mach_msg_type_number_t infoLength; - IPC(ucsp_client_getAcl(UCSP_ARGS, kind, key, - (tag != NULL), tag ? tag : "", - &count, COPY_OUT(info))); - VMGuard _(info, infoLength); - infoCount = count; - - // relocate incoming AclEntryInfo array - ReconstituteWalker relocator(info, infoBase); - for (uint32 n = 0; n < count; n++) - walk(relocator, info[n]); - - // copy AclEntryInfo array into discrete memory nodes - infoArray = alloc.alloc(count); - ChunkCopyWalker chunker(alloc); - for (uint32 n = 0; n < count; n++) { - infoArray[n] = info[n]; - walk(chunker, infoArray[n]); - } -} - -void ClientSession::changeAcl(AclKind kind, KeyHandle key, const AccessCredentials &cred, - const AclEdit &edit) -{ - Copier creds(&cred, internalAllocator); - //@@@ ignoring callback - Copier newEntry(edit.newEntry(), internalAllocator); - IPCKEY(ucsp_client_changeAcl(UCSP_ARGS, kind, key, COPY(creds), - edit.mode(), edit.handle(), COPY(newEntry)), - key, CSSM_ACL_AUTHORIZATION_CHANGE_ACL); -} - -void ClientSession::getOwner(AclKind kind, KeyHandle key, AclOwnerPrototype &owner, - CssmAllocator &alloc) -{ - AclOwnerPrototype *proto, *protoBase; - mach_msg_type_number_t protoLength; - IPC(ucsp_client_getOwner(UCSP_ARGS, kind, key, COPY_OUT(proto))); - // turn the returned AclOwnerPrototype into its proper output form - relocate(proto, protoBase); - owner.TypedSubject = chunkCopy(proto->subject(), alloc); - owner.Delegate = proto->delegate(); -} - -void ClientSession::changeOwner(AclKind kind, KeyHandle key, - const AccessCredentials &cred, const AclOwnerPrototype &proto) -{ - Copier creds(&cred, internalAllocator); - Copier protos(&proto, internalAllocator); - IPCKEY(ucsp_client_setOwner(UCSP_ARGS, kind, key, COPY(creds), COPY(protos)), - key, CSSM_ACL_AUTHORIZATION_CHANGE_OWNER); -} - - -void ClientSession::getKeyAcl(DbHandle db, const char *tag, - uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc) -{ getAcl(keyAcl, db, tag, count, info, alloc); } - -void ClientSession::changeKeyAcl(DbHandle db, const AccessCredentials &cred, - const AclEdit &edit) -{ changeAcl(keyAcl, db, cred, edit); } - -void ClientSession::getKeyOwner(DbHandle db, AclOwnerPrototype &owner, CssmAllocator &alloc) -{ getOwner(keyAcl, db, owner, alloc); } - -void ClientSession::changeKeyOwner(DbHandle db, const AccessCredentials &cred, - const AclOwnerPrototype &edit) -{ changeOwner(keyAcl, db, cred, edit); } - -void ClientSession::getDbAcl(DbHandle db, const char *tag, - uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc) -{ getAcl(dbAcl, db, tag, count, info, alloc); } - -void ClientSession::changeDbAcl(DbHandle db, const AccessCredentials &cred, - const AclEdit &edit) -{ changeAcl(dbAcl, db, cred, edit); } - -void ClientSession::getDbOwner(DbHandle db, AclOwnerPrototype &owner, CssmAllocator &alloc) -{ getOwner(dbAcl, db, owner, alloc); } - -void ClientSession::changeDbOwner(DbHandle db, const AccessCredentials &cred, - const AclOwnerPrototype &edit) -{ changeOwner(dbAcl, db, cred, edit); } - - -// -// Database key management -// -void ClientSession::extractMasterKey(DbHandle db, const Context &context, DbHandle sourceDb, - uint32 keyUsage, uint32 keyAttr, - const AccessCredentials *cred, const AclEntryInput *owner, - KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &alloc) -{ - SendContext ctx(context); - Copier creds(cred, internalAllocator); - Copier proto(&owner->proto(), internalAllocator); - IPC(ucsp_client_extractMasterKey(UCSP_ARGS, db, CONTEXT(ctx), sourceDb, - COPY(creds), COPY(proto), - keyUsage, keyAttr, &newKey, &newHeader)); -} - - -// -// Authorization subsystem entry -// -void ClientSession::authCreate(const AuthorizationItemSet *rights, - const AuthorizationItemSet *environment, AuthorizationFlags flags, - AuthorizationBlob &result) -{ - Copier rightSet(rights, internalAllocator); - Copier environ(environment, internalAllocator); - IPC(ucsp_client_authorizationCreate(UCSP_ARGS, - COPY(rightSet), flags, COPY(environ), &result)); -} - -void ClientSession::authRelease(const AuthorizationBlob &auth, - AuthorizationFlags flags) -{ - IPC(ucsp_client_authorizationRelease(UCSP_ARGS, auth, flags)); -} - -void ClientSession::authCopyRights(const AuthorizationBlob &auth, - const AuthorizationItemSet *rights, const AuthorizationItemSet *environment, - AuthorizationFlags flags, - AuthorizationItemSet **grantedRights) -{ - Copier rightSet(rights, internalAllocator); - Copier environ(environment, internalAllocator); - COPY_OUT_DECL(AuthorizationItemSet, result); - IPC(ucsp_client_authorizationCopyRights(UCSP_ARGS, auth, COPY(rightSet), - flags | (grantedRights ? 0 : kAuthorizationFlagNoData), - COPY(environ), COPY_OUT(result))); - VMGuard _(result, resultLength); - // return rights vector (only) if requested - if (grantedRights) { - relocate(result, resultBase); - *grantedRights = copy(result, returnAllocator); - } -} - -void ClientSession::authCopyInfo(const AuthorizationBlob &auth, - const char *tag, - AuthorizationItemSet * &info) -{ - COPY_OUT_DECL(AuthorizationItemSet, result); - if (tag == NULL) - tag = ""; - else if (tag[0] == '\0') - MacOSError::throwMe(errAuthorizationInvalidTag); - IPC(ucsp_client_authorizationCopyInfo(UCSP_ARGS, auth, tag, COPY_OUT(result))); - VMGuard _(result, resultLength); - relocate(result, resultBase); - info = copy(result, returnAllocator); -} - -void ClientSession::authExternalize(const AuthorizationBlob &auth, - AuthorizationExternalForm &extForm) -{ - IPC(ucsp_client_authorizationExternalize(UCSP_ARGS, auth, &extForm)); -} - -void ClientSession::authInternalize(const AuthorizationExternalForm &extForm, - AuthorizationBlob &auth) -{ - IPC(ucsp_client_authorizationInternalize(UCSP_ARGS, extForm, &auth)); -} - - -// -// Get session information (security session status) -// -void ClientSession::getSessionInfo(SecuritySessionId &sessionId, SessionAttributeBits &attrs) -{ - IPC(ucsp_client_getSessionInfo(UCSP_ARGS, &sessionId, &attrs)); -} - - -// -// Create a new session. -// -// Caveat: This discards all SecurityServer held state for this process, including -// authorizations, database handles, etc. If you are multi-threaded at this point, -// and other threads have talked to SecurityServer, they will leak a few resources -// (mach ports and the like). Nothing horrendous, unless you create masses of sessions -// that way (which we wouldn't exactly recommend for other reasons). -// -// Hacker's note: This engages in an interesting dance with SecurityServer's state tracking. -// If you don't know the choreography, don't change things here until talking to an expert. -// -// Yes, if the client had multiple threads each of which has talked to SecurityServer, -// the reply ports for all but the calling thread will leak. If that ever turns out to -// be a real problem, we can fix it by keeping a (locked) set of client replyPorts to ditch. -// Hardly worth it, though. This is a rare call. -// -void ClientSession::setupSession(SessionCreationFlags flags, SessionAttributeBits attrs) -{ - mGlobal().thread().replyPort.destroy(); // kill this thread's reply port - mGlobal.reset(); // kill existing cache (leak all other threads) - mSetupSession = true; // global flag to Global constructor - IPC(ucsp_client_setupSession(UCSP_ARGS, flags, attrs)); // reinitialize and call -} - - -// -// Notification subsystem -// -void ClientSession::requestNotification(Port receiver, Listener::Domain domain, Listener::EventMask events) -{ - IPC(ucsp_client_requestNotification(UCSP_ARGS, receiver, domain, events)); -} - -void ClientSession::stopNotification(Port port) -{ - IPC(ucsp_client_stopNotification(UCSP_ARGS, port.port())); -} - -void ClientSession::postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data) -{ - IPC(ucsp_client_postNotification(UCSP_ARGS, domain, event, DATA(data))); -} - -OSStatus ClientSession::dispatchNotification(const mach_msg_header_t *message, - ConsumeNotification *consumer, void *context) throw() -{ - struct Message { - mach_msg_header_t Head; - /* start of the kernel processed data */ - mach_msg_body_t msgh_body; - mach_msg_ool_descriptor_t data; - /* end of the kernel processed data */ - NDR_record_t NDR; - uint32 domain; - uint32 event; - mach_msg_type_number_t dataCnt; - uint32 sender; - } *msg = (Message *)message; - - OSStatus status; - try - { - status = consumer(msg->domain, msg->event, msg->data.address, msg->dataCnt, context); - } - catch (const CssmCommonError &err) { status = err.osStatus(); } - catch (const std::bad_alloc &) { status = memFullErr; } - catch (...) { status = internalComponentErr; } - - mig_deallocate((vm_offset_t) msg->data.address, msg->dataCnt); - msg->data.address = (vm_offset_t) 0; - msg->data.size = (mach_msg_size_t) 0; - - return status; -} - - -// -// authorizationdbGet/Set/Remove -// -void ClientSession::authorizationdbGet(const AuthorizationString rightname, CssmData &rightDefinition, CssmAllocator &alloc) -{ - DataOutput definition(rightDefinition, alloc); - IPC(ucsp_client_authorizationdbGet(UCSP_ARGS, rightname, DATA(definition))); -} - -void ClientSession::authorizationdbSet(const AuthorizationBlob &auth, const AuthorizationString rightname, uint32_t rightDefinitionLength, const void *rightDefinition) -{ - // @@@ DATA_IN in transition.cpp is not const void * - IPC(ucsp_client_authorizationdbSet(UCSP_ARGS, auth, rightname, const_cast(rightDefinition), rightDefinitionLength)); -} - -void ClientSession::authorizationdbRemove(const AuthorizationBlob &auth, const AuthorizationString rightname) -{ - IPC(ucsp_client_authorizationdbRemove(UCSP_ARGS, auth, rightname)); -} - - -// -// Miscellaneous administrative calls -// -void ClientSession::addCodeEquivalence(const CssmData &oldHash, const CssmData &newHash, - const char *name, bool forSystem /* = false */) -{ - IPC(ucsp_client_addCodeEquivalence(UCSP_ARGS, DATA(oldHash), DATA(newHash), - name, forSystem)); -} - -void ClientSession::removeCodeEquivalence(const CssmData &hash, const char *name, bool forSystem /* = false */) -{ - IPC(ucsp_client_removeCodeEquivalence(UCSP_ARGS, DATA(hash), name, forSystem)); -} - -void ClientSession::setAlternateSystemRoot(const char *path) -{ - IPC(ucsp_client_setAlternateSystemRoot(UCSP_ARGS, path)); -} - - -} // end namespace SecurityServer -} // end namespace Security diff --git a/SecurityServer/sstransit.h b/SecurityServer/sstransit.h deleted file mode 100644 index a036d6f0..00000000 --- a/SecurityServer/sstransit.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// sstransit - SecurityServer client library transition code. -// -// These are the functions that implement CssmClient methods in terms of -// MIG IPC client calls, plus their supporting machinery. -// -// WARNING! HERE BE DRAGONS! -// This code involves moderately arcane magic including (but not limited to) -// dancing macros paired off with self-maintaining stack objects. Don't take -// anything for granted! Be very afraid of ALL-CAPS names. Your best bet is -// probably to stick with the existing patterns. -// -#ifndef _H_SSTRANSIT -#define _H_SSTRANSIT - -#include "ssclient.h" -#include -#include -#include -#include "ucsp.h" - -namespace Security -{ - -// stock leading argument profile used by all calls -#define UCSP_ARGS mGlobal().serverPort, mGlobal().thread().replyPort, &rcode - -// IPC/IPCN wrap the actual Mach IPC call. IPC also activates the connection first -#define IPCN(statement) \ - { CSSM_RETURN rcode; check(statement); if (rcode != CSSM_OK) CssmError::throwMe(rcode); } -#define IPC(statement) { activate(); IPCN(statement); } -#define IPCKEY(statement, key, tag) \ -{ \ - activate(); \ - CSSM_RETURN rcode; \ - for (bool retried = false;; retried = true) \ - { \ - check(statement); \ - if (retried || rcode != CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT) \ - break; \ - addApplicationAclSubject(key, tag); \ - } \ - if (rcode != CSSM_OK) \ - CssmError::throwMe(rcode); \ -} - -// pass mandatory or optional CssmData arguments into an IPC call -#define DATA(arg) arg.data(), arg.length() -#define OPTIONALDATA(arg) (arg ? arg->data() : NULL), (arg ? arg->length() : 0) - -// pass structured arguments in/out of IPC calls. See "data walkers" for details -#define COPY(copy) copy, copy.length(), copy -#define COPY_OUT(copy) ©, ©##Length, ©##Base -#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length - - -// -// DataOutput manages an output CssmData argument. -// -class DataOutput { -public: - DataOutput(CssmData &arg, CssmAllocator &alloc) - : argument(arg), allocator(alloc) { mData = NULL; mLength = 0; } - ~DataOutput(); - - void **data() { return &mData; } - mach_msg_type_number_t *length() { return &mLength; } - - CssmData &argument; - CssmAllocator &allocator; - -private: - void *mData; - mach_msg_type_number_t mLength; -}; - - -// -// Bundle up an AccessCredentials meant for a database, parsing it for -// "special" samples that need extra evidence to be passed along. -// -class DatabaseAccessCredentials : public Copier { -public: - DatabaseAccessCredentials(const AccessCredentials *creds, CssmAllocator &alloc); - -private: - void mapKeySample(CSSM_CSP_HANDLE &cspHandle, CssmKey &key); -}; - - -// -// Bundle up a Context for IPC transmission -// -class SendContext { -public: - SendContext(const Context &ctx); - ~SendContext() { CssmAllocator::standard().free(attributes); } - - const Context &context; - CSSM_CONTEXT_ATTRIBUTE *attributes; - size_t attributeSize; -}; - -#define CONTEXT(ctx) ctx.context, ctx.attributes, ctx.attributes, ctx.attributeSize - -} // end namespace Security - -#endif //_H_SSTRANSIT diff --git a/SecurityServer/systemkeychain.cpp b/SecurityServer/systemkeychain.cpp deleted file mode 100644 index 37b1255a..00000000 --- a/SecurityServer/systemkeychain.cpp +++ /dev/null @@ -1,373 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// systemkeychain command - set up and manipulate system-unlocked keychains -// -#include -#include -#include -#include -#include -#include "ssblob.h" -#include - -using namespace SecurityServer; -using namespace CssmClient; -using namespace UnixPlusPlus; - - -static const char *unlockConfig = kSystemUnlockFile; - - -// -// Values set from command-line options -// -const char *systemKCName = kSystemKeychainDir kSystemKeychainName; -bool verbose = false; -bool createIfNeeded = false; -bool force = false; - - -// -// CSSM record attribute names -// -static const CSSM_DB_ATTRIBUTE_INFO dlInfoLabel = { - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"Label"}, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB -}; - - - -// -// Local functions -void usage(); -void createSystemKeychain(const char *kcName, const char *passphrase); -void extract(const char *srcName, const char *dstName); -void test(const char *kcName); - -void notice(const char *fmt, ...); -void fail(const char *fmt, ...); - -void masterKeyIndex(Db &db, CssmOwnedData &index); -void labelForMasterKey(Db &db, CssmOwnedData &data); -void deleteKey(Db &db, const CssmData &label); // delete key with this label - - -// -// Main program: parse options and dispatch, catching exceptions -// -int main (int argc, char * argv[]) -{ - enum Action { - showUsage, - setupSystem, - copyKey, - testUnlock - } action = showUsage; - - extern int optind; - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "cCfk:stv")) != -1) { - switch (arg) { - case 'c': - createIfNeeded = true; - break; - case 'C': - action = setupSystem; - break; - case 'f': - force = true; - break; - case 'k': - systemKCName = optarg; - break; - case 's': - action = copyKey; - break; - case 't': - action = testUnlock; - break; - case 'v': - verbose = true; - break; - default: - usage(); - } - } - try { - switch (action) { - case setupSystem: - if (optind < argc - 1) - usage(); - createSystemKeychain(systemKCName, argv[optind]); - break; - case copyKey: - if (optind == argc) - usage(); - do { - extract(argv[optind], systemKCName); - } while (argv[++optind]); - break; - case testUnlock: - test(systemKCName); - break; - default: - usage(); - } - exit(0); - } catch (const CssmError &error) { - cssmPerror(systemKCName, error.cssmError()); - exit(1); - } catch (const UnixError &error) { - fail("%s: %s", systemKCName, strerror(error.error)); - exit(1); - } catch (...) { - fail("Unexpected exception"); - exit(1); - } -} - - -// -// Partial usage message (some features aren't worth emphasizing...) -// -void usage() -{ - fprintf(stderr, "Usage: systemkeychain -S [passphrase] # (re)create system root keychain" - "\n\tsystemkeychain [-k destination-keychain] -s source-keychain ..." - "\n"); - exit(2); -} - - -// -// Create a keychain and set it up as the system-root secret -// -void createSystemKeychain(const char *kcName, const char *passphrase) -{ - // for the default path only, make sure the directory exists - if (!strcmp(kcName, kSystemKeychainDir kSystemKeychainName)) - ::mkdir(kSystemKeychainDir, 0755); - - CSP csp(gGuidAppleCSPDL); - DL dl(gGuidAppleCSPDL); - - // create the keychain, using appropriate credentials - Db db(dl, kcName); - CssmAllocator &alloc = db.allocator(); - AutoCredentials cred(alloc); // will leak, but we're quitting soon :-) - CSSM_CSP_HANDLE cspHandle = csp->handle(); - Key masterKey; - if (passphrase) { - // use this passphrase - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(StringData(passphrase))); - db->accessCredentials(&cred); - } else { - // generate a random key - notice("warning: this keychain cannot be unlocked with any passphrase"); - GenerateKey generate(csp, CSSM_ALGID_3DES_3KEY_EDE, 64 * 3); - masterKey = generate(KeySpec(CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE)); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_WORDID_SYMMETRIC_KEY), - new(alloc) ListElement(CssmData::wrap(cspHandle)), - new(alloc) ListElement(CssmData::wrap(static_cast(masterKey)))); - db->accessCredentials(&cred); - } - db->dbInfo(&KeychainCore::Schema::DBInfo); // Set the standard schema - try { - db->create(); - } catch (const CssmError &error) { - if (error.cssmError() == CSSMERR_DL_DATASTORE_ALREADY_EXISTS && force) { - notice("recreating %s", kcName); - unlink(kcName); - db->create(); - } else - throw; - } - chmod(db->name(), 0644); - - // extract the key into the CSPDL - DeriveKey derive(csp, CSSM_ALGID_KEYCHAIN_KEY, CSSM_ALGID_3DES_3KEY, 3 * 64); - CSSM_DL_DB_HANDLE dlDb = db->handle(); - CssmData dlDbData = CssmData::wrap(dlDb); - CssmKey refKey; - KeySpec spec(CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE); - derive(&dlDbData, spec, refKey); - - // now extract the raw keybits - CssmKey rawKey; - WrapKey wrap(csp, CSSM_ALGID_NONE); - wrap(refKey, rawKey); - - // form the evidence record - UnlockBlob blob; - blob.initialize(0); - CssmAutoData index(CssmAllocator::standard()); - masterKeyIndex(db, index); - memcpy(&blob.signature, index.data(), sizeof(blob.signature)); - memcpy(blob.masterKey, rawKey.data(), sizeof(blob.masterKey)); - - // write it out, forcibly overwriting an existing file - string tempFile(string(unlockConfig) + ","); - FileDesc blobFile(tempFile, O_WRONLY | O_CREAT | O_TRUNC, 0400); - if (blobFile.write(blob) != sizeof(blob)) { - unlink(tempFile.c_str()); - fail("unable to write %s", tempFile.c_str()); - } - blobFile.close(); - ::rename(tempFile.c_str(), unlockConfig); - - notice("%s installed as system keychain", kcName); -} - - -// -// Extract the master secret from a keychain and install it in another keychain for unlocking -// -void extract(const char *srcName, const char *dstName) -{ - CSP csp(gGuidAppleCSPDL); - DL dl(gGuidAppleCSPDL); - - // open source database - Db srcDb(dl, srcName); - - // open destination database - Db dstDb(dl, dstName); - try { - dstDb->open(); - } catch (const CssmError &err) { - if (err.cssmError() == CSSMERR_DL_DATASTORE_DOESNOT_EXIST && createIfNeeded) { - notice("creating %s", dstName); - dstDb->create(); - } else - throw; - } - - // extract master key and place into destination keychain - DeriveKey derive(csp, CSSM_ALGID_KEYCHAIN_KEY, CSSM_ALGID_3DES_3KEY, 3 * 64); - CSSM_DL_DB_HANDLE dstDlDb = dstDb->handle(); - derive.add(CSSM_ATTRIBUTE_DL_DB_HANDLE, dstDlDb); - CSSM_DL_DB_HANDLE srcDlDb = srcDb->handle(); - CssmData dlDbData = CssmData::wrap(srcDlDb); - CssmAutoData keyLabel(CssmAllocator::standard()); - labelForMasterKey(srcDb, keyLabel); - KeySpec spec(CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE, - keyLabel); - CssmKey masterKey; - try { - derive(&dlDbData, spec, masterKey); - } catch (const CssmError &error) { - if (error.cssmError() != CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA) - throw; - if (!force) - fail("existing key in %s not overwritten. Use -f to replace it.", dstDb->name()); - notice("replacing existing record in %s", dstDb->name()); - deleteKey(dstDb, keyLabel); - derive(&dlDbData, spec, masterKey); - } - notice("%s can now be unlocked with a key in %s", srcName, dstName); -} - - -// -// Run a simple test to see if the system-root keychain can auto-unlock. -// This isn't trying really hard to diagnose any problems; it's just a yay-or-nay check. -// -void test(const char *kcName) -{ - CSP csp(gGuidAppleCSPDL); - DL dl(gGuidAppleCSPDL); - - // lock, then unlock the keychain - Db db(dl, kcName); - printf("Testing system unlock of %s\n", kcName); - printf("(If you are prompted for a passphrase, cancel)\n"); - try { - db->lock(); - db->unlock(); - notice("System unlock is working"); - } catch (...) { - fail("System unlock is NOT working\n"); - } -} - - -// -// Utility functions -// -void masterKeyIndex(Db &db, CssmOwnedData &index) -{ - SecurityServer::ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - SecurityServer::DbHandle dbHandle; - db->passThrough(CSSM_APPLECSPDL_DB_GET_HANDLE, (const void *)NULL, &dbHandle); - ss.getDbSuggestedIndex(dbHandle, index.get()); -} - - -void labelForMasterKey(Db &db, CssmOwnedData &label) -{ - label = StringData("SYSKC**"); // 8 bytes exactly - CssmAutoData index(label.allocator); - masterKeyIndex(db, index); - label.append(index); -} - - -void deleteKey(Db &db, const CssmData &label) -{ - DbCursor search(db); - search->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - search->add(CSSM_DB_EQUAL, dlInfoLabel, label); - DbUniqueRecord id; - if (search->next(NULL, NULL, id)) - id->deleteRecord(); -} - - -// -// Message helpers -// -void notice(const char *fmt, ...) -{ - if (verbose) { - va_list args; - va_start(args, fmt); - vprintf(fmt, args); - putchar('\n'); - va_end(args); - } -} - -void fail(const char *fmt, ...) -{ - va_list args; - va_start(args, fmt); - vprintf(fmt, args); - putchar('\n'); - va_end(args); - exit(1); -} diff --git a/SecurityServer/tests/AZNTest.cpp b/SecurityServer/tests/AZNTest.cpp deleted file mode 100644 index a9c263bb..00000000 --- a/SecurityServer/tests/AZNTest.cpp +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * AZNTest.cpp - * SecurityServer - * - * Created by michael on Fri Oct 20 2000. - * Copyright (c) 2000 Apple Computer Inc. All rights reserved. - * - */ - -#include - -#include - -using namespace Authorization; - -static const AuthorizationItem gItems[] = -{ - {"login", 0, NULL, NULL}, - {"reboot", 0, NULL, NULL}, - {"shutdown", 0, NULL, NULL}, - {"mount", 0, NULL, NULL}, - {"login.reboot", 0, NULL, NULL}, - {"login.shutdown", 0, NULL, NULL}, - {"unmount", 0, NULL, NULL} -}; - -static const AuthorizationRights gRights = -{ - 7, - const_cast(gItems) -}; - -void -printRights(const RightSet &rightSet) -{ - for(RightSet::const_iterator it = rightSet.begin(); it != rightSet.end(); ++it) - { - printf("right: \"%s\"\n", it->rightName()); - } -} - -int -main(int argc, char **argv) -{ - Engine engine("/tmp/config.plist"); - - const RightSet inputRights(&gRights); - MutableRightSet outputRights; - printf("InputRights:\n"); - printRights(inputRights); - printf("Authorizing:\n"); - OSStatus result = engine.authorize(inputRights, NULL, - kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights | kAuthorizationFlagPartialRights, - NULL, NULL, &outputRights); - printf("Result: %ld\n", result); - printf("OutputRights:\n"); - printRights(outputRights); - return 0; -} diff --git a/SecurityServer/tests/auth.plist b/SecurityServer/tests/auth.plist deleted file mode 100644 index b9732dc9..00000000 --- a/SecurityServer/tests/auth.plist +++ /dev/null @@ -1,19 +0,0 @@ - - - - - debug. - - group - yes - shared - - timeout - 300 - - debug.allow - allow - debug.deny - deny - - diff --git a/SecurityServer/tests/exectest.cpp b/SecurityServer/tests/exectest.cpp deleted file mode 100644 index 4449f37a..00000000 --- a/SecurityServer/tests/exectest.cpp +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Exectest - privileged-execution test driver -// -#include -#include -#include - - -void doLoopback(int argc, char *argv[]); - - -int main(int argc, char **argv) -{ - const char *path = "/usr/bin/id"; - bool writeToPipe = false; - bool loopback = false; - - int arg; - extern char *optarg; - extern int optind; - while ((arg = getopt(argc, argv, "f:lLw")) != -1) { - switch (arg) { - case 'f': - path = optarg; - break; - case 'l': - loopback = true; - break; - case 'L': - doLoopback(argc, argv); - exit(0); - case 'w': - writeToPipe = true; - break; - case '?': - exit(2); - } - } - - AuthorizationItem right = { "system.privilege.admin", 0, NULL, 0 }; - AuthorizationRights rights = { 1, &right }; - - AuthorizationRef auth; - if (OSStatus error = AuthorizationCreate(&rights, NULL /*env*/, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights | - kAuthorizationFlagPreAuthorize, - &auth)) { - printf("create error %ld\n", error); - exit(1); - } - - if (loopback) { - path = argv[0]; - argv[--optind] = "-L"; // backing over existing array element - } - - FILE *f; - if (OSStatus error = AuthorizationExecuteWithPrivileges(auth, - path, 0, argv + optind, &f)) { - printf("exec error %ld\n", error); - exit(1); - } - printf("--- execute successful ---\n"); - if (writeToPipe) { - char buffer[1024]; - while (fgets(buffer, sizeof(buffer), stdin)) - fprintf(f, "%s", buffer); - } else { - char buffer[1024]; - while (fgets(buffer, sizeof(buffer), f)) - printf("%s", buffer); - } - printf("--- end of output ---\n"); - exit(0); -} - - -void doLoopback(int argc, char *argv[]) -{ - // general status - printf("Authorization Execution Loopback Test\n"); - printf("Invoked as"); - for (int n = 0; argv[n]; n++) - printf(" %s", argv[n]); - printf("\n"); - - // recover the authorization handle - AuthorizationRef auth; - if (OSStatus err = AuthorizationCopyPrivilegedReference(&auth, 0)) { - printf("Cannot recover AuthorizationRef: error=%ld\n", err); - exit(1); - } - - printf("AuthorizationRef recovered.\n"); -} diff --git a/SecurityServer/tests/testacls.cpp b/SecurityServer/tests/testacls.cpp deleted file mode 100644 index b5cb946e..00000000 --- a/SecurityServer/tests/testacls.cpp +++ /dev/null @@ -1,403 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// testacls - ACL-related test cases. -// -#include "testclient.h" -#include "testutils.h" -#include - -using namespace CodeSigning; - - -// -// ACL get/set tests -// -void acls() -{ - printf("* Basic ACL tests\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - // create key with initial ACL - StringData initialAclPassphrase("very secret"); - AclEntryPrototype initialAcl; - initialAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(initialAclPassphrase)); - AclEntryInput initialAclInput(initialAcl); - AclTester tester(ss, &initialAclInput); - - // get the owner and verify - AclOwnerPrototype owner; - ss.getKeyOwner(tester.keyRef, owner); - assert(owner.subject().type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(owner.subject().length() == 1); - - // get the acl entry and verify - { - uint32 count; - AclEntryInfo *acls; - ss.getKeyAcl(tester.keyRef, NULL/*tag*/, count, acls); - assert(count == 1); - const AclEntryInfo &acl1 = acls[0]; - const TypedList &subject1 = acl1.proto().subject(); - assert(subject1.type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(subject1.length() == 1); - } - - // try to use the key and see... - tester.testWrap(&nullCred, "ACCEPTING NULL CREDENTIAL"); - AutoCredentials cred(alloc); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(StringData("wrongo"))); - tester.testWrap(&cred, "ACCEPTING WRONG PASSWORD CREDENTIAL"); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(StringData("very secret"))); - tester.testWrap(&cred); - - // now *replace* the ACL entry with a new one... - { - detail("Changing ACL"); - uint32 count; - AclEntryInfo *infos; - ss.getKeyAcl(tester.keyRef, NULL, count, infos); - assert(count == 1); // one entry - - AclEntryPrototype newAcl; - TypedList subject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, - new(alloc) ListElement(2), new(alloc) ListElement(3)); - subject += new(alloc) ListElement(TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "check me!"))); - subject += new(alloc) ListElement(TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "once again!"))); - subject += new(alloc) ListElement(TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "hug me!"))); - newAcl.TypedSubject = subject; - AclEntryInput input(newAcl); - AclEdit edit(infos[0].handle(), input); - - try { - AutoCredentials nullCred(alloc); - ss.changeKeyAcl(tester.keyRef, nullCred, edit); - error("ALLOWED ACL EDIT WITHOUT CREDENTIALS"); - } catch (CssmCommonError &err) { - detail(err, "Acl Edit rejected properly"); - } - ss.changeKeyAcl(tester.keyRef, cred, edit); - detail("ACL changed OK"); - } - - // ... and see how the new one reacts - tester.testWrap(&nullCred, "ACCEPTING NULL CREDENTIALS NOW"); - tester.testWrap(&cred, "ACCEPTING OLD CREDENTIALS FOR NEW ACL"); - { - AutoCredentials cred(alloc); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "check me!")); - tester.testWrap(&cred, "ACCEPTING LEAF SAMPLE WITHOUT THRESHOLD FRAMEWORK"); - } - - // Threshold subjects - { - detail("Testing threshold ACLs"); - AutoCredentials cred(alloc); - TypedList &threshold = cred += TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD, - new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "wrongo!"))) - ); - tester.testWrap(&cred, "ACCEPTING ALL WRONG SAMPLES IN THRESHOLD"); - threshold += new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "hug me!"))); - tester.testWrap(&cred, "ACCEPTING TOO FEW THRESHOLD SAMPLES"); - threshold += new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "check me!"))); - tester.testWrap(&cred); - // stuff the ballot box - threshold += new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "and this!"))); - threshold += new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "and that!"))); - threshold += new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(alloc, "and more!"))); -#ifdef STRICT_THRESHOLD_SUBJECTS - tester.testWrap(&cred, "ACCEPTING OVER-STUFFED THRESHOLD"); -#else - tester.testWrap(&cred); -#endif //STRICT_THRESHOLD_SUBJECTS - } - - // comment ACLs and tags - { - detail("Adding Comment entry"); - - AclEntryPrototype newAcl; - TypedList subject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_COMMENT, - new(alloc) ListElement(TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, - new(alloc) ListElement(alloc, "Robby Ray!"))), - new(alloc) ListElement(666)); - newAcl.TypedSubject = subject; - strcpy(newAcl.EntryTag, "vamos"); - AclEntryInput input(newAcl); - AclEdit edit(input); - ss.changeKeyAcl(tester.keyRef, cred, edit); - detail("Entry added"); - - uint32 count; - AclEntryInfo *infos; - ss.getKeyAcl(tester.keyRef, "vamos", count, infos); - assert(count == 1); // one entry (with this tag) - const AclEntryInfo &acl = infos[0]; - const TypedList &read = acl.proto().subject(); - assert(read.type() == CSSM_ACL_SUBJECT_TYPE_COMMENT); - assert(read.length() == 3); - assert(read[2] == 666); - CssmList &sublist = read[1]; - assert(sublist[0] == CSSM_ACL_SUBJECT_TYPE_THRESHOLD); - assert(string(sublist[1]) == "Robby Ray!"); - - detail("Comment entry retrieved okay"); - } -} - - -// -// ACL authorization tests -// -void authAcls() -{ - printf("* ACL authorizations test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - // create key with initial ACL - CSSM_ACL_AUTHORIZATION_TAG wrapTag = CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR; - CSSM_ACL_AUTHORIZATION_TAG encryptTag = CSSM_ACL_AUTHORIZATION_ENCRYPT; - StringData initialAclPassphrase("very secret"); - StringData the2ndAclPassword("most secret"); - AclEntryPrototype initialAcl; - initialAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(initialAclPassphrase)); - initialAcl.authorization().NumberOfAuthTags = 1; - initialAcl.authorization().AuthTags = &wrapTag; - AclEntryInput initialAclInput(initialAcl); - AclTester tester(ss, &initialAclInput); - - // get the owner and verify - AclOwnerPrototype owner; - ss.getKeyOwner(tester.keyRef, owner); - assert(owner.subject().type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(owner.subject().length() == 1); - - // get the acl entry and verify - { - uint32 count; - AclEntryInfo *acls; - ss.getKeyAcl(tester.keyRef, NULL/*tag*/, count, acls); - assert(count == 1); - const AclEntryInfo &acl1 = acls[0]; - const TypedList &subject1 = acl1.proto().subject(); - assert(subject1.type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(subject1.length() == 1); - const AuthorizationGroup &auths = acl1.proto().authorization(); - assert(auths.count() == 1); - assert(auths[0] == CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR); - } - - // try to use the key and see... - tester.testWrap(&nullCred, "ACCEPTING NULL CREDENTIAL"); - AutoCredentials cred(alloc); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(StringData("wrongo"))); - tester.testWrap(&cred, "ACCEPTING WRONG PASSWORD CREDENTIAL"); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(initialAclPassphrase)); - tester.testWrap(&cred); - - tester.testEncrypt(&nullCred, "ACCEPTING NULL CREDENTIAL FOR UNAUTHORIZED OPERATION"); - tester.testEncrypt(&cred, "ACCEPTING GOOD CREDENTIAL FOR UNAUTHORIZED OPERATION"); - - // now *add* a new ACL entry for encryption - { - detail("Adding new ACL entry"); - - AclEntryPrototype newAcl; - newAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(the2ndAclPassword)); - newAcl.authorization().NumberOfAuthTags = 1; - newAcl.authorization().AuthTags = &encryptTag; - AclEntryInput newInput(newAcl); - AclEdit edit(newInput); - - try { - AutoCredentials nullCred(alloc); - ss.changeKeyAcl(tester.keyRef, nullCred, edit); - error("ALLOWED ACL EDIT WITHOUT CREDENTIALS"); - } catch (CssmCommonError &err) { - detail(err, "Acl Edit rejected properly"); - } - ss.changeKeyAcl(tester.keyRef, cred, edit); - detail("ACL changed OK"); - - // read it back and check - { - uint32 count; - AclEntryInfo *acls; - ss.getKeyAcl(tester.keyRef, NULL/*tag*/, count, acls); - assert(count == 2); - const AclEntryInfo &acl1 = acls[0]; - const TypedList &subject1 = acl1.proto().subject(); - assert(subject1.type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(subject1.length() == 1); - const AuthorizationGroup &auths1 = acl1.proto().authorization(); - assert(auths1.count() == 1); - assert(auths1[0] == CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR); - const AclEntryInfo &acl2 = acls[1]; - const TypedList &subject2 = acl2.proto().subject(); - assert(subject2.type() == CSSM_ACL_SUBJECT_TYPE_PASSWORD); - assert(subject2.length() == 1); - const AuthorizationGroup &auths2 = acl2.proto().authorization(); - assert(auths2.count() == 1); - assert(auths2[0] == CSSM_ACL_AUTHORIZATION_ENCRYPT); - } - } - - // ... and see how the new composite ACL behaves - AutoCredentials cred2(alloc); - cred2 += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(the2ndAclPassword)); - tester.testWrap(&nullCred, "ACCEPTING NULL CREDENTIALS FOR WRAPPING"); - tester.testEncrypt(&nullCred, "ACCEPTING NULL CREDENTIALS FOR ENCRYPTION"); - tester.testWrap(&cred); // "very secret" allows wrapping - tester.testEncrypt(&cred2); // "most secret" allows encrypting - tester.testWrap(&cred2, "ACCEPTING ENCRYPT CRED FOR WRAPPING"); - tester.testEncrypt(&cred, "ACCEPTING WRAP CRED FOR ENCRYPTING"); -} - - -// -// Keychain ACL subjects -// -void keychainAcls() -{ - printf("* Keychain (interactive) ACL test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - // create key with initial ACL - AclEntryPrototype initialAcl; - initialAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(alloc) ListElement(alloc, "Test Key")); - AclEntryInput initialAclInput(initialAcl); - AclTester tester(ss, &initialAclInput); - - // get the owner and verify - AclOwnerPrototype owner; - ss.getKeyOwner(tester.keyRef, owner); - assert(owner.subject().type() == CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT); - assert(owner.subject().length() == 2); - - // get the acl entry and verify - { - uint32 count; - AclEntryInfo *acls; - ss.getKeyAcl(tester.keyRef, NULL/*tag*/, count, acls); - assert(count == 1); - const AclEntryInfo &acl1 = acls[0]; - const TypedList &subject1 = acl1.proto().subject(); - assert(subject1.type() == CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT); - assert(subject1.length() == 2); - assert(static_cast(subject1[1]) == "Test Key"); - } - - // try to use the key and see... - tester.testWrap(NULL, "ACCEPTING NULL CREDENTIAL"); - AutoCredentials cred(alloc); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(StringData("Test Key"))); - tester.testWrap(&cred, "ACCEPTING PASSWORD CREDENTIAL"); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT); - tester.testWrap(&cred); - // once again, for allow-this-pid feature testing - tester.testWrap(&cred); -} - - -// -// Code-signing ACL subjects -// -void codeSigning() -{ - printf("* Code Signing ACL test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - // sign ourselves - OSXSigner signer; - OSXCode *main = OSXCode::main(); - Signature *mySignature = signer.sign(*main); - detail("Code signature for testclient obtained"); - - // make a variant signature that isn't right - Signature *badSignature; - { - char buffer[512]; - assert(mySignature->length() <= sizeof(buffer)); - memcpy(buffer, mySignature->data(), mySignature->length()); - memcpy(buffer, "xyz!", 4); // 1 in 2^32 this is right... - badSignature = signer.restore(mySignature->type(), buffer, mySignature->length()); - } - - // create key with good code signature ACL - AclEntryPrototype initialAcl; - initialAcl.subject() = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, - new(alloc) ListElement(mySignature->type()), - new(alloc) ListElement(alloc.alloc(*mySignature))); - AclEntryInput initialAclInput(initialAcl); - AclTester tester(ss, &initialAclInput); - - // get the owner and verify - AclOwnerPrototype owner; - ss.getKeyOwner(tester.keyRef, owner); - assert(owner.subject().type() == CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE); - assert(owner.subject().length() == 3); - - // we are us, so the SecurityServer should accept us - tester.testWrap(&nullCred); - - // now try this again with a *bad* signature... - AclEntryPrototype badAcl; - badAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, - new(alloc) ListElement(badSignature->type()), - new(alloc) ListElement(alloc.alloc(*badSignature))); - AclEntryInput badAclInput(badAcl); - AclTester badTester(ss, &badAclInput); - badTester.testWrap(&nullCred, "BAD CODE SIGNATURE ACCEPTED"); - - // make sure the optional comment field makes it back out intact - // (reusing original initialAcl structures) - StringData comment("Walla Walla Washington!\nAbra cadabra.\n\n"); - initialAcl.subject() += new(alloc) ListElement(alloc, comment); - AclEntryInput initialAclInputWithComment(initialAcl); - AclTester commentTester(ss, &initialAclInputWithComment); - ss.getKeyOwner(commentTester.keyRef, owner); - assert(owner.subject().type() == CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE); - assert(owner.subject().length() == 4); - assert(owner.subject()[3] == comment); - detail("Verified comment field intact"); -} diff --git a/SecurityServer/tests/testauth.cpp b/SecurityServer/tests/testauth.cpp deleted file mode 100644 index 5e96d314..00000000 --- a/SecurityServer/tests/testauth.cpp +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// testacls - ACL-related test cases. -// -#include "testclient.h" -#include "testutils.h" -#include - -using namespace CodeSigning; - - -// -// Authorization test. -// This tests the authorization API support. -// @@@ Incomplete and not satisfactory. -// -void authorizations() -{ - printf("* authorization test\n"); - ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - - // make a simple authorization query - AuthorizationBlob auth; - AuthorizationItem testingItem = { "debug.testing", 0, NULL, NULL }; - AuthorizationItem testingMoreItem = { "debug.testing.more", 0, NULL, NULL }; - AuthorizationItem denyItem = { "debug.deny", 0, NULL, NULL }; - AuthorizationItemSet request = { 1, &testingItem }; - ss.authCreate(&request, NULL/*environment*/, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights | - kAuthorizationFlagPartialRights, - auth); - detail("Initial authorization obtained"); - - // ask for rights from this authorization - { - AuthorizationItem moreItems[3] = { testingItem, denyItem, testingMoreItem }; - AuthorizationItemSet moreRequests = { 3, moreItems }; - AuthorizationItemSet *rightsVector; - ss.authCopyRights(auth, &moreRequests, NULL/*environment*/, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights | - kAuthorizationFlagPartialRights, - &rightsVector); - if (rightsVector->count != 2) - error("COPYRIGHTS RETURNED %d RIGHTS (EXPECTED 2)", int(rightsVector->count)); - // the output rights could be in either order -- be flexible - set rights; - rights.insert(rightsVector->items[0].name); - rights.insert(rightsVector->items[1].name); - assert(rights.find("debug.testing") != rights.end() && - rights.find("debug.testing.more") != rights.end()); - free(rightsVector); - detail("CopyRights okay"); - } - - // ask for the impossible - try { - AuthorizationBlob badAuth; - AuthorizationItem badItem = { "debug.deny", 0, NULL, NULL }; - AuthorizationItemSet badRequest = { 1, &badItem }; - ss.authCreate(&badRequest, NULL/*environment*/, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights, - auth); - error("AUTHORIZED debug.deny OPERATION"); - } catch (CssmCommonError &err) { - detail(err, "debug.deny authorization denied properly"); - } - - // externalize - AuthorizationExternalForm extForm; - ss.authExternalize(auth, extForm); - - // re-internalize - AuthorizationBlob auth2; - ss.authInternalize(extForm, auth2); - - // make sure it still works - { - AuthorizationItem moreItems[2] = { testingItem, denyItem }; - AuthorizationItemSet moreRequests = { 2, moreItems }; - AuthorizationItemSet *rightsVector; - ss.authCopyRights(auth2, &moreRequests, NULL/*environment*/, - kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagExtendRights | - kAuthorizationFlagPartialRights, - &rightsVector); - if (rightsVector->count != 1) - error("COPYRIGHTS RETURNED %d RIGHTS (EXPECTED 1)", int(rightsVector->count)); - assert(!strcmp(rightsVector->items[0].name, "debug.testing")); - free(rightsVector); - detail("Re-internalized authorization checks out okay"); - - // try it with no rights output (it's optional) - ss.authCopyRights(auth2, &moreRequests, NULL/*environment*/, - kAuthorizationFlagPartialRights, NULL); - detail("authCopyRights partial success OK (with no output)"); - - // but this will fail if we want ALL rights... - try { - ss.authCopyRights(auth2, &moreRequests, NULL/*environment*/, - kAuthorizationFlagDefaults, NULL); - error("authCopyRights succeeded with (only) partial success"); - } catch (CssmError &err) { - detail("authCopyRight failed for (only) partial success"); - } - } -} diff --git a/SecurityServer/tests/testblobs.cpp b/SecurityServer/tests/testblobs.cpp deleted file mode 100644 index 4aca73cd..00000000 --- a/SecurityServer/tests/testblobs.cpp +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// testacls - ACL-related test cases. -// -#include "testclient.h" -#include "testutils.h" - - -// -// Blob tests. -// Encodes and decodes Db and Key blobs and all that jazz. -// -void blobs() -{ - printf("* Database blob encryption test\n"); - ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - - DbTester db1(ss, "/tmp/one", NULL, 60, true); - DbTester db2(ss, "/tmp/two", NULL, 30, false); - - // encode db1, purge it, decode it again - CssmData dbBlob; - ss.encodeDb(db1, dbBlob); - DbHandle db1a = ss.decodeDb(db1.dbId, &nullCred, dbBlob); - ss.releaseDb(db1); - if (db1 == db1a) - detail("REUSED DB HANDLE ON DECODEDB (probably wrong)"); - DBParameters savedParams; - ss.getDbParameters(db1a, savedParams); - assert(savedParams.idleTimeout == db1.params.idleTimeout); - assert(savedParams.lockOnSleep == db1.params.lockOnSleep); - detail("Database encode/decode passed"); - - // make sure the old handle isn't valid anymore - try { - ss.getDbParameters(db1, savedParams); - printf("OLD DATABASE HANDLE NOT PURGED (possibly wrong)\n"); - } catch (const CssmCommonError &err) { - detail(err, "old DB handle rejected"); - } - - // open db1 a second time (so now there's two db handles for db1) - DbHandle db1b = ss.decodeDb(db1.dbId, &nullCred, dbBlob); - - // release both db1 handles and db2 - ss.releaseDb(db1a); - ss.releaseDb(db1b); - ss.releaseDb(db2); -} - - -// -// Database tests. -// Database locks/unlocks etc. -// -void databases() -{ - printf("* Database manipulation test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - AutoCredentials pwCred(alloc); - StringData passphrase("two"); - StringData badPassphrase("three"); - pwCred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(passphrase)); - pwCred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(badPassphrase)); - // pwCred = (NEW: two, OLD: three) - - DbTester db1(ss, "/tmp/one", NULL, 30, true); - DbTester db2(ss, "/tmp/two", &pwCred, 60, false); - // db2.passphrase = two - - // encode db1 and re-open it - CssmData dbBlob; - ss.encodeDb(db1, dbBlob); - DbHandle db1b = ss.decodeDb(db1.dbId, &nullCred, dbBlob); - if (db1b == db1.dbRef) - detail("REUSED DB HANDLE ON DECODEDB (probably wrong)"); - - // open db1 a third time (so now there's three db handles for db1) - DbHandle db1c = ss.decodeDb(db1.dbId, &nullCred, dbBlob); - - // lock them to get started - ss.lock(db1); - ss.lock(db2); - - // unlock it through user - prompt("unlock"); - ss.unlock(db1); - prompt(); - ss.unlock(db1b); // 2nd unlock should not prompt - ss.lock(db1c); // lock it again - prompt("unlock"); - ss.unlock(db1); // and that should prompt again - prompt(); - - // db2 has a passphrase lock credentials - it'll work without U/I - db2.unlock("wrong passphrase"); // pw=two, cred=three - AutoCredentials pwCred2(alloc); - pwCred2 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(passphrase)); - // pwCred2 = (OLD: two) - ss.authenticateDb(db2, CSSM_DB_ACCESS_WRITE, &pwCred2); // set it - db2.unlock(); - ss.lock(db2); - - // now change db2's passphrase - ss.lock(db2); - pwCred2 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(badPassphrase)); - // pwCred2 = (OLD: two, NEW: three) - db2.changePassphrase(&pwCred2); - // passphrase = three, cred = (OLD: two) - - // encode and re-decode to make sure new data is there - CssmData blob2; - ss.encodeDb(db2, blob2); - DbHandle db2a = ss.decodeDb(db2.dbId, &pwCred, blob2); - // db2a cred = (OLD: two, NEW: three) - - // now, the *old* cred won't work anymore - db2.unlock("old passphrase accepted"); - - // back to the old credentials, which *do* have the (old bad, now good) passphrase - ss.lock(db2a); - ss.unlock(db2a); - detail("New passphrase accepted"); - - // clear the credentials (this will prompt; cancel it) - ss.authenticateDb(db2, CSSM_DB_ACCESS_WRITE, NULL); - prompt("cancel"); - db2.unlock("null credential accepted"); - prompt(); - - // fell-swoop from-to change password operation - StringData newPassphrase("hollerith"); - AutoCredentials pwCred3(alloc); - pwCred3 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(newPassphrase)); - pwCred3 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(passphrase)); - db2.changePassphrase(&pwCred3, "accepting original (unchanged) passphrase"); - - AutoCredentials pwCred4(alloc); - pwCred4 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(newPassphrase)); - pwCred4 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(badPassphrase)); - db2.changePassphrase(&pwCred4); - - // final status check - AutoCredentials pwCred5(alloc); - pwCred5 += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(newPassphrase)); - ss.authenticateDb(db2, CSSM_DB_ACCESS_WRITE, &pwCred5); - db2.unlock(); - detail("Final passphrase change verified"); -} - - -// -// Key encryption tests. -// -void keyBlobs() -{ - printf("* Keyblob encryption test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - DLDbIdentifier dbId1(ssuid, "/tmp/one", NULL); - DBParameters initialParams1 = { 3600, false }; - - // create a new database - DbHandle db = ss.createDb(dbId1, NULL, NULL, initialParams1); - detail("Database created"); - - // establish an ACL for the key - StringData theAclPassword("Strenge Geheimsache"); - AclEntryPrototype initialAcl; - initialAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD, - new(alloc) ListElement(theAclPassword)); - AclEntryInput initialAclInput(initialAcl); - - AutoCredentials cred(alloc); - cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD, - new(alloc) ListElement(theAclPassword)); - - // generate a key - const CssmCryptoData seed(StringData("Farmers' day")); - FakeContext genContext(CSSM_ALGCLASS_KEYGEN, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY_LENGTH, 64), - &::Context::Attr(CSSM_ATTRIBUTE_SEED, seed), - NULL); - KeyHandle key; - CssmKey::Header header; - ss.generateKey(db, genContext, CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - /*cred*/NULL, &initialAclInput, key, header); - detail("Key generated"); - - // encrypt with the key - StringData clearText("Yet another boring cleartext sample string text sequence."); - StringData iv("Aardvark"); - CssmKey nullKey; memset(&nullKey, 0, sizeof(nullKey)); - FakeContext cryptoContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY, nullKey), - &::Context::Attr(CSSM_ATTRIBUTE_INIT_VECTOR, iv), - &::Context::Attr(CSSM_ATTRIBUTE_MODE, CSSM_ALGMODE_CBC_IV8), - &::Context::Attr(CSSM_ATTRIBUTE_PADDING, CSSM_PADDING_PKCS1), - &::Context::Attr(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, cred), - NULL); - CssmData cipherText; - ss.encrypt(cryptoContext, key, clearText, cipherText); - detail("Plaintext encrypted with original key"); - - // encode the key and release it - CssmData blob; - ss.encodeKey(key, blob); - ss.releaseKey(key); - detail("Key encoded and released"); - - // decode it again, re-introducing it - CssmKey::Header decodedHeader; - KeyHandle key2 = ss.decodeKey(db, blob, decodedHeader); - detail("Key decoded"); - - // decrypt with decoded key - CssmData recovered; - ss.decrypt(cryptoContext, key2, cipherText, recovered); - assert(recovered == clearText); - detail("Decoded key correctly decrypts ciphertext"); - - // check a few header fields - if (!memcmp(&header, &decodedHeader, sizeof(header))) { - detail("All header fields match"); - } else { - assert(header.algorithm() == decodedHeader.algorithm()); - assert(header.blobType() == decodedHeader.blobType()); - assert(header.blobFormat() == decodedHeader.blobFormat()); - assert(header.keyClass() == decodedHeader.keyClass()); - assert(header.attributes() == decodedHeader.attributes()); - assert(header.usage() == decodedHeader.usage()); - printf("Some header fields differ (probably okay)\n"); - } - - // make sure we need the credentials (destructive) - memset(&cred, 0, sizeof(cred)); - try { - ss.decrypt(cryptoContext, key2, cipherText, recovered); - error("RESTORED ACL FAILS TO RESTRICT"); - } catch (CssmError &err) { - detail(err, "Restored key restricts access properly"); - } -} diff --git a/SecurityServer/tests/testclient.cpp b/SecurityServer/tests/testclient.cpp deleted file mode 100644 index 4f000be1..00000000 --- a/SecurityServer/tests/testclient.cpp +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Tester - test driver for securityserver client side. -// -#include "testclient.h" -#include "testutils.h" -#include // getopt(3) -#include - - -// -// Global constants -// -const CssmData null; // zero pointer, zero length constant data -const AccessCredentials nullCred; // null credentials - -CSSM_GUID ssguid = { 1,2,3 }; -CssmSubserviceUid ssuid(ssguid); - - -// -// Local functions -// -static void usage(); -static void runtest(char type); - - -// -// Default test set -// -static char testCodes[] = ".cesaAbdkKt"; - - -// -// Main program -// -int main(int argc, char *argv[]) -{ - setbuf(stdout, NULL); - - long ranseq = 0; // random stress test count - long ranseed = 1; // random seed for it - - int arg; - while ((arg = getopt(argc, argv, "r:v")) != -1) { - switch (arg) { - case 'r': { - ranseq = atoi(optarg); - if (const char *colon = strchr(optarg, ':')) - ranseed = atoi(colon + 1); - else - ranseed = getpid() ^ time(NULL); - break; - } - case 'v': - verbose = true; - break; - default: - usage(); - } - } - if (optind < argc - 1) - usage(); - const char *sequence = argv[optind]; - if (sequence && !strcmp(sequence, "+")) - sequence = testCodes; - - if (ranseq) { // repeated random (stress test) sequence - if (!sequence) - sequence = testCodes; - printf("*** Random stress test: %ld iterations from <%s> with seed=%ld\n", - ranseq, sequence, ranseed); - srandom(ranseed); - int setSize = strlen(sequence); - for (long n = 0; n < ranseq; n++) { - char type = sequence[random() % setSize]; - printf("\n[%ld:%c]", n, type); - runtest(type); - } - printf("*** Random test sequence complete.\n"); - exit(0); - } else { // single-pass selected tests sequence - if (!sequence) - sequence = "."; // default to ping test - for (const char *s = sequence; *s; s++) - runtest(*s); - printf("*** Test sequence complete.\n"); - exit(0); - } -} - -void usage() -{ - fprintf(stderr, "Usage: SSTester [-r count[:seed]] [-v] [%s|.|+]\n", - testCodes); - exit(2); -} - - -// -// Run a single type test -// -void runtest(char type) -{ - try { - debug("SStest", "Start test <%c>", type); - switch (type) { - case '.': // default - integrity(); - break; - case '-': - adhoc(); - break; - case 'a': - acls(); - break; - case 'A': - authAcls(); - break; - case 'b': - blobs(); - break; - case 'c': - codeSigning(); - break; - case 'd': - databases(); - break; - case 'e': - desEncryption(); - break; - case 'k': - keychainAcls(); - break; - case 'K': - keyBlobs(); - break; - case 's': - signWithRSA(); - break; - case 't': - authorizations(); - break; - case 'T': - timeouts(); - break; - default: - error("Invalid test selection (%c)", type); - } - printf("** Test step complete.\n"); - debug("SStest", "End test <%c>", type); - } catch (CssmCommonError &err) { - error(err, "Unexpected exception"); - } catch (...) { - error("Unexpected system exception"); - } -} - - -// -// Basic integrity test. -// -void integrity() -{ - ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - - printf("* Generating random sample: "); - DataBuffer<11> sample; - ss.generateRandom(sample); - for (uint32 n = 0; n < sample.length(); n++) - printf("%.2x", ((unsigned char *)sample)[n]); - printf("\n"); -} - - -// -// Database timeouts -// @@@ Incomplete and not satisfactory -// -void timeouts() -{ - printf("* Database timeout locks test\n"); - CssmAllocator &alloc = CssmAllocator::standard(); - ClientSession ss(alloc, alloc); - - DLDbIdentifier dbId1(ssuid, "/tmp/one", NULL); - DLDbIdentifier dbId2(ssuid, "/tmp/two", NULL); - DBParameters initialParams1 = { 4, false }; // 4 seconds timeout - DBParameters initialParams2 = { 8, false }; // 8 seconds timeout - - // credential to set keychain passphrase - AutoCredentials pwCred(alloc); - StringData password("mumbojumbo"); - pwCred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(password)); - - DbHandle db1 = ss.createDb(dbId1, &pwCred, NULL, initialParams1); - DbHandle db2 = ss.createDb(dbId2, &pwCred, NULL, initialParams2); - detail("Databases created"); - - // generate a key - const CssmCryptoData seed(StringData("rain tonight")); - FakeContext genContext(CSSM_ALGCLASS_KEYGEN, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY_LENGTH, 64), - &::Context::Attr(CSSM_ATTRIBUTE_SEED, seed), - NULL); - KeyHandle key; - CssmKey::Header header; - ss.generateKey(db1, genContext, CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - /*cred*/NULL, NULL, key, header); - ss.generateKey(db2, genContext, CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - /*cred*/NULL, NULL, key, header); - detail("Keys generated and stored"); - - // credential to provide keychain passphrase - AutoCredentials pwCred2(alloc); - pwCred += TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(alloc) ListElement(password)); - - //@@@ incomplete - ss.releaseDb(db1); - ss.releaseDb(db2); -} - - -// -// Ad-hoc test area. -// Used for whatever is needed at the moment... -// -void adhoc() -{ - printf("* Ad-hoc test sequence (now what does it do *this* time?)\n"); - - Cssm cssm1; - Cssm cssm2; - cssm1->init(); - cssm2->init(); - - { - Module m1(gGuidAppleCSP, cssm1); - Module m2(gGuidAppleCSP, cssm2); - CSP r1(m1); - CSP r2(m2); - - Digest d1(r1, CSSM_ALGID_SHA1); - Digest d2(r2, CSSM_ALGID_SHA1); - - StringData foo("foo de doo da blech"); - DataBuffer<30> digest1, digest2; - d1.digest(foo, digest1); - d2.digest(foo, digest2); - if (digest1 == digest2) - detail("Digests verify"); - else - error("Digests mismatch"); - } - - cssm1->terminate(); - cssm2->terminate(); -} diff --git a/SecurityServer/tests/testclient.h b/SecurityServer/tests/testclient.h deleted file mode 100644 index 9346a41c..00000000 --- a/SecurityServer/tests/testclient.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Tester - test driver for securityserver client side. -// -#ifndef _H_TESTCLIENT -#define _H_TESTCLIENT - -#include "ssclient.h" -#include -#include -#include -#include -#include -#include - - -// -// Names from the SecurityServerSession class -// -using namespace SecurityServer; -using namespace CssmClient; - - -// -// Test drivers -// -void integrity(); -void signWithRSA(); -void desEncryption(); -void blobs(); -void keyBlobs(); -void databases(); -void timeouts(); -void acls(); -void authAcls(); -void codeSigning(); -void keychainAcls(); -void authorizations(); -void adhoc(); - - -// -// Global constants -// -extern const CssmData null; // zero pointer, zero length constant data -extern const AccessCredentials nullCred; // null credentials - -extern CSSM_GUID ssguid; // a fixed guid -extern CssmSubserviceUid ssuid; // a subservice-uid using this guid - - -#endif //_H_TESTCLIENT diff --git a/SecurityServer/tests/testcrypto.cpp b/SecurityServer/tests/testcrypto.cpp deleted file mode 100644 index bf8e6ac7..00000000 --- a/SecurityServer/tests/testcrypto.cpp +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Tester - test driver for securityserver client side. -// -#include "testclient.h" -#include "testutils.h" - - -// -// Simple run-through. -// This generates an RSA key, tests cleartext retrieval, signs a message, -// and veries it both ways. -// This is a basic integrity regression for the SecurityServer. -// -void signWithRSA() -{ - printf("* RSA key signing test\n"); - CSP csp(gGuidAppleCSP); - ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - StringData data("To sign or not to sign, is that the question?"); - - // set up dummy credentials - CssmKey dummyKey; memset(&dummyKey, 0, sizeof(dummyKey)); - CssmData nullData; - - // generate a key - detail("Asking for RSA key generation"); - KeyHandle publicKey, privateKey; - const CssmCryptoData seed(StringData("Seed ye well, my friend, and ye shall reap...")); - FakeContext genContext(CSSM_ALGCLASS_KEYGEN, CSSM_ALGID_RSA, - &::Context::Attr(CSSM_ATTRIBUTE_KEY_LENGTH, 512), - &::Context::Attr(CSSM_ATTRIBUTE_SEED, seed), - NULL); - CssmKey::Header pubHeader, privHeader; - ss.generateKey(noDb, genContext, - CSSM_KEYUSE_VERIFY, CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_DATA, - CSSM_KEYUSE_SIGN, CSSM_KEYATTR_SENSITIVE, - NULL/*cred*/, NULL/*owner*/, publicKey, pubHeader, privateKey, privHeader); - detail("Key pair generated"); - - // retrieve the public key - CssmKey cpk; - FakeContext wrapContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_NONE, 0); - ss.wrapKey(wrapContext, noKey, publicKey, &nullCred, NULL, cpk); - Key clearPublicKey(csp, cpk); - detail("Retrieved public key"); - - // make sure we can't retrieve the private key - CssmKey clearPrivateKey; - try { - ss.wrapKey(wrapContext, noKey, privateKey, NULL/*cred*/, NULL, clearPrivateKey); - error("SecurityServer ACTUALLY gave us the PRIVATE key bits!"); - } catch (CssmError &err) { - detail(err, "Private key retrieval properly rejected"); - } - - // sign a message - CssmData signature; - FakeContext signContext(CSSM_ALGCLASS_SIGNATURE, CSSM_ALGID_SHA1WithRSA, - &::Context::Attr(CSSM_ATTRIBUTE_KEY, dummyKey), - NULL); - ss.generateSignature(signContext, privateKey, data, signature); - detail("Signature generated by SecurityServer"); - - // verify the signature (local) - { - Verify verifier(csp, CSSM_ALGID_SHA1WithRSA); - verifier.key(clearPublicKey); - verifier.verify(data, signature); - detail("Signature verified locally"); - } - - // verify the signature (SS) - ss.verifySignature(signContext, publicKey, data, signature); - detail("Signature verified by SecurityServer"); - - // falsify the signature (SS) - DataBuffer<200> falseData; - memcpy(falseData.data(), data.data(), data.length()); - falseData.length(data.length()); - ((char *)falseData)[3] = '?'; // alter message - try { - ss.verifySignature(signContext, publicKey, falseData, signature); - error("Altered message incorrectly verifies"); - } catch (CssmError &err) { - if (err.cssmError() == CSSMERR_CSP_VERIFY_FAILED) - detail("Verify of altered message successfully failed"); - else - error(err, "Unexpected exception on verify failure test"); - } -} - - -// -// Encrypt with DES -// -void desEncryption() -{ - printf("* DES encryption test\n"); - ClientSession ss(CssmAllocator::standard(), CssmAllocator::standard()); - CSP csp(gGuidAppleCSP); - - StringData clearText("Insert witty quotation here."); - StringData iv("abcdefgh"); - - // make up a DES key - StringData keyBits(strdup("Wallaby!")); - CssmKey keyForm(keyBits); - keyForm.header().KeyClass = CSSM_KEYCLASS_SESSION_KEY; - keyForm.header().BlobType = CSSM_KEYBLOB_RAW; - keyForm.header().AlgorithmId = CSSM_ALGID_DES; - keyForm.header().Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - Key key(csp, keyForm); - - // encrypt locally - DataBuffer<200> localCipher; - Encrypt localCrypt(csp, CSSM_ALGID_DES); - localCrypt.mode(CSSM_ALGMODE_CBC_IV8); - localCrypt.padding(CSSM_PADDING_PKCS1); - localCrypt.initVector(iv); - localCrypt.key(key); - CssmData remData; - size_t localLen = localCrypt.encrypt(clearText, localCipher, remData); - if (remData) - error("LOCAL ENCRYPTION OVERFLOWED"); - localCipher.length(localLen); - detail("Locally encrypted %ld bytes", localLen); - - // wrap in the key - CssmData unwrappedData; - ResourceControlContext owner; - FakeContext unwrapContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_NONE, 0); - KeyHandle keyRef; - CssmKey::Header keyHeader; - ss.unwrapKey(noDb, unwrapContext, noKey, noKey, - key, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_DEFAULT, - NULL/*cred*/, NULL/*owner*/, unwrappedData, keyRef, keyHeader); - detail("Placed key into SecurityServer; handle=%lx", keyRef); - - // encrypt remotely and compare - const CssmKey &tKey = key; - FakeContext cryptoContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY, keyForm), - &::Context::Attr(CSSM_ATTRIBUTE_INIT_VECTOR, iv), - &::Context::Attr(CSSM_ATTRIBUTE_MODE, CSSM_ALGMODE_CBC_IV8), - &::Context::Attr(CSSM_ATTRIBUTE_PADDING, CSSM_PADDING_PKCS1), - NULL); - CssmData remoteCipher; - ss.encrypt(cryptoContext, keyRef, clearText, remoteCipher); - detail("Plaintext encrypted on SecurityServer"); - if (remoteCipher == localCipher) - detail("Ciphertexts verified"); - else - error("CIPHERTEXTS DIFFER"); - - // decrypt in SecurityServer - DataBuffer<200> clearRecovered; - ss.decrypt(cryptoContext, keyRef, localCipher, clearRecovered); - detail("Decrypted ciphertext in SecurityServer"); - if (clearRecovered == clearText) - detail("Plaintext recovered"); - else - error("PLAINTEXT MISMATCH"); -} - diff --git a/SecurityServer/tests/testutils.cpp b/SecurityServer/tests/testutils.cpp deleted file mode 100644 index 0f741214..00000000 --- a/SecurityServer/tests/testutils.cpp +++ /dev/null @@ -1,240 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// testutils - utilities for unit test drivers -// -#include "testutils.h" - -using namespace CssmClient; - -bool verbose = false; - - -// -// Error and diagnostic drivers -// -void error(const char *msg = NULL, ...) -{ - if (msg) { - va_list args; - va_start(args, msg); - vfprintf(stderr, msg, args); - va_end(args); - putc('\n', stderr); - } - abort(); -} - -void error(const CssmCommonError &err, const char *msg = NULL, ...) -{ - if (msg) { - va_list args; - va_start(args, msg); - vfprintf(stderr, msg, args); - va_end(args); - fprintf(stderr, ": %s", cssmErrorString(err.cssmError()).c_str()); - putc('\n', stderr); - } - abort(); -} - -void detail(const char *msg = NULL, ...) -{ - if (verbose) { - va_list args; - va_start(args, msg); - vfprintf(stdout, msg, args); - va_end(args); - putc('\n', stdout); - } -} - -void detail(const CssmCommonError &err, const char *msg) -{ - if (verbose) - printf("%s (ok): %s\n", msg, cssmErrorString(err).c_str()); -} - -void prompt(const char *msg) -{ - if (isatty(fileno(stdin))) - printf("[%s]", msg); -} - -void prompt() -{ - if (isatty(fileno(stdin))) - printf(" OK\n"); -} - - -// -// FakeContext management -// -FakeContext::FakeContext(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS alg, uint32 count) -: Context(type, alg) -{ - NumberOfAttributes = count; - ContextAttributes = new Attr[count]; -} - - -FakeContext::FakeContext(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS alg, ...) -: Context(type, alg) -{ - // count arguments - va_list args; - va_start(args, alg); - uint32 count = 0; - while (va_arg(args, Attr *)) - count++; - va_end(args); - - // make vector - NumberOfAttributes = count; - ContextAttributes = new Attr[count]; - - // stuff vector - va_start(args, alg); - for (uint32 n = 0; n < count; n++) - (*this)[n] = *va_arg(args, Attr *); - va_end(args); -} - - -// -// ACL test driver class -// -AclTester::AclTester(ClientSession &ss, const AclEntryInput *acl) : session(ss) -{ - // make up a DES key - StringData keyBits("Tweedle!"); - CssmKey key(keyBits); - key.header().KeyClass = CSSM_KEYCLASS_SESSION_KEY; - - // wrap in the key - CssmData unwrappedData; - FakeContext unwrapContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_NONE, 0); - CssmKey::Header keyHeader; - ss.unwrapKey(noDb, unwrapContext, noKey, noKey, - key, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_EXTRACTABLE, - NULL /*cred*/, acl, - unwrappedData, keyRef, keyHeader); - detail("Key seeded with ACL"); -} - - -void AclTester::testWrap(const AccessCredentials *cred, const char *howWrong) -{ - FakeContext wrapContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_NONE, 0); - CssmWrappedKey wrappedKey; - try { - session.wrapKey(wrapContext, noKey, keyRef, - cred, NULL /*descriptive*/, wrappedKey); - if (howWrong) { - error("WRAP MISTAKENLY SUCCEEDED: %s", howWrong); - } - detail("extract OK"); - } catch (const CssmCommonError &err) { - if (!howWrong) - error(err, "FAILED TO EXTRACT KEY"); - detail(err, "extract failed OK"); - } -} - -void AclTester::testEncrypt(const AccessCredentials *cred, const char *howWrong) -{ - CssmKey keyForm; memset(&keyForm, 0, sizeof(keyForm)); - StringData iv("Aardvark"); - StringData clearText("blah"); - CssmData remoteCipher; - try { - if (cred) { - FakeContext cryptoContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY, keyForm), - &::Context::Attr(CSSM_ATTRIBUTE_INIT_VECTOR, iv), - &::Context::Attr(CSSM_ATTRIBUTE_MODE, CSSM_ALGMODE_CBC_IV8), - &::Context::Attr(CSSM_ATTRIBUTE_PADDING, CSSM_PADDING_PKCS1), - &::Context::Attr(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, *cred), - NULL); - session.encrypt(cryptoContext, keyRef, clearText, remoteCipher); - } else { - FakeContext cryptoContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_DES, - &::Context::Attr(CSSM_ATTRIBUTE_KEY, keyForm), - &::Context::Attr(CSSM_ATTRIBUTE_INIT_VECTOR, iv), - &::Context::Attr(CSSM_ATTRIBUTE_MODE, CSSM_ALGMODE_CBC_IV8), - &::Context::Attr(CSSM_ATTRIBUTE_PADDING, CSSM_PADDING_PKCS1), - NULL); - session.encrypt(cryptoContext, keyRef, clearText, remoteCipher); - } - if (howWrong) { - error("ENCRYPT MISTAKENLY SUCCEEDED: %s", howWrong); - } - detail("encrypt OK"); - } catch (CssmCommonError &err) { - if (!howWrong) - error(err, "FAILED TO ENCRYPT"); - detail(err, "encrypt failed"); - } -} - - -// -// Database test driver class -// -DbTester::DbTester(ClientSession &ss, const char *path, - const AccessCredentials *cred, int timeout, bool sleepLock) -: session(ss), dbId(ssuid, path, NULL) -{ - params.idleTimeout = timeout; - params.lockOnSleep = sleepLock; - dbRef = ss.createDb(dbId, cred, NULL, params); - detail("Database %s created", path); -} - - -void DbTester::unlock(const char *howWrong) -{ - session.lock(dbRef); - try { - session.unlock(dbRef); - if (howWrong) - error("DATABASE MISTAKENLY UNLOCKED: %s", howWrong); - } catch (CssmError &err) { - if (!howWrong) - error(err, howWrong); - detail(err, howWrong); - } -} - -void DbTester::changePassphrase(const AccessCredentials *cred, const char *howWrong) -{ - session.lock(dbRef); - try { - session.changePassphrase(dbRef, cred); - if (howWrong) - error("PASSPHRASE CHANGE MISTAKENLY SUCCEEDED: %s", howWrong); - } catch (CssmError &err) { - if (!howWrong) - error(err, howWrong); - detail(err, howWrong); - } -} diff --git a/SecurityServer/tests/testutils.h b/SecurityServer/tests/testutils.h deleted file mode 100644 index 7f35ae7e..00000000 --- a/SecurityServer/tests/testutils.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// testutils - utilities for unit test drivers -// -#ifndef _H_TESTUTILS -#define _H_TESTUTILS - -#include "testclient.h" - - -// -// Global test state -// -extern bool verbose; - - -// -// Error and diagnostic drivers -// -void error(const char *fmt, ...) __attribute__((format(printf,1,2))); -void error(const CssmCommonError &error, const char *fmt, ...) __attribute__((format(printf,2,3))); -void detail(const char *fmt, ...) __attribute__((format(printf,1,2))); -void detail(const CssmCommonError &error, const char *msg); -void prompt(const char *msg); -void prompt(); - - -// -// A self-building "fake" context. -// (Fake in that it was hand-made without involvement of CSSM.) -// -class FakeContext : public ::Context { -public: - FakeContext(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS alg, uint32 count); - FakeContext(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS alg, ...); -}; - - -// -// A test driver class for ACL tests -// -class AclTester { -public: - AclTester(ClientSession &ss, const AclEntryInput *acl); - - void testWrap(const AccessCredentials *cred, const char *howWrong = NULL); - void testEncrypt(const AccessCredentials *cred, const char *howWrong = NULL); - - ClientSession &session; - KeyHandle keyRef; -}; - - -// -// A test driver class for database tests -// -class DbTester { -public: - DbTester(ClientSession &ss, const char *path, - const AccessCredentials *cred, int timeout = 30, bool sleepLock = true); - - operator DbHandle () const { return dbRef; } - void unlock(const char *howWrong = NULL); - void changePassphrase(const AccessCredentials *cred, const char *howWrong = NULL); - - ClientSession &session; - DBParameters params; - DLDbIdentifier dbId; - DbHandle dbRef; -}; - - -#endif //_H_TESTUTILS diff --git a/SecurityServer/transition.cpp b/SecurityServer/transition.cpp deleted file mode 100644 index 7f7073cd..00000000 --- a/SecurityServer/transition.cpp +++ /dev/null @@ -1,853 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// transition - SecurityServer IPC-to-class-methods transition layer -// -#include "server.h" -#include "ucsp.h" -#include "session.h" -#include "xdatabase.h" -#include "transwalkers.h" -#include - -#include -#include - -// -// Bracket Macros -// -#define UCSP_ARGS mach_port_t servicePort, mach_port_t replyPort, audit_token_t auditToken, \ - CSSM_RETURN *rcode -#define CONTEXT_ARGS Context context, Pointer contextBase, Context::Attr *attributes, mach_msg_type_number_t attrSize - -#define BEGIN_IPCN *rcode = CSSM_OK; try { -#define BEGIN_IPC BEGIN_IPCN Connection &connection __attribute__((unused)) = Server::connection(replyPort); -#define END_IPC(base) END_IPCN(base) Server::requestComplete(); return KERN_SUCCESS; -#define END_IPCN(base) } \ - catch (const CssmCommonError &err) { *rcode = err.cssmError(CSSM_ ## base ## _BASE_ERROR); } \ - catch (const std::bad_alloc &) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \ - catch (Connection *conn) { *rcode = 0; } \ - catch (...) { *rcode = CssmError::merge(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); } - -#define DATA_IN(base) void *base, mach_msg_type_number_t base##Length -#define DATA_OUT(base) void **base, mach_msg_type_number_t *base##Length -#define DATA(base) CssmData(base, base##Length) - -#define COPY_IN(type,name) type *name, mach_msg_type_number_t name##Length, type *name##Base -#define COPY_OUT(type,name) \ - type **name, mach_msg_type_number_t *name##Length, type **name##Base - - -using LowLevelMemoryUtilities::increment; -using LowLevelMemoryUtilities::difference; - - -// -// An OutputData object will take memory allocated within the SecurityServer, -// hand it to the MIG return-output parameters, and schedule it to be released -// after the MIG reply has been sent. It will also get rid of it in case of -// error. -// -class OutputData : public CssmData { -public: - OutputData(void **outP, mach_msg_type_number_t *outLength) - : mData(*outP), mLength(*outLength) { } - ~OutputData() - { mData = data(); mLength = length(); Server::releaseWhenDone(mData); } - - void operator = (const CssmData &source) - { CssmData::operator = (source); } - -private: - void * &mData; - mach_msg_type_number_t &mLength; -}; - - -// -// Setup/Teardown functions. -// -kern_return_t ucsp_server_setup(UCSP_ARGS, mach_port_t taskPort, ClientSetupInfo info, const char *identity) -{ - BEGIN_IPCN - Server::active().setupConnection(Server::connectNewProcess, servicePort, replyPort, - taskPort, auditToken, &info, identity); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - -kern_return_t ucsp_server_setupNew(UCSP_ARGS, mach_port_t taskPort, - ClientSetupInfo info, const char *identity, - mach_port_t *newServicePort) -{ - BEGIN_IPCN - try { - Session *session = new DynamicSession(TaskPort(taskPort).bootstrap()); - Server::active().setupConnection(Server::connectNewSession, session->servicePort(), replyPort, - taskPort, auditToken, &info, identity); - *newServicePort = session->servicePort(); - } catch (const MachPlusPlus::Error &err) { - switch (err.error) { - case BOOTSTRAP_SERVICE_ACTIVE: - MacOSError::throwMe(errSessionAuthorizationDenied); // translate - default: - throw; - } - } - END_IPCN(CSSM) - return KERN_SUCCESS; -} - -kern_return_t ucsp_server_setupThread(UCSP_ARGS, mach_port_t taskPort) -{ - BEGIN_IPCN - Server::active().setupConnection(Server::connectNewThread, servicePort, replyPort, - taskPort, auditToken); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - - -kern_return_t ucsp_server_teardown(UCSP_ARGS) -{ - BEGIN_IPCN - Server::active().endConnection(replyPort); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - - -// -// Database management -// -kern_return_t ucsp_server_createDb(UCSP_ARGS, DbHandle *db, - COPY_IN(DLDbFlatIdentifier, ident), - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - DBParameters params) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - relocate(ident, identBase, identLength); - *db = (new Database(*ident, params, connection.process, cred, owner))->handle(); - END_IPC(DL) -} - -kern_return_t ucsp_server_decodeDb(UCSP_ARGS, DbHandle *db, - COPY_IN(DLDbFlatIdentifier, ident), COPY_IN(AccessCredentials, cred), DATA_IN(blob)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(ident, identBase, identLength); - *db = (new Database(*ident, DATA(blob).interpretedAs(), - connection.process, cred))->handle(); - END_IPC(DL) -} - -kern_return_t ucsp_server_encodeDb(UCSP_ARGS, DbHandle db, DATA_OUT(blob)) -{ - BEGIN_IPC - DbBlob *dbBlob = Server::database(db).blob(); // memory owned by database - *blob = dbBlob; - *blobLength = dbBlob->length(); - END_IPC(DL) -} - -kern_return_t ucsp_server_releaseDb(UCSP_ARGS, DbHandle db) -{ - BEGIN_IPC - delete &Server::database(db); - END_IPC(DL) -} - -kern_return_t ucsp_server_getDbIndex(UCSP_ARGS, DbHandle db, DATA_OUT(index)) -{ - BEGIN_IPC - OutputData indexData(index, indexLength); - Server::database(db).getDbIndex(indexData); - END_IPC(DL) -} - -kern_return_t ucsp_server_authenticateDb(UCSP_ARGS, DbHandle db, - COPY_IN(AccessCredentials, cred)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - Server::database(db).authenticate(cred); - END_IPC(DL) -} - -kern_return_t ucsp_server_setDbParameters(UCSP_ARGS, DbHandle db, DBParameters params) -{ - BEGIN_IPC - Server::database(db).setParameters(params); - END_IPC(DL) -} - -kern_return_t ucsp_server_getDbParameters(UCSP_ARGS, DbHandle db, DBParameters *params) -{ - BEGIN_IPC - Server::database(db).getParameters(*params); - END_IPC(DL) -} - -kern_return_t ucsp_server_changePassphrase(UCSP_ARGS, DbHandle db, - COPY_IN(AccessCredentials, cred)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - Server::database(db).changePassphrase(cred); - END_IPC(DL) -} - -kern_return_t ucsp_server_lockDb(UCSP_ARGS, DbHandle db) -{ - BEGIN_IPC - Server::database(db).lock(); - END_IPC(DL) -} - -kern_return_t ucsp_server_lockAll (UCSP_ARGS, boolean_t forSleep) -{ - BEGIN_IPC - Database::lockAllDatabases(connection.process.session.databases(), forSleep); - END_IPC(DL) -} - -kern_return_t ucsp_server_unlockDb(UCSP_ARGS, DbHandle db) -{ - BEGIN_IPC - Server::database(db).unlock(); - END_IPC(DL) -} - -kern_return_t ucsp_server_unlockDbWithPassphrase(UCSP_ARGS, DbHandle db, DATA_IN(passphrase)) -{ - BEGIN_IPC - Server::database(db).unlock(DATA(passphrase)); - END_IPC(DL) -} - -kern_return_t ucsp_server_isLocked(UCSP_ARGS, DbHandle db, boolean_t *locked) -{ - BEGIN_IPC - *locked = Server::database(db).isLocked(); - END_IPC(DL) -} - - -// -// Key management -// -kern_return_t ucsp_server_encodeKey(UCSP_ARGS, KeyHandle keyh, DATA_OUT(blob), - boolean_t wantUid, DATA_OUT(uid)) -{ - BEGIN_IPC - Key &key = Server::key(keyh); - KeyBlob *keyBlob = key.blob(); // still owned by key - *blob = keyBlob; - *blobLength = keyBlob->length(); - if (wantUid) { - *uid = &key.uid(); - *uidLength = sizeof(KeyUID); - } else { - *uidLength = 0; // do not return this - } - END_IPC(CSP) -} - -kern_return_t ucsp_server_decodeKey(UCSP_ARGS, KeyHandle *keyh, CssmKey::Header *header, - DbHandle db, DATA_IN(blob)) -{ - BEGIN_IPC - Key &key = *new Key(Server::database(db), DATA(blob).interpretedAs()); - key.returnKey(*keyh, *header); - flip(*header); - END_IPC(CSP) -} - -kern_return_t ucsp_server_releaseKey(UCSP_ARGS, KeyHandle key) -{ - BEGIN_IPC - connection.releaseKey(key); - END_IPC(CSP) -} - -kern_return_t ucsp_server_queryKeySizeInBits(UCSP_ARGS, KeyHandle key, CSSM_KEY_SIZE *length) -{ - BEGIN_IPC - *length = connection.queryKeySize(Server::key(key)); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getOutputSize(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - uint32 inputSize, boolean_t encrypt, uint32 *outputSize) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - *outputSize = connection.getOutputSize(context, Server::key(key), inputSize, encrypt); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getKeyDigest(UCSP_ARGS, KeyHandle key, DATA_OUT(digest)) -{ - BEGIN_IPC - CssmData digestData = Server::key(key).canonicalDigest(); - *digest = digestData.data(); - *digestLength = digestData.length(); - END_IPC(CSP) -} - -// -// RNG interface -// -kern_return_t ucsp_server_generateRandom(UCSP_ARGS, uint32 bytes, DATA_OUT(data)) -{ - BEGIN_IPC - CssmAllocator &allocator = CssmAllocator::standard(CssmAllocator::sensitive); - void *buffer = allocator.malloc(bytes); - Server::active().random(buffer, bytes); - *data = buffer; - *dataLength = bytes; - Server::releaseWhenDone(allocator, buffer); - END_IPC(CSP) -} - - -// -// Signatures and MACs -// -kern_return_t ucsp_server_generateSignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - OutputData sigData(signature, signatureLength); - connection.generateSignature(context, Server::key(key), signOnlyAlgorithm, - DATA(data), sigData); - END_IPC(CSP) -} - -kern_return_t ucsp_server_verifySignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - connection.verifySignature(context, Server::key(key), verifyOnlyAlgorithm, - DATA(data), DATA(signature)); - END_IPC(CSP) -} - -kern_return_t ucsp_server_generateMac(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - DATA_IN(data), DATA_OUT(mac)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - OutputData macData(mac, macLength); - connection.generateMac(context, Server::key(key), - DATA(data), macData); - END_IPC(CSP) -} - -kern_return_t ucsp_server_verifyMac(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - DATA_IN(data), DATA_IN(mac)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - connection.verifyMac(context, Server::key(key), DATA(data), DATA(mac)); - END_IPC(CSP) -} - - -// -// Encryption/Decryption -// -kern_return_t ucsp_server_encrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - DATA_IN(clear), DATA_OUT(cipher)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - OutputData cipherOut(cipher, cipherLength); - connection.encrypt(context, Server::key(key), - DATA(clear), cipherOut); - END_IPC(CSP) -} - -kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - DATA_IN(cipher), DATA_OUT(clear)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - OutputData clearOut(clear, clearLength); - connection.decrypt(context, Server::key(key), - DATA(cipher), clearOut); - END_IPC(CSP) -} - - -// -// Key generation -// -kern_return_t ucsp_server_generateKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - Key *key; - connection.generateKey(Server::optionalDatabase(db), - context, cred, owner, usage, attrs, key); - key->returnKey(*newKey, *newHeader); - flip(*newHeader); - END_IPC(CSP) -} - -kern_return_t ucsp_server_generateKeyPair(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs, - KeyHandle *pubKey, CssmKey::Header *pubHeader, KeyHandle *privKey, CssmKey::Header *privHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - Key *pub, *priv; - connection.generateKey(Server::optionalDatabase(db), - context, cred, owner, - pubUsage, pubAttrs, privUsage, privAttrs, pub, priv); - pub->returnKey(*pubKey, *pubHeader); - flip(*pubHeader); - priv->returnKey(*privKey, *privHeader); - flip(*privHeader); - END_IPC(CSP) -} - - -// -// Key derivation. -// This is a bit strained; the incoming 'param' value may have structure -// and needs to be handled on a per-algorithm basis, which means we have to -// know which key derivation algorithms we support for passing to our CSP(s). -// The default behavior is to handle "flat" data blobs, which is as good -// a default as we can manage. -// NOTE: The param-specific handling must be synchronized with the client library -// code (in sstransit.h). -// -kern_return_t ucsp_server_deriveKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, KeyHandle key, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - COPY_IN(void, paramInputData), DATA_OUT(paramOutput), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - - // munge together the incoming 'param' value according to algorithm - CssmData param; - switch (context.algorithm()) { - case CSSM_ALGID_PKCS5_PBKDF2: - relocate((CSSM_PKCS5_PBKDF2_PARAMS *)paramInputData, - (CSSM_PKCS5_PBKDF2_PARAMS *)paramInputDataBase, - paramInputDataLength); - param = CssmData(paramInputData, sizeof(CSSM_PKCS5_PBKDF2_PARAMS)); - break; - default: - param = CssmData(paramInputData, paramInputDataLength); - break; - } - Key &theKey = connection.deriveKey(Server::optionalDatabase(db), - context, Server::optionalKey(key), cred, owner, ¶m, usage, attrs); - theKey.returnKey(*newKey, *newHeader); - flip(*newHeader); - if (param.length()) { - if (!param) // CSP screwed up - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - if (paramInputDataLength) // using incoming buffer; make a copy - param = CssmAutoData(Server::csp().allocator(), param).release(); - OutputData(paramOutput, paramOutputLength) = param; // return the data - } - END_IPC(CSP) -} - - -// -// Key wrapping and unwrapping -// -kern_return_t ucsp_server_wrapKey(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key, - COPY_IN(AccessCredentials, cred), KeyHandle keyToBeWrapped, - DATA_IN(descriptiveData), CssmKey *wrappedKey, DATA_OUT(keyData)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - connection.wrapKey(context, Server::optionalKey(key), - Server::key(keyToBeWrapped), cred, DATA(descriptiveData), *wrappedKey); - // transmit key data back as a separate blob - *keyData = wrappedKey->data(); - *keyDataLength = wrappedKey->length(); - Server::releaseWhenDone(*keyData); - flip(*wrappedKey); - END_IPC(CSP) -} - -kern_return_t ucsp_server_unwrapKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, KeyHandle key, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - KeyHandle publicKey, CssmKey wrappedKey, DATA_IN(wrappedKeyData), - uint32 usage, uint32 attr, DATA_OUT(descriptiveData), - KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - flip(wrappedKey); - wrappedKey.KeyData = DATA(wrappedKeyData); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - CssmData descriptiveDatas; - Key &theKey = connection.unwrapKey(Server::optionalDatabase(db), - context, Server::optionalKey(key), cred, owner, usage, attr, wrappedKey, - Server::optionalKey(publicKey), &descriptiveDatas); - theKey.returnKey(*newKey, *newHeader); - flip(*newHeader); - *descriptiveData = descriptiveDatas.data(); - *descriptiveDataLength = descriptiveDatas.length(); - Server::releaseWhenDone(*descriptiveData); - END_IPC(CSP) -} - - -// -// ACL management. -// Watch out for the memory-management tap-dance. -// -kern_return_t ucsp_server_getOwner(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_OUT(AclOwnerPrototype, ownerOut)) -{ - BEGIN_IPC - AclOwnerPrototype owner; - Server::aclBearer(kind, key).cssmGetOwner(owner); // allocates memory in owner - Copier owners(&owner, CssmAllocator::standard()); // make flat copy - { ChunkFreeWalker free; walk(free, owner); } // release chunked original - *ownerOutLength = owners.length(); - flips(owners.value(), ownerOut, ownerOutBase); - Server::releaseWhenDone(owners.keep()); // throw flat copy out when done - END_IPC(CSP) -} - -kern_return_t ucsp_server_setOwner(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_IN(AccessCredentials, cred), COPY_IN(AclOwnerPrototype, owner)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - Server::aclBearer(kind, key).cssmChangeOwner(*owner, cred); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - boolean_t haveTag, const char *tag, - uint32 *countp, COPY_OUT(AclEntryInfo, acls)) -{ - BEGIN_IPC - uint32 count; - AclEntryInfo *aclList; - Server::aclBearer(kind, key).cssmGetAcl(haveTag ? tag : NULL, count, aclList); - *countp = count; - Copier aclsOut(AclEntryInfo::overlay(aclList), count); // make flat copy - - { // release the chunked memory originals - ChunkFreeWalker free; - for (uint32 n = 0; n < count; n++) - walk(free, aclList[n]); - - // release the memory allocated for the list itself when we are done - CssmAllocator::standard().free (aclList); - } - - // set result (note: this is *almost* flips(), but on an array) - *aclsLength = aclsOut.length(); - *acls = *aclsBase = aclsOut; - if (flipClient()) { - FlipWalker w; - for (uint32 n = 0; n < count; n++) - walk(w, (*acls)[n]); - w.doFlips(); - Flippers::flip(*aclsBase); - } - Server::releaseWhenDone(aclsOut.keep()); - END_IPC(CSP) -} - -kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle, - COPY_IN(AclEntryInput, acl)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(acl, aclBase, aclLength); - Server::aclBearer(kind, key).cssmChangeAcl(AclEdit(mode, handle, acl), cred); - END_IPC(CSP) -} - - -// -// Database key management. -// ExtractMasterKey looks vaguely like a key derivation operation, and is in fact -// presented by the CSPDL's CSSM layer as such. -// -kern_return_t ucsp_server_extractMasterKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, DbHandle sourceDb, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - context.postIPC(contextBase, attributes); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - Key *masterKey = Server::database(sourceDb).extractMasterKey(Server::optionalDatabase(db), - cred, owner, usage, attrs); - masterKey->returnKey(*newKey, *newHeader); - flip(*newHeader); - END_IPC(CSP) -} - - -// -// Authorization subsystem support -// -kern_return_t ucsp_server_authorizationCreate(UCSP_ARGS, - COPY_IN(AuthorizationItemSet, inRights), - uint32 flags, - COPY_IN(AuthorizationItemSet, inEnvironment), - AuthorizationBlob *authorization) -{ - BEGIN_IPC - relocate(inRights, inRightsBase, inRightsLength); - relocate(inEnvironment, inEnvironmentBase, inEnvironmentLength); - Authorization::AuthItemSet rights(inRights), environment(inEnvironment); - - *rcode = connection.process.session.authCreate(rights, environment, - flags, *authorization, auditToken); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationRelease(UCSP_ARGS, - AuthorizationBlob authorization, uint32 flags) -{ - BEGIN_IPC - connection.process.session.authFree(authorization, flags); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationCopyRights(UCSP_ARGS, - AuthorizationBlob authorization, - COPY_IN(AuthorizationItemSet, inRights), - uint32 flags, - COPY_IN(AuthorizationItemSet, inEnvironment), - COPY_OUT(AuthorizationItemSet, result)) -{ - BEGIN_IPC - relocate(inRights, inRightsBase, inRightsLength); - relocate(inEnvironment, inEnvironmentBase, inEnvironmentLength); - Authorization::AuthItemSet rights(inRights), environment(inEnvironment), grantedRights; - *rcode = connection.process.session.authGetRights(authorization, - rights, environment, flags, grantedRights); - if (result && resultLength) - { - size_t resultSize; - grantedRights.copy(*result, resultSize); - *resultLength = resultSize; - *resultBase = *result; - flips(*result, result, resultBase); - Server::releaseWhenDone(*result); - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationCopyInfo(UCSP_ARGS, - AuthorizationBlob authorization, - AuthorizationString tag, - COPY_OUT(AuthorizationItemSet, info)) -{ - BEGIN_IPC - Authorization::AuthItemSet infoSet; - *info = *infoBase = NULL; - *infoLength = 0; - *rcode = connection.process.session.authGetInfo(authorization, - tag[0] ? tag : NULL, infoSet); - if (*rcode == noErr) { - size_t infoSize; - infoSet.copy(*info, infoSize); - *infoLength = infoSize; - *infoBase = *info; - flips(*info, info, infoBase); - Server::releaseWhenDone(*info); - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationExternalize(UCSP_ARGS, - AuthorizationBlob authorization, AuthorizationExternalForm *extForm) -{ - BEGIN_IPC - *rcode = connection.process.session.authExternalize(authorization, *extForm); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationInternalize(UCSP_ARGS, - AuthorizationExternalForm extForm, AuthorizationBlob *authorization) -{ - BEGIN_IPC - *rcode = connection.process.session.authInternalize(extForm, *authorization); - END_IPC(CSSM) -} - - -// -// Session management subsystem -// -kern_return_t ucsp_server_getSessionInfo(UCSP_ARGS, - SecuritySessionId *sessionId, SessionAttributeBits *attrs) -{ - BEGIN_IPC - Session &session = Session::find(*sessionId); - *sessionId = session.handle(); - *attrs = session.attributes(); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setupSession(UCSP_ARGS, - SessionCreationFlags flags, SessionAttributeBits attrs) -{ - BEGIN_IPC - Session::setup(flags, attrs); - END_IPC(CSSM) -} - - -// -// Notification core subsystem -// -kern_return_t ucsp_server_requestNotification(UCSP_ARGS, mach_port_t receiver, uint32 domain, uint32 events) -{ - BEGIN_IPC - connection.process.requestNotifications(receiver, domain, events); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_stopNotification(UCSP_ARGS, mach_port_t receiver) -{ - BEGIN_IPC - connection.process.stopNotifications(receiver); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_postNotification(UCSP_ARGS, uint32 domain, uint32 event, DATA_IN(data)) -{ - BEGIN_IPC - connection.process.postNotification(domain, event, DATA(data)); - END_IPC(CSSM) -} - - -// -// AuthorizationDB modification -// -kern_return_t ucsp_server_authorizationdbGet(UCSP_ARGS, const char *rightname, DATA_OUT(rightDefinition)) -{ - BEGIN_IPC - CFDictionaryRef rightDict; - - *rcode = connection.process.session.authorizationdbGet(rightname, &rightDict); - - if (!*rcode && rightDict) - { - CFRef data(CFPropertyListCreateXMLData (NULL, rightDict)); - CFRelease(rightDict); - if (!data) - return errAuthorizationInternal; - - // @@@ copy data to avoid having to do a delayed cfrelease - mach_msg_type_number_t length = CFDataGetLength(data); - void *xmlData = CssmAllocator::standard().malloc(length); - memcpy(xmlData, CFDataGetBytePtr(data), length); - Server::releaseWhenDone(xmlData); - - *rightDefinition = xmlData; - *rightDefinitionLength = length; - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationdbSet(UCSP_ARGS, AuthorizationBlob authorization, const char *rightname, DATA_IN(rightDefinition)) -{ - BEGIN_IPC - CFRef data(CFDataCreate(NULL, (UInt8 *)rightDefinition, rightDefinitionLength)); - - if (!data) - return errAuthorizationInternal; - - CFRef rightDefinition(static_cast(CFPropertyListCreateFromXMLData(NULL, data, kCFPropertyListImmutable, NULL))); - - if (!rightDefinition || (CFGetTypeID(rightDefinition) != CFDictionaryGetTypeID())) - return errAuthorizationInternal; - - *rcode = connection.process.session.authorizationdbSet(authorization, rightname, rightDefinition); - - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationdbRemove(UCSP_ARGS, AuthorizationBlob authorization, const char *rightname) -{ - BEGIN_IPC - *rcode = connection.process.session.authorizationdbRemove(authorization, rightname); - END_IPC(CSSM) -} - - -// -// Miscellaneous administrative functions -// -kern_return_t ucsp_server_addCodeEquivalence(UCSP_ARGS, DATA_IN(oldHash), DATA_IN(newHash), - const char *name, boolean_t forSystem) -{ - BEGIN_IPC - Server::codeSignatures().addLink(DATA(oldHash), DATA(newHash), name, forSystem); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_removeCodeEquivalence(UCSP_ARGS, DATA_IN(hash), - const char *name, boolean_t forSystem) -{ - BEGIN_IPC - Server::codeSignatures().removeLink(DATA(hash), name, forSystem); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setAlternateSystemRoot(UCSP_ARGS, const char *root) -{ - BEGIN_IPC -#if defined(NDEBUG) - if (connection.process.uid() != 0) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); -#endif //NDEBUG - Server::codeSignatures().open((string(root) + EQUIVALENCEDBPATH).c_str()); - END_IPC(CSSM) -} diff --git a/SecurityServer/transwalkers.cpp b/SecurityServer/transwalkers.cpp deleted file mode 100644 index 8a6345eb..00000000 --- a/SecurityServer/transwalkers.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// transwalkers - server side transition data walking support -// -// These are data walker operators for securely marshaling and unmarshaling -// data structures across IPC. They are also in charge of fixing byte order -// inconsistencies between server and clients. -// -#include - - -using LowLevelMemoryUtilities::increment; -using LowLevelMemoryUtilities::difference; - - -bool flipClient() -{ - return Server::connection().process.byteFlipped(); -} - - -// -// CheckingRelocateWalkers -// -CheckingReconstituteWalker::CheckingReconstituteWalker(void *ptr, void *base, size_t size, bool flip) - : mBase(base), mFlip(flip) -{ - if (mFlip) - Flippers::flip(mBase); // came in reversed; fix for base use - mOffset = difference(ptr, mBase); - mLimit = increment(mBase, size); -} - - -// -// Relocation support -// -void relocate(Context &context, void *base, Context::Attr *attrs, uint32 attrSize) -{ - flip(context); - CheckingReconstituteWalker relocator(attrs, base, attrSize, flipClient()); - context.ContextAttributes = attrs; // fix context->attr vector link - for (uint32 n = 0; n < context.attributesInUse(); n++) - walk(relocator, context[n]); -} - - -// -// Outbound flipping support -// -FlipWalker::~FlipWalker() -{ - for (set::const_iterator it = mFlips.begin(); it != mFlips.end(); it++) - delete it->impl; -} - -void FlipWalker::doFlips(bool active) -{ - if (active) { - secdebug("flipwalkers", "starting outbound flips"); - for (set::const_iterator it = mFlips.begin(); it != mFlips.end(); it++) - it->impl->flip(); - secdebug("flipwalkers", "outbound flips done"); - } -} diff --git a/SecurityServer/transwalkers.h b/SecurityServer/transwalkers.h deleted file mode 100644 index ea69d09d..00000000 --- a/SecurityServer/transwalkers.h +++ /dev/null @@ -1,240 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// transwalkers - server side transition data walking support -// -// These are data walker operators for securely marshaling and unmarshaling -// data structures across IPC. They are also in charge of fixing byte order -// inconsistencies between server and clients. -// -#ifndef _H_TRANSWALKERS -#define _H_TRANSWALKERS - -#include -#include "flippers.h" -#include "server.h" -#include - -using LowLevelMemoryUtilities::increment; -using LowLevelMemoryUtilities::difference; - - -// -// Should we flip data? -// This looks at the current client's process information (a thread-global state) -// to determine flip status. Valid (only) within BEGIN_IPC/END_IPC brackets. -// -bool flipClient(); - - -// -// A CheckingReconstituteWalker is a variant of an ordinary ReconstituteWalker -// that checks object pointers and sizes against the incoming block limits. -// It throws an exception if incoming data has pointers outside the incoming block. -// This avoids trouble inside of the SecurityServer caused (by bug or malice) -// from someone spoofing the client access side. -// -class CheckingReconstituteWalker { -private: - void check(void *addr, size_t size) - { - if (addr < mBase || increment(addr, size) > mLimit) - CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER); - } - -public: - CheckingReconstituteWalker(void *ptr, void *base, size_t size, bool flip); - - template - void operator () (T &obj, size_t size = sizeof(T)) - { - check(increment(&obj, -mOffset), size); - if (mFlip) - Flippers::flip(obj); - } - - template - void operator () (T * &addr, size_t size = sizeof(T)) - { - DEBUGWALK("checkreconst:ptr"); - if (addr) { - // process the pointer - void *p = addr; - blob(p, size); - addr = reinterpret_cast(p); - - // now flip the contents - if (mFlip) - Flippers::flip(*addr); - } - } - - template - void blob(T * &addr, size_t size) - { - DEBUGWALK("checkreconst:blob"); - if (addr) { - // flip the address (the pointer itself) - if (mFlip) { - secdebug("flippers", "flipping %s@%p", Debug::typeName(addr).c_str(), addr); - Flippers::flip(addr); - } - - // check the address against the transmitted bounds - check(addr, size); - - // relocate it - addr = increment(addr, mOffset); - } - } - - static const bool needsRelinking = true; - static const bool needsSize = false; - -private: - void *mBase; // old base address - void *mLimit; // old last byte address + 1 - off_t mOffset; // relocation offset - bool mFlip; // apply byte order flipping -}; - - -// -// Process an incoming (IPC) data blob of type T. -// This relocates pointers to fit in the local address space, -// and fixes byte order issues as needed. -// -template -void relocate(T *obj, T *base, size_t size) -{ - if (obj) { - if (base == NULL) // invalid, could confuse walkers - CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER); - CheckingReconstituteWalker relocator(obj, base, size, - Server::connection().process.byteFlipped()); - walk(relocator, base); - } -} - - -// -// Special handling for incoming CSSM contexts. -// -void relocate(Context &context, void *base, Context::Attr *attrs, uint32 attrSize); - - -// -// A FlipWalker is a walker operator that collects its direct invocations -// into a set of memory objects. These objects can then collectively be -// byte-flipped (exactly once :-) at the flick of a function. -// -class FlipWalker { -private: - struct FlipBase { - virtual ~FlipBase() { } - virtual void flip() const = 0; - }; - - template - struct FlipRef : public FlipBase { - T &obj; - FlipRef(T &s) : obj(s) { } - void flip() const -{ secdebug("outflip", "%p flip/ref %s@%p", this, Debug::typeName(obj).c_str(), &obj); -{ Flippers::flip(obj); } -} - }; - - template - struct FlipPtr : public FlipBase { - T * &obj; - FlipPtr(T * &s) : obj(s) { } - void flip() const -{ secdebug("outflip", "%p flip/ptr %s@%p(%p)", this, Debug::typeName(obj).c_str(), &obj, obj); -{ Flippers::flip(*obj); Flippers::flip(obj); } -} -}; - - template - struct FlipBlob : public FlipBase { - T * &obj; - FlipBlob(T * &s) : obj(s) { } - void flip() const -{ secdebug("outflip", "%p flip/blob %s@%p(%p)", this, Debug::typeName(obj).c_str(), &obj, obj); -{ Flippers::flip(obj); } -} - }; - - struct Flipper { - FlipBase *impl; - Flipper(FlipBase *p) : impl(p) { } - bool operator < (const Flipper &other) const - { return impl < other.impl; } - }; - -public: - ~FlipWalker(); - void doFlips(bool active = true); - - template - void operator () (T &obj, size_t = sizeof(T)) - { mFlips.insert(new FlipRef(obj)); } - - template - T *operator () (T * &addr, size_t size = sizeof(T)) - { mFlips.insert(new FlipPtr(addr)); return addr; } - - template - void blob(T * &addr, size_t size) - { mFlips.insert(new FlipBlob(addr)); } - - static const bool needsRelinking = true; - static const bool needsSize = true; - -private: - set mFlips; -}; - - -// -// A raw flip, conditioned on the client's flip state -// -template -void flip(T &addr) -{ - if (flipClient()) { - secdebug("flippers", "raw flipping %s", Debug::typeName(addr).c_str()); - Flippers::flip(addr); - } -} - -template -void flips(T *value, T ** &addr, T ** &base) -{ - *addr = *base = value; - if (flipClient()) { - FlipWalker w; // collector - walk(w, value); // collect all flippings needed - w.doFlips(); // execute flips (flips value but leaves addr alone) - Flippers::flip(*base); // flip base (so it arrives right side up) - } -} - - -#endif //_H_TRANSWALKERS diff --git a/SecurityServer/ucsp.defs b/SecurityServer/ucsp.defs deleted file mode 100644 index 52c92806..00000000 --- a/SecurityServer/ucsp.defs +++ /dev/null @@ -1,293 +0,0 @@ -// -// ucsp.defs - Mach RPC interface between SecurityServer and its clients -// -#include -#include - -subsystem ucsp 1000; -serverprefix ucsp_server_; -userprefix ucsp_client_; - -import "securityserver.h"; -import "ucsp_types.h"; - - -// -// Data types -// -type Data = array [] of char; - -type Pointer = unsigned32; -type BasePointer = unsigned32; - -type KeyHandle = unsigned32; -type KeyBlob = Data - ctype: Pointer; - -type DbHandle = unsigned32; -type DbBlob = Data - ctype: Pointer; - -type AclEntryPrototypeBlob = Data - ctype: AclEntryPrototypePtr; -type AclEntryPrototypePtr = BasePointer; - -type AclEntryInfoBlob = Data - ctype: AclEntryInfoPtr; -type AclEntryInfoPtr = BasePointer; - -type AclEntryInputBlob = Data - ctype: AclEntryInputPtr; -type AclEntryInputPtr = BasePointer; - -type AclOwnerPrototypeBlob = Data - ctype: AclOwnerPrototypePtr; -type AclOwnerPrototypePtr = BasePointer; - -type AccessCredentialsBlob = Data - ctype: AccessCredentialsPtr; -type AccessCredentialsPtr = BasePointer; - -type DLDbIdentBlob = Data - ctype: DLDbIdentPtr; -type DLDbIdentPtr = BasePointer; - -type ParamInputBlob = Data - ctype: ParamInputPtr; -type ParamInputPtr = BasePointer; - -type VoidBlob = Data - ctype: VoidPtr; -type VoidPtr = unsigned32; - -type SetupInfo = struct[4] of uint8_t - ctype: ClientSetupInfo; - -type Context = struct [9*4] of uint8_t - ctype: CSSM_CONTEXT - intran: Context inTrans(CSSM_CONTEXT); -type ContextAttributes = array [] of char - cservertype: ContextAttributesPointer; - -type CssmKeyHeader = struct [23*4] of uint8_t; - -type CssmKey = struct [(23+2)*4] of uint8_t - ctype: CSSM_KEY - intran: CssmKey inTrans(CSSM_KEY) - outtran: CSSM_KEY outTrans(CssmKey); - -type CSSM_KEY_SIZE = struct [2*4] of uint32_t - ctype: CSSM_KEY_SIZE; - -type DBParameters = struct [1*4] of uint32_t; - -type AuthorizationItemSetBlob = Data - ctype: AuthorizationItemSetPtr; -type AuthorizationItemSetPtr = BasePointer; - -type AuthorizationBlob = struct [8] of uint8_t; // 8 opaque bytes -type AuthorizationExternalForm = struct [32] of uint8_t; // 32 opaque bytes - -type CssmString = c_string[*:64+4]; -type AuthorizationString = c_string[*:1024]; -type CSSM_RETURN = int32; -type CSSM_ALGORITHMS = unsigned32; -type CSSM_ACL_EDIT_MODE = unsigned32; -type CSSM_ACL_HANDLE = unsigned32; -type AclKind = unsigned32; -type uint32 = unsigned32; -type SecuritySessionId = unsigned32; -type SessionAttributeBits = unsigned32; -type SessionCreationFlags = unsigned32; - -type ExecutablePath = c_string[*:2048]; - - -// -// Common argument profiles -// -#define UCSP_PORTS requestport sport: mach_port_t; \ - replyport rport: mach_port_make_send_t; \ - serveraudittoken sourceAudit: audit_token_t; \ - out rcode: CSSM_RETURN -#define IN_CONTEXT in context: Context; in contextBase: BasePointer; in attrs: ContextAttributes -#define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr -#define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr - - -// -// Management and administrative functions -// -routine setup(UCSP_PORTS; in tport: mach_port_t; in info: SetupInfo; in executablePath: ExecutablePath); -routine setupNew(UCSP_PORTS; in tport: mach_port_t; in info: SetupInfo; in executablePath: ExecutablePath; - out newServicePort: mach_port_make_send_t); -routine setupThread(UCSP_PORTS; in tport: mach_port_t); -routine teardown(UCSP_PORTS); - - -// -// Database management -// -routine createDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent); - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - in params: DBParameters); -routine decodeDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent); - IN_BLOB(accessCredentials,AccessCredentials); in blob: DbBlob); -routine encodeDb(UCSP_PORTS; in db: DbHandle; out blob: DbBlob); -routine releaseDb(UCSP_PORTS; in db: DbHandle); -routine authenticateDb(UCSP_PORTS; in db: DbHandle; IN_BLOB(accessCredentials,AccessCredentials)); -routine setDbParameters(UCSP_PORTS; in db: DbHandle; in params: DBParameters); -routine getDbParameters(UCSP_PORTS; in db: DbHandle; out params: DBParameters); -routine changePassphrase(UCSP_PORTS; in db: DbHandle; - IN_BLOB(accessCredentials,AccessCredentials)); -routine lockDb(UCSP_PORTS; in db: DbHandle); -routine lockAll(UCSP_PORTS; in forSleep: boolean_t); -routine unlockDb(UCSP_PORTS; in db: DbHandle); -routine unlockDbWithPassphrase(UCSP_PORTS; in db: DbHandle; in passPhrase: Data); -routine isLocked(UCSP_PORTS; in db: DbHandle; out locked: boolean_t); - - -// -// Key management -// -routine encodeKey(UCSP_PORTS; in key: KeyHandle; out blob: KeyBlob; - in wantUid: boolean_t; out uid: Data); -routine decodeKey(UCSP_PORTS; out key: KeyHandle; out header: CssmKeyHeader; - in db: DbHandle; in blob: KeyBlob); -routine releaseKey(UCSP_PORTS; in key: KeyHandle); - -routine queryKeySizeInBits(UCSP_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE); -routine getOutputSize(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32); - -routine getKeyDigest(UCSP_PORTS; in key: KeyHandle; out digest: Data); - -// -// Random numbers -// -routine generateRandom(UCSP_PORTS; in bytes: uint32; out data: Data); - - -// -// Cryptographic operations -// -routine generateSignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data); -routine verifySignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data); -routine generateMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - in data: Data; out signature: Data); -routine verifyMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - in data: Data; in signature: Data); - -routine encrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data); -routine decrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data); - -routine generateKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader); -routine generateKeyPair(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32; - out pubKey: KeyHandle; out pubHeader: CssmKeyHeader; - out privKey: KeyHandle; out privHeader: CssmKeyHeader); -routine deriveKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in baseKey: KeyHandle; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - IN_BLOB(paramInput,ParamInput); out paramOutput: Data; - in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader); - -routine wrapKey(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; - IN_BLOB(accessCredentials,AccessCredentials); in keyToBeWrapped: KeyHandle; - in data: Data; out wrappedKey: CssmKey; out wrappedKeyData: Data); -routine unwrapKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in key: KeyHandle; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - in publicKey: KeyHandle; in wrappedKey: CssmKey; in wrappedKeyData: Data; - in usage: uint32; in attributes: uint32; out data: Data; - out resultKey: KeyHandle; out header: CssmKeyHeader); - - -// -// ACL management -// -routine getOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle; - out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr); -routine setOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype)); -routine getAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle; - in haveTag: boolean_t; in tag: CssmString; - out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr); -routine changeAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle; - IN_BLOB(accessCredentials,AccessCredentials); - in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE; - IN_BLOB(aclEntryInput,AclEntryInput)); - - -// -// Authorization subsystem -// -routine authorizationCreate(UCSP_PORTS; IN_BLOB(rights,AuthorizationItemSet); - in flags: uint32; - IN_BLOB(environment,AuthorizationItemSet); - out authorization: AuthorizationBlob); - -routine authorizationRelease(UCSP_PORTS; in authorization: AuthorizationBlob; - in flags: uint32); - -routine authorizationCopyRights(UCSP_PORTS; in authorization: AuthorizationBlob; - IN_BLOB(rights,AuthorizationItemSet); in flags: uint32; - IN_BLOB(environment,AuthorizationItemSet); - OUT_BLOB(result,AuthorizationItemSet)); - -routine authorizationCopyInfo(UCSP_PORTS; in authorization: AuthorizationBlob; - in tag: AuthorizationString; - OUT_BLOB(info,AuthorizationItemSet)); - -routine authorizationExternalize(UCSP_PORTS; in authorization: AuthorizationBlob; - out form: AuthorizationExternalForm); - -routine authorizationInternalize(UCSP_PORTS; in form: AuthorizationExternalForm; - out authorization: AuthorizationBlob); - - -// -// Session management subsystem -// -routine getSessionInfo(UCSP_PORTS; inout sessionId: SecuritySessionId; - out attrs: SessionAttributeBits); - -routine setupSession(UCSP_PORTS; in flags: SessionCreationFlags; in attrs: SessionAttributeBits); - - -// -// Notification subsystem -// -routine requestNotification(UCSP_PORTS; in receiver: mach_port_t; in domain: uint32; in events: uint32); -routine stopNotification(UCSP_PORTS; in receiver: mach_port_t); -routine postNotification(UCSP_PORTS; in domain: uint32; in event: uint32; in data: Data); - - -// -// Database key management -// -routine extractMasterKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in sourceDb: DbHandle; - IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); - in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader); - -routine getDbIndex(UCSP_PORTS; in db: DbHandle; out index: Data); - -// -// AuthorizationDB operations -// -routine authorizationdbGet(UCSP_PORTS; in rightname: AuthorizationString; out rightdefinition: Data); -routine authorizationdbSet(UCSP_PORTS; in authorization: AuthorizationBlob; in rightname: AuthorizationString; in rightDefinition: Data); -routine authorizationdbRemove(UCSP_PORTS; in authorization: AuthorizationBlob; in rightname: AuthorizationString); - - -// -// Miscellaneous administrative calls -// -routine addCodeEquivalence(UCSP_PORTS; in oldCode: Data; in newCode: Data; in name: ExecutablePath; - in forSystem: boolean_t); -routine removeCodeEquivalence(UCSP_PORTS; in code: Data; in name: ExecutablePath; - in forSystem: boolean_t); -routine setAlternateSystemRoot(UCSP_PORTS; in path: ExecutablePath); diff --git a/SecurityServer/ucspNotify.defs b/SecurityServer/ucspNotify.defs deleted file mode 100644 index 909d62cf..00000000 --- a/SecurityServer/ucspNotify.defs +++ /dev/null @@ -1,25 +0,0 @@ -// -// ucsp_callbacks: MIG definition of SecurityServer's callback services -// -#include -#include - -subsystem ucsp_notify 10000; -serverprefix ucsp_notify_receiver_; -userprefix ucsp_notify_sender_; - -import "securityserver.h"; -import "ucsp_types.h"; - - -// -// Data types -// -type Data = array [] of char; -type uint32 = unsigned32; - - -simpleroutine notify(requestport receiver: mach_port_t; - msgoption options: mach_msg_options_t; waittime timeout: natural_t; - in domain: uint32; in event: uint32; in data: Data; - in sender: uint32); diff --git a/SecurityServer/ucsp_types.h b/SecurityServer/ucsp_types.h deleted file mode 100644 index eb6213c7..00000000 --- a/SecurityServer/ucsp_types.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ucsp_types - type equivalence declarations for SecurityServer MIG -// -#include "ssclient.h" -#include - -// who forgot that one? -extern "C" kern_return_t mig_deallocate(vm_address_t addr, vm_size_t size); - -namespace Security { - -using namespace SecurityServer; - - -typedef void *Data; -typedef void *Pointer; -typedef void *BasePointer; - -typedef const char *CssmString; - -typedef void *ContextAttributes; -typedef Context::Attr *ContextAttributesPointer; - -typedef AclEntryPrototype *AclEntryPrototypePtr; -typedef AclEntryInput *AclEntryInputPtr; -typedef AclEntryInfo *AclEntryInfoPtr; -typedef AclOwnerPrototype *AclOwnerPrototypePtr; -typedef AccessCredentials *AccessCredentialsPtr; -typedef void *ParamInputPtr; -typedef void *VoidPtr; - -typedef DataWalkers::DLDbFlatIdentifier DLDbIdentBlob; -typedef DataWalkers::DLDbFlatIdentifier *DLDbIdentPtr; - -typedef AuthorizationItemSet AuthorizationItemSetBlob; -typedef AuthorizationItemSet *AuthorizationItemSetPtr; -typedef void *AuthorizationHandle; - -typedef CssmKey::Header CssmKeyHeader; - -typedef const char *ExecutablePath; - -inline Context &inTrans(CSSM_CONTEXT &arg) { return Context::overlay(arg); } -inline CssmKey &inTrans(CSSM_KEY &arg) { return CssmKey::overlay(arg); } -inline CSSM_KEY &outTrans(CssmKey &key) { return key; } - - -// -// Customization macros for MIG code -// -#define __AfterSendRpc(id, name) \ - if (msg_result == MACH_MSG_SUCCESS && Out0P->Head.msgh_id == MACH_NOTIFY_DEAD_NAME) \ - return MIG_SERVER_DIED; - -#define UseStaticTemplates 0 - - -// -// MIG-used byte swapping macros -// -#define __NDR_convert__int_rep__BasePointer__defined -#define __NDR_convert__int_rep__BasePointer(a, f) /* do not flip */ - -} // end namespace Security diff --git a/SecurityServer/xdatabase.cpp b/SecurityServer/xdatabase.cpp deleted file mode 100644 index 1e71b102..00000000 --- a/SecurityServer/xdatabase.cpp +++ /dev/null @@ -1,908 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// database - database session management -// -#include "xdatabase.h" -#include "agentquery.h" -#include "key.h" -#include "server.h" -#include "session.h" -#include "cfnotifier.h" // legacy -#include "notifications.h" -#include "SecurityAgentClient.h" -#include // for default owner ACLs -#include -#include - - -// -// Create a Database object from initial parameters (create operation) -// -Database::Database(const DLDbIdentifier &id, const DBParameters ¶ms, Process &proc, - const AccessCredentials *cred, const AclEntryPrototype *owner) - : SecurityServerAcl(dbAcl, CssmAllocator::standard()), process(proc), - mValidData(false), version(0), mBlob(NULL) -{ - // save a copy of the credentials for later access control - mCred = DataWalkers::copy(cred, CssmAllocator::standard()); - - // create a new random signature to complete the DLDbIdentifier - Signature newSig; - Server::active().random(newSig.bytes); - DbIdentifier ident(id, newSig); - - // create common block and initialize - CommonMap &commons = proc.session.databases(); - common = new Common(ident, commons); - StLock _(*common); - { StLock _(commons); - assert(commons.find(ident) == commons.end()); // better be new! - commons[ident] = common; - common->useCount++; - } - // new common is now visible but we hold its lock - - // establish the new master secret - establishNewSecrets(cred, SecurityAgent::newDatabase); - - // set initial database parameters - common->mParams = params; - - // we're unlocked now - common->makeNewSecrets(); - - // establish initial ACL - if (owner) - cssmSetInitial(*owner); - else - cssmSetInitial(new AnyAclSubject()); - mValidData = true; - - // for now, create the blob immediately - encode(); - - // register with process - process.addDatabase(this); - - secdebug("SSdb", "database %s(%p) created, common at %p", - common->dbName(), this, common); - IFDUMPING("SSdb", debugDump("creation complete")); -} - - -// -// Create a Database object from a database blob (decoding) -// -Database::Database(const DLDbIdentifier &id, const DbBlob *blob, Process &proc, - const AccessCredentials *cred) - : SecurityServerAcl(dbAcl, CssmAllocator::standard()), process(proc), - mValidData(false), version(0) -{ - // perform basic validation on the incoming blob - assert(blob); - blob->validate(CSSMERR_APPLEDL_INVALID_DATABASE_BLOB); - switch (blob->version()) { -#if defined(COMPAT_OSX_10_0) - case blob->version_MacOS_10_0: - break; -#endif - case blob->version_MacOS_10_1: - break; - default: - CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB); - } - - // save a copy of the credentials for later access control - mCred = DataWalkers::copy(cred, CssmAllocator::standard()); - - // check to see if we already know about this database - DbIdentifier ident(id, blob->randomSignature); - CommonMap &commons = proc.session.databases(); - StLock mapLock(commons); - CommonMap::iterator it = commons.find(ident); - if (it != commons.end()) { - // already there - common = it->second; // reuse common component - //@@@ arbitrate sequence number here, perhaps update common->mParams - StLock _(*common); // lock common against other users - common->useCount++; - secdebug("SSdb", - "open database %s(%p) version %lx at known common %p(%d)", - common->dbName(), this, blob->version(), common, int(common->useCount)); - } else { - // newly introduced - commons[ident] = common = new Common(ident, commons); - common->mParams = blob->params; - common->useCount++; - secdebug("SSdb", "open database %s(%p) version %lx with new common %p", - common->dbName(), this, blob->version(), common); - } - - // register with process - process.addDatabase(this); - - mBlob = blob->copy(); - IFDUMPING("SSdb", debugDump("end of decode")); -} - - -// -// Destroy a Database -// -Database::~Database() -{ - secdebug("SSdb", "deleting database %s(%p) common %p (%d refs)", - common->dbName(), this, common, int(common->useCount)); - IFDUMPING("SSdb", debugDump("deleting database instance")); - process.removeDatabase(this); - CssmAllocator::standard().free(mCred); - CssmAllocator::standard().free(mBlob); - - // take the commonLock to avoid races against re-use of the common - CommonMap &commons = process.session.databases(); - StLock __(commons); - if (--common->useCount == 0 && common->isLocked()) { - // last use of this database, and it's locked - discard - IFDUMPING("SSdb", debugDump("discarding common")); - discard(common); - } else if (common->useCount == 0) - IFDUMPING("SSdb", debugDump("retained because it's unlocked")); -} - - -// -// (Re-)Authenticate the database. This changes the stored credentials. -// -void Database::authenticate(const AccessCredentials *cred) -{ - StLock _(*common); - AccessCredentials *newCred = DataWalkers::copy(cred, CssmAllocator::standard()); - CssmAllocator::standard().free(mCred); - mCred = newCred; -} - - -// -// Return the database blob, recalculating it as needed. -// -DbBlob *Database::blob() -{ - StLock _(*common); - if (!validBlob()) { - makeUnlocked(); // unlock to get master secret - encode(); // (re)encode blob if needed - } - activity(); // reset timeout - assert(validBlob()); // better have a valid blob now... - return mBlob; -} - - -// -// Encode the current database as a blob. -// Note that this returns memory we own and keep. -// Caller must hold common lock. -// -void Database::encode() -{ - DbBlob *blob = common->encode(*this); - CssmAllocator::standard().free(mBlob); - mBlob = blob; - version = common->version; - secdebug("SSdb", "encoded database %p common %p(%s) version %ld params=(%ld,%d)", - this, common, dbName(), version, - common->mParams.idleTimeout, common->mParams.lockOnSleep); -} - - -// -// Change the passphrase on a database -// -void Database::changePassphrase(const AccessCredentials *cred) -{ - // get and hold the common lock (don't let other threads break in here) - StLock _(*common); - - // establish OLD secret - i.e. unlock the database - //@@@ do we want to leave the final lock state alone? - makeUnlocked(cred); - - // establish NEW secret - establishNewSecrets(cred, SecurityAgent::changePassphrase); - common->version++; // blob state changed - secdebug("SSdb", "Database %s(%p) master secret changed", common->dbName(), this); - encode(); // force rebuild of local blob - - // send out a notification - KeychainNotifier::passphraseChanged(identifier()); - - // I guess this counts as an activity - activity(); -} - - -// -// Extract the database master key as a proper Key object. -// -Key *Database::extractMasterKey(Database *db, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs) -{ - // get and hold common lock - StLock _(*common); - - // unlock to establish master secret - makeUnlocked(cred); - - // extract the raw cryptographic key - CssmClient::WrapKey wrap(Server::csp(), CSSM_ALGID_NONE); - CssmKey key; - wrap(common->masterKey(), key); - - // make the key object and return it - return new Key(db, key, attrs & Key::managedAttributes, owner); -} - - -// -// Construct a binary blob of moderate size that is suitable for constructing -// an index identifying this database. -// We construct this from the database's marker blob, which is created with -// the database is made, and stays stable thereafter. -// Note: Ownership of the index blob passes to the caller. -// @@@ This means that physical copies share this index. -// -void Database::getDbIndex(CssmData &indexData) -{ - if (!mBlob) - encode(); // force blob creation - assert(mBlob); - CssmData signature = CssmData::wrap(mBlob->randomSignature); - indexData = CssmAutoData(CssmAllocator::standard(), signature).release(); -} - - -// -// Unlock this database (if needed) by obtaining the master secret in some -// suitable way and then proceeding to unlock with it. -// Does absolutely nothing if the database is already unlocked. -// The makeUnlocked forms are identical except the assume the caller already -// holds the common lock. -// -void Database::unlock() -{ - StLock _(*common); - makeUnlocked(); -} - -void Database::makeUnlocked() -{ - return makeUnlocked(mCred); -} - -void Database::makeUnlocked(const AccessCredentials *cred) -{ - IFDUMPING("SSdb", debugDump("default procedures unlock")); - if (isLocked()) { - assert(mBlob || (mValidData && common->hasMaster())); - establishOldSecrets(cred); - activity(); // set timeout timer - } else if (!mValidData) { // need to decode to get our ACLs, passphrase available - if (!decode()) - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); - } - assert(!isLocked()); - assert(mValidData); -} - - -// -// The following unlock given an explicit passphrase, rather than using -// (special cred sample based) default procedures. -// -void Database::unlock(const CssmData &passphrase) -{ - StLock _(*common); - makeUnlocked(passphrase); -} - -void Database::makeUnlocked(const CssmData &passphrase) -{ - if (isLocked()) { - if (decode(passphrase)) - return; - else - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); - } else if (!mValidData) { // need to decode to get our ACLs, passphrase available - if (!decode()) - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); - } - assert(!isLocked()); - assert(mValidData); -} - - -// -// Nonthrowing passphrase-based unlock. This returns false if unlock failed. -// Note that this requires an explicitly given passphrase. -// Caller must hold common lock. -// -bool Database::decode(const CssmData &passphrase) -{ - assert(mBlob); - common->setup(mBlob, passphrase); - return decode(); -} - - -// -// Given the established master secret, decode the working keys and other -// functional secrets for this database. Return false (do NOT throw) if -// the decode fails. Call this in low(er) level code once you established -// the master key. -// -bool Database::decode() -{ - assert(mBlob); - assert(common->hasMaster()); - void *privateAclBlob; - if (common->unlock(mBlob, &privateAclBlob)) { - if (!mValidData) { - importBlob(mBlob->publicAclBlob(), privateAclBlob); - mValidData = true; - } - CssmAllocator::standard().free(privateAclBlob); - return true; - } - secdebug("SSdb", "%p decode failed", this); - return false; -} - - -// -// Given an AccessCredentials for this database, wring out the existing primary -// database secret by whatever means necessary. -// On entry, caller must hold the database common lock. It will be held throughout. -// On exit, the crypto core has its master secret. If things go wrong, -// we will throw a suitable exception. Note that encountering any malformed -// credential sample will throw, but this is not guaranteed -- don't assume -// that NOT throwing means creds is entirely well-formed. -// -// How this works: -// Walk through the creds. Fish out those credentials (in order) that -// are for unlock processing (they have no ACL subject correspondents), -// and (try to) obey each in turn, until one produces a valid secret -// or you run out. If no special samples are found at all, interpret that as -// "use the system global default," which happens to be hard-coded right here. -// -void Database::establishOldSecrets(const AccessCredentials *creds) -{ - list samples; - if (creds && creds->samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, samples)) { - for (list::iterator it = samples.begin(); it != samples.end(); it++) { - TypedList &sample = *it; - sample.checkProper(); - switch (sample.type()) { - // interactively prompt the user - no additional data - case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT: - { - secdebug("SSdb", "%p attempting interactive unlock", this); - QueryUnlock query(*this); - if (query() == SecurityAgent::noReason) - return; - } - break; - // try to use an explicitly given passphrase - Data:passphrase - case CSSM_SAMPLE_TYPE_PASSWORD: - if (sample.length() != 2) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - secdebug("SSdb", "%p attempting passphrase unlock", this); - if (decode(sample[1])) - return; - break; - // try to open with a given master key - Data:CSP or KeyHandle, Data:CssmKey - case CSSM_WORDID_SYMMETRIC_KEY: - assert(mBlob); - secdebug("SSdb", "%p attempting explicit key unlock", this); - common->setup(mBlob, keyFromCreds(sample)); - if (decode()) - return; - break; - // explicitly defeat the default action but don't try anything in particular - case CSSM_WORDID_CANCELED: - secdebug("SSdb", "%p defeat default action", this); - break; - default: - // Unknown sub-sample for unlocking. - // If we wanted to be fascist, we could now do - // CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED); - // But instead we try to be tolerant and continue on. - // This DOES however count as an explicit attempt at specifying unlock, - // so we will no longer try the default case below... - secdebug("SSdb", "%p unknown sub-sample unlock (%ld) ignored", this, sample.type()); - break; - } - } - } else { - // default action - assert(mBlob); - SystemKeychainKey systemKeychain(kSystemUnlockFile); - if (systemKeychain.matches(mBlob->randomSignature)) { - secdebug("SSdb", "%p attempting system unlock", this); - common->setup(mBlob, CssmClient::Key(Server::csp(), systemKeychain.key(), true)); - if (decode()) - return; - } - - QueryUnlock query(*this); - if (query() == SecurityAgent::noReason) - return; - } - - // out of options - no secret obtained - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); -} - - -// -// Same thing, but obtain a new secret somehow and set it into the common. -// -void Database::establishNewSecrets(const AccessCredentials *creds, SecurityAgent::Reason reason) -{ - list samples; - if (creds && creds->samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, samples)) { - for (list::iterator it = samples.begin(); it != samples.end(); it++) { - TypedList &sample = *it; - sample.checkProper(); - switch (sample.type()) { - // interactively prompt the user - case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT: - { - secdebug("SSdb", "%p specified interactive passphrase", this); - QueryNewPassphrase query(*this, reason); - CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive)); - if (query(passphrase) == SecurityAgent::noReason) { - common->setup(NULL, passphrase); - return; - } - } - break; - // try to use an explicitly given passphrase - case CSSM_SAMPLE_TYPE_PASSWORD: - secdebug("SSdb", "%p specified explicit passphrase", this); - if (sample.length() != 2) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - common->setup(NULL, sample[1]); - return; - // try to open with a given master key - case CSSM_WORDID_SYMMETRIC_KEY: - secdebug("SSdb", "%p specified explicit master key", this); - common->setup(NULL, keyFromCreds(sample)); - return; - // explicitly defeat the default action but don't try anything in particular - case CSSM_WORDID_CANCELED: - secdebug("SSdb", "%p defeat default action", this); - break; - default: - // Unknown sub-sample for acquiring new secret. - // If we wanted to be fascist, we could now do - // CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED); - // But instead we try to be tolerant and continue on. - // This DOES however count as an explicit attempt at specifying unlock, - // so we will no longer try the default case below... - secdebug("SSdb", "%p unknown sub-sample acquisition (%ld) ignored", - this, sample.type()); - break; - } - } - } else { - // default action -- interactive (only) - QueryNewPassphrase query(*this, reason); - CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive)); - if (query(passphrase) == SecurityAgent::noReason) { - common->setup(NULL, passphrase); - return; - } - } - - // out of options - no secret obtained - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); -} - - -// -// Given a (truncated) Database credentials TypedList specifying a master key, -// locate the key and return a reference to it. -// -CssmClient::Key Database::keyFromCreds(const TypedList &sample) -{ - // decode TypedList structure (sample type; Data:CSPHandle; Data:CSSM_KEY) - assert(sample.type() == CSSM_WORDID_SYMMETRIC_KEY); - if (sample.length() != 3 - || sample[1].type() != CSSM_LIST_ELEMENT_DATUM - || sample[2].type() != CSSM_LIST_ELEMENT_DATUM) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - CSSM_CSP_HANDLE &handle = *sample[1].data().interpretedAs(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - CssmKey &key = *sample[2].data().interpretedAs(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - - if (key.header().cspGuid() == gGuidAppleCSPDL) { - // handleOrKey is a SecurityServer KeyHandle; ignore key argument - return Server::key(handle); - } else { - // not a KeyHandle reference; use key as a raw key - if (key.header().blobType() != CSSM_KEYBLOB_RAW) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - if (key.header().keyClass() != CSSM_KEYCLASS_SESSION_KEY) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); - return CssmClient::Key(Server::csp(), key, true); - } -} - - -// -// Verify a putative database passphrase. -// If the database is already unlocked, just check the passphrase. -// Otherwise, unlock with that passphrase and report success. -// Caller must hold the common lock. -// -bool Database::validatePassphrase(const CssmData &passphrase) const -{ - if (common->hasMaster()) { - // verify against known secret - return common->validatePassphrase(passphrase); - } else { - // no master secret - perform "blind" unlock to avoid actual unlock - try { - DatabaseCryptoCore test; - test.setup(mBlob, passphrase); - test.decodeCore(mBlob, NULL); - return true; - } catch (...) { - return false; - } - } -} - - -// -// Lock this database -// -void Database::lock() -{ - common->lock(false); -} - - -// -// Lock all databases we know of. -// This is an interim stop-gap measure, until we can work out how database -// state should interact with true multi-session operation. -// -void Database::lockAllDatabases(CommonMap &commons, bool forSleep) -{ - StLock _(commons); // hold all changes to Common map - for (CommonMap::iterator it = commons.begin(); it != commons.end(); it++) - it->second->lock(true, forSleep); // lock, already holding commonLock -} - - -// -// Given a Key for this database, encode it into a blob and return it. -// -KeyBlob *Database::encodeKey(const CssmKey &key, const CssmData &pubAcl, const CssmData &privAcl) -{ - unlock(); - - // tell the cryptocore to form the key blob - return common->encodeKeyCore(key, pubAcl, privAcl); -} - - -// -// Given a "blobbed" key for this database, decode it into its real -// key object and (re)populate its ACL. -// -void Database::decodeKey(KeyBlob *blob, CssmKey &key, void * &pubAcl, void * &privAcl) -{ - unlock(); // we need our keys - - common->decodeKeyCore(blob, key, pubAcl, privAcl); - // memory protocol: pubAcl points into blob; privAcl was allocated - - activity(); -} - - -// -// Modify database parameters -// -void Database::setParameters(const DBParameters ¶ms) -{ - StLock _(*common); - makeUnlocked(); - common->mParams = params; - common->version++; // invalidate old blobs - activity(); - secdebug("SSdb", "%p common %p(%s) set params=(%ld,%d)", - this, common, dbName(), params.idleTimeout, params.lockOnSleep); -} - - -// -// Retrieve database parameters -// -void Database::getParameters(DBParameters ¶ms) -{ - StLock _(*common); - makeUnlocked(); - params = common->mParams; - //activity(); // getting parameters does not reset the idle timer -} - - -// -// Intercept ACL change requests and reset blob validity -// -void Database::instantiateAcl() -{ - StLock _(*common); - makeUnlocked(); -} - -void Database::changedAcl() -{ - StLock _(*common); - version = 0; -} - -const Database *Database::relatedDatabase() const -{ return this; } - - -// -// Debugging support -// -#if defined(DEBUGDUMP) - -void Database::debugDump(const char *msg) -{ - assert(common); - const Signature &sig = common->identifier(); - uint32 sig4; memcpy(&sig4, sig.bytes, sizeof(sig4)); - Debug::dump("** %s(%8.8lx) common=%p(%ld) %s\n", - common->dbName(), sig4, common, common->useCount, msg); - if (isLocked()) - Debug::dump(" locked"); - else { - Time::Absolute when = common->when(); - time_t whenTime = time_t(when); - Debug::dump(" UNLOCKED(%24.24s/%.2g)", ctime(&whenTime), - (when - Time::now()).seconds()); - } - Debug::dump(" %s blobversion=%ld/%ld %svalidData", - (common->isValid() ? "validkeys" : "!validkeys"), - version, common->version, - (mValidData ? "" : "!")); - Debug::dump(" Params=(%ld %d)\n", - common->mParams.idleTimeout, common->mParams.lockOnSleep); -} - -#endif //DEBUGDUMP - - -// -// Database::Common basic features -// -Database::Common::Common(const DbIdentifier &id, CommonMap &commonPool) -: pool(commonPool), mIdentifier(id), sequence(0), useCount(0), version(1), - mIsLocked(true), mValidParams(false) -{ } - -Database::Common::~Common() -{ - // explicitly unschedule ourselves - Server::active().clearTimer(this); - pool.erase(identifier()); -} - - -void Database::Common::makeNewSecrets() -{ - // we already have a master key (right?) - assert(hasMaster()); - - // tell crypto core to generate the use keys - DatabaseCryptoCore::generateNewSecrets(); - - // we're now officially "unlocked"; set the timer - mIsLocked = false; - activity(); -} - - -void Database::discard(Common *common) -{ - // LOCKING: pool lock held, *common NOT held - secdebug("SSdb", "discarding dbcommon %p (no users, locked)", common); - delete common; -} - - -// -// All unlocking activity ultimately funnels through this method. -// This unlocks a Common using the secrets setup in its crypto core -// component, and performs all the housekeeping needed to represent -// the state change. -// -bool Database::Common::unlock(DbBlob *blob, void **privateAclBlob) -{ - try { - // Tell the cryptocore to (try to) decode itself. This will fail - // in an astonishing variety of ways if the passphrase is wrong. - assert(hasMaster()); - decodeCore(blob, privateAclBlob); - secdebug("SSdb", "%p unlock successful", this); - } catch (...) { - secdebug("SSdb", "%p unlock failed", this); - return false; - } - - // get the database parameters only if we haven't got them yet - if (!mValidParams) { - mParams = blob->params; - n2hi(mParams.idleTimeout); - mValidParams = true; // sticky - } - - // now successfully unlocked - mIsLocked = false; - - // set timeout - activity(); - - // broadcast unlock notification - KeychainNotifier::unlock(identifier()); - return true; -} - - -void Database::Common::lock(bool holdingCommonLock, bool forSleep) -{ - StLock locker(*this); - if (!isLocked()) { - if (forSleep && !mParams.lockOnSleep) - return; // it doesn't want to - - mIsLocked = true; - DatabaseCryptoCore::invalidate(); - KeychainNotifier::lock(identifier()); - Server::active().clearTimer(this); - - // if no database refers to us now, we're history - StLock _(pool, false); - if (!holdingCommonLock) - _.lock(); - if (useCount == 0) { - locker.unlock(); // release object lock - discard(this); - } - } -} - -DbBlob *Database::Common::encode(Database &db) -{ - assert(!isLocked()); // must have been unlocked by caller - - // export database ACL to blob form - CssmData pubAcl, privAcl; - db.exportBlob(pubAcl, privAcl); - - // tell the cryptocore to form the blob - DbBlob form; - form.randomSignature = identifier(); - form.sequence = sequence; - form.params = mParams; - h2ni(form.params.idleTimeout); - - assert(hasMaster()); - DbBlob *blob = encodeCore(form, pubAcl, privAcl); - - // clean up and go - db.allocator.free(pubAcl); - db.allocator.free(privAcl); - return blob; -} - - -// -// Perform deferred lock processing for a database. -// -void Database::Common::action() -{ - secdebug("SSdb", "common %s(%p) locked by timer (%d refs)", - dbName(), this, int(useCount)); - lock(false); -} - -void Database::Common::activity() -{ - if (!isLocked()) - Server::active().setTimer(this, Time::Interval(int(mParams.idleTimeout))); -} - - -// -// Implementation of a "system keychain unlock key store" -// -SystemKeychainKey::SystemKeychainKey(const char *path) - : mPath(path) -{ - // explicitly set up a key header for a raw 3DES key - CssmKey::Header &hdr = mKey.header(); - hdr.blobType(CSSM_KEYBLOB_RAW); - hdr.blobFormat(CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING); - hdr.keyClass(CSSM_KEYCLASS_SESSION_KEY); - hdr.algorithm(CSSM_ALGID_3DES_3KEY_EDE); - hdr.KeyAttr = 0; - hdr.KeyUsage = CSSM_KEYUSE_ANY; - mKey = CssmData::wrap(mBlob.masterKey); -} - -SystemKeychainKey::~SystemKeychainKey() -{ -} - -bool SystemKeychainKey::matches(const DbBlob::Signature &signature) -{ - return update() && signature == mBlob.signature; -} - -bool SystemKeychainKey::update() -{ - // if we checked recently, just assume it's okay - if (mUpdateThreshold > Time::now()) - return mValid; - - // check the file - struct stat st; - if (::stat(mPath.c_str(), &st)) { - // something wrong with the file; can't use it - mUpdateThreshold = Time::now() + Time::Interval(checkDelay); - return mValid = false; - } - if (mValid && Time::Absolute(st.st_mtimespec) == mCachedDate) - return true; - mUpdateThreshold = Time::now() + Time::Interval(checkDelay); - - try { - secdebug("syskc", "reading system unlock record from %s", mPath.c_str()); - AutoFileDesc fd(mPath, O_RDONLY); - if (fd.read(mBlob) != sizeof(mBlob)) - return false; - if (mBlob.isValid()) { - mCachedDate = st.st_mtimespec; - return mValid = true; - } else - return mValid = false; - } catch (...) { - secdebug("syskc", "system unlock record not available"); - return false; - } -} diff --git a/SecurityServer/xdatabase.h b/SecurityServer/xdatabase.h deleted file mode 100644 index 2446f667..00000000 --- a/SecurityServer/xdatabase.h +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// database - database session management -// -#ifndef _H_DATABASE -#define _H_DATABASE - -#include "securityserver.h" -#include "acls.h" -#include "dbcrypto.h" -#include "notifications.h" -#include -#include -#include -#include -#include "SecurityAgentClient.h" -#include -#include -#include - - -class Key; -class Connection; -class Process; -using MachPlusPlus::MachServer; - - -// -// A Database object represents an Apple CSP/DL open database (DL/DB) object. -// It maintains its protected semantic state (including keys) and provides controlled -// access. -// -class Database : public HandleObject, public SecurityServerAcl { - static const Listener::Event lockedEvent = Listener::lockedEvent; - static const Listener::Event unlockedEvent = Listener::unlockedEvent; - static const Listener::Event passphraseChangedEvent = Listener::passphraseChangedEvent; - -public: - class Common; friend class Common; - - Database(const DLDbIdentifier &id, const DBParameters ¶ms, Process &proc, - const AccessCredentials *cred, const AclEntryPrototype *owner); - virtual ~Database(); - - Process &process; - - static const int maxUnlockTryCount = 3; - -public: - typedef DbBlob::Signature Signature; - - class DbIdentifier { - public: - DbIdentifier(const DLDbIdentifier &id, Signature sig) - : mIdent(id), mSig(sig) { } - - operator const DLDbIdentifier &() const { return mIdent; } - operator const Signature &() const { return mSig; } - const char *dbName() const { return mIdent.dbName(); } - - bool operator < (const DbIdentifier &id) const // simple lexicographic - { - if (mIdent < id.mIdent) return true; - if (id.mIdent < mIdent) return false; - return mSig < id.mSig; - } - - private: - DLDbIdentifier mIdent; - Signature mSig; - }; - -public: - class CommonMap : public map, public Mutex { - }; - -public: - // - // A Database::Common is the "common core" of all Database objects that - // represent the same client database (on disk, presumably). - // NOTE: Common obeys exterior locking protocol: the caller (always Database) - // must lock it before operating on its non-const members. In practice, - // most Database methods lock down their Common first thing. - // - class Common : public DatabaseCryptoCore, public MachServer::Timer, public Mutex { - public: - Common(const DbIdentifier &id, CommonMap &pool); - ~Common(); - - bool unlock(DbBlob *blob, void **privateAclBlob = NULL); - void lock(bool holdingCommonLock, bool forSleep = false); // versatile lock primitive - bool isLocked() const { return mIsLocked; } // lock status - void activity(); // reset lock timeout - - void makeNewSecrets(); - - const DbIdentifier &identifier() const {return mIdentifier; } - const DLDbIdentifier &dlDbIdent() const { return identifier(); } - const char *dbName() const { return dlDbIdent().dbName(); } - - DbBlob *encode(Database &db); - - protected: - void action(); // timer queue action to lock keychain - - public: - CommonMap &pool; // the CommonMap we belong to - - DbIdentifier mIdentifier; // database external identifier [const] - // all following data locked with object lock - uint32 sequence; // change sequence number - DBParameters mParams; // database parameters (arbitrated copy) - - uint32 useCount; // database sessions we belong to - uint32 version; // version stamp for change tracking - - private: - bool mIsLocked; // database is LOGICALLY locked - bool mValidParams; // mParams has been set - }; - - const DbIdentifier &identifier() const { return common->identifier(); } - const char *dbName() const { return common->dbName(); } - -public: - // encoding/decoding databases - DbBlob *blob(); - Database(const DLDbIdentifier &id, const DbBlob *blob, Process &proc, - const AccessCredentials *cred); - void authenticate(const AccessCredentials *cred); - void changePassphrase(const AccessCredentials *cred); - Key *extractMasterKey(Database *db, - const AccessCredentials *cred, const AclEntryPrototype *owner, - uint32 usage, uint32 attrs); - void getDbIndex(CssmData &indexData); - - // lock/unlock processing - void lock(); // unconditional lock - void unlock(); // full-feature unlock - void unlock(const CssmData &passphrase); // unlock with passphrase - - bool decode(); // unlock given established master key - bool decode(const CssmData &passphrase); // set master key from PP, try unlock - - bool validatePassphrase(const CssmData &passphrase) const; // nonthrowing validation - bool isLocked() const { return common->isLocked(); } // lock status - - void activity() const { common->activity(); } // reset timeout clock - static void lockAllDatabases(CommonMap &commons, bool forSleep = false); // lock all in session - - // encoding/decoding keys - void decodeKey(KeyBlob *blob, CssmKey &key, void * &pubAcl, void * &privAcl); - KeyBlob *encodeKey(const CssmKey &key, const CssmData &pubAcl, const CssmData &privAcl); - - bool validBlob() const { return mBlob && version == common->version; } - - // manage database parameters - void setParameters(const DBParameters ¶ms); - void getParameters(DBParameters ¶ms); - - // ACL state management hooks - void instantiateAcl(); - void changedAcl(); - const Database *relatedDatabase() const; // "self", for SecurityServerAcl's sake - - // debugging - IFDUMP(void debugDump(const char *msg)); - -protected: - void makeUnlocked(); // interior version of unlock() - void makeUnlocked(const AccessCredentials *cred); // like () with explicit cred - void makeUnlocked(const CssmData &passphrase); // interior version of unlock(CssmData) - - void establishOldSecrets(const AccessCredentials *creds); - void establishNewSecrets(const AccessCredentials *creds, SecurityAgent::Reason reason); - - static CssmClient::Key keyFromCreds(const TypedList &sample); - - void encode(); // (re)generate mBlob if needed - - static void discard(Common *common); // safely kill a Common - -private: - Common *common; // shared features of all instances of this database [const] - - // all following data is locked by the common lock - bool mValidData; // valid ACL and params (blob decoded) - - uint32 version; // version stamp for blob validity - DbBlob *mBlob; // database blob (encoded) - - AccessCredentials *mCred; // local access credentials (always valid) -}; - - -// -// This class implements a "system keychaiin unlock record" store -// -class SystemKeychainKey { -public: - SystemKeychainKey(const char *path); - ~SystemKeychainKey(); - - bool matches(const DbBlob::Signature &signature); - CssmKey &key() { return mKey; } - -private: - std::string mPath; // path to file - CssmKey mKey; // proper CssmKey with data in mBlob - - bool mValid; // mBlob was validly read from mPath - UnlockBlob mBlob; // contents of mPath as last read - - Time::Absolute mCachedDate; // modify date of file when last read - Time::Absolute mUpdateThreshold; // cutoff threshold for checking again - - static const int checkDelay = 1; // seconds minimum delay between update checks - - bool update(); -}; - -#endif //_H_DATABASE diff --git a/SecurityServer/yarrowMigTypes.h b/SecurityServer/yarrowMigTypes.h deleted file mode 100644 index 6a744753..00000000 --- a/SecurityServer/yarrowMigTypes.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// yarrowMigTypes.h - type equivalence declarations for Yarrow's MIG -// interface -// -#include - -// @@@ who forgot that one? -extern "C" kern_return_t mig_deallocate(vm_address_t addr, vm_size_t size); - -namespace Security -{ - -typedef void *Data; - -// -// The server's bootstrap name -// -#define YARROW_SERVER_NAME "YarrowServer" - -} // end namespace Security - -using namespace Security; diff --git a/cdsa/CVSVersionInfo.txt b/cdsa/CVSVersionInfo.txt deleted file mode 100644 index dbee6b90..00000000 --- a/cdsa/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $ -# $Name: $ -ProjectName: cdsa -ProjectVersion: 21 diff --git a/cdsa/TODO b/cdsa/TODO deleted file mode 100644 index 16d52c39..00000000 --- a/cdsa/TODO +++ /dev/null @@ -1 +0,0 @@ -Things TODO in cdsa diff --git a/cdsa/cdsa.cpp b/cdsa/cdsa.cpp deleted file mode 100644 index ddf69730..00000000 --- a/cdsa/cdsa.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* Headers. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -/* Source files. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include diff --git a/cdsa/cdsa/certextensions.h b/cdsa/cdsa/certextensions.h deleted file mode 100644 index 74a5b3a3..00000000 --- a/cdsa/cdsa/certextensions.h +++ /dev/null @@ -1,483 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: CertExtensions.h - - Contains: X.509 Cert Extensions as C structs - - Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CERT_EXTENSIONS_H_ -#define _CERT_EXTENSIONS_H_ - -#include - -/*** - *** Structs for declaring extension-specific data. - ***/ - -/* - * GeneralName, used in AuthorityKeyID, SubjectAltName, and - * IssuerAltName. - * - * For now, we just provide explicit support for the types which are - * represented as IA5Strings, OIDs, and octet strings. Constructed types - * such as EDIPartyName and x400Address are not explicitly handled - * right now and must be encoded and decoded by the caller. (See exception - * for Name and OtherName, below). In those cases the CE_GeneralName.name.Data field - * represents the BER contents octets; CE_GeneralName.name.Length is the - * length of the contents; the tag of the field is not needed - the BER - * encoding uses context-specific implicit tagging. The berEncoded field - * is set to CSSM_TRUE in these case. Simple types have berEncoded = CSSM_FALSE. - * - * In the case of a GeneralName in the form of a Name, we parse the Name - * into a CSSM_X509_NAME and place a pointer to the CSSM_X509_NAME in the - * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to - * sizeof(CSSM_X509_NAME). In this case berEncoded is false. - * - * In the case of a GeneralName in the form of a OtherName, we parse the fields - * into a CE_OtherName and place a pointer to the CE_OtherName in the - * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to - * sizeof(CE_OtherName). In this case berEncoded is false. - * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER} - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - */ -typedef enum { - GNT_OtherName = 0, - GNT_RFC822Name, - GNT_DNSName, - GNT_X400Address, - GNT_DirectoryName, - GNT_EdiPartyName, - GNT_URI, - GNT_IPAddress, - GNT_RegisteredID -} CE_GeneralNameType; - -typedef struct { - CSSM_OID typeId; - CSSM_DATA value; // unparsed, BER-encoded -} CE_OtherName; - -typedef struct { - CE_GeneralNameType nameType; // GNT_RFC822Name, etc. - CSSM_BOOL berEncoded; - CSSM_DATA name; -} CE_GeneralName; - -typedef struct { - uint32 numNames; - CE_GeneralName *generalName; -} CE_GeneralNames; - -/* - * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } - * - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - * - * CSSM OID = CSSMOID_AuthorityKeyIdentifier - */ -typedef struct { - CSSM_BOOL keyIdentifierPresent; - CSSM_DATA keyIdentifier; - CSSM_BOOL generalNamesPresent; - CE_GeneralNames *generalNames; - CSSM_BOOL serialNumberPresent; - CSSM_DATA serialNumber; -} CE_AuthorityKeyID; - -/* - * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } - * SubjectKeyIdentifier ::= KeyIdentifier - * - * CSSM OID = CSSMOID_SubjectKeyIdentifier - */ -typedef CSSM_DATA CE_SubjectKeyID; - -/* - * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * - * CSSM OID = CSSMOID_KeyUsage - * - */ -typedef uint16 CE_KeyUsage; - -#define CE_KU_DigitalSignature 0x8000 -#define CE_KU_NonRepudiation 0x4000 -#define CE_KU_KeyEncipherment 0x2000 -#define CE_KU_DataEncipherment 0x1000 -#define CE_KU_KeyAgreement 0x0800 -#define CE_KU_KeyCertSign 0x0400 -#define CE_KU_CRLSign 0x0200 -#define CE_KU_EncipherOnly 0x0100 -#define CE_KU_DecipherOnly 0x0080 - -/* - * id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 } - * - * -- reasonCode ::= { CRLReason } - * - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * removeFromCRL (8) } - * - * CSSM OID = CSSMOID_CrlReason - * - */ -typedef uint32 CE_CrlReason; - -#define CE_CR_Unspecified 0 -#define CE_CR_KeyCompromise 1 -#define CE_CR_CACompromise 2 -#define CE_CR_AffiliationChanged 3 -#define CE_CR_Superseded 4 -#define CE_CR_CessationOfOperation 5 -#define CE_CR_CertificateHold 6 -#define CE_CR_RemoveFromCRL 8 - -/* - * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } - * - * SubjectAltName ::= GeneralNames - * - * CSSM OID = CSSMOID_SubjectAltName - * - * GeneralNames defined above. - */ - -/* - * id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} - * - * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId* - * - * KeyPurposeId ::= OBJECT IDENTIFIER - * - * CSSM OID = CSSMOID_ExtendedKeyUsage - */ -typedef struct { - uint32 numPurposes; - CSSM_OID_PTR purposes; // in Intel pre-encoded format -} CE_ExtendedKeyUsage; - -/* - * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } - * - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - * - * CSSM OID = CSSMOID_BasicConstraints - */ -typedef struct { - CSSM_BOOL cA; - CSSM_BOOL pathLenConstraintPresent; - uint32 pathLenConstraint; -} CE_BasicConstraints; - -/* - * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * -- policyQualifierIds for Internet policy qualifiers - * - * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - * - * PolicyQualifierId ::= - * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - * - * Qualifier ::= CHOICE { - * cPSuri CPSuri, - * userNotice UserNotice } - * - * CPSuri ::= IA5String - * - * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL} - * - * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER } - * - * DisplayText ::= CHOICE { - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)) } - * - * CSSM OID = CSSMOID_CertificatePolicies - * - * We only support down to the level of Qualifier, and then only the CPSuri - * choice. UserNotice is transmitted to and from this library as a raw - * CSSM_DATA containing the BER-encoded UserNotice sequence. - */ - -typedef struct { - CSSM_OID policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE - CSSM_DATA qualifier; // CSSMOID_QT_CPS: IA5String contents - // CSSMOID_QT_UNOTICE : Sequence contents -} CE_PolicyQualifierInfo; - -typedef struct { - CSSM_OID certPolicyId; - uint32 numPolicyQualifiers; // size of *policyQualifiers; - CE_PolicyQualifierInfo *policyQualifiers; -} CE_PolicyInformation; - -typedef struct { - uint32 numPolicies; // size of *policies; - CE_PolicyInformation *policies; -} CE_CertPolicies; - -/* - * netscape-cert-type, a bit string. - * - * CSSM OID = CSSMOID_NetscapeCertType - * - * Bit fields defined in oidsattr.h: CE_NCT_SSL_Client, etc. - */ -typedef uint16 CE_NetscapeCertType; - -/* - * CRLDistributionPoints. - * - * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } - * - * cRLDistributionPoints ::= { - * CRLDistPointsSyntax } - * - * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * - * NOTE: RFC 2459 claims that the tag for the optional DistributionPointName - * is IMPLICIT as shown here, but in practice it is EXPLICIT. It has to be - - * because the underlying type also uses an implicit tag for distinguish - * between CHOICEs. - * - * DistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * reasons [1] ReasonFlags OPTIONAL, - * cRLIssuer [2] GeneralNames OPTIONAL } - * - * DistributionPointName ::= CHOICE { - * fullName [0] GeneralNames, - * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * - * ReasonFlags ::= BIT STRING { - * unused (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6) } - * - * CSSM OID = CSSMOID_CrlDistributionPoints - */ - -/* - * Note that this looks similar to CE_CrlReason, but that's an enum and this - * is an OR-able bit string. - */ -typedef uint8 CE_CrlDistReasonFlags; - -#define CE_CD_Unspecified 0x80 -#define CE_CD_KeyCompromise 0x40 -#define CE_CD_CACompromise 0x20 -#define CE_CD_AffiliationChanged 0x10 -#define CE_CD_Superseded 0x08 -#define CE_CD_CessationOfOperation 0x04 -#define CE_CD_CertificateHold 0x02 - -typedef enum { - CE_CDNT_FullName, - CE_CDNT_NameRelativeToCrlIssuer -} CE_CrlDistributionPointNameType; - -typedef struct { - CE_CrlDistributionPointNameType nameType; - union { - CE_GeneralNames *fullName; - CSSM_X509_RDN_PTR rdn; - }; -} CE_DistributionPointName; - -/* - * The top-level CRLDistributionPoint. - * All fields are optional; NULL pointers indicate absence. - */ -typedef struct { - CE_DistributionPointName *distPointName; - CSSM_BOOL reasonsPresent; - CE_CrlDistReasonFlags reasons; - CE_GeneralNames *crlIssuer; -} CE_CRLDistributionPoint; - -typedef struct { - uint32 numDistPoints; - CE_CRLDistributionPoint *distPoints; -} CE_CRLDistPointsSyntax; - - -/*** CRL extensions ***/ - -/* - * cRLNumber, an integer. - * - * CSSM OID = CSSMOID_CrlNumber - */ -typedef uint32 CE_CrlNumber; - -/* - * deltaCRLIndicator, an integer. - * - * CSSM OID = CSSMOID_DeltaCrlIndicator - */ -typedef uint32 CE_DeltaCrl; - -/* - * IssuingDistributionPoint - * - * id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } - * - * issuingDistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, - * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, - * onlySomeReasons [3] ReasonFlags OPTIONAL, - * indirectCRL [4] BOOLEAN DEFAULT FALSE } - * - * CSSM OID = CSSMOID_IssuingDistributionPoint - */ -typedef struct { - CE_DistributionPointName *distPointName; // optional - CSSM_BOOL onlyUserCertsPresent; - CSSM_BOOL onlyUserCerts; - CSSM_BOOL onlyCACertsPresent; - CSSM_BOOL onlyCACerts; - CSSM_BOOL onlySomeReasonsPresent; - CE_CrlDistReasonFlags onlySomeReasons; - CSSM_BOOL indirectCrlPresent; - CSSM_BOOL indirectCrl; -} CE_IssuingDistributionPoint; - -/* - * An enumerated list identifying one of the above per-extension - * structs. - */ -typedef enum { - DT_AuthorityKeyID, // CE_AuthorityKeyID - DT_SubjectKeyID, // CE_SubjectKeyID - DT_KeyUsage, // CE_KeyUsage - DT_SubjectAltName, // implies CE_GeneralName - DT_IssuerAltName, // implies CE_GeneralName - DT_ExtendedKeyUsage, // CE_ExtendedKeyUsage - DT_BasicConstraints, // CE_BasicConstraints - DT_CertPolicies, // CE_CertPolicies - DT_NetscapeCertType, // CE_NetscapeCertType - DT_CrlNumber, // CE_CrlNumber - DT_DeltaCrl, // CE_DeltaCrl - DT_CrlReason, // CE_CrlReason - DT_CrlDistributionPoints, // CE_CRLDistPointsSyntax - DT_IssuingDistributionPoint,// CE_IssuingDistributionPoint - DT_Other // unknown, raw data as a CSSM_DATA -} CE_DataType; - -/* - * One unified representation of all the cert adn CRL extensions we know about. - */ -typedef union { - CE_AuthorityKeyID authorityKeyID; - CE_SubjectKeyID subjectKeyID; - CE_KeyUsage keyUsage; - CE_GeneralNames subjectAltName; - CE_GeneralNames issuerAltName; - CE_ExtendedKeyUsage extendedKeyUsage; - CE_BasicConstraints basicConstraints; - CE_CertPolicies certPolicies; - CE_NetscapeCertType netscapeCertType; - CE_CrlNumber crlNumber; - CE_DeltaCrl deltaCrl; - CE_CrlReason crlReason; - CE_CRLDistPointsSyntax crlDistPoints; - CE_IssuingDistributionPoint issuingDistPoint; - CSSM_DATA rawData; // unknown, not decoded -} CE_Data; - -typedef struct { - CE_DataType type; - CE_Data extension; - CSSM_BOOL critical; -} CE_DataAndType; - -#endif /* _CERT_EXTENSIONS_H_ */ diff --git a/cdsa/cdsa/cssm.h b/cdsa/cdsa/cssm.h deleted file mode 100644 index f0c5d900..00000000 --- a/cdsa/cdsa/cssm.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssm.h - - Contains: Common Security Services Manager Interface - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. - -*/ - -#ifndef _CSSM_H_ -#define _CSSM_H_ 1 - -#include -#include -#include -#include -#include - -#endif /* _CSSM_H_ */ diff --git a/cdsa/cdsa/cssmaci.h b/cdsa/cdsa/cssmaci.h deleted file mode 100644 index 2f1ca2e2..00000000 --- a/cdsa/cdsa/cssmaci.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmaci.h - - Contains: Sevice Provider Interface for Access Control Module - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. - */ - -#ifndef _CSSMACI_H_ -#define _CSSMACI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_spi_ac_funcs { - CSSM_RETURN (CSSMACI *AuthCompute) - (CSSM_AC_HANDLE ACHandle, - const CSSM_TUPLEGROUP *BaseAuthorizations, - const CSSM_TUPLEGROUP *Credentials, - uint32 NumberOfRequestors, - const CSSM_LIST *Requestors, - const CSSM_LIST *RequestedAuthorizationPeriod, - const CSSM_LIST *RequestedAuthorization, - CSSM_TUPLEGROUP_PTR AuthorizationResult); - CSSM_RETURN (CSSMACI *PassThrough) - (CSSM_AC_HANDLE ACHandle, - CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); -} CSSM_SPI_AC_FUNCS, *CSSM_SPI_AC_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMACI_H_ */ diff --git a/cdsa/cdsa/cssmapi.h b/cdsa/cdsa/cssmapi.h deleted file mode 100644 index 6feaf51d..00000000 --- a/cdsa/cdsa/cssmapi.h +++ /dev/null @@ -1,1181 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmapi.h - - Contains: Application Programmers Interfaces for CSSM - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMAPI_H_ -#define _CSSMAPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Core Functions */ - -CSSM_RETURN CSSMAPI -CSSM_Init (const CSSM_VERSION *Version, - CSSM_PRIVILEGE_SCOPE Scope, - const CSSM_GUID *CallerGuid, - CSSM_KEY_HIERARCHY KeyHierarchy, - CSSM_PVC_MODE *PvcPolicy, - const void *Reserved); - -CSSM_RETURN CSSMAPI -CSSM_Terminate (void); - -CSSM_RETURN CSSMAPI -CSSM_ModuleLoad (const CSSM_GUID *ModuleGuid, - CSSM_KEY_HIERARCHY KeyHierarchy, - CSSM_API_ModuleEventHandler AppNotifyCallback, - void *AppNotifyCallbackCtx); - -CSSM_RETURN CSSMAPI -CSSM_ModuleUnload (const CSSM_GUID *ModuleGuid, - CSSM_API_ModuleEventHandler AppNotifyCallback, - void *AppNotifyCallbackCtx); - -CSSM_RETURN CSSMAPI -CSSM_Introduce (const CSSM_GUID *ModuleID, - CSSM_KEY_HIERARCHY KeyHierarchy); - -CSSM_RETURN CSSMAPI -CSSM_Unintroduce (const CSSM_GUID *ModuleID); - -CSSM_RETURN CSSMAPI -CSSM_ModuleAttach (const CSSM_GUID *ModuleGuid, - const CSSM_VERSION *Version, - const CSSM_API_MEMORY_FUNCS *MemoryFuncs, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - CSSM_KEY_HIERARCHY KeyHierarchy, - CSSM_FUNC_NAME_ADDR *FunctionTable, - uint32 NumFunctionTable, - const void *Reserved, - CSSM_MODULE_HANDLE_PTR NewModuleHandle); - -CSSM_RETURN CSSMAPI -CSSM_ModuleDetach (CSSM_MODULE_HANDLE ModuleHandle); - -CSSM_RETURN CSSMAPI -CSSM_SetPrivilege (CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_GetPrivilege (CSSM_PRIVILEGE *Privilege); - -CSSM_RETURN CSSMAPI -CSSM_GetModuleGUIDFromHandle (CSSM_MODULE_HANDLE ModuleHandle, - CSSM_GUID_PTR ModuleGUID); - -CSSM_RETURN CSSMAPI -CSSM_GetSubserviceUIDFromHandle (CSSM_MODULE_HANDLE ModuleHandle, - CSSM_SUBSERVICE_UID_PTR SubserviceUID); - -CSSM_RETURN CSSMAPI -CSSM_ListAttachedModuleManagers (uint32 *NumberOfModuleManagers, - CSSM_GUID_PTR ModuleManagerGuids); - -CSSM_RETURN CSSMAPI -CSSM_GetAPIMemoryFunctions (CSSM_MODULE_HANDLE AddInHandle, - CSSM_API_MEMORY_FUNCS_PTR AppMemoryFuncs); - - -/* Cryptographic Context Operations */ - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateSignatureContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateSymmetricContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - CSSM_ENCRYPT_MODE Mode, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_DATA *InitVector, - CSSM_PADDING Padding, - void *Reserved, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateDigestContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateMacContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - const CSSM_KEY *Key, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateRandomGenContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - const CSSM_CRYPTO_DATA *Seed, - uint32 Length, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateAsymmetricContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - CSSM_PADDING Padding, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateDeriveKeyContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - CSSM_KEY_TYPE DeriveKeyType, - uint32 DeriveKeyLengthInBits, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *BaseKey, - uint32 IterationCount, - const CSSM_DATA *Salt, - const CSSM_CRYPTO_DATA *Seed, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreateKeyGenContext (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS AlgorithmID, - uint32 KeySizeInBits, - const CSSM_CRYPTO_DATA *Seed, - const CSSM_DATA *Salt, - const CSSM_DATE *StartDate, - const CSSM_DATE *EndDate, - const CSSM_DATA *Params, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_CreatePassThroughContext (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *Key, - CSSM_CC_HANDLE *NewContextHandle); - -CSSM_RETURN CSSMAPI -CSSM_GetContext (CSSM_CC_HANDLE CCHandle, - CSSM_CONTEXT_PTR *Context); - -CSSM_RETURN CSSMAPI -CSSM_FreeContext (CSSM_CONTEXT_PTR Context); - -CSSM_RETURN CSSMAPI -CSSM_SetContext (CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - -CSSM_RETURN CSSMAPI -CSSM_DeleteContext (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_GetContextAttribute (const CSSM_CONTEXT *Context, - uint32 AttributeType, - CSSM_CONTEXT_ATTRIBUTE_PTR *ContextAttribute); - -CSSM_RETURN CSSMAPI -CSSM_UpdateContextAttributes (CSSM_CC_HANDLE CCHandle, - uint32 NumberOfAttributes, - const CSSM_CONTEXT_ATTRIBUTE *ContextAttributes); - -CSSM_RETURN CSSMAPI -CSSM_DeleteContextAttributes (CSSM_CC_HANDLE CCHandle, - uint32 NumberOfAttributes, - const CSSM_CONTEXT_ATTRIBUTE *ContextAttributes); - - -/* Cryptographic Sessions and Controlled Access to Keys */ - -CSSM_RETURN CSSMAPI -CSSM_CSP_Login (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_DATA *LoginName, - const void *Reserved); - -CSSM_RETURN CSSMAPI -CSSM_CSP_Logout (CSSM_CSP_HANDLE CSPHandle); - -CSSM_RETURN CSSMAPI -CSSM_CSP_GetLoginAcl (CSSM_CSP_HANDLE CSPHandle, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - -CSSM_RETURN CSSMAPI -CSSM_CSP_ChangeLoginAcl (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit); - -CSSM_RETURN CSSMAPI -CSSM_GetKeyAcl (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *Key, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - -CSSM_RETURN CSSMAPI -CSSM_ChangeKeyAcl (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit, - const CSSM_KEY *Key); - -CSSM_RETURN CSSMAPI -CSSM_GetKeyOwner (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *Key, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - -CSSM_RETURN CSSMAPI -CSSM_ChangeKeyOwner (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); - -CSSM_RETURN CSSMAPI -CSSM_CSP_GetLoginOwner (CSSM_CSP_HANDLE CSPHandle, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - -CSSM_RETURN CSSMAPI -CSSM_CSP_ChangeLoginOwner (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); - -CSSM_RETURN CSSMAPI -CSSM_SignData (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - CSSM_DATA_PTR Signature); - -CSSM_RETURN CSSMAPI -CSSM_SignDataInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_SignDataUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - -CSSM_RETURN CSSMAPI -CSSM_SignDataFinal (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Signature); - -CSSM_RETURN CSSMAPI -CSSM_VerifyData (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - const CSSM_DATA *Signature); - -CSSM_RETURN CSSMAPI -CSSM_VerifyDataInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_VerifyDataUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - -CSSM_RETURN CSSMAPI -CSSM_VerifyDataFinal (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Signature); - -CSSM_RETURN CSSMAPI -CSSM_DigestData (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_DATA_PTR Digest); - -CSSM_RETURN CSSMAPI -CSSM_DigestDataInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_DigestDataUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - -CSSM_RETURN CSSMAPI -CSSM_DigestDataClone (CSSM_CC_HANDLE CCHandle, - CSSM_CC_HANDLE *ClonednewCCHandle); - -CSSM_RETURN CSSMAPI -CSSM_DigestDataFinal (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Digest); - -CSSM_RETURN CSSMAPI -CSSM_GenerateMac (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_DATA_PTR Mac); - -CSSM_RETURN CSSMAPI -CSSM_GenerateMacInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_GenerateMacUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - -CSSM_RETURN CSSMAPI -CSSM_GenerateMacFinal (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Mac); - -CSSM_RETURN CSSMAPI -CSSM_VerifyMac (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - const CSSM_DATA *Mac); - -CSSM_RETURN CSSMAPI -CSSM_VerifyMacInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_VerifyMacUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - -CSSM_RETURN CSSMAPI -CSSM_VerifyMacFinal (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Mac); - -CSSM_RETURN CSSMAPI -CSSM_QuerySize (CSSM_CC_HANDLE CCHandle, - CSSM_BOOL Encrypt, - uint32 QuerySizeCount, - CSSM_QUERY_SIZE_DATA_PTR DataBlockSizes); - -CSSM_RETURN CSSMAPI -CSSM_EncryptData (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *ClearBufs, - uint32 ClearBufCount, - CSSM_DATA_PTR CipherBufs, - uint32 CipherBufCount, - uint32 *bytesEncrypted, - CSSM_DATA_PTR RemData); - -CSSM_RETURN CSSMAPI -CSSM_EncryptDataP (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *ClearBufs, - uint32 ClearBufCount, - CSSM_DATA_PTR CipherBufs, - uint32 CipherBufCount, - uint32 *bytesEncrypted, - CSSM_DATA_PTR RemData, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_EncryptDataInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_EncryptDataInitP (CSSM_CC_HANDLE CCHandle, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_EncryptDataUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *ClearBufs, - uint32 ClearBufCount, - CSSM_DATA_PTR CipherBufs, - uint32 CipherBufCount, - uint32 *bytesEncrypted); - -CSSM_RETURN CSSMAPI -CSSM_EncryptDataFinal (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR RemData); - -CSSM_RETURN CSSMAPI -CSSM_DecryptData (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CipherBufs, - uint32 CipherBufCount, - CSSM_DATA_PTR ClearBufs, - uint32 ClearBufCount, - uint32 *bytesDecrypted, - CSSM_DATA_PTR RemData); - -CSSM_RETURN CSSMAPI -CSSM_DecryptDataP (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CipherBufs, - uint32 CipherBufCount, - CSSM_DATA_PTR ClearBufs, - uint32 ClearBufCount, - uint32 *bytesDecrypted, - CSSM_DATA_PTR RemData, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_DecryptDataInit (CSSM_CC_HANDLE CCHandle); - -CSSM_RETURN CSSMAPI -CSSM_DecryptDataInitP (CSSM_CC_HANDLE CCHandle, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_DecryptDataUpdate (CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CipherBufs, - uint32 CipherBufCount, - CSSM_DATA_PTR ClearBufs, - uint32 ClearBufCount, - uint32 *bytesDecrypted); - -CSSM_RETURN CSSMAPI -CSSM_DecryptDataFinal (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR RemData); - -CSSM_RETURN CSSMAPI -CSSM_QueryKeySizeInBits (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_KEY *Key, - CSSM_KEY_SIZE_PTR KeySize); - -CSSM_RETURN CSSMAPI -CSSM_GenerateKey (CSSM_CC_HANDLE CCHandle, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR Key); - -CSSM_RETURN CSSMAPI -CSSM_GenerateKeyP (CSSM_CC_HANDLE CCHandle, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR Key, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_GenerateKeyPair (CSSM_CC_HANDLE CCHandle, - uint32 PublicKeyUsage, - uint32 PublicKeyAttr, - const CSSM_DATA *PublicKeyLabel, - CSSM_KEY_PTR PublicKey, - uint32 PrivateKeyUsage, - uint32 PrivateKeyAttr, - const CSSM_DATA *PrivateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR PrivateKey); - -CSSM_RETURN CSSMAPI -CSSM_GenerateKeyPairP (CSSM_CC_HANDLE CCHandle, - uint32 PublicKeyUsage, - uint32 PublicKeyAttr, - const CSSM_DATA *PublicKeyLabel, - CSSM_KEY_PTR PublicKey, - uint32 PrivateKeyUsage, - uint32 PrivateKeyAttr, - const CSSM_DATA *PrivateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR PrivateKey, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_GenerateRandom (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR RandomNumber); - -CSSM_RETURN CSSMAPI -CSSM_CSP_ObtainPrivateKeyFromPublicKey (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *PublicKey, - CSSM_KEY_PTR PrivateKey); - -CSSM_RETURN CSSMAPI -CSSM_WrapKey (CSSM_CC_HANDLE CCHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_DATA *DescriptiveData, - CSSM_WRAP_KEY_PTR WrappedKey); - -CSSM_RETURN CSSMAPI -CSSM_UnwrapKey (CSSM_CC_HANDLE CCHandle, - const CSSM_KEY *PublicKey, - const CSSM_WRAP_KEY *WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR UnwrappedKey, - CSSM_DATA_PTR DescriptiveData); - -CSSM_RETURN CSSMAPI -CSSM_WrapKeyP (CSSM_CC_HANDLE CCHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_DATA *DescriptiveData, - CSSM_WRAP_KEY_PTR WrappedKey, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_UnwrapKeyP (CSSM_CC_HANDLE CCHandle, - const CSSM_KEY *PublicKey, - const CSSM_WRAP_KEY *WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR UnwrappedKey, - CSSM_DATA_PTR DescriptiveData, - CSSM_PRIVILEGE Privilege); - -CSSM_RETURN CSSMAPI -CSSM_DeriveKey (CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR DerivedKey); - -CSSM_RETURN CSSMAPI -CSSM_FreeKey (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - CSSM_KEY_PTR KeyPtr, - CSSM_BOOL Delete); - -CSSM_RETURN CSSMAPI -CSSM_GenerateAlgorithmParams (CSSM_CC_HANDLE CCHandle, - uint32 ParamBits, - CSSM_DATA_PTR Param); - - -/* Miscellaneous Functions for Cryptographic Services */ - -CSSM_RETURN CSSMAPI -CSSM_CSP_GetOperationalStatistics (CSSM_CSP_HANDLE CSPHandle, - CSSM_CSP_OPERATIONAL_STATISTICS *Statistics); - -CSSM_RETURN CSSMAPI -CSSM_GetTimeValue (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS TimeAlgorithm, - CSSM_DATA *TimeData); - -CSSM_RETURN CSSMAPI -CSSM_RetrieveUniqueId (CSSM_CSP_HANDLE CSPHandle, - CSSM_DATA_PTR UniqueID); - -CSSM_RETURN CSSMAPI -CSSM_RetrieveCounter (CSSM_CSP_HANDLE CSPHandle, - CSSM_DATA_PTR Counter); - -CSSM_RETURN CSSMAPI -CSSM_VerifyDevice (CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *DeviceCert); - - -/* Extensibility Functions for Cryptographic Services */ - -CSSM_RETURN CSSMAPI -CSSM_CSP_PassThrough (CSSM_CC_HANDLE CCHandle, - uint32 PassThroughId, - const void *InData, - void **OutData); - - -/* Trust Policy Operations */ - -CSSM_RETURN CSSMAPI -CSSM_TP_SubmitCredRequest (CSSM_TP_HANDLE TPHandle, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, - const CSSM_TP_REQUEST_SET *RequestInput, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, - sint32 *EstimatedTime, - CSSM_DATA_PTR ReferenceIdentifier); - -CSSM_RETURN CSSMAPI -CSSM_TP_RetrieveCredResult (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - sint32 *EstimatedTime, - CSSM_BOOL *ConfirmationRequired, - CSSM_TP_RESULT_SET_PTR *RetrieveOutput); - -CSSM_RETURN CSSMAPI -CSSM_TP_ConfirmCredResult (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - const CSSM_TP_CONFIRM_RESPONSE *Responses, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority); - -CSSM_RETURN CSSMAPI -CSSM_TP_ReceiveConfirmation (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - CSSM_TP_CONFIRM_RESPONSE_PTR *Responses, - sint32 *ElapsedTime); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertReclaimKey (CSSM_TP_HANDLE TPHandle, - const CSSM_CERTGROUP *CertGroup, - uint32 CertIndex, - CSSM_LONG_HANDLE KeyCacheHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertReclaimAbort (CSSM_TP_HANDLE TPHandle, - CSSM_LONG_HANDLE KeyCacheHandle); - -CSSM_RETURN CSSMAPI -CSSM_TP_FormRequest (CSSM_TP_HANDLE TPHandle, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_FORM_TYPE FormType, - CSSM_DATA_PTR BlankForm); - -CSSM_RETURN CSSMAPI -CSSM_TP_FormSubmit (CSSM_TP_HANDLE TPHandle, - CSSM_TP_FORM_TYPE FormType, - const CSSM_DATA *Form, - const CSSM_TP_AUTHORITY_ID *ClearanceAuthority, - const CSSM_TP_AUTHORITY_ID *RepresentedAuthority, - CSSM_ACCESS_CREDENTIALS_PTR Credentials); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertGroupVerify (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_CERTGROUP *CertGroupToBeVerified, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertCreateTemplate (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CertFields, - CSSM_DATA_PTR CertTemplate); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertGetAllTemplateFields (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *CertTemplate, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertSign (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertTemplateToBeSigned, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR SignerVerifyResult, - CSSM_DATA_PTR SignedCert); - -CSSM_RETURN CSSMAPI -CSSM_TP_CrlVerify (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL *CrlToBeVerified, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult); - -CSSM_RETURN CSSMAPI -CSSM_TP_CrlCreateTemplate (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlFields, - CSSM_DATA_PTR NewCrlTemplate); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertRevoke (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *OldCrlTemplate, - const CSSM_CERTGROUP *CertGroupToBeRevoked, - const CSSM_CERTGROUP *RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult, - CSSM_TP_CERTCHANGE_REASON Reason, - CSSM_DATA_PTR NewCrlTemplate); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertRemoveFromCrlTemplate (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *OldCrlTemplate, - const CSSM_CERTGROUP *CertGroupToBeRemoved, - const CSSM_CERTGROUP *RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult, - CSSM_DATA_PTR NewCrlTemplate); - -CSSM_RETURN CSSMAPI -CSSM_TP_CrlSign (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_ENCODED_CRL *CrlToBeSigned, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR SignerVerifyResult, - CSSM_DATA_PTR SignedCrl); - -CSSM_RETURN CSSMAPI -CSSM_TP_ApplyCrlToDb (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL *CrlToBeApplied, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertGroupConstruct (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DL_DB_LIST *DBList, - const void *ConstructParams, - const CSSM_CERTGROUP *CertGroupFrag, - CSSM_CERTGROUP_PTR *CertGroup); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertGroupPrune (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_DL_DB_LIST *DBList, - const CSSM_CERTGROUP *OrderedCertGroup, - CSSM_CERTGROUP_PTR *PrunedCertGroup); - -CSSM_RETURN CSSMAPI -CSSM_TP_CertGroupToTupleGroup (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_CERTGROUP *CertGroup, - CSSM_TUPLEGROUP_PTR *TupleGroup); - -CSSM_RETURN CSSMAPI -CSSM_TP_TupleGroupToCertGroup (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_TUPLEGROUP *TupleGroup, - CSSM_CERTGROUP_PTR *CertTemplates); - -CSSM_RETURN CSSMAPI -CSSM_TP_PassThrough (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - - -/* Authorization Computation Operations */ - -CSSM_RETURN CSSMAPI -CSSM_AC_AuthCompute (CSSM_AC_HANDLE ACHandle, - const CSSM_TUPLEGROUP *BaseAuthorizations, - const CSSM_TUPLEGROUP *Credentials, - uint32 NumberOfRequestors, - const CSSM_LIST *Requestors, - const CSSM_LIST *RequestedAuthorizationPeriod, - const CSSM_LIST *RequestedAuthorization, - CSSM_TUPLEGROUP_PTR AuthorizationResult); - -CSSM_RETURN CSSMAPI -CSSM_AC_PassThrough (CSSM_AC_HANDLE ACHandle, - CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - - -/* Certificate Library Operations */ - -CSSM_RETURN CSSMAPI -CSSM_CL_CertCreateTemplate (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CertFields, - CSSM_DATA_PTR CertTemplate); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetAllTemplateFields (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *CertTemplate, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertSign (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertTemplate, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CSSM_DATA_PTR SignedCert); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertVerify (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertToBeVerified, - const CSSM_DATA *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertVerifyWithKey (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertToBeVerified); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetFirstFieldValue (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_OID *CertField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetNextFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertAbortQuery (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetKeyInfo (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_KEY_PTR *Key); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetAllFields (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - -CSSM_RETURN CSSMAPI -CSSM_CL_FreeFields (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - CSSM_FIELD_PTR *Fields); - -CSSM_RETURN CSSMAPI -CSSM_CL_FreeFieldValue (CSSM_CL_HANDLE CLHandle, - const CSSM_OID *CertOrCrlOid, - CSSM_DATA_PTR Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertCache (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_HANDLE_PTR CertHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetFirstCachedFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CertHandle, - const CSSM_OID *CertField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGetNextCachedFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertAbortCache (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CertHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGroupToSignedBundle (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CERTGROUP *CertGroupToBundle, - const CSSM_CERT_BUNDLE_HEADER *BundleInfo, - CSSM_DATA_PTR SignedBundle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertGroupFromVerifiedBundle (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CERT_BUNDLE *CertBundle, - const CSSM_DATA *SignerCert, - CSSM_CERTGROUP_PTR *CertGroup); - -CSSM_RETURN CSSMAPI -CSSM_CL_CertDescribeFormat (CSSM_CL_HANDLE CLHandle, - uint32 *NumberOfFields, - CSSM_OID_PTR *OidList); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlCreateTemplate (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - CSSM_DATA_PTR NewCrl); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlSetFields (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR ModifiedCrl); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlAddCert (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Cert, - uint32 NumberOfFields, - const CSSM_FIELD *CrlEntryFields, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR NewCrl); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlRemoveCert (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR NewCrl); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlSign (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *UnsignedCrl, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CSSM_DATA_PTR SignedCrl); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlVerify (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CrlToBeVerified, - const CSSM_DATA *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlVerifyWithKey (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CrlToBeVerified); - -CSSM_RETURN CSSMAPI -CSSM_CL_IsCertInCrl (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_DATA *Crl, - CSSM_BOOL *CertFound); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetFirstFieldValue (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - const CSSM_OID *CrlField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetNextFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlAbortQuery (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetAllFields (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - uint32 *NumberOfCrlFields, - CSSM_FIELD_PTR *CrlFields); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlCache (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - CSSM_HANDLE_PTR CrlHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_IsCertInCachedCrl (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_HANDLE CrlHandle, - CSSM_BOOL *CertFound, - CSSM_DATA_PTR CrlRecordIndex); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetFirstCachedFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle, - const CSSM_DATA *CrlRecordIndex, - const CSSM_OID *CrlField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetNextCachedFieldValue (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlGetAllCachedRecordFields (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle, - const CSSM_DATA *CrlRecordIndex, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CrlFields); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlAbortCache (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle); - -CSSM_RETURN CSSMAPI -CSSM_CL_CrlDescribeFormat (CSSM_CL_HANDLE CLHandle, - uint32 *NumberOfFields, - CSSM_OID_PTR *OidList); - -CSSM_RETURN CSSMAPI -CSSM_CL_PassThrough (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - - -/* Data Storage Library Operations */ - -CSSM_RETURN CSSMAPI -CSSM_DL_DbOpen (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const void *OpenParameters, - CSSM_DB_HANDLE *DbHandle); - -CSSM_RETURN CSSMAPI -CSSM_DL_DbClose (CSSM_DL_DB_HANDLE DLDBHandle); - -CSSM_RETURN CSSMAPI -CSSM_DL_DbCreate (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_DBINFO *DBInfo, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - const void *OpenParameters, - CSSM_DB_HANDLE *DbHandle); - -CSSM_RETURN CSSMAPI -CSSM_DL_DbDelete (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_ACCESS_CREDENTIALS *AccessCred); - -CSSM_RETURN CSSMAPI -CSSM_DL_CreateRelation (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RelationID, - const char *RelationName, - uint32 NumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo, - uint32 NumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo); - -CSSM_RETURN CSSMAPI -CSSM_DL_DestroyRelation (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RelationID); - -CSSM_RETURN CSSMAPI -CSSM_DL_Authenticate (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred); - -CSSM_RETURN CSSMAPI -CSSM_DL_GetDbAcl (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - -CSSM_RETURN CSSMAPI -CSSM_DL_ChangeDbAcl (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit); - -CSSM_RETURN CSSMAPI -CSSM_DL_GetDbOwner (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - -CSSM_RETURN CSSMAPI -CSSM_DL_ChangeDbOwner (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); - -CSSM_RETURN CSSMAPI -CSSM_DL_GetDbNames (CSSM_DL_HANDLE DLHandle, - CSSM_NAME_LIST_PTR *NameList); - -CSSM_RETURN CSSMAPI -CSSM_DL_GetDbNameFromHandle (CSSM_DL_DB_HANDLE DLDBHandle, - char **DbName); - -CSSM_RETURN CSSMAPI -CSSM_DL_FreeNameList (CSSM_DL_HANDLE DLHandle, - CSSM_NAME_LIST_PTR NameList); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataInsert (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *Attributes, - const CSSM_DATA *Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataDelete (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecordIdentifier); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataModify (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *AttributesToBeModified, - const CSSM_DATA *DataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataGetFirst (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_QUERY *Query, - CSSM_HANDLE_PTR ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataGetNext (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataAbortQuery (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_HANDLE ResultsHandle); - -CSSM_RETURN CSSMAPI -CSSM_DL_DataGetFromUniqueRecordId (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data); - -CSSM_RETURN CSSMAPI -CSSM_DL_FreeUniqueRecord (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord); - -CSSM_RETURN CSSMAPI -CSSM_DL_PassThrough (CSSM_DL_DB_HANDLE DLDBHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMAPI_H_ */ diff --git a/cdsa/cdsa/cssmapple.h b/cdsa/cdsa/cssmapple.h deleted file mode 100644 index 7cc78f6d..00000000 --- a/cdsa/cdsa/cssmapple.h +++ /dev/null @@ -1,859 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmapple.h - - Contains: CSSM features specific to Apple's Implementation -*/ - -#ifndef _CSSMAPPLE_H_ -#define _CSSMAPPLE_H_ 1 - -#include -#include -#include /* for CSSM_APPLE_TP_CERT_REQUEST fields */ -#include /* ditto */ -#include /* for the BSD *_t types */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Guids for standard Apple addin modules. */ - -/* {87191ca0-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidCssm; - -/* {87191ca1-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidAppleFileDL; - -/* {87191ca2-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidAppleCSP; - -/* {87191ca3-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidAppleCSPDL; - -/* {87191ca4-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidAppleX509CL; - -/* {87191ca5-0fc9-11d4-849a-000502b52122} */ -extern const CSSM_GUID gGuidAppleX509TP; - - -/* Apple defined WORDID values */ -enum -{ - CSSM_WORDID_KEYCHAIN_PROMPT = CSSM_WORDID_VENDOR_START, - CSSM_WORDID_KEYCHAIN_LOCK, - CSSM_WORDID_KEYCHAIN_CHANGE_LOCK, - CSSM_WORDID_PROCESS, - CSSM_WORDID__RESERVED_1, // was used in 10.2 test seeds; no longer in use - CSSM_WORDID_SYMMETRIC_KEY, - CSSM_WORDID_SYSTEM, - CSSM_WORDID__FIRST_UNUSED -}; - -/* Apple defined ACL subject and credential types */ -enum -{ - CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT = CSSM_WORDID_KEYCHAIN_PROMPT, - CSSM_ACL_SUBJECT_TYPE_PROCESS = CSSM_WORDID_PROCESS, - CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE = CSSM_WORDID_SIGNATURE, - CSSM_ACL_SUBJECT_TYPE_COMMENT = CSSM_WORDID_COMMENT -}; - -enum -{ - CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT = CSSM_WORDID_KEYCHAIN_PROMPT, - CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK = CSSM_WORDID_KEYCHAIN_LOCK, - CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK = CSSM_WORDID_KEYCHAIN_CHANGE_LOCK, - CSSM_SAMPLE_TYPE_PROCESS = CSSM_WORDID_PROCESS, - CSSM_SAMPLE_TYPE_COMMENT = CSSM_WORDID_COMMENT, - CSSM_SAMPLE_TYPE_RETRY_ID = CSSM_WORDID_PROPAGATE -}; - - -/* Apple-defined ACL authorization tags */ -enum { - CSSM_ACL_AUTHORIZATION_CHANGE_ACL = CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START, - CSSM_ACL_AUTHORIZATION_CHANGE_OWNER -}; - - -/* Parameters and structures for Apple-defined ACL subjects and samples */ - -enum { /* types of code signatures - item 1 of CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE subjects */ - CSSM_ACL_CODE_SIGNATURE_INVALID = 0, /* standard OS X code signature */ - CSSM_ACL_CODE_SIGNATURE_OSX = 1 /* standard OS X code signature */ -}; - -/* ACL subjects of type PROCESS */ - -enum { /* PROCESS_SUBJECT mask fields */ - CSSM_ACL_MATCH_UID = 0x01, /* match userid against uid field */ - CSSM_ACL_MATCH_GID = 0x02, /* match groupid against gid field */ - CSSM_ACL_MATCH_HONOR_ROOT = 0x100, /* let root (uid 0) match any userid */ - CSSM_ACL_MATCH_BITS = CSSM_ACL_MATCH_UID | CSSM_ACL_MATCH_GID -}; - -enum { /* PROCESS_SUBJECT structure version field */ - CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION = 0x101 -}; - -typedef struct cssm_acl_process_subject_selector { /* PROCESS_SUBJECT selector */ - uint16 version; /* version of this selector */ - uint16 mask; /* active fields mask */ - uint32 uid; /* effective user id match */ - uint32 gid; /* effective group id match */ -} CSSM_ACL_PROCESS_SUBJECT_SELECTOR; - -/* ACL subjects of type KEYCHAIN_PROMPT */ - -enum { /* KEYCHAIN_PROMPT structure version field */ - CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION = 0x101 -}; - -enum { /* KEYCHAIN_PROMPT operational flags */ - CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE = 0x0001 /* require re-entering of passphrase */ -}; - -typedef struct cssm_acl_keychain_prompt_selector { /* KEYCHAIN_PROMPT selector */ - uint16 version; /* version of this selector */ - uint16 flags; /* flag bits */ -} CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR; - - -/* Apple defined algorithm IDs */ -enum -{ - CSSM_ALGID_APPLE_YARROW = CSSM_ALGID_VENDOR_DEFINED, - CSSM_ALGID_AES, /* RijnDael */ - CSSM_ALGID_FEE, /* FEE Key Generation */ - CSSM_ALGID_FEE_MD5, /* FEE/ElGamal signature w/ MD5 hash */ - CSSM_ALGID_FEE_SHA1, /* FEE/ElGamal signature w/ SHA1 hash */ - CSSM_ALGID_FEED, /* 1:1 FEE asymmetric encryption */ - CSSM_ALGID_FEEDEXP, /* 2:1 FEE asymmetric encryption */ - CSSM_ALGID_ASC, /* Apple Secure Compression */ - CSSM_ALGID_SHA1HMAC_LEGACY, /* HMAC/SHA1, legacy compatible */ - CSSM_ALGID_KEYCHAIN_KEY, /* derive or manipulate keychain master keys */ - CSSM_ALGID_PKCS12_PBE_ENCR, /* PKCS12, encrypt/decrypt key */ - CSSM_ALGID_PKCS12_PBE_MAC, /* PKCS12, MAC key */ - CSSM_ALGID__FIRST_UNUSED -}; - -/* Apple defined keyblob formats */ -enum { - CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED = 0x80000000 -}; -enum { - /* X509 SubjectPublicKeyInfo */ - CSSM_KEYBLOB_RAW_FORMAT_X509 = CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED, - /* openssh */ - CSSM_KEYBLOB_RAW_FORMAT_OPENSSH, - /* openssl-style DSA private key */ - CSSM_KEYBLOB_RAW_FORMAT_OPENSSL -}; - -/* Apple adds some "common" error codes. CDSA does not define an official start value for this. */ -enum -{ - CSSM_CUSTOM_COMMON_ERROR_EXTENT = 0x00e0, - - CSSM_ERRCODE_NO_USER_INTERACTION = 0x00e0, - CSSM_ERRCODE_USER_CANCELED = 0x00e1, - CSSM_ERRCODE_SERVICE_NOT_AVAILABLE = 0x00e2, - CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION = 0x00e3 -}; - -enum { - CSSMERR_CSSM_NO_USER_INTERACTION = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - CSSMERR_AC_NO_USER_INTERACTION = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - CSSMERR_CSP_NO_USER_INTERACTION = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - CSSMERR_CL_NO_USER_INTERACTION = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - CSSMERR_DL_NO_USER_INTERACTION = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - CSSMERR_TP_NO_USER_INTERACTION = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - - CSSMERR_CSSM_USER_CANCELED = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - CSSMERR_AC_USER_CANCELED = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - CSSMERR_CSP_USER_CANCELED = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - CSSMERR_CL_USER_CANCELED = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - CSSMERR_DL_USER_CANCELED = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - CSSMERR_TP_USER_CANCELED = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, - - CSSMERR_CSSM_SERVICE_NOT_AVAILABLE = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - CSSMERR_AC_SERVICE_NOT_AVAILABLE = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - CSSMERR_CSP_SERVICE_NOT_AVAILABLE = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - CSSMERR_CL_SERVICE_NOT_AVAILABLE = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - CSSMERR_DL_SERVICE_NOT_AVAILABLE = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - CSSMERR_TP_SERVICE_NOT_AVAILABLE = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE, - - CSSMERR_CSSM_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION, - CSSMERR_AC_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION, - CSSMERR_CSP_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION, - CSSMERR_CL_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION, - CSSMERR_DL_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION, - CSSMERR_TP_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION -}; - -/* AppleCSPDL, AppleCSP private error codes. */ -enum { - CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT = CSSM_CSP_PRIVATE_ERROR + 0, - /* - * An attempt was made to use a public key which is incomplete due to - * the lack of algorithm-specific parameters. - */ - CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE = CSSM_CSP_PRIVATE_ERROR + 1, - - /* a code signature match failed */ - CSSMERR_CSP_APPLE_SIGNATURE_MISMATCH = CSSM_CSP_PRIVATE_ERROR + 2, - - /* Key StartDate/EndDate invalid */ - CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE = CSSM_CSP_PRIVATE_ERROR + 3, - CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE = CSSM_CSP_PRIVATE_ERROR + 4 -}; - - -/* AppleFileDL record types. */ -enum -{ - CSSM_DL_DB_RECORD_GENERIC_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0, - CSSM_DL_DB_RECORD_INTERNET_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 1, - CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 2, - - CSSM_DL_DB_RECORD_X509_CERTIFICATE = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x1000, - CSSM_DL_DB_RECORD_USER_TRUST, - CSSM_DL_DB_RECORD_X509_CRL, - CSSM_DL_DB_RECORD_METADATA = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000 -}; - -/* AppleFileDL extentions: passthrough ids */ -enum { - // Toggle whether or not to autocommit after modifying the database. - // The input parameter is a CSSM_BOOL, where TRUE turns autocommit on - // and FALSE turns it off. - CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, - - // Commit any pending changes to the database. - CSSM_APPLEFILEDL_COMMIT, - - // Rollback and discard any pending changes to the database. - CSSM_APPLEFILEDL_ROLLBACK -}; - -/* Apple DL private error codes. */ -enum -{ - /* The OpenParameters argument passed to CSSM_DL_DbCreate or CSSM_DL_DbOpen - was neither NULL nor a pointer to a valid CSSM_APPLEDL_OPEN_PARAMETERS - structure. */ - CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS = CSSM_DL_PRIVATE_ERROR + 0, - - /* an operation failed because the disk was full */ - CSSMERR_APPLEDL_DISK_FULL = CSSM_DL_PRIVATE_ERROR + 1, - - /* an operation failed because a disk quote was exceeded */ - CSSMERR_APPLEDL_QUOTA_EXCEEDED = CSSM_DL_PRIVATE_ERROR + 2, - - /* an operation failed because a file was too large */ - CSSMERR_APPLEDL_FILE_TOO_BIG = CSSM_DL_PRIVATE_ERROR + 3, - - /* a keychain database's internal information ("blob") is invalid */ - CSSMERR_APPLEDL_INVALID_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 4, - CSSMERR_APPLEDL_INVALID_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 5, - - /* the internal data format version for a database's internal information ("blob") is invalid */ - CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 6, - CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 7, -}; - -/* Apple X509TP private error codes. */ -enum -{ - /* mismatch between Cert's common name and app-specified host name */ - CSSMERR_APPLETP_HOSTNAME_MISMATCH = CSSM_TP_PRIVATE_ERROR + 0, - /* Non-understood extension with Critical flag true */ - CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN = CSSM_TP_PRIVATE_ERROR + 1, - /* Basic Constraints extension required per policy, but not present */ - CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS = CSSM_TP_PRIVATE_ERROR + 2, - /* Invalid BasicConstraints.CA */ - CSSMERR_APPLETP_INVALID_CA = CSSM_TP_PRIVATE_ERROR + 3, - /* Invalid Authority Key ID */ - CSSMERR_APPLETP_INVALID_AUTHORITY_ID = CSSM_TP_PRIVATE_ERROR + 4, - /* Invalid Subject Key ID */ - CSSMERR_APPLETP_INVALID_SUBJECT_ID = CSSM_TP_PRIVATE_ERROR + 5, - /* Invalid Key Usage for policy */ - CSSMERR_APPLETP_INVALID_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 6, - /* Invalid Extended Key Usage for policy */ - CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 7, - /* Invalid Subject/Authority Key ID Linkage */ - CSSMERR_APPLETP_INVALID_ID_LINKAGE = CSSM_TP_PRIVATE_ERROR + 8, - /* PathLengthConstraint exceeded */ - CSSMERR_APPLETP_PATH_LEN_CONSTRAINT = CSSM_TP_PRIVATE_ERROR + 9, - /* Cert group terminated at a root cert which did not self-verify */ - CSSMERR_APPLETP_INVALID_ROOT = CSSM_TP_PRIVATE_ERROR + 10, - /* CRL expired/not valid yet */ - CSSMERR_APPLETP_CRL_EXPIRED = CSSM_TP_PRIVATE_ERROR + 11, - CSSMERR_APPLETP_CRL_NOT_VALID_YET = CSSM_TP_PRIVATE_ERROR + 12, - /* Can't find appropriate CRL */ - CSSMERR_APPLETP_CRL_NOT_FOUND = CSSM_TP_PRIVATE_ERROR + 13, - /* specified CRL server down */ - CSSMERR_APPLETP_CRL_SERVER_DOWN = CSSM_TP_PRIVATE_ERROR + 14, - /* illegible CRL distribution point URL */ - CSSMERR_APPLETP_CRL_BAD_URI = CSSM_TP_PRIVATE_ERROR + 15, - /* Unknown critical cert/CRL extension */ - CSSMERR_APPLETP_UNKNOWN_CERT_EXTEN = CSSM_TP_PRIVATE_ERROR + 16, - CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN = CSSM_TP_PRIVATE_ERROR + 17, - /* CRL not verifiable to anchor or root */ - CSSMERR_APPLETP_CRL_NOT_TRUSTED = CSSM_TP_PRIVATE_ERROR + 18, - /* CRL verified to untrusted root */ - CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT = CSSM_TP_PRIVATE_ERROR + 19, - /* CRL failed policy verification */ - CSSMERR_APPLETP_CRL_POLICY_FAIL = CSSM_TP_PRIVATE_ERROR + 20, - /* IssuingDistributionPoint extension violation */ - CSSMERR_APPLETP_IDP_FAIL = CSSM_TP_PRIVATE_ERROR + 21, - /* Cert not found at specified issuerAltName */ - CSSMERR_APPLETP_CERT_NOT_FOUND_FROM_ISSUER = CSSM_TP_PRIVATE_ERROR + 22, - /* Bad cert obtained from specified issuerAltName */ - CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER = CSSM_TP_PRIVATE_ERROR + 23, - /* S/MIME Email address mismatch */ - CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND = CSSM_TP_PRIVATE_ERROR + 24, - /* Appropriate S/MIME ExtendedKeyUsage not found */ - CSSMERR_APPLETP_SMIME_BAD_EXT_KEY_USE = CSSM_TP_PRIVATE_ERROR + 25, - /* S/MIME KeyUsage incompatiblity */ - CSSMERR_APPLETP_SMIME_BAD_KEY_USE = CSSM_TP_PRIVATE_ERROR + 26, - /* S/MIME, cert with KeyUsage flagged !critical */ - CSSMERR_APPLETP_SMIME_KEYUSAGE_NOT_CRITICAL = CSSM_TP_PRIVATE_ERROR + 27, - /* S/MIME, leaf with empty subject name and no email addrs - * in SubjectAltName */ - CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS = CSSM_TP_PRIVATE_ERROR + 28, - /* S/MIME, leaf with empty subject name, SubjectAltName - * not critical */ - CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT = CSSM_TP_PRIVATE_ERROR + 29 -}; - -enum -{ - CSSM_APPLEDL_OPEN_PARAMETERS_VERSION = 1 -}; - -enum cssm_appledl_open_parameters_mask -{ - kCSSM_APPLEDL_MASK_MODE = (1 << 0) -}; - -/* Pass a CSSM_APPLEDL_OPEN_PARAMETERS_PTR as the OpenParameters argument to - CSSM_DL_DbCreate or CSSM_DL_DbOpen. When using this struct, you must zero - out the entire struct before setting any additional parameters to ensure - forward compatibility. */ -typedef struct cssm_appledl_open_parameters -{ - uint32 length; /* Should be sizeof(CSSM_APPLEDL_OPEN_PARAMETERS). */ - uint32 version; /* Should be CSSM_APPLEDL_OPEN_PARAMETERS_VERSION. */ - - /* If no OpenParameters are specified, autoCommit is on (!CSSM_FALSE) by default. - When autoCommit is on (!CSSM_FALSE), changes made to the Db are written to disk - before returning from each function. - When autoCommit is off (CSSM_FALSE), changes made to the database are not guaranteed - to be written to disk until the Db is closed. This is useful for bulk writes. - Be aware that if autoCommit is off, changes made in previous calls to the DL might - get rolled back if a new modification operation fails. */ - CSSM_BOOL autoCommit; - - /* Mask marking which of the following fields are to be used. */ - uint32 mask; - - /* When calling DbCreate, the initial mode to create the database file with; ignored on DbOpen. You must set the kCSSM_APPLEDL_MASK_MODE bit in mask or mode is ignored. */ - mode_t mode; -} CSSM_APPLEDL_OPEN_PARAMETERS, *CSSM_APPLEDL_OPEN_PARAMETERS_PTR; - - -/* AppleCSPDL passthough ids */ -enum -{ - /* Tell the SecurityServer to lock the database specified by the DLDBHandle argument. - The InputParams and OutputParams arguments are ignored. */ - CSSM_APPLECSPDL_DB_LOCK = 0, - - /* Tell the SecurityServer to unlock the database specified by the DLDBHandle argument. - The InputParameters argument is a CSSM_DATA_PTR containing the password, or NULL if - the SecurityServer should prompt for the password. - The OutputParams argument is ignored. - The SecurityServer will put up UI (though the SecurityAgent) when this function is called - iff InputParameters is NULL. */ - CSSM_APPLECSPDL_DB_UNLOCK = 1, - - /* Ask the SecurityServer to get the db settings specified for the database - specified by the DLDBHandle argument. The settings are returned in the OutputParameters argument. - The OutputParameters argument is a pointer to a CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR. - Upon successful completion, the AppleCSPDL will have allocated a - CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS structure using the application-specified - allocators for the DL attachment specified by the DLDBHandle argument. The structure will contain - the current database settings for the specified database. The client should free the - CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR after it has finished using it. - The InputParameters argument is ignored. - The SecurityServer might put up UI (though the SecurityAgent) when this function is called. */ - CSSM_APPLECSPDL_DB_GET_SETTINGS = 2, - - /* Tell the SecurityServer to set the db settings specified in InputParameters on the database - specified by the DLDBHandle argument. - The InputParameters argument is a const CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS * containing - the new settings for the specified database. - The OutputParams argument is ignored. - The SecurityServer might put up UI (though the SecurityAgent) when this function is called. */ - CSSM_APPLECSPDL_DB_SET_SETTINGS = 3, - - /* Ask the SecurityServer whether the database specified by the DLDBHandle argument is locked. - The InputParameters argument is ignored. - The OutputParameters argument is a pointer to a CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR. - Upon successful completion, the AppleCSPDL will have allocated a - CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS structure using the application-specified - allocators for the DL attachment specified by the DLDBHandle argument. The structure will contain - the current lock status for the specified database. The client should free the - CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR after it has finished using it. - The SecurityServer will put up UI (though the SecurityAgent) when this function is called. */ - CSSM_APPLECSPDL_DB_IS_LOCKED = 4, - - /* Tell the SecurityServer to change the password for the database specified by - the DLDBHandle. - - The InputParameters argument is a const CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS * containing - a CSSM_ACCESS_CREDENTIALS * which determines how the password will be changed. If the - accessCredentials are NULL, the SecurityAgent will prompt for the old and the new password for the - specified database. If credentials are specified, there should be 2 entries: - 1. a 3-element list containing: - CSSM_WORDID_KEYCHAIN_LOCK, CSSM_SAMPLE_TYPE_PASSWORD, and the old password. - 2. a 3-element list containing: - CSSM_WORDID_KEYCHAIN_CHANGE_LOCK, CSSM_SAMPLE_TYPE_PASSWORD, and the new password. - - The OutputParams argument is ignored. - The SecurityServer might put up UI (though the SecurityAgent) when this function is called. */ - CSSM_APPLECSPDL_DB_CHANGE_PASSWORD =5, - - /* Return the SecurityServer database handle for the database specified by the DLDBHandle */ - CSSM_APPLECSPDL_DB_GET_HANDLE = 6, - - /* Given a CSSM_KEY for the CSPDL, return the SecurityServer key handle */ - CSSM_APPLESCPDL_CSP_GET_KEYHANDLE = 7, - - /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the - * associated key blob. - * Key is specified in CSSM_CSP_CreatePassThroughContext. - * Hash is allocated bythe CSP, in the App's memory, and returned - * in *outData. */ - CSSM_APPLECSP_KEYDIGEST = 0x100 -}; - - - -/* AppleCSPDL passthough parameters */ -typedef struct cssm_applecspdl_db_settings_parameters -{ - uint32 idleTimeout; // seconds idle timeout lock - uint8 lockOnSleep; // lock database when system sleeps -} CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS, *CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR; - -/* AppleCSPDL passthough parameters */ -typedef struct cssm_applecspdl_db_is_locked_parameters -{ - uint8 isLocked; // True iff the database is locked -} CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS, *CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR; - -/* AppleCSPDL passthough parameters */ -typedef struct cssm_applecspdl_db_change_password_parameters -{ - CSSM_ACCESS_CREDENTIALS *accessCredentials; -} CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS, *CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS_PTR; - -/* Custom wrapped key format */ -enum { - CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM = 100 -}; - -/* - * Custom context attributes for AppleCSP. - */ -enum { - CSSM_ATTRIBUTE_VENDOR_DEFINED = 0x800000 -}; - -enum { - /* - * Public Key attribute for use with CSSM_ALGID_FEED. - */ - CSSM_ATTRIBUTE_PUBLIC_KEY = - (CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 0)), - - /* - * FEE key attributes. - * See CSSM_FEE_PRIME_TYPE_xxx, CSSM_FEE_CURVE_TYPE_xxx enums, below. - */ - CSSM_ATTRIBUTE_FEE_PRIME_TYPE = - (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 1)), - CSSM_ATTRIBUTE_FEE_CURVE_TYPE = - (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 2)), - - /* - * Apple Secure Compression (ComCryption) optimization. - * See CSSM_ASC_OPTIMIZE_xxx, enums, below. - */ - CSSM_ATTRIBUTE_ASC_OPTIMIZATION = - (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 3)), - - /* - * RSA blinding. Value is integer, nonzero (blinding on) or zero. - */ - CSSM_ATTRIBUTE_RSA_BLINDING = - (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 4)), - - /* - * Additional public key from which to obtain algorithm-specific - * parameters. - */ - CSSM_ATTRIBUTE_PARAM_KEY = - (CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 5)) -}; - -/* - * FEE key pair prime modulus types. - */ -enum { - CSSM_FEE_PRIME_TYPE_DEFAULT = 0, /* default per key size */ - CSSM_FEE_PRIME_TYPE_MERSENNE, /* (2 ** q) - 1Ê*/ - CSSM_FEE_PRIME_TYPE_FEE, /* (2 ** q) - k */ - CSSM_FEE_PRIME_TYPE_GENERAL /* random prime */ -}; - -/* - * FEE curve types. Comments refer to equation - * - * y**2 = x**3 + c(x**2) + ax + b - */ -enum { - CSSM_FEE_CURVE_TYPE_DEFAULT = 0, /* default per key size */ - CSSM_FEE_CURVE_TYPE_MONTGOMERY, /* a==1, b==0 */ - CSSM_FEE_CURVE_TYPE_WEIERSTRASS /* c==0. IEEE P1363 compliant. */ -}; - -/* - * Apple Secure Compression (ComCryption) optimization attributes. - */ -enum { - CSSM_ASC_OPTIMIZE_DEFAULT = 0, - CSSM_ASC_OPTIMIZE_SIZE, /* max compression (currently the default) */ - CSSM_ASC_OPTIMIZE_SECURITY, /* currently not implemented */ - CSSM_ASC_OPTIMIZE_TIME, /* min runtime */ - CSSM_ASC_OPTIMIZE_TIME_SIZE, /* implies loss of security */ - CSSM_ASC_OPTIMIZE_ASCII, /* optimized for ASCC text, not implemented */ -}; - -/* - * Apple custom CSSM_KEYATTR_FLAGS. - */ -enum { - /* - * When set, indicates a public key which is incomplete (though - * still valid) due to the lack of algorithm-specific parameters. - */ - CSSM_KEYATTR_PARTIAL = 0x00010000 -}; - -/* - * Name/OID pair used in CSSM_APPLE_TP_CERT_REQUEST - */ -typedef struct { - const char *string; - const CSSM_OID *oid; -} CSSM_APPLE_TP_NAME_OID; - -/* - * Certificate request passed to CSSM_TP_SubmitCredRequest() in the - * CSSM_TP_AUTHORITY_REQUEST_TYPE.Requests field. Used for requesting - * both locally-generated certs (CSSMOID_APPLE_TP_LOCAL_CERT_GEN) and - * cert signing requests (CSSMOID_APPLE_TP_CSR_GEN). - */ -typedef struct { - CSSM_CSP_HANDLE cspHand; // sign with this CSP - CSSM_CL_HANDLE clHand; // and this CL - uint32 serialNumber; - uint32 numSubjectNames;// size subjectNames[] - CSSM_APPLE_TP_NAME_OID *subjectNames; // from certextensions.h - - /* - * Issuer name can be expressed in the simplified CSSM_APPLE_TP_NAME_OID - * array, as is the subject name, or as an CSSM_X509_NAME, which is - * typically obtained from a signing cert. - * Exactly one of {issuerNames, issuerNameX509} must be non-NULL. - */ - uint32 numIssuerNames; // size issuerNames[] - CSSM_APPLE_TP_NAME_OID *issuerNames; // optional; NULL implies root - // (signer == subject) - CSSM_X509_NAME_PTR issuerNameX509; - const CSSM_KEY *certPublicKey; - const CSSM_KEY *issuerPrivateKey; - - /* Unfortunately there is no practical way to map any algorithm - * to its appropriate OID, and we need both.... */ - CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA - CSSM_OID signatureOid; // e.g., CSSMOID_SHA1WithRSA - uint32 notBefore; // relative to "now" - uint32 notAfter; - uint32 numExtensions; - CE_DataAndType *extensions; // optional - - /* - * Optional challenge string for CSSMOID_APPLE_TP_CSR_GEN. - */ - const char *challengeString; -} CSSM_APPLE_TP_CERT_REQUEST; - -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy CSSMOID_APPLE_TP_SSL. - * A pointer to, and length of, one of these is optionally placed in - * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. - */ -#define CSSM_APPLE_TP_SSL_OPTS_VERSION 0 -typedef struct { - uint32 Version; // CSSM_APPLE_TP_SSL_OPTS_VERSION - - /* - * The domain name of the server (e.g., "store.apple.com".) In the - * SSL and TLS protocols, this must match the common name of the - * subject cert. Expressed as a C string, optionally NULL terminated - * if it is NULL terminated, the length field should include the NULL). - */ - uint32 ServerNameLen; - const char *ServerName; // optional -} CSSM_APPLE_TP_SSL_OPTIONS; - -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy - * CSSMOID_APPLE_TP_REVOCATION_CRL. A pointer to, and length of, one - * of these is optionally placed in - * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. - */ -#define CSSM_APPLE_TP_CRL_OPTS_VERSION 0 - -typedef uint32 CSSM_APPLE_TP_CRL_OPT_FLAGS; -enum { - // require CRL verification for each cert; default is "try" - CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT = 0x00000001, - // enable fetch from network - CSSM_TP_ACTION_FETCH_CRL_FROM_NET = 0x00000002 -}; - -typedef struct { - uint32 Version; // CSSM_APPLE_TP_CRL_OPTS_VERSION - CSSM_APPLE_TP_CRL_OPT_FLAGS CrlFlags; - - /* - * When non-NULL, store CRLs fetched from net here. - * This is most likely a pointer to one of the - * CSSM_TP_CALLERAUTH_CONTEXT.DBList entries but that - * is not a strict requirement. - */ - CSSM_DL_DB_HANDLE_PTR crlStore; -} CSSM_APPLE_TP_CRL_OPTIONS; - -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy - * CSSMOID_APPLE_TP_SMIME. A pointer to, and length of, one - * of these is optionally placed in - * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. - */ -#define CSSM_APPLE_TP_SMIME_OPTS_VERSION 0 -typedef struct { - uint32 Version; // CSSM_APPLE_TP_SMIME_OPTS_VERSION - - /* - * Intended usage of the leaf cert. The cert's KeyUsage extension, - * if present, must be a superset of this. - */ - CE_KeyUsage IntendedUsage; - - /* - * The email address of the sender. If there is an email address - * in the sender's cert, that email address must match this one. - * Both (email address in the cert, and this one) are optional. - * Expressed as a C string, optionally NULL terminated (i.e., - * SenderEmail[SenderEmailLen - 1] may or may not be NULL). - */ - uint32 SenderEmailLen; - const char *SenderEmail; // optional -} CSSM_APPLE_TP_SMIME_OPTIONS; - - -/* - * Optional ActionData for all X509TP CertGroupVerify policies. - * A pointer to, and length of, one of these is optionally placed in - * CSSM_TP_VERIFY_CONTEXT.ActionData. - */ -typedef uint32 CSSM_APPLE_TP_ACTION_FLAGS; -enum { - CSSM_TP_ACTION_ALLOW_EXPIRED = 0x00000001, // allow expired certs - CSSM_TP_ACTION_LEAF_IS_CA = 0x00000002, // first cert is a CA - CSSM_TP_ACTION_FETCH_CERT_FROM_NET = 0x00000004, // enable net fetch of CA cert - CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT = 0x00000008, // allow expired roots -}; - -#define CSSM_APPLE_TP_ACTION_VERSION 0 -typedef struct { - uint32 Version; // CSSM_APPLE_TP_ACTION_VERSION - CSSM_APPLE_TP_ACTION_FLAGS ActionFlags; // CSSM_TP_ACTION_ALLOW_EXPIRED, etc. -} CSSM_APPLE_TP_ACTION_DATA; - -/* - * Per-cert evidence returned from CSSM_TP_CertGroupVerify. - * An array of these is presented in CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[2]. - * Same number of these as in the cert group in Evidence[1]. - */ - -/* First, an array of bits indicating various status of the cert. */ -typedef uint32 CSSM_TP_APPLE_CERT_STATUS; -enum -{ - CSSM_CERT_STATUS_EXPIRED = 0x00000001, - CSSM_CERT_STATUS_NOT_VALID_YET = 0x00000002, - CSSM_CERT_STATUS_IS_IN_INPUT_CERTS = 0x00000004, - CSSM_CERT_STATUS_IS_IN_ANCHORS = 0x00000008, - CSSM_CERT_STATUS_IS_ROOT = 0x00000010, - CSSM_CERT_STATUS_IS_FROM_NET = 0x00000020 -}; - -typedef struct { - CSSM_TP_APPLE_CERT_STATUS StatusBits; - uint32 NumStatusCodes; - CSSM_RETURN *StatusCodes; - - /* index into raw cert group or AnchorCerts depending on IS_IN_ANCHORS */ - uint32 Index; - - /* nonzero if cert came from a DLDB */ - CSSM_DL_DB_HANDLE DlDbHandle; - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord; -} CSSM_TP_APPLE_EVIDENCE_INFO; - -/* - * CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[0], basically defines which version/flavor - * of remaining evidence is. - */ -#define CSSM_TP_APPLE_EVIDENCE_VERSION 0 -typedef struct -{ - uint32 Version; -} CSSM_TP_APPLE_EVIDENCE_HEADER; - - -/* - * Apple-specific CSSM_EVIDENCE_FORM values - * - * The form of the evidence returns from CSSM_TP_CertGroupVerify is: - * - * EvidenceForm contents of *Evidence - * ------------ --------------------- - * CSSM_EVIDENCE_FORM_APPLE_HEADER CSSM_TP_APPLE_EVIDENCE_HEADER - * CSSM_EVIDENCE_FORM_APPLE_CERTGROUP CSSM_CERTGROUP - * CSSM_EVIDENCE_FORM_APPLE_CERT_INFO array of CSSM_TP_APPLE_EVIDENCE_INFO, size - * CSSM_CERTGROUP.NumCerts - */ - -#define CSSM_EVIDENCE_FORM_APPLE_CUSTOM 0x80000000 -enum -{ - CSSM_EVIDENCE_FORM_APPLE_HEADER = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 0, - CSSM_EVIDENCE_FORM_APPLE_CERTGROUP = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 1, - CSSM_EVIDENCE_FORM_APPLE_CERT_INFO = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 2 -}; - -/* AppleX509CL extensions: passthrough ids */ -enum { - /* - * Obtain a signed Certificate Signing Request. - * Input = CSSM_APPLE_CL_CSR_REQUEST - * Output = allocated CSSM_DATA which points to a DER-encoded CSR. - */ - CSSM_APPLEX509CL_OBTAIN_CSR, - - /* - * Perform signature verify of a CSR. - * Input: CSSM_DATA referring to a DER-encoded CSR. - * Output: Nothing, returns CSSMERR_CL_VERIFICATION_FAILURE on - * on failure. - */ - CSSM_APPLEX509CL_VERIFY_CSR -}; - -/* - * Used in CL's CSSM_APPLEX509_OBTAIN_CSR Passthrough. This is the - * input; the output is a CSSM_DATA * containing the signed and - * PEM-encoded CSR. - */ -typedef struct { - CSSM_X509_NAME_PTR subjectNameX509; - - /* Unfortunately there is no practical way to map any algorithm - * to its appropriate OID, and we need both.... */ - CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA - CSSM_OID signatureOid; // e.g., CSSMOID_SHA1WithRSA - - CSSM_CSP_HANDLE cspHand; // sign with this CSP - const CSSM_KEY *subjectPublicKey; - const CSSM_KEY *subjectPrivateKey; - - /* - * Optional challenge string. - */ - const char *challengeString; -} CSSM_APPLE_CL_CSR_REQUEST; - -/* - * When a CRL with no NextUpdate field is encountered, we use this time - * as the NextUpdate attribute when storing in a DB. It represents the - * virtual end of time in CSSM_TIMESTRING form. - */ -#define CSSM_APPLE_CRL_END_OF_TIME "99991231235959" - -/* - * Default filesystem names and locations for SecurityServer features - * (included here for lack of a better place) - */ -#define kKeychainSuffix ".keychain" -#define kSystemKeychainName "System.keychain" -#define kSystemKeychainDir "/Library/Keychains/" -#define kSystemUnlockFile "/var/db/SystemKey" - - -void cssmPerror(const char *how, CSSM_RETURN error); - -/* Convert between CSSM_OID and CSSM_ALGORITHMS */ -bool cssmOidToAlg(const CSSM_OID *oid, CSSM_ALGORITHMS *alg); -const CSSM_OID *cssmAlgToOid(CSSM_ALGORITHMS algId); - -/* - * The MacOS OSStatus space has an embedding for UNIX errno values, similar to - * the way we embed CSSM_RETURN values in OSStatus. These are the base and limit - * values for this embedding. - */ -#define errSecErrnoBase 100000 -#define errSecErrnoLimit 100255 - -#ifdef __cplusplus -} -#endif // __cplusplus - -#endif /* _CSSMAPPLE_H_ */ diff --git a/cdsa/cdsa/cssmcli.h b/cdsa/cdsa/cssmcli.h deleted file mode 100644 index d420715e..00000000 --- a/cdsa/cdsa/cssmcli.h +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmcli.h - - Contains: Service Provider Interface for Certificate Library Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMCLI_H_ -#define _CSSMCLI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_spi_cl_funcs { - CSSM_RETURN (CSSMCLI *CertCreateTemplate) - (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CertFields, - CSSM_DATA_PTR CertTemplate); - CSSM_RETURN (CSSMCLI *CertGetAllTemplateFields) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *CertTemplate, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - CSSM_RETURN (CSSMCLI *CertSign) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertTemplate, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CSSM_DATA_PTR SignedCert); - CSSM_RETURN (CSSMCLI *CertVerify) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertToBeVerified, - const CSSM_DATA *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - CSSM_RETURN (CSSMCLI *CertVerifyWithKey) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertToBeVerified); - CSSM_RETURN (CSSMCLI *CertGetFirstFieldValue) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_OID *CertField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CertGetNextFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CertAbortQuery) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle); - CSSM_RETURN (CSSMCLI *CertGetKeyInfo) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_KEY_PTR *Key); - CSSM_RETURN (CSSMCLI *CertGetAllFields) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - CSSM_RETURN (CSSMCLI *FreeFields) - (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - CSSM_FIELD_PTR *FieldArray); - CSSM_RETURN (CSSMCLI *FreeFieldValue) - (CSSM_CL_HANDLE CLHandle, - const CSSM_OID *CertOrCrlOid, - CSSM_DATA_PTR Value); - CSSM_RETURN (CSSMCLI *CertCache) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_HANDLE_PTR CertHandle); - CSSM_RETURN (CSSMCLI *CertGetFirstCachedFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CertHandle, - const CSSM_OID *CertField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CertGetNextCachedFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CertAbortCache) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CertHandle); - CSSM_RETURN (CSSMCLI *CertGroupToSignedBundle) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CERTGROUP *CertGroupToBundle, - const CSSM_CERT_BUNDLE_HEADER *BundleInfo, - CSSM_DATA_PTR SignedBundle); - CSSM_RETURN (CSSMCLI *CertGroupFromVerifiedBundle) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CERT_BUNDLE *CertBundle, - const CSSM_DATA *SignerCert, - CSSM_CERTGROUP_PTR *CertGroup); - CSSM_RETURN (CSSMCLI *CertDescribeFormat) - (CSSM_CL_HANDLE CLHandle, - uint32 *NumberOfFields, - CSSM_OID_PTR *OidList); - CSSM_RETURN (CSSMCLI *CrlCreateTemplate) - (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - CSSM_DATA_PTR NewCrl); - CSSM_RETURN (CSSMCLI *CrlSetFields) - (CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlTemplate, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR ModifiedCrl); - CSSM_RETURN (CSSMCLI *CrlAddCert) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Cert, - uint32 NumberOfFields, - const CSSM_FIELD *CrlEntryFields, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR NewCrl); - CSSM_RETURN (CSSMCLI *CrlRemoveCert) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_DATA *OldCrl, - CSSM_DATA_PTR NewCrl); - CSSM_RETURN (CSSMCLI *CrlSign) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *UnsignedCrl, - const CSSM_FIELD *SignScope, - uint32 ScopeSize, - CSSM_DATA_PTR SignedCrl); - CSSM_RETURN (CSSMCLI *CrlVerify) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CrlToBeVerified, - const CSSM_DATA *SignerCert, - const CSSM_FIELD *VerifyScope, - uint32 ScopeSize); - CSSM_RETURN (CSSMCLI *CrlVerifyWithKey) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CrlToBeVerified); - CSSM_RETURN (CSSMCLI *IsCertInCrl) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - const CSSM_DATA *Crl, - CSSM_BOOL *CertFound); - CSSM_RETURN (CSSMCLI *CrlGetFirstFieldValue) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - const CSSM_OID *CrlField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CrlGetNextFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CrlAbortQuery) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle); - CSSM_RETURN (CSSMCLI *CrlGetAllFields) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - uint32 *NumberOfCrlFields, - CSSM_FIELD_PTR *CrlFields); - CSSM_RETURN (CSSMCLI *CrlCache) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Crl, - CSSM_HANDLE_PTR CrlHandle); - CSSM_RETURN (CSSMCLI *IsCertInCachedCrl) - (CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *Cert, - CSSM_HANDLE CrlHandle, - CSSM_BOOL *CertFound, - CSSM_DATA_PTR CrlRecordIndex); - CSSM_RETURN (CSSMCLI *CrlGetFirstCachedFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle, - const CSSM_DATA *CrlRecordIndex, - const CSSM_OID *CrlField, - CSSM_HANDLE_PTR ResultsHandle, - uint32 *NumberOfMatchedFields, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CrlGetNextCachedFieldValue) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DATA_PTR *Value); - CSSM_RETURN (CSSMCLI *CrlGetAllCachedRecordFields) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle, - const CSSM_DATA *CrlRecordIndex, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CrlFields); - CSSM_RETURN (CSSMCLI *CrlAbortCache) - (CSSM_CL_HANDLE CLHandle, - CSSM_HANDLE CrlHandle); - CSSM_RETURN (CSSMCLI *CrlDescribeFormat) - (CSSM_CL_HANDLE CLHandle, - uint32 *NumberOfFields, - CSSM_OID_PTR *OidList); - CSSM_RETURN (CSSMCLI *PassThrough) - (CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); -} CSSM_SPI_CL_FUNCS, *CSSM_SPI_CL_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMCLI_H_ */ diff --git a/cdsa/cdsa/cssmconfig.h b/cdsa/cdsa/cssmconfig.h deleted file mode 100644 index bd8de875..00000000 --- a/cdsa/cdsa/cssmconfig.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmconfig.h - - Contains: Platform specific defines and typedefs for cdsa. - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMCONFIG_H_ -#define _CSSMCONFIG_H_ 1 - -#include - -/* #if defined(TARGET_API_MAC_OS8) || defined(TARGET_API_MAC_CARBON) || defined(TARGET_API_MAC_OSX) */ -#if defined(TARGET_OS_MAC) -#include -#else -#error Unknown API architecture. -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -typedef SInt64 sint64; -typedef UInt64 uint64; -typedef SInt32 sint32; -typedef SInt16 sint16; -typedef SInt8 sint8; -typedef UInt32 uint32; -typedef UInt16 uint16; -typedef UInt8 uint8; - -#define CSSMACI -#define CSSMAPI -#define CSSMCLI -#define CSSMCSPI -#define CSSMDLI -#define CSSMKRI -#define CSSMSPI -#define CSSMTPI - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMCONFIG_H_ */ diff --git a/cdsa/cdsa/cssmcspi.h b/cdsa/cdsa/cssmcspi.h deleted file mode 100644 index 52b7a505..00000000 --- a/cdsa/cdsa/cssmcspi.h +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmcspi.h - - Contains: Service Provider Interface for - Cryptographic Service Provider Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMCSPI_H_ -#define _CSSMCSPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_spi_csp_funcs { - CSSM_RETURN (CSSMCSPI *EventNotify) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CONTEXT_EVENT Event, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *QuerySize) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - CSSM_BOOL Encrypt, - uint32 QuerySizeCount, - CSSM_QUERY_SIZE_DATA_PTR DataBlock); - CSSM_RETURN (CSSMCSPI *SignData) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - CSSM_DATA_PTR Signature); - CSSM_RETURN (CSSMCSPI *SignDataInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *SignDataUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - CSSM_RETURN (CSSMCSPI *SignDataFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Signature); - CSSM_RETURN (CSSMCSPI *VerifyData) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - const CSSM_DATA *Signature); - CSSM_RETURN (CSSMCSPI *VerifyDataInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *VerifyDataUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - CSSM_RETURN (CSSMCSPI *VerifyDataFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Signature); - CSSM_RETURN (CSSMCSPI *DigestData) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_DATA_PTR Digest); - CSSM_RETURN (CSSMCSPI *DigestDataInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *DigestDataUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - CSSM_RETURN (CSSMCSPI *DigestDataClone) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_CC_HANDLE ClonedCCHandle); - CSSM_RETURN (CSSMCSPI *DigestDataFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Digest); - CSSM_RETURN (CSSMCSPI *GenerateMac) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - CSSM_DATA_PTR Mac); - CSSM_RETURN (CSSMCSPI *GenerateMacInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *GenerateMacUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - CSSM_RETURN (CSSMCSPI *GenerateMacFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR Mac); - CSSM_RETURN (CSSMCSPI *VerifyMac) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *DataBufs, - uint32 DataBufCount, - const CSSM_DATA *Mac); - CSSM_RETURN (CSSMCSPI *VerifyMacInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context); - CSSM_RETURN (CSSMCSPI *VerifyMacUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *DataBufs, - uint32 DataBufCount); - CSSM_RETURN (CSSMCSPI *VerifyMacFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *Mac); - CSSM_RETURN (CSSMCSPI *EncryptData) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *ClearBufs, - uint32 ClearBufCount, - CSSM_DATA_PTR CipherBufs, - uint32 CipherBufCount, - uint32 *bytesEncrypted, - CSSM_DATA_PTR RemData, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *EncryptDataInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *EncryptDataUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *ClearBufs, - uint32 ClearBufCount, - CSSM_DATA_PTR CipherBufs, - uint32 CipherBufCount, - uint32 *bytesEncrypted); - CSSM_RETURN (CSSMCSPI *EncryptDataFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR RemData); - CSSM_RETURN (CSSMCSPI *DecryptData) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_DATA *CipherBufs, - uint32 CipherBufCount, - CSSM_DATA_PTR ClearBufs, - uint32 ClearBufCount, - uint32 *bytesDecrypted, - CSSM_DATA_PTR RemData, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *DecryptDataInit) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *DecryptDataUpdate) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CipherBufs, - uint32 CipherBufCount, - CSSM_DATA_PTR ClearBufs, - uint32 ClearBufCount, - uint32 *bytesDecrypted); - CSSM_RETURN (CSSMCSPI *DecryptDataFinal) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - CSSM_DATA_PTR RemData); - CSSM_RETURN (CSSMCSPI *QueryKeySizeInBits) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_KEY *Key, - CSSM_KEY_SIZE_PTR KeySize); - CSSM_RETURN (CSSMCSPI *GenerateKey) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR Key, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *GenerateKeyPair) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - uint32 PublicKeyUsage, - uint32 PublicKeyAttr, - const CSSM_DATA *PublicKeyLabel, - CSSM_KEY_PTR PublicKey, - uint32 PrivateKeyUsage, - uint32 PrivateKeyAttr, - const CSSM_DATA *PrivateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR PrivateKey, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *GenerateRandom) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - CSSM_DATA_PTR RandomNumber); - CSSM_RETURN (CSSMCSPI *GenerateAlgorithmParams) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - uint32 ParamBits, - CSSM_DATA_PTR Param, - uint32 *NumberOfUpdatedAttibutes, - CSSM_CONTEXT_ATTRIBUTE_PTR *UpdatedAttributes); - CSSM_RETURN (CSSMCSPI *WrapKey) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_DATA *DescriptiveData, - CSSM_WRAP_KEY_PTR WrappedKey, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *UnwrapKey) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - const CSSM_KEY *PublicKey, - const CSSM_WRAP_KEY *WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR UnwrappedKey, - CSSM_DATA_PTR DescriptiveData, - CSSM_PRIVILEGE Privilege); - CSSM_RETURN (CSSMCSPI *DeriveKey) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - CSSM_DATA_PTR Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CSSM_DATA *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CSSM_KEY_PTR DerivedKey); - CSSM_RETURN (CSSMCSPI *FreeKey) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - CSSM_KEY_PTR KeyPtr, - CSSM_BOOL Delete); - CSSM_RETURN (CSSMCSPI *PassThrough) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_CONTEXT *Context, - uint32 PassThroughId, - const void *InData, - void **OutData); - CSSM_RETURN (CSSMCSPI *Login) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_DATA *LoginName, - const void *Reserved); - CSSM_RETURN (CSSMCSPI *Logout) - (CSSM_CSP_HANDLE CSPHandle); - CSSM_RETURN (CSSMCSPI *ChangeLoginAcl) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit); - CSSM_RETURN (CSSMCSPI *ObtainPrivateKeyFromPublicKey) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *PublicKey, - CSSM_KEY_PTR PrivateKey); - CSSM_RETURN (CSSMCSPI *RetrieveUniqueId) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_DATA_PTR UniqueID); - CSSM_RETURN (CSSMCSPI *RetrieveCounter) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_DATA_PTR Counter); - CSSM_RETURN (CSSMCSPI *VerifyDevice) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *DeviceCert); - CSSM_RETURN (CSSMCSPI *GetTimeValue) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_ALGORITHMS TimeAlgorithm, - CSSM_DATA *TimeData); - CSSM_RETURN (CSSMCSPI *GetOperationalStatistics) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_CSP_OPERATIONAL_STATISTICS *Statistics); - CSSM_RETURN (CSSMCSPI *GetLoginAcl) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - CSSM_RETURN (CSSMCSPI *GetKeyAcl) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *Key, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - CSSM_RETURN (CSSMCSPI *ChangeKeyAcl) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit, - const CSSM_KEY *Key); - CSSM_RETURN (CSSMCSPI *GetKeyOwner) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_KEY *Key, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - CSSM_RETURN (CSSMCSPI *ChangeKeyOwner) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_KEY *Key, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); - CSSM_RETURN (CSSMCSPI *GetLoginOwner) - (CSSM_CSP_HANDLE CSPHandle, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - CSSM_RETURN (CSSMCSPI *ChangeLoginOwner) - (CSSM_CSP_HANDLE CSPHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); -} CSSM_SPI_CSP_FUNCS, *CSSM_SPI_CSP_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMCSPI_H_ */ diff --git a/cdsa/cdsa/cssmdli.h b/cdsa/cdsa/cssmdli.h deleted file mode 100644 index 6e2d67f9..00000000 --- a/cdsa/cdsa/cssmdli.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmdli.h - - Contains: Service Provider Interface for Data Store Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMDLI_H_ -#define _CSSMDLI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_spi_dl_funcs { - CSSM_RETURN (CSSMDLI *DbOpen) - (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const void *OpenParameters, - CSSM_DB_HANDLE *DbHandle); - CSSM_RETURN (CSSMDLI *DbClose) - (CSSM_DL_DB_HANDLE DLDBHandle); - CSSM_RETURN (CSSMDLI *DbCreate) - (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_DBINFO *DBInfo, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - const void *OpenParameters, - CSSM_DB_HANDLE *DbHandle); - CSSM_RETURN (CSSMDLI *DbDelete) - (CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_ACCESS_CREDENTIALS *AccessCred); - CSSM_RETURN (CSSMDLI *CreateRelation) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RelationID, - const char *RelationName, - uint32 NumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo, - uint32 NumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo); - CSSM_RETURN (CSSMDLI *DestroyRelation) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RelationID); - CSSM_RETURN (CSSMDLI *Authenticate) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred); - CSSM_RETURN (CSSMDLI *GetDbAcl) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos); - CSSM_RETURN (CSSMDLI *ChangeDbAcl) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit); - CSSM_RETURN (CSSMDLI *GetDbOwner) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner); - CSSM_RETURN (CSSMDLI *ChangeDbOwner) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner); - CSSM_RETURN (CSSMDLI *GetDbNames) - (CSSM_DL_HANDLE DLHandle, - CSSM_NAME_LIST_PTR *NameList); - CSSM_RETURN (CSSMDLI *GetDbNameFromHandle) - (CSSM_DL_DB_HANDLE DLDBHandle, - char **DbName); - CSSM_RETURN (CSSMDLI *FreeNameList) - (CSSM_DL_HANDLE DLHandle, - CSSM_NAME_LIST_PTR NameList); - CSSM_RETURN (CSSMDLI *DataInsert) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *Attributes, - const CSSM_DATA *Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - CSSM_RETURN (CSSMDLI *DataDelete) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecordIdentifier); - CSSM_RETURN (CSSMDLI *DataModify) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *AttributesToBeModified, - const CSSM_DATA *DataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode); - CSSM_RETURN (CSSMDLI *DataGetFirst) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_QUERY *Query, - CSSM_HANDLE_PTR ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - CSSM_RETURN (CSSMDLI *DataGetNext) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - CSSM_RETURN (CSSMDLI *DataAbortQuery) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_HANDLE ResultsHandle); - CSSM_RETURN (CSSMDLI *DataGetFromUniqueRecordId) - (CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data); - CSSM_RETURN (CSSMDLI *FreeUniqueRecord) - (CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord); - CSSM_RETURN (CSSMDLI *PassThrough) - (CSSM_DL_DB_HANDLE DLDBHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); -} CSSM_SPI_DL_FUNCS, *CSSM_SPI_DL_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMDLI_H_ */ diff --git a/cdsa/cdsa/cssmerr.h b/cdsa/cdsa/cssmerr.h deleted file mode 100644 index 731d978c..00000000 --- a/cdsa/cdsa/cssmerr.h +++ /dev/null @@ -1,817 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmerr.h - - Contains: Error Code Definitions for CSSM - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMERR_H_ -#define _CSSMERR_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - - -/* Common error codes. */ -enum { - CSSM_BASE_ERROR = -0x7FFF0000 /* 0x80010000 */ -}; - -enum { - CSSM_ERRORCODE_MODULE_EXTENT = 0x00000800, - CSSM_ERRORCODE_CUSTOM_OFFSET = 0x00000400, - CSSM_ERRORCODE_COMMON_EXTENT = 0x100 -}; - -/* Macros for convertible error code manipulation. */ -#define CSSM_ERRCODE(CODE) \ - (((CODE) - CSSM_BASE_ERROR) & (CSSM_ERRORCODE_MODULE_EXTENT - 1)) - -#define CSSM_ERRBASE(CODE) \ - ((((CODE) - CSSM_BASE_ERROR) & ~(CSSM_ERRORCODE_MODULE_EXTENT - 1)) + CSSM_BASE_ERROR) - -#define CSSM_ERR_IS_CONVERTIBLE(CODE) \ - (CSSM_ERRCODE(CODE) < CSSM_ERRORCODE_COMMON_EXTENT) - -#define CSSM_ERR_TAG(CODE, BASE) \ - (CSSM_ERRCODE(CODE) + (BASE)) - -/* Error Bases for different module types. */ -enum { - CSSM_CSSM_BASE_ERROR = CSSM_BASE_ERROR, - CSSM_CSSM_PRIVATE_ERROR = CSSM_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET, - CSSM_CSP_BASE_ERROR = CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_CSP_PRIVATE_ERROR = CSSM_CSP_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET, - CSSM_DL_BASE_ERROR = CSSM_CSP_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_DL_PRIVATE_ERROR = CSSM_DL_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET, - CSSM_CL_BASE_ERROR = CSSM_DL_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_CL_PRIVATE_ERROR = CSSM_CL_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET, - CSSM_TP_BASE_ERROR = CSSM_CL_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_TP_PRIVATE_ERROR = CSSM_TP_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET , - CSSM_KR_BASE_ERROR = CSSM_TP_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_KR_PRIVATE_ERROR = CSSM_KR_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET, - CSSM_AC_BASE_ERROR = CSSM_KR_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_AC_PRIVATE_ERROR = CSSM_AC_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET -}; - -/* XXX @@@ MDS Error Bases same as DL for now. */ -enum { - CSSM_MDS_BASE_ERROR = CSSM_CSP_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT, - CSSM_MDS_PRIVATE_ERROR = CSSM_MDS_BASE_ERROR + CSSM_ERRORCODE_CUSTOM_OFFSET -}; - -/* General Error Values. */ -enum { - CSSMERR_CSSM_INVALID_ADDIN_HANDLE = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 1, - CSSMERR_CSSM_NOT_INITIALIZED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 2, - CSSMERR_CSSM_INVALID_HANDLE_USAGE = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 3, - CSSMERR_CSSM_PVC_REFERENT_NOT_FOUND = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 4, - CSSMERR_CSSM_FUNCTION_INTEGRITY_FAIL = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 5 -}; - -/* Common Error Codes For All Module Types. */ -enum { - CSSM_ERRCODE_INTERNAL_ERROR = 0x0001, - CSSM_ERRCODE_MEMORY_ERROR = 0x0002, - CSSM_ERRCODE_MDS_ERROR = 0x0003, - CSSM_ERRCODE_INVALID_POINTER = 0x0004, - CSSM_ERRCODE_INVALID_INPUT_POINTER = 0x0005, - CSSM_ERRCODE_INVALID_OUTPUT_POINTER = 0x0006, - CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED = 0x0007, - CSSM_ERRCODE_SELF_CHECK_FAILED = 0x0008, - CSSM_ERRCODE_OS_ACCESS_DENIED = 0x0009, - CSSM_ERRCODE_FUNCTION_FAILED = 0x000A, - CSSM_ERRCODE_MODULE_MANIFEST_VERIFY_FAILED = 0x000B, - CSSM_ERRCODE_INVALID_GUID = 0x000C -}; - -/* Common Error Codes for ACLs */ -enum { - CSSM_ERRCODE_OPERATION_AUTH_DENIED = 0x0020, - CSSM_ERRCODE_OBJECT_USE_AUTH_DENIED = 0x0021, - CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED = 0x0022, - CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED = 0x0023, - CSSM_ERRCODE_OBJECT_ACL_REQUIRED = 0x0024, - CSSM_ERRCODE_INVALID_ACCESS_CREDENTIALS = 0x0025, - CSSM_ERRCODE_INVALID_ACL_BASE_CERTS = 0x0026, - CSSM_ERRCODE_ACL_BASE_CERTS_NOT_SUPPORTED = 0x0027, - CSSM_ERRCODE_INVALID_SAMPLE_VALUE = 0x0028, - CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED = 0x0029, - CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE = 0x002A, - CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED = 0x002B, - CSSM_ERRCODE_INVALID_ACL_CHALLENGE_CALLBACK = 0x002C, - CSSM_ERRCODE_ACL_CHALLENGE_CALLBACK_FAILED = 0x002D, - CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG = 0x002E, - CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND = 0x002F, - CSSM_ERRCODE_INVALID_ACL_EDIT_MODE = 0x0030, - CSSM_ERRCODE_ACL_CHANGE_FAILED = 0x0031, - CSSM_ERRCODE_INVALID_NEW_ACL_ENTRY = 0x0032, - CSSM_ERRCODE_INVALID_NEW_ACL_OWNER = 0x0033, - CSSM_ERRCODE_ACL_DELETE_FAILED = 0x0034, - CSSM_ERRCODE_ACL_REPLACE_FAILED = 0x0035, - CSSM_ERRCODE_ACL_ADD_FAILED = 0x0036 -}; - -/* Common Error Codes for Specific Data Types */ -enum { - CSSM_ERRCODE_INVALID_CONTEXT_HANDLE = 0x0040, - CSSM_ERRCODE_INCOMPATIBLE_VERSION = 0x0041, - CSSM_ERRCODE_INVALID_CERTGROUP_POINTER = 0x0042, - CSSM_ERRCODE_INVALID_CERT_POINTER = 0x0043, - CSSM_ERRCODE_INVALID_CRL_POINTER = 0x0044, - CSSM_ERRCODE_INVALID_FIELD_POINTER = 0x0045, - CSSM_ERRCODE_INVALID_DATA = 0x0046, - CSSM_ERRCODE_CRL_ALREADY_SIGNED = 0x0047, - CSSM_ERRCODE_INVALID_NUMBER_OF_FIELDS = 0x0048, - CSSM_ERRCODE_VERIFICATION_FAILURE = 0x0049, - CSSM_ERRCODE_INVALID_DB_HANDLE = 0x004A, - CSSM_ERRCODE_PRIVILEGE_NOT_GRANTED = 0x004B, - CSSM_ERRCODE_INVALID_DB_LIST = 0x004C, - CSSM_ERRCODE_INVALID_DB_LIST_POINTER = 0x004D, - CSSM_ERRCODE_UNKNOWN_FORMAT = 0x004E, - CSSM_ERRCODE_UNKNOWN_TAG = 0x004F, - CSSM_ERRCODE_INVALID_CSP_HANDLE = 0x0050, - CSSM_ERRCODE_INVALID_DL_HANDLE = 0x0051, - CSSM_ERRCODE_INVALID_CL_HANDLE = 0x0052, - CSSM_ERRCODE_INVALID_TP_HANDLE = 0x0053, - CSSM_ERRCODE_INVALID_KR_HANDLE = 0x0054, - CSSM_ERRCODE_INVALID_AC_HANDLE = 0x0055, - CSSM_ERRCODE_INVALID_PASSTHROUGH_ID = 0x0056, - CSSM_ERRCODE_INVALID_NETWORK_ADDR = 0x0057, - CSSM_ERRCODE_INVALID_CRYPTO_DATA = 0x0058 -}; - -/* CSSM Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_CSSM_INTERNAL_ERROR = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_CSSM_MEMORY_ERROR = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_CSSM_MDS_ERROR = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_CSSM_INVALID_POINTER = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_CSSM_INVALID_INPUT_POINTER = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_CSSM_INVALID_OUTPUT_POINTER = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_CSSM_SELF_CHECK_FAILED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_CSSM_OS_ACCESS_DENIED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_CSSM_FUNCTION_FAILED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED, - CSSMERR_CSSM_MODULE_MANIFEST_VERIFY_FAILED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_MODULE_MANIFEST_VERIFY_FAILED, - CSSMERR_CSSM_INVALID_GUID = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_GUID -}; - -/* CSSM Error Values for Specific Data Types. */ -enum { - CSSMERR_CSSM_INVALID_CONTEXT_HANDLE = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_CONTEXT_HANDLE, - CSSMERR_CSSM_INCOMPATIBLE_VERSION = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INCOMPATIBLE_VERSION, - CSSMERR_CSSM_PRIVILEGE_NOT_GRANTED = - CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_PRIVILEGE_NOT_GRANTED -}; - -/* CSSM Module-Specific Error Values */ -enum { - CSSM_CSSM_BASE_CSSM_ERROR = - CSSM_CSSM_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT + 0x10, - CSSMERR_CSSM_SCOPE_NOT_SUPPORTED = CSSM_CSSM_BASE_CSSM_ERROR + 1, - CSSMERR_CSSM_PVC_ALREADY_CONFIGURED = CSSM_CSSM_BASE_CSSM_ERROR + 2, - CSSMERR_CSSM_INVALID_PVC = CSSM_CSSM_BASE_CSSM_ERROR + 3, - CSSMERR_CSSM_EMM_LOAD_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 4, - CSSMERR_CSSM_EMM_UNLOAD_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 5, - CSSMERR_CSSM_ADDIN_LOAD_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 6, - CSSMERR_CSSM_INVALID_KEY_HIERARCHY = CSSM_CSSM_BASE_CSSM_ERROR + 7, - CSSMERR_CSSM_ADDIN_UNLOAD_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 8, - CSSMERR_CSSM_LIB_REF_NOT_FOUND = CSSM_CSSM_BASE_CSSM_ERROR + 9, - CSSMERR_CSSM_INVALID_ADDIN_FUNCTION_TABLE = CSSM_CSSM_BASE_CSSM_ERROR + 10, - CSSMERR_CSSM_EMM_AUTHENTICATE_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 11, - CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED = CSSM_CSSM_BASE_CSSM_ERROR + 12, - CSSMERR_CSSM_INVALID_SERVICE_MASK = CSSM_CSSM_BASE_CSSM_ERROR + 13, - CSSMERR_CSSM_MODULE_NOT_LOADED = CSSM_CSSM_BASE_CSSM_ERROR + 14, - CSSMERR_CSSM_INVALID_SUBSERVICEID = CSSM_CSSM_BASE_CSSM_ERROR + 15, - CSSMERR_CSSM_BUFFER_TOO_SMALL = CSSM_CSSM_BASE_CSSM_ERROR + 16, - CSSMERR_CSSM_INVALID_ATTRIBUTE = CSSM_CSSM_BASE_CSSM_ERROR + 17, - CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT = CSSM_CSSM_BASE_CSSM_ERROR + 18, - CSSMERR_CSSM_MODULE_MANAGER_INITIALIZE_FAIL = CSSM_CSSM_BASE_CSSM_ERROR + 19, - CSSMERR_CSSM_MODULE_MANAGER_NOT_FOUND = CSSM_CSSM_BASE_CSSM_ERROR + 20, - CSSMERR_CSSM_EVENT_NOTIFICATION_CALLBACK_NOT_FOUND = CSSM_CSSM_BASE_CSSM_ERROR + 21 -}; - -/* CSP Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_CSP_INTERNAL_ERROR = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_CSP_MEMORY_ERROR = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_CSP_MDS_ERROR = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_CSP_INVALID_POINTER = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_CSP_INVALID_INPUT_POINTER = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_CSP_INVALID_OUTPUT_POINTER = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_CSP_SELF_CHECK_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_CSP_OS_ACCESS_DENIED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_CSP_FUNCTION_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED -}; - -/* CSP Error Values Derived from ACL-based Error Codes. */ -enum { - CSSMERR_CSP_OPERATION_AUTH_DENIED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OPERATION_AUTH_DENIED, - CSSMERR_CSP_OBJECT_USE_AUTH_DENIED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OBJECT_USE_AUTH_DENIED, - CSSMERR_CSP_OBJECT_MANIP_AUTH_DENIED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED, - CSSMERR_CSP_OBJECT_ACL_NOT_SUPPORTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED, - CSSMERR_CSP_OBJECT_ACL_REQUIRED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_OBJECT_ACL_REQUIRED, - CSSMERR_CSP_INVALID_ACCESS_CREDENTIALS = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACCESS_CREDENTIALS, - CSSMERR_CSP_INVALID_ACL_BASE_CERTS = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_BASE_CERTS, - CSSMERR_CSP_ACL_BASE_CERTS_NOT_SUPPORTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_BASE_CERTS_NOT_SUPPORTED, - CSSMERR_CSP_INVALID_SAMPLE_VALUE = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_SAMPLE_VALUE, - CSSMERR_CSP_SAMPLE_VALUE_NOT_SUPPORTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED, - CSSMERR_CSP_INVALID_ACL_SUBJECT_VALUE = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE, - CSSMERR_CSP_ACL_SUBJECT_TYPE_NOT_SUPPORTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED, - CSSMERR_CSP_INVALID_ACL_CHALLENGE_CALLBACK = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_CHALLENGE_CALLBACK, - CSSMERR_CSP_ACL_CHALLENGE_CALLBACK_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_CHALLENGE_CALLBACK_FAILED, - CSSMERR_CSP_INVALID_ACL_ENTRY_TAG = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG, - CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND, - CSSMERR_CSP_INVALID_ACL_EDIT_MODE = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_EDIT_MODE, - CSSMERR_CSP_ACL_CHANGE_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_CHANGE_FAILED, - CSSMERR_CSP_INVALID_NEW_ACL_ENTRY = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_NEW_ACL_ENTRY, - CSSMERR_CSP_INVALID_NEW_ACL_OWNER = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_NEW_ACL_OWNER, - CSSMERR_CSP_ACL_DELETE_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_DELETE_FAILED, - CSSMERR_CSP_ACL_REPLACE_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_REPLACE_FAILED, - CSSMERR_CSP_ACL_ADD_FAILED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_ACL_ADD_FAILED -}; - -/* CSP Error Values for Specific Data Types. */ -enum { - CSSMERR_CSP_INVALID_CONTEXT_HANDLE = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_CONTEXT_HANDLE, - CSSMERR_CSP_PRIVILEGE_NOT_GRANTED = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_PRIVILEGE_NOT_GRANTED, - CSSMERR_CSP_INVALID_DATA = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_DATA, - CSSMERR_CSP_INVALID_PASSTHROUGH_ID = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_PASSTHROUGH_ID, - CSSMERR_CSP_INVALID_CRYPTO_DATA = - CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INVALID_CRYPTO_DATA -}; - -/* CSP Module-Specific Error Values */ -enum { - /* General CSP Error Values */ - CSSM_CSP_BASE_CSP_ERROR = - CSSM_CSP_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT, - CSSMERR_CSP_INPUT_LENGTH_ERROR = CSSM_CSP_BASE_CSP_ERROR + 1, - CSSMERR_CSP_OUTPUT_LENGTH_ERROR = CSSM_CSP_BASE_CSP_ERROR + 2, - CSSMERR_CSP_PRIVILEGE_NOT_SUPPORTED = CSSM_CSP_BASE_CSP_ERROR + 3, - CSSMERR_CSP_DEVICE_ERROR = CSSM_CSP_BASE_CSP_ERROR + 4, - CSSMERR_CSP_DEVICE_MEMORY_ERROR = CSSM_CSP_BASE_CSP_ERROR + 5, - CSSMERR_CSP_ATTACH_HANDLE_BUSY = CSSM_CSP_BASE_CSP_ERROR + 6, - CSSMERR_CSP_NOT_LOGGED_IN = CSSM_CSP_BASE_CSP_ERROR + 7, - CSSMERR_CSP_INVALID_KEY = CSSM_CSP_BASE_CSP_ERROR + 16, - CSSMERR_CSP_INVALID_KEY_REFERENCE = CSSM_CSP_BASE_CSP_ERROR + 17, - CSSMERR_CSP_INVALID_KEY_CLASS = CSSM_CSP_BASE_CSP_ERROR + 18, - CSSMERR_CSP_ALGID_MISMATCH = CSSM_CSP_BASE_CSP_ERROR + 19, - CSSMERR_CSP_KEY_USAGE_INCORRECT = CSSM_CSP_BASE_CSP_ERROR + 20, - CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT = CSSM_CSP_BASE_CSP_ERROR + 21, - CSSMERR_CSP_KEY_HEADER_INCONSISTENT = CSSM_CSP_BASE_CSP_ERROR + 22, - CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 23, - CSSMERR_CSP_UNSUPPORTED_KEY_SIZE = CSSM_CSP_BASE_CSP_ERROR + 24, - CSSMERR_CSP_INVALID_KEY_POINTER = CSSM_CSP_BASE_CSP_ERROR + 25, - CSSMERR_CSP_INVALID_KEYUSAGE_MASK = CSSM_CSP_BASE_CSP_ERROR + 26, - CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK = CSSM_CSP_BASE_CSP_ERROR + 27, - CSSMERR_CSP_INVALID_KEYATTR_MASK = CSSM_CSP_BASE_CSP_ERROR + 28, - CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK = CSSM_CSP_BASE_CSP_ERROR + 29, - CSSMERR_CSP_INVALID_KEY_LABEL = CSSM_CSP_BASE_CSP_ERROR + 30, - CSSMERR_CSP_UNSUPPORTED_KEY_LABEL = CSSM_CSP_BASE_CSP_ERROR + 31, - CSSMERR_CSP_INVALID_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 32, - - /* CSP Vector of Buffers Error Values. */ - CSSMERR_CSP_INVALID_DATA_COUNT = CSSM_CSP_BASE_CSP_ERROR + 40, - CSSMERR_CSP_VECTOR_OF_BUFS_UNSUPPORTED = CSSM_CSP_BASE_CSP_ERROR + 41, - CSSMERR_CSP_INVALID_INPUT_VECTOR = CSSM_CSP_BASE_CSP_ERROR + 42, - CSSMERR_CSP_INVALID_OUTPUT_VECTOR = CSSM_CSP_BASE_CSP_ERROR + 43, - - /* CSP Cryptographic Context Error Values. */ - CSSMERR_CSP_INVALID_CONTEXT = CSSM_CSP_BASE_CSP_ERROR + 48, - CSSMERR_CSP_INVALID_ALGORITHM = CSSM_CSP_BASE_CSP_ERROR + 49, - CSSMERR_CSP_INVALID_ATTR_KEY = CSSM_CSP_BASE_CSP_ERROR + 54, - CSSMERR_CSP_MISSING_ATTR_KEY = CSSM_CSP_BASE_CSP_ERROR + 55, - CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR = CSSM_CSP_BASE_CSP_ERROR + 56, - CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR = CSSM_CSP_BASE_CSP_ERROR + 57, - CSSMERR_CSP_INVALID_ATTR_SALT = CSSM_CSP_BASE_CSP_ERROR + 58, - CSSMERR_CSP_MISSING_ATTR_SALT = CSSM_CSP_BASE_CSP_ERROR + 59, - CSSMERR_CSP_INVALID_ATTR_PADDING = CSSM_CSP_BASE_CSP_ERROR + 60, - CSSMERR_CSP_MISSING_ATTR_PADDING = CSSM_CSP_BASE_CSP_ERROR + 61, - CSSMERR_CSP_INVALID_ATTR_RANDOM = CSSM_CSP_BASE_CSP_ERROR + 62, - CSSMERR_CSP_MISSING_ATTR_RANDOM = CSSM_CSP_BASE_CSP_ERROR + 63, - CSSMERR_CSP_INVALID_ATTR_SEED = CSSM_CSP_BASE_CSP_ERROR + 64, - CSSMERR_CSP_MISSING_ATTR_SEED = CSSM_CSP_BASE_CSP_ERROR + 65, - CSSMERR_CSP_INVALID_ATTR_PASSPHRASE = CSSM_CSP_BASE_CSP_ERROR + 66, - CSSMERR_CSP_MISSING_ATTR_PASSPHRASE = CSSM_CSP_BASE_CSP_ERROR + 67, - CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH = CSSM_CSP_BASE_CSP_ERROR + 68, - CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH = CSSM_CSP_BASE_CSP_ERROR + 69, - CSSMERR_CSP_INVALID_ATTR_BLOCK_SIZE = CSSM_CSP_BASE_CSP_ERROR + 70, - CSSMERR_CSP_MISSING_ATTR_BLOCK_SIZE = CSSM_CSP_BASE_CSP_ERROR + 71, - CSSMERR_CSP_INVALID_ATTR_OUTPUT_SIZE = CSSM_CSP_BASE_CSP_ERROR + 100, - CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE = CSSM_CSP_BASE_CSP_ERROR + 101, - CSSMERR_CSP_INVALID_ATTR_ROUNDS = CSSM_CSP_BASE_CSP_ERROR + 102, - CSSMERR_CSP_MISSING_ATTR_ROUNDS = CSSM_CSP_BASE_CSP_ERROR + 103, - CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS = CSSM_CSP_BASE_CSP_ERROR + 104, - CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS = CSSM_CSP_BASE_CSP_ERROR + 105, - CSSMERR_CSP_INVALID_ATTR_LABEL = CSSM_CSP_BASE_CSP_ERROR + 106, - CSSMERR_CSP_MISSING_ATTR_LABEL = CSSM_CSP_BASE_CSP_ERROR + 107, - CSSMERR_CSP_INVALID_ATTR_KEY_TYPE = CSSM_CSP_BASE_CSP_ERROR + 108, - CSSMERR_CSP_MISSING_ATTR_KEY_TYPE = CSSM_CSP_BASE_CSP_ERROR + 109, - CSSMERR_CSP_INVALID_ATTR_MODE = CSSM_CSP_BASE_CSP_ERROR + 110, - CSSMERR_CSP_MISSING_ATTR_MODE = CSSM_CSP_BASE_CSP_ERROR + 111, - CSSMERR_CSP_INVALID_ATTR_EFFECTIVE_BITS = CSSM_CSP_BASE_CSP_ERROR + 112, - CSSMERR_CSP_MISSING_ATTR_EFFECTIVE_BITS = CSSM_CSP_BASE_CSP_ERROR + 113, - CSSMERR_CSP_INVALID_ATTR_START_DATE = CSSM_CSP_BASE_CSP_ERROR + 114, - CSSMERR_CSP_MISSING_ATTR_START_DATE = CSSM_CSP_BASE_CSP_ERROR + 115, - CSSMERR_CSP_INVALID_ATTR_END_DATE = CSSM_CSP_BASE_CSP_ERROR + 116, - CSSMERR_CSP_MISSING_ATTR_END_DATE = CSSM_CSP_BASE_CSP_ERROR + 117, - CSSMERR_CSP_INVALID_ATTR_VERSION = CSSM_CSP_BASE_CSP_ERROR + 118, - CSSMERR_CSP_MISSING_ATTR_VERSION = CSSM_CSP_BASE_CSP_ERROR + 119, - CSSMERR_CSP_INVALID_ATTR_PRIME = CSSM_CSP_BASE_CSP_ERROR + 120, - CSSMERR_CSP_MISSING_ATTR_PRIME = CSSM_CSP_BASE_CSP_ERROR + 121, - CSSMERR_CSP_INVALID_ATTR_BASE = CSSM_CSP_BASE_CSP_ERROR + 122, - CSSMERR_CSP_MISSING_ATTR_BASE = CSSM_CSP_BASE_CSP_ERROR + 123, - CSSMERR_CSP_INVALID_ATTR_SUBPRIME = CSSM_CSP_BASE_CSP_ERROR + 124, - CSSMERR_CSP_MISSING_ATTR_SUBPRIME = CSSM_CSP_BASE_CSP_ERROR + 125, - CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT = CSSM_CSP_BASE_CSP_ERROR + 126, - CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT = CSSM_CSP_BASE_CSP_ERROR + 127, - CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE = CSSM_CSP_BASE_CSP_ERROR + 128, - CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE = CSSM_CSP_BASE_CSP_ERROR + 129, - CSSMERR_CSP_INVALID_ATTR_ACCESS_CREDENTIALS = CSSM_CSP_BASE_CSP_ERROR + 130, - CSSMERR_CSP_MISSING_ATTR_ACCESS_CREDENTIALS = CSSM_CSP_BASE_CSP_ERROR + 131, - CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 132, - CSSMERR_CSP_MISSING_ATTR_PUBLIC_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 133, - CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 134, - CSSMERR_CSP_MISSING_ATTR_PRIVATE_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 135, - CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 136, - CSSMERR_CSP_MISSING_ATTR_SYMMETRIC_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 137, - CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 138, - CSSMERR_CSP_MISSING_ATTR_WRAPPED_KEY_FORMAT = CSSM_CSP_BASE_CSP_ERROR + 139, - - /* CSP Staged Cryptographic API Error Values. */ - CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS = CSSM_CSP_BASE_CSP_ERROR + 72, - CSSMERR_CSP_STAGED_OPERATION_NOT_STARTED = CSSM_CSP_BASE_CSP_ERROR + 73, - CSSMERR_CSP_VERIFY_FAILED = CSSM_CSP_BASE_CSP_ERROR + 74, - CSSMERR_CSP_INVALID_SIGNATURE = CSSM_CSP_BASE_CSP_ERROR + 75, - CSSMERR_CSP_QUERY_SIZE_UNKNOWN = CSSM_CSP_BASE_CSP_ERROR + 76, - CSSMERR_CSP_BLOCK_SIZE_MISMATCH = CSSM_CSP_BASE_CSP_ERROR + 77, - CSSMERR_CSP_PRIVATE_KEY_NOT_FOUND = CSSM_CSP_BASE_CSP_ERROR + 78, - CSSMERR_CSP_PUBLIC_KEY_INCONSISTENT = CSSM_CSP_BASE_CSP_ERROR + 79, - CSSMERR_CSP_DEVICE_VERIFY_FAILED = CSSM_CSP_BASE_CSP_ERROR + 80, - CSSMERR_CSP_INVALID_LOGIN_NAME = CSSM_CSP_BASE_CSP_ERROR + 81, - CSSMERR_CSP_ALREADY_LOGGED_IN = CSSM_CSP_BASE_CSP_ERROR + 82, - CSSMERR_CSP_PRIVATE_KEY_ALREADY_EXISTS = CSSM_CSP_BASE_CSP_ERROR + 83, - CSSMERR_CSP_KEY_LABEL_ALREADY_EXISTS = CSSM_CSP_BASE_CSP_ERROR + 84, - CSSMERR_CSP_INVALID_DIGEST_ALGORITHM = CSSM_CSP_BASE_CSP_ERROR + 85, - CSSMERR_CSP_CRYPTO_DATA_CALLBACK_FAILED = CSSM_CSP_BASE_CSP_ERROR + 86 -}; - - -/* TP Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_TP_INTERNAL_ERROR = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_TP_MEMORY_ERROR = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_TP_MDS_ERROR = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_TP_INVALID_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_TP_INVALID_INPUT_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_TP_INVALID_OUTPUT_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_TP_FUNCTION_NOT_IMPLEMENTED = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_TP_SELF_CHECK_FAILED = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_TP_OS_ACCESS_DENIED = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_TP_FUNCTION_FAILED = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED, - CSSMERR_TP_INVALID_CONTEXT_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CONTEXT_HANDLE, - CSSMERR_TP_INVALID_DATA = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_DATA, - CSSMERR_TP_INVALID_DB_LIST = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST, - CSSMERR_TP_INVALID_CERTGROUP_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CERTGROUP_POINTER, - CSSMERR_TP_INVALID_CERT_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CERT_POINTER, - CSSMERR_TP_INVALID_CRL_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CRL_POINTER, - CSSMERR_TP_INVALID_FIELD_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_FIELD_POINTER, - CSSMERR_TP_INVALID_NETWORK_ADDR = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_NETWORK_ADDR, - CSSMERR_TP_CRL_ALREADY_SIGNED = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_CRL_ALREADY_SIGNED, - CSSMERR_TP_INVALID_NUMBER_OF_FIELDS = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_NUMBER_OF_FIELDS, - CSSMERR_TP_VERIFICATION_FAILURE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_VERIFICATION_FAILURE, - CSSMERR_TP_INVALID_DB_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_HANDLE, - CSSMERR_TP_UNKNOWN_FORMAT = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_UNKNOWN_FORMAT, - CSSMERR_TP_UNKNOWN_TAG = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_UNKNOWN_TAG, - CSSMERR_TP_INVALID_PASSTHROUGH_ID = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_PASSTHROUGH_ID, - CSSMERR_TP_INVALID_CSP_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CSP_HANDLE, - CSSMERR_TP_INVALID_DL_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_DL_HANDLE, - CSSMERR_TP_INVALID_CL_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CL_HANDLE, - CSSMERR_TP_INVALID_DB_LIST_POINTER = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST_POINTER -}; - -/* TP Module-Specific Error Values */ -enum { - CSSM_TP_BASE_TP_ERROR = - CSSM_TP_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT, - CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER = CSSM_TP_BASE_TP_ERROR + 1, - CSSMERR_TP_INVALID_IDENTIFIER_POINTER = CSSM_TP_BASE_TP_ERROR + 2, - CSSMERR_TP_INVALID_KEYCACHE_HANDLE = CSSM_TP_BASE_TP_ERROR + 3, - CSSMERR_TP_INVALID_CERTGROUP = CSSM_TP_BASE_TP_ERROR + 4, - CSSMERR_TP_INVALID_CRLGROUP = CSSM_TP_BASE_TP_ERROR + 5, - CSSMERR_TP_INVALID_CRLGROUP_POINTER = CSSM_TP_BASE_TP_ERROR + 6, - CSSMERR_TP_AUTHENTICATION_FAILED = CSSM_TP_BASE_TP_ERROR + 7, - CSSMERR_TP_CERTGROUP_INCOMPLETE = CSSM_TP_BASE_TP_ERROR + 8, - CSSMERR_TP_CERTIFICATE_CANT_OPERATE = CSSM_TP_BASE_TP_ERROR + 9, - CSSMERR_TP_CERT_EXPIRED = CSSM_TP_BASE_TP_ERROR + 10, - CSSMERR_TP_CERT_NOT_VALID_YET = CSSM_TP_BASE_TP_ERROR + 11, - CSSMERR_TP_CERT_REVOKED = CSSM_TP_BASE_TP_ERROR + 12, - CSSMERR_TP_CERT_SUSPENDED = CSSM_TP_BASE_TP_ERROR + 13, - CSSMERR_TP_INSUFFICIENT_CREDENTIALS = CSSM_TP_BASE_TP_ERROR + 14, - CSSMERR_TP_INVALID_ACTION = CSSM_TP_BASE_TP_ERROR + 15, - CSSMERR_TP_INVALID_ACTION_DATA = CSSM_TP_BASE_TP_ERROR + 16, -/* CSSMERR_TP_INVALID_NETWORK_ADDR = CSSM_TP_BASE_TP_ERROR + 17, */ - CSSMERR_TP_INVALID_ANCHOR_CERT = CSSM_TP_BASE_TP_ERROR + 18, - CSSMERR_TP_INVALID_AUTHORITY = CSSM_TP_BASE_TP_ERROR + 19, - CSSMERR_TP_VERIFY_ACTION_FAILED = CSSM_TP_BASE_TP_ERROR + 20, - CSSMERR_TP_INVALID_CERTIFICATE = CSSM_TP_BASE_TP_ERROR + 21, - CSSMERR_TP_INVALID_CERT_AUTHORITY = CSSM_TP_BASE_TP_ERROR + 22, - CSSMERR_TP_INVALID_CRL_AUTHORITY = CSSM_TP_BASE_TP_ERROR + 23, - CSSMERR_TP_INVALID_CRL_ENCODING = CSSM_TP_BASE_TP_ERROR + 24, - CSSMERR_TP_INVALID_CRL_TYPE = CSSM_TP_BASE_TP_ERROR + 25, - CSSMERR_TP_INVALID_CRL = CSSM_TP_BASE_TP_ERROR + 26, - CSSMERR_TP_INVALID_FORM_TYPE = CSSM_TP_BASE_TP_ERROR + 27, - CSSMERR_TP_INVALID_ID = CSSM_TP_BASE_TP_ERROR + 28, - CSSMERR_TP_INVALID_IDENTIFIER = CSSM_TP_BASE_TP_ERROR + 29, - CSSMERR_TP_INVALID_INDEX = CSSM_TP_BASE_TP_ERROR + 30, - CSSMERR_TP_INVALID_NAME = CSSM_TP_BASE_TP_ERROR + 31, - CSSMERR_TP_INVALID_POLICY_IDENTIFIERS = CSSM_TP_BASE_TP_ERROR + 32, - CSSMERR_TP_INVALID_TIMESTRING = CSSM_TP_BASE_TP_ERROR + 33, - CSSMERR_TP_INVALID_REASON = CSSM_TP_BASE_TP_ERROR + 34, - CSSMERR_TP_INVALID_REQUEST_INPUTS = CSSM_TP_BASE_TP_ERROR + 35, - CSSMERR_TP_INVALID_RESPONSE_VECTOR = CSSM_TP_BASE_TP_ERROR + 36, - CSSMERR_TP_INVALID_SIGNATURE = CSSM_TP_BASE_TP_ERROR + 37, - CSSMERR_TP_INVALID_STOP_ON_POLICY = CSSM_TP_BASE_TP_ERROR + 38, - CSSMERR_TP_INVALID_CALLBACK = CSSM_TP_BASE_TP_ERROR + 39, - CSSMERR_TP_INVALID_TUPLE = CSSM_TP_BASE_TP_ERROR + 40, - CSSMERR_TP_NOT_SIGNER = CSSM_TP_BASE_TP_ERROR + 41, - CSSMERR_TP_NOT_TRUSTED = CSSM_TP_BASE_TP_ERROR + 42, - CSSMERR_TP_NO_DEFAULT_AUTHORITY = CSSM_TP_BASE_TP_ERROR + 43, - CSSMERR_TP_REJECTED_FORM = CSSM_TP_BASE_TP_ERROR + 44, - CSSMERR_TP_REQUEST_LOST = CSSM_TP_BASE_TP_ERROR + 45, - CSSMERR_TP_REQUEST_REJECTED = CSSM_TP_BASE_TP_ERROR + 46, - CSSMERR_TP_UNSUPPORTED_ADDR_TYPE = CSSM_TP_BASE_TP_ERROR + 47, - CSSMERR_TP_UNSUPPORTED_SERVICE = CSSM_TP_BASE_TP_ERROR + 48, - CSSMERR_TP_INVALID_TUPLEGROUP_POINTER = CSSM_TP_BASE_TP_ERROR + 49, - CSSMERR_TP_INVALID_TUPLEGROUP = CSSM_TP_BASE_TP_ERROR + 50 -}; - -/* AC Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_AC_INTERNAL_ERROR = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_AC_MEMORY_ERROR = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_AC_MDS_ERROR = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_AC_INVALID_POINTER = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_AC_INVALID_INPUT_POINTER = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_AC_INVALID_OUTPUT_POINTER = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_AC_FUNCTION_NOT_IMPLEMENTED = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_AC_SELF_CHECK_FAILED = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_AC_OS_ACCESS_DENIED = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_AC_FUNCTION_FAILED = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED, - CSSMERR_AC_INVALID_CONTEXT_HANDLE = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_CONTEXT_HANDLE, - CSSMERR_AC_INVALID_DATA = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_DATA, - CSSMERR_AC_INVALID_DB_LIST = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST, - CSSMERR_AC_INVALID_PASSTHROUGH_ID = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_PASSTHROUGH_ID, - CSSMERR_AC_INVALID_DL_HANDLE = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_DL_HANDLE, - CSSMERR_AC_INVALID_CL_HANDLE = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_CL_HANDLE, - CSSMERR_AC_INVALID_TP_HANDLE = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_TP_HANDLE, - CSSMERR_AC_INVALID_DB_HANDLE = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_HANDLE, - CSSMERR_AC_INVALID_DB_LIST_POINTER = - CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST_POINTER -}; - -/* AC Module-Specific Error Values */ -enum { - CSSM_AC_BASE_AC_ERROR = - CSSM_AC_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT, - CSSMERR_AC_INVALID_BASE_ACLS = CSSM_AC_BASE_AC_ERROR + 1, - CSSMERR_AC_INVALID_TUPLE_CREDENTIALS = CSSM_AC_BASE_AC_ERROR + 2, - CSSMERR_AC_INVALID_ENCODING = CSSM_AC_BASE_AC_ERROR + 3, - CSSMERR_AC_INVALID_VALIDITY_PERIOD = CSSM_AC_BASE_AC_ERROR + 4, - CSSMERR_AC_INVALID_REQUESTOR = CSSM_AC_BASE_AC_ERROR + 5, - CSSMERR_AC_INVALID_REQUEST_DESCRIPTOR = CSSM_AC_BASE_AC_ERROR + 6 -}; - -/* CL Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_CL_INTERNAL_ERROR = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_CL_MEMORY_ERROR = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_CL_MDS_ERROR = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_CL_INVALID_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_CL_INVALID_INPUT_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_CL_INVALID_OUTPUT_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_CL_FUNCTION_NOT_IMPLEMENTED = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_CL_SELF_CHECK_FAILED = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_CL_OS_ACCESS_DENIED = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_CL_FUNCTION_FAILED = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED, - CSSMERR_CL_INVALID_CONTEXT_HANDLE = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_CONTEXT_HANDLE, - CSSMERR_CL_INVALID_CERTGROUP_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_CERTGROUP_POINTER, - CSSMERR_CL_INVALID_CERT_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_CERT_POINTER, - CSSMERR_CL_INVALID_CRL_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_CRL_POINTER, - CSSMERR_CL_INVALID_FIELD_POINTER = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_FIELD_POINTER, - CSSMERR_CL_INVALID_DATA = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_DATA, - CSSMERR_CL_CRL_ALREADY_SIGNED = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_CRL_ALREADY_SIGNED, - CSSMERR_CL_INVALID_NUMBER_OF_FIELDS = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_NUMBER_OF_FIELDS, - CSSMERR_CL_VERIFICATION_FAILURE = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_VERIFICATION_FAILURE, - CSSMERR_CL_UNKNOWN_FORMAT = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_UNKNOWN_FORMAT, - CSSMERR_CL_UNKNOWN_TAG = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_UNKNOWN_TAG, - CSSMERR_CL_INVALID_PASSTHROUGH_ID = - CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INVALID_PASSTHROUGH_ID -}; - -/* CL Module-Specific Error Values */ -enum { - CSSM_CL_BASE_CL_ERROR = - CSSM_CL_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT, - CSSMERR_CL_INVALID_BUNDLE_POINTER = CSSM_CL_BASE_CL_ERROR + 1, - CSSMERR_CL_INVALID_CACHE_HANDLE = CSSM_CL_BASE_CL_ERROR + 2, - CSSMERR_CL_INVALID_RESULTS_HANDLE = CSSM_CL_BASE_CL_ERROR + 3, - CSSMERR_CL_INVALID_BUNDLE_INFO = CSSM_CL_BASE_CL_ERROR + 4, - CSSMERR_CL_INVALID_CRL_INDEX = CSSM_CL_BASE_CL_ERROR + 5, - CSSMERR_CL_INVALID_SCOPE = CSSM_CL_BASE_CL_ERROR + 6, - CSSMERR_CL_NO_FIELD_VALUES = CSSM_CL_BASE_CL_ERROR + 7, - CSSMERR_CL_SCOPE_NOT_SUPPORTED = CSSM_CL_BASE_CL_ERROR + 8 -}; - -/* DL Error Values Derived from Common Error Codes For All Module Types. */ -enum { - CSSMERR_DL_INTERNAL_ERROR = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INTERNAL_ERROR, - CSSMERR_DL_MEMORY_ERROR = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_MEMORY_ERROR, - CSSMERR_DL_MDS_ERROR = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_MDS_ERROR, - CSSMERR_DL_INVALID_POINTER = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_POINTER, - CSSMERR_DL_INVALID_INPUT_POINTER = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER, - CSSMERR_DL_INVALID_OUTPUT_POINTER = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER, - CSSMERR_DL_FUNCTION_NOT_IMPLEMENTED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED, - CSSMERR_DL_SELF_CHECK_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED, - CSSMERR_DL_OS_ACCESS_DENIED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED, - CSSMERR_DL_FUNCTION_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED, - CSSMERR_DL_INVALID_CSP_HANDLE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_CSP_HANDLE, - CSSMERR_DL_INVALID_DL_HANDLE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_DL_HANDLE, - CSSMERR_DL_INVALID_CL_HANDLE = - CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CL_HANDLE, - CSSMERR_DL_INVALID_DB_LIST_POINTER = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST_POINTER -}; - -/* DL Error Values Derived from ACL-based Error Codes. */ -enum { - CSSMERR_DL_OPERATION_AUTH_DENIED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OPERATION_AUTH_DENIED, - CSSMERR_DL_OBJECT_USE_AUTH_DENIED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OBJECT_USE_AUTH_DENIED, - CSSMERR_DL_OBJECT_MANIP_AUTH_DENIED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED, - CSSMERR_DL_OBJECT_ACL_NOT_SUPPORTED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED, - CSSMERR_DL_OBJECT_ACL_REQUIRED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OBJECT_ACL_REQUIRED, - CSSMERR_DL_INVALID_ACCESS_CREDENTIALS = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACCESS_CREDENTIALS, - CSSMERR_DL_INVALID_ACL_BASE_CERTS = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_BASE_CERTS, - CSSMERR_DL_ACL_BASE_CERTS_NOT_SUPPORTED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_BASE_CERTS_NOT_SUPPORTED, - CSSMERR_DL_INVALID_SAMPLE_VALUE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_SAMPLE_VALUE, - CSSMERR_DL_SAMPLE_VALUE_NOT_SUPPORTED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED, - CSSMERR_DL_INVALID_ACL_SUBJECT_VALUE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE, - CSSMERR_DL_ACL_SUBJECT_TYPE_NOT_SUPPORTED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED, - CSSMERR_DL_INVALID_ACL_CHALLENGE_CALLBACK = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_CHALLENGE_CALLBACK, - CSSMERR_DL_ACL_CHALLENGE_CALLBACK_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_CHALLENGE_CALLBACK_FAILED, - CSSMERR_DL_INVALID_ACL_ENTRY_TAG = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG, - CSSMERR_DL_ACL_ENTRY_TAG_NOT_FOUND = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND, - CSSMERR_DL_INVALID_ACL_EDIT_MODE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_ACL_EDIT_MODE, - CSSMERR_DL_ACL_CHANGE_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_CHANGE_FAILED, - CSSMERR_DL_INVALID_NEW_ACL_ENTRY = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_NEW_ACL_ENTRY, - CSSMERR_DL_INVALID_NEW_ACL_OWNER = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_NEW_ACL_OWNER, - CSSMERR_DL_ACL_DELETE_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_DELETE_FAILED, - CSSMERR_DL_ACL_REPLACE_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_REPLACE_FAILED, - CSSMERR_DL_ACL_ADD_FAILED = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_ACL_ADD_FAILED -}; - -/* DL Error Values for Specific Data Types. */ -enum { - CSSMERR_DL_INVALID_DB_HANDLE = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_HANDLE, - CSSMERR_DL_INVALID_PASSTHROUGH_ID = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_PASSTHROUGH_ID, - CSSMERR_DL_INVALID_NETWORK_ADDR = - CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_NETWORK_ADDR -}; - -/* DL Module-Specific Error Values */ -enum { - CSSM_DL_BASE_DL_ERROR = - CSSM_DL_BASE_ERROR + CSSM_ERRORCODE_COMMON_EXTENT, - CSSMERR_DL_DATABASE_CORRUPT = CSSM_DL_BASE_DL_ERROR + 1, - CSSMERR_DL_INVALID_RECORD_INDEX = CSSM_DL_BASE_DL_ERROR + 8, - CSSMERR_DL_INVALID_RECORDTYPE = CSSM_DL_BASE_DL_ERROR + 9, - CSSMERR_DL_INVALID_FIELD_NAME = CSSM_DL_BASE_DL_ERROR + 10, - CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT = CSSM_DL_BASE_DL_ERROR + 11, - CSSMERR_DL_UNSUPPORTED_INDEX_INFO = CSSM_DL_BASE_DL_ERROR + 12, - CSSMERR_DL_UNSUPPORTED_LOCALITY = CSSM_DL_BASE_DL_ERROR + 13, - CSSMERR_DL_UNSUPPORTED_NUM_ATTRIBUTES = CSSM_DL_BASE_DL_ERROR + 14, - CSSMERR_DL_UNSUPPORTED_NUM_INDEXES = CSSM_DL_BASE_DL_ERROR + 15, - CSSMERR_DL_UNSUPPORTED_NUM_RECORDTYPES = CSSM_DL_BASE_DL_ERROR + 16, - CSSMERR_DL_UNSUPPORTED_RECORDTYPE = CSSM_DL_BASE_DL_ERROR + 17, - CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE = CSSM_DL_BASE_DL_ERROR + 18, - CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT = CSSM_DL_BASE_DL_ERROR + 19, - CSSMERR_DL_INVALID_PARSING_MODULE = CSSM_DL_BASE_DL_ERROR + 20, - CSSMERR_DL_INVALID_DB_NAME = CSSM_DL_BASE_DL_ERROR + 22, - CSSMERR_DL_DATASTORE_DOESNOT_EXIST = CSSM_DL_BASE_DL_ERROR + 23, - CSSMERR_DL_DATASTORE_ALREADY_EXISTS = CSSM_DL_BASE_DL_ERROR + 24, - CSSMERR_DL_DB_LOCKED = CSSM_DL_BASE_DL_ERROR + 25, - CSSMERR_DL_DATASTORE_IS_OPEN = CSSM_DL_BASE_DL_ERROR + 26, - CSSMERR_DL_RECORD_NOT_FOUND = CSSM_DL_BASE_DL_ERROR + 27, - CSSMERR_DL_MISSING_VALUE = CSSM_DL_BASE_DL_ERROR + 28, - CSSMERR_DL_UNSUPPORTED_QUERY = CSSM_DL_BASE_DL_ERROR + 29, - CSSMERR_DL_UNSUPPORTED_QUERY_LIMITS = CSSM_DL_BASE_DL_ERROR + 30, - CSSMERR_DL_UNSUPPORTED_NUM_SELECTION_PREDS = CSSM_DL_BASE_DL_ERROR + 31, - CSSMERR_DL_UNSUPPORTED_OPERATOR = CSSM_DL_BASE_DL_ERROR + 33, - CSSMERR_DL_INVALID_RESULTS_HANDLE = CSSM_DL_BASE_DL_ERROR + 34, - CSSMERR_DL_INVALID_DB_LOCATION = CSSM_DL_BASE_DL_ERROR + 35, - CSSMERR_DL_INVALID_ACCESS_REQUEST = CSSM_DL_BASE_DL_ERROR + 36, - CSSMERR_DL_INVALID_INDEX_INFO = CSSM_DL_BASE_DL_ERROR + 37, - CSSMERR_DL_INVALID_SELECTION_TAG = CSSM_DL_BASE_DL_ERROR + 38, - CSSMERR_DL_INVALID_NEW_OWNER = CSSM_DL_BASE_DL_ERROR + 39, - CSSMERR_DL_INVALID_RECORD_UID = CSSM_DL_BASE_DL_ERROR + 40, - CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA = CSSM_DL_BASE_DL_ERROR + 41, - CSSMERR_DL_INVALID_MODIFY_MODE = CSSM_DL_BASE_DL_ERROR + 42, - CSSMERR_DL_INVALID_OPEN_PARAMETERS = CSSM_DL_BASE_DL_ERROR + 43, - CSSMERR_DL_RECORD_MODIFIED = CSSM_DL_BASE_DL_ERROR + 44, - CSSMERR_DL_ENDOFDATA = CSSM_DL_BASE_DL_ERROR + 45, - CSSMERR_DL_INVALID_QUERY = CSSM_DL_BASE_DL_ERROR + 46, - CSSMERR_DL_INVALID_VALUE = CSSM_DL_BASE_DL_ERROR + 47, - CSSMERR_DL_MULTIPLE_VALUES_UNSUPPORTED = CSSM_DL_BASE_DL_ERROR + 48, - CSSMERR_DL_STALE_UNIQUE_RECORD = CSSM_DL_BASE_DL_ERROR + 49 -}; - - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMERR_H_ */ diff --git a/cdsa/cdsa/cssmkrapi.h b/cdsa/cdsa/cssmkrapi.h deleted file mode 100644 index b73be5be..00000000 --- a/cdsa/cdsa/cssmkrapi.h +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmkrapi.h - - Contains: Application Programmers Interface for Key Recovery Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMKRAPI_H_ -#define _CSSMKRAPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef uint32 CSSM_KRSP_HANDLE; /* Key Recovery Service Provider Handle */ - -typedef struct cssm_kr_name { - uint8 Type; /* namespace type */ - uint8 Length; /* name string length */ - char *Name; /* name string */ -} CSSM_KR_NAME; - -typedef struct cssm_kr_profile { - CSSM_KR_NAME UserName; /* name of the user */ - CSSM_CERTGROUP_PTR UserCertificate; /* public key certificate of the user */ - CSSM_CERTGROUP_PTR KRSCertChain; /* cert chain for the KRSP coordinator */ - uint8 LE_KRANum; /* number of KRA cert chains in the following list */ - CSSM_CERTGROUP_PTR LE_KRACertChainList; /* list of Law enforcement KRA certificate chains */ - uint8 ENT_KRANum; /* number of KRA cert chains in the following list */ - CSSM_CERTGROUP_PTR ENT_KRACertChainList; /* list of Enterprise KRA certificate chains */ - uint8 INDIV_KRANum; /* number of KRA cert chains in the following list */ - CSSM_CERTGROUP_PTR INDIV_KRACertChainList; /* list of Individual KRA certificate chains */ - CSSM_DATA_PTR INDIV_AuthenticationInfo; /* authentication information for individual key recovery */ - uint32 KRSPFlags; /* flag values to be interpreted by KRSP */ - CSSM_DATA_PTR KRSPExtensions; /* reserved for extensions specific to KRSPs */ -} CSSM_KR_PROFILE, *CSSM_KR_PROFILE_PTR; - -typedef struct cssm_kr_wrappedproductinfo { - CSSM_VERSION StandardVersion; - CSSM_STRING StandardDescription; - CSSM_VERSION ProductVersion; - CSSM_STRING ProductDescription; - CSSM_STRING ProductVendor; - uint32 ProductFlags; -} CSSM_KR_WRAPPEDPRODUCT_INFO, *CSSM_KR_WRAPPEDPRODUCT_INFO_PTR; - -typedef struct cssm_krsubservice { - uint32 SubServiceId; - char *Description; /* Description of this sub service */ - CSSM_KR_WRAPPEDPRODUCT_INFO WrappedProduct; -} CSSM_KRSUBSERVICE, *CSSM_KRSUBSERVICE_PTR; - -typedef uint32 CSSM_KR_POLICY_TYPE; -#define CSSM_KR_INDIV_POLICY (0x00000001) -#define CSSM_KR_ENT_POLICY (0x00000002) -#define CSSM_KR_LE_MAN_POLICY (0x00000003) -#define CSSM_KR_LE_USE_POLICY (0x00000004) - -typedef uint32 CSSM_KR_POLICY_FLAGS; - -#define CSSM_KR_INDIV (0x00000001) -#define CSSM_KR_ENT (0x00000002) -#define CSSM_KR_LE_MAN (0x00000004) -#define CSSM_KR_LE_USE (0x00000008) -#define CSSM_KR_LE (CSSM_KR_LE_MAN | CSSM_KR_LE_USE) -#define CSSM_KR_OPTIMIZE (0x00000010) -#define CSSM_KR_DROP_WORKFACTOR (0x00000020) - -typedef struct cssm_kr_policy_list_item { - struct kr_policy_list_item *next; - CSSM_ALGORITHMS AlgorithmId; - CSSM_ENCRYPT_MODE Mode; - uint32 MaxKeyLength; - uint32 MaxRounds; - uint8 WorkFactor; - CSSM_KR_POLICY_FLAGS PolicyFlags; - CSSM_CONTEXT_TYPE AlgClass; -} CSSM_KR_POLICY_LIST_ITEM, *CSSM_KR_POLICY_LIST_ITEM_PTR; - -typedef struct cssm_kr_policy_info { - CSSM_BOOL krbNotAllowed; - uint32 numberOfEntries; - CSSM_KR_POLICY_LIST_ITEM *policyEntry; -} CSSM_KR_POLICY_INFO, *CSSM_KR_POLICY_INFO_PTR; - - -/* Key Recovery Module Mangement Operations */ - -CSSM_RETURN CSSMAPI -CSSM_KR_SetEnterpriseRecoveryPolicy (const CSSM_DATA *RecoveryPolicyFileName, - const CSSM_ACCESS_CREDENTIALS *OldPassPhrase, - const CSSM_ACCESS_CREDENTIALS *NewPassPhrase); - - -/* Key Recovery Context Operations */ - -CSSM_RETURN CSSMAPI -CSSM_KR_CreateRecoveryRegistrationContext (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE *NewContext); - -CSSM_RETURN CSSMAPI -CSSM_KR_CreateRecoveryEnablementContext (CSSM_KRSP_HANDLE KRSPHandle, - const CSSM_KR_PROFILE *LocalProfile, - const CSSM_KR_PROFILE *RemoteProfile, - CSSM_CC_HANDLE *NewContext); - -CSSM_RETURN CSSMAPI -CSSM_KR_CreateRecoveryRequestContext (CSSM_KRSP_HANDLE KRSPHandle, - const CSSM_KR_PROFILE *LocalProfile, - CSSM_CC_HANDLE *NewContext); - -CSSM_RETURN CSSMAPI -CSSM_KR_GetPolicyInfo (CSSM_CC_HANDLE CCHandle, - CSSM_KR_POLICY_FLAGS *EncryptionProhibited, - uint32 *WorkFactor); - - -/* Key Recovery Registration Operations */ - -CSSM_RETURN CSSMAPI -CSSM_KR_RegistrationRequest (CSSM_CC_HANDLE RecoveryRegistrationContext, - const CSSM_DATA *KRInData, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - CSSM_KR_POLICY_FLAGS KRFlags, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR ReferenceHandle); - -CSSM_RETURN CSSMAPI -CSSM_KR_RegistrationRetrieve (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE ReferenceHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - sint32 *EstimatedTime, - CSSM_KR_PROFILE_PTR KRProfile); - - -/* Key Recovery Enablement Operations */ - -CSSM_RETURN CSSMAPI -CSSM_KR_GenerateRecoveryFields (CSSM_CC_HANDLE KeyRecoveryContext, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *KRSPOptions, - CSSM_KR_POLICY_FLAGS KRFlags, - CSSM_DATA_PTR KRFields, - CSSM_CC_HANDLE *NewCCHandle); - -CSSM_RETURN CSSMAPI -CSSM_KR_ProcessRecoveryFields (CSSM_CC_HANDLE KeyRecoveryContext, - CSSM_CC_HANDLE CryptoContext, - const CSSM_DATA *KRSPOptions, - CSSM_KR_POLICY_FLAGS KRFlags, - const CSSM_DATA *KRFields, - CSSM_CC_HANDLE *NewCryptoContext); - - -/* Key Recovery Request Operations */ - -CSSM_RETURN CSSMAPI -CSSM_KR_RecoveryRequest (CSSM_CC_HANDLE RecoveryRequestContext, - const CSSM_DATA *KRInData, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR ReferenceHandle); - -CSSM_RETURN CSSMAPI -CSSM_KR_RecoveryRetrieve (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE ReferenceHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR CacheHandle, - uint32 *NumberOfRecoveredKeys); - -CSSM_RETURN CSSMAPI -CSSM_KR_GetRecoveredObject (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE CacheHandle, - uint32 IndexInResults, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - uint32 Flags, - CSSM_KEY_PTR RecoveredKey, - CSSM_DATA_PTR OtherInfo); - -CSSM_RETURN CSSMAPI -CSSM_KR_RecoveryRequestAbort (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE CacheHandle); - -CSSM_RETURN CSSMAPI -CSSM_KR_QueryPolicyInfo (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_ALGORITHMS AlgorithmID, - CSSM_ENCRYPT_MODE Mode, - CSSM_CONTEXT_TYPE Class, - CSSM_KR_POLICY_INFO_PTR *PolicyInfoData); - - -/* Extensibility Functions */ - -CSSM_RETURN CSSMAPI -CSSM_KR_PassThrough (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KeyRecoveryContext, - CSSM_CC_HANDLE CryptoContext, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMKRAPI_H_ */ diff --git a/cdsa/cdsa/cssmkrspi.h b/cdsa/cdsa/cssmkrspi.h deleted file mode 100644 index ba86477c..00000000 --- a/cdsa/cdsa/cssmkrspi.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmkrspi.h - - Contains: Service Provider Interface for Key Recovery Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMKRSPI_H_ -#define _CSSMKRSPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Data types for Key Recovery SPI */ - -typedef struct cssm_spi_kr_funcs { - CSSM_RETURN (CSSMKRI *RegistrationRequest) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KRRegistrationContextHandle, - const CSSM_CONTEXT *KRRegistrationContext, - const CSSM_DATA *KRInData, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - CSSM_KR_POLICY_FLAGS KRFlags, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR ReferenceHandle); - CSSM_RETURN (CSSMKRI *RegistrationRetrieve) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE ReferenceHandle, - sint32 *EstimatedTime, - CSSM_KR_PROFILE_PTR KRProfile); - CSSM_RETURN (CSSMKRI *GenerateRecoveryFields) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KREnablementContextHandle, - const CSSM_CONTEXT *KREnablementContext, - CSSM_CC_HANDLE CryptoContextHandle, - const CSSM_CONTEXT *CryptoContext, - const CSSM_DATA *KRSPOptions, - CSSM_KR_POLICY_FLAGS KRFlags, - CSSM_DATA_PTR KRFields); - CSSM_RETURN (CSSMKRI *ProcessRecoveryFields) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KREnablementContextHandle, - const CSSM_CONTEXT *KREnablementContext, - CSSM_CC_HANDLE CryptoContextHandle, - const CSSM_CONTEXT *CryptoContext, - const CSSM_DATA *KRSPOptions, - CSSM_KR_POLICY_FLAGS KRFlags, - const CSSM_DATA *KRFields); - CSSM_RETURN (CSSMKRI *RecoveryRequest) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KRRequestContextHandle, - const CSSM_CONTEXT *KRRequestContext, - const CSSM_DATA *KRInData, - const CSSM_ACCESS_CREDENTIALS *AccessCredentials, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR ReferenceHandle); - CSSM_RETURN (CSSMKRI *RecoveryRetrieve) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE ReferenceHandle, - sint32 *EstimatedTime, - CSSM_HANDLE_PTR CacheHandle, - uint32 *NumberOfRecoveredKeys); - CSSM_RETURN (CSSMKRI *GetRecoveredObject) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE CacheHandle, - uint32 IndexInResults, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - uint32 Flags, - CSSM_KEY_PTR RecoveredKey, - CSSM_DATA_PTR OtherInfo); - CSSM_RETURN (CSSMKRI *RecoveryRequestAbort) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_HANDLE ResultsHandle); - CSSM_RETURN (CSSMKRI *PassThrough) - (CSSM_KRSP_HANDLE KRSPHandle, - CSSM_CC_HANDLE KeyRecoveryContextHandle, - const CSSM_CONTEXT *KeyRecoveryContext, - CSSM_CC_HANDLE CryptoContextHandle, - const CSSM_CONTEXT *CryptoContext, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); -} CSSM_SPI_KR_FUNCS, *CSSM_SPI_KR_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMKRSPI_H_ */ diff --git a/cdsa/cdsa/cssmspi.h b/cdsa/cdsa/cssmspi.h deleted file mode 100644 index 760f504f..00000000 --- a/cdsa/cdsa/cssmspi.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmspi.h - - Contains: Service Provider Interface for CSSM Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMSPI_H_ -#define _CSSMSPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef CSSM_RETURN (CSSMAPI *CSSM_SPI_ModuleEventHandler) - (const CSSM_GUID *ModuleGuid, - void *CssmNotifyCallbackCtx, - uint32 SubserviceId, - CSSM_SERVICE_TYPE ServiceType, - CSSM_MODULE_EVENT EventType); - -typedef uint32 CSSM_CONTEXT_EVENT; -enum { - CSSM_CONTEXT_EVENT_CREATE = 1, - CSSM_CONTEXT_EVENT_DELETE = 2, - CSSM_CONTEXT_EVENT_UPDATE = 3 -}; - -typedef struct cssm_module_funcs { - CSSM_SERVICE_TYPE ServiceType; - uint32 NumberOfServiceFuncs; - const CSSM_PROC_ADDR *ServiceFuncs; -} CSSM_MODULE_FUNCS, *CSSM_MODULE_FUNCS_PTR; - -typedef void *(CSSMAPI *CSSM_UPCALLS_MALLOC) - (CSSM_HANDLE AddInHandle, - uint32 size); - -typedef void (CSSMAPI *CSSM_UPCALLS_FREE) - (CSSM_HANDLE AddInHandle, - void *memblock); - -typedef void *(CSSMAPI *CSSM_UPCALLS_REALLOC) - (CSSM_HANDLE AddInHandle, - void *memblock, - uint32 size); - -typedef void *(CSSMAPI *CSSM_UPCALLS_CALLOC) - (CSSM_HANDLE AddInHandle, - uint32 num, - uint32 size); - -typedef struct cssm_upcalls { - CSSM_UPCALLS_MALLOC malloc_func; - CSSM_UPCALLS_FREE free_func; - CSSM_UPCALLS_REALLOC realloc_func; - CSSM_UPCALLS_CALLOC calloc_func; - CSSM_RETURN (CSSMAPI *CcToHandle_func) - (CSSM_CC_HANDLE Cc, - CSSM_MODULE_HANDLE_PTR ModuleHandle); - CSSM_RETURN (CSSMAPI *GetModuleInfo_func) - (CSSM_MODULE_HANDLE Module, - CSSM_GUID_PTR Guid, - CSSM_VERSION_PTR Version, - uint32 *SubServiceId, - CSSM_SERVICE_TYPE *SubServiceType, - CSSM_ATTACH_FLAGS *AttachFlags, - CSSM_KEY_HIERARCHY *KeyHierarchy, - CSSM_API_MEMORY_FUNCS_PTR AttachedMemFuncs, - CSSM_FUNC_NAME_ADDR_PTR FunctionTable, - uint32 NumFunctions); -} CSSM_UPCALLS, *CSSM_UPCALLS_PTR; - -CSSM_RETURN CSSMSPI -CSSM_SPI_ModuleLoad (const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleGuid, - CSSM_SPI_ModuleEventHandler CssmNotifyCallback, - void *CssmNotifyCallbackCtx); - -CSSM_RETURN CSSMSPI -CSSM_SPI_ModuleUnload (const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleGuid, - CSSM_SPI_ModuleEventHandler CssmNotifyCallback, - void *CssmNotifyCallbackCtx); - -CSSM_RETURN CSSMSPI -CSSM_SPI_ModuleAttach (const CSSM_GUID *ModuleGuid, - const CSSM_VERSION *Version, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - CSSM_MODULE_HANDLE ModuleHandle, - CSSM_KEY_HIERARCHY KeyHierarchy, - const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleManagerGuid, - const CSSM_GUID *CallerGuid, - const CSSM_UPCALLS *Upcalls, - CSSM_MODULE_FUNCS_PTR *FuncTbl); - -CSSM_RETURN CSSMSPI -CSSM_SPI_ModuleDetach (CSSM_MODULE_HANDLE ModuleHandle); - - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMSPI_H_ */ diff --git a/cdsa/cdsa/cssmtpi.h b/cdsa/cdsa/cssmtpi.h deleted file mode 100644 index 6065c5a3..00000000 --- a/cdsa/cdsa/cssmtpi.h +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmtpi.h - - Contains: Service Provider Interface for Trust Policy Modules - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMTPI_H_ -#define _CSSMTPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_spi_tp_funcs { - CSSM_RETURN (CSSMTPI *SubmitCredRequest) - (CSSM_TP_HANDLE TPHandle, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, - const CSSM_TP_REQUEST_SET *RequestInput, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, - sint32 *EstimatedTime, - CSSM_DATA_PTR ReferenceIdentifier); - CSSM_RETURN (CSSMTPI *RetrieveCredResult) - (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - sint32 *EstimatedTime, - CSSM_BOOL *ConfirmationRequired, - CSSM_TP_RESULT_SET_PTR *RetrieveOutput); - CSSM_RETURN (CSSMTPI *ConfirmCredResult) - (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - const CSSM_TP_CONFIRM_RESPONSE *Responses, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority); - CSSM_RETURN (CSSMTPI *ReceiveConfirmation) - (CSSM_TP_HANDLE TPHandle, - const CSSM_DATA *ReferenceIdentifier, - CSSM_TP_CONFIRM_RESPONSE_PTR *Responses, - sint32 *ElapsedTime); - CSSM_RETURN (CSSMTPI *CertReclaimKey) - (CSSM_TP_HANDLE TPHandle, - const CSSM_CERTGROUP *CertGroup, - uint32 CertIndex, - CSSM_LONG_HANDLE KeyCacheHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry); - CSSM_RETURN (CSSMTPI *CertReclaimAbort) - (CSSM_TP_HANDLE TPHandle, - CSSM_LONG_HANDLE KeyCacheHandle); - CSSM_RETURN (CSSMTPI *FormRequest) - (CSSM_TP_HANDLE TPHandle, - const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_FORM_TYPE FormType, - CSSM_DATA_PTR BlankForm); - CSSM_RETURN (CSSMTPI *FormSubmit) - (CSSM_TP_HANDLE TPHandle, - CSSM_TP_FORM_TYPE FormType, - const CSSM_DATA *Form, - const CSSM_TP_AUTHORITY_ID *ClearanceAuthority, - const CSSM_TP_AUTHORITY_ID *RepresentedAuthority, - CSSM_ACCESS_CREDENTIALS_PTR Credentials); - CSSM_RETURN (CSSMTPI *CertGroupVerify) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_CERTGROUP *CertGroupToBeVerified, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult); - CSSM_RETURN (CSSMTPI *CertCreateTemplate) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CertFields, - CSSM_DATA_PTR CertTemplate); - CSSM_RETURN (CSSMTPI *CertGetAllTemplateFields) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_DATA *CertTemplate, - uint32 *NumberOfFields, - CSSM_FIELD_PTR *CertFields); - CSSM_RETURN (CSSMTPI *CertSign) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DATA *CertTemplateToBeSigned, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR SignerVerifyResult, - CSSM_DATA_PTR SignedCert); - CSSM_RETURN (CSSMTPI *CrlVerify) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL *CrlToBeVerified, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *VerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult); - CSSM_RETURN (CSSMTPI *CrlCreateTemplate) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - uint32 NumberOfFields, - const CSSM_FIELD *CrlFields, - CSSM_DATA_PTR NewCrlTemplate); - CSSM_RETURN (CSSMTPI *CertRevoke) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *OldCrlTemplate, - const CSSM_CERTGROUP *CertGroupToBeRevoked, - const CSSM_CERTGROUP *RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult, - CSSM_TP_CERTCHANGE_REASON Reason, - CSSM_DATA_PTR NewCrlTemplate); - CSSM_RETURN (CSSMTPI *CertRemoveFromCrlTemplate) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DATA *OldCrlTemplate, - const CSSM_CERTGROUP *CertGroupToBeRemoved, - const CSSM_CERTGROUP *RevokerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult, - CSSM_DATA_PTR NewCrlTemplate); - CSSM_RETURN (CSSMTPI *CrlSign) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_ENCODED_CRL *CrlToBeSigned, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR SignerVerifyResult, - CSSM_DATA_PTR SignedCrl); - CSSM_RETURN (CSSMTPI *ApplyCrlToDb) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_ENCODED_CRL *CrlToBeApplied, - const CSSM_CERTGROUP *SignerCertGroup, - const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult); - CSSM_RETURN (CSSMTPI *CertGroupConstruct) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CSP_HANDLE CSPHandle, - const CSSM_DL_DB_LIST *DBList, - const void *ConstructParams, - const CSSM_CERTGROUP *CertGroupFrag, - CSSM_CERTGROUP_PTR *CertGroup); - CSSM_RETURN (CSSMTPI *CertGroupPrune) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_DL_DB_LIST *DBList, - const CSSM_CERTGROUP *OrderedCertGroup, - CSSM_CERTGROUP_PTR *PrunedCertGroup); - CSSM_RETURN (CSSMTPI *CertGroupToTupleGroup) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_CERTGROUP *CertGroup, - CSSM_TUPLEGROUP_PTR *TupleGroup); - CSSM_RETURN (CSSMTPI *TupleGroupToCertGroup) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - const CSSM_TUPLEGROUP *TupleGroup, - CSSM_CERTGROUP_PTR *CertTemplates); - CSSM_RETURN (CSSMTPI *PassThrough) - (CSSM_TP_HANDLE TPHandle, - CSSM_CL_HANDLE CLHandle, - CSSM_CC_HANDLE CCHandle, - const CSSM_DL_DB_LIST *DBList, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); -} CSSM_SPI_TP_FUNCS, *CSSM_SPI_TP_FUNCS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMTPI_H_ */ diff --git a/cdsa/cdsa/cssmtype.h b/cdsa/cdsa/cssmtype.h deleted file mode 100644 index 86b1c714..00000000 --- a/cdsa/cdsa/cssmtype.h +++ /dev/null @@ -1,2074 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: cssmtype.h - - Contains: Common Security Services Manager Common Data Types - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CSSMTYPE_H_ -#define _CSSMTYPE_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Handle types. */ - -typedef uint32 CSSM_HANDLE, *CSSM_HANDLE_PTR; - -typedef uint64 CSSM_LONG_HANDLE, *CSSM_LONG_HANDLE_PTR; - -typedef CSSM_HANDLE CSSM_MODULE_HANDLE, *CSSM_MODULE_HANDLE_PTR; - -typedef CSSM_LONG_HANDLE CSSM_CC_HANDLE; /* Cryptographic Context Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_CSP_HANDLE; /* Cryptographic Service Provider Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_TP_HANDLE; /* Trust Policy Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_AC_HANDLE; /* Authorization Computation Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_CL_HANDLE; /* Certificate Library Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_DL_HANDLE; /* Data Storage Library Handle */ - -typedef CSSM_MODULE_HANDLE CSSM_DB_HANDLE; /* Data Storage Database Handle */ - - -/* invalid or NULL value for any CSSM_HANDLE type */ -enum { - CSSM_INVALID_HANDLE = 0 -}; - - -/* Data Types for Core Services */ - -typedef sint32 CSSM_BOOL; -enum { - CSSM_FALSE = 0, - CSSM_TRUE = !CSSM_FALSE -}; - -/* The standard declares this as uint32 but we changed it to sint32 to match OSStatus. */ -typedef sint32 CSSM_RETURN; -enum { - CSSM_OK = 0 -}; - -enum { - CSSM_MODULE_STRING_SIZE = 64 -}; -typedef char CSSM_STRING [CSSM_MODULE_STRING_SIZE + 4]; - -typedef struct cssm_data { - uint32 Length; /* in bytes */ - uint8 *Data; -} CSSM_DATA, *CSSM_DATA_PTR; - -typedef struct cssm_guid { - uint32 Data1; - uint16 Data2; - uint16 Data3; - uint8 Data4[8]; -} CSSM_GUID, *CSSM_GUID_PTR; - -typedef uint32 CSSM_BITMASK; -typedef CSSM_BITMASK CSSM_KEY_HIERARCHY; -enum { - CSSM_KEY_HIERARCHY_NONE = 0, - CSSM_KEY_HIERARCHY_INTEG = 1, - CSSM_KEY_HIERARCHY_EXPORT = 2 -}; - -typedef CSSM_BITMASK CSSM_PVC_MODE; -enum { - CSSM_PVC_NONE = 0, - CSSM_PVC_APP = 1, - CSSM_PVC_SP = 2 -}; - -typedef uint32 CSSM_PRIVILEGE_SCOPE; -enum { - CSSM_PRIVILEGE_SCOPE_NONE = 0, - CSSM_PRIVILEGE_SCOPE_PROCESS = 1, - CSSM_PRIVILEGE_SCOPE_THREAD = 2 -}; - -typedef struct cssm_version { - uint32 Major; - uint32 Minor; -} CSSM_VERSION, *CSSM_VERSION_PTR; - -typedef uint32 CSSM_SERVICE_MASK; -enum { - CSSM_SERVICE_CSSM = 0x1, - CSSM_SERVICE_CSP = 0x2, - CSSM_SERVICE_DL = 0x4, - CSSM_SERVICE_CL = 0x8, - CSSM_SERVICE_TP = 0x10, - CSSM_SERVICE_AC = 0x20, - CSSM_SERVICE_KR = 0x40 -}; - -typedef CSSM_SERVICE_MASK CSSM_SERVICE_TYPE; - -typedef struct cssm_subservice_uid { - CSSM_GUID Guid; - CSSM_VERSION Version; - uint32 SubserviceId; - CSSM_SERVICE_TYPE SubserviceType; -} CSSM_SUBSERVICE_UID, *CSSM_SUBSERVICE_UID_PTR; - -typedef uint32 CSSM_MODULE_EVENT, *CSSM_MODULE_EVENT_PTR; -enum { - CSSM_NOTIFY_INSERT = 1, - CSSM_NOTIFY_REMOVE = 2, - CSSM_NOTIFY_FAULT = 3 -}; - -typedef CSSM_RETURN (CSSMAPI *CSSM_API_ModuleEventHandler) - (const CSSM_GUID *ModuleGuid, - void* AppNotifyCallbackCtx, - uint32 SubserviceId, - CSSM_SERVICE_TYPE ServiceType, - CSSM_MODULE_EVENT EventType); - -typedef uint32 CSSM_ATTACH_FLAGS; -enum { - CSSM_ATTACH_READ_ONLY = 0x00000001 -}; - -/* Non-export privilege range: (0x00000000 - 0x7FFFFFFF) */ -/* Vendor specific range: (0x80000000 - 0xFFFFFFFF) */ -typedef uint64 CSSM_PRIVILEGE; -typedef CSSM_PRIVILEGE CSSM_USEE_TAG; -enum { - CSSM_USEE_LAST = 0xFF, - CSSM_USEE_NONE = 0, - CSSM_USEE_DOMESTIC = 1, - CSSM_USEE_FINANCIAL = 2, - CSSM_USEE_KRLE = 3, - CSSM_USEE_KRENT = 4, - CSSM_USEE_SSL = 5, - CSSM_USEE_AUTHENTICATION = 6, - CSSM_USEE_KEYEXCH = 7, - CSSM_USEE_MEDICAL = 8, - CSSM_USEE_INSURANCE = 9, - CSSM_USEE_WEAK = 10 -}; - -typedef uint32 CSSM_NET_ADDRESS_TYPE; -enum { - CSSM_ADDR_NONE = 0, - CSSM_ADDR_CUSTOM = 1, - CSSM_ADDR_URL = 2, /* char* */ - CSSM_ADDR_SOCKADDR = 3, - CSSM_ADDR_NAME = 4 /* char* - qualified by access method */ -}; - -typedef struct cssm_net_address { - CSSM_NET_ADDRESS_TYPE AddressType; - CSSM_DATA Address; -} CSSM_NET_ADDRESS, *CSSM_NET_ADDRESS_PTR; - -typedef uint32 CSSM_NET_PROTOCOL; -enum { - CSSM_NET_PROTO_NONE = 0, /* local */ - CSSM_NET_PROTO_CUSTOM = 1, /* proprietary implementation */ - CSSM_NET_PROTO_UNSPECIFIED = 2, /* implementation default */ - CSSM_NET_PROTO_LDAP = 3, /* light weight directory access protocol */ - CSSM_NET_PROTO_LDAPS = 4, /* ldap/ssl where SSL initiates the connection */ - CSSM_NET_PROTO_LDAPNS = 5, /* ldap where ldap negotiates an SSL session */ - CSSM_NET_PROTO_X500DAP = 6, /* x.500 Directory access protocol */ - CSSM_NET_PROTO_FTP = 7, /* ftp for cert/crl fetch */ - CSSM_NET_PROTO_FTPS = 8, /* ftp/ssl/tls where SSL/TLS initiates the connection */ - CSSM_NET_PROTO_OCSP = 9, /* online certificate status protocol */ - CSSM_NET_PROTO_CMP = 10, /* the cert request protocol in PKIX3 */ - CSSM_NET_PROTO_CMPS = 11 /* The ssl/tls derivative of CMP */ -}; - -typedef CSSM_RETURN (CSSMAPI *CSSM_CALLBACK) - (CSSM_DATA_PTR OutData, void *CallerCtx); - -typedef struct cssm_crypto_data { - CSSM_DATA Param; - CSSM_CALLBACK Callback; - void *CallerCtx; -} CSSM_CRYPTO_DATA, *CSSM_CRYPTO_DATA_PTR; - -typedef sint32 CSSM_WORDID_TYPE; -enum { - CSSM_WORDID__UNK_ = -1, /* not in dictionary */ - CSSM_WORDID__NLU_ = 0, /* not yet looked up */ - CSSM_WORDID__STAR_ = 1, - CSSM_WORDID_A = 2, - CSSM_WORDID_ACL = 3, - CSSM_WORDID_ALPHA = 4, - CSSM_WORDID_B = 5, - CSSM_WORDID_BER = 6, - CSSM_WORDID_BINARY = 7, - CSSM_WORDID_BIOMETRIC = 8, - CSSM_WORDID_C = 9, - CSSM_WORDID_CANCELED = 10, - CSSM_WORDID_CERT = 11, - CSSM_WORDID_COMMENT = 12, - CSSM_WORDID_CRL = 13, - CSSM_WORDID_CUSTOM = 14, - CSSM_WORDID_D = 15, - CSSM_WORDID_DATE = 16, - CSSM_WORDID_DB_DELETE = 17, - CSSM_WORDID_DB_EXEC_STORED_QUERY = 18, - CSSM_WORDID_DB_INSERT = 19, - CSSM_WORDID_DB_MODIFY = 20, - CSSM_WORDID_DB_READ = 21, - CSSM_WORDID_DBS_CREATE = 22, - CSSM_WORDID_DBS_DELETE = 23, - CSSM_WORDID_DECRYPT = 24, - CSSM_WORDID_DELETE = 25, - CSSM_WORDID_DELTA_CRL = 26, - CSSM_WORDID_DER = 27, - CSSM_WORDID_DERIVE = 28, - CSSM_WORDID_DISPLAY = 29, - CSSM_WORDID_DO = 30, - CSSM_WORDID_DSA = 31, - CSSM_WORDID_DSA_SHA1 = 32, - CSSM_WORDID_E = 33, - CSSM_WORDID_ELGAMAL = 34, - CSSM_WORDID_ENCRYPT = 35, - CSSM_WORDID_ENTRY = 36, - CSSM_WORDID_EXPORT_CLEAR = 37, - CSSM_WORDID_EXPORT_WRAPPED = 38, - CSSM_WORDID_G = 39, - CSSM_WORDID_GE = 40, - CSSM_WORDID_GENKEY = 41, - CSSM_WORDID_HASH = 42, - CSSM_WORDID_HASHED_PASSWORD = 43, - CSSM_WORDID_HASHED_SUBJECT = 44, - CSSM_WORDID_HAVAL = 45, - CSSM_WORDID_IBCHASH = 46, - CSSM_WORDID_IMPORT_CLEAR = 47, - CSSM_WORDID_IMPORT_WRAPPED = 48, - CSSM_WORDID_INTEL = 49, - CSSM_WORDID_ISSUER = 50, - CSSM_WORDID_ISSUER_INFO = 51, - CSSM_WORDID_K_OF_N = 52, - CSSM_WORDID_KEA = 53, - CSSM_WORDID_KEYHOLDER = 54, - CSSM_WORDID_L = 55, - CSSM_WORDID_LE = 56, - CSSM_WORDID_LOGIN = 57, - CSSM_WORDID_LOGIN_NAME = 58, - CSSM_WORDID_MAC = 59, - CSSM_WORDID_MD2 = 60, - CSSM_WORDID_MD2WITHRSA = 61, - CSSM_WORDID_MD4 = 62, - CSSM_WORDID_MD5 = 63, - CSSM_WORDID_MD5WITHRSA = 64, - CSSM_WORDID_N = 65, - CSSM_WORDID_NAME = 66, - CSSM_WORDID_NDR = 67, - CSSM_WORDID_NHASH = 68, - CSSM_WORDID_NOT_AFTER = 69, - CSSM_WORDID_NOT_BEFORE = 70, - CSSM_WORDID_NULL = 71, - CSSM_WORDID_NUMERIC = 72, - CSSM_WORDID_OBJECT_HASH = 73, - CSSM_WORDID_ONE_TIME = 74, - CSSM_WORDID_ONLINE = 75, - CSSM_WORDID_OWNER = 76, - CSSM_WORDID_P = 77, - CSSM_WORDID_PAM_NAME = 78, - CSSM_WORDID_PASSWORD = 79, - CSSM_WORDID_PGP = 80, - CSSM_WORDID_PREFIX = 81, - CSSM_WORDID_PRIVATE_KEY = 82, - CSSM_WORDID_PROMPTED_BIOMETRIC = 83, - CSSM_WORDID_PROMPTED_PASSWORD = 84, - CSSM_WORDID_PROPAGATE = 85, - CSSM_WORDID_PROTECTED_BIOMETRIC = 86, - CSSM_WORDID_PROTECTED_PASSWORD = 87, - CSSM_WORDID_PROTECTED_PIN = 88, - CSSM_WORDID_PUBLIC_KEY = 89, - CSSM_WORDID_PUBLIC_KEY_FROM_CERT = 90, - CSSM_WORDID_Q = 91, - CSSM_WORDID_RANGE = 92, - CSSM_WORDID_REVAL = 93, - CSSM_WORDID_RIPEMAC = 94, - CSSM_WORDID_RIPEMD = 95, - CSSM_WORDID_RIPEMD160 = 96, - CSSM_WORDID_RSA = 97, - CSSM_WORDID_RSA_ISO9796 = 98, - CSSM_WORDID_RSA_PKCS = 99, - CSSM_WORDID_RSA_PKCS_MD5 = 100, - CSSM_WORDID_RSA_PKCS_SHA1 = 101, - CSSM_WORDID_RSA_PKCS1 = 102, - CSSM_WORDID_RSA_PKCS1_MD5 = 103, - CSSM_WORDID_RSA_PKCS1_SHA1 = 104, - CSSM_WORDID_RSA_PKCS1_SIG = 105, - CSSM_WORDID_RSA_RAW = 106, - CSSM_WORDID_SDSIV1 = 107, - CSSM_WORDID_SEQUENCE = 108, - CSSM_WORDID_SET = 109, - CSSM_WORDID_SEXPR = 110, - CSSM_WORDID_SHA1 = 111, - CSSM_WORDID_SHA1WITHDSA = 112, - CSSM_WORDID_SHA1WITHECDSA = 113, - CSSM_WORDID_SHA1WITHRSA = 114, - CSSM_WORDID_SIGN = 115, - CSSM_WORDID_SIGNATURE = 116, - CSSM_WORDID_SIGNED_NONCE = 117, - CSSM_WORDID_SIGNED_SECRET = 118, - CSSM_WORDID_SPKI = 119, - CSSM_WORDID_SUBJECT = 120, - CSSM_WORDID_SUBJECT_INFO = 121, - CSSM_WORDID_TAG = 122, - CSSM_WORDID_THRESHOLD = 123, - CSSM_WORDID_TIME = 124, - CSSM_WORDID_URI = 125, - CSSM_WORDID_VERSION = 126, - CSSM_WORDID_X509_ATTRIBUTE = 127, - CSSM_WORDID_X509V1 = 128, - CSSM_WORDID_X509V2 = 129, - CSSM_WORDID_X509V3 = 130, - CSSM_WORDID_X9_ATTRIBUTE = 131, - CSSM_WORDID_VENDOR_START = 0x00010000, - CSSM_WORDID_VENDOR_END = 0x7FFF0000 -}; - -typedef uint32 CSSM_LIST_ELEMENT_TYPE, *CSSM_LIST_ELEMENT_TYPE_PTR; -enum { - CSSM_LIST_ELEMENT_DATUM = 0x00, - CSSM_LIST_ELEMENT_SUBLIST = 0x01, - CSSM_LIST_ELEMENT_WORDID = 0x02 -}; - -typedef uint32 CSSM_LIST_TYPE, *CSSM_LIST_TYPE_PTR; -enum { - CSSM_LIST_TYPE_UNKNOWN = 0, - CSSM_LIST_TYPE_CUSTOM = 1, - CSSM_LIST_TYPE_SEXPR = 2 -}; - -typedef struct cssm_list_element *CSSM_LIST_ELEMENT_PTR; - -typedef struct cssm_list { - CSSM_LIST_TYPE ListType; /* type of this list */ - CSSM_LIST_ELEMENT_PTR Head; /* head of the list */ - CSSM_LIST_ELEMENT_PTR Tail; /* tail of the list */ -} CSSM_LIST, *CSSM_LIST_PTR; - -typedef struct cssm_list_element { - struct cssm_list_element *NextElement; /* next list element */ - CSSM_WORDID_TYPE WordID; /* integer identifier associated */ - /* with a Word value */ - CSSM_LIST_ELEMENT_TYPE ElementType; - union { - CSSM_LIST Sublist; /* sublist */ - CSSM_DATA Word; /* a byte-string */ - } Element; -} CSSM_LIST_ELEMENT; - -typedef struct { /* 5-tuple definition */ - CSSM_LIST Issuer; /* issuer, or empty if ACL */ - CSSM_LIST Subject; /* subject */ - CSSM_BOOL Delegate; /* permission to delegate */ - CSSM_LIST AuthorizationTag; /* authorization field */ - CSSM_LIST ValidityPeriod; /* validity information (dates) */ -} CSSM_TUPLE, *CSSM_TUPLE_PTR; - -typedef struct cssm_tuplegroup { - uint32 NumberOfTuples; - CSSM_TUPLE_PTR Tuples; -} CSSM_TUPLEGROUP, *CSSM_TUPLEGROUP_PTR; - -typedef CSSM_WORDID_TYPE CSSM_SAMPLE_TYPE; -enum { - CSSM_SAMPLE_TYPE_PASSWORD = CSSM_WORDID_PASSWORD, - CSSM_SAMPLE_TYPE_HASHED_PASSWORD = CSSM_WORDID_HASHED_PASSWORD, - CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD = CSSM_WORDID_PROTECTED_PASSWORD, - CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD = CSSM_WORDID_PROMPTED_PASSWORD, - CSSM_SAMPLE_TYPE_SIGNED_NONCE = CSSM_WORDID_SIGNED_NONCE, - CSSM_SAMPLE_TYPE_SIGNED_SECRET = CSSM_WORDID_SIGNED_SECRET, - CSSM_SAMPLE_TYPE_BIOMETRIC = CSSM_WORDID_BIOMETRIC, - CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC = CSSM_WORDID_PROTECTED_BIOMETRIC, - CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC = CSSM_WORDID_PROMPTED_BIOMETRIC, - CSSM_SAMPLE_TYPE_THRESHOLD = CSSM_WORDID_THRESHOLD -}; - -typedef struct cssm_sample { - CSSM_LIST TypedSample; - const CSSM_SUBSERVICE_UID *Verifier; -} CSSM_SAMPLE, *CSSM_SAMPLE_PTR; - -typedef struct cssm_samplegroup { - uint32 NumberOfSamples; - const CSSM_SAMPLE *Samples; -} CSSM_SAMPLEGROUP, *CSSM_SAMPLEGROUP_PTR; - -typedef void *(CSSMAPI *CSSM_MALLOC) - (uint32 size, - void *allocref); - -typedef void (CSSMAPI *CSSM_FREE) - (void *memblock, - void *allocref); - -typedef void *(CSSMAPI *CSSM_REALLOC) - (void *memblock, - uint32 size, - void *allocref); - -typedef void *(CSSMAPI *CSSM_CALLOC) - (uint32 num, - uint32 size, - void *allocref); - -typedef struct cssm_memory_funcs { - CSSM_MALLOC malloc_func; - CSSM_FREE free_func; - CSSM_REALLOC realloc_func; - CSSM_CALLOC calloc_func; - void *AllocRef; -} CSSM_MEMORY_FUNCS, *CSSM_MEMORY_FUNCS_PTR; - -typedef CSSM_MEMORY_FUNCS CSSM_API_MEMORY_FUNCS; -typedef CSSM_API_MEMORY_FUNCS *CSSM_API_MEMORY_FUNCS_PTR; - -typedef CSSM_RETURN (CSSMAPI * CSSM_CHALLENGE_CALLBACK) - (const CSSM_LIST *Challenge, - CSSM_SAMPLEGROUP_PTR Response, - void *CallerCtx, - const CSSM_MEMORY_FUNCS *MemFuncs); - -typedef uint32 CSSM_CERT_TYPE, *CSSM_CERT_TYPE_PTR; -enum { - CSSM_CERT_UNKNOWN = 0x00, - CSSM_CERT_X_509v1 = 0x01, - CSSM_CERT_X_509v2 = 0x02, - CSSM_CERT_X_509v3 = 0x03, - CSSM_CERT_PGP = 0x04, - CSSM_CERT_SPKI = 0x05, - CSSM_CERT_SDSIv1 = 0x06, - CSSM_CERT_Intel = 0x08, - CSSM_CERT_X_509_ATTRIBUTE = 0x09, /* X.509 attribute cert */ - CSSM_CERT_X9_ATTRIBUTE = 0x0A, /* X9 attribute cert */ - CSSM_CERT_TUPLE = 0x0B, - CSSM_CERT_ACL_ENTRY = 0x0C, - CSSM_CERT_MULTIPLE = 0x7FFE, - CSSM_CERT_LAST = 0x7FFF, - /* Applications wishing to define their own custom certificate - type should define and publicly document a uint32 value greater - than the CSSM_CL_CUSTOM_CERT_TYPE */ - CSSM_CL_CUSTOM_CERT_TYPE = 0x08000 -}; - -typedef uint32 CSSM_CERT_ENCODING, *CSSM_CERT_ENCODING_PTR; -enum { - CSSM_CERT_ENCODING_UNKNOWN = 0x00, - CSSM_CERT_ENCODING_CUSTOM = 0x01, - CSSM_CERT_ENCODING_BER = 0x02, - CSSM_CERT_ENCODING_DER = 0x03, - CSSM_CERT_ENCODING_NDR = 0x04, - CSSM_CERT_ENCODING_SEXPR = 0x05, - CSSM_CERT_ENCODING_PGP = 0x06, - CSSM_CERT_ENCODING_MULTIPLE = 0x7FFE, - CSSM_CERT_ENCODING_LAST = 0x7FFF, - /* Applications wishing to define their own custom certificate - encoding should create a uint32 value greater than the - CSSM_CL_CUSTOM_CERT_ENCODING */ - CSSM_CL_CUSTOM_CERT_ENCODING = 0x8000 -}; - -typedef struct cssm_encoded_cert { - CSSM_CERT_TYPE CertType; /* type of certificate */ - CSSM_CERT_ENCODING CertEncoding; /* encoding for this packed cert */ - CSSM_DATA CertBlob; /* packed cert */ -} CSSM_ENCODED_CERT, *CSSM_ENCODED_CERT_PTR; - -typedef uint32 CSSM_CERT_PARSE_FORMAT, *CSSM_CERT_PARSE_FORMAT_PTR; -enum { - CSSM_CERT_PARSE_FORMAT_NONE = 0x00, - CSSM_CERT_PARSE_FORMAT_CUSTOM = 0x01, /* void* */ - CSSM_CERT_PARSE_FORMAT_SEXPR = 0x02, /* CSSM_LIST */ - CSSM_CERT_PARSE_FORMAT_COMPLEX = 0x03, /* void* */ - CSSM_CERT_PARSE_FORMAT_OID_NAMED = 0x04, /* CSSM_FIELDGROUP */ - CSSM_CERT_PARSE_FORMAT_TUPLE = 0x05, /* CSSM_TUPLE */ - CSSM_CERT_PARSE_FORMAT_MULTIPLE = 0x7FFE, -/* multiple forms, each cert carries a - parse format indicator */ - CSSM_CERT_PARSE_FORMAT_LAST = 0x7FFF, -/* Applications wishing to define their - own custom parse format should create - a * uint32 value greater than the - CSSM_CL_CUSTOM_CERT_PARSE_FORMAT */ - CSSM_CL_CUSTOM_CERT_PARSE_FORMAT = 0x8000 -}; - -typedef struct cssm_parsed_cert { - CSSM_CERT_TYPE CertType; /* certificate type */ - CSSM_CERT_PARSE_FORMAT ParsedCertFormat; - /* struct of ParsedCert */ - void *ParsedCert; /* parsed cert (to be typecast) */ -} CSSM_PARSED_CERT, *CSSM_PARSED_CERT_PTR; - -typedef struct cssm_cert_pair { - CSSM_ENCODED_CERT EncodedCert; /* an encoded certificate blob */ - CSSM_PARSED_CERT ParsedCert; /* equivalent parsed certificate */ -} CSSM_CERT_PAIR, *CSSM_CERT_PAIR_PTR; - -typedef uint32 CSSM_CERTGROUP_TYPE, *CSSM_CERTGROUP_TYPE_PTR; -enum { - CSSM_CERTGROUP_DATA = 0x00, - CSSM_CERTGROUP_ENCODED_CERT = 0x01, - CSSM_CERTGROUP_PARSED_CERT = 0x02, - CSSM_CERTGROUP_CERT_PAIR = 0x03 -}; - -typedef struct cssm_certgroup { - CSSM_CERT_TYPE CertType; - CSSM_CERT_ENCODING CertEncoding; - uint32 NumCerts; /* # of certificates in this list */ - union { - CSSM_DATA_PTR CertList; /* legacy list of single type certificate blobs */ - CSSM_ENCODED_CERT_PTR EncodedCertList; - /* list of multi-type certificate blobs */ - CSSM_PARSED_CERT_PTR ParsedCertList; - /* list of multi-type parsed certs */ - CSSM_CERT_PAIR_PTR PairCertList; - /*list of single or multi-type certs with two representations: blob and parsed */ - } GroupList; - CSSM_CERTGROUP_TYPE CertGroupType; - /* type of structure in the GroupList */ - void *Reserved; /* reserved for implementation dependent use */ -} CSSM_CERTGROUP, *CSSM_CERTGROUP_PTR; - -typedef struct cssm_base_certs { - CSSM_TP_HANDLE TPHandle; - CSSM_CL_HANDLE CLHandle; - CSSM_CERTGROUP Certs; -} CSSM_BASE_CERTS, *CSSM_BASE_CERTS_PTR; - -typedef struct cssm_access_credentials { - CSSM_STRING EntryTag; - CSSM_BASE_CERTS BaseCerts; - CSSM_SAMPLEGROUP Samples; - CSSM_CHALLENGE_CALLBACK Callback; - void *CallerCtx; -} CSSM_ACCESS_CREDENTIALS, *CSSM_ACCESS_CREDENTIALS_PTR; - -typedef sint32 CSSM_ACL_SUBJECT_TYPE; -enum { - CSSM_ACL_SUBJECT_TYPE_ANY = CSSM_WORDID__STAR_, - CSSM_ACL_SUBJECT_TYPE_THRESHOLD = CSSM_WORDID_THRESHOLD, - CSSM_ACL_SUBJECT_TYPE_PASSWORD = CSSM_WORDID_PASSWORD, - CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD = CSSM_WORDID_PROTECTED_PASSWORD, - CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD = CSSM_WORDID_PROMPTED_PASSWORD, - CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY = CSSM_WORDID_PUBLIC_KEY, - CSSM_ACL_SUBJECT_TYPE_HASHED_SUBJECT = CSSM_WORDID_HASHED_SUBJECT, - CSSM_ACL_SUBJECT_TYPE_BIOMETRIC = CSSM_WORDID_BIOMETRIC, - CSSM_ACL_SUBJECT_TYPE_PROTECTED_BIOMETRIC = CSSM_WORDID_PROTECTED_BIOMETRIC, - CSSM_ACL_SUBJECT_TYPE_PROMPTED_BIOMETRIC = CSSM_WORDID_PROMPTED_BIOMETRIC, - CSSM_ACL_SUBJECT_TYPE_LOGIN_NAME = CSSM_WORDID_LOGIN_NAME, - CSSM_ACL_SUBJECT_TYPE_EXT_PAM_NAME = CSSM_WORDID_PAM_NAME -}; - -/* Authorization tag type */ -typedef sint32 CSSM_ACL_AUTHORIZATION_TAG; -enum { - /* All vendor specific constants must be in the number range - starting at CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START */ - CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START = 0x00010000, - /* No restrictions. Permission to perform all operations on - the resource or available to an ACL owner. */ - CSSM_ACL_AUTHORIZATION_ANY = CSSM_WORDID__STAR_, - /* Defined authorization tag values for CSPs */ - CSSM_ACL_AUTHORIZATION_LOGIN = CSSM_WORDID_LOGIN, - CSSM_ACL_AUTHORIZATION_GENKEY = CSSM_WORDID_GENKEY, - CSSM_ACL_AUTHORIZATION_DELETE = CSSM_WORDID_DELETE, - CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED = CSSM_WORDID_EXPORT_WRAPPED, - CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR = CSSM_WORDID_EXPORT_CLEAR, - CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED = CSSM_WORDID_IMPORT_WRAPPED, - CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR = CSSM_WORDID_IMPORT_CLEAR, - CSSM_ACL_AUTHORIZATION_SIGN = CSSM_WORDID_SIGN, - CSSM_ACL_AUTHORIZATION_ENCRYPT = CSSM_WORDID_ENCRYPT, - CSSM_ACL_AUTHORIZATION_DECRYPT = CSSM_WORDID_DECRYPT, - CSSM_ACL_AUTHORIZATION_MAC = CSSM_WORDID_MAC, - CSSM_ACL_AUTHORIZATION_DERIVE = CSSM_WORDID_DERIVE, - /* Defined authorization tag values for DLs */ - CSSM_ACL_AUTHORIZATION_DBS_CREATE = CSSM_WORDID_DBS_CREATE, - CSSM_ACL_AUTHORIZATION_DBS_DELETE = CSSM_WORDID_DBS_DELETE, - CSSM_ACL_AUTHORIZATION_DB_READ = CSSM_WORDID_DB_READ, - CSSM_ACL_AUTHORIZATION_DB_INSERT = CSSM_WORDID_DB_INSERT, - CSSM_ACL_AUTHORIZATION_DB_MODIFY = CSSM_WORDID_DB_MODIFY, - CSSM_ACL_AUTHORIZATION_DB_DELETE = CSSM_WORDID_DB_DELETE -}; - -typedef struct cssm_authorizationgroup { - uint32 NumberOfAuthTags; - CSSM_ACL_AUTHORIZATION_TAG *AuthTags; -} CSSM_AUTHORIZATIONGROUP, *CSSM_AUTHORIZATIONGROUP_PTR; - -typedef struct cssm_acl_validity_period { - CSSM_DATA StartDate; - CSSM_DATA EndDate; -} CSSM_ACL_VALIDITY_PERIOD, *CSSM_ACL_VALIDITY_PERIOD_PTR; - -typedef struct cssm_acl_entry_prototype { - CSSM_LIST TypedSubject; - CSSM_BOOL Delegate; - CSSM_AUTHORIZATIONGROUP Authorization; - CSSM_ACL_VALIDITY_PERIOD TimeRange; - CSSM_STRING EntryTag; -} CSSM_ACL_ENTRY_PROTOTYPE, *CSSM_ACL_ENTRY_PROTOTYPE_PTR; - -typedef struct cssm_acl_owner_prototype { - CSSM_LIST TypedSubject; - CSSM_BOOL Delegate; -} CSSM_ACL_OWNER_PROTOTYPE, *CSSM_ACL_OWNER_PROTOTYPE_PTR; - -typedef CSSM_RETURN (CSSMAPI * CSSM_ACL_SUBJECT_CALLBACK) - (const CSSM_LIST *SubjectRequest, - CSSM_LIST_PTR SubjectResponse, - void *CallerContext, - const CSSM_MEMORY_FUNCS *MemFuncs); - -typedef struct cssm_acl_entry_input { - CSSM_ACL_ENTRY_PROTOTYPE Prototype; - CSSM_ACL_SUBJECT_CALLBACK Callback; - void *CallerContext; -} CSSM_ACL_ENTRY_INPUT, *CSSM_ACL_ENTRY_INPUT_PTR; - -typedef struct cssm_resource_control_context { - CSSM_ACCESS_CREDENTIALS_PTR AccessCred; - CSSM_ACL_ENTRY_INPUT InitialAclEntry; -} CSSM_RESOURCE_CONTROL_CONTEXT, *CSSM_RESOURCE_CONTROL_CONTEXT_PTR; - -typedef CSSM_HANDLE CSSM_ACL_HANDLE; - -typedef struct cssm_acl_entry_info { - CSSM_ACL_ENTRY_PROTOTYPE EntryPublicInfo; - CSSM_ACL_HANDLE EntryHandle; -} CSSM_ACL_ENTRY_INFO, *CSSM_ACL_ENTRY_INFO_PTR; - -typedef uint32 CSSM_ACL_EDIT_MODE; -enum { - CSSM_ACL_EDIT_MODE_ADD = 1, - CSSM_ACL_EDIT_MODE_DELETE = 2, - CSSM_ACL_EDIT_MODE_REPLACE = 3 -}; - -typedef struct cssm_acl_edit { - CSSM_ACL_EDIT_MODE EditMode; - CSSM_ACL_HANDLE OldEntryHandle; - const CSSM_ACL_ENTRY_INPUT *NewEntry; -} CSSM_ACL_EDIT, *CSSM_ACL_EDIT_PTR; - -#if defined(WIN32) -typedef FARPROC CSSM_PROC_ADDR; -#else -typedef void (CSSMAPI *CSSM_PROC_ADDR) (); -#endif -typedef CSSM_PROC_ADDR *CSSM_PROC_ADDR_PTR; - -typedef struct cssm_func_name_addr { - CSSM_STRING Name; - CSSM_PROC_ADDR Address; -} CSSM_FUNC_NAME_ADDR, *CSSM_FUNC_NAME_ADDR_PTR; - - -/* Data Types for Cryptographic Services */ - -typedef struct cssm_date { - uint8 Year[4]; - uint8 Month[2]; - uint8 Day[2]; -} CSSM_DATE, *CSSM_DATE_PTR; - -typedef struct cssm_range { - uint32 Min; /* inclusive minimum value */ - uint32 Max; /* inclusive maximum value */ -} CSSM_RANGE, *CSSM_RANGE_PTR; - -typedef struct cssm_query_size_data { - uint32 SizeInputBlock; /* size of input data block */ - uint32 SizeOutputBlock; /* size of resulting output data block */ -} CSSM_QUERY_SIZE_DATA, *CSSM_QUERY_SIZE_DATA_PTR; - -typedef uint32 CSSM_HEADERVERSION; -enum { - CSSM_KEYHEADER_VERSION = 2 -}; - -typedef struct cssm_key_size { - uint32 LogicalKeySizeInBits; /* Logical key size in bits */ - uint32 EffectiveKeySizeInBits; /* Effective key size in bits */ -} CSSM_KEY_SIZE, *CSSM_KEY_SIZE_PTR; - -typedef uint32 CSSM_KEYBLOB_TYPE; -enum { - CSSM_KEYBLOB_RAW = 0, /* The blob is a clear, raw key */ - CSSM_KEYBLOB_REFERENCE = 2, /* The blob is a reference to a key */ - CSSM_KEYBLOB_WRAPPED = 3, /* The blob is a wrapped RAW key */ - CSSM_KEYBLOB_OTHER = 0xFFFFFFFF -}; - -typedef uint32 CSSM_KEYBLOB_FORMAT; -enum { - /* Raw Format */ - CSSM_KEYBLOB_RAW_FORMAT_NONE = 0, - /* No further conversion need to be done */ - CSSM_KEYBLOB_RAW_FORMAT_PKCS1 = 1, /* RSA PKCS1 V1.5 */ - CSSM_KEYBLOB_RAW_FORMAT_PKCS3 = 2, /* RSA PKCS3 V1.5 */ - CSSM_KEYBLOB_RAW_FORMAT_MSCAPI = 3, /* Microsoft CAPI V2.0 */ - CSSM_KEYBLOB_RAW_FORMAT_PGP = 4, /* PGP V */ - CSSM_KEYBLOB_RAW_FORMAT_FIPS186 = 5, /* US Gov. FIPS 186 - DSS V */ - CSSM_KEYBLOB_RAW_FORMAT_BSAFE = 6, /* RSA Bsafe V3.0 */ - CSSM_KEYBLOB_RAW_FORMAT_CCA = 9, /* CCA clear public key blob */ - CSSM_KEYBLOB_RAW_FORMAT_PKCS8 = 10, /* RSA PKCS8 V1.2 */ - CSSM_KEYBLOB_RAW_FORMAT_SPKI = 11, /* SPKI Specification */ - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING = 12, - CSSM_KEYBLOB_RAW_FORMAT_OTHER = 0xFFFFFFFF /* Other, CSP defined */ -}; -enum { - /* Wrapped Format */ - CSSM_KEYBLOB_WRAPPED_FORMAT_NONE = 0, - /* No further conversion need to be done */ - CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8 = 1, /* RSA PKCS8 V1.2 */ - CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7 = 2, - CSSM_KEYBLOB_WRAPPED_FORMAT_MSCAPI = 3, - CSSM_KEYBLOB_WRAPPED_FORMAT_OTHER = 0xFFFFFFFF /* Other, CSP defined */ -}; -enum { - /* Reference Format */ - CSSM_KEYBLOB_REF_FORMAT_INTEGER = 0, /* Reference is a number or handle */ - CSSM_KEYBLOB_REF_FORMAT_STRING = 1, /* Reference is a string or label */ - CSSM_KEYBLOB_REF_FORMAT_SPKI = 2, /* Reference is an SPKI S-expression */ - /* to be evaluated to locate the key */ - CSSM_KEYBLOB_REF_FORMAT_OTHER = 0xFFFFFFFF /* Other, CSP defined */ -}; - -typedef uint32 CSSM_KEYCLASS; -enum { - CSSM_KEYCLASS_PUBLIC_KEY = 0, /* Key is public key */ - CSSM_KEYCLASS_PRIVATE_KEY = 1, /* Key is private key */ - CSSM_KEYCLASS_SESSION_KEY = 2, /* Key is session or symmetric key */ - CSSM_KEYCLASS_SECRET_PART = 3, /* Key is part of secret key */ - CSSM_KEYCLASS_OTHER = 0xFFFFFFFF /* Other */ -}; - -typedef uint32 CSSM_KEYATTR_FLAGS; -enum { - /* Valid only during call to an API. Will never be valid when set in a key header */ - CSSM_KEYATTR_RETURN_DEFAULT = 0x00000000, - CSSM_KEYATTR_RETURN_DATA = 0x10000000, - CSSM_KEYATTR_RETURN_REF = 0x20000000, - CSSM_KEYATTR_RETURN_NONE = 0x40000000, - /* Valid during an API call and in a key header */ - CSSM_KEYATTR_PERMANENT = 0x00000001, - CSSM_KEYATTR_PRIVATE = 0x00000002, - CSSM_KEYATTR_MODIFIABLE = 0x00000004, - CSSM_KEYATTR_SENSITIVE = 0x00000008, - CSSM_KEYATTR_EXTRACTABLE = 0x00000020, - /* Valid only in a key header generated by a CSP, not valid during an API call */ - CSSM_KEYATTR_ALWAYS_SENSITIVE = 0x00000010, - CSSM_KEYATTR_NEVER_EXTRACTABLE = 0x00000040 -}; - -typedef uint32 CSSM_KEYUSE; -enum { - CSSM_KEYUSE_ANY = 0x80000000, - CSSM_KEYUSE_ENCRYPT = 0x00000001, - CSSM_KEYUSE_DECRYPT = 0x00000002, - CSSM_KEYUSE_SIGN = 0x00000004, - CSSM_KEYUSE_VERIFY = 0x00000008, - CSSM_KEYUSE_SIGN_RECOVER = 0x00000010, - CSSM_KEYUSE_VERIFY_RECOVER = 0x00000020, - CSSM_KEYUSE_WRAP = 0x00000040, - CSSM_KEYUSE_UNWRAP = 0x00000080, - CSSM_KEYUSE_DERIVE = 0x00000100 -}; - -typedef uint32 CSSM_ALGORITHMS; -enum { - CSSM_ALGID_NONE = 0, - CSSM_ALGID_CUSTOM = CSSM_ALGID_NONE + 1, - CSSM_ALGID_DH = CSSM_ALGID_NONE + 2, - CSSM_ALGID_PH = CSSM_ALGID_NONE + 3, - CSSM_ALGID_KEA = CSSM_ALGID_NONE + 4, - CSSM_ALGID_MD2 = CSSM_ALGID_NONE + 5, - CSSM_ALGID_MD4 = CSSM_ALGID_NONE + 6, - CSSM_ALGID_MD5 = CSSM_ALGID_NONE + 7, - CSSM_ALGID_SHA1 = CSSM_ALGID_NONE + 8, - CSSM_ALGID_NHASH = CSSM_ALGID_NONE + 9, - CSSM_ALGID_HAVAL = CSSM_ALGID_NONE + 10, - CSSM_ALGID_RIPEMD = CSSM_ALGID_NONE + 11, - CSSM_ALGID_IBCHASH = CSSM_ALGID_NONE + 12, - CSSM_ALGID_RIPEMAC = CSSM_ALGID_NONE + 13, - CSSM_ALGID_DES = CSSM_ALGID_NONE + 14, - CSSM_ALGID_DESX = CSSM_ALGID_NONE + 15, - CSSM_ALGID_RDES = CSSM_ALGID_NONE + 16, - CSSM_ALGID_3DES_3KEY_EDE = CSSM_ALGID_NONE + 17, - CSSM_ALGID_3DES_2KEY_EDE = CSSM_ALGID_NONE + 18, - CSSM_ALGID_3DES_1KEY_EEE = CSSM_ALGID_NONE + 19, - CSSM_ALGID_3DES_3KEY = CSSM_ALGID_3DES_3KEY_EDE, - CSSM_ALGID_3DES_3KEY_EEE = CSSM_ALGID_NONE + 20, - CSSM_ALGID_3DES_2KEY = CSSM_ALGID_3DES_2KEY_EDE, - CSSM_ALGID_3DES_2KEY_EEE = CSSM_ALGID_NONE + 21, - CSSM_ALGID_3DES_1KEY = CSSM_ALGID_3DES_3KEY_EEE, - CSSM_ALGID_IDEA = CSSM_ALGID_NONE + 22, - CSSM_ALGID_RC2 = CSSM_ALGID_NONE + 23, - CSSM_ALGID_RC5 = CSSM_ALGID_NONE + 24, - CSSM_ALGID_RC4 = CSSM_ALGID_NONE + 25, - CSSM_ALGID_SEAL = CSSM_ALGID_NONE + 26, - CSSM_ALGID_CAST = CSSM_ALGID_NONE + 27, - CSSM_ALGID_BLOWFISH = CSSM_ALGID_NONE + 28, - CSSM_ALGID_SKIPJACK = CSSM_ALGID_NONE + 29, - CSSM_ALGID_LUCIFER = CSSM_ALGID_NONE + 30, - CSSM_ALGID_MADRYGA = CSSM_ALGID_NONE + 31, - CSSM_ALGID_FEAL = CSSM_ALGID_NONE + 32, - CSSM_ALGID_REDOC = CSSM_ALGID_NONE + 33, - CSSM_ALGID_REDOC3 = CSSM_ALGID_NONE + 34, - CSSM_ALGID_LOKI = CSSM_ALGID_NONE + 35, - CSSM_ALGID_KHUFU = CSSM_ALGID_NONE + 36, - CSSM_ALGID_KHAFRE = CSSM_ALGID_NONE + 37, - CSSM_ALGID_MMB = CSSM_ALGID_NONE + 38, - CSSM_ALGID_GOST = CSSM_ALGID_NONE + 39, - CSSM_ALGID_SAFER = CSSM_ALGID_NONE + 40, - CSSM_ALGID_CRAB = CSSM_ALGID_NONE + 41, - CSSM_ALGID_RSA = CSSM_ALGID_NONE + 42, - CSSM_ALGID_DSA = CSSM_ALGID_NONE + 43, - CSSM_ALGID_MD5WithRSA = CSSM_ALGID_NONE + 44, - CSSM_ALGID_MD2WithRSA = CSSM_ALGID_NONE + 45, - CSSM_ALGID_ElGamal = CSSM_ALGID_NONE + 46, - CSSM_ALGID_MD2Random = CSSM_ALGID_NONE + 47, - CSSM_ALGID_MD5Random = CSSM_ALGID_NONE + 48, - CSSM_ALGID_SHARandom = CSSM_ALGID_NONE + 49, - CSSM_ALGID_DESRandom = CSSM_ALGID_NONE + 50, - CSSM_ALGID_SHA1WithRSA = CSSM_ALGID_NONE + 51, - CSSM_ALGID_CDMF = CSSM_ALGID_NONE + 52, - CSSM_ALGID_CAST3 = CSSM_ALGID_NONE + 53, - CSSM_ALGID_CAST5 = CSSM_ALGID_NONE + 54, - CSSM_ALGID_GenericSecret = CSSM_ALGID_NONE + 55, - CSSM_ALGID_ConcatBaseAndKey = CSSM_ALGID_NONE + 56, - CSSM_ALGID_ConcatKeyAndBase = CSSM_ALGID_NONE + 57, - CSSM_ALGID_ConcatBaseAndData = CSSM_ALGID_NONE + 58, - CSSM_ALGID_ConcatDataAndBase = CSSM_ALGID_NONE + 59, - CSSM_ALGID_XORBaseAndData = CSSM_ALGID_NONE + 60, - CSSM_ALGID_ExtractFromKey = CSSM_ALGID_NONE + 61, - CSSM_ALGID_SSL3PreMasterGen = CSSM_ALGID_NONE + 62, - CSSM_ALGID_SSL3MasterDerive = CSSM_ALGID_NONE + 63, - CSSM_ALGID_SSL3KeyAndMacDerive = CSSM_ALGID_NONE + 64, - CSSM_ALGID_SSL3MD5_MAC = CSSM_ALGID_NONE + 65, - CSSM_ALGID_SSL3SHA1_MAC = CSSM_ALGID_NONE + 66, - CSSM_ALGID_PKCS5_PBKDF1_MD5 = CSSM_ALGID_NONE + 67, - CSSM_ALGID_PKCS5_PBKDF1_MD2 = CSSM_ALGID_NONE + 68, - CSSM_ALGID_PKCS5_PBKDF1_SHA1 = CSSM_ALGID_NONE + 69, - CSSM_ALGID_WrapLynks = CSSM_ALGID_NONE + 70, - CSSM_ALGID_WrapSET_OAEP = CSSM_ALGID_NONE + 71, - CSSM_ALGID_BATON = CSSM_ALGID_NONE + 72, - CSSM_ALGID_ECDSA = CSSM_ALGID_NONE + 73, - CSSM_ALGID_MAYFLY = CSSM_ALGID_NONE + 74, - CSSM_ALGID_JUNIPER = CSSM_ALGID_NONE + 75, - CSSM_ALGID_FASTHASH = CSSM_ALGID_NONE + 76, - CSSM_ALGID_3DES = CSSM_ALGID_NONE + 77, - CSSM_ALGID_SSL3MD5 = CSSM_ALGID_NONE + 78, - CSSM_ALGID_SSL3SHA1 = CSSM_ALGID_NONE + 79, - CSSM_ALGID_FortezzaTimestamp = CSSM_ALGID_NONE + 80, - CSSM_ALGID_SHA1WithDSA = CSSM_ALGID_NONE + 81, - CSSM_ALGID_SHA1WithECDSA = CSSM_ALGID_NONE + 82, - CSSM_ALGID_DSA_BSAFE = CSSM_ALGID_NONE + 83, - CSSM_ALGID_ECDH = CSSM_ALGID_NONE + 84, - CSSM_ALGID_ECMQV = CSSM_ALGID_NONE + 85, - CSSM_ALGID_PKCS12_SHA1_PBE = CSSM_ALGID_NONE + 86, - CSSM_ALGID_ECNRA = CSSM_ALGID_NONE + 87, - CSSM_ALGID_SHA1WithECNRA = CSSM_ALGID_NONE + 88, - CSSM_ALGID_ECES = CSSM_ALGID_NONE + 89, - CSSM_ALGID_ECAES = CSSM_ALGID_NONE + 90, - CSSM_ALGID_SHA1HMAC = CSSM_ALGID_NONE + 91, - CSSM_ALGID_FIPS186Random = CSSM_ALGID_NONE + 92, - CSSM_ALGID_ECC = CSSM_ALGID_NONE + 93, - CSSM_ALGID_MQV = CSSM_ALGID_NONE + 94, - CSSM_ALGID_NRA = CSSM_ALGID_NONE + 95, - CSSM_ALGID_IntelPlatformRandom = CSSM_ALGID_NONE + 96, - CSSM_ALGID_UTC = CSSM_ALGID_NONE + 97, - CSSM_ALGID_HAVAL3 = CSSM_ALGID_NONE + 98, - CSSM_ALGID_HAVAL4 = CSSM_ALGID_NONE + 99, - CSSM_ALGID_HAVAL5 = CSSM_ALGID_NONE + 100, - CSSM_ALGID_TIGER = CSSM_ALGID_NONE + 101, - CSSM_ALGID_MD5HMAC = CSSM_ALGID_NONE + 102, - CSSM_ALGID_PKCS5_PBKDF2 = CSSM_ALGID_NONE + 103, - CSSM_ALGID_RUNNING_COUNTER = CSSM_ALGID_NONE + 104, - CSSM_ALGID_LAST = CSSM_ALGID_NONE + 0x7FFFFFFF, -/* All algorithms IDs that are vendor specific, and not - part of the CSSM specification should be defined relative - to CSSM_ALGID_VENDOR_DEFINED. */ - CSSM_ALGID_VENDOR_DEFINED = CSSM_ALGID_NONE + 0x80000000 -}; - -typedef uint32 CSSM_ENCRYPT_MODE; -enum { - CSSM_ALGMODE_NONE = 0, - CSSM_ALGMODE_CUSTOM = CSSM_ALGMODE_NONE + 1, - CSSM_ALGMODE_ECB = CSSM_ALGMODE_NONE + 2, - CSSM_ALGMODE_ECBPad = CSSM_ALGMODE_NONE + 3, - CSSM_ALGMODE_CBC = CSSM_ALGMODE_NONE + 4, - CSSM_ALGMODE_CBC_IV8 = CSSM_ALGMODE_NONE + 5, - CSSM_ALGMODE_CBCPadIV8 = CSSM_ALGMODE_NONE + 6, - CSSM_ALGMODE_CFB = CSSM_ALGMODE_NONE + 7, - CSSM_ALGMODE_CFB_IV8 = CSSM_ALGMODE_NONE + 8, - CSSM_ALGMODE_CFBPadIV8 = CSSM_ALGMODE_NONE + 9, - CSSM_ALGMODE_OFB = CSSM_ALGMODE_NONE + 10, - CSSM_ALGMODE_OFB_IV8 = CSSM_ALGMODE_NONE + 11, - CSSM_ALGMODE_OFBPadIV8 = CSSM_ALGMODE_NONE + 12, - CSSM_ALGMODE_COUNTER = CSSM_ALGMODE_NONE + 13, - CSSM_ALGMODE_BC = CSSM_ALGMODE_NONE + 14, - CSSM_ALGMODE_PCBC = CSSM_ALGMODE_NONE + 15, - CSSM_ALGMODE_CBCC = CSSM_ALGMODE_NONE + 16, - CSSM_ALGMODE_OFBNLF = CSSM_ALGMODE_NONE + 17, - CSSM_ALGMODE_PBC = CSSM_ALGMODE_NONE + 18, - CSSM_ALGMODE_PFB = CSSM_ALGMODE_NONE + 19, - CSSM_ALGMODE_CBCPD = CSSM_ALGMODE_NONE + 20, - CSSM_ALGMODE_PUBLIC_KEY = CSSM_ALGMODE_NONE + 21, - CSSM_ALGMODE_PRIVATE_KEY = CSSM_ALGMODE_NONE + 22, - CSSM_ALGMODE_SHUFFLE = CSSM_ALGMODE_NONE + 23, - CSSM_ALGMODE_ECB64 = CSSM_ALGMODE_NONE + 24, - CSSM_ALGMODE_CBC64 = CSSM_ALGMODE_NONE + 25, - CSSM_ALGMODE_OFB64 = CSSM_ALGMODE_NONE + 26, - CSSM_ALGMODE_CFB32 = CSSM_ALGMODE_NONE + 28, - CSSM_ALGMODE_CFB16 = CSSM_ALGMODE_NONE + 29, - CSSM_ALGMODE_CFB8 = CSSM_ALGMODE_NONE + 30, - CSSM_ALGMODE_WRAP = CSSM_ALGMODE_NONE + 31, - CSSM_ALGMODE_PRIVATE_WRAP = CSSM_ALGMODE_NONE + 32, - CSSM_ALGMODE_RELAYX = CSSM_ALGMODE_NONE + 33, - CSSM_ALGMODE_ECB128 = CSSM_ALGMODE_NONE + 34, - CSSM_ALGMODE_ECB96 = CSSM_ALGMODE_NONE + 35, - CSSM_ALGMODE_CBC128 = CSSM_ALGMODE_NONE + 36, - CSSM_ALGMODE_OAEP_HASH = CSSM_ALGMODE_NONE + 37, - CSSM_ALGMODE_PKCS1_EME_V15 = CSSM_ALGMODE_NONE + 38, - CSSM_ALGMODE_PKCS1_EME_OAEP = CSSM_ALGMODE_NONE + 39, - CSSM_ALGMODE_PKCS1_EMSA_V15 = CSSM_ALGMODE_NONE + 40, - CSSM_ALGMODE_ISO_9796 = CSSM_ALGMODE_NONE + 41, - CSSM_ALGMODE_X9_31 = CSSM_ALGMODE_NONE + 42, - CSSM_ALGMODE_LAST = CSSM_ALGMODE_NONE + 0x7FFFFFFF, -/* All algorithms modes that are vendor specific, and - not part of the CSSM specification should be defined - relative to CSSM_ALGMODE_VENDOR_DEFINED. */ - CSSM_ALGMODE_VENDOR_DEFINED = CSSM_ALGMODE_NONE + 0x80000000 -}; - -typedef struct cssm_keyheader { - CSSM_HEADERVERSION HeaderVersion; /* Key header version */ - CSSM_GUID CspId; /* GUID of CSP generating the key */ - CSSM_KEYBLOB_TYPE BlobType; /* See BlobType enum */ - CSSM_KEYBLOB_FORMAT Format; /* Raw or Reference format */ - CSSM_ALGORITHMS AlgorithmId; /* Algorithm ID of key */ - CSSM_KEYCLASS KeyClass; /* Public/Private/Secret, etc. */ - uint32 LogicalKeySizeInBits; /* Logical key size in bits */ - CSSM_KEYATTR_FLAGS KeyAttr; /* Attribute flags */ - CSSM_KEYUSE KeyUsage; /* Key use flags */ - CSSM_DATE StartDate; /* Effective date of key */ - CSSM_DATE EndDate; /* Expiration date of key */ - CSSM_ALGORITHMS WrapAlgorithmId; /* == CSSM_ALGID_NONE if clear key */ - CSSM_ENCRYPT_MODE WrapMode; /* if alg supports multiple wrapping modes */ - uint32 Reserved; -} CSSM_KEYHEADER, *CSSM_KEYHEADER_PTR; - -typedef struct cssm_key { - CSSM_KEYHEADER KeyHeader; /* Fixed length key header */ - CSSM_DATA KeyData; /* Variable length key data */ -} CSSM_KEY, *CSSM_KEY_PTR; - -typedef CSSM_KEY CSSM_WRAP_KEY, *CSSM_WRAP_KEY_PTR; - -typedef uint32 CSSM_CSPTYPE; -enum { - CSSM_CSP_SOFTWARE = 1, - CSSM_CSP_HARDWARE = CSSM_CSP_SOFTWARE + 1, - CSSM_CSP_HYBRID = CSSM_CSP_SOFTWARE + 2 -}; - -/* From DL. */ -typedef struct cssm_dl_db_handle { - CSSM_DL_HANDLE DLHandle; - CSSM_DB_HANDLE DBHandle; -} CSSM_DL_DB_HANDLE, *CSSM_DL_DB_HANDLE_PTR; - -typedef uint32 CSSM_CONTEXT_TYPE; -enum { - CSSM_ALGCLASS_NONE = 0, - CSSM_ALGCLASS_CUSTOM = CSSM_ALGCLASS_NONE + 1, - CSSM_ALGCLASS_SIGNATURE = CSSM_ALGCLASS_NONE + 2, - CSSM_ALGCLASS_SYMMETRIC = CSSM_ALGCLASS_NONE + 3, - CSSM_ALGCLASS_DIGEST = CSSM_ALGCLASS_NONE + 4, - CSSM_ALGCLASS_RANDOMGEN = CSSM_ALGCLASS_NONE + 5, - CSSM_ALGCLASS_UNIQUEGEN = CSSM_ALGCLASS_NONE + 6, - CSSM_ALGCLASS_MAC = CSSM_ALGCLASS_NONE + 7, - CSSM_ALGCLASS_ASYMMETRIC = CSSM_ALGCLASS_NONE + 8, - CSSM_ALGCLASS_KEYGEN = CSSM_ALGCLASS_NONE + 9, - CSSM_ALGCLASS_DERIVEKEY = CSSM_ALGCLASS_NONE + 10 -}; - -/* Attribute data type tags */ -enum { - CSSM_ATTRIBUTE_DATA_NONE = 0x00000000, - CSSM_ATTRIBUTE_DATA_UINT32 = 0x10000000, - CSSM_ATTRIBUTE_DATA_CSSM_DATA = 0x20000000, - CSSM_ATTRIBUTE_DATA_CRYPTO_DATA = 0x30000000, - CSSM_ATTRIBUTE_DATA_KEY = 0x40000000, - CSSM_ATTRIBUTE_DATA_STRING = 0x50000000, - CSSM_ATTRIBUTE_DATA_DATE = 0x60000000, - CSSM_ATTRIBUTE_DATA_RANGE = 0x70000000, - CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS = 0x80000000, - CSSM_ATTRIBUTE_DATA_VERSION = 0x01000000, - CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE = 0x02000000, - CSSM_ATTRIBUTE_DATA_KR_PROFILE = 0x03000000, - CSSM_ATTRIBUTE_TYPE_MASK = 0xFF000000 -}; - -typedef uint32 CSSM_ATTRIBUTE_TYPE; -enum { - CSSM_ATTRIBUTE_NONE = 0, - CSSM_ATTRIBUTE_CUSTOM = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 1, - CSSM_ATTRIBUTE_DESCRIPTION = CSSM_ATTRIBUTE_DATA_STRING | 2, - CSSM_ATTRIBUTE_KEY = CSSM_ATTRIBUTE_DATA_KEY | 3, - CSSM_ATTRIBUTE_INIT_VECTOR = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 4, - CSSM_ATTRIBUTE_SALT = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 5, - CSSM_ATTRIBUTE_PADDING = CSSM_ATTRIBUTE_DATA_UINT32 | 6, - CSSM_ATTRIBUTE_RANDOM = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 7, - CSSM_ATTRIBUTE_SEED = CSSM_ATTRIBUTE_DATA_CRYPTO_DATA | 8, - CSSM_ATTRIBUTE_PASSPHRASE = CSSM_ATTRIBUTE_DATA_CRYPTO_DATA | 9, - CSSM_ATTRIBUTE_KEY_LENGTH = CSSM_ATTRIBUTE_DATA_UINT32 | 10, - CSSM_ATTRIBUTE_KEY_LENGTH_RANGE = CSSM_ATTRIBUTE_DATA_RANGE | 11, - CSSM_ATTRIBUTE_BLOCK_SIZE = CSSM_ATTRIBUTE_DATA_UINT32 | 12, - CSSM_ATTRIBUTE_OUTPUT_SIZE = CSSM_ATTRIBUTE_DATA_UINT32 | 13, - CSSM_ATTRIBUTE_ROUNDS = CSSM_ATTRIBUTE_DATA_UINT32 | 14, - CSSM_ATTRIBUTE_IV_SIZE = CSSM_ATTRIBUTE_DATA_UINT32 | 15, - CSSM_ATTRIBUTE_ALG_PARAMS = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 16, - CSSM_ATTRIBUTE_LABEL = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 17, - CSSM_ATTRIBUTE_KEY_TYPE = CSSM_ATTRIBUTE_DATA_UINT32 | 18, - CSSM_ATTRIBUTE_MODE = CSSM_ATTRIBUTE_DATA_UINT32 | 19, - CSSM_ATTRIBUTE_EFFECTIVE_BITS = CSSM_ATTRIBUTE_DATA_UINT32 | 20, - CSSM_ATTRIBUTE_START_DATE = CSSM_ATTRIBUTE_DATA_DATE | 21, - CSSM_ATTRIBUTE_END_DATE = CSSM_ATTRIBUTE_DATA_DATE | 22, - CSSM_ATTRIBUTE_KEYUSAGE = CSSM_ATTRIBUTE_DATA_UINT32 | 23, - CSSM_ATTRIBUTE_KEYATTR = CSSM_ATTRIBUTE_DATA_UINT32 | 24, - CSSM_ATTRIBUTE_VERSION = CSSM_ATTRIBUTE_DATA_VERSION | 25, - CSSM_ATTRIBUTE_PRIME = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 26, - CSSM_ATTRIBUTE_BASE = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 27, - CSSM_ATTRIBUTE_SUBPRIME = CSSM_ATTRIBUTE_DATA_CSSM_DATA | 28, - CSSM_ATTRIBUTE_ALG_ID = CSSM_ATTRIBUTE_DATA_UINT32 | 29, - CSSM_ATTRIBUTE_ITERATION_COUNT = CSSM_ATTRIBUTE_DATA_UINT32 | 30, - CSSM_ATTRIBUTE_ROUNDS_RANGE = CSSM_ATTRIBUTE_DATA_RANGE | 31, - CSSM_ATTRIBUTE_KRPROFILE_LOCAL = CSSM_ATTRIBUTE_DATA_KR_PROFILE | 32, - CSSM_ATTRIBUTE_KRPROFILE_REMOTE = CSSM_ATTRIBUTE_DATA_KR_PROFILE | 33, - CSSM_ATTRIBUTE_CSP_HANDLE = CSSM_ATTRIBUTE_DATA_UINT32 | 34, - CSSM_ATTRIBUTE_DL_DB_HANDLE = CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE | 35, - CSSM_ATTRIBUTE_ACCESS_CREDENTIALS = CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS | 36, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT = CSSM_ATTRIBUTE_DATA_UINT32 | 37, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT = CSSM_ATTRIBUTE_DATA_UINT32 | 38, - CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT=CSSM_ATTRIBUTE_DATA_UINT32 | 39, - CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT = CSSM_ATTRIBUTE_DATA_UINT32 | 40 -}; - -typedef uint32 CSSM_PADDING; -enum { - CSSM_PADDING_NONE = 0, - CSSM_PADDING_CUSTOM = CSSM_PADDING_NONE + 1, - CSSM_PADDING_ZERO = CSSM_PADDING_NONE + 2, - CSSM_PADDING_ONE = CSSM_PADDING_NONE + 3, - CSSM_PADDING_ALTERNATE = CSSM_PADDING_NONE + 4, - CSSM_PADDING_FF = CSSM_PADDING_NONE + 5, - CSSM_PADDING_PKCS5 = CSSM_PADDING_NONE + 6, - CSSM_PADDING_PKCS7 = CSSM_PADDING_NONE + 7, - CSSM_PADDING_CIPHERSTEALING = CSSM_PADDING_NONE + 8, - CSSM_PADDING_RANDOM = CSSM_PADDING_NONE + 9, - CSSM_PADDING_PKCS1 = CSSM_PADDING_NONE + 10, -/* All padding types that are vendor specific, and not - part of the CSSM specification should be defined - relative to CSSM_PADDING_VENDOR_DEFINED. */ - CSSM_PADDING_VENDOR_DEFINED = CSSM_PADDING_NONE + 0x80000000 -}; - -typedef CSSM_ALGORITHMS CSSM_KEY_TYPE; - -typedef struct cssm_context_attribute { - CSSM_ATTRIBUTE_TYPE AttributeType; - uint32 AttributeLength; - union cssm_context_attribute_value { - char *String; - uint32 Uint32; - CSSM_ACCESS_CREDENTIALS_PTR AccessCredentials; - CSSM_KEY_PTR Key; - CSSM_DATA_PTR Data; - CSSM_PADDING Padding; - CSSM_DATE_PTR Date; - CSSM_RANGE_PTR Range; - CSSM_CRYPTO_DATA_PTR CryptoData; - CSSM_VERSION_PTR Version; - CSSM_DL_DB_HANDLE_PTR DLDBHandle; - struct cssm_kr_profile *KRProfile; - } Attribute; -} CSSM_CONTEXT_ATTRIBUTE, *CSSM_CONTEXT_ATTRIBUTE_PTR; - -typedef struct cssm_context { - CSSM_CONTEXT_TYPE ContextType; - CSSM_ALGORITHMS AlgorithmType; - uint32 NumberOfAttributes; - CSSM_CONTEXT_ATTRIBUTE_PTR ContextAttributes; - CSSM_CSP_HANDLE CSPHandle; - CSSM_BOOL Privileged; - uint32 /*CSSM_KR_POLICY_FLAGS*/ EncryptionProhibited; - uint32 WorkFactor; - uint32 Reserved; /* reserved for future use */ -} CSSM_CONTEXT, *CSSM_CONTEXT_PTR; - -typedef uint32 CSSM_SC_FLAGS; -enum { - CSSM_CSP_TOK_RNG = 0x00000001, - CSSM_CSP_TOK_CLOCK_EXISTS = 0x00000040 -}; - -typedef uint32 CSSM_CSP_READER_FLAGS; -enum { - CSSM_CSP_RDR_TOKENPRESENT = 0x00000001, - /* Token is present in reader/slot */ - CSSM_CSP_RDR_EXISTS = 0x00000002, - /* Device is a reader with a - removable token */ - CSSM_CSP_RDR_HW = 0x00000004 - /* Slot is a hardware slot */ -}; - -typedef uint32 CSSM_CSP_FLAGS; -enum { - CSSM_CSP_TOK_WRITE_PROTECTED = 0x00000002, - CSSM_CSP_TOK_LOGIN_REQUIRED = 0x00000004, - CSSM_CSP_TOK_USER_PIN_INITIALIZED = 0x00000008, - CSSM_CSP_TOK_PROT_AUTHENTICATION = 0x00000100, - CSSM_CSP_TOK_USER_PIN_EXPIRED = 0x00100000, - CSSM_CSP_TOK_SESSION_KEY_PASSWORD = 0x00200000, - CSSM_CSP_TOK_PRIVATE_KEY_PASSWORD = 0x00400000, - CSSM_CSP_STORES_PRIVATE_KEYS = 0x01000000, - CSSM_CSP_STORES_PUBLIC_KEYS = 0x02000000, - CSSM_CSP_STORES_SESSION_KEYS = 0x04000000, - CSSM_CSP_STORES_CERTIFICATES = 0x08000000, - CSSM_CSP_STORES_GENERIC = 0x10000000 -}; - -typedef uint32 CSSM_PKCS_OAEP_MGF; -enum { - CSSM_PKCS_OAEP_MGF_NONE = 0, - CSSM_PKCS_OAEP_MGF1_SHA1 = CSSM_PKCS_OAEP_MGF_NONE + 1, - CSSM_PKCS_OAEP_MGF1_MD5 = CSSM_PKCS_OAEP_MGF_NONE + 2 -}; - -typedef uint32 CSSM_PKCS_OAEP_PSOURCE; -enum { - CSSM_PKCS_OAEP_PSOURCE_NONE = 0, - CSSM_PKCS_OAEP_PSOURCE_Pspecified = CSSM_PKCS_OAEP_PSOURCE_NONE + 1 -}; - -typedef struct cssm_pkcs1_oaep_params { - uint32 HashAlgorithm; - CSSM_DATA HashParams; - CSSM_PKCS_OAEP_MGF MGF; - CSSM_DATA MGFParams; - CSSM_PKCS_OAEP_PSOURCE PSource; - CSSM_DATA PSourceParams; -} CSSM_PKCS1_OAEP_PARAMS, *CSSM_PKCS1_OAEP_PARAMS_PTR; - -typedef struct cssm_csp_operational_statistics { - CSSM_BOOL UserAuthenticated; - /* CSSM_TRUE if the user is logged in to the token, CSSM_FALSE otherwise. */ - CSSM_CSP_FLAGS DeviceFlags; - uint32 TokenMaxSessionCount; /* Exported by Cryptoki modules. */ - uint32 TokenOpenedSessionCount; - uint32 TokenMaxRWSessionCount; - uint32 TokenOpenedRWSessionCount; - uint32 TokenTotalPublicMem; /* Storage space statistics. */ - uint32 TokenFreePublicMem; - uint32 TokenTotalPrivateMem; - uint32 TokenFreePrivateMem; -} CSSM_CSP_OPERATIONAL_STATISTICS, *CSSM_CSP_OPERATIONAL_STATISTICS_PTR; - -/* Indicates that the statistical value can not be revealed or is not - relevant for a CSP */ -enum { - CSSM_VALUE_NOT_AVAILABLE = (uint32)(~0) -}; - -typedef struct cssm_pkcs5_pbkdf1_params { - CSSM_DATA Passphrase; - CSSM_DATA InitVector; -} CSSM_PKCS5_PBKDF1_PARAMS, *CSSM_PKCS5_PBKDF1_PARAMS_PTR; - -typedef uint32 CSSM_PKCS5_PBKDF2_PRF; -enum { - CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1 = 0 -}; - -typedef struct cssm_pkcs5_pbkdf2_params { - CSSM_DATA Passphrase; - CSSM_PKCS5_PBKDF2_PRF PseudoRandomFunction; -} CSSM_PKCS5_PBKDF2_PARAMS, *CSSM_PKCS5_PBKDF2_PARAMS_PTR; - -typedef struct cssm_kea_derive_params { - CSSM_DATA Rb; - CSSM_DATA Yb; -} CSSM_KEA_DERIVE_PARAMS, *CSSM_KEA_DERIVE_PARAMS_PTR; - - -/* Data Types for Trust Policy Services */ - -typedef struct cssm_tp_authority_id { - CSSM_DATA *AuthorityCert; - CSSM_NET_ADDRESS_PTR AuthorityLocation; -} CSSM_TP_AUTHORITY_ID, *CSSM_TP_AUTHORITY_ID_PTR; - -typedef uint32 CSSM_TP_AUTHORITY_REQUEST_TYPE, *CSSM_TP_AUTHORITY_REQUEST_TYPE_PTR; -enum { - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE = 0x01, - CSSM_TP_AUTHORITY_REQUEST_CERTREVOKE = 0x02, - CSSM_TP_AUTHORITY_REQUEST_CERTSUSPEND = 0x03, - CSSM_TP_AUTHORITY_REQUEST_CERTRESUME = 0x04, - CSSM_TP_AUTHORITY_REQUEST_CERTVERIFY = 0x05, - CSSM_TP_AUTHORITY_REQUEST_CERTNOTARIZE = 0x06, - CSSM_TP_AUTHORITY_REQUEST_CERTUSERECOVER = 0x07, - CSSM_TP_AUTHORITY_REQUEST_CRLISSUE = 0x100 -}; - -typedef CSSM_RETURN (CSSMAPI * CSSM_TP_VERIFICATION_RESULTS_CALLBACK) - (CSSM_MODULE_HANDLE ModuleHandle, - void *CallerCtx, - CSSM_DATA_PTR VerifiedCert); - -/* From CL */ -typedef CSSM_DATA CSSM_OID, *CSSM_OID_PTR; - -typedef struct cssm_field { - CSSM_OID FieldOid; - CSSM_DATA FieldValue; -} CSSM_FIELD, *CSSM_FIELD_PTR; - -/* TP Again. */ -typedef struct cssm_tp_policyinfo { - uint32 NumberOfPolicyIds; - CSSM_FIELD_PTR PolicyIds; - void *PolicyControl; -} CSSM_TP_POLICYINFO, *CSSM_TP_POLICYINFO_PTR; - -typedef uint32 CSSM_TP_SERVICES; -enum { - /* bit masks for additional Authority services available through TP */ - CSSM_TP_KEY_ARCHIVE = 0x0001, /* archive cert & keys */ - CSSM_TP_CERT_PUBLISH = 0x0002, /* register cert in directory */ - CSSM_TP_CERT_NOTIFY_RENEW = 0x0004, /* notify at renewal time */ - CSSM_TP_CERT_DIR_UPDATE = 0x0008, /* update cert registry entry */ - CSSM_TP_CRL_DISTRIBUTE = 0x0010 /* push CRL to everyone */ -}; - -typedef uint32 CSSM_TP_ACTION; -enum { - CSSM_TP_ACTION_DEFAULT = 0 -}; - -typedef uint32 CSSM_TP_STOP_ON; -enum { - CSSM_TP_STOP_ON_POLICY = 0, /* use the pre-defined stopping criteria */ - CSSM_TP_STOP_ON_NONE = 1, /* evaluate all condition whether TRUE or FALSE */ - CSSM_TP_STOP_ON_FIRST_PASS = 2, /* stop evaluation at first TRUE */ - CSSM_TP_STOP_ON_FIRST_FAIL = 3 /* stop evaluation at first FALSE */ -}; - -typedef char *CSSM_TIMESTRING; - -/* From DL. */ -typedef struct cssm_dl_db_list { - uint32 NumHandles; - CSSM_DL_DB_HANDLE_PTR DLDBHandle; -} CSSM_DL_DB_LIST, *CSSM_DL_DB_LIST_PTR; - -/* TP Again. */ -typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; -} CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - -typedef uint32 CSSM_CRL_PARSE_FORMAT, * CSSM_CRL_PARSE_FORMAT_PTR; -enum { - CSSM_CRL_PARSE_FORMAT_NONE = 0x00, - CSSM_CRL_PARSE_FORMAT_CUSTOM = 0x01, - CSSM_CRL_PARSE_FORMAT_SEXPR = 0x02, - CSSM_CRL_PARSE_FORMAT_COMPLEX = 0x03, - CSSM_CRL_PARSE_FORMAT_OID_NAMED = 0x04, - CSSM_CRL_PARSE_FORMAT_TUPLE = 0x05, - CSSM_CRL_PARSE_FORMAT_MULTIPLE = 0x7FFE, - CSSM_CRL_PARSE_FORMAT_LAST = 0x7FFF, - /* Applications wishing to define their own custom parse - format should create a uint32 value greater than the - CSSM_CL_CUSTOM_CRL_PARSE_FORMAT */ - CSSM_CL_CUSTOM_CRL_PARSE_FORMAT = 0x8000 -}; - -/* From CL. */ -typedef uint32 CSSM_CRL_TYPE, *CSSM_CRL_TYPE_PTR; -enum { - CSSM_CRL_TYPE_UNKNOWN = 0x00, - CSSM_CRL_TYPE_X_509v1 = 0x01, - CSSM_CRL_TYPE_X_509v2 = 0x02, - CSSM_CRL_TYPE_SPKI = 0x03, - CSSM_CRL_TYPE_MULTIPLE = 0x7FFE -}; - -typedef uint32 CSSM_CRL_ENCODING, *CSSM_CRL_ENCODING_PTR; -enum { - CSSM_CRL_ENCODING_UNKNOWN = 0x00, - CSSM_CRL_ENCODING_CUSTOM = 0x01, - CSSM_CRL_ENCODING_BER = 0x02, - CSSM_CRL_ENCODING_DER = 0x03, - CSSM_CRL_ENCODING_BLOOM = 0x04, - CSSM_CRL_ENCODING_SEXPR = 0x05, - CSSM_CRL_ENCODING_MULTIPLE = 0x7FFE -}; - -typedef struct cssm_encoded_crl { - CSSM_CRL_TYPE CrlType; /* type of CRL */ - CSSM_CRL_ENCODING CrlEncoding; /* encoding for this packed CRL */ - CSSM_DATA CrlBlob; /* packed CRL */ -} CSSM_ENCODED_CRL, *CSSM_ENCODED_CRL_PTR; - -/* TP Again. */ -typedef struct cssm_parsed_crl { - CSSM_CRL_TYPE CrlType; /* CRL type */ - CSSM_CRL_PARSE_FORMAT ParsedCrlFormat; - /* struct of ParsedCrl */ - void *ParsedCrl; /* parsed CRL (to be typecast) */ -} CSSM_PARSED_CRL, *CSSM_PARSED_CRL_PTR; - -typedef struct cssm_crl_pair { - CSSM_ENCODED_CRL EncodedCrl; /* an encoded CRL blob */ - CSSM_PARSED_CRL ParsedCrl; /* equivalent parsed CRL */ -} CSSM_CRL_PAIR, *CSSM_CRL_PAIR_PTR; - -typedef uint32 CSSM_CRLGROUP_TYPE, * CSSM_CRLGROUP_TYPE_PTR; -enum { - CSSM_CRLGROUP_DATA = 0x00, - CSSM_CRLGROUP_ENCODED_CRL = 0x01, - CSSM_CRLGROUP_PARSED_CRL = 0x02, - CSSM_CRLGROUP_CRL_PAIR = 0x03 -}; - -typedef struct cssm_crlgroup { - CSSM_CRL_TYPE CrlType; - CSSM_CRL_ENCODING CrlEncoding; - uint32 NumberOfCrls; - union { - CSSM_DATA_PTR CrlList; /* CRL blob */ - CSSM_ENCODED_CRL_PTR EncodedCrlList; /* CRL blob w/ separate type */ - CSSM_PARSED_CRL_PTR ParsedCrlList; /* bushy, parsed CRL */ - CSSM_CRL_PAIR_PTR PairCrlList; - } GroupCrlList; - CSSM_CRLGROUP_TYPE CrlGroupType; -} CSSM_CRLGROUP, *CSSM_CRLGROUP_PTR; - -typedef struct cssm_fieldgroup { - int NumberOfFields; /* number of fields in the array */ - CSSM_FIELD_PTR Fields; /* array of fields */ -} CSSM_FIELDGROUP, *CSSM_FIELDGROUP_PTR; - -typedef uint32 CSSM_EVIDENCE_FORM; -enum { - CSSM_EVIDENCE_FORM_UNSPECIFIC = 0x0, - CSSM_EVIDENCE_FORM_CERT = 0x1, - CSSM_EVIDENCE_FORM_CRL = 0x2, - CSSM_EVIDENCE_FORM_CERT_ID = 0x3, - CSSM_EVIDENCE_FORM_CRL_ID = 0x4, - CSSM_EVIDENCE_FORM_VERIFIER_TIME = 0x5, - CSSM_EVIDENCE_FORM_CRL_THISTIME = 0x6, - CSSM_EVIDENCE_FORM_CRL_NEXTTIME = 0x7, - CSSM_EVIDENCE_FORM_POLICYINFO = 0x8, - CSSM_EVIDENCE_FORM_TUPLEGROUP = 0x9 -}; - -typedef struct cssm_evidence { - CSSM_EVIDENCE_FORM EvidenceForm; - void *Evidence; /* Evidence content */ -} CSSM_EVIDENCE, *CSSM_EVIDENCE_PTR; - -typedef struct cssm_tp_verify_context { - CSSM_TP_ACTION Action; - CSSM_DATA ActionData; - CSSM_CRLGROUP Crls; - CSSM_TP_CALLERAUTH_CONTEXT_PTR Cred; -} CSSM_TP_VERIFY_CONTEXT, *CSSM_TP_VERIFY_CONTEXT_PTR; - -typedef struct cssm_tp_verify_context_result { - uint32 NumberOfEvidences; - CSSM_EVIDENCE_PTR Evidence; -} CSSM_TP_VERIFY_CONTEXT_RESULT, *CSSM_TP_VERIFY_CONTEXT_RESULT_PTR; - -typedef struct cssm_tp_request_set { - uint32 NumberOfRequests; - void *Requests; -} CSSM_TP_REQUEST_SET, *CSSM_TP_REQUEST_SET_PTR; - -typedef struct cssm_tp_result_set { - uint32 NumberOfResults; - void *Results; -} CSSM_TP_RESULT_SET, *CSSM_TP_RESULT_SET_PTR; - -typedef uint32 CSSM_TP_CONFIRM_STATUS, *CSSM_TP_CONFIRM_STATUS_PTR; -enum { - CSSM_TP_CONFIRM_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CONFIRM_ACCEPT = 0x1, - /* accept results of executing a - submit-retrieve function pair */ - CSSM_TP_CONFIRM_REJECT = 0x2 - /* reject results of executing a - submit-retrieve function pair */ -}; - -typedef struct cssm_tp_confirm_response { - uint32 NumberOfResponses; - CSSM_TP_CONFIRM_STATUS_PTR Responses; -} CSSM_TP_CONFIRM_RESPONSE, *CSSM_TP_CONFIRM_RESPONSE_PTR; - -enum { - CSSM_ESTIMATED_TIME_UNKNOWN = -1 -}; - -enum { - CSSM_ELAPSED_TIME_UNKNOWN = -1, - CSSM_ELAPSED_TIME_COMPLETE = -2 -}; - -typedef struct cssm_tp_certissue_input { - CSSM_SUBSERVICE_UID CSPSubserviceUid; - CSSM_CL_HANDLE CLHandle; - uint32 NumberOfTemplateFields; - CSSM_FIELD_PTR SubjectCertFields; - CSSM_TP_SERVICES MoreServiceRequests; - uint32 NumberOfServiceControls; - CSSM_FIELD_PTR ServiceControls; - CSSM_ACCESS_CREDENTIALS_PTR UserCredentials; -} CSSM_TP_CERTISSUE_INPUT, *CSSM_TP_CERTISSUE_INPUT_PTR; - -typedef uint32 CSSM_TP_CERTISSUE_STATUS; -enum { - CSSM_TP_CERTISSUE_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CERTISSUE_OK = 0x1, - /* cert issued as requested */ - CSSM_TP_CERTISSUE_OKWITHCERTMODS = 0x2, - /* cert issued but cert contents were - updated by the issuing authority */ - CSSM_TP_CERTISSUE_OKWITHSERVICEMODS = 0x3, - /* cert issued but some requested backend - services were not performed by the - issuing authority */ - CSSM_TP_CERTISSUE_REJECTED = 0x4, - /* cert was not issued due to some error - condition */ - CSSM_TP_CERTISSUE_NOT_AUTHORIZED = 0x5, - /* cert was not issued, the request was - not authorized */ - CSSM_TP_CERTISSUE_WILL_BE_REVOKED = 0x6 - /* cert was issued, but TP has initiated - a revocation of the certificate */ -}; - -typedef struct cssm_tp_certissue_output { - CSSM_TP_CERTISSUE_STATUS IssueStatus; - CSSM_CERTGROUP_PTR CertGroup; - CSSM_TP_SERVICES PerformedServiceRequests; -} CSSM_TP_CERTISSUE_OUTPUT, *CSSM_TP_CERTISSUE_OUTPUT_PTR; - -typedef uint32 CSSM_TP_CERTCHANGE_ACTION; -enum { - CSSM_TP_CERTCHANGE_NONE = 0x0, /* no change */ - CSSM_TP_CERTCHANGE_REVOKE = 0x1, /* Revoke the certificate */ -/* This action type indicates a request to revoke a single - certificate. Notice of the revocation operation remains - in affect until the certificate itself expires. Revocation - should be used to permanently remove a certificate from use. */ - CSSM_TP_CERTCHANGE_HOLD = 0x2, /* Hold/suspend the certificate */ -/* This action type indicates a request to suspend a - single certificate. A suspension operation implies - that the requester intends, at some time in the future, - to request that the certificate be released from hold, - making it available for use again. Placing a hold on - a certificate does not obligate the requester to - request a release. In practice, a certificate may - remain on hold until the certificate itself expires. - Revocation should be used to permanently remove a - certificate from use. */ - CSSM_TP_CERTCHANGE_RELEASE = 0x3 /* Release the held certificate */ -/* This action type indicates a request to release a - single certificate currently on hold. A release - operation makes a certificate available for use again. - Revocation should be used to permanently remove a - certificate from use. */ -}; - -typedef uint32 CSSM_TP_CERTCHANGE_REASON; -enum { - CSSM_TP_CERTCHANGE_REASON_UNKNOWN = 0x0, - /* unspecified */ - CSSM_TP_CERTCHANGE_REASON_KEYCOMPROMISE = 0x1, - /* Subject key believed to be compromised */ - CSSM_TP_CERTCHANGE_REASON_CACOMPROMISE = 0x2, - /* CAÂ’s key believed to be compromised */ - CSSM_TP_CERTCHANGE_REASON_CEASEOPERATION = 0x3, - /* certificate holder ceases operation under - the jurisdiction of this certificate */ - CSSM_TP_CERTCHANGE_REASON_AFFILIATIONCHANGE = 0x4, - /* certificate holder has moved from this - jurisdiction */ - CSSM_TP_CERTCHANGE_REASON_SUPERCEDED = 0x5, - /* certificate holder as issued a new, superceding - certificate */ - CSSM_TP_CERTCHANGE_REASON_SUSPECTEDCOMPROMISE = 0x6, - /* certificate could be compromised */ - CSSM_TP_CERTCHANGE_REASON_HOLDRELEASE = 0x7 - /* certificate holder resumes operation under the - jurisdiction of this certificate */ -}; - -typedef struct cssm_tp_certchange_input { - CSSM_TP_CERTCHANGE_ACTION Action; - CSSM_TP_CERTCHANGE_REASON Reason; - CSSM_CL_HANDLE CLHandle; - CSSM_DATA_PTR Cert; - CSSM_FIELD_PTR ChangeInfo; - CSSM_TIMESTRING StartTime; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; -} CSSM_TP_CERTCHANGE_INPUT, *CSSM_TP_CERTCHANGE_INPUT_PTR; - -typedef uint32 CSSM_TP_CERTCHANGE_STATUS; -enum { - CSSM_TP_CERTCHANGE_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CERTCHANGE_OK = 0x1, - /* cert state was successfully changed - beginning at the specified time */ - CSSM_TP_CERTCHANGE_OKWITHNEWTIME = 0x2, - /* cert state was successfully changed, - at a modified effective time */ - CSSM_TP_CERTCHANGE_WRONGCA = 0x3, - /* cert state was not changed, the - selected CA is not authorized to - change the cert state */ - CSSM_TP_CERTCHANGE_REJECTED = 0x4, - /* cert state was not changed due to some - error condition */ - CSSM_TP_CERTCHANGE_NOT_AUTHORIZED = 0x5 - /* cert state was not changed, the - requester is not authorized to change - the cert state */ -}; - -typedef struct cssm_tp_certchange_output { - CSSM_TP_CERTCHANGE_STATUS ActionStatus; - CSSM_FIELD RevokeInfo; -} CSSM_TP_CERTCHANGE_OUTPUT, *CSSM_TP_CERTCHANGE_OUTPUT_PTR; - -typedef struct cssm_tp_certverify_input { - CSSM_CL_HANDLE CLHandle; - CSSM_DATA_PTR Cert; - CSSM_TP_VERIFY_CONTEXT_PTR VerifyContext; -} CSSM_TP_CERTVERIFY_INPUT, *CSSM_TP_CERTVERIFY_INPUT_PTR; - -typedef uint32 CSSM_TP_CERTVERIFY_STATUS; -enum { - CSSM_TP_CERTVERIFY_UNKNOWN = 0x0, - CSSM_TP_CERTVERIFY_VALID = 0x1, - CSSM_TP_CERTVERIFY_INVALID = 0x2, - CSSM_TP_CERTVERIFY_REVOKED = 0x3, - CSSM_TP_CERTVERIFY_SUSPENDED = 0x4, - CSSM_TP_CERTVERIFY_EXPIRED = 0x5, - CSSM_TP_CERTVERIFY_NOT_VALID_YET = 0x6, - CSSM_TP_CERTVERIFY_INVALID_AUTHORITY = 0x7, - CSSM_TP_CERTVERIFY_INVALID_SIGNATURE = 0x8, - CSSM_TP_CERTVERIFY_INVALID_CERT_VALUE = 0x9, - CSSM_TP_CERTVERIFY_INVALID_CERTGROUP = 0xA, - CSSM_TP_CERTVERIFY_INVALID_POLICY = 0xB, - CSSM_TP_CERTVERIFY_INVALID_POLICY_IDS = 0xC, - CSSM_TP_CERTVERIFY_INVALID_BASIC_CONSTRAINTS = 0xD, - CSSM_TP_CERTVERIFY_INVALID_CRL_DIST_PT = 0xE, - CSSM_TP_CERTVERIFY_INVALID_NAME_TREE = 0xF, - CSSM_TP_CERTVERIFY_UNKNOWN_CRITICAL_EXT = 0x10 -}; - -typedef struct cssm_tp_certverify_output { - CSSM_TP_CERTVERIFY_STATUS VerifyStatus; - uint32 NumberOfEvidence; - CSSM_EVIDENCE_PTR Evidence; -} CSSM_TP_CERTVERIFY_OUTPUT, *CSSM_TP_CERTVERIFY_OUTPUT_PTR; - -typedef struct cssm_tp_certnotarize_input { - CSSM_CL_HANDLE CLHandle; - uint32 NumberOfFields; - CSSM_FIELD_PTR MoreFields; - CSSM_FIELD_PTR SignScope; - uint32 ScopeSize; - CSSM_TP_SERVICES MoreServiceRequests; - uint32 NumberOfServiceControls; - CSSM_FIELD_PTR ServiceControls; - CSSM_ACCESS_CREDENTIALS_PTR UserCredentials; -} CSSM_TP_CERTNOTARIZE_INPUT, *CSSM_TP_CERTNOTARIZE_INPUT_PTR; - -typedef uint32 CSSM_TP_CERTNOTARIZE_STATUS; -enum { - CSSM_TP_CERTNOTARIZE_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CERTNOTARIZE_OK = 0x1, - /* cert fields were added and the result was - notarized as requested */ - CSSM_TP_CERTNOTARIZE_OKWITHOUTFIELDS = 0x2, - /* non-conflicting cert fields were added, - conflicting cert fields were ignored, - and the result was notarized as requested */ - CSSM_TP_CERTNOTARIZE_OKWITHSERVICEMODS = 0x3, - /* cert fields were added and the result was - notarized as requested, but some requested - backend services were not performed by the - notary */ - CSSM_TP_CERTNOTARIZE_REJECTED = 0x4, - /* cert was not notarized due to some error - condition */ - CSSM_TP_CERTNOTARIZE_NOT_AUTHORIZED = 0x5 - /* cert was not notarized, the request was - not authorized */ -}; - -typedef struct cssm_tp_certnotarize_output { - CSSM_TP_CERTNOTARIZE_STATUS NotarizeStatus; - CSSM_CERTGROUP_PTR NotarizedCertGroup; - CSSM_TP_SERVICES PerformedServiceRequests; -} CSSM_TP_CERTNOTARIZE_OUTPUT, *CSSM_TP_CERTNOTARIZE_OUTPUT_PTR; - -typedef struct cssm_tp_certreclaim_input { - CSSM_CL_HANDLE CLHandle; - uint32 NumberOfSelectionFields; - CSSM_FIELD_PTR SelectionFields; - CSSM_ACCESS_CREDENTIALS_PTR UserCredentials; -} CSSM_TP_CERTRECLAIM_INPUT, *CSSM_TP_CERTRECLAIM_INPUT_PTR; - -typedef uint32 CSSM_TP_CERTRECLAIM_STATUS; -enum { - CSSM_TP_CERTRECLAIM_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CERTRECLAIM_OK = 0x1, - /* a set of one or more certificates were - returned by the CA for local recovery - of the associated private key */ - CSSM_TP_CERTRECLAIM_NOMATCH = 0x2, - /* no certificates owned by the requester - were found matching the specified - selection fields */ - CSSM_TP_CERTRECLAIM_REJECTED = 0x3, - /* certificate reclamation failed due - to some error condition */ - CSSM_TP_CERTRECLAIM_NOT_AUTHORIZED = 0x4 - /* certificate reclamation was not - performed, the request was not - authorized */ -}; - -typedef struct cssm_tp_certreclaim_output { - CSSM_TP_CERTRECLAIM_STATUS ReclaimStatus; - CSSM_CERTGROUP_PTR ReclaimedCertGroup; - CSSM_LONG_HANDLE KeyCacheHandle; -} CSSM_TP_CERTRECLAIM_OUTPUT, *CSSM_TP_CERTRECLAIM_OUTPUT_PTR; - -typedef struct cssm_tp_crlissue_input { - CSSM_CL_HANDLE CLHandle; - uint32 CrlIdentifier; - CSSM_TIMESTRING CrlThisTime; - CSSM_FIELD_PTR PolicyIdentifier; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; -} CSSM_TP_CRLISSUE_INPUT, *CSSM_TP_CRLISSUE_INPUT_PTR; - -typedef uint32 CSSM_TP_CRLISSUE_STATUS; -enum { - CSSM_TP_CRLISSUE_STATUS_UNKNOWN = 0x0, - /* indeterminate */ - CSSM_TP_CRLISSUE_OK = 0x1, - /* a copy of the most current CRL was - issued as requested and the time for - issuing the next CRL is also returned */ - CSSM_TP_CRLISSUE_NOT_CURRENT = 0x2, - /* either no CRL has been issued since - the CRL identified in the request, or - it is not time to issue an updated CRL. - no CRL has been returned, but the time - for issuing the next CRL is included - in the results */ - CSSM_TP_CRLISSUE_INVALID_DOMAIN = 0x3, - /* CRL domain was not recognized or was - outside the CA jurisdiction, no CRL or - time for the next CRL has been - returned. */ - CSSM_TP_CRLISSUE_UNKNOWN_IDENTIFIER = 0x4, - /* unrecognized CRL identifier, no CRL or - time for the next CRL has been - returned. */ - CSSM_TP_CRLISSUE_REJECTED = 0x5, - /* CRL was not issued due to some error - condition, no CRL or time for the next - CRL has been returned. */ - CSSM_TP_CRLISSUE_NOT_AUTHORIZED = 0x6 - /* CRL was not issued, the request was - not authorized, no CRL or time for the - next CRL has been returned. */ -}; - -typedef struct cssm_tp_crlissue_output { - CSSM_TP_CRLISSUE_STATUS IssueStatus; - CSSM_ENCODED_CRL_PTR Crl; - CSSM_TIMESTRING CrlNextTime; -} CSSM_TP_CRLISSUE_OUTPUT, *CSSM_TP_CRLISSUE_OUTPUT_PTR; - -typedef uint32 CSSM_TP_FORM_TYPE; -enum { - CSSM_TP_FORM_TYPE_GENERIC = 0x0, - CSSM_TP_FORM_TYPE_REGISTRATION = 0x1 -}; - -/* Data Types for Certificate Library Services */ - -typedef uint32 CSSM_CL_TEMPLATE_TYPE; -enum { - CSSM_CL_TEMPLATE_INTERMEDIATE_CERT = 1, - /* for X509 certificates, a fully-formed - encoded certificate with empty signature field */ - CSSM_CL_TEMPLATE_PKIX_CERTTEMPLATE = 2 - /* as defined in RFC2511, section 5 CertTemplate */ -}; - -typedef uint32 CSSM_CERT_BUNDLE_TYPE; -enum { - CSSM_CERT_BUNDLE_UNKNOWN = 0x00, - CSSM_CERT_BUNDLE_CUSTOM = 0x01, - CSSM_CERT_BUNDLE_PKCS7_SIGNED_DATA = 0x02, - CSSM_CERT_BUNDLE_PKCS7_SIGNED_ENVELOPED_DATA = 0x03, - CSSM_CERT_BUNDLE_PKCS12 = 0x04, - CSSM_CERT_BUNDLE_PFX = 0x05, - CSSM_CERT_BUNDLE_SPKI_SEQUENCE = 0x06, - CSSM_CERT_BUNDLE_PGP_KEYRING = 0x07, - CSSM_CERT_BUNDLE_LAST = 0x7FFF, - /* Applications wishing to define their own custom certificate - bundle type should define and publicly document a uint32 - value greater than CSSM_CL_CUSTOM_CERT_BUNDLE_TYPE */ - CSSM_CL_CUSTOM_CERT_BUNDLE_TYPE = 0x8000 -}; - -typedef uint32 CSSM_CERT_BUNDLE_ENCODING; -enum { - CSSM_CERT_BUNDLE_ENCODING_UNKNOWN = 0x00, - CSSM_CERT_BUNDLE_ENCODING_CUSTOM = 0x01, - CSSM_CERT_BUNDLE_ENCODING_BER = 0x02, - CSSM_CERT_BUNDLE_ENCODING_DER = 0x03, - CSSM_CERT_BUNDLE_ENCODING_SEXPR = 0x04, - CSSM_CERT_BUNDLE_ENCODING_PGP = 0x05 -}; - -typedef struct cssm_cert_bundle_header { - CSSM_CERT_BUNDLE_TYPE BundleType; - CSSM_CERT_BUNDLE_ENCODING BundleEncoding; -} CSSM_CERT_BUNDLE_HEADER, *CSSM_CERT_BUNDLE_HEADER_PTR; - -typedef struct cssm_cert_bundle { - CSSM_CERT_BUNDLE_HEADER BundleHeader; - CSSM_DATA Bundle; -} CSSM_CERT_BUNDLE, *CSSM_CERT_BUNDLE_PTR; - -enum { - CSSM_FIELDVALUE_COMPLEX_DATA_TYPE = 0xFFFFFFFF -}; - -/* Data Types for Data Storage Library Services */ - -typedef uint32 CSSM_DB_ATTRIBUTE_NAME_FORMAT, *CSSM_DB_ATTRIBUTE_NAME_FORMAT_PTR; -enum { - CSSM_DB_ATTRIBUTE_NAME_AS_STRING = 0, - CSSM_DB_ATTRIBUTE_NAME_AS_OID = 1, - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER = 2 -}; - -typedef uint32 CSSM_DB_ATTRIBUTE_FORMAT, *CSSM_DB_ATTRIBUTE_FORMAT_PTR; -enum { - CSSM_DB_ATTRIBUTE_FORMAT_STRING = 0, - CSSM_DB_ATTRIBUTE_FORMAT_SINT32 = 1, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 = 2, - CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM = 3, - CSSM_DB_ATTRIBUTE_FORMAT_REAL = 4, - CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE = 5, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB = 6, - CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32 = 7, - CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX = 8 -}; - -typedef struct cssm_db_attribute_info { - CSSM_DB_ATTRIBUTE_NAME_FORMAT AttributeNameFormat; - union cssm_db_attribute_label { - char *AttributeName; /* e.g., "record label" */ - CSSM_OID AttributeOID; /* e.g., CSSMOID_RECORDLABEL */ - uint32 AttributeID; /* e.g., FOUR_CHAR_CODE('recl') */ - } Label; - CSSM_DB_ATTRIBUTE_FORMAT AttributeFormat; -} CSSM_DB_ATTRIBUTE_INFO, *CSSM_DB_ATTRIBUTE_INFO_PTR; - -typedef struct cssm_db_attribute_data { - CSSM_DB_ATTRIBUTE_INFO Info; - uint32 NumberOfValues; - CSSM_DATA_PTR Value; -} CSSM_DB_ATTRIBUTE_DATA, *CSSM_DB_ATTRIBUTE_DATA_PTR; - -typedef uint32 CSSM_DB_RECORDTYPE; -enum { - /* Schema Management Name Space Range Definition*/ - CSSM_DB_RECORDTYPE_SCHEMA_START = 0x00000000, - CSSM_DB_RECORDTYPE_SCHEMA_END = CSSM_DB_RECORDTYPE_SCHEMA_START + 4, - /* Open Group Application Name Space Range Definition*/ - CSSM_DB_RECORDTYPE_OPEN_GROUP_START = 0x0000000A, - CSSM_DB_RECORDTYPE_OPEN_GROUP_END = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 8, - /* Industry At Large Application Name Space Range Definition */ - CSSM_DB_RECORDTYPE_APP_DEFINED_START = 0x80000000, - CSSM_DB_RECORDTYPE_APP_DEFINED_END = 0xffffffff, - /* Record Types defined in the Schema Management Name Space */ - CSSM_DL_DB_SCHEMA_INFO = CSSM_DB_RECORDTYPE_SCHEMA_START + 0, - CSSM_DL_DB_SCHEMA_INDEXES = CSSM_DB_RECORDTYPE_SCHEMA_START + 1, - CSSM_DL_DB_SCHEMA_ATTRIBUTES = CSSM_DB_RECORDTYPE_SCHEMA_START + 2, - CSSM_DL_DB_SCHEMA_PARSING_MODULE = CSSM_DB_RECORDTYPE_SCHEMA_START + 3, - /* Record Types defined in the Open Group Application Name Space */ - CSSM_DL_DB_RECORD_ANY = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 0, - CSSM_DL_DB_RECORD_CERT = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 1, - CSSM_DL_DB_RECORD_CRL = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 2, - CSSM_DL_DB_RECORD_POLICY = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 3, - CSSM_DL_DB_RECORD_GENERIC = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 4, - CSSM_DL_DB_RECORD_PUBLIC_KEY = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 5, - CSSM_DL_DB_RECORD_PRIVATE_KEY = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 6, - CSSM_DL_DB_RECORD_SYMMETRIC_KEY = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 7, - CSSM_DL_DB_RECORD_ALL_KEYS = CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 8 -}; - -enum { - CSSM_DB_CERT_USE_TRUSTED = 0x00000001, /* application-defined as trusted */ - CSSM_DB_CERT_USE_SYSTEM = 0x00000002, /* the CSSM system cert */ - CSSM_DB_CERT_USE_OWNER = 0x00000004, /* private key owned by system user*/ - CSSM_DB_CERT_USE_REVOKED = 0x00000008, /* revoked cert -15913 used w CRL APIs */ - CSSM_DB_CERT_USE_SIGNING = 0x00000010, /* use cert for signing only */ - CSSM_DB_CERT_USE_PRIVACY = 0x00000020 /* use cert for confidentiality only */ -}; - -typedef struct cssm_db_record_attribute_info { - CSSM_DB_RECORDTYPE DataRecordType; - uint32 NumberOfAttributes; - CSSM_DB_ATTRIBUTE_INFO_PTR AttributeInfo; -} CSSM_DB_RECORD_ATTRIBUTE_INFO, *CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR; - -typedef struct cssm_db_record_attribute_data { - CSSM_DB_RECORDTYPE DataRecordType; - uint32 SemanticInformation; - uint32 NumberOfAttributes; - CSSM_DB_ATTRIBUTE_DATA_PTR AttributeData; -} CSSM_DB_RECORD_ATTRIBUTE_DATA, *CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR; - -typedef struct cssm_db_parsing_module_info { - CSSM_DB_RECORDTYPE RecordType; - CSSM_SUBSERVICE_UID ModuleSubserviceUid; -} CSSM_DB_PARSING_MODULE_INFO, *CSSM_DB_PARSING_MODULE_INFO_PTR; - -typedef uint32 CSSM_DB_INDEX_TYPE; -enum { - CSSM_DB_INDEX_UNIQUE = 0, - CSSM_DB_INDEX_NONUNIQUE = 1 -}; - -typedef uint32 CSSM_DB_INDEXED_DATA_LOCATION; -enum { - CSSM_DB_INDEX_ON_UNKNOWN = 0, - CSSM_DB_INDEX_ON_ATTRIBUTE = 1, - CSSM_DB_INDEX_ON_RECORD = 2 -}; - -typedef struct cssm_db_index_info { - CSSM_DB_INDEX_TYPE IndexType; - CSSM_DB_INDEXED_DATA_LOCATION IndexedDataLocation; - CSSM_DB_ATTRIBUTE_INFO Info; -} CSSM_DB_INDEX_INFO, *CSSM_DB_INDEX_INFO_PTR; - -typedef struct cssm_db_unique_record { - CSSM_DB_INDEX_INFO RecordLocator; - CSSM_DATA RecordIdentifier; -} CSSM_DB_UNIQUE_RECORD, *CSSM_DB_UNIQUE_RECORD_PTR; - -typedef struct cssm_db_record_index_info { - CSSM_DB_RECORDTYPE DataRecordType; - uint32 NumberOfIndexes; - CSSM_DB_INDEX_INFO_PTR IndexInfo; -} CSSM_DB_RECORD_INDEX_INFO, *CSSM_DB_RECORD_INDEX_INFO_PTR; - -typedef uint32 CSSM_DB_ACCESS_TYPE, *CSSM_DB_ACCESS_TYPE_PTR; -enum { - CSSM_DB_ACCESS_READ = 0x00001, - CSSM_DB_ACCESS_WRITE = 0x00002, - CSSM_DB_ACCESS_PRIVILEGED = 0x00004 /* versus user mode */ -}; - -typedef uint32 CSSM_DB_MODIFY_MODE; -enum { - CSSM_DB_MODIFY_ATTRIBUTE_NONE = 0, - CSSM_DB_MODIFY_ATTRIBUTE_ADD = CSSM_DB_MODIFY_ATTRIBUTE_NONE + 1, - CSSM_DB_MODIFY_ATTRIBUTE_DELETE = CSSM_DB_MODIFY_ATTRIBUTE_NONE + 2, - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE = CSSM_DB_MODIFY_ATTRIBUTE_NONE + 3 -}; - -typedef struct cssm_dbinfo { - /* meta information about each record type stored in this - data store including meta information about record - attributes and indexes */ - uint32 NumberOfRecordTypes; - CSSM_DB_PARSING_MODULE_INFO_PTR DefaultParsingModules; - CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR RecordAttributeNames; - CSSM_DB_RECORD_INDEX_INFO_PTR RecordIndexes; - /* access restrictions for opening this data store */ - CSSM_BOOL IsLocal; - char *AccessPath; /* URL, dir path, etc. */ - void *Reserved; -} CSSM_DBINFO, *CSSM_DBINFO_PTR; - -typedef uint32 CSSM_DB_OPERATOR, *CSSM_DB_OPERATOR_PTR; -enum { - CSSM_DB_EQUAL = 0, - CSSM_DB_NOT_EQUAL = 1, - CSSM_DB_LESS_THAN = 2, - CSSM_DB_GREATER_THAN = 3, - CSSM_DB_CONTAINS = 4, - CSSM_DB_CONTAINS_INITIAL_SUBSTRING = 5, - CSSM_DB_CONTAINS_FINAL_SUBSTRING = 6 -}; - -typedef uint32 CSSM_DB_CONJUNCTIVE, *CSSM_DB_CONJUNCTIVE_PTR; -enum { - CSSM_DB_NONE = 0, - CSSM_DB_AND = 1, - CSSM_DB_OR = 2 -}; - -typedef struct cssm_selection_predicate { - CSSM_DB_OPERATOR DbOperator; - CSSM_DB_ATTRIBUTE_DATA Attribute; -} CSSM_SELECTION_PREDICATE, *CSSM_SELECTION_PREDICATE_PTR; - -enum { - CSSM_QUERY_TIMELIMIT_NONE = 0 -}; - -enum { - CSSM_QUERY_SIZELIMIT_NONE = 0 -}; - -typedef struct cssm_query_limits { - uint32 TimeLimit; /* in seconds */ - uint32 SizeLimit; /* max. number of records to return */ -} CSSM_QUERY_LIMITS, *CSSM_QUERY_LIMITS_PTR; - -typedef uint32 CSSM_QUERY_FLAGS; -enum { - CSSM_QUERY_RETURN_DATA = 0x01 -}; - -typedef struct cssm_query { - CSSM_DB_RECORDTYPE RecordType; - CSSM_DB_CONJUNCTIVE Conjunctive; - uint32 NumSelectionPredicates; - CSSM_SELECTION_PREDICATE_PTR SelectionPredicate; - CSSM_QUERY_LIMITS QueryLimits; - CSSM_QUERY_FLAGS QueryFlags; -} CSSM_QUERY, *CSSM_QUERY_PTR; - -typedef uint32 CSSM_DLTYPE, *CSSM_DLTYPE_PTR; -enum { - CSSM_DL_UNKNOWN = 0, - CSSM_DL_CUSTOM = 1, - CSSM_DL_LDAP = 2, - CSSM_DL_ODBC = 3, - CSSM_DL_PKCS11 = 4, - CSSM_DL_FFS = 5, /* flat file system */ - CSSM_DL_MEMORY = 6, - CSSM_DL_REMOTEDIR = 7 -}; - -typedef void *CSSM_DL_CUSTOM_ATTRIBUTES; -typedef void *CSSM_DL_LDAP_ATTRIBUTES; -typedef void *CSSM_DL_ODBC_ATTRIBUTES; -typedef void *CSSM_DL_FFS_ATTRIBUTES; - -typedef struct cssm_dl_pkcs11_attributes { - uint32 DeviceAccessFlags; -} *CSSM_DL_PKCS11_ATTRIBUTE, *CSSM_DL_PKCS11_ATTRIBUTE_PTR; - -enum { - CSSM_DB_DATASTORES_UNKNOWN = 0xFFFFFFFF -}; - -typedef struct cssm_name_list { - uint32 NumStrings; - char **String; -} CSSM_NAME_LIST, *CSSM_NAME_LIST_PTR; - -typedef uint32 CSSM_DB_RETRIEVAL_MODES; -enum { - CSSM_DB_TRANSACTIONAL_MODE = 0, - CSSM_DB_FILESYSTEMSCAN_MODE = 1 -}; - -typedef struct cssm_db_schema_attribute_info { - uint32 AttributeId; - char *AttributeName; - CSSM_OID AttributeNameID; - CSSM_DB_ATTRIBUTE_FORMAT DataType; -} CSSM_DB_SCHEMA_ATTRIBUTE_INFO, *CSSM_DB_SCHEMA_ATTRIBUTE_INFO_PTR; - -typedef struct cssm_db_schema_index_info { - uint32 AttributeId; - uint32 IndexId; - CSSM_DB_INDEX_TYPE IndexType; - CSSM_DB_INDEXED_DATA_LOCATION IndexedDataLocation; -} CSSM_DB_SCHEMA_INDEX_INFO, *CSSM_DB_SCHEMA_INDEX_INFO_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _CSSMTYPE_H_ */ diff --git a/cdsa/cdsa/eisl.h b/cdsa/cdsa/eisl.h deleted file mode 100644 index f6eebc5d..00000000 --- a/cdsa/cdsa/eisl.h +++ /dev/null @@ -1,327 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: eisl.h - - Contains: Embedded Integrity Services Library Interface - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _EISL_H_ -#define _EISL_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Data Types for Embedded Integrity Services Library */ - -typedef const void *ISL_ITERATOR_PTR; - -typedef const void *ISL_VERIFIED_SIGNATURE_ROOT_PTR; - -typedef const void *ISL_VERIFIED_CERTIFICATE_CHAIN_PTR; - -typedef const void *ISL_VERIFIED_CERTIFICATE_PTR; - -typedef const void *ISL_MANIFEST_SECTION_PTR; - -typedef const void *ISL_VERIFIED_MODULE_PTR; - -typedef void (*ISL_FUNCTION_PTR)(void); - -typedef struct isl_data { - uint32 Length; /* in bytes */ - uint8 *Data; -} ISL_DATA, *ISL_DATA_PTR; - -typedef struct isl_const_data { - uint32 Length; /* in bytes */ - const uint8 *Data; -} ISL_CONST_DATA, *ISL_CONST_DATA_PTR; - -typedef enum isl_status { - ISL_OK = 0, - ISL_FAIL = -1 -} ISL_STATUS; - - -/* Embedded Integrity Services Library Functions */ - -ISL_VERIFIED_MODULE_PTR -EISL_SelfCheck (); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyAndLoadModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyAndLoadModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA Certificate); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyAndLoadModuleAndCredentials (ISL_CONST_DATA Credentials, - ISL_CONST_DATA Name, - ISL_CONST_DATA Signer, - ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyAndLoadModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA Certificate); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyLoadedModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyLoadedModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA Certificate); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyLoadedModuleAndCredentials (ISL_CONST_DATA Credentials, - ISL_CONST_DATA Name, - ISL_CONST_DATA Signer, - ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyLoadedModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, - const ISL_CONST_DATA Name, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA Certificate); - -ISL_VERIFIED_CERTIFICATE_CHAIN_PTR -EISL_GetCertificateChain (ISL_VERIFIED_MODULE_PTR Module); - -uint32 -EISL_ContinueVerification (ISL_VERIFIED_MODULE_PTR Module, - uint32 WorkFactor); - -ISL_VERIFIED_MODULE_PTR -EISL_DuplicateVerifiedModulePtr (ISL_VERIFIED_MODULE_PTR Module); - -ISL_STATUS -EISL_RecycleVerifiedModuleCredentials (ISL_VERIFIED_MODULE_PTR Verification); - - -/* Signature Root Methods */ - -ISL_VERIFIED_SIGNATURE_ROOT_PTR -EISL_CreateVerifiedSignatureRootWithCredentialData (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - const ISL_CONST_DATA Signer, - const ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_SIGNATURE_ROOT_PTR -EISL_CreateVerifiedSignatureRootWithCredentialDataAndCertificate (const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath, - ISL_VERIFIED_CERTIFICATE_PTR Cert); - -ISL_VERIFIED_SIGNATURE_ROOT_PTR -EISL_CreateVerfiedSignatureRoot (ISL_CONST_DATA Credentials, - ISL_CONST_DATA Signer, - ISL_CONST_DATA PublicKey); - -ISL_VERIFIED_SIGNATURE_ROOT_PTR -EISL_CreateVerfiedSignatureRootWithCertificate (ISL_CONST_DATA Credentials, - ISL_VERIFIED_CERTIFICATE_PTR Cert); - -ISL_MANIFEST_SECTION_PTR -EISL_FindManifestSection (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, - ISL_CONST_DATA Name); - -ISL_ITERATOR_PTR -EISL_CreateManifestSectionEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); - -ISL_MANIFEST_SECTION_PTR -EISL_GetNextManifestSection (ISL_ITERATOR_PTR Iterator); - -ISL_STATUS -EISL_RecycleManifestSectionEnumerator (ISL_ITERATOR_PTR Iterator); - -ISL_STATUS -EISL_FindManifestAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, - ISL_CONST_DATA Name, - ISL_CONST_DATA_PTR Value); - -ISL_ITERATOR_PTR -EISL_CreateManifestAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); - -ISL_STATUS -EISL_FindSignerInfoAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, - ISL_CONST_DATA Name, - ISL_CONST_DATA_PTR Value); - -ISL_ITERATOR_PTR -EISL_CreateSignerInfoAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); - -ISL_STATUS -EISL_GetNextAttribute (ISL_ITERATOR_PTR Iterator, - ISL_CONST_DATA_PTR Name, - ISL_CONST_DATA_PTR Value); - -ISL_STATUS -EISL_RecycleAttributeEnumerator (ISL_ITERATOR_PTR Iterator); - -ISL_STATUS -EISL_FindSignatureAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, - ISL_CONST_DATA Name, - ISL_CONST_DATA_PTR Value); - -ISL_ITERATOR_PTR -EISL_CreateSignatureAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); - -ISL_STATUS -EISL_GetNextSignatureAttribute (ISL_ITERATOR_PTR Iterator, - ISL_CONST_DATA_PTR Name, - ISL_CONST_DATA_PTR Value); - -ISL_STATUS -EISL_RecycleSignatureAttributeEnumerator (ISL_ITERATOR_PTR Iterator); - -ISL_STATUS -EISL_RecycleVerifiedSignatureRoot (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); - - -/* Certificate Chain Methods */ - -const ISL_VERIFIED_CERTIFICATE_CHAIN_PTR -EISL_CreateCertificateChainWithCredentialData (const ISL_CONST_DATA RootIssuer, - const ISL_CONST_DATA PublicKey, - const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath); - -ISL_VERIFIED_CERTIFICATE_CHAIN_PTR -EISL_CreateCertificateChainWithCredentialDataAndCertificate (const ISL_CONST_DATA Certificate, - const ISL_CONST_DATA CredentialsImage, - const ISL_CONST_DATA ModuleSearchPath); - -ISL_VERIFIED_CERTIFICATE_CHAIN_PTR -EISL_CreateCertificateChain (ISL_CONST_DATA RootIssuer, - ISL_CONST_DATA PublicKey, - ISL_CONST_DATA Credential); - -ISL_VERIFIED_CERTIFICATE_CHAIN_PTR -EISL_CreateCertificateChainWithCertificate (const ISL_CONST_DATA Certificate, - const ISL_CONST_DATA Credential); - -uint32 -EISL_CopyCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Verification, - ISL_VERIFIED_CERTIFICATE_PTR Certs[], - uint32 MaxCertificates); - -ISL_STATUS -EISL_RecycleVerifiedCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Chain); - - -/* Certificate Attribute Methods */ - -ISL_STATUS -EISL_FindCertificateAttribute (ISL_VERIFIED_CERTIFICATE_PTR Cert, - ISL_CONST_DATA Name, - ISL_CONST_DATA_PTR Value); - -ISL_ITERATOR_PTR -EISL_CreateCertificateAttributeEnumerator (ISL_VERIFIED_CERTIFICATE_PTR Cert); - -ISL_STATUS -EISL_GetNextCertificateAttribute (ISL_ITERATOR_PTR CertIterator, - ISL_CONST_DATA_PTR Name, - ISL_CONST_DATA_PTR Value); - -ISL_STATUS -EISL_RecycleCertificateAttributeEnumerator (ISL_ITERATOR_PTR CertIterator); - - -/* Manifest Section Object Methods */ - -ISL_VERIFIED_SIGNATURE_ROOT_PTR -EISL_GetManifestSignatureRoot (ISL_MANIFEST_SECTION_PTR Section); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyAndLoadModule (ISL_MANIFEST_SECTION_PTR Section); - -ISL_VERIFIED_MODULE_PTR -EISL_VerifyLoadedModule (ISL_MANIFEST_SECTION_PTR Section); - -ISL_STATUS -EISL_FindManifestSectionAttribute (ISL_MANIFEST_SECTION_PTR Section, - ISL_CONST_DATA Name, - ISL_CONST_DATA_PTR Value); - -ISL_ITERATOR_PTR -EISL_CreateManifestSectionAttributeEnumerator (ISL_MANIFEST_SECTION_PTR Section); - -ISL_STATUS -EISL_GetNextManifestSectionAttribute (ISL_ITERATOR_PTR Iterator, - ISL_CONST_DATA_PTR Name, - ISL_CONST_DATA_PTR Value); - -ISL_STATUS -EISL_RecycleManifestSectionAttributeEnumerator (ISL_ITERATOR_PTR Iterator); - -ISL_MANIFEST_SECTION_PTR -EISL_GetModuleManifestSection (ISL_VERIFIED_MODULE_PTR Module); - - -/* Secure Linkage Services */ - -ISL_FUNCTION_PTR -EISL_LocateProcedureAddress (ISL_VERIFIED_MODULE_PTR Module, - ISL_CONST_DATA Name); - -#ifdef MACOSX -#define EISL_GetReturnAddress(Address) \ -{\ - /* Platform specific code in here */ -} -#endif - -ISL_STATUS -EISL_CheckAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, - ISL_FUNCTION_PTR Address); - -ISL_STATUS -EISL_CheckDataAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, - const void *Address); - -void * -EISL_GetLibHandle (ISL_VERIFIED_MODULE_PTR Verification); - -#ifdef __cplusplus -} -#endif - -#endif /* _EISL_H_ */ diff --git a/cdsa/cdsa/emmspi.h b/cdsa/cdsa/emmspi.h deleted file mode 100644 index 60bc25a6..00000000 --- a/cdsa/cdsa/emmspi.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: emmspi.h - - Contains: Service Provider Interface for Elective Module Managers - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _EMMSPI_H_ -#define _EMMSPI_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cssm_state_funcs { - CSSM_RETURN (CSSMAPI *cssm_GetAttachFunctions) - (CSSM_MODULE_HANDLE hAddIn, - CSSM_SERVICE_MASK AddinType, - void **SPFunctions, - CSSM_GUID_PTR Guid, - CSSM_BOOL *Serialized); - CSSM_RETURN (CSSMAPI *cssm_ReleaseAttachFunctions) - (CSSM_MODULE_HANDLE hAddIn); - CSSM_RETURN (CSSMAPI *cssm_GetAppMemoryFunctions) - (CSSM_MODULE_HANDLE hAddIn, - CSSM_UPCALLS_PTR UpcallTable); - CSSM_RETURN (CSSMAPI *cssm_IsFuncCallValid) - (CSSM_MODULE_HANDLE hAddin, - CSSM_PROC_ADDR SrcAddress, - CSSM_PROC_ADDR DestAddress, - CSSM_PRIVILEGE InPriv, - CSSM_PRIVILEGE *OutPriv, - CSSM_BITMASK Hints, - CSSM_BOOL *IsOK); - CSSM_RETURN (CSSMAPI *cssm_DeregisterManagerServices) - (const CSSM_GUID *GUID); - CSSM_RETURN (CSSMAPI *cssm_DeliverModuleManagerEvent) - (const CSSM_MANAGER_EVENT_NOTIFICATION *EventDescription); -} CSSM_STATE_FUNCS, *CSSM_STATE_FUNCS_PTR; - -typedef struct cssm_manager_registration_info { - /* loading, unloading, dispatch table, and event notification */ - CSSM_RETURN (CSSMAPI *Initialize) - (uint32 VerMajor, - uint32 VerMinor); - CSSM_RETURN (CSSMAPI *Terminate) (void); - CSSM_RETURN (CSSMAPI *RegisterDispatchTable) - (CSSM_STATE_FUNCS_PTR CssmStateCallTable); - CSSM_RETURN (CSSMAPI *DeregisterDispatchTable) (void); - CSSM_RETURN (CSSMAPI *EventNotifyManager) - (const CSSM_MANAGER_EVENT_NOTIFICATION *EventDescription); - CSSM_RETURN (CSSMAPI *RefreshFunctionTable) - (CSSM_FUNC_NAME_ADDR_PTR FuncNameAddrPtr, - uint32 NumOfFuncNameAddr); -} CSSM_MANAGER_REGISTRATION_INFO, *CSSM_MANAGER_REGISTRATION_INFO_PTR; - -enum { - CSSM_HINT_NONE = 0, - CSSM_HINT_ADDRESS_APP = 1 << 0, - CSSM_HINT_ADDRESS_SP = 1 << 1 -}; - -CSSM_RETURN CSSMAPI -ModuleManagerAuthenticate (CSSM_KEY_HIERARCHY KeyHierarchy, - const CSSM_GUID *CssmGuid, - const CSSM_GUID *AppGuid, - CSSM_MANAGER_REGISTRATION_INFO_PTR FunctionTable); - -#ifdef __cplusplus -} -#endif - -#endif /* _EMMSPI_H_ */ diff --git a/cdsa/cdsa/emmtype.h b/cdsa/cdsa/emmtype.h deleted file mode 100644 index 3c4271f4..00000000 --- a/cdsa/cdsa/emmtype.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: emmtype.h - - Contains: Data Structures for Elective Module Managers - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _EMMTYPE_H_ -#define _EMMTYPE_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define CSSM_HINT_CALLBACK (1) - -typedef uint32 CSSM_MANAGER_EVENT_TYPES; -#define CSSM_MANAGER_SERVICE_REQUEST 1 -#define CSSM_MANAGER_REPLY 2 - -typedef struct cssm_manager_event_notification { - CSSM_SERVICE_MASK DestinationModuleManagerType; - CSSM_SERVICE_MASK SourceModuleManagerType; - CSSM_MANAGER_EVENT_TYPES Event; - uint32 EventId; - CSSM_DATA EventData; -} CSSM_MANAGER_EVENT_NOTIFICATION, *CSSM_MANAGER_EVENT_NOTIFICATION_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _EMMTYPE_H_ */ diff --git a/cdsa/cdsa/mds.h b/cdsa/cdsa/mds.h deleted file mode 100644 index d9215c9d..00000000 --- a/cdsa/cdsa/mds.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: mds.h - - Contains: Module Directory Services Data Types and API. - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _MDS_H_ -#define _MDS_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef CSSM_DL_HANDLE MDS_HANDLE; - -typedef CSSM_DL_DB_HANDLE MDS_DB_HANDLE; - -typedef struct mds_funcs { - CSSM_RETURN (CSSMAPI *DbOpen) - (MDS_HANDLE MdsHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const void *OpenParameters, - CSSM_DB_HANDLE *hMds); - - CSSM_RETURN (CSSMAPI *DbClose) - (MDS_DB_HANDLE MdsDbHandle); - - CSSM_RETURN (CSSMAPI *GetDbNames) - (MDS_HANDLE MdsHandle, - CSSM_NAME_LIST_PTR *NameList); - - CSSM_RETURN (CSSMAPI *GetDbNameFromHandle) - (MDS_DB_HANDLE MdsDbHandle, - char **DbName); - - CSSM_RETURN (CSSMAPI *FreeNameList) - (MDS_HANDLE MdsHandle, - CSSM_NAME_LIST_PTR NameList); - - CSSM_RETURN (CSSMAPI *DataInsert) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *Attributes, - const CSSM_DATA *Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - - CSSM_RETURN (CSSMAPI *DataDelete) - (MDS_DB_HANDLE MdsDbHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecordIdentifier); - - CSSM_RETURN (CSSMAPI *DataModify) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *AttributesToBeModified, - const CSSM_DATA *DataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode); - - CSSM_RETURN (CSSMAPI *DataGetFirst) - (MDS_DB_HANDLE MdsDbHandle, - const CSSM_QUERY *Query, - CSSM_HANDLE_PTR ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - - CSSM_RETURN (CSSMAPI *DataGetNext) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data, - CSSM_DB_UNIQUE_RECORD_PTR *UniqueId); - - CSSM_RETURN (CSSMAPI *DataAbortQuery) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_HANDLE ResultsHandle); - - CSSM_RETURN (CSSMAPI *DataGetFromUniqueRecordId) - (MDS_DB_HANDLE MdsDbHandle, - const CSSM_DB_UNIQUE_RECORD *UniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CSSM_DATA_PTR Data); - - CSSM_RETURN (CSSMAPI *FreeUniqueRecord) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord); - - CSSM_RETURN (CSSMAPI *CreateRelation) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_DB_RECORDTYPE RelationID, - const char *RelationName, - uint32 NumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo, - uint32 NumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo); - - CSSM_RETURN (CSSMAPI *DestroyRelation) - (MDS_DB_HANDLE MdsDbHandle, - CSSM_DB_RECORDTYPE RelationID); -} MDS_FUNCS, *MDS_FUNCS_PTR; - - -/* MDS Context APIs */ - -CSSM_RETURN CSSMAPI -MDS_Initialize (const CSSM_GUID *pCallerGuid, - const CSSM_MEMORY_FUNCS *pMemoryFunctions, - MDS_FUNCS_PTR pDlFunctions, - MDS_HANDLE *hMds); - -CSSM_RETURN CSSMAPI -MDS_Terminate (MDS_HANDLE MdsHandle); - -CSSM_RETURN CSSMAPI -MDS_Install (MDS_HANDLE MdsHandle); - -CSSM_RETURN CSSMAPI -MDS_Uninstall (MDS_HANDLE MdsHandle); - -#ifdef __cplusplus -} -#endif - -#endif /* _MDS_H_ */ diff --git a/cdsa/cdsa/mds_schema.h b/cdsa/cdsa/mds_schema.h deleted file mode 100644 index 2c151180..00000000 --- a/cdsa/cdsa/mds_schema.h +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: mds_schema.h - - Contains: Module Directory Services Schema for CSSM. - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _MDS_SCHEMA_H_ -#define _MDS_SCHEMA_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Names of the databases supported by MDS. */ -#define MDS_OBJECT_DIRECTORY_NAME "MDS Object Directory" -#define MDS_CDSA_DIRECTORY_NAME "MDS CDSA Directory" - -/* MDS predefined values for a 16K name space */ -#define CSSM_DB_RELATIONID_MDS_START (0x40000000) -#define CSSM_DB_RELATIONID_MDS_END (0x40004000) - -#define MDS_OBJECT_RECORDTYPE (CSSM_DB_RELATIONID_MDS_START) - -#define MDS_CDSA_SCHEMA_START (MDS_OBJECT_RECORDTYPE) -#define MDS_CDSADIR_CSSM_RECORDTYPE (MDS_CDSA_SCHEMA_START + 1) -#define MDS_CDSADIR_KRMM_RECORDTYPE (MDS_CDSA_SCHEMA_START + 2) -#define MDS_CDSADIR_EMM_RECORDTYPE (MDS_CDSA_SCHEMA_START + 3) -#define MDS_CDSADIR_COMMON_RECORDTYPE (MDS_CDSA_SCHEMA_START + 4) -#define MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 5) -#define MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 6) -#define MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE (MDS_CDSA_SCHEMA_START + 7) -#define MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE (MDS_CDSA_SCHEMA_START + 8) -#define MDS_CDSADIR_DL_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 9) -#define MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE (MDS_CDSA_SCHEMA_START + 10) -#define MDS_CDSADIR_CL_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 11) -#define MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE (MDS_CDSA_SCHEMA_START + 12) -#define MDS_CDSADIR_TP_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 13) -#define MDS_CDSADIR_TP_OIDS_RECORDTYPE (MDS_CDSA_SCHEMA_START + 14) -#define MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE (MDS_CDSA_SCHEMA_START + 15) -#define MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 16) -#define MDS_CDSADIR_AC_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 17) -#define MDS_CDSADIR_KR_PRIMARY_RECORDTYPE (MDS_CDSA_SCHEMA_START + 18) -#define MDS_CDSADIR_MDS_SCHEMA_RELATIONS (MDS_CDSA_SCHEMA_START + 19) -#define MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES (MDS_CDSA_SCHEMA_START + 20) -#define MDS_CDSADIR_MDS_SCHEMA_INDEXES (MDS_CDSA_SCHEMA_START + 21) - -/* MDS predefined values for a 16K name space */ -#define CSSM_DB_ATTRIBUTE_MDS_START (0x40000000) -#define CSSM_DB_ATTRIBUTE_MDS_END (0x40004000) -#define MDS_CDSAATTR_MODULE_ID (CSSM_DB_ATTRIBUTE_MDS_START + 1) -#define MDS_CDSAATTR_MANIFEST (CSSM_DB_ATTRIBUTE_MDS_START + 2) -#define MDS_CDSAATTR_MODULE_NAME (CSSM_DB_ATTRIBUTE_MDS_START + 3) -#define MDS_CDSAATTR_PATH (CSSM_DB_ATTRIBUTE_MDS_START + 4) -#define MDS_CDSAATTR_CDSAVERSION (CSSM_DB_ATTRIBUTE_MDS_START + 5) -#define MDS_CDSAATTR_VENDOR (CSSM_DB_ATTRIBUTE_MDS_START + 6) -#define MDS_CDSAATTR_DESC (CSSM_DB_ATTRIBUTE_MDS_START + 8) -#define MDS_CDSAATTR_INTERFACE_GUID (CSSM_DB_ATTRIBUTE_MDS_START + 9) -#define MDS_CDSAATTR_POLICY_STMT (CSSM_DB_ATTRIBUTE_MDS_START + 10) -#define MDS_CDSAATTR_EMMSPECVERSION (CSSM_DB_ATTRIBUTE_MDS_START + 11) -#define MDS_CDSAATTR_EMM_VERSION (CSSM_DB_ATTRIBUTE_MDS_START + 12) -#define MDS_CDSAATTR_EMM_VENDOR (CSSM_DB_ATTRIBUTE_MDS_START + 13) -#define MDS_CDSAATTR_EMM_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 14) -#define MDS_CDSAATTR_SSID (CSSM_DB_ATTRIBUTE_MDS_START + 15) -#define MDS_CDSAATTR_SERVICE_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 16) -#define MDS_CDSAATTR_NATIVE_SERVICES (CSSM_DB_ATTRIBUTE_MDS_START + 17) -#define MDS_CDSAATTR_DYNAMIC_FLAG (CSSM_DB_ATTRIBUTE_MDS_START + 18) -#define MDS_CDSAATTR_MULTITHREAD_FLAG (CSSM_DB_ATTRIBUTE_MDS_START + 19) -#define MDS_CDSAATTR_SERVICE_MASK (CSSM_DB_ATTRIBUTE_MDS_START + 20) -#define MDS_CDSAATTR_CSP_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 21) -#define MDS_CDSAATTR_CSP_FLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 22) -#define MDS_CDSAATTR_CSP_CUSTOMFLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 23) -#define MDS_CDSAATTR_USEE_TAGS (CSSM_DB_ATTRIBUTE_MDS_START + 24) -#define MDS_CDSAATTR_CONTEXT_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 25) -#define MDS_CDSAATTR_ALG_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 26) -#define MDS_CDSAATTR_GROUP_ID (CSSM_DB_ATTRIBUTE_MDS_START + 27) -#define MDS_CDSAATTR_ATTRIBUTE_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 28) -#define MDS_CDSAATTR_ATTRIBUTE_VALUE (CSSM_DB_ATTRIBUTE_MDS_START + 29) -#define MDS_CDSAATTR_PRODUCT_DESC (CSSM_DB_ATTRIBUTE_MDS_START + 30) -#define MDS_CDSAATTR_PRODUCT_VENDOR (CSSM_DB_ATTRIBUTE_MDS_START + 31) -#define MDS_CDSAATTR_PRODUCT_VERSION (CSSM_DB_ATTRIBUTE_MDS_START + 32) -#define MDS_CDSAATTR_PRODUCT_FLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 33) -#define MDS_CDSAATTR_PRODUCT_CUSTOMFLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 34) -#define MDS_CDSAATTR_STANDARD_DESC (CSSM_DB_ATTRIBUTE_MDS_START + 35) -#define MDS_CDSAATTR_STANDARD_VERSION (CSSM_DB_ATTRIBUTE_MDS_START + 36) -#define MDS_CDSAATTR_READER_DESC (CSSM_DB_ATTRIBUTE_MDS_START + 37) -#define MDS_CDSAATTR_READER_VENDOR (CSSM_DB_ATTRIBUTE_MDS_START + 38) -#define MDS_CDSAATTR_READER_VERSION (CSSM_DB_ATTRIBUTE_MDS_START + 39) -#define MDS_CDSAATTR_READER_FWVERSION (CSSM_DB_ATTRIBUTE_MDS_START + 40) -#define MDS_CDSAATTR_READER_FLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 41) -#define MDS_CDSAATTR_READER_CUSTOMFLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 42) -#define MDS_CDSAATTR_READER_SERIALNUMBER (CSSM_DB_ATTRIBUTE_MDS_START + 43) -#define MDS_CDSAATTR_SC_DESC (CSSM_DB_ATTRIBUTE_MDS_START + 44) -#define MDS_CDSAATTR_SC_VENDOR (CSSM_DB_ATTRIBUTE_MDS_START + 45) -#define MDS_CDSAATTR_SC_VERSION (CSSM_DB_ATTRIBUTE_MDS_START + 46) -#define MDS_CDSAATTR_SC_FWVERSION (CSSM_DB_ATTRIBUTE_MDS_START + 47) -#define MDS_CDSAATTR_SC_FLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 48) -#define MDS_CDSAATTR_SC_CUSTOMFLAGS (CSSM_DB_ATTRIBUTE_MDS_START + 49) -#define MDS_CDSAATTR_SC_SERIALNUMBER (CSSM_DB_ATTRIBUTE_MDS_START + 50) -#define MDS_CDSAATTR_DL_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 51) -#define MDS_CDSAATTR_QUERY_LIMITS (CSSM_DB_ATTRIBUTE_MDS_START + 52) -#define MDS_CDSAATTR_CONJUNCTIVE_OPS (CSSM_DB_ATTRIBUTE_MDS_START + 53) -#define MDS_CDSAATTR_RELATIONAL_OPS (CSSM_DB_ATTRIBUTE_MDS_START + 54) -#define MDS_CDSAATTR_PROTOCOL (CSSM_DB_ATTRIBUTE_MDS_START + 55) -#define MDS_CDSAATTR_CERT_TYPEFORMAT (CSSM_DB_ATTRIBUTE_MDS_START + 56) -#define MDS_CDSAATTR_CRL_TYPEFORMAT (CSSM_DB_ATTRIBUTE_MDS_START + 57) -#define MDS_CDSAATTR_CERT_FIELDNAMES (CSSM_DB_ATTRIBUTE_MDS_START + 58) -#define MDS_CDSAATTR_BUNDLE_TYPEFORMAT (CSSM_DB_ATTRIBUTE_MDS_START + 59) -#define MDS_CDSAATTR_CERT_CLASSNAME (CSSM_DB_ATTRIBUTE_MDS_START + 60) -#define MDS_CDSAATTR_ROOTCERT (CSSM_DB_ATTRIBUTE_MDS_START + 61) -#define MDS_CDSAATTR_ROOTCERT_TYPEFORMAT (CSSM_DB_ATTRIBUTE_MDS_START + 62) -#define MDS_CDSAATTR_VALUE (CSSM_DB_ATTRIBUTE_MDS_START + 63) -#define MDS_CDSAATTR_REQCREDENTIALS (CSSM_DB_ATTRIBUTE_MDS_START + 64) -#define MDS_CDSAATTR_SAMPLETYPES (CSSM_DB_ATTRIBUTE_MDS_START + 65) -#define MDS_CDSAATTR_ACLSUBJECTTYPES (CSSM_DB_ATTRIBUTE_MDS_START + 66) -#define MDS_CDSAATTR_AUTHTAGS (CSSM_DB_ATTRIBUTE_MDS_START + 67) -#define MDS_CDSAATTR_USEETAG (CSSM_DB_ATTRIBUTE_MDS_START + 68) -#define MDS_CDSAATTR_RETRIEVALMODE (CSSM_DB_ATTRIBUTE_MDS_START + 69) -#define MDS_CDSAATTR_OID (CSSM_DB_ATTRIBUTE_MDS_START + 70) -#define MDS_CDSAATTR_XLATIONTYPEFORMAT (CSSM_DB_ATTRIBUTE_MDS_START + 71) -#define MDS_CDSAATTR_DEFAULT_TEMPLATE_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 72) -#define MDS_CDSAATTR_TEMPLATE_FIELD_NAMES (CSSM_DB_ATTRIBUTE_MDS_START + 73) -#define MDS_CDSAATTR_AUTHORITY_REQUEST_TYPE (CSSM_DB_ATTRIBUTE_MDS_START + 74) - -/* Meta-data names for the MDS Object directory relation */ -#define MDS_OBJECT_NUM_RELATIONS (1) -#define MDS_OBJECT_NUM_ATTRIBUTES (4) -/* Defined constant for # of relations in the CDSA directory */ -#define MDS_CDSADIR_NUM_RELATIONS (19) -/* Meta-data names for the MDS CSSM relation */ -#define MDS_CDSADIR_CSSM_NUM_ATTRIBUTES (4) -/* Meta-data names for the MDS EMM relation */ -#define MDS_CDSADIR_EMM_NUM_ATTRIBUTES (11) -/* Meta-data names for the MDS Common relation */ -#define MDS_CDSADIR_COMMON_NUM_ATTRIBUTES (9) -/* Meta-data names for the MDS CSP Primary relation */ -#define MDS_CDSADIR_CSP_PRIMARY_NUM_ATTRIBUTES (13) -/* Meta-data names for the MDS CSP Capabilities relation */ -#define MDS_CDSADIR_CSP_CAPABILITY_NUM_ATTRIBUTES (9) -/* Meta-data names for the MDS CSP Encapsulated Product relation */ -#define MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_NUM_ATTRIBUTES (16) -/* Meta-data names for the MDS CSP SmartcardInfo relation */ -#define MDS_CDSADIR_CSP_SC_INFO_NUM_ATTRIBUTES (9) -/* Meta-data names for the MDS DL Primary relation */ -#define MDS_CDSADIR_DL_PRIMARY_NUM_ATTRIBUTES (13) -/* Meta-data names for the MDS DL Encapsulated Product relation */ -#define MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_NUM_ATTRIBUTES (10) -/* Meta-data names for the MDS CL Primary relation */ -#define MDS_CDSADIR_CL_PRIMARY_NUM_ATTRIBUTES (13) -/* Meta-data names for the MDS CL Encapsulated Product relation */ -#define MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_NUM_ATTRIBUTES (8) -/* Meta-data names for the MDS TP Primary relation */ -#define MDS_CDSADIR_TP_PRIMARY_NUM_ATTRIBUTES (10) -/* Meta-data names for the MDS TP Policy-OIDS relation */ -#define MDS_CDSADIR_TP_OIDS_NUM_ATTRIBUTES (4) -/* Meta-data names for the MDS TP Encapsulated Product relation */ -#define MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_NUM_ATTRIBUTES (14) -/* Meta-data names for MDS EMM Service Provider Primary relation */ -#define MDS_CDSADIR_EMM_PRIMARY_NUM_ATTRIBUTES (9) -/* Meta-data names for MDS AC Primary relation */ -#define MDS_CDSADIR_AC_PRIMARY_NUM_ATTRIBUTES (6) -/* Meta-data names for MDS Schema relation */ -#define MDS_CDSADIR_SCHEMA_RELATONS_NUM_ATTRIBUTES (2) -#define MDS_CDSADIR_SCHEMA_ATTRIBUTES_NUM_ATTRIBUTES (6) -#define MDS_CDSADIR_SCHEMA_INDEXES_NUM_ATTRIBUTES (5) - -#ifdef __cplusplus -} -#endif - -#endif /* _MDS_SCHEMA_H_ */ diff --git a/cdsa/cdsa/oidsalg.h b/cdsa/cdsa/oidsalg.h deleted file mode 100644 index d2267366..00000000 --- a/cdsa/cdsa/oidsalg.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: oidsalg.h - - Contains: OIDs defining crypto algorithms - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _OIDS_ALG_H_ -#define _OIDS_ALG_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -extern const CSSM_OID - CSSMOID_MD2, - CSSMOID_MD4, - CSSMOID_MD5, - CSSMOID_RSA, - CSSMOID_MD2WithRSA, - CSSMOID_MD4WithRSA, - CSSMOID_MD5WithRSA, - CSSMOID_SHA1WithRSA, - CSSMOID_SHA1WithRSA_OIW, - CSSMOID_ANSI_DH_PUB_NUMBER, - CSSMOID_ANSI_DH_STATIC, - CSSMOID_ANSI_DH_ONE_FLOW, - CSSMOID_ANSI_DH_EPHEM, - CSSMOID_ANSI_DH_HYBRID1, - CSSMOID_ANSI_DH_HYBRID2, - CSSMOID_ANSI_DH_HYBRID_ONEFLOW, - CSSMOID_ANSI_MQV1, - CSSMOID_ANSI_MQV2, - CSSMOID_ANSI_DH_STATIC_SHA1, - CSSMOID_ANSI_DH_ONE_FLOW_SHA1, - CSSMOID_ANSI_DH_EPHEM_SHA1, - CSSMOID_ANSI_DH_HYBRID1_SHA1, - CSSMOID_ANSI_DH_HYBRID2_SHA1, - CSSMOID_ANSI_MQV1_SHA1, - CSSMOID_ANSI_MQV2_SHA1, - CSSMOID_PKCS3, - CSSMOID_DH, - CSSMOID_DSA, // BSAFE only - CSSMOID_DSA_CMS, // X509/CMS - CSSMOID_DSA_JDK, // JDK 1.1 - CSSMOID_SHA1WithDSA, // BSAFE - CSSMOID_SHA1WithDSA_CMS, // X509/CMS - CSSMOID_SHA1WithDSA_JDK, // JDK 1.1 - CSSMOID_SHA1, - CSSMOID_APPLE_ISIGN, - CSSMOID_APPLE_X509_BASIC, - CSSMOID_APPLE_TP_SSL, - CSSMOID_APPLE_TP_LOCAL_CERT_GEN, - CSSMOID_APPLE_TP_CSR_GEN, - CSSMOID_APPLE_TP_REVOCATION_CRL, - CSSMOID_APPLE_TP_REVOCATION_OCSP, - CSSMOID_APPLE_TP_SMIME, - CSSMOID_APPLE_TP_EAP, - CSSMOID_APPLE_FEE, - CSSMOID_APPLE_ASC, - CSSMOID_APPLE_FEE_MD5, - CSSMOID_APPLE_FEE_SHA1, - CSSMOID_APPLE_FEED, - CSSMOID_APPLE_FEEDEXP, - CSSMOID_APPLE_ECDSA, - CSSMOID_PKCS12_pbeWithSHAAnd128BitRC4, - CSSMOID_PKCS12_pbeWithSHAAnd40BitRC4, - CSSMOID_PKCS12_pbeWithSHAAnd3Key3DESCBC, - CSSMOID_PKCS12_pbeWithSHAAnd2Key3DESCBC, - CSSMOID_PKCS12_pbeWithSHAAnd128BitRC2CBC, - CSSMOID_PKCS12_pbewithSHAAnd40BitRC2CBC; - -#ifdef __cplusplus -} -#endif - -#endif /* _OIDS_ALG_H_ */ diff --git a/cdsa/cdsa/oidsattr.h b/cdsa/cdsa/oidsattr.h deleted file mode 100644 index cf15366a..00000000 --- a/cdsa/cdsa/oidsattr.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: oidsattr.h - - Contains: Cert/CRL related OIDs. - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _CDSA_OIDSATTR_H_ -#define _CDSA_OIDSATTR_H_ - -#include -#include - -/* - * Directory name component identifiers. - */ -extern const CSSM_OID - CSSMOID_ObjectClass, - CSSMOID_AliasedEntryName, - CSSMOID_KnowledgeInformation, - CSSMOID_CommonName, - CSSMOID_Surname, - CSSMOID_SerialNumber, - CSSMOID_CountryName, - CSSMOID_LocalityName, - CSSMOID_StateProvinceName, - CSSMOID_CollectiveStateProvinceName, - CSSMOID_StreetAddress, - CSSMOID_CollectiveStreetAddress, - CSSMOID_OrganizationName, - CSSMOID_CollectiveOrganizationName, - CSSMOID_OrganizationalUnitName, - CSSMOID_CollectiveOrganizationalUnitName, - CSSMOID_Title, - CSSMOID_Description, - CSSMOID_SearchGuide, - CSSMOID_BusinessCategory, - CSSMOID_PostalAddress, - CSSMOID_CollectivePostalAddress, - CSSMOID_PostalCode, - CSSMOID_CollectivePostalCode, - CSSMOID_PostOfficeBox, - CSSMOID_CollectivePostOfficeBox, - CSSMOID_PhysicalDeliveryOfficeName, - CSSMOID_CollectivePhysicalDeliveryOfficeName, - CSSMOID_TelephoneNumber, - CSSMOID_CollectiveTelephoneNumber, - CSSMOID_TelexNumber, - CSSMOID_CollectiveTelexNumber, - CSSMOID_TelexTerminalIdentifier, - CSSMOID_CollectiveTelexTerminalIdentifier, - CSSMOID_FacsimileTelephoneNumber, - CSSMOID_CollectiveFacsimileTelephoneNumber, - CSSMOID_X_121Address, - CSSMOID_InternationalISDNNumber, - CSSMOID_CollectiveInternationalISDNNumber, - CSSMOID_RegisteredAddress, - CSSMOID_DestinationIndicator, - CSSMOID_PreferredDeliveryMethod, - CSSMOID_PresentationAddress, - CSSMOID_SupportedApplicationContext, - CSSMOID_Member, - CSSMOID_Owner, - CSSMOID_RoleOccupant, - CSSMOID_SeeAlso, - CSSMOID_UserPassword, - CSSMOID_UserCertificate, - CSSMOID_CACertificate, - CSSMOID_AuthorityRevocationList, - CSSMOID_CertificateRevocationList, - CSSMOID_CrossCertificatePair, - CSSMOID_Name, - CSSMOID_GivenName, - CSSMOID_Initials, - CSSMOID_GenerationQualifier, - CSSMOID_UniqueIdentifier, - CSSMOID_DNQualifier, - CSSMOID_EnhancedSearchGuide, - CSSMOID_ProtocolInformation, - CSSMOID_DistinguishedName, - CSSMOID_UniqueMember, - CSSMOID_HouseIdentifier; - -/* PKCS 9 */ -extern const CSSM_OID - CSSMOID_EmailAddress, - CSSMOID_UnstructuredName, - CSSMOID_ContentType, - CSSMOID_MessageDigest, - CSSMOID_SigningTime, - CSSMOID_CounterSignature, - CSSMOID_ChallengePassword, - CSSMOID_UnstructuredAddress, - CSSMOID_ExtendedCertificateAttributes; - -/* PKIX */ -extern const CSSM_OID - CSSMOID_QT_CPS, - CSSMOID_QT_UNOTICE; - -/* PKCS7 */ -extern const CSSM_OID - CSSMOID_PKCS7_Data, - CSSMOID_PKCS7_SignedData, - CSSMOID_PKCS7_EnvelopedData, - CSSMOID_PKCS7_SignedAndEnvelopedData, - CSSMOID_PKCS7_DigestedData, - CSSMOID_PKCS7_EncryptedData, - CSSMOID_PKCS7_DataWithAttributes, - CSSMOID_PKCS7_EncryptedPrivateKeyInfo, - -/* PKCS8 */ - CSSMOID_PKCS9_FriendlyName, - CSSMOID_PKCS9_LocalKeyId, - CSSMOID_PKCS9_CertTypes, - CSSMOID_PKCS9_CrlTypes, - CSSMOID_PKCS9_X509Certificate, - CSSMOID_PKCS9_SdsiCertificate, - CSSMOID_PKCS9_X509Crl, - -/* PKCS12 */ - CSSMOID_PKCS12_keyBag, - CSSMOID_PKCS12_shroudedKeyBag, - CSSMOID_PKCS12_certBag, - CSSMOID_PKCS12_crlBag, - CSSMOID_PKCS12_secretBag, - CSSMOID_PKCS12_safeContentsBag; - -#endif /* _CDSA_OIDSATTR_H_*/ diff --git a/cdsa/cdsa/oidsbase.h b/cdsa/cdsa/oidsbase.h deleted file mode 100644 index 213aef50..00000000 --- a/cdsa/cdsa/oidsbase.h +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: oidsbase.h - - Contains: Basic Object Identifier Macros and Data Types. - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _OIDSBASE_H_ -#define _OIDSBASE_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Intel CSSM */ - -#define INTEL 96, 134, 72, 1, 134, 248, 77 -#define INTEL_LENGTH 7 - -#define INTEL_CDSASECURITY INTEL, 2 -#define INTEL_CDSASECURITY_LENGTH (INTEL_LENGTH + 1) - -#define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 -#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) - -#define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 -#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) - -#define INTEL_SEC_OBJECT_BUNDLE INTEL_SEC_FORMATS, 4 -#define INTEL_SEC_OBJECT_BUNDLE_LENGTH (INTEL_SEC_FORMATS_LENGTH + 1) - -#define INTEL_CERT_AND_PRIVATE_KEY_2_0 INTEL_SEC_OBJECT_BUNDLE, 1 -#define INTEL_CERT_AND_PRIVATE_KEY_2_0_LENGTH (INTEL_SEC_OBJECT_BUNDLE_LENGTH + 1) - -/* Suffix specifying format or representation of a field value */ -/* Note that if a format suffix is not specified, a flat data -representation is implied */ -#define INTEL_X509_C_DATATYPE 1 -#define INTEL_X509_LDAPSTRING_DATATYPE 2 - -#define OID_ISO_CCITT_DIR_SERVICE 85 -#define OID_DS OID_ISO_CCITT_DIR_SERVICE -#define OID_DS_LENGTH 1 -#define OID_ATTR_TYPE OID_DS, 4 -#define OID_ATTR_TYPE_LENGTH OID_DS_LENGTH + 1 -#define OID_EXTENSION OID_DS, 29 -#define OID_EXTENSION_LENGTH OID_DS_LENGTH + 1 -#define OID_ISO_STANDARD 40 -#define OID_ISO_MEMBER 42 -#define OID_US OID_ISO_MEMBER, 134, 72 - -#define OID_ISO_IDENTIFIED_ORG 43 -#define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 -#define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 -#define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 -#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 - -/* From the PKCS Standards */ -#define OID_ISO_MEMBER_LENGTH 1 -#define OID_US_LENGTH OID_ISO_MEMBER_LENGTH + 2 -#define OID_RSA OID_US, 134, 247, 13 -#define OID_RSA_LENGTH OID_US_LENGTH + 3 -#define OID_RSA_HASH OID_RSA, 2 -#define OID_RSA_HASH_LENGTH OID_RSA_LENGTH + 1 -#define OID_RSA_ENCRYPT OID_RSA, 3 -#define OID_RSA_ENCRYPT_LENGTH OID_RSA_LENGTH + 1 -#define OID_PKCS OID_RSA, 1 -#define OID_PKCS_LENGTH OID_RSA_LENGTH +1 -#define OID_PKCS_1 OID_PKCS, 1 -#define OID_PKCS_1_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_2 OID_PKCS, 2 -#define OID_PKCS_3 OID_PKCS, 3 -#define OID_PKCS_3_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_4 OID_PKCS, 4 -#define OID_PKCS_5 OID_PKCS, 5 -#define OID_PKCS_5_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_6 OID_PKCS, 6 -#define OID_PKCS_7 OID_PKCS, 7 -#define OID_PKCS_7_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_8 OID_PKCS, 8 -#define OID_PKCS_9 OID_PKCS, 9 -#define OID_PKCS_9_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_10 OID_PKCS, 10 -#define OID_PKCS_11 OID_PKCS, 11 -#define OID_PKCS_11_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_12 OID_PKCS, 12 -#define OID_PKCS_12_LENGTH OID_PKCS_LENGTH +1 - -/* ANSI X9.42 */ -#define OID_ANSI_X9_42 OID_US, 206, 62, 2 -#define OID_ANSI_X9_42_LEN OID_US_LENGTH + 3 -#define OID_ANSI_X9_42_SCHEME OID_ANSI_X9_42, 3 -#define OID_ANSI_X9_42_SCHEME_LEN OID_ANSI_X9_42_LEN + 1 -#define OID_ANSI_X9_42_NAMED_SCHEME OID_ANSI_X9_42, 4 -#define OID_ANSI_X9_42_NAMED_SCHEME_LEN OID_ANSI_X9_42_LEN + 1 - -#define OID_PKIX OID_DOD, 1, 5, 5, 7 -#define OID_PKIX_LENGTH 6 -#define OID_QT OID_PKIX, 2 -#define OID_QT_LENGTH OID_PKIX_LENGTH + 1 - -#define OID_KP OID_PKIX, 3 -#define OID_KP_LENGTH OID_PKIX_LENGTH + 1 - -#define OID_OIW_SECSIG OID_OIW, 3 -#define OID_OIW_LENGTH 2 -#define OID_OIW_SECSIG_LENGTH OID_OIW_LENGTH +1 - -#define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 -#define OID_OIW_ALGORITHM_LENGTH OID_OIW_SECSIG_LENGTH +1 - -/* - * Apple-specific OID bases - */ - -/* - * apple OBJECT IDENTIFIER ::= - * { iso(1) member-body(2) US(840) 113635 } - * - * BER = 06 06 2A 86 48 86 F7 63 - */ -#define APPLE_OID OID_US, 0x86, 0xf7, 0x63 -#define APPLE_OID_LENGTH OID_US_LENGTH + 3 - -/* appleDataSecurity OBJECT IDENTIFIER ::= - * { apple 100 } - * { 1 2 840 113635 100 } - * - * BER = 06 07 2A 86 48 86 F7 63 64 - */ -#define APPLE_ADS_OID APPLE_OID, 0x64 -#define APPLE_ADS_OID_LENGTH APPLE_OID_LENGTH + 1 - -/* - * appleTrustPolicy OBJECT IDENTIFIER ::= - * { appleDataSecurity 1 } - * { 1 2 840 113635 100 1 } - * - * BER = 06 08 2A 86 48 86 F7 63 64 01 - */ -#define APPLE_TP_OID APPLE_ADS_OID, 1 -#define APPLE_TP_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * appleSecurityAlgorithm OBJECT IDENTIFIER ::= - * { appleDataSecurity 2 } - * { 1 2 840 113635 100 2 } - * - * BER = 06 08 2A 86 48 86 F7 63 64 02 - */ -#define APPLE_ALG_OID APPLE_ADS_OID, 2 -#define APPLE_ALG_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * Netscape extensions. - */ -/* - * netscape-cert-extension OBJECT IDENTIFIER ::= - * { 2 16 840 1 113730 1 } - * - * BER = 06 08 60 86 48 01 86 F8 42 01 - */ -#define NETSCAPE_CERT_EXTEN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01 -#define NETSCAPE_CERT_EXTEN_LENGTH 8 - -#ifdef __cplusplus -} -#endif - -#endif /* _OIDSBASE_H_ */ diff --git a/cdsa/cdsa/oidscert.h b/cdsa/cdsa/oidscert.h deleted file mode 100644 index ac840b11..00000000 --- a/cdsa/cdsa/oidscert.h +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: oidscert.h - - Contains: Object Identifiers for X509 Certificate Library - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _OIDSCERT_H_ -#define _OIDSCERT_H_ 1 - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define INTEL_X509V3_CERT_R08 INTEL_SEC_FORMATS, 1, 1 -#define INTEL_X509V3_CERT_R08_LENGTH INTEL_SEC_FORMATS_LENGTH + 2 - -/* Prefix for defining Certificate Extension field OIDs */ -#define INTEL_X509V3_CERT_PRIVATE_EXTENSIONS INTEL_X509V3_CERT_R08, 50 -#define INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH INTEL_X509V3_CERT_R08_LENGTH + 1 - -/* Prefix for defining signature field OIDs */ -#define INTEL_X509V3_SIGN_R08 INTEL_SEC_FORMATS, 3, 2 -#define INTEL_X509V3_SIGN_R08_LENGTH INTEL_SEC_FORMATS_LENGTH + 2 - -/* Suffix specifying format or representation of a field value */ -/* Note that if a format suffix is not specified, a flat data representation is implied. */ - -#define INTEL_X509_C_DATATYPE 1 -#define INTEL_X509_LDAPSTRING_DATATYPE 2 - -/* Certificate OIDS */ -extern const CSSM_OID - - CSSMOID_X509V3SignedCertificate, - CSSMOID_X509V3SignedCertificateCStruct, - CSSMOID_X509V3Certificate, - CSSMOID_X509V3CertificateCStruct, - CSSMOID_X509V1Version, - CSSMOID_X509V1SerialNumber, - CSSMOID_X509V1IssuerName, // normalized & encoded - CSSMOID_X509V1IssuerNameStd, // encoded - CSSMOID_X509V1IssuerNameCStruct, // CSSM_X509_NAME - CSSMOID_X509V1IssuerNameLDAP, - CSSMOID_X509V1ValidityNotBefore, - CSSMOID_X509V1ValidityNotAfter, - CSSMOID_X509V1SubjectName, // normalized & encoded - CSSMOID_X509V1SubjectNameStd, // encoded - CSSMOID_X509V1SubjectNameCStruct, // CSSM_X509_NAME - CSSMOID_X509V1SubjectNameLDAP, - CSSMOID_CSSMKeyStruct, - CSSMOID_X509V1SubjectPublicKeyCStruct, - CSSMOID_X509V1SubjectPublicKeyAlgorithm, - CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters, - CSSMOID_X509V1SubjectPublicKey, - CSSMOID_X509V1CertificateIssuerUniqueId, - CSSMOID_X509V1CertificateSubjectUniqueId, - CSSMOID_X509V3CertificateExtensionsStruct, - CSSMOID_X509V3CertificateExtensionsCStruct, - CSSMOID_X509V3CertificateNumberOfExtensions, - CSSMOID_X509V3CertificateExtensionStruct, - CSSMOID_X509V3CertificateExtensionCStruct, - CSSMOID_X509V3CertificateExtensionId, - CSSMOID_X509V3CertificateExtensionCritical, - CSSMOID_X509V3CertificateExtensionType, - CSSMOID_X509V3CertificateExtensionValue, - - /* Signature OID Fields */ - CSSMOID_X509V1SignatureStruct, - CSSMOID_X509V1SignatureCStruct, - CSSMOID_X509V1SignatureAlgorithm, - CSSMOID_X509V1SignatureAlgorithmTBS, - CSSMOID_X509V1SignatureAlgorithmParameters, - CSSMOID_X509V1Signature, - - /* Extension OID Fields */ - CSSMOID_SubjectSignatureBitmap, - CSSMOID_SubjectPicture, - CSSMOID_SubjectEmailAddress, - CSSMOID_UseExemptions; - -/*** - *** Apple addenda - ***/ - -/* - * Standard Cert and CRL extensions. - */ -extern const CSSM_OID - CSSMOID_SubjectDirectoryAttributes, - CSSMOID_SubjectKeyIdentifier, - CSSMOID_KeyUsage, - CSSMOID_PrivateKeyUsagePeriod, - CSSMOID_SubjectAltName, - CSSMOID_IssuerAltName, - CSSMOID_BasicConstraints, - CSSMOID_CrlNumber, - CSSMOID_CrlReason, - CSSMOID_HoldInstructionCode, - CSSMOID_InvalidityDate, - CSSMOID_DeltaCrlIndicator, - CSSMOID_IssuingDistributionPoint, - CSSMOID_IssuingDistributionPoints, - CSSMOID_CertIssuer, - CSSMOID_NameConstraints, - CSSMOID_CrlDistributionPoints, - CSSMOID_CertificatePolicies, - CSSMOID_PolicyMappings, - CSSMOID_PolicyConstraints, - CSSMOID_AuthorityKeyIdentifier, - CSSMOID_ExtendedKeyUsage, - CSSMOID_ExtendedKeyUsageAny, - CSSMOID_ServerAuth, - CSSMOID_ClientAuth, - CSSMOID_ExtendedUseCodeSigning, - CSSMOID_EmailProtection, - CSSMOID_TimeStamping, - CSSMOID_OCSPSigning; - -/* - * Netscape extensions. - */ -extern const CSSM_OID CSSMOID_NetscapeCertType; - -/* - * Field values for CSSMOID_NetscapeCertType, a bit string. - * Assumes a 16 bit field, even though currently only 8 bits - * are defined. - */ -#define CE_NCT_SSL_Client 0x8000 -#define CE_NCT_SSL_Server 0x4000 -#define CE_NCT_SMIME 0x2000 -#define CE_NCT_ObjSign 0x1000 -#define CE_NCT_Reserved 0x0800 -#define CE_NCT_SSL_CA 0x0400 -#define CE_NCT_SMIME_CA 0x0200 -#define CE_NCT_ObjSignCA 0x0100 - -#ifdef __cplusplus -} -#endif - -#endif /* _OIDSCERT_H_ */ diff --git a/cdsa/cdsa/oidscrl.h b/cdsa/cdsa/oidscrl.h deleted file mode 100644 index 74d57e29..00000000 --- a/cdsa/cdsa/oidscrl.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: oidscrl.h - - Contains: Object Identifiers for X509 CRLS - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _OIDSCRL_H_ -#define _OIDSCRL_H_ 1 - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define INTEL_X509V2_CRL_R08 INTEL_SEC_FORMATS, 2, 1 -#define INTEL_X509V2_CRL_R08_LENGTH INTEL_SEC_FORMATS_LENGTH+2 - - -extern const CSSM_OID - /* CRL OIDs */ - CSSMOID_X509V2CRLSignedCrlStruct, - CSSMOID_X509V2CRLSignedCrlCStruct, - CSSMOID_X509V2CRLTbsCertListStruct, - CSSMOID_X509V2CRLTbsCertListCStruct, - CSSMOID_X509V2CRLVersion, - CSSMOID_X509V1CRLIssuerStruct, - CSSMOID_X509V1CRLIssuerNameCStruct, - CSSMOID_X509V1CRLIssuerNameLDAP, - CSSMOID_X509V1CRLThisUpdate, - CSSMOID_X509V1CRLNextUpdate, - - /* CRL Entry (CRL CertList) OIDS */ - CSSMOID_X509V1CRLRevokedCertificatesStruct, - CSSMOID_X509V1CRLRevokedCertificatesCStruct, - CSSMOID_X509V1CRLNumberOfRevokedCertEntries, - CSSMOID_X509V1CRLRevokedEntryStruct, - CSSMOID_X509V1CRLRevokedEntryCStruct, - CSSMOID_X509V1CRLRevokedEntrySerialNumber, - CSSMOID_X509V1CRLRevokedEntryRevocationDate, - - /* CRL Entry (CRL CertList) Extension OIDs */ - CSSMOID_X509V2CRLRevokedEntryAllExtensionsStruct, - CSSMOID_X509V2CRLRevokedEntryAllExtensionsCStruct, - CSSMOID_X509V2CRLRevokedEntryNumberOfExtensions, - CSSMOID_X509V2CRLRevokedEntrySingleExtensionStruct, - CSSMOID_X509V2CRLRevokedEntrySingleExtensionCStruct, - CSSMOID_X509V2CRLRevokedEntryExtensionId, - CSSMOID_X509V2CRLRevokedEntryExtensionCritical, - CSSMOID_X509V2CRLRevokedEntryExtensionType, - CSSMOID_X509V2CRLRevokedEntryExtensionValue, - - /* CRL Extension OIDs */ - CSSMOID_X509V2CRLAllExtensionsStruct, - CSSMOID_X509V2CRLAllExtensionsCStruct, - CSSMOID_X509V2CRLNumberOfExtensions, - CSSMOID_X509V2CRLSingleExtensionStruct, - CSSMOID_X509V2CRLSingleExtensionCStruct, - CSSMOID_X509V2CRLExtensionId, - CSSMOID_X509V2CRLExtensionCritical, - CSSMOID_X509V2CRLExtensionType; - - - -#ifdef __cplusplus -} -#endif - -#endif /* _OIDSCRL_H_ */ diff --git a/cdsa/cdsa/x509defs.h b/cdsa/cdsa/x509defs.h deleted file mode 100644 index fe16bd21..00000000 --- a/cdsa/cdsa/x509defs.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: x509defs.h - - Contains: Data structures for X509 Certificate Library field values - - Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved. -*/ - -#ifndef _X509DEFS_H_ -#define _X509DEFS_H_ 1 - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef uint8 CSSM_BER_TAG; -#define BER_TAG_UNKNOWN 0 -#define BER_TAG_BOOLEAN 1 -#define BER_TAG_INTEGER 2 -#define BER_TAG_BIT_STRING 3 -#define BER_TAG_OCTET_STRING 4 -#define BER_TAG_NULL 5 -#define BER_TAG_OID 6 -#define BER_TAG_OBJECT_DESCRIPTOR 7 -#define BER_TAG_EXTERNAL 8 -#define BER_TAG_REAL 9 -#define BER_TAG_ENUMERATED 10 -/* 12 to 15 are reserved for future versions of the recommendation */ -#define BER_TAG_PKIX_UTF8_STRING 12 -#define BER_TAG_SEQUENCE 16 -#define BER_TAG_SET 17 -#define BER_TAG_NUMERIC_STRING 18 -#define BER_TAG_PRINTABLE_STRING 19 -#define BER_TAG_T61_STRING 20 -#define BER_TAG_TELETEX_STRING BER_TAG_T61_STRING -#define BER_TAG_VIDEOTEX_STRING 21 -#define BER_TAG_IA5_STRING 22 -#define BER_TAG_UTC_TIME 23 -#define BER_TAG_GENERALIZED_TIME 24 -#define BER_TAG_GRAPHIC_STRING 25 -#define BER_TAG_ISO646_STRING 26 -#define BER_TAG_GENERAL_STRING 27 -#define BER_TAG_VISIBLE_STRING BER_TAG_ISO646_STRING -/* 28 - are reserved for future versions of the recommendation */ -#define BER_TAG_PKIX_UNIVERSAL_STRING 28 -#define BER_TAG_PKIX_BMP_STRING 30 - - -/* Data Structures for X.509 Certificates */ - -typedef struct cssm_x509_algorithm_identifier { - CSSM_OID algorithm; - CSSM_DATA parameters; -} CSSM_X509_ALGORITHM_IDENTIFIER, *CSSM_X509_ALGORITHM_IDENTIFIER_PTR; - -/* X509 Distinguished name structure */ -typedef struct cssm_x509_type_value_pair { - CSSM_OID type; - CSSM_BER_TAG valueType; /* The Tag to be used when */ - /*this value is BER encoded */ - CSSM_DATA value; -} CSSM_X509_TYPE_VALUE_PAIR, *CSSM_X509_TYPE_VALUE_PAIR_PTR; - -typedef struct cssm_x509_rdn { - uint32 numberOfPairs; - CSSM_X509_TYPE_VALUE_PAIR_PTR AttributeTypeAndValue; -} CSSM_X509_RDN, *CSSM_X509_RDN_PTR; - -typedef struct cssm_x509_name { - uint32 numberOfRDNs; - CSSM_X509_RDN_PTR RelativeDistinguishedName; -} CSSM_X509_NAME, *CSSM_X509_NAME_PTR; - -/* Public key info struct */ -typedef struct cssm_x509_subject_public_key_info { - CSSM_X509_ALGORITHM_IDENTIFIER algorithm; - CSSM_DATA subjectPublicKey; -} CSSM_X509_SUBJECT_PUBLIC_KEY_INFO, *CSSM_X509_SUBJECT_PUBLIC_KEY_INFO_PTR; - -typedef struct cssm_x509_time { - CSSM_BER_TAG timeType; - CSSM_DATA time; -} CSSM_X509_TIME, *CSSM_X509_TIME_PTR; - -/* Validity struct */ -typedef struct x509_validity { - CSSM_X509_TIME notBefore; - CSSM_X509_TIME notAfter; -} CSSM_X509_VALIDITY, *CSSM_X509_VALIDITY_PTR; - -#define CSSM_X509_OPTION_PRESENT CSSM_TRUE -#define CSSM_X509_OPTION_NOT_PRESENT CSSM_FALSE -typedef CSSM_BOOL CSSM_X509_OPTION; - -typedef struct cssm_x509ext_basicConstraints { - CSSM_BOOL cA; - CSSM_X509_OPTION pathLenConstraintPresent; - uint32 pathLenConstraint; -} CSSM_X509EXT_BASICCONSTRAINTS, *CSSM_X509EXT_BASICCONSTRAINTS_PTR; - -typedef enum extension_data_format { - CSSM_X509_DATAFORMAT_ENCODED = 0, - CSSM_X509_DATAFORMAT_PARSED, - CSSM_X509_DATAFORMAT_PAIR -} CSSM_X509EXT_DATA_FORMAT; - -typedef struct cssm_x509_extensionTagAndValue { - CSSM_BER_TAG type; - CSSM_DATA value; -} CSSM_X509EXT_TAGandVALUE, *CSSM_X509EXT_TAGandVALUE_PTR; - -typedef struct cssm_x509ext_pair { - CSSM_X509EXT_TAGandVALUE tagAndValue; - void *parsedValue; -} CSSM_X509EXT_PAIR, *CSSM_X509EXT_PAIR_PTR; - -/* Extension structure */ -typedef struct cssm_x509_extension { - CSSM_OID extnId; - CSSM_BOOL critical; - CSSM_X509EXT_DATA_FORMAT format; - union cssm_x509ext_value { - CSSM_X509EXT_TAGandVALUE *tagAndValue; - void *parsedValue; - CSSM_X509EXT_PAIR *valuePair; - } value; - CSSM_DATA BERvalue; -} CSSM_X509_EXTENSION, *CSSM_X509_EXTENSION_PTR; - -typedef struct cssm_x509_extensions { - uint32 numberOfExtensions; - CSSM_X509_EXTENSION_PTR extensions; -} CSSM_X509_EXTENSIONS, *CSSM_X509_EXTENSIONS_PTR; - -/* X509V3 certificate structure */ -typedef struct cssm_x509_tbs_certificate { - CSSM_DATA version; - CSSM_DATA serialNumber; - CSSM_X509_ALGORITHM_IDENTIFIER signature; - CSSM_X509_NAME issuer; - CSSM_X509_VALIDITY validity; - CSSM_X509_NAME subject; - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO subjectPublicKeyInfo; - CSSM_DATA issuerUniqueIdentifier; - CSSM_DATA subjectUniqueIdentifier; - CSSM_X509_EXTENSIONS extensions; -} CSSM_X509_TBS_CERTIFICATE, *CSSM_X509_TBS_CERTIFICATE_PTR; - -/* Signature structure */ -typedef struct cssm_x509_signature { - CSSM_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; - CSSM_DATA encrypted; -} CSSM_X509_SIGNATURE, *CSSM_X509_SIGNATURE_PTR; - -/* Signed certificate structure */ -typedef struct cssm_x509_signed_certificate { - CSSM_X509_TBS_CERTIFICATE certificate; - CSSM_X509_SIGNATURE signature; -} CSSM_X509_SIGNED_CERTIFICATE, *CSSM_X509_SIGNED_CERTIFICATE_PTR; - -typedef struct cssm_x509ext_policyQualifierInfo { - CSSM_OID policyQualifierId; - CSSM_DATA value; -} CSSM_X509EXT_POLICYQUALIFIERINFO, *CSSM_X509EXT_POLICYQUALIFIERINFO_PTR; - -typedef struct cssm_x509ext_policyQualifiers { - uint32 numberOfPolicyQualifiers; - CSSM_X509EXT_POLICYQUALIFIERINFO *policyQualifier; -} CSSM_X509EXT_POLICYQUALIFIERS, *CSSM_X509EXT_POLICYQUALIFIERS_PTR; - -typedef struct cssm_x509ext_policyInfo { - CSSM_OID policyIdentifier; - CSSM_X509EXT_POLICYQUALIFIERS policyQualifiers; -} CSSM_X509EXT_POLICYINFO, *CSSM_X509EXT_POLICYINFO_PTR; - - -/* Data Structures for X.509 Certificate Revocations Lists */ - -/* x509V2 entry in the CRL revokedCertificates sequence */ -typedef struct cssm_x509_revoked_cert_entry { - CSSM_DATA certificateSerialNumber; - CSSM_X509_TIME revocationDate; - CSSM_X509_EXTENSIONS extensions; -} CSSM_X509_REVOKED_CERT_ENTRY, *CSSM_X509_REVOKED_CERT_ENTRY_PTR; - -typedef struct cssm_x509_revoked_cert_list { - uint32 numberOfRevokedCertEntries; - CSSM_X509_REVOKED_CERT_ENTRY_PTR revokedCertEntry; -} CSSM_X509_REVOKED_CERT_LIST, *CSSM_X509_REVOKED_CERT_LIST_PTR; - -/* x509v2 Certificate Revocation List (CRL) (unsigned) structure */ -typedef struct cssm_x509_tbs_certlist { - CSSM_DATA version; - CSSM_X509_ALGORITHM_IDENTIFIER signature; - CSSM_X509_NAME issuer; - CSSM_X509_TIME thisUpdate; - CSSM_X509_TIME nextUpdate; - CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates; - CSSM_X509_EXTENSIONS extensions; -} CSSM_X509_TBS_CERTLIST, *CSSM_X509_TBS_CERTLIST_PTR; - -typedef struct cssm_x509_signed_crl { - CSSM_X509_TBS_CERTLIST tbsCertList; - CSSM_X509_SIGNATURE signature; -} CSSM_X509_SIGNED_CRL, *CSSM_X509_SIGNED_CRL_PTR; - -#ifdef __cplusplus -} -#endif - -#endif /* _X509DEFS_H_ */ diff --git a/cdsa/cdsa_client.cpp b/cdsa/cdsa_client.cpp deleted file mode 100644 index 94eb8c74..00000000 --- a/cdsa/cdsa_client.cpp +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* Headers. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Source files. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include diff --git a/cdsa/cdsa_client/DLDBList.cpp b/cdsa/cdsa_client/DLDBList.cpp deleted file mode 100644 index 1deb70d9..00000000 --- a/cdsa/cdsa_client/DLDBList.cpp +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - DLDbList.cpp -*/ - -#include "DLDBList.h" - -using namespace CssmClient; - -//---------------------------------------------------------------------- -// DLDbList implementation -//---------------------------------------------------------------------- - -void DLDbList::add(const DLDbIdentifier& dldbIdentifier) // Adds at end if not in list -{ - for (DLDbList::const_iterator ix=begin();ix!=end();ix++) - if (*ix==dldbIdentifier) // already in list - return; - push_back(dldbIdentifier); - changed(true); -} - -void DLDbList::remove(const DLDbIdentifier& dldbIdentifier) // Removes from list -{ - for (DLDbList::iterator ix=begin();ix!=end();ix++) - if (*ix==dldbIdentifier) // found in list - { - erase(ix); - changed(true); - break; - } -} - -void DLDbList::save() -{ -} diff --git a/cdsa/cdsa_client/DLDBList.h b/cdsa/cdsa_client/DLDBList.h deleted file mode 100644 index 6affdb91..00000000 --- a/cdsa/cdsa_client/DLDBList.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - DLDbList.h - - This implements a vector of DLDbIdentifiers. A DLDbIdentifier contains all of the - information needed to find a particular DB within a particular DL. This file - does not depend on CoreFoundation but does depend on CDSA headers. -*/ - -#ifndef _H_CDSA_CLIENT_DLDBLIST -#define _H_CDSA_CLIENT_DLDBLIST 1 - -#include -#include -#include -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -//------------------------------------------------------------------------------------- -// -// Lists of DL/DBs -// -//------------------------------------------------------------------------------------- - - -// -// DLDbList -// -class DLDbList : public vector -{ -public: - DLDbList() : mChanged(false) {} - virtual ~DLDbList() {} - - // API - virtual void add(const DLDbIdentifier& dldbIdentifier); // Adds at end if not in list - virtual void remove(const DLDbIdentifier& dldbIdentifier); // Removes from list - virtual void save(); - - bool hasChanged() const { return mChanged; } - -protected: - void changed(bool hasChanged) { mChanged=hasChanged; } - -private: - bool mChanged; -}; - -}; // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_DLDBLIST diff --git a/cdsa/cdsa_client/aclclient.cpp b/cdsa/cdsa_client/aclclient.cpp deleted file mode 100644 index 80659923..00000000 --- a/cdsa/cdsa_client/aclclient.cpp +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keyclient -// -#include -#include -#include -#include -#include - - -namespace Security { -namespace CssmClient { - - -static inline void check(CSSM_RETURN rc) -{ - ObjectImpl::check(rc); -} - - -// -// AclBearer methods (trivial) -// -AclBearer::~AclBearer() -{ } - - -// -// Variant forms of AclBearer implemented in terms of its canonical virtual methods -// -void AclBearer::addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred) -{ - changeAcl(AclEdit(input), cred); -} - -void AclBearer::changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - changeAcl(AclEdit(handle, input), cred); -} - -void AclBearer::deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred) -{ - changeAcl(AclEdit(handle), cred); -} - -void AclBearer::deleteAcl(const char *tag, const CSSM_ACCESS_CREDENTIALS *cred) -{ - AutoAclEntryInfoList entries; - getAcl(entries, tag); - for (uint32 n = 0; n < entries.count(); n++) - deleteAcl(entries[n].handle(), cred); -} - - -// -// KeyAclBearer implementation -// -void KeyAclBearer::getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag) const -{ - aclInfos.allocator(allocator); - check(CSSM_GetKeyAcl(csp, &key, reinterpret_cast(selectionTag), aclInfos, aclInfos)); -} - -void KeyAclBearer::changeAcl(const CSSM_ACL_EDIT &aclEdit, const CSSM_ACCESS_CREDENTIALS *cred) -{ - check(CSSM_ChangeKeyAcl(csp, AccessCredentials::needed(cred), &aclEdit, &key)); -} - -void KeyAclBearer::getOwner(AutoAclOwnerPrototype &owner) const -{ - owner.allocator(allocator); - check(CSSM_GetKeyOwner(csp, &key, owner)); -} - -void KeyAclBearer::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - check(CSSM_ChangeKeyOwner(csp, AccessCredentials::needed(cred), &key, &newOwner)); -} - - -// -// A single global structure containing pseudo-static data -// -struct Statics { - Statics(); - CssmAllocator &alloc; - - AutoCredentials nullCred; - AutoCredentials promptCred; - AutoCredentials unlockCred; -}; - -namespace { - ModuleNexus statics; -} - - -// -// Make pseudo-statics. -// Note: This is an eternal object. It is not currently destroyed -// if the containing code is unloaded. But then, the containing -// code is Security.framework, which never unloads anyway. -// -Statics::Statics() - : alloc(CssmAllocator::standard()), - nullCred(alloc, 1), - promptCred(alloc, 2), - unlockCred(alloc, 1) -{ - // nullCred: nothing at all - // contains: - // an empty THRESHOLD sample to match threshold subjects with "free" subjects - nullCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD); - - // promptCred: a credential permitting user prompt confirmations - // contains: - // a KEYCHAIN_PROMPT sample, both by itself and in a THRESHOLD - promptCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT); - promptCred.sample(1) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD, - new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT))); - - // unlockCred: ??? - unlockCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)); -} - - -// -// Make and break AclFactories -// -AclFactory::AclFactory() -{ } - -AclFactory::~AclFactory() -{ } - - -// -// Return basic pseudo-static values -// -const AccessCredentials *AclFactory::nullCred() const -{ return &statics().nullCred; } - -const AccessCredentials *AclFactory::promptCred() const -{ return &statics().promptCred; } - -const AccessCredentials *AclFactory::unlockCred() const -{ return &statics().unlockCred; } - - -// -// Manage the (pseudo) credentials used to explicitly provide a passphrase to a keychain. -// Use the eternal unlockCred() for normal (protected prompt) unlocking. -// -AclFactory::KeychainCredentials::~KeychainCredentials () -{ - DataWalkers::chunkFree (mCredentials, allocator); -} - -AclFactory::PassphraseUnlockCredentials::PassphraseUnlockCredentials (const CssmData& password, - CssmAllocator& allocator) : KeychainCredentials(allocator) -{ - mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD), - new (allocator) ListElement (CssmAutoData(allocator, password).release())); -} - - -// -// Manage the (pseudo) credentials used to explicitly change a keychain's passphrase -// -AclFactory::PasswordChangeCredentials::PasswordChangeCredentials (const CssmData& password, - CssmAllocator& allocator) : KeychainCredentials(allocator) -{ - mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD), - new (allocator) ListElement (CssmAutoData(allocator, password).release())); -} - - -// -// Create an ANY style AclEntryInput. -// This can be used to explicitly request wide-open authorization on a new CSSM object. -// -AclFactory::AnyResourceContext::AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred) - : mAny(CSSM_ACL_SUBJECT_TYPE_ANY), mTag(CSSM_ACL_AUTHORIZATION_ANY) -{ - // set up an ANY/EVERYTHING AclEntryInput - input().proto().subject() += &mAny; - AuthorizationGroup &authGroup = input().proto().authorization(); - authGroup.NumberOfAuthTags = 1; - authGroup.AuthTags = &mTag; - - // install the cred (not copied) - credentials(cred); -} - - -} // end namespace CssmClient -} // end namespace Security diff --git a/cdsa/cdsa_client/aclclient.h b/cdsa/cdsa_client/aclclient.h deleted file mode 100644 index bbf1405b..00000000 --- a/cdsa/cdsa_client/aclclient.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keyclient -// -#ifndef _H_CDSA_CLIENT_ACLCLIENT -#define _H_CDSA_CLIENT_ACLCLIENT 1 - -#include -#include -#include -#include -#include - -namespace Security { -namespace CssmClient { - -class CSP; - - -// -// Any client-side object that has CSSM-layer ACLs shall be -// derived from AclBearer and implement its methods accordingly. -// Note the (shared/virtual) RefCount - you should handle AclBearer -// references via RefPointers. -// -class AclBearer : public virtual RefCount { -public: - virtual ~AclBearer(); - - // Acl manipulation - virtual void getAcl(AutoAclEntryInfoList &aclInfos, - const char *selectionTag = NULL) const = 0; - virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0; - - void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL); - void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input, - const CSSM_ACCESS_CREDENTIALS *cred = NULL); - void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL); - void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL); - - // Acl owner manipulation - virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0; - virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0; -}; - - -// -// An AclBearer applied to a raw CSSM key -// -class KeyAclBearer : public AclBearer { -public: - KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, CssmAllocator &alloc) - : csp(cspH), key(theKey), allocator(alloc) { } - - const CSSM_CSP_HANDLE csp; - CSSM_KEY &key; - CssmAllocator &allocator; - -protected: - void getAcl(AutoAclEntryInfoList &aclInfos, - const char *selectionTag = NULL) const; - void changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *cred = NULL); - void getOwner(AutoAclOwnerPrototype &owner) const; - void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *cred = NULL); -}; - - -// -// An AclFactory helps create and maintain CSSM-layer AccessCredentials -// and matching samples. There is state in an AclFactory, though simple -// uses may not care about it. -// -class AclFactory { -public: - AclFactory(); - virtual ~AclFactory(); - - // these values are owned by the AclFactory and persist - // until it is destroyed. You don't own the memory. - const AccessCredentials *nullCred() const; - const AccessCredentials *promptCred() const; - const AccessCredentials *unlockCred() const; - -protected: - class KeychainCredentials { - public: - KeychainCredentials(CssmAllocator &alloc) - : allocator(alloc), mCredentials(new AutoCredentials(alloc)) { } - virtual ~KeychainCredentials(); - - CssmAllocator &allocator; - - operator const AccessCredentials* () { return mCredentials; } - - protected: - AutoCredentials *mCredentials; - }; - -public: - // create a self-managed AccessCredentials to explicitly provide a keychain passphrase - class PassphraseUnlockCredentials : public KeychainCredentials { - public: - PassphraseUnlockCredentials (const CssmData& password, CssmAllocator& allocator); - }; - - // create a self-managed AccessCredentials to change a keychain passphrase - class PasswordChangeCredentials : public KeychainCredentials { - public: - PasswordChangeCredentials (const CssmData& password, CssmAllocator& allocator); - }; - -public: - class AnyResourceContext : public ResourceControlContext { - public: - AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL); - - private: - ListElement mAny; - CSSM_ACL_AUTHORIZATION_TAG mTag; - }; -}; - - -} // end namespace CssmClient -} // end namespace Security - -#endif // _H_CDSA_CLIENT_ACLCLIENT diff --git a/cdsa/cdsa_client/clclient.cpp b/cdsa/cdsa_client/clclient.cpp deleted file mode 100644 index 089b87ac..00000000 --- a/cdsa/cdsa_client/clclient.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// clclient - client interface to CSSM CLs and their operations -// -#include - -using namespace CssmClient; - - -// -// Manage CL attachments -// -CLImpl::CLImpl(const Guid &guid) : AttachmentImpl(guid, CSSM_SERVICE_CL) -{ -} - -CLImpl::CLImpl(const Module &module) : AttachmentImpl(module, CSSM_SERVICE_CL) -{ -} - -CLImpl::~CLImpl() -{ -} - - -// -// A BuildCertGroup -// -BuildCertGroup::BuildCertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding, - CSSM_CERTGROUP_TYPE type, CssmAllocator &alloc) - : certificates(NumCerts, GroupList.CertList) -{ - clearPod(); - CertType = ctype; - CertEncoding = encoding; - CertGroupType = type; -} diff --git a/cdsa/cdsa_client/clclient.h b/cdsa/cdsa_client/clclient.h deleted file mode 100644 index 92ffbe84..00000000 --- a/cdsa/cdsa_client/clclient.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// clclient - client interface to CSSM CLs and their operations -// -#ifndef _H_CDSA_CLIENT_CLCLIENT -#define _H_CDSA_CLIENT_CLCLIENT 1 - -#include -#include -#include - - -namespace Security { -namespace CssmClient { - - -// -// A CL attachment -// -class CLImpl : public AttachmentImpl -{ -public: - CLImpl(const Guid &guid); - CLImpl(const Module &module); - virtual ~CLImpl(); - -}; - -class CL : public Attachment -{ -public: - typedef CLImpl Impl; - - explicit CL(Impl *impl) : Attachment(impl) {} - CL(const Guid &guid) : Attachment(new Impl(guid)) {} - CL(const Module &module) : Attachment(new Impl(module)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// A self-building CertGroup. -// This is a CertGroup, but it's NOT A PODWRAPPER (it's larger). -// -class BuildCertGroup : public CertGroup { -public: - BuildCertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding, - CSSM_CERTGROUP_TYPE type, CssmAllocator &alloc = CssmAllocator::standard()); - - CssmVector certificates; -}; - - -} // end namespace CssmClient -} // end namespace Security - -#endif // _H_CDSA_CLIENT_CLCLIENT diff --git a/cdsa/cdsa_client/cryptoclient.cpp b/cdsa/cdsa_client/cryptoclient.cpp deleted file mode 100644 index 9a47fb66..00000000 --- a/cdsa/cdsa_client/cryptoclient.cpp +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cryptoclient - client interface to CSSM CSP encryption/decryption operations -// -#include - -using namespace CssmClient; - - -Crypt::Crypt(const CSP &csp, CSSM_ALGORITHMS alg) : Context(csp, alg) -{ - // set defaults - mMode = CSSM_ALGMODE_NONE; - mCred = NULL; - mInitVector = NULL; - mPadding = CSSM_PADDING_NONE; -} - -void Crypt::key(const Key &key) -{ - mKey = key; - set(CSSM_ATTRIBUTE_KEY, static_cast(key)); -} - -void -Crypt::activate() -{ - if (!mActive) - { - // Some crypto operations require a credential. - // Use a null credential if none was specified. - if (!mCred) - mCred = &AccessCredentials::null; - - // Key is required unless we have a NULL algorithm (cleartext wrap/unwrap), - // in which case we'll make a symmetric context (it shouldn't matter then). - if (!mKey && mAlgorithm != CSSM_ALGID_NONE) - CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); - if (!mKey || mKey->keyClass() == CSSM_KEYCLASS_SESSION_KEY) - { // symmetric key - check(CSSM_CSP_CreateSymmetricContext(attachment()->handle(), mAlgorithm, - mMode, mCred, mKey, mInitVector, mPadding, NULL, - &mHandle)); - } - else - { - check(CSSM_CSP_CreateAsymmetricContext(attachment()->handle(), mAlgorithm, - mCred, mKey, mPadding, &mHandle)); - //@@@ stick mode and initVector explicitly into the context? - } - mActive = true; - } -} -void Crypt::cred(const AccessCredentials *c) -{ - if (!(mCred = c)) - mCred = &AccessCredentials::null; - set(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, *mCred); -} - - -// -// Manage encryption contexts -// - -uint32 -Encrypt::encrypt(const CssmData *in, uint32 inCount, - CssmData *out, uint32 outCount, CssmData &remData) -{ - unstaged(); - uint32 total; - check(CSSM_EncryptData(handle(), in, inCount, out, outCount, &total, &remData)); - return total; -} - -void -Encrypt::init() -{ - check(CSSM_EncryptDataInit(handle())); - mStaged = true; -} - -uint32 -Encrypt::encrypt(const CssmData *in, uint32 inCount, - CssmData *out, uint32 outCount) -{ - staged(); - uint32 total; - check(CSSM_EncryptDataUpdate(handle(), in, inCount, out, outCount, &total)); - return total; -} - -void -Encrypt::final(CssmData &remData) -{ - staged(); - check(CSSM_EncryptDataFinal(handle(), &remData)); - mStaged = false; -} - - -// -// Manage Decryption contexts -// - -uint32 -Decrypt::decrypt(const CssmData *in, uint32 inCount, - CssmData *out, uint32 outCount, CssmData &remData) -{ - unstaged(); - uint32 total; - check(CSSM_DecryptData(handle(), in, inCount, out, outCount, &total, &remData)); - return total; -} - -void -Decrypt::init() -{ - check(CSSM_DecryptDataInit(handle())); - mStaged = true; -} - -uint32 -Decrypt::decrypt(const CssmData *in, uint32 inCount, - CssmData *out, uint32 outCount) -{ - staged(); - uint32 total; - check(CSSM_DecryptDataUpdate(handle(), in, inCount, out, outCount, &total)); - return total; -} - -void -Decrypt::final(CssmData &remData) -{ - staged(); - check(CSSM_DecryptDataFinal(handle(), &remData)); - mStaged = false; -} diff --git a/cdsa/cdsa_client/cryptoclient.h b/cdsa/cdsa_client/cryptoclient.h deleted file mode 100644 index 69a67451..00000000 --- a/cdsa/cdsa_client/cryptoclient.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cryptoclient - client interface to CSSM CSP encryption/decryption operations -// -#ifndef _H_CDSA_CLIENT_CRYPTOCLIENT -#define _H_CDSA_CLIENT_CRYPTOCLIENT 1 - -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -class Crypt : public Context -{ -public: - Crypt(const CSP &csp, CSSM_ALGORITHMS alg); - -public: - // Context attributes - CSSM_ENCRYPT_MODE mode() const { return mMode; } - void mode(CSSM_ENCRYPT_MODE m) { mMode = m; set(CSSM_ATTRIBUTE_MODE, m); } - const AccessCredentials *cred() const { return mCred; } - void cred(const AccessCredentials *c); - Key key() const { return mKey; } - void key(const Key &k); - const CssmData &initVector() const { return *mInitVector; } - void initVector(const CssmData &v) { mInitVector = &v; set(CSSM_ATTRIBUTE_INIT_VECTOR, v); } - CSSM_PADDING padding() const { return mPadding; } - void padding(CSSM_PADDING p) { mPadding = p; set(CSSM_ATTRIBUTE_PADDING, p); } - - // Other attributes - AclEntryInput aclEntry() const { return mAclEntry; } - void aclEntry(AclEntryInput &aclEntry) { mAclEntry = aclEntry; } - -protected: - void activate(); - -protected: - CSSM_ENCRYPT_MODE mMode; - Key mKey; - const CssmData *mInitVector; - CSSM_PADDING mPadding; - -protected: - const AccessCredentials *mCred; - AclEntryInput mAclEntry; -}; - - - -// -// An encryption context -// -class Encrypt : public Crypt -{ -public: - Encrypt(const CSP &csp, CSSM_ALGORITHMS alg) : Crypt(csp, alg) {}; - - -public: - // integrated - uint32 encrypt(const CssmData *in, uint32 inCount, CssmData *out, uint32 outCount, - CssmData &remData); - uint32 encrypt(const CssmData &in, CssmData &out, CssmData &remData) - { return encrypt(&in, 1, &out, 1, remData); } - - // staged update - void init(); // Optional - uint32 encrypt(const CssmData *in, uint32 inCount, CssmData *out, uint32 outCount); - uint32 encrypt(const CssmData &in, CssmData &out) - { return encrypt(&in, 1, &out, 1); } - // staged final - void final(CssmData &remData); - -}; - -// -// An Decryption context -// -class Decrypt : public Crypt -{ -public: - Decrypt(const CSP &csp, CSSM_ALGORITHMS alg) : Crypt(csp, alg) {}; - -public: - // integrated - uint32 decrypt(const CssmData *in, uint32 inCount, CssmData *out, uint32 outCount, - CssmData &remData); - uint32 decrypt(const CssmData &in, CssmData &out, CssmData &remData) - { return decrypt(&in, 1, &out, 1, remData); } - - // staged update - void init(); // Optional - uint32 decrypt(const CssmData *in, uint32 inCount, CssmData *out, uint32 outCount); - uint32 decrypt(const CssmData &in, CssmData &out) - { return decrypt(&in, 1, &out, 1); } - // staged final - void final(CssmData &remData); -}; - - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_CRYPTOCLIENT diff --git a/cdsa/cdsa_client/cspclient.cpp b/cdsa/cdsa_client/cspclient.cpp deleted file mode 100644 index ba692ca0..00000000 --- a/cdsa/cdsa_client/cspclient.cpp +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cspclient - client interface to CSSM CSPs and their operations -// -#include - -using namespace CssmClient; - - -// -// Manage CSP attachments -// -CSPImpl::CSPImpl(const Guid &guid) : AttachmentImpl(guid, CSSM_SERVICE_CSP) -{ -} - -CSPImpl::CSPImpl(const Module &module) : AttachmentImpl(module, CSSM_SERVICE_CSP) -{ -} - -CSPImpl::~CSPImpl() -{ -} - - -// -// Delete a key explicitly -// -void CSPImpl::freeKey(CssmKey &key, const AccessCredentials *cred, bool permanent) -{ - check(CSSM_FreeKey(handle(), cred, &key, permanent)); -} - - -// -// Manage generic context objects -// -CssmClient::Context::Context(const CSP &csp, CSSM_ALGORITHMS alg) -: ObjectImpl(csp), mAlgorithm(alg), mStaged(false) -{ -} - -CssmClient::Context::~Context() -{ - try - { - deactivate(); - } catch(...) {} -} - -void CssmClient::Context::init() -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void CssmClient::Context::deactivate() -{ - if (mActive) - { - mActive = false; - check(CSSM_DeleteContext(mHandle)); - } -} - - -void CssmClient::Context::algorithm(CSSM_ALGORITHMS alg) -{ - if (isActive()) - abort(); //@@@ can't (currently?) change algorithm with active context - mAlgorithm = alg; -} - - -// -// Query context operation output sizes. -// -uint32 CssmClient::Context::getOutputSize(uint32 inputSize, bool encrypt /*= true*/) -{ - CSSM_QUERY_SIZE_DATA data; - data.SizeInputBlock = inputSize; - getOutputSize(data, 1, encrypt); - return data.SizeOutputBlock; -} - -void CssmClient::Context::getOutputSize(CSSM_QUERY_SIZE_DATA &sizes, uint32 count, bool encrypt /*= true*/) -{ - check(CSSM_QuerySize(handle(), encrypt, count, &sizes)); -} - - -// -// The override() method of Context is an expert feature. It replaces the entire -// context with a context object provided. It is up to the caller to keep this context -// consistent with the purpose of the Context subclass he is (mis)using. -// This feature is currently used by the SecurityServer. -// -void CssmClient::Context::override(const Security::Context &ctx) -{ - if (!isActive()) { - // make a valid context object (it doesn't matter what kind - keep it cheap) - check(CSSM_CSP_CreateDigestContext(attachment()->handle(), CSSM_ALGID_NONE, &mHandle)); - } - // now replace everything with the context data provided - check(CSSM_SetContext(mHandle, &ctx)); - mActive = true; // now active -} - - -// -// Manage PassThrough contexts -// - -// -// Invoke passThrough -// -void -PassThrough::operator() (uint32 passThroughId, const void *inData, void **outData) -{ - check(CSSM_CSP_PassThrough(handle(), passThroughId, inData, outData)); -} - -void PassThrough::activate() -{ - if (!mActive) { - check(CSSM_CSP_CreatePassThroughContext(attachment()->handle(), mKey, &mHandle)); - mActive = true; - } -} - - -// -// Manage Digest contexts -// -void Digest::activate() -{ - if (!mActive) { - check(CSSM_CSP_CreateDigestContext(attachment()->handle(), mAlgorithm, &mHandle)); - mActive = true; - } -} - - -void Digest::digest(const CssmData *data, uint32 count, CssmData &digest) -{ - activate(); - if (mStaged) - Error::throwMe(CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS); - check(CSSM_DigestData(handle(), data, count, &digest)); -} - -void Digest::digest(const CssmData *data, uint32 count) -{ - activate(); - if (!mStaged) { - check(CSSM_DigestDataInit(handle())); - mStaged = true; - } - check(CSSM_DigestDataUpdate(handle(), data, count)); -} - -void Digest::operator () (CssmData &digest) -{ - if (!mStaged) - Error::throwMe(CSSMERR_CSP_STAGED_OPERATION_NOT_STARTED); - check(CSSM_DigestDataFinal(handle(), &digest)); - mStaged = false; -} - - -// -// Random number generation -// -void Random::seed(const CssmCryptoData &seedData) -{ - mSeed = &seedData; - set(CSSM_ATTRIBUTE_SEED, seedData); -} - -void Random::size(uint32 sz) -{ - mSize = sz; - set(CSSM_ATTRIBUTE_OUTPUT_SIZE, sz); -} - - -void Random::activate() -{ - if (!mActive) { - check(CSSM_CSP_CreateRandomGenContext(attachment()->handle(), mAlgorithm, - mSeed, mSize, &mHandle)); - mActive = true; - } -} - - -void Random::generate(CssmData &data, uint32 newSize) -{ - if (newSize) - size(newSize); - activate(); - assert(!mStaged); // not a stage-able operation - check(CSSM_GenerateRandom(handle(), &data)); -} diff --git a/cdsa/cdsa_client/cspclient.h b/cdsa/cdsa_client/cspclient.h deleted file mode 100644 index ff11f9cd..00000000 --- a/cdsa/cdsa_client/cspclient.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cspclient - client interface to CSSM CSPs and their operations -// -#ifndef _H_CDSA_CLIENT_CSPCLIENT -#define _H_CDSA_CLIENT_CSPCLIENT 1 - -#include -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// A CSP attachment -// -class CSPImpl : public AttachmentImpl -{ -public: - CSPImpl(const Guid &guid); - CSPImpl(const Module &module); - virtual ~CSPImpl(); - - // the least inappropriate place for this one - void freeKey(CssmKey &key, const AccessCredentials *cred = NULL, bool permanent = false); -}; - -class CSP : public Attachment -{ -public: - typedef CSPImpl Impl; - - explicit CSP(Impl *impl) : Attachment(impl) {} - CSP(const Guid &guid) : Attachment(new Impl(guid)) {} - CSP(const Module &module) : Attachment(new Impl(module)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - -// -// A cryptographic context. -// Contexts always belong to CSPs (CSP attachments). -// -class Context : public ObjectImpl -{ -public: - Context(const CSP &csp, CSSM_ALGORITHMS alg = CSSM_ALGID_NONE); - ~Context(); - - CSP Context::attachment() const { return parent(); } - Module Context::module() const { return attachment()->module(); } - - CSSM_ALGORITHMS algorithm() const { return mAlgorithm; } - void algorithm(CSSM_ALGORITHMS alg); - -public: - CSSM_CC_HANDLE handle() { activate(); return mHandle; } - - uint32 getOutputSize(uint32 inputSize, bool encrypt = true); - void getOutputSize(CSSM_QUERY_SIZE_DATA &sizes, uint32 count, bool encrypt = true); - -public: - // don't use this section unless you know what you're doing! - void override(const ::Context &ctx); - - template - void set(CSSM_ATTRIBUTE_TYPE type, const T &value) - { - if (isActive()) { - ::Context::Attr attr(type, value); - check(CSSM_UpdateContextAttributes(mHandle, 1, &attr)); - } - } - - void set(CSSM_ATTRIBUTE_TYPE type, uint32 value) - { - if (isActive()) { - ::Context::Attr attr(type, value); - check(CSSM_UpdateContextAttributes(mHandle, 1, &attr)); - } - } - - template - void add(CSSM_ATTRIBUTE_TYPE type, const T &value) - { activate(); set(type, value); } - - void add(CSSM_ATTRIBUTE_TYPE type, uint32 value) - { activate(); set(type, value); } - -protected: - CSSM_ALGORITHMS mAlgorithm; // intended algorithm - CSSM_CC_HANDLE mHandle; // CSSM CC handle - bool mStaged; // staged in progress - - void deactivate(); - - virtual void init(); // Subclasses must implement if they support staged operations. - - void unstaged() - { activate(); if (mStaged) CssmError::throwMe(CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS); } - - void staged() - { if (!mStaged) init(); } -}; - - -// -// A PassThough context -// -class PassThrough : public Context -{ -public: - PassThrough(const CSP &csp) : Context(csp) { } - -public: - void operator () (uint32 passThroughId, const void *inData, void **outData); - - template - void operator () (uint32 passThroughId, const TIn *inData, TOut **outData) - { operator () (passThroughId, (const void *)inData, (void **)outData); } - - template - void operator () (uint32 passThroughId, const TIn *inData) - { operator () (passThroughId, (const void *)inData, NULL); } - - const CSSM_KEY *key() const { return mKey; } - void key(const CSSM_KEY *k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, k); } - -protected: - void activate(); - -protected: - const CSSM_KEY *mKey; -}; - - -// -// A Digest context -// -class Digest : public Context -{ -public: - Digest(const CSP &csp, CSSM_ALGORITHMS alg) : Context(csp, alg) { } - -public: - // integrated - void digest(const CssmData &data, CssmData &digest) { this->digest(&data, 1, digest); } - void digest(const CssmData *data, uint32 count, CssmData &digest); - - // staged - void digest(const CssmData &data) { digest(&data, 1); } - void digest(const CssmData *data, uint32 count); - void operator () (CssmData &digest); - CssmData operator () () { CssmData digest; (*this)(digest); return digest; } - -protected: - void activate(); -}; - - -// -// A [P]RNG context -// -class Random : public Context -{ -public: - Random(const CSP &csp, CSSM_ALGORITHMS alg) : Context(csp, alg), mSeed(NULL), mSize(1) { } - Random(const CSP &csp, CSSM_ALGORITHMS alg, const CssmCryptoData &seed) - : Context(csp, alg), mSeed(&seed), mSize(1) { } - Random(const CSP &csp, CSSM_ALGORITHMS alg, uint32 size) - : Context(csp, alg), mSeed(NULL), mSize(size) { } - Random(const CSP &csp, CSSM_ALGORITHMS alg, const CssmCryptoData &seed, uint32 size) - : Context(csp, alg), mSeed(&seed), mSize(size) { } - - void seed(const CssmCryptoData &data); - void size(uint32 size); - -public: - void generate(CssmData &data, uint32 size = 0); - - // alternate function-call form - CssmData operator () (uint32 size = 0) - { CssmData output; generate(output, size); return output; } - -protected: - void activate(); - -private: - const CssmCryptoData *mSeed; - uint32 mSize; -}; - - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_CSPCLIENT diff --git a/cdsa/cdsa_client/cssmclient.cpp b/cdsa/cdsa_client/cssmclient.cpp deleted file mode 100644 index 9a295240..00000000 --- a/cdsa/cdsa_client/cssmclient.cpp +++ /dev/null @@ -1,450 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmclient - common client interface to CSSM and MDS. -// -// Locking Strategy (preliminary): -// XXX This is obsolete update this --mb -// A CssmObject is a CountingMutex. Its count represents the number of children that have registered -// themselves (using addChild/removeChild). The lock controls the internal management fields of the -// various subclasses to protect them against corruption. It does NOT control attribute and argument -// fields and operations, not does it control object-constant fields. -// This means that if you use an object from multiple threads, you (the caller) must lock the object -// during set/get calls of attributes. Note that the CSSM operations themselves are safely multithreaded -// and thus don't need to be interlocked explicitly. -// -#include -#include - - -using namespace CssmClient; - -// -// Exception model -// -CSSM_RETURN -Error::cssmError() const -{ - //@@@ munge in client-side error codes here? - return CssmError::cssmError(); -} - -const char * -Error::what () const throw() -{ - return "CSSM client library error"; -} - - -// -// General utilities -// -void -ObjectImpl::check(CSSM_RETURN status) -{ - if (status != CSSM_OK) - { - CssmError::throwMe(status); - } -} - - -// -// Common features of Objects -// -ObjectImpl::ObjectImpl() : mParent(), mChildCount(0) -{ - mActive = false; // not activated - mAllocator = NULL; // allocator to be determined -} - -ObjectImpl::ObjectImpl(const Object &mommy) : mParent(mommy.mImpl), mChildCount(0) -{ - mActive = false; // not activated - mAllocator = NULL; // allocator to be determined - if (mParent) - mParent->addChild(); -} - -ObjectImpl::~ObjectImpl() -{ - assert(!mActive); // subclass must have deactivated us - if (!isIdle()) - Error::throwMe(Error::objectBusy); - - // release parent from her obligations (if we still have one) - if (mParent) - mParent->removeChild(); -} - -void -ObjectImpl::addChild() -{ - mChildCount++; // atomic -} - -void -ObjectImpl::removeChild() -{ - mChildCount--; // atomic -} - - -// -// Manage allocators in the Object tree -// -CssmAllocator & -ObjectImpl::allocator() const -{ - if (mAllocator == NULL) - { - // fix allocator now - if (mParent) - mAllocator = &mParent->allocator(); - else - mAllocator = &CssmAllocator::standard(); - } - - return *mAllocator; -} - -void -ObjectImpl::allocator(CssmAllocator &alloc) -{ - assert(mAllocator == NULL); // cannot redefine allocator once set - mAllocator = &alloc; -} - -// Comparison operators use pointer comparison by default. Subclasses may override. -bool -ObjectImpl::operator <(const ObjectImpl &other) const -{ - return this < &other; -} - -bool -ObjectImpl::operator ==(const ObjectImpl &other) const -{ - return this == &other; -} - - -// -// CSSMSession objects. -// parent ::= NULL (none) -// active ::= CSSM initialized -// -ModuleNexus CssmImpl::mStandard; - -CssmImpl::CssmImpl() : ObjectImpl() -{ - setup(); - mStandard().setCssm(this); -} - -CssmImpl::CssmImpl(bool) : ObjectImpl() -{ - setup(); - // implicitly constructed - caller responsible for standard session management -} - -CssmImpl::~CssmImpl() -{ - try - { - deactivate(); - } - catch(...) {} - - // this may be the standard session... - mStandard().unsetCssm(this); -} - - -void -CssmImpl::setup() -{ - // set default configuration - mVersion.Major = 2; - mVersion.Minor = 0; - mScope = CSSM_PRIVILEGE_SCOPE_PROCESS; -} - - -Cssm -CssmImpl::standard() -{ - return Cssm(mStandard().get()); -} - - -void -CssmImpl::activate() -{ - if (!mActive) - { - // currently, no choices on PVC mode and key hierarchy - CSSM_PVC_MODE pvc = CSSM_PVC_NONE; - switch (CSSM_RETURN rc = CSSM_Init(&mVersion, - mScope, &mCallerGuid, - CSSM_KEY_HIERARCHY_NONE, &pvc, NULL)) { - case CSSMERR_CSSM_PVC_ALREADY_CONFIGURED: - case CSSM_OK: - break; - default: - check(rc); - } - mActive = true; - } -} - -void -CssmImpl::deactivate() -{ - if (mActive) - { - mActive = false; - - // clear module map (all gone now) - moduleMap.erase(moduleMap.begin(), moduleMap.end()); - - // now terminate CSSM - check(CSSM_Terminate()); - } -} - -void -CssmImpl::atExitHandler() -{ - try { - mStandard.reset(); - } catch (...) { - } -} - -void -CssmImpl::catchExit() -{ - // @@@ Even though this is the "right thing" to do. This only causes - // exceptions during exit and doesn't really help cleanup correctly. -#if 0 - if (::atexit(atExitHandler)) - UnixError::throwMe(); -#endif -} - - -// -// Manage the automatic Cssm object. -// This is a program global. -// -void CssmImpl::StandardCssm::setCssm(CssmImpl *cssm) -{ - StLock _(*this); - if (mCssm == NULL) - mCssm = cssm; -} - -void CssmImpl::StandardCssm::unsetCssm(CssmImpl *cssm) -{ - StLock _(*this); - if (mCssm == cssm) - mCssm = NULL; -} - -CssmImpl *CssmImpl::StandardCssm::get() -{ - StLock _(*this); - if (mCssm == NULL) { // make the default instance - mCssm = new CssmImpl(true); - } - return mCssm; -} - -CssmImpl::StandardCssm::~StandardCssm() -{ - if (mCssm) { - mCssm->deactivate(); - delete mCssm; - } -} - - -// -// Auto-module management -// -Module -CssmImpl::autoModule(const Guid &guid) -{ - StLock _(mapLock); - ModuleMap::iterator it = moduleMap.find(guid); - if (it == moduleMap.end()) - { - // no automodule for this guid yet, create one - Module module(guid, Cssm(this)); - moduleMap.insert(ModuleMap::value_type(guid, module)); - return module; - } - else - { - // existing automodule - use it - return it->second; - } -} - - -// -// Module objects. -// parent ::= the session object (usually Cssm::standard) -// active ::= module is loaded. -// -ModuleImpl::ModuleImpl(const Guid &guid) : ObjectImpl(Cssm::standard()) -{ - setGuid(guid); -} - -ModuleImpl::ModuleImpl(const Guid &guid, const Cssm &session) : ObjectImpl(session) -{ - setGuid(guid); -} - -ModuleImpl::~ModuleImpl() -{ - unload(); -} - - -void -ModuleImpl::activate() -{ - if (!mActive) - { - session()->init(); - // @@@ install handler here (use central dispatch with override) - check(CSSM_ModuleLoad(&guid(), CSSM_KEY_HIERARCHY_NONE, NULL, NULL)); - mActive = true; - session()->catchExit(); - } -} - -void -ModuleImpl::deactivate() -{ - if (!isIdle()) - Error::throwMe(Error::objectBusy); - if (mActive) - { - mActive = false; - check(CSSM_ModuleUnload(&guid(), NULL, NULL)); - } -} - -Cssm -ModuleImpl::session() const -{ - return parent(); -} - - -// -// CssmAttachment objects. -// parent ::= the loaded module object. -// active ::= attached. -// -AttachmentImpl::AttachmentImpl(const Guid &guid, CSSM_SERVICE_TYPE subserviceType) -: ObjectImpl(CssmImpl::standard()->autoModule(guid)) -{ - make(subserviceType); -} - -AttachmentImpl::AttachmentImpl(const Module &module, CSSM_SERVICE_TYPE subserviceType) -: ObjectImpl(module) -{ - make(subserviceType); -} - -AttachmentImpl::~AttachmentImpl() -{ - detach(); -} - -void -AttachmentImpl::make(CSSM_SERVICE_TYPE subserviceType) -{ - // default configuration - mVersion.Major = 2; - mVersion.Minor = 0; - mSubserviceType = subserviceType; - mSubserviceId = 0; - mAttachFlags = 0; -} - -void -AttachmentImpl::activate() -{ - if (!mActive) - { - module()->load(); - mMemoryFunctions = CssmAllocatorMemoryFunctions(allocator()); - check(CSSM_ModuleAttach(&guid(), &mVersion, - &mMemoryFunctions, - mSubserviceId, - mSubserviceType, - mAttachFlags, - CSSM_KEY_HIERARCHY_NONE, - NULL, 0, // no function pointer table return - NULL, // reserved - &mHandle)); - mActive = true; - } -} - -void -AttachmentImpl::deactivate() -{ - if (mActive) - { - mActive = false; - check(CSSM_ModuleDetach(mHandle)); - } -} - -CSSM_SERVICE_MASK -AttachmentImpl::subserviceMask() const -{ - return mSubserviceType; -} - -void -AttachmentImpl::subserviceId(uint32 id) -{ - mSubserviceId = id; -} - -CssmSubserviceUid -AttachmentImpl::subserviceUid() const -{ - return CssmSubserviceUid(guid(), &mVersion, mSubserviceId, subserviceMask()); -} - -Module -AttachmentImpl::module() const -{ - return parent(); -} diff --git a/cdsa/cdsa_client/cssmclient.h b/cdsa/cdsa_client/cssmclient.h deleted file mode 100644 index e942a242..00000000 --- a/cdsa/cdsa_client/cssmclient.h +++ /dev/null @@ -1,344 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmclient - common client interface to CSSM and MDS -// -#ifndef _H_CDSA_CLIENT_CSSMCLIENT -#define _H_CDSA_CLIENT_CSSMCLIENT 1 - -#include -#include -#include -#include -#include -#include -#include // debug - -namespace Security -{ - -namespace CssmClient -{ - -// -// Forward declarations -// -class Cssm; -class Module; -class Attachment; - - -// -// An mixin for objects that have (store) GUIDs. -// The GUID value is meant to be set-once constant, and can be locked handled accordingly. -// -class HasGuid { -public: - HasGuid(const Guid &guid) { mGuid = guid; } - HasGuid() { } - - const Guid &guid() const { return mGuid; } - -protected: - void setGuid(const Guid &guid) { mGuid = guid; } - -private: - Guid mGuid; -}; - - -// -// Exceptions are based on the CssmError utility class. We add our own class of client-side exceptions. -// -class Error : public CssmError { -public: - Error(int err) : CssmError(err) { } - CSSM_RETURN cssmError() const; - virtual const char *what () const throw(); - - enum { - objectBusy = -1, - }; -}; - - -// -// The CssmObject abstract class models features common to different Cssm objects. -// It handles a tree hierarchy of objects (parent/children) safely. -// -class Object; - -class ObjectImpl : virtual public RefCount -{ -public: - explicit ObjectImpl(); // Constructor for Impl objects without a parent. - explicit ObjectImpl(const Object &parent); - virtual ~ObjectImpl(); - - bool isActive() const { return mActive; } - - virtual CssmAllocator &allocator() const; - virtual void allocator(CssmAllocator &alloc); - - // Pointer comparison by default. Subclasses may override. - virtual bool operator <(const ObjectImpl &other) const; - virtual bool operator ==(const ObjectImpl &other) const; - - static void check(CSSM_RETURN status); - -protected: - bool mActive; // loaded, attached, etc. - mutable CssmAllocator *mAllocator; // allocator hierarchy (NULL => TBD) - - template Obj parent() const - { assert(mParent); return Obj(static_cast(&(*mParent))); } - - void addChild(); - void removeChild(); - bool isIdle() const { return mChildCount == 0; } - - // {de,}activate() assume you have locked *this - virtual void activate() = 0; - virtual void deactivate() = 0; - -private: - RefPointer mParent; // parent object - AtomicCounter mChildCount; -}; - - -class Object -{ - friend class ObjectImpl; -public: - typedef ObjectImpl Impl; - explicit Object(Impl *impl) : mImpl(impl) {} - -protected: - // @@@ CSPDL subclass breaks if the is a static_cast - template _Impl &impl() const - { return dynamic_cast<_Impl &>(*mImpl); } - -public: - Impl *operator ->() const { return &(*mImpl); } - Impl &operator *() const { return *mImpl; } - - // @@@ Why is this needed. DbCursor which inheirits from Object wants to call this. - template _Impl &checkedImpl() const - { return dynamic_cast<_Impl &>(*mImpl); } - - bool operator !() const { return !mImpl; } - operator bool() const { return mImpl; } - - bool isActive() const { return mImpl && mImpl->isActive(); } - CssmAllocator &allocator() const { return mImpl->allocator(); } - void release() { mImpl = NULL; } - - bool operator <(const Object &other) const - { return mImpl && other.mImpl ? *mImpl < *other.mImpl : mImpl < other.mImpl; } - bool operator ==(const Object &other) const - { return mImpl && other.mImpl ? *mImpl == *other.mImpl : mImpl == other.mImpl; } - -private: - RefPointer mImpl; -}; - - -// -// A CSSM loadable module. -// You rarely directly interact with these objects, but if you need to, -// here they are. -// -class ModuleImpl : public ObjectImpl, public HasGuid -{ -public: - ModuleImpl(const Guid &guid); - ModuleImpl(const Guid &guid, const Cssm &session); - virtual ~ModuleImpl(); - - void load() { activate(); } - void unload() { deactivate(); } - bool isLoaded() const { return isActive(); } - - Cssm session() const; - -protected: - void activate(); - void deactivate(); -}; - -class Module : public Object -{ -public: - typedef ModuleImpl Impl; - explicit Module(Impl *impl) : Object(impl) {} - Module() : Object(NULL) {} // XXX This might break operator < - Module(const Guid &guid) : Object(new Impl(guid)) {} - Module(const Guid &guid, const Cssm &session) : Object(new Impl(guid, session)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// An Attachment object. This is the base class of all typed attachment classes. -// -class AttachmentImpl : public ObjectImpl -{ -public: - AttachmentImpl(const Guid &guid, CSSM_SERVICE_TYPE subserviceType); - AttachmentImpl(const Module &module, CSSM_SERVICE_TYPE subserviceType); - //AttachmentImpl(... mds reference ...); - virtual ~AttachmentImpl(); - - // Virtual so that subclasses can return there true mask. - virtual CSSM_SERVICE_MASK subserviceMask() const; - - CSSM_SERVICE_TYPE subserviceType() const { return mSubserviceType; } - CSSM_VERSION version() const { return mVersion; } - void version(const CSSM_VERSION &v) { mVersion = v; } - uint32 subserviceId() const { return mSubserviceId; } - virtual void subserviceId(uint32 id); - CSSM_ATTACH_FLAGS flags() const { return mAttachFlags; } - void flags(CSSM_ATTACH_FLAGS f) { mAttachFlags = f; } - - void attach() { activate(); } - void detach() { deactivate(); } - bool attached() const { return isActive(); } - - Module module() const; - const Guid &guid() const { return module()->guid(); } - CSSM_MODULE_HANDLE handle() { attach(); return mHandle; } - - CssmSubserviceUid subserviceUid() const; - -protected: - void activate(); - void deactivate(); - -private: - void make(CSSM_SERVICE_TYPE subserviceType); // common constructor - - CSSM_MODULE_HANDLE mHandle; - - CSSM_SERVICE_TYPE mSubserviceType; // set by constructor - CSSM_VERSION mVersion; - uint32 mSubserviceId; - CSSM_ATTACH_FLAGS mAttachFlags; - - CssmAllocatorMemoryFunctions mMemoryFunctions; // set on attach() -}; - -class Attachment : public Object -{ -public: - typedef AttachmentImpl Impl; - explicit Attachment(Impl *impl) : Object(impl) {} - Attachment(const Guid &guid, CSSM_SERVICE_TYPE subserviceType) - : Object(new Impl(guid, subserviceType)) {} - Attachment(const Module &module, CSSM_SERVICE_TYPE subserviceType) - : Object(new Impl(module, subserviceType)) {} - //Attachment(... mds reference ...); - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// A CSSM session object. -// You usually only have one per program, or library, or what-not. -// -class Cssm; - -class CssmImpl : public ObjectImpl { - class StandardCssm; friend class StandardCssm; -public: - CssmImpl(); - virtual ~CssmImpl(); - - void init() { activate(); } - void terminate() { deactivate(); } - - CSSM_PRIVILEGE_SCOPE scope() const { return mScope; } - void scope(CSSM_PRIVILEGE_SCOPE sc) { mScope = sc; } - const Guid &callerGuid() const { return mCallerGuid; } - void callerGuid(const CSSM_GUID &guid) { mCallerGuid = Guid::overlay(guid); } - - Module autoModule(const Guid &guid); - -protected: - explicit CssmImpl(bool); // internal constructor - - void setup(); // constructor setup - - void activate(); - void deactivate(); - -private: - // CSSM global configuration -- picked up on each Init - CSSM_VERSION mVersion; - CSSM_PRIVILEGE_SCOPE mScope; - Guid mCallerGuid; - - // module repository: modules by guid (protected by self) - typedef map ModuleMap; - ModuleMap moduleMap; - Mutex mapLock; - -public: - static Cssm standard(); - static void catchExit(); - -private: - static void atExitHandler(); - - class StandardCssm : public Mutex { - public: - StandardCssm() : mCssm(NULL) { } - ~StandardCssm(); - void setCssm(CssmImpl *cssm); - void unsetCssm(CssmImpl *cssm); - CssmImpl *get(); - - private: - CssmImpl *mCssm; - }; - static ModuleNexus mStandard; -}; - -class Cssm : public Object -{ -public: - typedef CssmImpl Impl; - explicit Cssm(Impl *impl) : Object(impl) {} - explicit Cssm() : Object(new Impl()) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } - - static Cssm standard() { return CssmImpl::standard(); } -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_CSSMCLIENT diff --git a/cdsa/cdsa_client/dlclient.cpp b/cdsa/cdsa_client/dlclient.cpp deleted file mode 100644 index 0e28671e..00000000 --- a/cdsa/cdsa_client/dlclient.cpp +++ /dev/null @@ -1,557 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dlclient - client interface to CSSM DLs and their operations -// -#include -#include -#include - -using namespace CssmClient; - - -// -// Manage DL attachments -// -DLImpl::DLImpl(const Guid &guid) : AttachmentImpl(guid, CSSM_SERVICE_DL) -{ -} - -DLImpl::DLImpl(const Module &module) : AttachmentImpl(module, CSSM_SERVICE_DL) -{ -} - -DLImpl::~DLImpl() -{ -} - -void -DLImpl::getDbNames(char **) -{ - CssmError::throwMe(CSSMERR_DL_FUNCTION_NOT_IMPLEMENTED); -} - -void -DLImpl::freeNameList(char **) -{ - CssmError::throwMe(CSSMERR_DL_FUNCTION_NOT_IMPLEMENTED); -} - -DbImpl * -DLImpl::newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) -{ - return new DbImpl(DL(this), inDbName, inDbLocation); -} - - -// -// Db (database) -// -DbImpl::DbImpl(const DL &dl, const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) -: ObjectImpl(dl), mDbName(inDbName, inDbLocation), -mAccessRequest(CSSM_DB_ACCESS_READ), mAccessCredentials(NULL), -mOpenParameters(NULL), mDbInfo(NULL), mResourceControlContext(NULL) -{ -} - -DbImpl::~DbImpl() -{ - try - { - deactivate(); - } - catch(...) {} -} - -void -DbImpl::open() -{ - if (!mActive) - { - assert(mDbInfo == nil); - mHandle.DLHandle = dl()->handle(); - check(CSSM_DL_DbOpen(mHandle.DLHandle, name(), dbLocation(), - mAccessRequest, mAccessCredentials, - mOpenParameters, &mHandle.DBHandle)); - mActive = true; - } -} - -void -DbImpl::create() -{ - if (mActive) - CssmError::throwMe(CSSMERR_DL_DATASTORE_ALREADY_EXISTS); - - if (mDbInfo == nil) { - // handle a missing (null) mDbInfo as an all-zero one - static const CSSM_DBINFO nullDbInfo = { }; - mDbInfo = &nullDbInfo; - } - mHandle.DLHandle = dl()->handle(); - - if (!mResourceControlContext && mAccessCredentials) { - AclFactory::AnyResourceContext ctx(mAccessCredentials); - check(CSSM_DL_DbCreate(mHandle.DLHandle, name(), dbLocation(), mDbInfo, - mAccessRequest, &ctx, - mOpenParameters, &mHandle.DBHandle)); - } else { - check(CSSM_DL_DbCreate(mHandle.DLHandle, name(), dbLocation(), mDbInfo, - mAccessRequest, mResourceControlContext, - mOpenParameters, &mHandle.DBHandle)); - } - mActive = true; -} - -void -DbImpl::close() -{ - check(CSSM_DL_DbClose(mHandle)); -} - -void -DbImpl::activate() -{ - if (!mActive) - { - if (mDbInfo) - create(); - else - open(); - } -} - -void -DbImpl::deactivate() -{ - if (mActive) - { - mActive = false; - close(); - } -} - -void -DbImpl::deleteDb() -{ - // Deactivate so the db gets closed if it was open. - deactivate(); - // This call does not require the receiver to be active. - check(CSSM_DL_DbDelete(dl()->handle(), name(), dbLocation(), - mAccessCredentials)); -} - -void -DbImpl::rename(const char *newName) -{ - // Deactivate so the db gets closed if it was open. - deactivate(); - if (::rename(name(), newName)) - UnixError::throwMe(errno); - - // Change our DbName to reflect this rename. - mDbName = DbName(newName, mDbName.dbLocation()); -} - -void -DbImpl::authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCredentials) -{ - if (!mActive) - { - // XXX Could do the same for create but this would require sticking - // inAccessCredentials into mResourceControlContext. - if (!mDbInfo) - { - // We were not yet active. Just do an open. - accessRequest(inAccessRequest); - accessCredentials(inAccessCredentials); - activate(); - return; - } - } - - check(CSSM_DL_Authenticate(handle(), inAccessRequest, inAccessCredentials)); -} - -void -DbImpl::name(char *&outDbName) -{ - check(CSSM_DL_GetDbNameFromHandle(handle(), &outDbName)); -} - -void -DbImpl::createRelation(CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo) -{ - check(CSSM_DL_CreateRelation(handle(), inRelationID, inRelationName, - inNumberOfAttributes, pAttributeInfo, - inNumberOfIndexes, pIndexInfo)); -} - -void -DbImpl::destroyRelation(CSSM_DB_RECORDTYPE inRelationID) -{ - check(CSSM_DL_DestroyRelation(handle(), inRelationID)); -} - -DbUniqueRecord -DbImpl::insert(CSSM_DB_RECORDTYPE recordType, const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data) -{ - DbUniqueRecord uniqueId(Db(this)); - check(CSSM_DL_DataInsert(handle(), recordType, - attributes, - data, uniqueId)); - // Activate uniqueId so CSSM_DL_FreeUniqueRecord() gets called when it goes out of scope. - uniqueId->activate(); - return uniqueId; -} - - -// -// Generic Passthrough interface -// -void DbImpl::passThrough(uint32 passThroughId, const void *in, void **out) -{ - check(CSSM_DL_PassThrough(handle(), passThroughId, in, out)); -} - - -// -// Passthrough functions (only implemented by AppleCSPDL). -// -void -DbImpl::lock() -{ - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_LOCK, NULL, NULL)); -} - -void -DbImpl::unlock() -{ - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_UNLOCK, NULL, NULL)); -} - -void -DbImpl::unlock(const CSSM_DATA &password) -{ - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_UNLOCK, &password, NULL)); -} - -void -DbImpl::getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep) -{ - CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR settings; - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_GET_SETTINGS, - NULL, reinterpret_cast(&settings))); - outIdleTimeout = settings->idleTimeout; - outLockOnSleep = settings->lockOnSleep; - allocator().free(settings); -} - -void -DbImpl::setSettings(uint32 inIdleTimeout, bool inLockOnSleep) -{ - CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS settings; - settings.idleTimeout = inIdleTimeout; - settings.lockOnSleep = inLockOnSleep; - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_SET_SETTINGS, &settings, NULL)); -} - -bool -DbImpl::isLocked() -{ - CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR params; - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_IS_LOCKED, - NULL, reinterpret_cast(¶ms))); - bool isLocked = params->isLocked; - allocator().free(params); - return isLocked; -} - -void -DbImpl::changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred) -{ - CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS params; - params.accessCredentials = const_cast(cred); - check(CSSM_DL_PassThrough(handle(), CSSM_APPLECSPDL_DB_CHANGE_PASSWORD, ¶ms, NULL)); -} - -bool -DbImpl::getUnlockKeyIndex(CssmData &index) -{ - try { - SecurityServer::DbHandle dbHandle; - if (CSSM_DL_PassThrough(handle(), - CSSM_APPLECSPDL_DB_GET_HANDLE, NULL, (void **)&dbHandle)) - return false; // can't get index - SecurityServer::ClientSession ss(allocator(), allocator()); - ss.getDbSuggestedIndex(dbHandle, index); - return true; - } catch (const CssmError &error) { - if (error.cssmError() == CSSMERR_DL_DATASTORE_DOESNOT_EXIST) - return false; - throw; - } -} - - -// -// DbCursorMaker -// -DbCursorImpl * -DbImpl::newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator) -{ - return new DbDbCursorImpl(Db(this), query, allocator); -} - -DbCursorImpl * -DbImpl::newDbCursor(uint32 capacity, CssmAllocator &allocator) -{ - return new DbDbCursorImpl(Db(this), capacity, allocator); -} - -// -// DbUniqueRecordMaker -// -DbUniqueRecordImpl * -DbImpl::newDbUniqueRecord() -{ - return new DbUniqueRecordImpl(Db(this)); -} - - -// -// Utility methods -// -DLDbIdentifier -DbImpl::dlDbIdentifier() const -{ - return DLDbIdentifier(dl()->subserviceUid(), name(), dbLocation()); -} - - -// -// DbDbCursorImpl -// -DbDbCursorImpl::DbDbCursorImpl(const Db &db, const CSSM_QUERY &query, CssmAllocator &allocator) -: DbCursorImpl(db, query, allocator), mResultsHandle(CSSM_INVALID_HANDLE) -{ -} - -DbDbCursorImpl::DbDbCursorImpl(const Db &db, uint32 capacity, CssmAllocator &allocator) -: DbCursorImpl(db, capacity, allocator), mResultsHandle(CSSM_INVALID_HANDLE) -{ -} - -DbDbCursorImpl::~DbDbCursorImpl() -{ - try - { - deactivate(); - } - catch(...) {} -} - -bool -DbDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId) -{ - if (attributes) - attributes->deleteValues(); - - if (data) - data->clear(); - - CSSM_RETURN result; - Db db(database()); - DbUniqueRecord unique(db); - if (!mActive) - { - result = CSSM_DL_DataGetFirst(db->handle(), - this, - &mResultsHandle, - attributes, - data, - unique); - if (result == CSSM_OK) - mActive = true; - else if (data != NULL) - data->invalidate (); - } - else - { - result = CSSM_DL_DataGetNext(db->handle(), - mResultsHandle, - attributes, - data, - unique); - - if (result != CSSM_OK && data != NULL) - { - data->invalidate (); - } - } - - if (result == CSSMERR_DL_ENDOFDATA) - { - mActive = false; - return false; - } - - check(result); - - // Activate uniqueId so CSSM_DL_FreeUniqueRecord() gets called when it goes out of scope. - unique->activate(); - uniqueId = unique; - return true; -} - -void -DbDbCursorImpl::activate() -{ -} - -void -DbDbCursorImpl::deactivate() -{ - if (mActive) - { - mActive = false; - check(CSSM_DL_DataAbortQuery(database()->handle(), mResultsHandle)); - } -} - - -// -// DbCursorImpl -// -DbCursorImpl::DbCursorImpl(const Object &parent, const CSSM_QUERY &query, CssmAllocator &allocator) : -ObjectImpl(parent), CssmAutoQuery(query, allocator) -{ -} - -DbCursorImpl::DbCursorImpl(const Object &parent, uint32 capacity, CssmAllocator &allocator) : -ObjectImpl(parent), CssmAutoQuery(capacity, allocator) -{ -} - -CssmAllocator & -DbCursorImpl::allocator() const -{ - return ObjectImpl::allocator(); -} - -void -DbCursorImpl::allocator(CssmAllocator &alloc) -{ - ObjectImpl::allocator(alloc); -} - - -// -// DbUniqueRecord -// -DbUniqueRecordImpl::DbUniqueRecordImpl(const Db &db) : ObjectImpl(db) -{ -} - -DbUniqueRecordImpl::~DbUniqueRecordImpl() -{ - try - { - deactivate(); - } - catch(...) {} -} - -void -DbUniqueRecordImpl::deleteRecord() -{ - check(CSSM_DL_DataDelete(database()->handle(), mUniqueId)); -} - -void -DbUniqueRecordImpl::modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode) -{ - check(CSSM_DL_DataModify(database()->handle(), recordType, mUniqueId, - attributes, - data, modifyMode)); -} - -void -DbUniqueRecordImpl::get(DbAttributes *attributes, - ::CssmDataContainer *data) -{ - if (attributes) - attributes->deleteValues(); - - if (data) - data->clear(); - - // @@@ Fix the allocators for attributes and data. - CSSM_RETURN result; - result = CSSM_DL_DataGetFromUniqueRecordId(database()->handle(), mUniqueId, - attributes, - data); - - if (result != CSSM_OK && data != NULL) // the data returned is no longer valid - { - data->invalidate (); - } - - check(result); -} - -void -DbUniqueRecordImpl::activate() -{ - mActive = true; -} - -void -DbUniqueRecordImpl::deactivate() -{ - if (mActive) - { - mActive = false; - check(CSSM_DL_FreeUniqueRecord(database()->handle(), mUniqueId)); - } -} - - -// -// DbAttributes -// -DbAttributes::DbAttributes() -: CssmAutoDbRecordAttributeData(0, CssmAllocator::standard(), CssmAllocator::standard()) -{ -} - -DbAttributes::DbAttributes(const Db &db, uint32 capacity, CssmAllocator &allocator) -: CssmAutoDbRecordAttributeData(capacity, db->allocator(), allocator) -{ -} diff --git a/cdsa/cdsa_client/dlclient.h b/cdsa/cdsa_client/dlclient.h deleted file mode 100644 index d57a691e..00000000 --- a/cdsa/cdsa_client/dlclient.h +++ /dev/null @@ -1,484 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dlclient - client interface to CSSM DLs and their operations -// - -#ifndef _H_CDSA_CLIENT_DLCLIENT -#define _H_CDSA_CLIENT_DLCLIENT 1 - -#include -#include -#include -#include -#include - - -namespace Security -{ - -namespace CssmClient -{ - -#define CSSM_DB_ATTR(ATTR) ATTR -#define CSSM_DB_ATTR_SCHEMA(ATTR) ATTR ## Schema - -#define CSSM_DB_INDEX(ATTR) ATTR ## Index -#define CSSM_DB_UNIQUE(ATTR) ATTR ## Unique - -// -// Helper macro for declaring and defining a Db index unique and non-unique attributes -// -#define CSSM_DB_INDEX_DECL(ATTR) static const CSSM_DB_INDEX_INFO CSSM_DB_INDEX(ATTR) -#define CSSM_DB_UNIQUE_DECL(ATTR) static const CSSM_DB_INDEX_INFO CSSM_DB_UNIQUE(ATTR) - - -// -// Use this macro for defining a non-unique attribute -// -#define CSSM_DB_INDEX_DEF(ATTR) \ -const CSSM_DB_INDEX_INFO CSSM_DB_INDEX(ATTR) = \ -{ \ - CSSM_DB_INDEX_NONUNIQUE, \ - CSSM_DB_INDEX_ON_ATTRIBUTE, \ - CSSM_DB_ATTR(ATTR) \ -} - -// -// Use this macro for defining a unique attribute - -// -#define CSSM_DB_UNIQUE_DEF(ATTR) \ -const CSSM_DB_INDEX_INFO CSSM_DB_UNIQUE(ATTR) = \ -{ \ - CSSM_DB_INDEX_UNIQUE, \ - CSSM_DB_INDEX_ON_ATTRIBUTE, \ - CSSM_DB_ATTR(ATTR) \ -} - - - -// -// Helper macro for declaring and defining a Db schema attributes -// Use this macro in your header to declare each attribute you require. -// -#define CSSM_DB_ATTR_DECL(ATTR) \ -static const CSSM_DB_ATTRIBUTE_INFO CSSM_DB_ATTR(ATTR); \ -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO CSSM_DB_ATTR_SCHEMA(ATTR) - -// -// Don't directly use this macro use one of the below instead. -// -#define CSSM_DB_ATTR_DEFINE_SCHEMA(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) \ -const CSSM_DB_SCHEMA_ATTRIBUTE_INFO CSSM_DB_ATTR_SCHEMA(ATTR) = \ -{ \ - INTEGER, \ - NAME, \ - { OID_LEN, OID_DATA }, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## VALUETYPE \ -} - - -// -// Use one of the following macros to defined each declared attribute required by your application. -// -// -// Use this macro to define attributes which are looked up by integer AttributeID. -// -#define CSSM_DB_INTEGER_ATTR(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) \ -const CSSM_DB_ATTRIBUTE_INFO ATTR = \ -{ \ - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, \ - {(char *)INTEGER}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## VALUETYPE \ -};\ -\ -CSSM_DB_ATTR_DEFINE_SCHEMA(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) - -// -// Use this macro to define attributes which are looked up by string AttributeName. -// -#define CSSM_DB_NAME_ATTR(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) \ -const CSSM_DB_ATTRIBUTE_INFO ATTR = \ -{ \ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ - {NAME}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## VALUETYPE \ -};\ -\ -CSSM_DB_ATTR_DEFINE_SCHEMA(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) - -// -// Use this macro to define attributes which are looked up by OID AttributeNameID. -// XXX This does not work yet. -// -#define CSSM_DB_OID_ATTR(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) \ -const CSSM_DB_ATTRIBUTE_INFO ATTR = \ -{ \ - CSSM_DB_ATTRIBUTE_NAME_AS_OID, \ - {{OID_LEN, OID_DATA}}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## VALUETYPE \ -};\ -\ -CSSM_DB_ATTR_DEFINE_SCHEMA(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) - - -// -// Use this macro to define attributes which are part of the primary key. -// -#define CSSM_DB_PRIMARKEY_ATTR(ATTR, NAME) \ -const CSSM_DB_ATTRIBUTE_INFO ATTR = \ -{ \ - CSSM_DB_INDEX_UNIQUE, \ - CSSM_DB_INDEX_ON_ATTRIBUTE, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## VALUETYPE \ -};\ -\ -CSSM_DB_ATTR_DEFINE_SCHEMA(ATTR, INTEGER, NAME, OID_LEN, OID_DATA, VALUETYPE) - - - -// -// Maker interfaces used by various Impl objects -// - -// DbMaker -- someone who can create a new DbImpl. -class DbImpl; -class DbMaker -{ -public: - virtual DbImpl *newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) = 0; -}; - -// DbCursorMaker -- someone who can create a new DbCursorImpl. -class DbCursorImpl; -class DbCursorMaker -{ -public: - virtual DbCursorImpl *newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator) = 0; - virtual DbCursorImpl *newDbCursor(uint32 capacity, CssmAllocator &allocator) = 0; -}; - -// DbUniqueRecordMaker -- someone who can create a new DbUniqueRecordImpl. -class DbUniqueRecordImpl; -class DbUniqueRecordMaker -{ -public: - virtual DbUniqueRecordImpl *newDbUniqueRecord() = 0; -}; - - -// -// A DL attachment -// -class DLImpl : public AttachmentImpl, public DbMaker -{ -public: - DLImpl(const Guid &guid); - DLImpl(const Module &module); - virtual ~DLImpl(); - - virtual void getDbNames(char **); - virtual void freeNameList(char **); - - // DbMaker - virtual DbImpl *newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); -private: -}; - -class DL : public Attachment -{ -public: - typedef DLImpl Impl; - - explicit DL(Impl *impl) : Attachment(impl) {} - DL() : Attachment(NULL) {} - DL(const Guid &guid) : Attachment(new Impl(guid)) {} - DL(const Module &module) : Attachment(new Impl(module)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } - - // Conversion to DbMaker. - operator DbMaker &() const { return impl(); } -}; - - -class DbAttributes; -class DbUniqueRecord; - - -// -// A CSSM_DLDB handle. -// Dbs always belong to DLs (DL attachments) -// -class DbImpl : public ObjectImpl, public DbCursorMaker, public DbUniqueRecordMaker -{ -public: - DbImpl(const DL &dl, const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); - virtual ~DbImpl(); - - DL dl() const { return parent
(); } - Module module() const { return dl()->module(); } - - virtual void open(); - virtual void create(); - virtual void close(); - virtual void deleteDb(); - virtual void rename(const char *newName); - virtual void authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCredentials); - virtual void name(char *&outName); // CSSM_DL_GetDbNameFromHandle() - - virtual void createRelation(CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo); - virtual void destroyRelation(CSSM_DB_RECORDTYPE inRelationID); - - virtual DbUniqueRecord insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data); - - const CSSM_DL_DB_HANDLE &handle() { activate(); return mHandle; } - - const DbName &dbName() { return mDbName; } - void dbName(const DbName &dbName) { mDbName = dbName; } - - const char *name() const { return mDbName.dbName().c_str(); } - const CSSM_NET_ADDRESS *dbLocation() const { return mDbName.dbLocation(); } - - CSSM_DB_ACCESS_TYPE accessRequest() const { return mAccessRequest; } - void accessRequest(CSSM_DB_ACCESS_TYPE inAccessRequest) - { mAccessRequest = inAccessRequest; } - - const CSSM_ACCESS_CREDENTIALS *accessCredentials() const - { return mAccessCredentials; } - void accessCredentials(const CSSM_ACCESS_CREDENTIALS *inAccessCredentials) - { mAccessCredentials = inAccessCredentials; } - - const void *openParameters() const { return mOpenParameters; } - void openParameters(const void *inOpenParameters) - { mOpenParameters = inOpenParameters; } - - const CSSM_DBINFO *dbInfo() const { return mDbInfo; } - void dbInfo(const CSSM_DBINFO *inDbInfo) { mDbInfo = inDbInfo; } - - const ResourceControlContext *resourceControlContext() const - { return mResourceControlContext; } - void resourceControlContext(const CSSM_RESOURCE_CONTROL_CONTEXT *inResourceControlContext) - { mResourceControlContext = ResourceControlContext::overlay(inResourceControlContext); } - - void passThrough(uint32 passThroughId, const void *in, void **out = NULL); - - template - void passThrough(uint32 passThroughId, const TIn *in, TOut *out = NULL) - { passThrough(passThroughId, (const void *)in, (void **)out); } - - // Passthrough functions (only implemented by AppleCSPDL). - virtual void lock(); - virtual void unlock(); - virtual void unlock(const CSSM_DATA &password); - virtual void getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep); - virtual void setSettings(uint32 inIdleTimeout, bool inLockOnSleep); - virtual bool isLocked(); - virtual void changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred); - virtual bool getUnlockKeyIndex(CssmData &index); - - // Utility methods - virtual DLDbIdentifier dlDbIdentifier() const; - - // DbCursorMaker - virtual DbCursorImpl *newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator); - virtual DbCursorImpl *newDbCursor(uint32 capacity, CssmAllocator &allocator); - - // DbUniqueRecordMaker - virtual DbUniqueRecordImpl *newDbUniqueRecord(); - -protected: - virtual void activate(); - virtual void deactivate(); - -private: - CSSM_DL_DB_HANDLE mHandle; // CSSM DLDB handle - - DbName mDbName; - CSSM_DB_ACCESS_TYPE mAccessRequest; - const CSSM_ACCESS_CREDENTIALS *mAccessCredentials; - const void *mOpenParameters; - - // Arguments to create - const CSSM_DBINFO *mDbInfo; - const ResourceControlContext *mResourceControlContext; -}; - - -class Db : public Object -{ -public: - typedef DbImpl Impl; - - explicit Db(Impl *impl) : Object(impl) {} - Db() : Object(NULL) {} - Db(DbMaker &maker, const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation = NULL) - : Object(maker.newDb(inDbName, inDbLocation)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } - - // Conversion to DbCursorMaker. - operator DbCursorMaker &() const { return impl(); } - // Conversion to DbUniqueRecordMaker. - operator DbUniqueRecordMaker &() const { return impl(); } -}; - -// -// DbCursor -// - -// This class is still abstract. You must subclass it in order to be able to instantiate an instance. -class DbCursorImpl : public ObjectImpl, public CssmAutoQuery -{ -public: - DbCursorImpl(const Object &parent, const CSSM_QUERY &query, CssmAllocator &allocator); - DbCursorImpl(const Object &parent, uint32 capacity, CssmAllocator &allocator); - - virtual CssmAllocator &allocator() const; - virtual void allocator(CssmAllocator &alloc); - - virtual bool next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId) = 0; - void abort() { deactivate(); } -}; - -class DbCursor : public Object -{ -public: - typedef DbCursorImpl Impl; - - explicit DbCursor(Impl *impl) : Object(impl) {} - DbCursor() : Object(NULL) {} - DbCursor(DbCursorMaker &maker, const CSSM_QUERY &query, - CssmAllocator &allocator = CssmAllocator::standard()) - : Object(maker.newDbCursor(query, allocator)) {} - DbCursor(DbCursorMaker &maker, uint32 capacity = 0, - CssmAllocator &allocator = CssmAllocator::standard()) - : Object(maker.newDbCursor(capacity, allocator)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// DbUniqueRecord -// -class DbUniqueRecordImpl : public ObjectImpl -{ -public: - DbUniqueRecordImpl(const Db &db); - virtual ~DbUniqueRecordImpl(); - - virtual void deleteRecord(); - virtual void modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode); - virtual void get(DbAttributes *attributes, ::CssmDataContainer *data); - - Db database() const { return parent(); } - - void free() { deactivate(); } - - // Client must call activate() after calling this function if mUniqueId is successfully set. - operator CSSM_DB_UNIQUE_RECORD_PTR *() { if (mActive) free(); return &mUniqueId; } - - operator CSSM_DB_UNIQUE_RECORD *() { return mUniqueId; } - operator const CSSM_DB_UNIQUE_RECORD *() const { return mUniqueId; } - - void activate(); - -protected: - void deactivate(); - - CSSM_DB_UNIQUE_RECORD_PTR mUniqueId; -}; - -class DbUniqueRecord : public Object -{ -public: - typedef DbUniqueRecordImpl Impl; - - explicit DbUniqueRecord(Impl *impl) : Object(impl) {} - DbUniqueRecord() : Object(NULL) {} - DbUniqueRecord(DbUniqueRecordMaker &maker) : Object(maker.newDbUniqueRecord()) {} - - Impl *operator ->() { return &impl(); } - Impl &operator *() { return impl(); } - const Impl &operator *() const { return impl(); } - - // Conversion operators must be here. - - // Client must activate after calling this function if mUniqueId is successfully set. - operator CSSM_DB_UNIQUE_RECORD_PTR *() { return **this; } - - operator CSSM_DB_UNIQUE_RECORD *() { return **this; } - operator const CSSM_DB_UNIQUE_RECORD *() const { return **this; } -}; - - -// -// DbAttributes -// -class DbAttributes : public CssmAutoDbRecordAttributeData -{ -public: - DbAttributes(); - DbAttributes(const Db &db, uint32 capacity = 0, CssmAllocator &allocator = CssmAllocator::standard()); -}; - - -// -// DbDbCursor -- concrete subclass of DbCursorImpl for querying Db's -// -class DbDbCursorImpl : public DbCursorImpl -{ -public: - DbDbCursorImpl(const Db &db, const CSSM_QUERY &query, CssmAllocator &allocator); - DbDbCursorImpl(const Db &db, uint32 capacity, CssmAllocator &allocator); - virtual ~DbDbCursorImpl(); - - bool next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId); - -protected: - Db database() { return parent(); } - - void activate(); - void deactivate(); - -private: - CSSM_HANDLE mResultsHandle; -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_DLCLIENT diff --git a/cdsa/cdsa_client/genkey.cpp b/cdsa/cdsa_client/genkey.cpp deleted file mode 100644 index 9f99270b..00000000 --- a/cdsa/cdsa_client/genkey.cpp +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// genkey - client interface to CSSM sign/verify contexts -// -#include - -using namespace CssmClient; - - -GenerateKey::GenerateKey(const CSP &csp, CSSM_ALGORITHMS alg, uint32 size) -: Context(csp, alg), mKeySize(size), mSeed(NULL), mSalt(NULL), mParams(NULL), mInitialAcl(NULL) -{ -} - -void -GenerateKey::database(const Db &inDb) -{ - mDb = inDb; - if (mDb && isActive()) - set(CSSM_ATTRIBUTE_DL_DB_HANDLE, mDb->handle()); -} - -void GenerateKey::activate() -{ - if (!mActive) - { - check(CSSM_CSP_CreateKeyGenContext(attachment()->handle(), mAlgorithm, - mKeySize, mSeed, mSalt, NULL, NULL, mParams, &mHandle)); - // Must be done before calling set() since is does nothing unless we are active. - // Also we are technically active even if set() throws since we already created a context. - mActive = true; - if (mDb) - set(CSSM_ATTRIBUTE_DL_DB_HANDLE, mDb->handle()); - } -} - -Key GenerateKey::operator () (const KeySpec &spec) -{ - Key key; - - check(CSSM_GenerateKey(handle(), spec.usage, spec.attributes, spec.label, - mInitialAcl, key.makeNewKey(attachment()))); - - key->activate(); - - return key; -} - -void GenerateKey::operator () (CssmKey &key, const KeySpec &spec) -{ - check(CSSM_GenerateKey(handle(), spec.usage, spec.attributes, spec.label, mInitialAcl, &key)); - -} - -void GenerateKey::operator () (Key &publicKey, const KeySpec &pubSpec, - Key &privateKey, const KeySpec &privSpec) -{ - check(CSSM_GenerateKeyPair(handle(), - pubSpec.usage, pubSpec.attributes, - pubSpec.label, publicKey.makeNewKey(attachment()), - privSpec.usage, privSpec.attributes, - privSpec.label, mInitialAcl, privateKey.makeNewKey(attachment()))); - - publicKey->activate(); - privateKey->activate(); - -} - -void GenerateKey::operator () (CssmKey &publicKey, const KeySpec &pubSpec, - CssmKey &privateKey, const KeySpec &privSpec) -{ - check(CSSM_GenerateKeyPair(handle(), - pubSpec.usage, pubSpec.attributes, pubSpec.label, &publicKey, - privSpec.usage, privSpec.attributes, privSpec.label, mInitialAcl, &privateKey)); -} - diff --git a/cdsa/cdsa_client/genkey.h b/cdsa/cdsa_client/genkey.h deleted file mode 100644 index dccbf532..00000000 --- a/cdsa/cdsa_client/genkey.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// genkey - client interface to CSSM sign/verify contexts -// -#ifndef _H_CDSA_CLIENT_GENKEY -#define _H_CDSA_CLIENT_GENKEY 1 - -#include -#include -#include -#include - - -namespace Security -{ - -namespace CssmClient -{ - -class GenerateKey : public Context { -public: - GenerateKey(const CSP &csp, CSSM_ALGORITHMS alg, uint32 size = 0); - -public: - - // context parameters - void size(uint32 s) { mKeySize = s; set(CSSM_ATTRIBUTE_KEY_LENGTH, s); } - void seed(const CssmCryptoData &s) { mSeed = &s; set(CSSM_ATTRIBUTE_SEED, s); } - void salt(const CssmData &s) { mSalt = &s;set(CSSM_ATTRIBUTE_SALT, s); } - void params(const CssmData &p) { mParams = &p; set(CSSM_ATTRIBUTE_ALG_PARAMS, p); } - void database(const Db &inDb); - - // Generation parameters - void initialAcl(const ResourceControlContext *rc) { mInitialAcl = rc; } - - // symmetric key generation - Key operator () (const KeySpec &spec); - void operator () (CssmKey &key, const KeySpec &spec); - - // asymmetric key generation - void operator () (Key &publicKey, const KeySpec &publicSpec, - Key &privateKey, const KeySpec &privateSpec); - void operator () (CssmKey &publicKey, const KeySpec &publicSpec, - CssmKey &privateKey, const KeySpec &privateSpec); - - -protected: - void activate(); - -private: - // context parameters - uint32 mKeySize; - const CssmCryptoData *mSeed; - const CssmData *mSalt; - const CssmData *mParams; - Db mDb; - - // generation parameters(?) - const ResourceControlContext *mInitialAcl; -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_GENKEY diff --git a/cdsa/cdsa_client/keychainacl.cpp b/cdsa/cdsa_client/keychainacl.cpp deleted file mode 100644 index e30db088..00000000 --- a/cdsa/cdsa_client/keychainacl.cpp +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keychainacl - Keychain-related ACL and credential forms -// -#ifdef __MWERKS__ -#define _CPP_KEYCHAINACL -#endif - -#include "keychainacl.h" -#include - -using namespace CssmClient; - - -// -// Construct the factory. -// @@@ Leaks. -// -KeychainAclFactory::KeychainAclFactory(CssmAllocator &alloc) -: allocator(alloc), nullCred(alloc, 1), kcCred(alloc, 2), kcUnlockCred(alloc, 1) -{ - // the credential objects self-initialize to empty - nullCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD); - - kcCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT); - kcCred.sample(1) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD, - new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT))); - - // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) - kcUnlockCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)); -} - -KeychainAclFactory::~KeychainAclFactory() -{ -} - - -// -// Produce credentials. -// These are constants that don't need to be allocated per use. -// -const AccessCredentials *KeychainAclFactory::nullCredentials() -{ - return &nullCred; -} - -const AccessCredentials *KeychainAclFactory::keychainPromptCredentials() -{ - return &kcCred; -} - -const AccessCredentials *KeychainAclFactory::keychainPromptUnlockCredentials() -{ - return &kcUnlockCred; -} - -const AutoCredentials *KeychainAclFactory::passwordChangeCredentials(const CssmData &password) -{ - AutoCredentials *cred = new AutoCredentials(allocator, 1); - // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) - cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, - new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(allocator) ListElement(password)); - return cred; -} - -const AutoCredentials *KeychainAclFactory::passwordUnlockCredentials(const CssmData &password) -{ - AutoCredentials *cred = new AutoCredentials(allocator, 1); - // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) - cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, - new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), - new(allocator) ListElement(password)); - return cred; -} - - -// -// -AclEntryInput *KeychainAclFactory::keychainPromptOwner(const CssmData &description) -{ - // @@@ Make sure this works for a NULL description - AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(allocator) ListElement(allocator, description))); - return new(allocator) AclEntryInput(proto); -} - -AclEntryInput *KeychainAclFactory::anyOwner() -{ - AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); - return new(allocator) AclEntryInput(proto); -} - -void KeychainAclFactory::release(AclEntryInput *input) -{ - DataWalkers::chunkFree(input, allocator); -} - - -// -// ACL editing -// -void KeychainAclFactory::comment(TypedList &subject) -{ - subject.insert(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_COMMENT), - subject.first()); -} - -void KeychainAclFactory::uncomment(TypedList &subject) -{ - ListElement *first = subject.first(); - assert(*first == CSSM_ACL_SUBJECT_TYPE_COMMENT); - subject -= first; - destroy(first, allocator); -} diff --git a/cdsa/cdsa_client/keychainacl.h b/cdsa/cdsa_client/keychainacl.h deleted file mode 100644 index d4650ffc..00000000 --- a/cdsa/cdsa_client/keychainacl.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keychainacl - Keychain-related ACL and credential forms -// -#ifndef _KEYCHAINACL -#define _KEYCHAINACL - -#include -#include -#include -#include - -#ifdef _CPP_KEYCHAINACL -# pragma export on -#endif - - -namespace Security -{ - -namespace CssmClient -{ - -class KeychainAclFactory -{ -public: - KeychainAclFactory(CssmAllocator &alloc); - ~KeychainAclFactory(); - - CssmAllocator &allocator; - -public: - // - // Create credentials. These functions return AccessCredentials pointers. - // - const AccessCredentials *nullCredentials(); - const AccessCredentials *keychainPromptCredentials(); - const AccessCredentials *keychainPromptUnlockCredentials(); - const AutoCredentials *passwordChangeCredentials(const CssmData &password); - const AutoCredentials *passwordUnlockCredentials(const CssmData &password); - -public: - // - // Create initial ACLs. Pass those to resource creation functions. - // - AclEntryInput *keychainPromptOwner(const CssmData &description); - AclEntryInput *anyOwner(); - void release(AclEntryInput *input); - -public: - // - // Edit ACLs (in external form, as TypedLists) - // - void comment(TypedList &subject); - void uncomment(TypedList &subject); - -private: - AutoCredentials nullCred; - AutoCredentials kcCred; - AutoCredentials kcUnlockCred; -}; - - -} // end namespace CssmClient - -} // end namespace Security - -#ifdef _CPP_KEYCHAINACL -# pragma export off -#endif - -#endif //_KEYCHAINACL diff --git a/cdsa/cdsa_client/keyclient.cpp b/cdsa/cdsa_client/keyclient.cpp deleted file mode 100644 index 5627ce71..00000000 --- a/cdsa/cdsa_client/keyclient.cpp +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keyclient -// -#include -#include - - -using namespace CssmClient; - - -KeyImpl::KeyImpl(const CSP &csp) : ObjectImpl(csp), CssmKey() -{ - mActive=false; -} - -KeyImpl::KeyImpl(const CSP &csp, const CSSM_KEY &key, bool copy) : ObjectImpl(csp), CssmKey(key) -{ - if (copy) - keyData() = CssmAutoData(csp.allocator(), keyData()).release(); - mActive=true; -} - -KeyImpl::KeyImpl(const CSP &csp, const CSSM_DATA &keyData) : ObjectImpl(csp), -CssmKey(keyData.Length, csp->allocator().alloc(keyData.Length)) -{ - memcpy(KeyData.Data, keyData.Data, keyData.Length); - mActive=true; -} - -KeyImpl::~KeyImpl() -{ - try - { - deactivate(); - } - catch(...) {} -} - -void -KeyImpl::deleteKey(const CSSM_ACCESS_CREDENTIALS *cred) -{ - if (mActive) - { - mActive=false; - check(CSSM_FreeKey(csp()->handle(), cred, this, CSSM_TRUE)); - } -} - -CssmKeySize -KeyImpl::sizeInBits() const -{ - CssmKeySize size; - check(CSSM_QueryKeySizeInBits(csp()->handle(), NULL, this, &size)); - return size; -} - -void -KeyImpl::getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag) const -{ - aclInfos.allocator(allocator()); - check(CSSM_GetKeyAcl(csp()->handle(), this, reinterpret_cast(selectionTag), aclInfos, aclInfos)); -} - -void -KeyImpl::changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *accessCred) -{ - check(CSSM_ChangeKeyAcl(csp()->handle(), - AccessCredentials::needed(accessCred), &aclEdit, this)); -} - -void -KeyImpl::getOwner(AutoAclOwnerPrototype &owner) const -{ - owner.allocator(allocator()); - check(CSSM_GetKeyOwner(csp()->handle(), this, owner)); -} - -void -KeyImpl::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *accessCred) -{ - check(CSSM_ChangeKeyOwner(csp()->handle(), - AccessCredentials::needed(accessCred), this, &newOwner)); -} - -void KeyImpl::activate() -{ - mActive=true; -} - -void KeyImpl::deactivate() -{ - if (mActive) - { - mActive=false; - check(CSSM_FreeKey(csp()->handle(), NULL, this, CSSM_FALSE)); - } -} diff --git a/cdsa/cdsa_client/keyclient.h b/cdsa/cdsa_client/keyclient.h deleted file mode 100644 index 258186eb..00000000 --- a/cdsa/cdsa_client/keyclient.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// keyclient -// -#ifndef _H_CDSA_CLIENT_KEYCLIENT -#define _H_CDSA_CLIENT_KEYCLIENT 1 - -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// Key -// -class KeyImpl : public ObjectImpl, public AclBearer, public CssmKey -{ -public: - KeyImpl(const CSP &csp); - KeyImpl(const CSP &csp, const CSSM_KEY &key, bool copy = false); - KeyImpl(const CSP &csp, const CSSM_DATA &keyData); - virtual ~KeyImpl(); - - CSP csp() const { return parent(); } - void deleteKey(const CSSM_ACCESS_CREDENTIALS *cred); - - CssmKeySize sizeInBits() const; - - // Acl manipulation - void getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag = NULL) const; - void changeAcl(const CSSM_ACL_EDIT &aclEdit, - const CSSM_ACCESS_CREDENTIALS *accessCred); - - // Acl owner manipulation - void getOwner(AutoAclOwnerPrototype &owner) const; - void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner, - const CSSM_ACCESS_CREDENTIALS *accessCred = NULL); - - // Call this after completing the CSSM API call after having called Key::makeNewKey() - void activate(); - -protected: - void deactivate(); -}; - -class Key : public Object -{ -public: - typedef KeyImpl Impl; - explicit Key(Impl *impl) : Object(impl) {} - - Key() : Object(NULL) {} - Key(const CSP &csp, const CSSM_KEY &key, bool copy = false) : Object(new Impl(csp, key, copy)) {} - Key(const CSP &csp, const CSSM_DATA &keyData) : Object(new Impl(csp, keyData)) {} - - // Creates an inactive key, client must call activate() after this. - Key(const CSP &csp) : Object(new Impl(csp)) {} - - Impl *operator ->() const { return (*this) ? &impl() : NULL; } - Impl &operator *() const { return impl(); } - - // Conversion operators to CssmKey baseclass. - operator const CssmKey * () const { return (*this) ? &(**this) : NULL; } - operator const CssmKey & () const { return **this; } - - // a few shortcuts to make life easier - CssmKey::Header &header() const { return (*this)->header(); } - - // Creates an inactive key, client must call activate() after this. - CssmKey *makeNewKey(const CSP &csp) { (*this) = Key(csp); return &(**this); } - - // inquiries - CssmKeySize sizeInBits() const { return (*this)->sizeInBits(); } -}; - - -struct KeySpec -{ - uint32 usage; - uint32 attributes; - const CssmData *label; - //add rc context - - KeySpec(uint32 u, uint32 a) : usage(u), attributes(a), label(NULL) { } - KeySpec(uint32 u, uint32 a, const CssmData &l) : usage(u), attributes(a), label(&l) { } -}; - -} // end namespace CssmClient - -} // end namespace Security - - -#endif // _H_CDSA_CLIENT_KEYCLIENT diff --git a/cdsa/cdsa_client/macclient.cpp b/cdsa/cdsa_client/macclient.cpp deleted file mode 100644 index 065ae0ec..00000000 --- a/cdsa/cdsa_client/macclient.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// macclient - client interface to CSSM sign/verify mac contexts -// -#include - -using namespace CssmClient; - - -// -// Common features of signing and verify mac contexts -// -void MacContext::activate() -{ - if (!mActive) - { - check(CSSM_CSP_CreateMacContext(attachment()->handle(), mAlgorithm, - mKey, &mHandle)); - mActive = true; - } -} - -// -// Signing -// -void GenerateMac::sign(const CssmData *data, uint32 count, CssmData &mac) -{ - unstaged(); - check(CSSM_GenerateMac(handle(), data, count, &mac)); -} - -void GenerateMac::init() -{ - check(CSSM_GenerateMacInit(handle())); - mStaged = true; -} - -void GenerateMac::sign(const CssmData *data, uint32 count) -{ - staged(); - check(CSSM_GenerateMacUpdate(handle(), data, count)); -} - -void GenerateMac::operator () (CssmData &mac) -{ - staged(); - check(CSSM_GenerateMacFinal(handle(), &mac)); - mStaged = false; -} - - -// -// Verifying -// -void VerifyMac::verify(const CssmData *data, uint32 count, const CssmData &mac) -{ - unstaged(); - check(CSSM_VerifyMac(handle(), data, count, &mac)); -} - -void VerifyMac::init() -{ - check(CSSM_VerifyMacInit(handle())); - mStaged = true; -} - -void VerifyMac::verify(const CssmData *data, uint32 count) -{ - staged(); - check(CSSM_VerifyMacUpdate(handle(), data, count)); -} - -void VerifyMac::operator () (const CssmData &mac) -{ - staged(); - check(CSSM_VerifyMacFinal(handle(), &mac)); - mStaged = false; -} diff --git a/cdsa/cdsa_client/macclient.h b/cdsa/cdsa_client/macclient.h deleted file mode 100644 index a37d8789..00000000 --- a/cdsa/cdsa_client/macclient.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// macclient - client interface to CSSM sign/verify mac contexts -// -#ifndef _H_CDSA_CLIENT_MACCLIENT -#define _H_CDSA_CLIENT_MACCLIENT 1 - -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// A signing/verifying mac context -// -class MacContext : public Context -{ -public: - MacContext(const CSP &csp, CSSM_ALGORITHMS alg) - : Context(csp, alg) { } - - // preliminary interface - Key key() const { assert(mKey); return mKey; } - void key(const Key &k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, mKey); } - -protected: - void activate(); - Key mKey; -}; - - -class GenerateMac : public MacContext -{ -public: - GenerateMac(const CSP &csp, CSSM_ALGORITHMS alg) : MacContext(csp, alg) { } - - // integrated - void sign(const CssmData &data, CssmData &mac) { sign(&data, 1, mac); } - void sign(const CssmData *data, uint32 count, CssmData &mac); - - // staged - void init(); // Optional - void sign(const CssmData &data) { sign(&data, 1); } - void sign(const CssmData *data, uint32 count); - void operator () (CssmData &mac); - CssmData operator () () { CssmData mac; (*this)(mac); return mac; } -}; - -class VerifyMac : public MacContext -{ -public: - VerifyMac(const CSP &csp, CSSM_ALGORITHMS alg) : MacContext(csp, alg) { } - - // integrated - void verify(const CssmData &data, const CssmData &mac) { verify(&data, 1, mac); } - void verify(const CssmData *data, uint32 count, const CssmData &mac); - - // staged - void init(); // Optional - void verify(const CssmData &data) { verify(&data, 1); } - void verify(const CssmData *data, uint32 count); - void operator () (const CssmData &mac); -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_MACCLIENT diff --git a/cdsa/cdsa_client/multidldb.cpp b/cdsa/cdsa_client/multidldb.cpp deleted file mode 100644 index 5e410440..00000000 --- a/cdsa/cdsa_client/multidldb.cpp +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MultiDLDb implementation. -// - -#include -#include -#include - - - -namespace Security -{ - -using namespace CssmClient; - -namespace CssmClient -{ - -// -// MultiDLDbDbCursorImpl declaration -// -class MultiDLDbDbCursorImpl : public DbCursorImpl -{ -public: - MultiDLDbDbCursorImpl(const MultiDLDb &parent, const CSSM_QUERY &query, CssmAllocator &allocator); - MultiDLDbDbCursorImpl(const MultiDLDb &parent, uint32 capacity, CssmAllocator &allocator); - virtual ~MultiDLDbDbCursorImpl(); - - bool next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId); -private: - MultiDLDb multiDLDb() { return parent(); } - void activate(); - void deactivate(); - - MultiDLDbImpl::ListRef mListRef; - MultiDLDbImpl::List::const_iterator mNext; - MultiDLDbImpl::List::const_iterator mEnd; - DbCursor mCursor; -}; - -} // end namespace CssmClient - -} // end namespace Security - -// -// MultiDLDbImpl -// -MultiDLDbImpl::MultiDLDbImpl(const vector &list, bool useSecureStorage, const Cssm &cssm) -: ObjectImpl(cssm), mListRef(list), mUseSecureStorage(useSecureStorage) -{ -} - -MultiDLDbImpl::MultiDLDbImpl(const vector &list, bool useSecureStorage) -: ObjectImpl(Cssm::standard()), mListRef(list), mUseSecureStorage(useSecureStorage) -{ -} - -MultiDLDbImpl::~MultiDLDbImpl() -{ - deactivate(); -} - -Db -MultiDLDbImpl::database(const DLDbIdentifier &dlDbIdentifier) -{ - StLock _(mLock); - DbMap::const_iterator it = mDbMap.find(dlDbIdentifier); - if (it != mDbMap.end()) - return it->second; - - Module module(dlDbIdentifier.ssuid().guid(), cssm()); - DL dl; - if (dlDbIdentifier.ssuid().subserviceType() & CSSM_SERVICE_CSP) - { - if (mUseSecureStorage) - dl = SSCSPDL(module); - else - dl = CSPDL(module); - } - else - dl = DL(module); - - dl->subserviceId(dlDbIdentifier.ssuid().subserviceId()); - dl->version(dlDbIdentifier.ssuid().version()); - Db db(dl, dlDbIdentifier.dbName()); - if (find(mListRef->begin(), mListRef->end(), dlDbIdentifier) != mListRef->end()) - mDbMap.insert(DbMap::value_type(dlDbIdentifier, db)); - - return db; -} - -void -MultiDLDbImpl::list(const vector &list) -{ - StLock _(mLock); - set oldList(mListRef->begin(), mListRef->end()); - mListRef = ListRef(list); - set newList(mListRef->begin(), mListRef->end()); - vector obsolete; - back_insert_iterator > ii(obsolete); - // Remove all db's from the map that were in oldList but are not in mListRef. - set_difference(oldList.begin(), oldList.end(), newList.begin(), newList.end(), ii); - for (vector::const_iterator it = obsolete.begin(); it != obsolete.end(); ++it) - mDbMap.erase(*it); -} - -DbCursorImpl * -MultiDLDbImpl::newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator) -{ - return new MultiDLDbDbCursorImpl(MultiDLDb(this), query, allocator); -} - -DbCursorImpl * -MultiDLDbImpl::newDbCursor(uint32 capacity, CssmAllocator &allocator) -{ - return new MultiDLDbDbCursorImpl(MultiDLDb(this), capacity, allocator); -} - -void -MultiDLDbImpl::activate() -{ -} - -void -MultiDLDbImpl::deactivate() -{ - StLock _(mLock); - mDbMap.erase(mDbMap.begin(), mDbMap.end()); -} - - -// -// MultiDLDbDbCursorImpl -// -MultiDLDbDbCursorImpl::MultiDLDbDbCursorImpl(const MultiDLDb &parent, - const CSSM_QUERY &query, CssmAllocator &allocator) -: DbCursorImpl(parent, query, allocator) -{ -} - -MultiDLDbDbCursorImpl::MultiDLDbDbCursorImpl(const MultiDLDb &parent, - uint32 capacity, CssmAllocator &allocator) -: DbCursorImpl(parent, capacity, allocator) -{ -} - -MultiDLDbDbCursorImpl::~MultiDLDbDbCursorImpl() -{ - try - { - deactivate(); - } - catch(...) {} -} - -bool -MultiDLDbDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId) -{ - activate(); - for (;;) - { - if (!mCursor) - { - if (mNext == mEnd) - { - // This is how it ends. - deactivate(); - return false; - } - - mCursor = DbCursor(multiDLDb()->database(*mNext++), *this); - } - - try - { - if (mCursor->next(attributes, data, uniqueId)) - return true; - } - - catch(const CssmCommonError &err) - { - OSStatus status = err.osStatus(); - if(status != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) - throw; - } - - - - mCursor = DbCursor(); - } -} - -void -MultiDLDbDbCursorImpl::activate() -{ - if (!mActive) - { - mListRef = multiDLDb()->listRef(); - mNext = mListRef->begin(); - mEnd = mListRef->end(); - mActive = true; - } -} - -void -MultiDLDbDbCursorImpl::deactivate() -{ - if (mActive) - { - mActive = false; - mListRef = MultiDLDbImpl::ListRef(); - mNext = mEnd; - mCursor = DbCursor(); - } -} - diff --git a/cdsa/cdsa_client/multidldb.h b/cdsa/cdsa_client/multidldb.h deleted file mode 100644 index d2a64b41..00000000 --- a/cdsa/cdsa_client/multidldb.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// multidldb interfaces for searching multiple dls or db with a single cursor. -// -#ifndef _H_CDSA_CLIENT_MULTIDLDB -#define _H_CDSA_CLIENT_MULTIDLDB 1 - -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// The MultiDLDb class. -// -class MultiDLDbImpl : public ObjectImpl, public DbCursorMaker -{ -public: - struct List : public vector, public RefCount - { - List(const vector &list) : vector(list) {} - }; - - struct ListRef : public RefPointer - { - ListRef() {} - ListRef(const vector &list) : RefPointer(new List(list)) {} - }; - - MultiDLDbImpl(const vector &list, bool useSecureStorage, const Cssm &cssm); - MultiDLDbImpl(const vector &list, bool useSecureStorage); - virtual ~MultiDLDbImpl(); - - Cssm cssm() const { return parent(); } - Db database(const DLDbIdentifier &dlDbIdentifier); - ListRef listRef() { return mListRef; } - void list(const vector &list); - const vector &list() { return *mListRef; } - - // DbCursorMaker - virtual DbCursorImpl *newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator); - virtual DbCursorImpl *newDbCursor(uint32 capacity, CssmAllocator &allocator); - -protected: - void activate(); - void deactivate(); - -private: - typedef map DbMap; - - // Lock protecting this object during changes. - Mutex mLock; - ListRef mListRef; - DbMap mDbMap; - bool mUseSecureStorage; -}; - -class MultiDLDb : public Object -{ -public: - typedef MultiDLDbImpl Impl; - - explicit MultiDLDb(Impl *impl) : Object(impl) {} - MultiDLDb(const vector &list, bool useSecureStorage, const Cssm &cssm) - : Object(new Impl(list, useSecureStorage, cssm)) {} - MultiDLDb(const vector &list, bool useSecureStorage) - : Object(new Impl(list, useSecureStorage)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } - - // Conversion to DbCursorMaker - operator DbCursorMaker &() { return impl(); } -}; - -}; // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_MULTIDLDB diff --git a/cdsa/cdsa_client/osxsigner.cpp b/cdsa/cdsa_client/osxsigner.cpp deleted file mode 100644 index 61df3314..00000000 --- a/cdsa/cdsa_client/osxsigner.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// osxsigner - MacOS X's standard code signing algorithm. -// -#ifdef __MWERKS__ -#define _CPP_OSXSIGNER -#endif - -#include -#include -#include - - -namespace Security -{ - -namespace CodeSigning -{ - -// -// Construct an OSXSigner -// -OSXSigner::OSXSigner() : csp(gGuidAppleCSP) -{ -} - - -// -// Signing/verification implementation -// -OSXSigner::OSXSignature *OSXSigner::sign(const Signable &target) -{ - Digester digester(*this); - scanContents(digester, target); - DataBuffer hash; - digester(hash); - IFDUMPING("codesign", Debug::dumpData("sign", hash)); - return new OSXSignature(hash); -} - -bool OSXSigner::verify(const Signable &target, const Signature *signature) -{ - if (const OSXSignature *sig = dynamic_cast(signature)) { - Digester digester(*this); - scanContents(digester, target); - DataBuffer hash; - digester(hash); - IFDUMPING("codesign", Debug::dumpData("verify", hash)); - return (*sig) == hash; - } - return false; -} - -void OSXSigner::Digester::enumerateContents(const void *data, size_t length) -{ - digest(CssmData(const_cast(data), length)); -} - - -// -// Re-create a Signature object from its external representation -// -OSXSigner::OSXSignature *OSXSigner::restore(uint32 type, const void *data, size_t length) -{ - switch (type) { - case CSSM_ACL_CODE_SIGNATURE_OSX: - if (length != OSXSignature::hashLength) - CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA); - return new OSXSignature(data); - default: - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - } -} - - -}; // end namespace CodeSigning - -} // end namespace Security diff --git a/cdsa/cdsa_client/osxsigner.h b/cdsa/cdsa_client/osxsigner.h deleted file mode 100644 index b3dc06b9..00000000 --- a/cdsa/cdsa_client/osxsigner.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// osxsigner - MacOS X's standard code signing algorithm. -// -#ifndef _H_OSXSIGNER -#define _H_OSXSIGNER - -#include -#include -#include - -#ifdef _CPP_OSXSIGNER -#pragma export on -#endif - -namespace Security -{ - -namespace CodeSigning -{ - -// -// The OSX standard signer object -// -class OSXSigner : public Signer { - class Digester; friend class Digester; -public: - class OSXSignature; - - OSXSigner(); - OSXSignature *sign(const Signable &target); - bool verify(const Signable &target, const Signature *signature); - - OSXSignature *restore(uint32 type, const void *data, size_t length); - -public: - class OSXSignature : public Signature { - public: - static const size_t hashLength = 20; // length of signature data - typedef uint8 Hash[hashLength]; - - OSXSignature(const void *src) { memcpy(mData, src, hashLength); } - - bool operator == (const Signature &other) const - { - if (const OSXSignature *sig = dynamic_cast(&other)) - return !memcmp(mData, sig->mData, hashLength); - else - return false; - } - - bool operator == (void *bytes) const - { return !memcmp(mData, bytes, hashLength); } - - uint32 type() const { return standardOSXSignature; } - const void *data() const { return mData; } - size_t length() const { return hashLength; } - - private: - uint8 mData[hashLength]; - }; - -private: - class Digester : public State, public CssmClient::Digest { - public: - Digester(OSXSigner &sgn) : State(sgn), CssmClient::Digest(sgn.csp, CSSM_ALGID_SHA1) { } - - void enumerateContents(const void *addr, size_t length); - }; - -private: - // CDSA resources - CssmClient::CSP csp; -}; - -} // end namespace CodeSigning - -} // end namespace Security - -#ifdef _CPP_OSXSIGNER -#pragma export off -#endif - - -#endif //_H_OSXSIGNER diff --git a/cdsa/cdsa_client/securestorage.cpp b/cdsa/cdsa_client/securestorage.cpp deleted file mode 100644 index ab1190a1..00000000 --- a/cdsa/cdsa_client/securestorage.cpp +++ /dev/null @@ -1,602 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include "securestorage.h" -#include "genkey.h" -#include -#include -#include - -using namespace CssmClient; -using namespace KeychainCore; - -// -// Manage CSPDL attachments -// -CSPDLImpl::CSPDLImpl(const Guid &guid) -: CSPImpl(Cssm::standard()->autoModule(guid)), -DLImpl(CSPImpl::module()) -{ -} - -CSPDLImpl::CSPDLImpl(const Module &module) -: CSPImpl(module), -DLImpl(module) -{ -} - -CSPDLImpl::~CSPDLImpl() -{ -} - -CssmAllocator &CSPDLImpl::allocator() const -{ - DLImpl::allocator(); return CSPImpl::allocator(); -} - -void CSPDLImpl::allocator(CssmAllocator &alloc) -{ - CSPImpl::allocator(alloc); DLImpl::allocator(alloc); -} - -bool CSPDLImpl::operator <(const CSPDLImpl &other) const -{ - return (static_cast(*this) < static_cast(other) || - (!(static_cast(other) < static_cast(*this)) - && static_cast(*this) < static_cast(other))); -} - -bool CSPDLImpl::operator ==(const CSPDLImpl &other) const -{ - return (static_cast(*this) == static_cast(other) - && static_cast(*this) == static_cast(other)); -} - -CSSM_SERVICE_MASK CSPDLImpl::subserviceMask() const -{ - return CSPImpl::subserviceType() | DLImpl::subserviceType(); -} - -void CSPDLImpl::subserviceId(uint32 id) -{ - CSPImpl::subserviceId(id); DLImpl::subserviceId(id); -} - - -// -// Secure storage -// -SSCSPDLImpl::SSCSPDLImpl(const Guid &guid) : CSPDLImpl::CSPDLImpl(guid) -{ -} - -SSCSPDLImpl::SSCSPDLImpl(const Module &module) : CSPDLImpl::CSPDLImpl(module) -{ -} - -SSCSPDLImpl::~SSCSPDLImpl() -{ -} - -DbImpl * -SSCSPDLImpl::newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) -{ - return new SSDbImpl(SSCSPDL(this), inDbName, inDbLocation); -} - - -// -// SSDbImpl -- Secure Storage Database Implementation -// -SSDbImpl::SSDbImpl(const SSCSPDL &cspdl, const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation) -: DbImpl(cspdl, inDbName, inDbLocation) -{ -} - -SSDbImpl::~SSDbImpl() -{ -} - -void -SSDbImpl::create() -{ - DbImpl::create(); -} - -void -SSDbImpl::open() -{ - DbImpl::open(); -} - -SSDbUniqueRecord -SSDbImpl::insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - const CSSM_RESOURCE_CONTROL_CONTEXT *rc) -{ - SSGroup group(SSDb(this), rc); - const CSSM_ACCESS_CREDENTIALS *cred = rc ? rc->AccessCred : NULL; - try - { - return insert(recordType, attributes, data, group, cred); - } - catch(...) - { - // @@@ Look at rc for credentials - group->deleteKey(cred); - throw; - } -} - -SSDbUniqueRecord -SSDbImpl::insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, const SSGroup &group, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - // Create an encoded dataBlob for this item. - CssmDataContainer dataBlob(allocator()); - group->encodeDataBlob(data, cred, dataBlob); - - // Insert the record with the new juicy dataBlob. - return SSDbUniqueRecord(safe_cast - (&(*DbImpl::insert(recordType, attributes, &dataBlob)))); -} - - -// DbCursorMaker -DbCursorImpl * -SSDbImpl::newDbCursor(const CSSM_QUERY &query, CssmAllocator &allocator) -{ - return new SSDbCursorImpl(Db(this), query, allocator); -} - -DbCursorImpl * -SSDbImpl::newDbCursor(uint32 capacity, CssmAllocator &allocator) -{ - return new SSDbCursorImpl(Db(this), capacity, allocator); -} - - -// SSDbUniqueRecordMaker -DbUniqueRecordImpl * -SSDbImpl::newDbUniqueRecord() -{ - return new SSDbUniqueRecordImpl(Db(this)); -} - - -// -// SSGroup -- Group key with acl, used to protect a group of items. -// -// @@@ Get this from a shared spot. -CSSM_DB_NAME_ATTR(SSGroupImpl::kLabel, 6, "Label", 0, NULL, BLOB); - -// Create a new group. -SSGroupImpl::SSGroupImpl(const SSDb &ssDb, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry) -: KeyImpl(ssDb->csp()), mLabel(ssDb->allocator()) -{ - mLabel.Length = kLabelSize; - mLabel.Data = reinterpret_cast - (mLabel.mAllocator.malloc(mLabel.Length)); - - // Get our csp and set up a random number generation context. - CSP csp(csp()); - Random random(csp, CSSM_ALGID_APPLE_YARROW); - - // Generate a kLabelSize byte random number that will be the label of - // the key which we store in the dataBlob. - random.generate(mLabel, mLabel.Length); - - // Overwrite the first 4 bytes with the magic cookie for a group. - reinterpret_cast(mLabel.Data)[0] = h2n(uint32(kGroupMagic)); - - // @@@ Ensure that the label is unique (Chance of collision is 2^80 -- - // birthday paradox). - - // Generate a permanent 3DES key that we will use to encrypt the data. - GenerateKey genKey(csp, CSSM_ALGID_3DES_3KEY, 192); - genKey.database(ssDb); - - // Set the acl of the key correctly here - genKey.initialAcl(ResourceControlContext::overlay(credAndAclEntry)); - - // Generate the key - genKey(*this, KeySpec(CSSM_KEYUSE_ENCRYPT|CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_PERMANENT|CSSM_KEYATTR_SENSITIVE, - mLabel)); - - // Activate ourself so CSSM_FreeKey will get called when we go out of - // scope. - activate(); -} - -// Lookup an existing group based on a dataBlob. -SSGroupImpl::SSGroupImpl(const SSDb &ssDb, const CSSM_DATA &dataBlob) -: KeyImpl(ssDb->csp()), mLabel(ssDb->allocator()) -{ - if (dataBlob.Length < kLabelSize + kIVSize) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record - - mLabel = CssmData(dataBlob.Data, kLabelSize); - if (*reinterpret_cast(mLabel.Data) != h2n (uint32(kGroupMagic))) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record - - // Look up the symmetric key with that label. - DbCursor cursor(new DbDbCursorImpl(ssDb, 0, CssmAllocator::standard())); - cursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - cursor->add(CSSM_DB_EQUAL, kLabel, mLabel); - - DbUniqueRecord keyId; - CssmDataContainer keyData(ssDb->allocator()); - if (!cursor->next(NULL, &keyData, keyId)) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // The key can't be found - - // Set the key part of ourself. - static_cast(*this) = - *reinterpret_cast(keyData.Data); - - // Activate ourself so CSSM_FreeKey will get called when we go out of - // scope. - activate(); -} - -bool -SSGroupImpl::isGroup(const CSSM_DATA &dataBlob) -{ - return dataBlob.Length >= kLabelSize + kIVSize - && *reinterpret_cast(dataBlob.Data) == h2n(uint32(kGroupMagic)); -} - -const CssmData -SSGroupImpl::label() const -{ - return mLabel; -} - -void -SSGroupImpl::decodeDataBlob(const CSSM_DATA &dataBlob, - const CSSM_ACCESS_CREDENTIALS *cred, - CssmAllocator &allocator, CSSM_DATA &data) -{ - // First get the IV and the cipherText from the blob. - CssmData iv(&dataBlob.Data[kLabelSize], kIVSize); - CssmData cipherText(&dataBlob.Data[kLabelSize + kIVSize], - dataBlob.Length - (kLabelSize + kIVSize)); - - CssmDataContainer plainText1(allocator); - CssmDataContainer plainText2(allocator); - - // Decrypt the data - // @@@ Don't use staged decrypt once the AppleCSPDL can do combo - // encryption. - // Setup decryption context - Decrypt decrypt(csp(), algorithm()); - decrypt.mode(CSSM_ALGMODE_CBCPadIV8); - decrypt.padding(CSSM_PADDING_PKCS1); - decrypt.initVector(iv); - decrypt.key(Key(this)); - decrypt.cred(AccessCredentials::overlay(cred)); - decrypt.decrypt(&cipherText, 1, &plainText1, 1); - decrypt.final(plainText2); - - // Use DL allocator for allocating memory for data. - uint32 length = plainText1.Length + plainText2.Length; - data.Data = allocator.alloc(length); - data.Length = length; - memcpy(data.Data, plainText1.Data, plainText1.Length); - memcpy(&data.Data[plainText1.Length], plainText2.Data, plainText2.Length); -} - -void -SSGroupImpl::encodeDataBlob(const CSSM_DATA *data, - const CSSM_ACCESS_CREDENTIALS *cred, - CssmDataContainer &dataBlob) -{ - // Get our csp and set up a random number generation context. - CSP csp(csp()); - Random random(csp, CSSM_ALGID_APPLE_YARROW); - - // Encrypt data using key and encode it in a dataBlob. - - // First calculate a random IV. - uint8 ivBuf[kIVSize]; - CssmData iv(ivBuf, kIVSize); - random.generate(iv, kIVSize); - - // Setup encryption context - Encrypt encrypt(csp, algorithm()); - encrypt.mode(CSSM_ALGMODE_CBCPadIV8); - encrypt.padding(CSSM_PADDING_PKCS1); - encrypt.initVector(iv); - encrypt.key(Key(this)); - encrypt.cred(AccessCredentials::overlay(cred)); - - // Encrypt the data - const CssmData nothing; - const CssmData *plainText = data ? CssmData::overlay(data) : ¬hing; - // @@@ Don't use staged encrypt once the AppleCSPDL can do combo - // encryption. - CssmDataContainer cipherText1, cipherText2; - encrypt.encrypt(plainText, 1, &cipherText1, 1); - encrypt.final(cipherText2); - - // Create a dataBlob containing the label followed by the IV followed - // by the cipherText. - uint32 length = (kLabelSize + kIVSize - + cipherText1.Length + cipherText2.Length); - dataBlob.Data = dataBlob.mAllocator.alloc(length); - dataBlob.Length = length; - memcpy(dataBlob.Data, mLabel.Data, kLabelSize); - memcpy(&dataBlob.Data[kLabelSize], iv.Data, kIVSize); - memcpy(&dataBlob.Data[kLabelSize + kIVSize], - cipherText1.Data, cipherText1.Length); - memcpy(&dataBlob.Data[kLabelSize + kIVSize + cipherText1.Length], - cipherText2.Data, cipherText2.Length); -} - - -// -// SSDbCursorImpl -- Secure Storage Database Cursor Implementation. -// -SSDbCursorImpl::SSDbCursorImpl(const Db &db, const CSSM_QUERY &query, - CssmAllocator &allocator) -: DbDbCursorImpl(db, query, allocator) -{ -} - -SSDbCursorImpl::SSDbCursorImpl(const Db &db, uint32 capacity, - CssmAllocator &allocator) -: DbDbCursorImpl(db, capacity, allocator) -{ -} - -bool -SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data, - DbUniqueRecord &uniqueId) -{ - return next(attributes, data, uniqueId, NULL); -} - -bool -SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data, - DbUniqueRecord &uniqueId, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - if (!data) - return DbDbCursorImpl::next(attributes, data, uniqueId); - - DbAttributes noAttrs, *attrs; - attrs = attributes ? attributes : &noAttrs; - - // Get the datablob for this record - CssmDataContainer dataBlob(allocator()); - for (;;) - { - if (!DbDbCursorImpl::next(attrs, &dataBlob, uniqueId)) - return false; - - // Keep going until we find a non key type record. - CSSM_DB_RECORDTYPE rt = attrs->recordType(); - if (rt != CSSM_DL_DB_RECORD_SYMMETRIC_KEY - && rt != CSSM_DL_DB_RECORD_PRIVATE_KEY - && rt != CSSM_DL_DB_RECORD_PUBLIC_KEY) - { - // @@@ Check the label and if it doesn't start with the magic for a SSKey return the key. - break; - } - else - { - // Free the key we just retrieved - database()->csp()->freeKey(*reinterpret_cast(dataBlob.Data)); - } - } - - if (!SSGroupImpl::isGroup(dataBlob)) - { - data->Data = dataBlob.Data; - data->Length = dataBlob.Length; - dataBlob.Data = NULL; - dataBlob.Length = 0; - return true; - } - - // Get the group for dataBlob - SSGroup group(database(), dataBlob); - - // Decode the dataBlob, pass in the DL allocator. - group->decodeDataBlob(dataBlob, cred, database()->allocator(), *data); - return true; -} - -bool -SSDbCursorImpl::nextKey(DbAttributes *attributes, Key &key, - DbUniqueRecord &uniqueId) -{ - DbAttributes noAttrs, *attrs; - attrs = attributes ? attributes : &noAttrs; - CssmDataContainer keyData(database()->allocator()); - for (;;) - { - if (!DbDbCursorImpl::next(attrs, &keyData, uniqueId)) - return false; - // Keep going until we find a key type record. - CSSM_DB_RECORDTYPE rt = attrs->recordType(); - if (rt == CSSM_DL_DB_RECORD_SYMMETRIC_KEY - || rt == CSSM_DL_DB_RECORD_PRIVATE_KEY - || rt == CSSM_DL_DB_RECORD_PUBLIC_KEY) - break; - } - - key = Key(database()->csp(), *reinterpret_cast(keyData.Data)); - return true; -} - -void -SSDbCursorImpl::activate() -{ - return DbDbCursorImpl::activate(); -} - -void -SSDbCursorImpl::deactivate() -{ - return DbDbCursorImpl::deactivate(); -} - - -// -// SSDbUniqueRecordImpl -- Secure Storage UniqueRecord Implementation. -// -SSDbUniqueRecordImpl::SSDbUniqueRecordImpl(const Db &db) -: DbUniqueRecordImpl(db) -{ -} - -SSDbUniqueRecordImpl::~SSDbUniqueRecordImpl() -{ -} - -void -SSDbUniqueRecordImpl::deleteRecord() -{ - deleteRecord(NULL); -} - -void -SSDbUniqueRecordImpl::deleteRecord(const CSSM_ACCESS_CREDENTIALS *cred) -{ - // Get the datablob for this record - // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get - CssmDataContainer dataBlob(allocator()); - DbUniqueRecordImpl::get(NULL, &dataBlob); - - // delete data part first: - // (1) don't leave data without keys around - // (2) delete orphaned data anyway - DbUniqueRecordImpl::deleteRecord(); - - // @@@ Use transactions? - if (SSGroupImpl::isGroup(dataBlob)) - try { - // Get the group for dataBlob - SSGroup group(database(), dataBlob); - // Delete the group (key) - group->deleteKey(cred); - } catch (const CssmError &err) { - switch (err.cssmError()) { - case CSSMERR_DL_RECORD_NOT_FOUND: - // Zombie item (no group key). Finally at peace! No error - break; - default: - throw; - } - } -} - -void -SSDbUniqueRecordImpl::modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode) -{ - modify(recordType, attributes, data, modifyMode, NULL); -} - -void -SSDbUniqueRecordImpl::modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - if (!data) - { - DbUniqueRecordImpl::modify(recordType, attributes, NULL, modifyMode); - return; - } - - // Get the datablob for this record - // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get - CssmDataContainer oldDataBlob(allocator()); - DbUniqueRecordImpl::get(NULL, &oldDataBlob); - - if (!SSGroupImpl::isGroup(oldDataBlob)) - { - DbUniqueRecordImpl::modify(recordType, attributes, data, modifyMode); - return; - } - - // Get the group for oldDataBlob - SSGroup group(database(), oldDataBlob); - - // Create a new dataBlob. - CssmDataContainer dataBlob(allocator()); - group->encodeDataBlob(data, cred, dataBlob); - DbUniqueRecordImpl::modify(recordType, attributes, &dataBlob, modifyMode); -} - -void -SSDbUniqueRecordImpl::get(DbAttributes *attributes, ::CssmDataContainer *data) -{ - get(attributes, data, NULL); -} - -void -SSDbUniqueRecordImpl::get(DbAttributes *attributes, ::CssmDataContainer *data, - const CSSM_ACCESS_CREDENTIALS *cred) -{ - if (!data) - { - DbUniqueRecordImpl::get(attributes, NULL); - return; - } - - // Get the datablob for this record - // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get - CssmDataContainer dataBlob(allocator()); - DbUniqueRecordImpl::get(attributes, &dataBlob); - - if (!SSGroupImpl::isGroup(dataBlob)) - { - data->Data = dataBlob.Data; - data->Length = dataBlob.Length; - dataBlob.Data = NULL; - dataBlob.Length = 0; - return; - } - - // Get the group for dataBlob - SSGroup group(database(), dataBlob); - - // Decode the dataBlob, pass in the DL allocator. - group->decodeDataBlob(dataBlob, cred, allocator(), *data); -} - -SSGroup -SSDbUniqueRecordImpl::group() -{ - // Get the datablob for this record - // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get - CssmDataContainer dataBlob(allocator()); - DbUniqueRecordImpl::get(NULL, &dataBlob); - return SSGroup(database(), dataBlob); -} diff --git a/cdsa/cdsa_client/securestorage.h b/cdsa/cdsa_client/securestorage.h deleted file mode 100644 index 42ac7cd2..00000000 --- a/cdsa/cdsa_client/securestorage.h +++ /dev/null @@ -1,343 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// securestorage - client interface to CSP DLs and their operations -// -#ifndef _H_CDSA_CLIENT_SECURESTORAGE -#define _H_CDSA_CLIENT_SECURESTORAGE 1 - -#include -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// A CSP and a DL attachment of the same subservice -// -// This gives us 2 Object instances, but we make sure that have the same -// mImpl. Currently this class has no behaviour, but it will get some in -// the future. -// -class CSPDLImpl : public CSPImpl, public DLImpl -{ -public: - CSPDLImpl(const Guid &guid); - CSPDLImpl(const Module &module); - virtual ~CSPDLImpl(); - - // Object methods. - bool isActive() const { return CSPImpl::isActive() || DLImpl::isActive(); } - - virtual CssmAllocator &allocator() const; - virtual void allocator(CssmAllocator &alloc); - - virtual bool operator <(const CSPDLImpl &other) const; - virtual bool operator ==(const CSPDLImpl &other) const; - - // Attachment methods. - virtual CSSM_SERVICE_MASK subserviceMask() const; - virtual void subserviceId(uint32 id); - - uint32 subserviceId() const { return CSPImpl::subserviceId(); } - CSSM_ATTACH_FLAGS cspFlags() const { return CSPImpl::flags(); } - void cspFlags(CSSM_ATTACH_FLAGS f) { CSPImpl::flags(f); } - CSSM_ATTACH_FLAGS dlFlags() const { return DLImpl::flags(); } - void dlFlags(CSSM_ATTACH_FLAGS f) { DLImpl::flags(f); } - - void attach() { CSPImpl::attach(); DLImpl::attach(); } - void detach() { CSPImpl::detach(); DLImpl::detach(); } - bool attached() const { return CSPImpl::attached() || DLImpl::attached(); } - - Module module() const { return CSPImpl::module(); } - const Guid &guid() const { return CSPImpl::guid(); } - CSSM_MODULE_HANDLE cspHandle() { return CSPImpl::handle(); } - CSSM_MODULE_HANDLE dlHandle() { return DLImpl::handle(); } - - CssmSubserviceUid subserviceUid() const - { return CSPImpl::subserviceUid(); } - -private: -}; - - -class CSPDL : public CSP, public DL -{ -public: - typedef CSPDLImpl Impl; - - explicit CSPDL(Impl *impl) : CSP(impl), DL(impl) {} - CSPDL(const Guid &guid) : CSP(new Impl(guid)), DL(&CSP::impl()) {} - CSPDL(const Module &module) - : CSP(new Impl(module)), DL(&CSP::impl()) {} - - //template _Impl &impl() const - //{ return CSP::impl<_Impl>(); } - - Impl *get() const { return &CSP::impl(); } - Impl *operator ->() const { return &CSP::impl(); } - Impl &operator *() const { return CSP::impl(); } - - // Conversion operators must be here - bool operator !() const { return !get(); } - operator bool() const { return get(); } - - bool operator <(const CSPDL &other) const - { return *this && other ? **this < *other : get() < other.get(); } - bool operator ==(const CSPDL &other) const - { return *this && other ? **this == *other : get() == other.get(); } -}; - - -// -// SSCSPDL -- Secure storage class -// -class SSCSPDLImpl : public CSPDLImpl -{ -public: - SSCSPDLImpl(const Guid &guid); - SSCSPDLImpl(const Module &module); - virtual ~SSCSPDLImpl(); - - // DbMaker - DbImpl *newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); -private: -}; - -class SSCSPDL : public CSPDL -{ -public: - typedef SSCSPDLImpl Impl; - - explicit SSCSPDL(Impl *impl) : CSPDL(impl) {} - SSCSPDL(const Guid &guid) : CSPDL(new Impl(guid)) {} - SSCSPDL(const Module &module) : CSPDL(new Impl(module)) {} - - Impl *operator ->() const { return &CSP::impl(); } - Impl &operator *() const { return CSP::impl(); } -}; - - -// -// SSDbImpl -- A Security Storage Db object. -// -class SSGroup; -class SSDbUniqueRecord; - -class SSDbImpl : public DbImpl -{ -public: - SSDbImpl(const SSCSPDL &cspdl, - const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); - virtual ~SSDbImpl(); - - void create(); - void open(); - - SSDbUniqueRecord insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - const CSSM_RESOURCE_CONTROL_CONTEXT *rc = NULL); - - SSDbUniqueRecord insert(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, const SSGroup &group, - const CSSM_ACCESS_CREDENTIALS *cred); - - // DbCursorMaker - DbCursorImpl *newDbCursor(const CSSM_QUERY &query, - CssmAllocator &allocator); - DbCursorImpl *newDbCursor(uint32 capacity, CssmAllocator &allocator); - - // SSDbUniqueRecordMaker - DbUniqueRecordImpl *newDbUniqueRecord(); - - CSP csp() { return parent(); } -}; - -class SSDb : public Db -{ -public: - typedef SSDbImpl Impl; - - explicit SSDb(Impl *impl) : Db(impl) {} - SSDb(const SSCSPDL &cspdl, const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation) - : Db(cspdl->newDb(inDbName, inDbLocation)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// SSGroup -- Group key with acl, used to protect a group of items. -// -class SSGroupImpl : public KeyImpl -{ -public: - SSGroupImpl(const SSDb &ssDb, const CSSM_DATA &dataBlob); - SSGroupImpl(const SSDb &ssDb, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry); - - static bool isGroup(const CSSM_DATA &dataBlob); - - const CssmData label() const; - void decodeDataBlob(const CSSM_DATA &dataBlob, - const CSSM_ACCESS_CREDENTIALS *cred, - CssmAllocator &allocator, CSSM_DATA &data); - void encodeDataBlob(const CSSM_DATA *data, - const CSSM_ACCESS_CREDENTIALS *cred, - CssmDataContainer &dataBlob); - -private: - // Constants - enum - { - // Label prefix for a secure storage group - kGroupMagic = FOUR_CHAR_CODE('ssgp'), - - // Size of label (including prefix) - kLabelSize = 20, - - // Size of IV - kIVSize = 8 - }; - - CSSM_DB_ATTR_DECL(kLabel); - - CssmDataContainer mLabel; -}; - -class SSGroup : public Key -{ -public: - typedef SSGroupImpl Impl; - explicit SSGroup(Impl *impl) : Key(impl) {} - - SSGroup() : Key(NULL) {} - - // Create a new group. - SSGroup(const SSDb &ssDb, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry) - : Key(new Impl(ssDb, credAndAclEntry)) {} - - // Lookup an existing group based on a dataBlob. - SSGroup(const SSDb &ssDb, const CSSM_DATA &dataBlob) - : Key(new Impl(ssDb, dataBlob)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// SSDbCursor -- Cursor for iterating over Securely Stored records (or keys) -// -class SSDbCursorImpl : public DbDbCursorImpl -{ -public: - SSDbCursorImpl(const Db &db, const CSSM_QUERY &query, - CssmAllocator &allocator); - SSDbCursorImpl(const Db &db, uint32 capacity, - CssmAllocator &allocator); - - bool next(DbAttributes *attributes, ::CssmDataContainer *data, - DbUniqueRecord &uniqueId); - bool next(DbAttributes *attributes, ::CssmDataContainer *data, - DbUniqueRecord &uniqueId, const CSSM_ACCESS_CREDENTIALS *cred); - bool nextKey(DbAttributes *attributes, Key &key, DbUniqueRecord &uniqueId); - //bool nextGroup(DbAttributes *attributes, SSGroup &group, DbUniqueRecord &uniqueId); - - SSDb database() { return parent(); } -protected: - void activate(); - void deactivate(); -}; - -class SSDbCursor : public DbCursor -{ -public: - typedef SSDbCursorImpl Impl; - - explicit SSDbCursor(Impl *impl) : DbCursor(impl) {} - SSDbCursor(const SSDb &ssDb, const CSSM_QUERY &query, - CssmAllocator &allocator = CssmAllocator::standard()) - : DbCursor(ssDb->newDbCursor(query, allocator)) {} - SSDbCursor(const SSDb &ssDb, const uint32 capacity = 0, - CssmAllocator &allocator = CssmAllocator::standard()) - : DbCursor(ssDb->newDbCursor(capacity, allocator)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// SSDbUniqueRecord -// -class SSDbUniqueRecordImpl : public DbUniqueRecordImpl -{ -public: - SSDbUniqueRecordImpl(const Db &db); - virtual ~SSDbUniqueRecordImpl(); - - void deleteRecord(); - void deleteRecord(const CSSM_ACCESS_CREDENTIALS *cred); - void modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode); - void modify(CSSM_DB_RECORDTYPE recordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, - const CSSM_DATA *data, - CSSM_DB_MODIFY_MODE modifyMode, - const CSSM_ACCESS_CREDENTIALS *cred); - void get(DbAttributes *attributes, ::CssmDataContainer *data); - void get(DbAttributes *attributes, ::CssmDataContainer *data, - const CSSM_ACCESS_CREDENTIALS *cred); - - SSDb database() { return parent(); } - - // Return the group that this record is in. - SSGroup group(); -}; - -class SSDbUniqueRecord : public DbUniqueRecord -{ -public: - typedef SSDbUniqueRecordImpl Impl; - - explicit SSDbUniqueRecord(Impl *impl) : DbUniqueRecord(impl) {} - SSDbUniqueRecord(const SSDb &ssDb) - : DbUniqueRecord(ssDb->newDbUniqueRecord()) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - -}; // end namespace CssmClient - -} // end namespace Security - -#endif //_H_CDSA_CLIENT_SECURESTORAGE diff --git a/cdsa/cdsa_client/signclient.cpp b/cdsa/cdsa_client/signclient.cpp deleted file mode 100644 index 91b4718e..00000000 --- a/cdsa/cdsa_client/signclient.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// signclient - client interface to CSSM sign/verify contexts -// -#include - -using namespace CssmClient; - -// -// Common features of signing and verify contexts -// -void SigningContext::activate() -{ - if (!mActive) - { - check(CSSM_CSP_CreateSignatureContext(attachment()->handle(), mAlgorithm, - NULL/*cred*/, mKey, &mHandle)); - mActive = true; - } -} - - -// -// Signing -// -void Sign::sign(const CssmData *data, uint32 count, CssmData &signature) -{ - unstaged(); - check(CSSM_SignData(handle(), data, count, mSignOnly, &signature)); -} - -void Sign::init() -{ - check(CSSM_SignDataInit(handle())); - mStaged = true; -} - -void Sign::sign(const CssmData *data, uint32 count) -{ - staged(); - check(CSSM_SignDataUpdate(handle(), data, count)); -} - -void Sign::operator () (CssmData &signature) -{ - staged(); - check(CSSM_SignDataFinal(handle(), &signature)); - mStaged = false; -} - - -// -// Verifying -// -void Verify::verify(const CssmData *data, uint32 count, const CssmData &signature) -{ - unstaged(); - check(CSSM_VerifyData(handle(), data, count, mSignOnly, &signature)); -} - -void Verify::init() -{ - check(CSSM_VerifyDataInit(handle())); - mStaged = true; -} - -void Verify::verify(const CssmData *data, uint32 count) -{ - staged(); - check(CSSM_VerifyDataUpdate(handle(), data, count)); -} - -void Verify::operator () (const CssmData &signature) -{ - staged(); - check(CSSM_VerifyDataFinal(handle(), &signature)); - mStaged = false; -} diff --git a/cdsa/cdsa_client/signclient.h b/cdsa/cdsa_client/signclient.h deleted file mode 100644 index bb9024fa..00000000 --- a/cdsa/cdsa_client/signclient.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// signclient - client interface to CSSM sign/verify contexts -// -#ifndef _H_CDSA_CLIENT_SIGNCLIENT -#define _H_CDSA_CLIENT_SIGNCLIENT 1 - -#include -#include - -namespace Security -{ - -namespace CssmClient -{ - -// -// A signing/verifying context -// -class SigningContext : public Context -{ -public: - SigningContext(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS signOnly = CSSM_ALGID_NONE) - : Context(csp, alg), mSignOnly(signOnly) { } - - Key key() const { assert(mKey); return mKey; } - void key(const Key &k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, mKey); } - - CSSM_ALGORITHMS signOnlyAlgorithm() const { return mSignOnly; } - void signOnlyAlgorithm(CSSM_ALGORITHMS alg) { mSignOnly = alg; } - -protected: - void activate(); - CSSM_ALGORITHMS mSignOnly; - Key mKey; -}; - - -class Sign : public SigningContext -{ -public: - Sign(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS signOnly = CSSM_ALGID_NONE) - : SigningContext(csp, alg, signOnly) { } - - // integrated - void sign(const CssmData &data, CssmData &signature) { sign(&data, 1, signature); } - void sign(const CssmData *data, uint32 count, CssmData &signature); - - // staged - void init(); // Optional - void sign(const CssmData &data) { sign(&data, 1); } - void sign(const CssmData *data, uint32 count); - void operator () (CssmData &signature); - CssmData operator () () { CssmData signature; (*this)(signature); return signature; } -}; - -class Verify : public SigningContext -{ -public: - Verify(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS verifyOnly = CSSM_ALGID_NONE) - : SigningContext(csp, alg, verifyOnly) { } - - // integrated - void verify(const CssmData &data, const CssmData &signature) { verify(&data, 1, signature); } - void verify(const CssmData *data, uint32 count, const CssmData &signature); - - // staged - void init(); // Optional - void verify(const CssmData &data) { verify(&data, 1); } - void verify(const CssmData *data, uint32 count); - void operator () (const CssmData &signature); -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_SIGNCLIENT diff --git a/cdsa/cdsa_client/tpclient.cpp b/cdsa/cdsa_client/tpclient.cpp deleted file mode 100644 index c1448516..00000000 --- a/cdsa/cdsa_client/tpclient.cpp +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// tpclient - client interface to CSSM TPs and their operations -// -#include - -namespace Security { -namespace CssmClient { - - -// -// Manage TP attachments -// -TPImpl::TPImpl(const Guid &guid) - : AttachmentImpl(guid, CSSM_SERVICE_TP), mUseCL(NULL), mUseCSP(NULL), - mOwnCL(false), mOwnCSP(false) -{ -} - -TPImpl::TPImpl(const Module &module) - : AttachmentImpl(module, CSSM_SERVICE_TP), mUseCL(NULL), mUseCSP(NULL), - mOwnCL(false), mOwnCSP(false) -{ -} - -TPImpl::~TPImpl() -{ - if (mOwnCL) - delete mUseCL; - if (mOwnCSP) - delete mUseCSP; -} - - -// -// Verify a CertGroup -// -void TPImpl::certGroupVerify(const CertGroup &certGroup, - const TPVerifyContext &context, - TPVerifyResult *result) -{ - setupCL(); - setupCSP(); - check(CSSM_TP_CertGroupVerify(handle(), (*mUseCL)->handle(), (*mUseCSP)->handle(), - &certGroup, &context, result)); -} - - -// -// Initialize auxiliary modules for operation -// -void TPImpl::setupCL() -{ - if (mUseCL == NULL) { - secdebug("tpclient", "TP is auto-attaching supporting CL"); - mUseCL = new CL(gGuidAppleX509CL); - mOwnCL = true; - } -} - -void TPImpl::setupCSP() -{ - if (mUseCSP == NULL) { - secdebug("tpclient", "TP is auto-attaching supporting CSP"); - mUseCSP = new CSP(gGuidAppleCSP); - mOwnCSP = true; - } -} - -void TPImpl::use(CL &cl) -{ - if (mOwnCL) - delete mUseCL; - mUseCL = &cl; - mOwnCL = false; -} - -void TPImpl::use(CSP &csp) -{ - if (mOwnCSP) - delete mUseCSP; - mUseCSP = &csp; - mOwnCSP = false; -} - -CL &TPImpl::usedCL() -{ - setupCL(); - return *mUseCL; -} - -CSP &TPImpl::usedCSP() -{ - setupCSP(); - return *mUseCSP; -} - - -// -// A TPBuildVerifyContext -// -TPBuildVerifyContext::TPBuildVerifyContext(CSSM_TP_ACTION action, CssmAllocator &alloc) - : allocator(alloc) -{ - // clear out the PODs - clearPod(); - mCallerAuth.clearPod(); - mDlDbList.clearPod(); - - // set initial elements - Action = action; - callerAuthPtr(&mCallerAuth); - mCallerAuth.dlDbList() = &mDlDbList; -} - - -} // end namespace CssmClient -} // end namespace Security - diff --git a/cdsa/cdsa_client/tpclient.h b/cdsa/cdsa_client/tpclient.h deleted file mode 100644 index 18a5705a..00000000 --- a/cdsa/cdsa_client/tpclient.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// tpclient - client interface to CSSM TPs and their operations -// -#ifndef _H_CDSA_CLIENT_TPCLIENT -#define _H_CDSA_CLIENT_TPCLIENT 1 - -#include -#include -#include -#include -#include -#include - - -namespace Security { -namespace CssmClient { - - -// -// A TP attachment -// -class TPImpl : public AttachmentImpl -{ -public: - TPImpl(const Guid &guid); - TPImpl(const Module &module); - virtual ~TPImpl(); - -public: - // the CL and CSP used with many TP operations is usually - // pretty stable. The system may even figure them out - // automatically in the future. - void use(CL &cl); - void use(CSP &csp); - CL &usedCL(); - CSP &usedCSP(); - -public: - void certGroupVerify(const CertGroup &certGroup, const TPVerifyContext &context, - TPVerifyResult *result); - -private: - void setupCL(); // setup mUseCL - void setupCSP(); // setup mUseCSP - -private: - CL *mUseCL; // use this CL for TP operation - CSP *mUseCSP; // use this CSP for TP operation - bool mOwnCL, mOwnCSP; // whether we've made our own -}; - - -class TP : public Attachment -{ -public: - typedef TPImpl Impl; - - explicit TP(Impl *impl) : Attachment(impl) {} - TP(const Guid &guid) : Attachment(new Impl(guid)) {} - TP(const Module &module) : Attachment(new Impl(module)) {} - - Impl *operator ->() const { return &impl(); } - Impl &operator *() const { return impl(); } -}; - - -// -// A self-building TPVerifyContext. -// This is a TPVerifyContext, but it's NOT A PODWRAPPER (it's larger). -// -// NOTE: This is not a client-side object. -// -class TPBuildVerifyContext : public TPVerifyContext { -public: - TPBuildVerifyContext(CSSM_TP_ACTION action = CSSM_TP_ACTION_DEFAULT, - CssmAllocator &alloc = CssmAllocator::standard()); - - CssmAllocator &allocator; - -private: - TPCallerAuth mCallerAuth; - PolicyInfo mPolicyInfo; - CssmDlDbList mDlDbList; -}; - - -} // end namespace CssmClient -} // end namespace Security - -#endif // _H_CDSA_CLIENT_CLCLIENT diff --git a/cdsa/cdsa_client/wrapkey.cpp b/cdsa/cdsa_client/wrapkey.cpp deleted file mode 100644 index 981df26d..00000000 --- a/cdsa/cdsa_client/wrapkey.cpp +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// wrapkey - client interface for wrapping and unwrapping keys -// -#include - -using namespace CssmClient; - - -Key -WrapKey::operator () (Key &keyToBeWrapped, const CssmData *descriptiveData) -{ - Key wrappedKey; - - check(CSSM_WrapKey(handle(), mCred, keyToBeWrapped, descriptiveData, - wrappedKey.makeNewKey(attachment()))); - wrappedKey->activate(); - - return wrappedKey; -} - -void -WrapKey::operator () (const CssmKey &keyToBeWrapped, CssmKey &wrappedKey, - const CssmData *descriptiveData) -{ - check(CSSM_WrapKey(handle(), mCred, &keyToBeWrapped, descriptiveData, &wrappedKey)); -} - -void -WrapKey::activate() -{ - if (!mActive) - { - Crypt::activate(); - if (mWrappedKeyFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE); - set(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT, mWrappedKeyFormat); - } -} - -Key -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec) -{ - Key unwrappedKey; - - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - CssmData data(reinterpret_cast(1), 0); - - check(CSSM_UnwrapKey(handle(), NULL, - &keyToBeUnwrapped, spec.usage, spec.attributes, - spec.label, &resourceControlContext, - unwrappedKey.makeNewKey(attachment()), &data)); - unwrappedKey->activate(); - - return unwrappedKey; -} - -void -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey) -{ - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - CssmData data(reinterpret_cast(1), 0); - - check(CSSM_UnwrapKey(handle(), NULL, &keyToBeUnwrapped, spec.usage, - spec.attributes, spec.label, &resourceControlContext, - &unwrappedKey, &data)); -} - -Key -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - Key &optionalPublicKey) -{ - Key unwrappedKey; - - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - CssmData data(reinterpret_cast(1), 0); - - check(CSSM_UnwrapKey(handle(), optionalPublicKey, - &keyToBeUnwrapped, spec.usage, spec.attributes, - spec.label, &resourceControlContext, - unwrappedKey.makeNewKey(attachment()), &data)); - - unwrappedKey->activate(); - - return unwrappedKey; -} - -void -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, - const CssmKey *optionalPublicKey) -{ - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - CssmData data(reinterpret_cast(1), 0); - - check(CSSM_UnwrapKey(handle(), optionalPublicKey, &keyToBeUnwrapped, - spec.usage, spec.attributes, spec.label, - &resourceControlContext, &unwrappedKey, &data)); -} - - -Key -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmData *descriptiveData) -{ - Key unwrappedKey; - - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_UnwrapKey(handle(), NULL, &keyToBeUnwrapped, spec.usage, - spec.attributes, spec.label, &resourceControlContext, - unwrappedKey.makeNewKey(attachment()), - descriptiveData)); - unwrappedKey->activate(); - - return unwrappedKey; -} - -void -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, CssmData *descriptiveData) -{ - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_UnwrapKey(handle(), NULL, &keyToBeUnwrapped, spec.usage, - spec.attributes, spec.label, &resourceControlContext, - &unwrappedKey, descriptiveData)); -} - -Key -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - Key &optionalPublicKey, CssmData *descriptiveData) -{ - Key unwrappedKey; - - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_UnwrapKey(handle(), optionalPublicKey, &keyToBeUnwrapped, - spec.usage, spec.attributes, spec.label, - &resourceControlContext, - unwrappedKey.makeNewKey(attachment()), - descriptiveData)); - unwrappedKey->activate(); - - return unwrappedKey; -} - -void -UnwrapKey::operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, CssmData *descriptiveData, - const CssmKey *optionalPublicKey) -{ - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_UnwrapKey(handle(), optionalPublicKey, &keyToBeUnwrapped, - spec.usage, spec.attributes, spec.label, - &resourceControlContext, &unwrappedKey, - descriptiveData)); -} - - -void DeriveKey::activate() -{ - if (!mActive) - { - check(CSSM_CSP_CreateDeriveKeyContext(attachment()->handle(), mAlgorithm, - mTargetType, mKeySize, mCred, mKey, mIterationCount, mSalt, mSeed, &mHandle)); - mActive = true; - } -} - - -Key -DeriveKey::operator () (CssmData *param, const KeySpec &spec) -{ - Key derivedKey; - - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_DeriveKey(handle(), param, spec.usage, spec.attributes, - spec.label, &resourceControlContext, - derivedKey.makeNewKey(attachment()))); - derivedKey->activate(); - - return derivedKey; -} - -void -DeriveKey::operator () (CssmData *param, const KeySpec &spec, - CssmKey &derivedKey) -{ - const ResourceControlContext resourceControlContext - (mAclEntry, const_cast(mCred)); - - check(CSSM_DeriveKey(handle(), param, spec.usage, spec.attributes, - spec.label, &resourceControlContext, &derivedKey)); -} diff --git a/cdsa/cdsa_client/wrapkey.h b/cdsa/cdsa_client/wrapkey.h deleted file mode 100644 index e38fefae..00000000 --- a/cdsa/cdsa_client/wrapkey.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// wrapkey - client interface for wrapping and unwrapping keys -// -#ifndef _H_CDSA_CLIENT_WRAPKEY -#define _H_CDSA_CLIENT_WRAPKEY 1 - -#include -#include -#include - - -namespace Security -{ - -namespace CssmClient -{ - -class WrapKey : public Crypt -{ -public: - WrapKey(const CSP &csp, CSSM_ALGORITHMS alg) : - Crypt(csp, alg), mWrappedKeyFormat(CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) {} - -public: - CSSM_KEYBLOB_FORMAT wrappedKeyFormat() const { return mWrappedKeyFormat; } - void wrappedKeyFormat(CSSM_KEYBLOB_FORMAT wrappedKeyFormat) - { mWrappedKeyFormat = wrappedKeyFormat; set(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT, wrappedKeyFormat); } - - // wrap the key - Key operator () (Key &keyToBeWrapped, const CssmData *descriptiveData = NULL); - void operator () (const CssmKey &keyToBeWrapped, CssmKey &wrappedKey, - const CssmData *descriptiveData = NULL); - -protected: - void activate(); - -private: - CSSM_KEYBLOB_FORMAT mWrappedKeyFormat; -}; - -class UnwrapKey : public Crypt -{ -public: - UnwrapKey(const CSP &csp, CSSM_ALGORITHMS alg) : Crypt(csp, alg) {} - -public: - // wrap the key - Key operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec); - void operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey); - - Key operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - Key &optionalPublicKey); - void operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, const CssmKey *optionalPublicKey); - - Key operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmData *descriptiveData); - void operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, CssmData *descriptiveData); - - Key operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - Key &optionalPublicKey, CssmData *descriptiveData); - void operator () (const CssmKey &keyToBeUnwrapped, const KeySpec &spec, - CssmKey &unwrappedKey, CssmData *descriptiveData, - const CssmKey *optionalPublicKey); -}; - -class DeriveKey : public Crypt -{ -public: - DeriveKey(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS target, uint32 size = 0) - : Crypt(csp, alg), mKeySize(size), mTargetType(target), mIterationCount(0), - mSeed(NULL), mSalt(NULL) { } - -public: - CSSM_ALGORITHMS targetType() const { return mTargetType; } - void targetType(CSSM_ALGORITHMS alg) { mTargetType = alg; } - uint32 iterationCount() const { return mIterationCount; } - void iterationCount(uint32 c) { mIterationCount = c; } - const CssmCryptoData seed() const { return *mSeed; } - void seed(const CssmCryptoData &data) { mSeed = &data; } - const CssmData salt() const { return *mSalt; } - void salt(const CssmData &data) { mSalt = &data; } - - Key operator () (CssmData *param, const KeySpec &spec); - void operator () (CssmData *param, const KeySpec &spec, - CssmKey &derivedKey); - - void activate(); - -private: - uint32 mKeySize; - CSSM_ALGORITHMS mTargetType; - uint32 mIterationCount; - const CssmCryptoData *mSeed; - const CssmData *mSalt; -}; - -} // end namespace CssmClient - -} // end namespace Security - -#endif // _H_CDSA_CLIENT_WRAPKEY diff --git a/cdsa/cdsa_pluginlib.cpp b/cdsa/cdsa_pluginlib.cpp deleted file mode 100644 index aa40724c..00000000 --- a/cdsa/cdsa_pluginlib.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* Headers. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Source files. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include diff --git a/cdsa/cdsa_pluginlib/ACsession.h b/cdsa/cdsa_pluginlib/ACsession.h deleted file mode 100644 index 085af035..00000000 --- a/cdsa/cdsa_pluginlib/ACsession.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ACsession.h - Framework for AC plugin modules -// -#ifndef _H_ACSESSION -#define _H_ACSESSION - -#include - -#if defined(_CPP_ACSESSION) -# pragma export on -#endif - -namespace Security -{ - -// -// The abstract ACPluginSession class is the common ancestor of your implementation -// object for an AC type plugin attachment session. Inherit from this and implement -// the abstract methods to define a plugin session. -// -class ACPluginSession : public PluginSession, public ACAbstractPluginSession { -public: - ACPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls) { } - -protected: - CSSM_MODULE_FUNCS_PTR construct(); -}; - -} // end namespace Security - -#if defined(_CPP_ACSESSION) -# pragma export off -#endif - -#endif //_H_ACSESSION diff --git a/cdsa/cdsa_pluginlib/CLsession.h b/cdsa/cdsa_pluginlib/CLsession.h deleted file mode 100644 index a006173a..00000000 --- a/cdsa/cdsa_pluginlib/CLsession.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CLsession.h - Framework for CL plugin modules -// -#ifndef _H_CLSESSION -#define _H_CLSESSION - -#include - -#if defined(_CPP_CLSESSION) -# pragma export on -#endif - -namespace Security -{ - -// -// The abstract CLPluginSession class is the common ancestor of your implementation -// object for an CL type plugin attachment session. Inherit from this and implement -// the abstract methods to define a plugin session. -// -class CLPluginSession : public PluginSession, public CLAbstractPluginSession { -public: - CLPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls) { } - -protected: - CSSM_MODULE_FUNCS_PTR construct(); -}; - -} // end namespace Security - -#if defined(_CPP_CLSESSION) -# pragma export off -#endif - -#endif //_H_CLSESSION diff --git a/cdsa/cdsa_pluginlib/CSPsession.cpp b/cdsa/cdsa_pluginlib/CSPsession.cpp deleted file mode 100644 index ffa64479..00000000 --- a/cdsa/cdsa_pluginlib/CSPsession.cpp +++ /dev/null @@ -1,1030 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPsession - Plugin framework for CSP plugin modules -// -#ifdef __MWERKS__ -#define _CPP_CSPSESSION -#endif - -#include -#include - - -typedef CSPFullPluginSession::CSPContext CSPContext; - - -// -// PluginContext construction -// -CSPPluginSession::PluginContext::~PluginContext() -{ } - - -// -// Internal utilities -// -CssmData CSPFullPluginSession::makeBuffer(size_t size, CssmAllocator &alloc) -{ - return CssmData(alloc.malloc(size), size); -} - -inline size_t CSPFullPluginSession::totalBufferSize(const CssmData *data, uint32 count) -{ - size_t size = 0; - for (uint32 n = 0; n < count; n++) - size += data[n].length(); - return size; -} - - -// -// Notify a context that its underlying CSSM context has (well, may have) changed. -// The default reaction is to ask the frame to delete the context and start over. -// -bool CSPPluginSession::PluginContext::changed(const Context &context) -{ - return false; // delete me, please -} - - -// -// The Session's init() function calls your setupContext() method to prepare -// it for action, then calls the context's init() method. -// -CSPContext *CSPFullPluginSession::init(CSSM_CC_HANDLE ccHandle, - CSSM_CONTEXT_TYPE type, - const Context &context, bool encoding) -{ - CSPContext *ctx = getContext(ccHandle); - checkOperation(context.type(), type); - - // ask the implementation to set up an internal context - setupContext(ctx, context, encoding); - assert(ctx != NULL); // must have context now (@@@ throw INTERNAL_ERROR instead?) - ctx->mType = context.type(); - ctx->mDirection = encoding; - setContext(ccHandle, ctx); - - // initialize the context and return it - ctx->init(context, encoding); - return ctx; -} - - -// -// Retrieve a context for a staged operation in progress. -// -CSPContext *CSPFullPluginSession::getStagedContext(CSSM_CC_HANDLE ccHandle, - CSSM_CONTEXT_TYPE type, bool encoding) -{ - CSPContext *ctx = getContext(ccHandle); - if (ctx == NULL) - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); //@@@ better diagnostic? - checkOperation(ctx->type(), type); - if (ctx->encoding() != encoding) - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); - return ctx; -} - - -// -// The Session's checkState() function is called for subsequent staged operations -// (update/final) to verify that the user didn't screw up the sequencing. -// -void CSPFullPluginSession::checkOperation(CSSM_CONTEXT_TYPE ctxType, CSSM_CONTEXT_TYPE opType) -{ - switch (opType) { - case CSSM_ALGCLASS_NONE: // no check - return; - case CSSM_ALGCLASS_CRYPT: // symmetric or asymmetric encryption - if (ctxType == CSSM_ALGCLASS_SYMMETRIC || - ctxType == CSSM_ALGCLASS_ASYMMETRIC) - return; - default: // plain match - if (ctxType == opType) - return; - } - CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT); -} - - -// -// The default implementations of the primary context operations throw internal -// errors. You must implement any of these that are actually called by the -// operations involved. The others, of course, can be left alone. -// -void CSPContext::init(const Context &context, bool encoding) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::update(const CssmData &data) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::final(CssmData &out) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::final(const CssmData &in) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::generate(const Context &, CssmKey &pubKey, CssmKey &privKey) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::generate(const Context &, uint32, CssmData ¶ms, - uint32 &attrCount, Context::Attr * &attrs) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -size_t CSPContext::inputSize(size_t outSize) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -size_t CSPContext::outputSize(bool final, size_t inSize) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -void CSPContext::minimumProgress(size_t &in, size_t &out) -{ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } - -CSPFullPluginSession::CSPContext *CSPContext::clone(CssmAllocator &) -{ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); } - -void CSPContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg) -{ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } - -void CSPContext::update(const CssmData *in, - uint32 inCount, Writer &writer) -{ - const CssmData *lastIn = in + inCount; - CssmData current; - for (;;) { - if (current.length() == 0) { - if (in == lastIn) - return; // all done - current = *in++; - continue; // Just in case next block is zero length too. - } - // match up current input and output buffers - void *outP; size_t outSize; - writer.nextBlock(outP, outSize); - size_t inSize = inputSize(outSize); - if (inSize > current.length()) - inSize = current.length(); // cap to remaining input buffer - if (inSize > 0) { - // we can stuff into the current output buffer - do it - update(current.data(), inSize, outP, outSize); - current.use(inSize); - writer.use(outSize); - } else { - // We have remaining output buffer space, but not enough - // for the algorithm to make progress with it. We must proceed with - // a bounce buffer and split it manually into this and the next buffer(s). - size_t minOutput; - minimumProgress(inSize, minOutput); - assert(minOutput > outSize); // PluginContext consistency (not fatal) - char splitBuffer[128]; - assert(minOutput <= sizeof(splitBuffer)); // @@@ static buffer for now - outSize = sizeof(splitBuffer); - if (current.length() < inSize) - inSize = current.length(); // cap to data remaining in input buffer - update(current.data(), inSize, splitBuffer, outSize); - assert(inSize > 0); // progress made - writer.put(splitBuffer, outSize); // stuff into buffer, the hard way - current.use(inSize); - } - } -} - -void CSPContext::final(CssmData &out, CssmAllocator &alloc) -{ - size_t needed = outputSize(true, 0); - if (out) { - if (out.length() < needed) - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } else { - out = makeBuffer(needed, alloc); - } - final(out); -} - -void CSPContext::final(Writer &writer, CssmAllocator &alloc) -{ - if (size_t needed = outputSize(true, 0)) { - // need to generate additional output - writer.allocate(needed, alloc); // belt + suspender - - void *addr; size_t size; - writer.nextBlock(addr, size); // next single block available - if (needed <= size) { // rest fits into one block - CssmData chunk(addr, size); - final(chunk); - writer.use(chunk.length()); - } else { // need to split it up - char splitBuffer[128]; - assert(needed <= sizeof(splitBuffer)); - CssmData chunk(splitBuffer, sizeof(splitBuffer)); - final(chunk); - writer.put(chunk.data(), chunk.length()); - } - } -} - - -// -// Default context response functions -// -CSPPluginSession::PluginContext * -CSPPluginSession::contextCreate(CSSM_CC_HANDLE, const Context &) -{ - return NULL; // request no local context -} - -void CSPPluginSession::contextUpdate(CSSM_CC_HANDLE ccHandle, - const Context &context, PluginContext * &ctx) -{ - // call update notifier in context object - if (ctx && !ctx->changed(context)) { - // context requested that it be removed - delete ctx; - ctx = NULL; - } -} - -void CSPPluginSession::contextDelete(CSSM_CC_HANDLE, const Context &, PluginContext *) -{ - // do nothing (you can't prohibit deletion here) -} - - -// -// Default event notification handler. -// This default handler calls the virtual context* methods to dispose of context actions. -// -void CSPPluginSession::EventNotify(CSSM_CONTEXT_EVENT event, - CSSM_CC_HANDLE ccHandle, const Context &context) -{ - switch (event) { - case CSSM_CONTEXT_EVENT_CREATE: - if (PluginContext *ctx = contextCreate(ccHandle, context)) { - StLock _(contextMapLock); - assert(contextMap[ccHandle] == NULL); // check context re-creation - contextMap[ccHandle] = ctx; - } - break; - case CSSM_CONTEXT_EVENT_UPDATE: - // note that the handler can change the map entry (even to NULL, if desired) - { - StLock _(contextMapLock); - contextUpdate(ccHandle, context, contextMap[ccHandle]); - } - break; - case CSSM_CONTEXT_EVENT_DELETE: - { - StLock _(contextMapLock); - if (PluginContext *ctx = contextMap[ccHandle]) { - contextDelete(ccHandle, context, ctx); - delete ctx; - } - contextMap.erase(ccHandle); - } - break; - default: - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); // unexpected event code - } -} - - -// -// Defaults for methods you *should* implement. -// If you don't, they'll throw UNIMPLEMENTED. -// -void CSPFullPluginSession::getKeySize(const CssmKey &key, CSSM_KEY_SIZE &size) -{ unimplemented(); } - - -// -// Encryption and decryption -// -void CSPFullPluginSession::EncryptData(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData clearBufs[], - uint32 clearBufCount, - CssmData cipherBufs[], - uint32 cipherBufCount, - uint32 &bytesEncrypted, - CssmData &remData, - CSSM_PRIVILEGE privilege) -{ - Writer writer(cipherBufs, cipherBufCount, &remData); - CSPContext *ctx = init(ccHandle, CSSM_ALGCLASS_CRYPT, context, true); - size_t outNeeded = ctx->outputSize(true, totalBufferSize(clearBufs, clearBufCount)); - writer.allocate(outNeeded, *this); - ctx->update(clearBufs, clearBufCount, writer); - ctx->final(writer, *this); - bytesEncrypted = writer.close(); -} - -void CSPFullPluginSession::EncryptDataInit(CSSM_CC_HANDLE ccHandle, - const Context &context, - CSSM_PRIVILEGE Privilege) -{ - init(ccHandle, CSSM_ALGCLASS_CRYPT, context, true); -} - -void CSPFullPluginSession::EncryptDataUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData clearBufs[], - uint32 clearBufCount, - CssmData cipherBufs[], - uint32 cipherBufCount, - uint32 &bytesEncrypted) -{ - CSPContext *alg = getStagedContext(ccHandle, CSSM_ALGCLASS_CRYPT, true); - Writer writer(cipherBufs, cipherBufCount); - size_t outNeeded = alg->outputSize(false, totalBufferSize(clearBufs, clearBufCount)); - writer.allocate(outNeeded, *this); - alg->update(clearBufs, clearBufCount, writer); - bytesEncrypted = writer.close(); -} - -void CSPFullPluginSession::EncryptDataFinal(CSSM_CC_HANDLE ccHandle, - CssmData &remData) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_CRYPT, true)->final(remData, *this); -} - - -void CSPFullPluginSession::DecryptData(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData cipherBufs[], - uint32 cipherBufCount, - CssmData clearBufs[], - uint32 clearBufCount, - uint32 &bytesDecrypted, - CssmData &remData, - CSSM_PRIVILEGE privilege) -{ - Writer writer(clearBufs, clearBufCount, &remData); - CSPContext *ctx = init(ccHandle, CSSM_ALGCLASS_CRYPT, context, false); - size_t outNeeded = ctx->outputSize(true, totalBufferSize(cipherBufs, cipherBufCount)); - writer.allocate(outNeeded, *this); - ctx->update(cipherBufs, cipherBufCount, writer); - ctx->final(writer, *this); - bytesDecrypted = writer.close(); -} - -void CSPFullPluginSession::DecryptDataInit(CSSM_CC_HANDLE ccHandle, - const Context &context, - CSSM_PRIVILEGE Privilege) -{ - init(ccHandle, CSSM_ALGCLASS_CRYPT, context, false); -} - -void CSPFullPluginSession::DecryptDataUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData cipherBufs[], - uint32 cipherBufCount, - CssmData clearBufs[], - uint32 clearBufCount, - uint32 &bytesDecrypted) -{ - CSPContext *ctx = getStagedContext(ccHandle, CSSM_ALGCLASS_CRYPT, false); - Writer writer(clearBufs, clearBufCount); - size_t outNeeded = ctx->outputSize(false, totalBufferSize(cipherBufs, cipherBufCount)); - writer.allocate(outNeeded, *this); - ctx->update(cipherBufs, cipherBufCount, writer); - bytesDecrypted = writer.close(); -} - -void CSPFullPluginSession::DecryptDataFinal(CSSM_CC_HANDLE ccHandle, - CssmData &remData) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_CRYPT, false)->final(remData, *this); -} - -void CSPFullPluginSession::QuerySize(CSSM_CC_HANDLE ccHandle, - const Context &context, - CSSM_BOOL encrypt, - uint32 querySizeCount, - QuerySizeData *dataBlock) -{ - if (querySizeCount == 0) - return; // nothing ventured, nothing gained - CSPContext *ctx = getContext(ccHandle); // existing context? - if (ctx == NULL) // force internal context creation (as best we can) - ctx = init(ccHandle, context.type(), context, encrypt); - // If QuerySizeCount > 1, we assume this inquires about a staged - // operation, and the LAST item gets the 'final' treatment. - //@@@ Intel revised algspec says "use the staged flag" -- TBD - for (uint32 n = 0; n < querySizeCount; n++) { - // the outputSize() call might throw CSSMERR_CSP_QUERY_SIZE_UNKNOWN - dataBlock[n].SizeOutputBlock = - ctx->outputSize(n == querySizeCount-1, dataBlock[n].inputSize()); - } - //@@@ if we forced a context creation, should we discard it now? -} - - -// -// Key wrapping and unwrapping. -// -void CSPFullPluginSession::WrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const AccessCredentials &AccessCred, - const CssmKey &Key, - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege) -{ - unimplemented(); -} - -void CSPFullPluginSession::UnwrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey *PublicKey, - const CssmKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege) -{ - unimplemented(); -} - -void CSPFullPluginSession::DeriveKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CssmData &Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &DerivedKey) -{ - unimplemented(); -} - - -// -// Message Authentication Codes. -// Almost like signatures (signatures with symmetric keys), though the -// underlying implementation may be somewhat different. -// -void CSPFullPluginSession::GenerateMac(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData dataBufs[], - uint32 dataBufCount, - CssmData &mac) -{ - GenerateMacInit(ccHandle, context); - GenerateMacUpdate(ccHandle, dataBufs, dataBufCount); - GenerateMacFinal(ccHandle, mac); -} - -void CSPFullPluginSession::GenerateMacInit(CSSM_CC_HANDLE ccHandle, - const Context &context) -{ - init(ccHandle, CSSM_ALGCLASS_MAC, context, true); -} - -void CSPFullPluginSession::GenerateMacUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData dataBufs[], - uint32 dataBufCount) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_MAC, true)->update(dataBufs, dataBufCount); -} - -void CSPFullPluginSession::GenerateMacFinal(CSSM_CC_HANDLE ccHandle, - CssmData &mac) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_MAC, true)->final(mac, *this); -} - -void CSPFullPluginSession::VerifyMac(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData dataBufs[], - uint32 dataBufCount, - const CssmData &mac) -{ - VerifyMacInit(ccHandle, context); - VerifyMacUpdate(ccHandle, dataBufs, dataBufCount); - VerifyMacFinal(ccHandle, mac); -} - -void CSPFullPluginSession::VerifyMacInit(CSSM_CC_HANDLE ccHandle, - const Context &context) -{ - init(ccHandle, CSSM_ALGCLASS_MAC, context, false); -} - -void CSPFullPluginSession::VerifyMacUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData dataBufs[], - uint32 dataBufCount) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_MAC, false)->update(dataBufs, dataBufCount); -} - -void CSPFullPluginSession::VerifyMacFinal(CSSM_CC_HANDLE ccHandle, - const CssmData &mac) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_MAC, false)->final(mac); -} - - -// -// Signatures -// -void CSPFullPluginSession::SignData(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData dataBufs[], - uint32 dataBufCount, - CSSM_ALGORITHMS digestAlgorithm, - CssmData &Signature) -{ - SignDataInit(ccHandle, context); - if(digestAlgorithm != CSSM_ALGID_NONE) { - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, - true)->setDigestAlgorithm(digestAlgorithm); - } - SignDataUpdate(ccHandle, dataBufs, dataBufCount); - SignDataFinal(ccHandle, Signature); -} - -void CSPFullPluginSession::SignDataInit(CSSM_CC_HANDLE ccHandle, - const Context &context) -{ - init(ccHandle, CSSM_ALGCLASS_SIGNATURE, context, true); -} - -void CSPFullPluginSession::SignDataUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData dataBufs[], - uint32 dataBufCount) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, true)->update(dataBufs, dataBufCount); -} - -void CSPFullPluginSession::SignDataFinal(CSSM_CC_HANDLE ccHandle, - CssmData &signature) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, true)->final(signature, *this); -} - - -void CSPFullPluginSession::VerifyData(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData dataBufs[], - uint32 dataBufCount, - CSSM_ALGORITHMS digestAlgorithm, - const CssmData &Signature) -{ - VerifyDataInit(ccHandle, context); - if(digestAlgorithm != CSSM_ALGID_NONE) { - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, - false)->setDigestAlgorithm(digestAlgorithm); - } - VerifyDataUpdate(ccHandle, dataBufs, dataBufCount); - VerifyDataFinal(ccHandle, Signature); -} - -void CSPFullPluginSession::VerifyDataInit(CSSM_CC_HANDLE ccHandle, const Context &context) -{ - init(ccHandle, CSSM_ALGCLASS_SIGNATURE, context, false); -} - -void CSPFullPluginSession::VerifyDataUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData dataBufs[], - uint32 dataBufCount) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, false)->update(dataBufs, dataBufCount); -} - -void CSPFullPluginSession::VerifyDataFinal(CSSM_CC_HANDLE ccHandle, - const CssmData &signature) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_SIGNATURE, false)->final(signature); -} - - -// -// Digesting -// -void CSPFullPluginSession::DigestData(CSSM_CC_HANDLE ccHandle, - const Context &context, - const CssmData dataBufs[], - uint32 DataBufCount, - CssmData &Digest) -{ - DigestDataInit(ccHandle, context); - DigestDataUpdate(ccHandle, dataBufs, DataBufCount); - DigestDataFinal(ccHandle, Digest); -} - -void CSPFullPluginSession::DigestDataInit(CSSM_CC_HANDLE ccHandle, const Context &context) -{ - init(ccHandle, CSSM_ALGCLASS_DIGEST, context); -} - -void CSPFullPluginSession::DigestDataUpdate(CSSM_CC_HANDLE ccHandle, - const CssmData dataBufs[], - uint32 dataBufCount) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_DIGEST)->update(dataBufs, dataBufCount); -} - -void CSPFullPluginSession::DigestDataFinal(CSSM_CC_HANDLE ccHandle, - CssmData &digest) -{ - getStagedContext(ccHandle, CSSM_ALGCLASS_DIGEST)->final(digest, *this); -} - -void CSPFullPluginSession::DigestDataClone(CSSM_CC_HANDLE ccHandle, - CSSM_CC_HANDLE clonedCCHandle) -{ - CSPContext *cloned = getStagedContext(ccHandle, CSSM_ALGCLASS_DIGEST)->clone(*this); - cloned->mDirection = true; - cloned->mType = CSSM_ALGCLASS_DIGEST; - setContext(clonedCCHandle, cloned); -} - - -// -// Key generation, Derivation, and inquiry -// -void CSPFullPluginSession::GenerateKey(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 keyUsage, - uint32 keyAttr, - const CssmData *keyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &key, - CSSM_PRIVILEGE privilege) -{ - CSPContext *alg = init(ccHandle, CSSM_ALGCLASS_KEYGEN, context); - setKey(key, context, CSSM_KEYCLASS_SESSION_KEY, keyAttr, keyUsage); - CssmKey blank; // dummy 2nd key (not used) - alg->generate(context, key, blank); -} - -void CSPFullPluginSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 publicKeyUsage, - uint32 publicKeyAttr, - const CssmData *publicKeyLabel, - CssmKey &publicKey, - uint32 privateKeyUsage, - uint32 privateKeyAttr, - const CssmData *privateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, - CssmKey &privateKey, - CSSM_PRIVILEGE privilege) -{ - CSPContext *alg = init(ccHandle, CSSM_ALGCLASS_KEYGEN, context); - - setKey(publicKey, context, CSSM_KEYCLASS_PUBLIC_KEY, publicKeyAttr, publicKeyUsage); - setKey(privateKey, context, CSSM_KEYCLASS_PRIVATE_KEY, privateKeyAttr, privateKeyUsage); - alg->generate(context, publicKey, privateKey); - //@@@ handle labels - //@@@ handle reference keys -} - -void CSPFullPluginSession::ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey, - CssmKey &PrivateKey) -{ - unimplemented(); -} - -void CSPFullPluginSession::QueryKeySizeInBits(CSSM_CC_HANDLE ccHandle, - const Context *context, - const CssmKey *key, - CSSM_KEY_SIZE &keySize) -{ - if (context) { - getKeySize(context->get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY), - keySize); - } else { - getKeySize(CssmKey::required(key), keySize); - } -} - - -// -// Free a key object. -// -void CSPFullPluginSession::FreeKey(const AccessCredentials *AccessCred, - CssmKey &key, - CSSM_BOOL Delete) -{ - free(key.data()); -} - - -// -// Random number and parameter generation -// -void CSPFullPluginSession::GenerateRandom(CSSM_CC_HANDLE ccHandle, - const Context &context, - CssmData &randomNumber) -{ - init(ccHandle, CSSM_ALGCLASS_RANDOMGEN, context)->final(randomNumber, *this); -} - -void CSPFullPluginSession::GenerateAlgorithmParams(CSSM_CC_HANDLE ccHandle, - const Context &context, - uint32 paramBits, - CssmData ¶m, - uint32 &attrCount, - CSSM_CONTEXT_ATTRIBUTE_PTR &attrs) -{ - Context::Attr *attrList; - init(ccHandle, CSSM_ALGCLASS_NONE, context)->generate(context, paramBits, - param, attrCount, attrList); - attrs = attrList; -} - - -// -// Login/Logout and token operational maintainance. -// These mean little without support by the actual implementation, but we can help... -// @@@ Should this be in CSP[non-Full]PluginSession? -// -void CSPFullPluginSession::Login(const AccessCredentials &AccessCred, - const CssmData *LoginName, - const void *Reserved) -{ - if (Reserved != NULL) - CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER); - - // default implementation refuses to log in - //@@@ should hand it to implementation virtual defaulting to this - CssmError::throwMe(CSSMERR_CSP_INVALID_LOGIN_NAME); -} - -void CSPFullPluginSession::Logout() -{ - if (!loggedIn(false)) - CssmError::throwMe(CSSMERR_CSP_NOT_LOGGED_IN); -} - -void CSPFullPluginSession::VerifyDevice(const CssmData &DeviceCert) -{ - CssmError::throwMe(CSSMERR_CSP_DEVICE_VERIFY_FAILED); -} - -void CSPFullPluginSession::GetOperationalStatistics(CSPOperationalStatistics &statistics) -{ - memset(&statistics, 0, sizeof(statistics)); - statistics.UserAuthenticated = loggedIn(); - //@@@ collect device flags - capability matrix setup? - //@@@ collect token limitation parameters (static) - capability matrix setup? - //@@@ collect token statistics (dynamic) - dynamic accounting call-downs? -} - - -// -// Utterly miscellaneous, rarely used, strange functions -// -void CSPFullPluginSession::RetrieveCounter(CssmData &Counter) -{ - unimplemented(); -} - -void CSPFullPluginSession::RetrieveUniqueId(CssmData &UniqueID) -{ - unimplemented(); -} - -void CSPFullPluginSession::GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData) -{ - unimplemented(); -} - - -// -// ACL retrieval and change operations -// -void CSPFullPluginSession::GetKeyOwner(const CssmKey &Key, - CSSM_ACL_OWNER_PROTOTYPE &Owner) -{ - unimplemented(); -} - -void CSPFullPluginSession::ChangeKeyOwner(const AccessCredentials &AccessCred, - const CssmKey &Key, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner) -{ - unimplemented(); -} - -void CSPFullPluginSession::GetKeyAcl(const CssmKey &Key, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos) -{ - unimplemented(); -} - -void CSPFullPluginSession::ChangeKeyAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit, - const CssmKey &Key) -{ - unimplemented(); -} - -void CSPFullPluginSession::GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner) -{ - unimplemented(); -} - -void CSPFullPluginSession::ChangeLoginOwner(const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner) -{ - unimplemented(); -} - -void CSPFullPluginSession::GetLoginAcl(const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos) -{ - unimplemented(); -} - -void CSPFullPluginSession::ChangeLoginAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit) -{ - unimplemented(); -} - - - -// -// Passthroughs (by default, unimplemented) -// -void CSPFullPluginSession::PassThrough(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PassThroughId, - const void *InData, - void **OutData) -{ - unimplemented(); -} - - -// -// KeyPool -- ReferencedKey management functionality -// -KeyPool::KeyPool() -{ -} - -KeyPool::~KeyPool() -{ - StLock _(mKeyMapLock); - // Delete every ReferencedKey in the pool, but be careful to deactivate them first - // to keep them from calling erase (which would cause deadlock since we already hold mKeyMapLock). - KeyMap::iterator end = mKeyMap.end(); - for (KeyMap::iterator it = mKeyMap.begin(); it != end; ++it) - { - try - { - it->second->deactivate(); - } - catch(...) {} - delete it->second; - } - mKeyMap.clear(); -} - -void -KeyPool::add(ReferencedKey &referencedKey) -{ - StLock _(mKeyMapLock); - IFDEBUG(bool inserted =) - mKeyMap.insert(KeyMap::value_type(referencedKey.keyReference(), &referencedKey)).second; - // Since add is only called from the constructor of ReferencedKey we should - // never add a key that is already in mKeyMap - assert(inserted); -} - -ReferencedKey & -KeyPool::findKey(const CSSM_KEY &key) const -{ - return findKeyReference(ReferencedKey::keyReference(key)); -} - -ReferencedKey & -KeyPool::findKeyReference(ReferencedKey::KeyReference keyReference) const -{ - StLock _(mKeyMapLock); - KeyMap::const_iterator it = mKeyMap.find(keyReference); - if (it == mKeyMap.end()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - - return *it->second; -} - -void -KeyPool::erase(ReferencedKey &referencedKey) -{ - erase(referencedKey.keyReference()); -} - -ReferencedKey & -KeyPool::erase(ReferencedKey::KeyReference keyReference) -{ - StLock _(mKeyMapLock); - KeyMap::iterator it = mKeyMap.find(keyReference); - if (it == mKeyMap.end()) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - - mKeyMap.erase(it); - ReferencedKey &referencedKey = *it->second; - return referencedKey; -} - -// Erase keyReference from mKeyMap, free the ioKey, and delete the ReferencedKey -void -KeyPool::freeKey(CssmAllocator &allocator, CSSM_KEY &ioKey) -{ - delete &erase(ReferencedKey::freeReferenceKey(allocator, ioKey)); -} - -// -// ReferencedKey class -// -ReferencedKey::ReferencedKey(KeyPool &keyPool) : mKeyPool(&keyPool) -{ - mKeyPool->add(*this); -} - -ReferencedKey::~ReferencedKey() -{ - if (isActive()) - mKeyPool->erase(*this); -} - -ReferencedKey::KeyReference -ReferencedKey::keyReference() -{ - // @@@ Possibly check isActive() and return an invalid reference if it is not set. - return reinterpret_cast(this); -} - -// -// Making, retrieving and freeing Key references of CssmKeys -// -void -ReferencedKey::makeReferenceKey(CssmAllocator &allocator, KeyReference keyReference, CSSM_KEY &key) -{ - key.KeyHeader.BlobType = CSSM_KEYBLOB_REFERENCE; - key.KeyHeader.Format = CSSM_KEYBLOB_REF_FORMAT_INTEGER; - key.KeyData.Length = sizeof(KeyReference); - key.KeyData.Data = allocator.alloc(sizeof(KeyReference)); - uint8 *cp = key.KeyData.Data; - for (int i = sizeof(KeyReference); --i >= 0;) - { - cp[i] = keyReference & 0xff; - keyReference = keyReference >> 8; - } -} - -ReferencedKey::KeyReference -ReferencedKey::keyReference(const CSSM_KEY &key) -{ - if (key.KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE - || key.KeyHeader.Format != CSSM_KEYBLOB_REF_FORMAT_INTEGER - || key.KeyData.Length != sizeof(KeyReference) - || key.KeyData.Data == NULL) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - - const uint8 *cp = key.KeyData.Data; - KeyReference keyReference = 0; - for (uint32 i = 0; i < sizeof(KeyReference); ++i) - keyReference = (keyReference << 8) + cp[i]; - - return keyReference; -} - -ReferencedKey::KeyReference -ReferencedKey::freeReferenceKey(CssmAllocator &allocator, CSSM_KEY &key) -{ - KeyReference aKeyReference = keyReference(key); - allocator.free(key.KeyData.Data); - key.KeyData.Data = NULL; - key.KeyData.Length = 0; - return aKeyReference; -} diff --git a/cdsa/cdsa_pluginlib/CSPsession.h b/cdsa/cdsa_pluginlib/CSPsession.h deleted file mode 100644 index 5e0eaf52..00000000 --- a/cdsa/cdsa_pluginlib/CSPsession.h +++ /dev/null @@ -1,553 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CSPsession.h - Framework for CSP plugin modules -// -#ifndef _H_CSPSESSION -#define _H_CSPSESSION - -#include -#include - -#if defined(_CPP_CSPSESSION) -# pragma export on -#endif - - -namespace Security -{ - -// -// The CSPPluginSession provides a general bed for CSP plugin session objects. -// Derive from this if you want to write your CSP, effectively, from scratch. -// We still provide a framework for managing local cryptographic contexts and -// (module) logins. -// -class CSPPluginSession : public PluginSession, public CSPAbstractPluginSession { -public: - CSPPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls) { } - - // methods implemented here that you should not override in a subclass - void EventNotify(CSSM_CONTEXT_EVENT e, - CSSM_CC_HANDLE ccHandle, const Context &context); - CSSM_MODULE_FUNCS_PTR construct(); - -public: - class PluginContext { - public: - virtual bool changed(const Context &context); - virtual ~PluginContext(); - }; - -public: - bool loggedIn() const { return mLoggedIn; } - bool loggedIn(bool li) { bool old = mLoggedIn; mLoggedIn = li; return old; } - - template Ctx *getContext(CSSM_CC_HANDLE handle) - { StLock _(contextMapLock); return safe_cast(contextMap[handle]); } - - void setContext(CSSM_CC_HANDLE handle, PluginContext *ctx) - { StLock _(contextMapLock); contextMap[handle] = ctx; } - -public: - // context management methods - override as needed - virtual PluginContext *contextCreate(CSSM_CC_HANDLE handle, const Context &context); - virtual void contextUpdate(CSSM_CC_HANDLE handle, - const Context &context, PluginContext * &ctx); - virtual void contextDelete(CSSM_CC_HANDLE handle, const Context &context, PluginContext *ctx); - -private: - bool mLoggedIn; - - map contextMap; - Mutex contextMapLock; -}; - - -// -// On the other hand, for most CSP modules, this subclass of CSPPluginSession provides -// much more convenient embedding facilities. The theory of operation is too complicated -// to explain here; refer to the accompanying documentation. -// -class CSPFullPluginSession : public CSPPluginSession { -public: - class CSPContext; - class AlgorithmFactory; - - CSPFullPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : CSPPluginSession(theHandle, plug, version, - subserviceId, subserviceType, attachFlags, upcalls) { } - - // final context preparation (called by secondary transition layer) - CSPContext *init(CSSM_CC_HANDLE ccHandle, CSSM_CONTEXT_TYPE type, - const Context &context, bool encoding = true); - - // verify proper state on continuation (update/final) calls - CSPContext *getStagedContext(CSSM_CC_HANDLE ccHandle, - CSSM_CONTEXT_TYPE type, bool encoding = true); - - static const uint32 CSSM_ALGCLASS_CRYPT = 1001; // internally added to CONTEXT_TYPE - -protected: - // validate operation type against context class - void checkOperation(CSSM_CONTEXT_TYPE ctxType, CSSM_CONTEXT_TYPE opType); - -protected: - // - // The Writer class encapsulates staged-output destinations with optional overflow - // - class Writer { - public: - Writer(CssmData *v, uint32 n, CssmData *rem = NULL); - - // can this buffer be extended? - bool isExtensible() const - { return !*vec || remData && !*remData; } - - // increase size if necessary (and possible) - void allocate(size_t needed, CssmAllocator &alloc); - - // straight-forward buffer writing - void put(void *addr, size_t size); - - // locate-mode output (deliver buffer mode) - void nextBlock(void * &p, size_t &sz); - void use(size_t sz); - - // wrap up and return total number of bytes written - size_t close(); - - private: - CssmData *vec; // current buffer descriptor (the one in use) - CssmData *firstVec; // first buffer descriptor - CssmData *lastVec; // last buffer descriptor (NOT one past it) - CssmData *remData; // overflow buffer, if any - - void *currentBuffer; // next free byte in vec - size_t currentSize; // free bytes in vec - - size_t written; // bytes written - - void useData(CssmData *data) - { currentBuffer = data->data(); currentSize = data->length(); } - }; - -public: - // internal utilities (used by our own subclasses) - static CssmData makeBuffer(size_t size, CssmAllocator &alloc); - static size_t totalBufferSize(const CssmData *data, uint32 count); - void setKey(CssmKey &key, - const Context &context, CSSM_KEYCLASS keyClass, - CSSM_KEYATTR_FLAGS attrs, CSSM_KEYUSE use); - -public: - // - // All contexts from CSPFullPluginSession's subclasses must derive from CSPContext. - // CSPFullPluginSession reformulates CSSM operations in terms of virtual methods of - // the context class. - // - class CSPContext : public PluginContext { - friend class CSPFullPluginSession; - public: - CSSM_CONTEXT_TYPE type() const { return mType; } - bool encoding() const { return mDirection; } - - // init() is called for all algorithms - virtual void init(const Context &context, bool encoding = true); - - // the following methods will be called for some but not all algorithms - virtual void update(const CssmData &data); // all block-input algorithms - virtual void update(void *inp, size_t &inSize, void *outp, size_t &outSize); // cryption algs - virtual void final(CssmData &out); // output-data producing algorithms - virtual void final(const CssmData &in); // verifying algorithms - virtual void generate(const Context &context, CssmKey &pubKey, CssmKey &privKey); - virtual void generate(const Context &context, uint32, - CssmData ¶ms, uint32 &attrCount, Context::Attr * &attrs); - virtual CSPContext *clone(CssmAllocator &); // clone internal state - virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg); - - virtual size_t inputSize(size_t outSize); // input for given output size - virtual size_t outputSize(bool final = false, size_t inSize = 0); // output for given input size - virtual void minimumProgress(size_t &in, size_t &out); // minimum progress chunks - - protected: - // convenience forms of the above - void update(const CssmData *in, uint32 inCount, Writer &writer); - void final(CssmData &out, CssmAllocator &alloc); - void final(Writer &writer, CssmAllocator &alloc); - - void update(const CssmData *in, uint32 inCount) - { for (uint32 n = 0; n < inCount; n++) update(in[n]); } - - void checkOperation(CSSM_CONTEXT_TYPE type); - void checkOperation(CSSM_CONTEXT_TYPE type, bool encode); - - CSSM_CONTEXT_TYPE mType; // CSSM context type - bool mDirection; // operation direction (true if irrelevant) - }; - -protected: - virtual void setupContext(CSPContext * &ctx, const Context &context, bool encoding) = 0; - - virtual void getKeySize(const CssmKey &key, CSSM_KEY_SIZE &size); - -public: - // an algorithm factory. This is an optional feature - class AlgorithmFactory { - public: - // set ctx and return true if you can handle this - virtual bool setup(CSPContext * &ctx, const Context &context) = 0; - }; - -public: - void EncryptData(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData ClearBufs[], - uint32 ClearBufCount, - CssmData CipherBufs[], - uint32 CipherBufCount, - uint32 &bytesEncrypted, - CssmData &RemData, - CSSM_PRIVILEGE Privilege); - void EncryptDataInit(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CSSM_PRIVILEGE Privilege); - void EncryptDataUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData ClearBufs[], - uint32 ClearBufCount, - CssmData CipherBufs[], - uint32 CipherBufCount, - uint32 &bytesEncrypted); - void EncryptDataFinal(CSSM_CC_HANDLE CCHandle, - CssmData &RemData); - - void DecryptData(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData CipherBufs[], - uint32 CipherBufCount, - CssmData ClearBufs[], - uint32 ClearBufCount, - uint32 &bytesDecrypted, - CssmData &RemData, - CSSM_PRIVILEGE Privilege); - void DecryptDataInit(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CSSM_PRIVILEGE Privilege); - void DecryptDataUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData CipherBufs[], - uint32 CipherBufCount, - CssmData ClearBufs[], - uint32 ClearBufCount, - uint32 &bytesDecrypted); - void DecryptDataFinal(CSSM_CC_HANDLE CCHandle, - CssmData &RemData); - - void QuerySize(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CSSM_BOOL Encrypt, - uint32 QuerySizeCount, - QuerySizeData *DataBlock); - - void WrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const AccessCredentials &AccessCred, - const CssmKey &Key, - const CssmData *DescriptiveData, - CssmKey &WrappedKey, - CSSM_PRIVILEGE Privilege); - void UnwrapKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmKey *PublicKey, - const CssmKey &WrappedKey, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &UnwrappedKey, - CssmData &DescriptiveData, - CSSM_PRIVILEGE Privilege); - void DeriveKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CssmData &Param, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &DerivedKey); - - void GenerateMac(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData DataBufs[], - uint32 DataBufCount, - CssmData &Mac); - void GenerateMacInit(CSSM_CC_HANDLE CCHandle, - const Context &Context); - void GenerateMacUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData DataBufs[], - uint32 DataBufCount); - void GenerateMacFinal(CSSM_CC_HANDLE CCHandle, - CssmData &Mac); - - void VerifyMac(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData DataBufs[], - uint32 DataBufCount, - const CssmData &Mac); - virtual void VerifyMacInit(CSSM_CC_HANDLE CCHandle, - const Context &Context); - virtual void VerifyMacUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData DataBufs[], - uint32 DataBufCount); - virtual void VerifyMacFinal(CSSM_CC_HANDLE CCHandle, - const CssmData &Mac); - - void SignData(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData DataBufs[], - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - CssmData &Signature); - void SignDataInit(CSSM_CC_HANDLE CCHandle, - const Context &Context); - void SignDataUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData DataBufs[], - uint32 DataBufCount); - void SignDataFinal(CSSM_CC_HANDLE CCHandle, - CssmData &Signature); - - void VerifyData(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData DataBufs[], - uint32 DataBufCount, - CSSM_ALGORITHMS DigestAlgorithm, - const CssmData &Signature); - virtual void VerifyDataInit(CSSM_CC_HANDLE CCHandle, - const Context &Context); - virtual void VerifyDataUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData DataBufs[], - uint32 DataBufCount); - virtual void VerifyDataFinal(CSSM_CC_HANDLE CCHandle, - const CssmData &Signature); - - void DigestData(CSSM_CC_HANDLE CCHandle, - const Context &Context, - const CssmData DataBufs[], - uint32 DataBufCount, - CssmData &Digest); - void DigestDataInit(CSSM_CC_HANDLE CCHandle, - const Context &Context); - void DigestDataUpdate(CSSM_CC_HANDLE CCHandle, - const CssmData DataBufs[], - uint32 DataBufCount); - void DigestDataFinal(CSSM_CC_HANDLE CCHandle, - CssmData &Digest); - void DigestDataClone(CSSM_CC_HANDLE CCHandle, - CSSM_CC_HANDLE ClonedCCHandle); - - void GenerateKey(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 KeyUsage, - uint32 KeyAttr, - const CssmData *KeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &Key, - CSSM_PRIVILEGE Privilege); - void GenerateKeyPair(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PublicKeyUsage, - uint32 PublicKeyAttr, - const CssmData *PublicKeyLabel, - CssmKey &PublicKey, - uint32 PrivateKeyUsage, - uint32 PrivateKeyAttr, - const CssmData *PrivateKeyLabel, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - CssmKey &PrivateKey, - CSSM_PRIVILEGE Privilege); - - void ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey, - CssmKey &PrivateKey); - void QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle, - const Context *Context, - const CssmKey *Key, - CSSM_KEY_SIZE &KeySize); - - void FreeKey(const AccessCredentials *AccessCred, - CssmKey &KeyPtr, - CSSM_BOOL Delete); - - void GenerateRandom(CSSM_CC_HANDLE CCHandle, - const Context &Context, - CssmData &RandomNumber); - void GenerateAlgorithmParams(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 ParamBits, - CssmData &Param, - uint32 &NumberOfUpdatedAttibutes, - CSSM_CONTEXT_ATTRIBUTE_PTR &UpdatedAttributes); - - void Login(const AccessCredentials &AccessCred, - const CssmData *LoginName, - const void *Reserved); - void Logout(); - void VerifyDevice(const CssmData &DeviceCert); - void GetOperationalStatistics(CSPOperationalStatistics &Statistics); - - void RetrieveCounter(CssmData &Counter); - void RetrieveUniqueId(CssmData &UniqueID); - void GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData); - - void GetKeyOwner(const CssmKey &Key, - CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeKeyOwner(const AccessCredentials &AccessCred, - const CssmKey &Key, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetKeyAcl(const CssmKey &Key, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeKeyAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit, - const CssmKey &Key); - - void GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeLoginOwner(const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetLoginAcl(const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeLoginAcl(const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit); - - void PassThrough(CSSM_CC_HANDLE CCHandle, - const Context &Context, - uint32 PassThroughId, - const void *InData, - void **OutData); -}; - - -// -// Classes for dealing with reference keys. -// - -// Forward declaration. -class KeyPool; - -// -// A ReferencedKey -- The private (to the CSP) part of a Reference Key. -// -class ReferencedKey -{ - friend class KeyPool; // So it can call deactivate() -public: - // What we use to reference a ReferencedKey. - typedef uint32 KeyReference; - - ReferencedKey(KeyPool &session); // Calls KeyPool::add() - virtual ~ReferencedKey(); // Calls KeyPool::erase() - - KeyReference keyReference(); - bool isActive() { return mKeyPool != NULL; } - - template - SubPool &keyPool() { assert(mKeyPool); return safer_cast(*mKeyPool); } -public: - // Making, retrieving and freeing CSSM_KEYBLOB_REF_FORMAT_INTEGER CSSM_KEY type reference keys - // NOTE: that none of these functions affect mKeyMap. - static void makeReferenceKey(CssmAllocator &allocator, KeyReference keyReference, CSSM_KEY &ioKey); - static KeyReference keyReference(const CSSM_KEY &key); - static KeyReference freeReferenceKey(CssmAllocator &allocator, CSSM_KEY &ioKey); - -private: - void deactivate() { mKeyPool = NULL; } - - // Will be NULL iff this key is not active - KeyPool *mKeyPool; -}; - - -// -// KeyPool -- a mixin class to manage a pool of ReferencedKeys -// -class KeyPool -{ -public: - friend class ReferencedKey; // So it can call add() and erase() -public: - KeyPool(); - virtual ~KeyPool(); - - // Type safe ReferencedKey subclass lookup - template - Subclass &find(const CSSM_KEY &key) const; - - // Free the ioKey, erase keyReference from mKeyMap, and delete the ReferencedKey - void freeKey(CssmAllocator &allocator, CSSM_KEY &key); - -protected: - // Called by the constructor of ReferencedKey -- add referencedKey to mKeyMap - void add(ReferencedKey &referencedKey); - - ReferencedKey &findKey(const CSSM_KEY &key) const; - ReferencedKey &findKeyReference(ReferencedKey::KeyReference keyReference) const; - - // Called by the destructor of ReferencedKey -- erase keyReference from mKeyMap - void erase(ReferencedKey &referencedKey); - - // Erase keyReference from mKeyMap, and return it (for deletion) - ReferencedKey &erase(ReferencedKey::KeyReference keyReference); - -protected: - typedef map KeyMap; - KeyMap mKeyMap; - mutable Mutex mKeyMapLock; -}; - -// Implementation of type safe ReferencedKey subclass lookup. -template -Subclass & -KeyPool::find(const CSSM_KEY &key) const -{ - Subclass *sub; - if (!(sub = dynamic_cast(&findKey(key)))) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - return *sub; -} - -} // end namespace Security - -#if defined(_CPP_CSPSESSION) -# pragma export off -#endif - -#endif //_H_CSPSESSION diff --git a/cdsa/cdsa_pluginlib/DLsession.cpp b/cdsa/cdsa_pluginlib/DLsession.cpp deleted file mode 100644 index 26b3fa45..00000000 --- a/cdsa/cdsa_pluginlib/DLsession.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DLsession - Plugin framework for CSP plugin modules -// -#ifdef __MWERKS__ -#define _CPP_DLSESSION -#endif - -#include -#include - - -// -// Construct a DLPluginSession -// -DLPluginSession::DLPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - DatabaseManager &databaseManager) - : PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls), - DatabaseSession (databaseManager) -{ -} - - -// -// Implement CssmAllocator methods from the PluginSession side -// -void *DLPluginSession::malloc(size_t size) throw(std::bad_alloc) -{ return PluginSession::malloc(size); } - -void DLPluginSession::free(void *addr) throw() -{ return PluginSession::free(addr); } - -void *DLPluginSession::realloc(void *addr, size_t size) throw(std::bad_alloc) -{ return PluginSession::realloc(addr, size); } diff --git a/cdsa/cdsa_pluginlib/DLsession.h b/cdsa/cdsa_pluginlib/DLsession.h deleted file mode 100644 index b7053ddd..00000000 --- a/cdsa/cdsa_pluginlib/DLsession.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DLsession.h - Framework for DL plugin modules -// -#ifndef _H_DLSESSION -#define _H_DLSESSION - -#include -#include - -#if defined(_CPP_DLSESSION) -# pragma export on -#endif - -namespace Security -{ - -// -// The abstract DLPluginSession class is the common ancestor of your implementation -// object for an DL type plugin attachment session. Inherit from this and implement -// the abstract methods to define a plugin session. -// -class DLPluginSession : public PluginSession, public DatabaseSession { - NOCOPY(DLPluginSession) -public: - DLPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls, - DatabaseManager &databaseManager); - - void *malloc(size_t size) throw(std::bad_alloc); - void free(void *addr) throw(); - void *realloc(void *addr, size_t size) throw(std::bad_alloc); - -protected: - CSSM_MODULE_FUNCS_PTR construct(); -}; - -} // end namespace Security - -#if defined(_CPP_DLSESSION) -# pragma export off -#endif - -#endif //_H_DLSESSION diff --git a/cdsa/cdsa_pluginlib/TPsession.h b/cdsa/cdsa_pluginlib/TPsession.h deleted file mode 100644 index 5cf394c7..00000000 --- a/cdsa/cdsa_pluginlib/TPsession.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// TPsession.h - Framework for TP plugin modules -// -#ifndef _H_TPSESSION -#define _H_TPSESSION - -#include - -#if defined(_CPP_TPSESSION) -# pragma export on -#endif - -namespace Security -{ - -// -// The abstract TPPluginSession class is the common ancestor of your implementation -// object for an TP type plugin attachment session. Inherit from this and implement -// the abstract methods to define a plugin session. -// -class TPPluginSession : public PluginSession, public TPAbstractPluginSession { -public: - TPPluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) - : PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls) { } - -protected: - CSSM_MODULE_FUNCS_PTR construct(); -}; - -} // end namespace Security - -#if defined(_CPP_TPSESSION) -# pragma export off -#endif - -#endif //_H_TPSESSION diff --git a/cdsa/cdsa_pluginlib/c++plugin.h b/cdsa/cdsa_pluginlib/c++plugin.h deleted file mode 100644 index 516e427c..00000000 --- a/cdsa/cdsa_pluginlib/c++plugin.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// spilayer - "roof" interface layer for CDSA SPI plugins -// -#ifndef _H_SPILAYER -#define _H_SPILAYER - -#include -#include -#include -#include - - -namespace Security -{ - -// -// Forward/common - separate file (which?) @@@ -// -class CssmPlugin; -class PluginSession; - -} // end namespace Security - -#endif //_H_SPILAYER diff --git a/cdsa/cdsa_pluginlib/csputilities.cpp b/cdsa/cdsa_pluginlib/csputilities.cpp deleted file mode 100644 index e61c1f2f..00000000 --- a/cdsa/cdsa_pluginlib/csputilities.cpp +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// csputilities - utility classes for CSP implementation -// -#include -#include -#include -#include - -#include //@@@ debug - -using LowLevelMemoryUtilities::increment; - - -// -// Writer objects -// -CSPFullPluginSession::Writer::Writer(CssmData *v, uint32 n, CssmData *rem) -: vec(v), firstVec(v), lastVec(v + n - 1), remData(rem) -{ - if (vec == NULL || n == 0) - CssmError::throwMe(CSSMERR_CSP_INVALID_OUTPUT_VECTOR); // CDSA p.253, amended - useData(vec); - written = 0; -} - -void CSPFullPluginSession::Writer::allocate(size_t needed, CssmAllocator &alloc) -{ - if (vec == firstVec && !*vec) { // initial null vector element, wants allocation there - *vec = makeBuffer(needed, alloc); - lastVec = vec; // ignore all subsequent buffers in vector - useData(vec); - } else { - // how much output space do we have left? - size_t size = currentSize; - for (CssmData *v = vec + 1; v <= lastVec; v++) - size += v->length(); - if (size >= needed) - return; // we're fine - if (remData) { - if (!*remData) { // have overflow, can allocate - *remData = makeBuffer(needed - size, alloc); - return; // got it - } - if (size + remData->length() >= needed) - return; // will fit into overflow - } - // not enough buffer space, and can't allocate - CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); - } -} - -void CSPFullPluginSession::Writer::nextBlock(void * &ptr, size_t &size) -{ - ptr = currentBuffer; - size = currentSize; -} - -void CSPFullPluginSession::Writer::use(size_t used) -{ - assert(used <= currentSize); - written += used; - if (used < currentSize) { - currentBuffer = increment(currentBuffer, used); - currentSize -= used; - } else { - if (vec < lastVec) { - useData(vec++); // use next vector buffer - } else if (vec == lastVec && remData) { - useData(remData); // use remainder buffer - vec++; // mark used -#if !defined(NDEBUG) && 0 - } else if (vec == lastVec) { - vec++; - } else if (vec > lastVec) { - assert(false); // 2nd try to overflow end -#endif /* !NDEBUG */ - } else { - currentBuffer = NULL; // no more output buffer - currentSize = 0; - } - } -} - -void CSPFullPluginSession::Writer::put(void *addr, size_t size) -{ - while (size > 0) { - void *p; size_t sz; - nextBlock(p, sz); - if (size < sz) - sz = size; // cap transfer - memcpy(p, addr, sz); - use(sz); - addr = increment(addr, sz); - size -= sz; - } -} - -size_t CSPFullPluginSession::Writer::close() -{ - return written; -} - - -// -// Common algorithm utilities -// -void CSPFullPluginSession::setKey(CssmKey &key, - const Context &context, CSSM_KEYCLASS keyClass, - CSSM_KEYATTR_FLAGS attrs, CSSM_KEYUSE use) -{ - // general setup - memset(&key.KeyHeader, 0, sizeof(key.KeyHeader)); - key.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION; - key.KeyHeader.CspId = plugin.myGuid(); - key.KeyHeader.AlgorithmId = context.algorithm(); - key.KeyHeader.KeyClass = keyClass; - key.KeyHeader.KeyUsage = use; - key.KeyHeader.KeyAttr = attrs; - - CssmDate *theDate = context.get(CSSM_ATTRIBUTE_START_DATE); - if(theDate) { - key.KeyHeader.StartDate = *theDate; - } - theDate = context.get(CSSM_ATTRIBUTE_END_DATE); - if(theDate) { - key.KeyHeader.EndDate = *theDate; - } - - // defaults (change as needed) - key.KeyHeader.WrapAlgorithmId = CSSM_ALGID_NONE; - - // clear key data (standard says, "Always allocate this, ignore prior contents.") - key = CssmData(); -} diff --git a/cdsa/cdsa_pluginlib/cssmplugin.cpp b/cdsa/cdsa_pluginlib/cssmplugin.cpp deleted file mode 100644 index 089cee95..00000000 --- a/cdsa/cdsa_pluginlib/cssmplugin.cpp +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmplugin - adapter framework for C++-based CDSA plugin modules -// -// A note on locking: Attachments are effectively reference counted in CSSM. -// CSSM will not let a client detach an attachment that has a(nother) thread -// active in its code. Thus, our locks merely protect global maps; they do not -// need (or try) to close the classic use-and-delete window. -// -#ifdef __MWERKS__ -#define _CPP_CSSMPLUGIN -#endif -#include -#include - - -ModuleNexus CssmPlugin::sessionMap; - - -CssmPlugin::CssmPlugin() -{ - haveCallback = false; -} - -CssmPlugin::~CssmPlugin() -{ - // Note: if haveCallback, we're being unloaded forcibly. - // (CSSM wouldn't do this to us in normal operation.) -} - - -void CssmPlugin::moduleLoad(const Guid &cssmGuid, - const Guid &moduleGuid, - const ModuleCallback &newCallback) -{ - // add the callback vector - if (haveCallback) // re-entering moduleLoad - not currently supported - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - - mMyGuid = moduleGuid; - - // let the implementation know that we're loading - load(); - - // commit - callback = newCallback; - haveCallback = true; -} - - -void CssmPlugin::moduleUnload(const Guid &cssmGuid, - const Guid &moduleGuid, - const ModuleCallback &oldCallback) -{ - // check the callback vector - if (!haveCallback || oldCallback != callback) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - - // tell our subclass that we're closing down - unload(); - - // commit closure - haveCallback = false; -} - - -void CssmPlugin::moduleAttach(CSSM_MODULE_HANDLE theHandle, - const Guid &newCssmGuid, - const Guid &moduleGuid, - const Guid &moduleManagerGuid, - const Guid &callerGuid, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - CSSM_KEY_HIERARCHY keyHierarchy, - const CSSM_UPCALLS &upcalls, - CSSM_MODULE_FUNCS_PTR &funcTbl) -{ - // insanity checks - // @@@ later - - // make the new session object, hanging in thin air - PluginSession *session = makeSession(theHandle, - version, - subserviceId, subserviceType, - attachFlags, - upcalls); - - try { - // haggle with the implementor - funcTbl = session->construct(); - - // commit this session creation - StLock _(sessionMap()); - sessionMap()[theHandle] = session; - } catch (...) { - delete session; - throw; - } -} - -void CssmPlugin::moduleDetach(CSSM_MODULE_HANDLE handle) -{ - // locate the plugin and hold the sessionMapLock - PluginSession *session; - { - StLock _(sessionMap()); - SessionMap::iterator it = sessionMap().find(handle); - if (it == sessionMap().end()) - CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE); - session = it->second; - sessionMap().erase(it); - } - - // let the session know it is going away - try { - session->detach(); - } catch (...) { - // session detach failed - put the plugin back and fail - StLock _(sessionMap()); - sessionMap()[handle] = session; - throw; - } - - // everything's fine, delete the session - delete session; -} - -void CssmPlugin::sendCallback(CSSM_MODULE_EVENT event, uint32 subId, - CSSM_SERVICE_TYPE serviceType) const -{ - assert(haveCallback); - callback(event, mMyGuid, subId, serviceType); -} - - -// -// Default subclass hooks. -// The default implementations succeed without doing anything -// -void CssmPlugin::load() { } - -void CssmPlugin::unload() { } diff --git a/cdsa/cdsa_pluginlib/cssmplugin.h b/cdsa/cdsa_pluginlib/cssmplugin.h deleted file mode 100644 index 62fc07ef..00000000 --- a/cdsa/cdsa_pluginlib/cssmplugin.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmplugin - common header for CSSM plugin modules -// -#ifndef _H_CSSMPLUGIN -#define _H_CSSMPLUGIN - -#include -#include -#include -#include - -#if __GNUC__ > 2 -#include -using __gnu_cxx::hash_map; -#else -#include -#endif - -namespace Security -{ - -// -// Inherit from this (abstract) class to implement your plugin -// -class CssmPlugin { - NOCOPY(CssmPlugin) -public: - CssmPlugin(); - virtual ~CssmPlugin(); - - void moduleLoad(const Guid &cssmGuid, - const Guid &moduleGuid, - const ModuleCallback &callback); - void moduleUnload(const Guid &cssmGuid, - const Guid &moduleGuid, - const ModuleCallback &callback); - - void moduleAttach(CSSM_MODULE_HANDLE theHandle, - const Guid &cssmGuid, - const Guid &moduleGuid, - const Guid &moduleManagerGuid, - const Guid &callerGuid, - const CSSM_VERSION &Version, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - CSSM_KEY_HIERARCHY KeyHierarchy, - const CSSM_UPCALLS &Upcalls, - CSSM_MODULE_FUNCS_PTR &FuncTbl); - void moduleDetach(CSSM_MODULE_HANDLE handle); - - const Guid &myGuid() const { return mMyGuid; } - - void sendCallback(CSSM_MODULE_EVENT event, - uint32 subId, - CSSM_SERVICE_TYPE serviceType) const; - - void sendInsertion(uint32 subId, CSSM_SERVICE_TYPE serviceType) const - { sendCallback(CSSM_NOTIFY_INSERT, subId, serviceType); } - - void sendRemoval(uint32 subId, CSSM_SERVICE_TYPE serviceType) const - { sendCallback(CSSM_NOTIFY_REMOVE, subId, serviceType); } - - void sendFault(uint32 subId, CSSM_SERVICE_TYPE serviceType) const - { sendCallback(CSSM_NOTIFY_FAULT, subId, serviceType); } - -protected: - // subclass-defined methods - virtual void load(); - virtual void unload(); - - // make a session object for your plugin - virtual PluginSession *makeSession(CSSM_MODULE_HANDLE handle, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &upcalls) = 0; - -private: - // map of (CSSM) handles to attachment objects - struct SessionMap : - public hash_map, - public Mutex { }; - - static ModuleNexus sessionMap; - - Guid mMyGuid; - - // the registered callback. We currently allow only one - ModuleCallback callback; - bool haveCallback; - -public: - static PluginSession *find(CSSM_MODULE_HANDLE h) - { - StLock _(sessionMap()); - SessionMap::iterator it = sessionMap().find(h); - if (it == sessionMap().end()) - CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE); - return it->second; - } -}; - -template -inline SessionClass &findSession(CSSM_MODULE_HANDLE h) -{ - SessionClass *session = dynamic_cast(CssmPlugin::find(h)); - if (session == NULL) - CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE); - assert(session->handle() == h); - return *session; -} - -} // end namespace Security - -#endif //_H_CSSMPLUGIN diff --git a/cdsa/cdsa_pluginlib/generator.cfg b/cdsa/cdsa_pluginlib/generator.cfg deleted file mode 100644 index 1a8cea2e..00000000 --- a/cdsa/cdsa_pluginlib/generator.cfg +++ /dev/null @@ -1,58 +0,0 @@ -# -# transition.cfg -# -# Configuration file for generating the CSSM plugin framework transition layer. -# - - -# -# Specify optional arguments -# - -# CSP -optional CSP:Login LoginName -optional CSP:GetLoginAcl SelectionTag -optional CSP:GetKeyAcl SelectionTag -optional DL:GetDbAcl SelectionTag -optional CSP:GenerateKey KeyLabel CredAndAclEntry -optional CSP:GenerateKeyPair PrivateKeyLabel PublicKeyLabel CredAndAclEntry -optional CSP:WrapKey DescriptiveData -optional CSP:UnwrapKey PublicKey KeyLabel CredAndAclEntry -optional CSP:DeriveKey KeyLabel CredAndAclEntry -optional CSP:FreeKey AccessCred -optional CSP:QuerySize DataBlock -optional CSP:QueryKeySizeInBits Context Key - -# CL/TP -optional TP:SubmitCredRequest PreferredAuthority CallerAuthContext -optional TP:RetrieveCredResult CallerAuthCredentials -optional TP:ConfirmCredResult CallerAuthCredentials PreferredAuthority -optional TP:CertReclaimKey CredAndAclEntry -optional TP:FormRequest PreferredAuthority -optional TP:FormSubmit ClearanceAuthority RepresentedAuthority Credentials -optional TP:CertGroupVerify VerifyContext VerifyContextResult -optional TP:CertSign SignerVerifyContext SignerVerifyResult -optional TP:CrlVerify VerifyContext RevokerVerifyResult -optional TP:CertRevoke OldCrlTemplate -optional TP:CertRemoveFromCrlTemplate OldCrlTemplate -optional TP:CrlSign SignerVerifyContext SignerVerifyResult -optional TP:ApplyCrlToDb ApplyCrlVerifyContext -optional TP:PassThrough DBList -optional AC:AuthCompute Credentials RequestedAuthorizationPeriod -optional CL:CertSign SignScope -optional CL:CertVerify SignerCert VerifyScope -optional CL:CertGroupToSignedBundle SignerCert BundleInfo -optional CL:CertGroupFromVerifiedBundle SignerCert -optional CL:CrlSign SignScope -optional CL:CrlVerify SignerCert VerifyScope -optional CL:CrlGetFirstCachedFieldValue CrlRecordIndex - -# DL -optional DL:DbOpen DbLocation AccessCred -optional DL:DbCreate DbLocation CredAndAclEntry -optional DL:DbDelete DbLocation AccessCred -optional DL:DataInsert Attributes Data -optional DL:DataModify AttributesToBeModified DataToBeModified -optional DL:DataGetFirst Query Attributes Data -optional DL:DataGetNext Query Attributes Data -optional DL:DataGetFromUniqueRecordId Attributes Data diff --git a/cdsa/cdsa_pluginlib/generator.mk b/cdsa/cdsa_pluginlib/generator.mk deleted file mode 100644 index 81ea93e0..00000000 --- a/cdsa/cdsa_pluginlib/generator.mk +++ /dev/null @@ -1,28 +0,0 @@ -# Makefile for generated files. - -PERL=/usr/bin/perl - -CDSA_HEADERS_DIR = Headers/cdsa -SECURITY_HEADERS_DIR = Headers/Security -CDSA_PLUGINLIB_DIR = Sources/cdsa_pluginlib - -GEN_SPIGLUE = $(CDSA_PLUGINLIB_DIR)/generator.pl -SPIGLUE_GEN = $(patsubst %,$(SECURITY_HEADERS_DIR)/%,ACabstractsession.h CLabstractsession.h CSPabstractsession.h DLabstractsession.h TPabstractsession.h)\ - $(patsubst %,$(CDSA_PLUGINLIB_DIR)/%,ACabstractsession.cpp CLabstractsession.cpp CSPabstractsession.cpp DLabstractsession.cpp TPabstractsession.cpp) -SPIGLUE_DEPENDS = $(patsubst %,$(CDSA_PLUGINLIB_DIR)/%,generator.pl generator.cfg)\ - $(patsubst %,$(CDSA_HEADERS_DIR)/%,cssmapi.h cssmtype.h cssmconfig.h cssmaci.h cssmcli.h cssmcspi.h cssmdli.h cssmspi.h) - -build: $(SPIGLUE_GEN) - -clean: - rm -f $(SPIGLUE_GEN) - -debug: build - -profile: build - -.PHONY: build clean debug profile - -$(SPIGLUE_GEN): $(SPIGLUE_DEPENDS) - (cd $(CDSA_PLUGINLIB_DIR);\ - $(PERL) ./generator.pl ../../$(CDSA_HEADERS_DIR) ../../$(SECURITY_HEADERS_DIR) .) diff --git a/cdsa/cdsa_pluginlib/generator.pl b/cdsa/cdsa_pluginlib/generator.pl deleted file mode 100644 index 925fc278..00000000 --- a/cdsa/cdsa_pluginlib/generator.pl +++ /dev/null @@ -1,247 +0,0 @@ -#!/usr/bin/perl -# -# generator.pl - auto-generate code for the CSSM plugin interfaces -# -# Usage: -# perl generator.pl input-directory h-output-dir c-output-dir -# -# Perry The Cynic, Fall 1999. -# -@API_H=("cssmapi.h"); -%SPI_H=("AC" => "cssmaci.h", "CSP" => "cssmcspi.h", "DL" => "cssmdli.h", - "CL" => "cssmcli.h", "TP" => "cssmtpi.h"); - -$SOURCEDIR=$ARGV[0]; # where all the input files are -$APICFG=$ARGV[1]; # configuration file -$HTARGETDIR=$ARGV[2]; # where the generated headers go -$CTARGETDIR=$ARGV[3]; # where the generated sources go - - -$tabs = "\t\t\t"; # argument indentation (noncritical) -$warning = "This file was automatically generated. Do not edit on penalty of futility!"; - - -# -# Open and read the configuration file -# -$/=undef; # gulp file -open(APICFG, $APICFG) or die "Cannot open $APICFG: $^E"; -$_=; -close(APICFG); -%optionals = /^\s*optional\s+(\w+:\w+)\s+(.*)$/gm; - - -# -# Pre-arranged arrays for processing below -# -%noDataReturnError = ( CL => "CSSMERR_CL_NO_FIELD_VALUES", - DL => "CSSMERR_DL_ENDOFDATA" ); - - -# -# process one SPI at a time -# -while (($type, $header) = each %SPI_H) { - my(%functions, %methods, %actuals); - ($typelower = $type) =~ tr/A-Z/a-z/; # lowercase version of type - - # start in on the $type header file - open(SPI, "$SOURCEDIR/$header") or die "cannot open $SOURCEDIR/$header: $^E"; - $/=undef; # big gulp mode - $_ = ; # aaaaah... - close(SPI); # done - # throw away leading and trailing crud (only interested in SPI structure) - s/^.*struct cssm_spi.*{(.*)} CSSM_SPI.*$/$1/s - or die "bad format in $SPI_H{$name}"; - - # break up into functions (you'd do that HOW in YOUR language? :-) - @functions = /CSSM_RETURN \(CSSM${type}I \*([A-Za-z_]+)\)\s+\(([^)]+)\);/g; - %functions = @functions; - - $MOREHEADERS=""; - $MOREHEADERS .= "#include \n" if /CSSM_CONTEXT/; - $MOREHEADERS .= "#include \n" if /CSSM_(ACL|ACCESS)/; - - # break function arguments into many forms: - # functions => formal SPI arguments - # methods => formal C++ method arguments - # actuals => actual expression forms for transition layer use - # and (by the way) massage them into a more palatable form... - $nFunctions = 0; - while (($function, $_) = each %functions) { - # - # Turn CSSM SPI formal into method formal - # - $returntype{$function} = "void"; - $prefix{$function} = ""; - $postfix{$function} = ";"; - # reshape initial argument (the module handle, more or less) - s/^CSSM_${type}_HANDLE ${type}Handle(,\s*\n\s*|$)//s; # remove own handle (-> this) - s/^CSSM_DL_DB_HANDLE DLDBHandle/CSSM_DB_HANDLE DBHandle/s; # DL_DB handle -> DB handle - s/CSSM_HANDLE_PTR ResultsHandle(,?)\n//m # turn ptr-to-resultshandle into fn result - and do { - $returntype{$function} = "CSSM_HANDLE"; - $prefix{$function} = "if ((Required(ResultsHandle) = "; - $postfix{$function} = ") == CSSM_INVALID_HANDLE)\n return $noDataReturnError{$type};"; - }; - if ($function =~ /GetNext/) { # *GetNext* returns a bool - $returntype{$function} = "bool"; - $prefix{$function} = "if (!"; - $postfix{$function} = ")\n return $noDataReturnError{$type};"; - } - # reshape subsequent arguments - s/([su]int32) \*(\w+,?)/$1 \&$2/gm; # int * -> int & (output integer) - s/(CSSM_\w+_PTR) \*(\w+,?)/$1 \&$2/gm; # _PTR * -> _PTR & - s/(CSSM_\w+)_PTR (\w+)/$1 \*$2/gm; # XYZ_PTR -> XYZ * (explicit) - s/(const )?CSSM_DATA \*(\w+)Bufs/$1CssmData $2Bufs\[\]/gm; # c DATA *Bufs (plural) - s/(const )?CSSM_(DATA|OID) \*/$1CssmData \&/gm; # c DATA * -> c Data & - s/(const )?CSSM_FIELD \*(\w+)Fields/$1CSSM_FIELD $2Fields\[\]/gm; # c FIELD *Fields (plural) - s/(const )?CSSM_FIELD \*CrlTemplate/$1CSSM_FIELD CrlTemplate\[\]/gm; # c FIELD *CrlTemplate - s/const CSSM_CONTEXT \*/const Context \&/gm; # c CSSM_CONTEXT * -> c Context & - s/(const )?CSSM_ACCESS_CREDENTIALS \*/$1AccessCredentials \&/gm; # ditto - s/(const )?CSSM_QUERY_SIZE_DATA \*/$1QuerySizeData \&/gm; # ditto - s/(const )?CSSM_CSP_OPERATIONAL_STATISTICS \*/$1CSPOperationalStatistics \&/gm; # ditto - s/(const )?CSSM_(WRAP_)?KEY \*/$1CssmKey \&/gm; # CSSM[WRAP]KEY * -> CssmKey & - s/const CSSM_QUERY \*/const DLQuery \&/gm; # c QUERY * -> c Query & - s/(const )?(CSSM_[A-Z_]+) \*/$1$2 \&/gm; # c CSSM_ANY * -> c CSSM_ANY & - $methods{$function} = $_; - - # - # Now turn the method formal into the transition invocation actuals - # - s/^CSSM_DB_HANDLE \w+(,?)/DLDBHandle.DBHandle$1/s; # matching change to DL_DB handles - s/(const )?([A-Z][a-z]\w+) &(\w+)(,?)/$2::required($3)$4/gm; # BIG_ * -> Small_ & - s/(const )?CssmData (\w+)Bufs\[\](,?)/\&\&CssmData::required($2Bufs)$3/gm; # c DATA *DataBufs - s/(const )?CSSM_FIELD (\w+)Fields\[\](,?)/$2Fields$3/gm; # c CSSM_FIELD *Fields - s/(const )?CSSM_FIELD CrlTemplate\[\](,?)/CrlTemplate$2/gm; # c CSSM_FIELD *CrlTemplate - # now remove formal arguments and clean up - s/^.* \&\&(\w+,?)/$tabs\&$1/gm; # && escape (to keep real &) - s/^.* \&(\w+)(,?)/${tabs}Required($1)$2/gm; # dereference for ref transition - s/^.* \**(\w+,?)/$tabs$1/gm; # otherwise, plain actual argument - s/^$tabs//; - $actuals{$function} = $_; - - # - # Fix optional arguments - # - foreach $opt (split " ", $optionals{"$type:$function"}) { - $methods{$function} =~ s/\&$opt\b/\*$opt/; # turn refs back into pointers - $actuals{$function} =~ s/::required\($opt\)/::optional($opt)/; # optional specific - $actuals{$function} =~ s/Required\($opt\)/$opt/; # optional generic - }; - $nFunctions++; - }; - - # - # Prepare to write header and source files - # - open(H, ">$HTARGETDIR/${type}abstractsession.h") or die "cannot write ${type}abstractsession.h: $^E"; - open(C, ">$CTARGETDIR/${type}abstractsession.cpp") or die "cannot write ${type}abstractsession.cpp: $^E"; - - # - # Create header file - # - print H < -$MOREHEADERS -#if defined(_CPP_${type}ABSTRACTSESSION) -# pragma export on -#endif - -namespace Security -{ - -// -// A pure abstract class to define the ${type} module interface -// -class ${type}AbstractPluginSession { -public: -HDRHEAD - - $functionCount = 0; - while (($function, $arglist) = each %methods) { - # generate method declaration - print H " virtual $returntype{$function} $function($arglist) = 0;\n"; - $functionCount++; - }; - print H < -#include -#include - -BODY - - # write transition layer functions - while (($function, $arglist) = each %functions) { - $lookupHandle = "${type}Handle"; - $lookupHandle = "DLDBHandle.DLHandle" if $arglist =~ /DL_DB_HANDLE/; - print C <($lookupHandle).$function($actuals{$function})${postfix{$function}} - END_API($type) -} - -SHIM - }; - - # generate dispatch table - in the right order, please - print C "\nstatic const CSSM_SPI_${type}_FUNCS ${type}FunctionStruct = {\n"; - while ($function = shift @functions) { - print C " cssm_$function,\n"; - shift @functions; # skip over arglist part - }; - print C "};\n\n"; - - print C < -#include -#include - - -// -// Construct the PluginSession base object. -// -PluginSession::PluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &version, - uint32 subserviceId, - CSSM_SERVICE_TYPE subserviceType, - CSSM_ATTACH_FLAGS attachFlags, - const CSSM_UPCALLS &inUpcalls) -: HandledObject(theHandle), plugin(plug), upcalls(inUpcalls) -{ - // fill in passed flags - mVersion = version; - mSubserviceId = subserviceId; - mSubserviceType = subserviceType; - mAttachFlags = attachFlags; -} - -PluginSession::~PluginSession() -{ -} - -void PluginSession::detach() -{ -} - - -// -// Allocation management -// -void *PluginSession::malloc(size_t size) throw(std::bad_alloc) -{ - if (void *addr = upcalls.malloc_func(handle(), size)) - return addr; - CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR); -} - -void *PluginSession::realloc(void *oldAddr, size_t size) throw(std::bad_alloc) -{ - if (void *addr = upcalls.realloc_func(handle(), oldAddr, size)) - return addr; - CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR); -} - - -// -// Dispatch events through the plugin module object. -// Subsystem ID and subservice type default to our own. -// - -void PluginSession::sendCallback(CSSM_MODULE_EVENT event, - uint32 subId, - CSSM_SERVICE_TYPE serviceType) const -{ - plugin.sendCallback(event, - (subId == uint32(-1)) ? mSubserviceId : subId, - serviceType ? serviceType : mSubserviceType); -} diff --git a/cdsa/cdsa_pluginlib/pluginsession.h b/cdsa/cdsa_pluginlib/pluginsession.h deleted file mode 100644 index 2ac13ee9..00000000 --- a/cdsa/cdsa_pluginlib/pluginsession.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// pluginsession - an attachment session for a CSSM plugin -// -#ifndef _H_PLUGINSESSION -#define _H_PLUGINSESSION - -#include -#include -#include - - -#ifdef _CPP_PLUGINSESSION -# pragma export on -#endif - -namespace Security -{ - -// -// A PluginSession object describes an ongoing connection between a particular -// CSSM client and our plugin. Every time CSSM_SPI_ModuleAttach is called -// (due to the client calling CSSM_ModuleAttach), a new PluginSession object -// is created as a result. Sessions and CSSM_MODULE_HANDLES correspond one-to-one. -// -// PluginSession is meant to be the parent class of your session object. -// This is where you store per-session information. -// -class PluginSession : public CssmAllocator, public HandledObject { - NOCOPY(PluginSession) - friend class CssmPlugin; -public: - PluginSession(CSSM_MODULE_HANDLE theHandle, - CssmPlugin &plug, - const CSSM_VERSION &Version, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - const CSSM_UPCALLS &upcalls); - virtual ~PluginSession(); - virtual void detach(); - - CssmPlugin &plugin; - - void sendCallback(CSSM_MODULE_EVENT event, - uint32 subId = uint32(-1), - CSSM_SERVICE_TYPE serviceType = 0) const; - - static void unimplemented() { CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); } - -protected: - virtual CSSM_MODULE_FUNCS_PTR construct() = 0; - -public: - // implement CssmHeap::Allocator - void *malloc(size_t size) throw(std::bad_alloc); - void *realloc(void *addr, size_t size) throw(std::bad_alloc); - void free(void *addr) throw() { upcalls.free_func(handle(), addr); } - - const CSSM_VERSION &version() const { return mVersion; } - uint32 subserviceId() const { return mSubserviceId; } - CSSM_SERVICE_TYPE subserviceType() const { return mSubserviceType; } - CSSM_ATTACH_FLAGS attachFlags() const { return mAttachFlags; } - -private: - CSSM_VERSION mVersion; - uint32 mSubserviceId; - CSSM_SERVICE_TYPE mSubserviceType; - CSSM_ATTACH_FLAGS mAttachFlags; - const CSSM_UPCALLS &upcalls; -}; - -} // end namespace Security - -#ifdef _CPP_PLUGINSESSION -# pragma export off -#endif - -#endif //_H_PLUGINSESSION diff --git a/cdsa/cdsa_pluginlib/pluginspi.h b/cdsa/cdsa_pluginlib/pluginspi.h deleted file mode 100644 index de869010..00000000 --- a/cdsa/cdsa_pluginlib/pluginspi.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// pluginspi - "roof" level entry points into a CSSM plugin. -// -// This file is meant to be included into the top-level source file -// for a CSSM plugin written to the C++ alternate interface. -// It contains actual code that defines the four required entry points. -// - -// -// Provide some flexibility for the includer -// -#if !defined(SPIPREFIX) -# define SPIPREFIX extern "C" CSSMSPI -#endif - - -SPIPREFIX CSSM_RETURN CSSM_SPI_ModuleLoad (const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleGuid, - CSSM_SPI_ModuleEventHandler CssmNotifyCallback, - void *CssmNotifyCallbackCtx) -{ - BEGIN_API - plugin().moduleLoad(Guid::required(CssmGuid), - Guid::required(ModuleGuid), - ModuleCallback(CssmNotifyCallback, CssmNotifyCallbackCtx)); - END_API(CSSM) -} - -SPIPREFIX CSSM_RETURN CSSM_SPI_ModuleUnload (const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleGuid, - CSSM_SPI_ModuleEventHandler CssmNotifyCallback, - void *CssmNotifyCallbackCtx) -{ - BEGIN_API - plugin().moduleUnload(Guid::required(CssmGuid), - Guid::required(ModuleGuid), - ModuleCallback(CssmNotifyCallback, CssmNotifyCallbackCtx)); - END_API(CSSM) -} - -SPIPREFIX CSSM_RETURN CSSM_SPI_ModuleAttach (const CSSM_GUID *ModuleGuid, - const CSSM_VERSION *Version, - uint32 SubserviceID, - CSSM_SERVICE_TYPE SubServiceType, - CSSM_ATTACH_FLAGS AttachFlags, - CSSM_MODULE_HANDLE ModuleHandle, - CSSM_KEY_HIERARCHY KeyHierarchy, - const CSSM_GUID *CssmGuid, - const CSSM_GUID *ModuleManagerGuid, - const CSSM_GUID *CallerGuid, - const CSSM_UPCALLS *Upcalls, - CSSM_MODULE_FUNCS_PTR *FuncTbl) -{ - BEGIN_API - plugin().moduleAttach(ModuleHandle, - Guid::required(CssmGuid), - Guid::required(ModuleGuid), - Guid::required(ModuleManagerGuid), - Guid::required(CallerGuid), - *Version, - SubserviceID, - SubServiceType, - AttachFlags, - KeyHierarchy, - Required(Upcalls), - Required(FuncTbl)); - END_API(CSSM) -} - -SPIPREFIX CSSM_RETURN CSSM_SPI_ModuleDetach (CSSM_MODULE_HANDLE ModuleHandle) -{ - BEGIN_API - plugin().moduleDetach(ModuleHandle); - END_API(CSSM) -} diff --git a/cdsa/cdsa_utilities.cpp b/cdsa/cdsa_utilities.cpp deleted file mode 100644 index d46034d0..00000000 --- a/cdsa/cdsa_utilities.cpp +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#define SYSLOG_NAMES // compile syslog name tables - -/* Headers. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Source files. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include diff --git a/cdsa/cdsa_utilities/AppleDatabase.cpp b/cdsa/cdsa_utilities/AppleDatabase.cpp deleted file mode 100644 index b6173ee9..00000000 --- a/cdsa/cdsa_utilities/AppleDatabase.cpp +++ /dev/null @@ -1,2255 +0,0 @@ -/* - * Copyright (c) 2000-2001, 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleDatabase.cpp - Description t.b.d. -// -#include "AppleDatabase.h" -#include -#include -#include -#include -#include -#include -#include - -// -// Table -// -Table::Table(const ReadSection &inTableSection) : - mMetaRecord(inTableSection[OffsetId]), - mTableSection(inTableSection), - mRecordsCount(inTableSection[OffsetRecordsCount]), - mFreeListHead(inTableSection[OffsetFreeListHead]), - mRecordNumbersCount(inTableSection[OffsetRecordNumbersCount]) -{ - // can't easily initialize indexes here, since meta record is incomplete - // until much later... see DbVersion::open() -} - -Table::~Table() -{ - for_each_map_delete(mIndexMap.begin(), mIndexMap.end()); -} - -void -Table::readIndexSection() -{ - uint32 indexSectionOffset = mTableSection.at(OffsetIndexesOffset); - - uint32 numIndexes = mTableSection.at(indexSectionOffset + AtomSize); - - for (uint32 i = 0; i < numIndexes; i++) { - uint32 indexOffset = mTableSection.at(indexSectionOffset + (i + 2) * AtomSize); - ReadSection indexSection(mTableSection.subsection(indexOffset)); - - auto_ptr index(new DbConstIndex(*this, indexSection)); - mIndexMap.insert(ConstIndexMap::value_type(index->indexId(), index.get())); - index.release(); - } -} - -Cursor * -Table::createCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion) const -{ - // if an index matches the query, return a cursor which uses the index - - ConstIndexMap::const_iterator it; - DbQueryKey *queryKey; - - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) - if (it->second->matchesQuery(*inQuery, queryKey)) { - IndexCursor *cursor = new IndexCursor(queryKey, inDbVersion, *this, it->second); - return cursor; - } - - // otherwise, return a cursor that iterates over all table records - - return new LinearCursor(inQuery, inDbVersion, *this); -} - -const ReadSection -Table::getRecordSection(uint32 inRecordNumber) const -{ - if (inRecordNumber >= mRecordNumbersCount) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - uint32 aRecordOffset = mTableSection[OffsetRecordNumbers + AtomSize - * inRecordNumber]; - - // Check if this RecordNumber has been deleted. - if (aRecordOffset & 1 || aRecordOffset == 0) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); - - return MetaRecord::readSection(mTableSection, aRecordOffset); -} - -const RecordId -Table::getRecord(const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CssmAllocator &inAllocator) const -{ - const ReadSection aRecordSection = getRecordSection(inRecordId.mRecordNumber); - const RecordId aRecordId = MetaRecord::unpackRecordId(aRecordSection); - - // Make sure the RecordNumber matches that in the RecordId we just retrived. - if (aRecordId.mRecordNumber != inRecordId.mRecordNumber) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - if (aRecordId.mCreateVersion != inRecordId.mCreateVersion) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - // XXX Figure out which value to pass for inQueryFlags (5th) argument - mMetaRecord.unpackRecord(aRecordSection, inAllocator, inoutAttributes, - inoutData, 0); - return aRecordId; -} - -uint32 -Table::popFreeList(uint32 &aFreeListHead) const -{ - assert(aFreeListHead | 1); - uint32 anOffset = aFreeListHead ^ 1; - uint32 aRecordNumber = (anOffset - OffsetRecordNumbers) / AtomSize; - aFreeListHead = mTableSection[anOffset]; - return aRecordNumber; -} - -const ReadSection -Table::getRecordsSection() const -{ - return mTableSection.subsection(mTableSection[OffsetRecords]); -} - -bool -Table::matchesTableId(Id inTableId) const -{ - Id anId = mMetaRecord.dataRecordType(); - if (inTableId == CSSM_DL_DB_RECORD_ANY) // All non schema tables. - return !(CSSM_DB_RECORDTYPE_SCHEMA_START <= anId - && anId < CSSM_DB_RECORDTYPE_SCHEMA_END); - - if (inTableId == CSSM_DL_DB_RECORD_ALL_KEYS) // All key tables. - return (anId == CSSM_DL_DB_RECORD_PUBLIC_KEY - || anId == CSSM_DL_DB_RECORD_PRIVATE_KEY - || anId == CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - - return inTableId == anId; // Only if exact match. -} - - -// -// ModifiedTable -// -ModifiedTable::ModifiedTable(const Table *inTable) : - mTable(inTable), - mNewMetaRecord(nil), - mRecordNumberCount(inTable->recordNumberCount()), - mFreeListHead(inTable->freeListHead()), - mIsModified(false) -{ -} - -ModifiedTable::ModifiedTable(MetaRecord *inMetaRecord) : - mTable(nil), - mNewMetaRecord(inMetaRecord), - mRecordNumberCount(0), - mFreeListHead(0), - mIsModified(true) -{ -} - -ModifiedTable::~ModifiedTable() -{ - for_each_map_delete(mIndexMap.begin(), mIndexMap.end()); - for_each_map_delete(mInsertedMap.begin(), mInsertedMap.end()); - - delete mNewMetaRecord; -} - -void -ModifiedTable::deleteRecord(const RecordId &inRecordId) -{ - modifyTable(); - - uint32 aRecordNumber = inRecordId.mRecordNumber; - - // remove the record from all the indexes - MutableIndexMap::iterator it; - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) - it->second->removeRecord(aRecordNumber); - - InsertedMap::iterator anIt = mInsertedMap.find(inRecordId.mRecordNumber); - if (anIt == mInsertedMap.end()) - { - // If we have no old table than this record can not exist yet. - if (!mTable) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); - -#if RECORDVERSIONCHECK - const RecordId aRecordId = MetaRecord::unpackRecordId(mTable->getRecordSection(aRecordNumber)); - if (aRecordId.mRecordVersion != inRecordId.mRecordVersion) - CssmError::throwMe(CSSMERR_DL_RECORD_MODIFIED); -#endif - - // Schedule the record for deletion - if (!mDeletedSet.insert(aRecordNumber).second) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // It was already deleted - } - else - { - const RecordId aRecordId = MetaRecord::unpackRecordId(*anIt->second); - if (aRecordId.mCreateVersion != inRecordId.mCreateVersion) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); - -#if RECORDVERSIONCHECK - if (aRecordId.mRecordVersion != inRecordId.mRecordVersion) - CssmError::throwMe(CSSMERR_DL_RECORD_MODIFIED); -#endif - - // Remove the inserted (but uncommited) record. It should already be in mDeletedSet - // if it existed previously in mTable. - mInsertedMap.erase(anIt); - delete anIt->second; - } -} - -const RecordId -ModifiedTable::insertRecord(uint32 inVersionId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) -{ - modifyTable(); - - auto_ptr aWriteSection(new WriteSection()); - getMetaRecord().packRecord(*aWriteSection, inAttributes, inData); - uint32 aRecordNumber = nextRecordNumber(); - - // add the record to all the indexes; this will throw if the new record - // violates a unique index - MutableIndexMap::iterator it; - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) - it->second->insertRecord(aRecordNumber, *(aWriteSection.get())); - - // schedule the record for insertion - RecordId aRecordId(aRecordNumber, inVersionId); - MetaRecord::packRecordId(aRecordId, *aWriteSection); - mInsertedMap.insert(InsertedMap::value_type(aRecordNumber, aWriteSection.get())); - - aWriteSection.release(); - - return aRecordId; -} - -const RecordId -ModifiedTable::updateRecord(const RecordId &inRecordId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode) -{ - modifyTable(); - - uint32 aRecordNumber = inRecordId.mRecordNumber; - InsertedMap::iterator anIt = mInsertedMap.find(inRecordId.mRecordNumber); - - // aReUpdate is true iff we are updating an already updated record. - bool aReUpdate = anIt != mInsertedMap.end(); - - // If we are not re-updating and there is no old table than this record does not exist yet. - if (!aReUpdate && !mTable) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); - - const ReadSection &anOldDbRecord = aReUpdate ? *anIt->second : mTable->getRecordSection(aRecordNumber); - const RecordId aRecordId = MetaRecord::unpackRecordId(anOldDbRecord); - - // Did someone else delete the record we are trying to update. - if (aRecordId.mCreateVersion != inRecordId.mCreateVersion) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); - -#if RECORDVERSIONCHECK - // Is the record we that our update is based on current? - if (aRecordId.mRecordVersion != inRecordId.mRecordVersion) - CssmError::throwMe(CSSMERR_DL_STALE_UNIQUE_RECORD); -#endif - - // Update the actual packed record. - auto_ptr aDbRecord(new WriteSection()); - getMetaRecord().updateRecord(anOldDbRecord, *aDbRecord, - CssmDbRecordAttributeData::overlay(inAttributes), inData, inModifyMode); - - - // Bump the RecordVersion of this record. - RecordId aNewRecordId(aRecordNumber, inRecordId.mCreateVersion, inRecordId.mRecordVersion + 1); - // Store the RecordVersion in the packed aDbRecord. - MetaRecord::packRecordId(aNewRecordId, *aDbRecord); - - if (!aReUpdate && !mDeletedSet.insert(aRecordNumber).second) - CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Record was already in mDeletedSet - - try - { - // remove the original record from all the indexes - MutableIndexMap::iterator it; - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) - it->second->removeRecord(aRecordNumber); - - // add the updated record to all the indexes; this will throw if the new record - // violates a unique index - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) - it->second->insertRecord(aRecordNumber, *(aDbRecord.get())); - - mInsertedMap.insert(InsertedMap::value_type(aRecordNumber, aDbRecord.get())); - aDbRecord.release(); - } - catch(...) - { - if (!aReUpdate) - mDeletedSet.erase(aRecordNumber); - throw; - } - - return aNewRecordId; -} - -uint32 -ModifiedTable::nextRecordNumber() -{ - // If we still have unused free records in mTable get the next one. - if (mFreeListHead) - return mTable->popFreeList(mFreeListHead); - - // Bump up the mRecordNumberCount so we don't reuse the same one. - return mRecordNumberCount++; -} - -uint32 -ModifiedTable::recordNumberCount() const -{ - uint32 anOldMax = !mTable ? 0 : mTable->recordNumberCount() - 1; - uint32 anInsertedMax = mInsertedMap.empty() ? 0 : mInsertedMap.rbegin()->first; - - DeletedSet::reverse_iterator anIt = mDeletedSet.rbegin(); - DeletedSet::reverse_iterator anEnd = mDeletedSet.rend(); - for (; anIt != anEnd; anIt++) - { - if (*anIt != anOldMax || anOldMax <= anInsertedMax) - break; - anOldMax--; - } - - return max(anOldMax,anInsertedMax) + 1; -} - -const MetaRecord & -ModifiedTable::getMetaRecord() const -{ - return mNewMetaRecord ? *mNewMetaRecord : mTable->getMetaRecord(); -} - -// prepare to modify the table - -void -ModifiedTable::modifyTable() -{ - if (!mIsModified) { - createMutableIndexes(); - mIsModified = true; - } -} - -// create mutable indexes from the read-only indexes in the underlying table - -void -ModifiedTable::createMutableIndexes() -{ - if (mTable == NULL) - return; - - Table::ConstIndexMap::const_iterator it; - for (it = mTable->mIndexMap.begin(); it != mTable->mIndexMap.end(); it++) { - auto_ptr mutableIndex(new DbMutableIndex(*it->second)); - mIndexMap.insert(MutableIndexMap::value_type(it->first, mutableIndex.get())); - mutableIndex.release(); - } -} - -// find, and create if needed, an index with the given id - -DbMutableIndex & -ModifiedTable::findIndex(uint32 indexId, const MetaRecord &metaRecord, bool isUniqueIndex) -{ - MutableIndexMap::iterator it = mIndexMap.find(indexId); - - if (it == mIndexMap.end()) { - // create the new index - auto_ptr index(new DbMutableIndex(metaRecord, indexId, isUniqueIndex)); - it = mIndexMap.insert(MutableIndexMap::value_type(indexId, index.get())).first; - index.release(); - } - - return *it->second; -} - -uint32 -ModifiedTable::writeIndexSection(WriteSection &tableSection, uint32 offset) -{ - MutableIndexMap::iterator it; - - tableSection.put(Table::OffsetIndexesOffset, offset); - - // leave room for the size, to be written later - uint32 indexSectionOffset = offset; - offset += AtomSize; - - offset = tableSection.put(offset, mIndexMap.size()); - - // leave room for the array of offsets to the indexes - uint32 indexOffsetOffset = offset; - offset += mIndexMap.size() * AtomSize; - - // write the indexes - for (it = mIndexMap.begin(); it != mIndexMap.end(); it++) { - indexOffsetOffset = tableSection.put(indexOffsetOffset, offset); - offset = it->second->writeIndex(tableSection, offset); - } - - // write the total index section size - tableSection.put(indexSectionOffset, offset - indexSectionOffset); - - return offset; -} - -uint32 -ModifiedTable::writeTable(AtomicTempFile &inAtomicTempFile, uint32 inSectionOffset) -{ - if (mTable && !mIsModified) { - // the table has not been modified, so we can just dump the old table - // section into the new database - - const ReadSection &tableSection = mTable->getTableSection(); - uint32 tableSize = tableSection.at(Table::OffsetSize); - - inAtomicTempFile.write(AtomicFile::FromStart, inSectionOffset, - tableSection.range(Range(0, tableSize)), tableSize); - - return inSectionOffset + tableSize; - } - - // We should have an old mTable or a mNewMetaRecord but not both. - assert(mTable != nil ^ mNewMetaRecord != nil); - const MetaRecord &aNewMetaRecord = getMetaRecord(); - - uint32 aRecordsCount = 0; - uint32 aRecordNumbersCount = recordNumberCount(); - uint32 aRecordsOffset = Table::OffsetRecordNumbers + AtomSize * aRecordNumbersCount; - WriteSection aTableSection(CssmAllocator::standard(), aRecordsOffset); - aTableSection.size(aRecordsOffset); - aTableSection.put(Table::OffsetId, aNewMetaRecord.dataRecordType()); - aTableSection.put(Table::OffsetRecords, aRecordsOffset); - aTableSection.put(Table::OffsetRecordNumbersCount, aRecordNumbersCount); - - uint32 anOffset = inSectionOffset + aRecordsOffset; - - if (mTable) - { - // XXX Handle schema changes in the future. - assert(mNewMetaRecord == nil); - - // We have a modified old table so copy all non deleted records - // The code below is rather elaborate, but this is because it attempts - // to copy large ranges of non deleted records with single calls - // to AtomicFile::write() - uint32 anOldRecordsCount = mTable->getRecordsCount(); - ReadSection aRecordsSection = mTable->getRecordsSection(); - uint32 aReadOffset = 0; // Offset of current record - uint32 aWriteOffset = aRecordsOffset; // Offset for current write record - uint32 aBlockStart = aReadOffset; // Starting point for read - uint32 aBlockSize = 0; // Size of block to read - for (uint32 aRecord = 0; aRecord < anOldRecordsCount; aRecord++) - { - ReadSection aRecordSection = MetaRecord::readSection(aRecordsSection, aReadOffset); - uint32 aRecordNumber = MetaRecord::unpackRecordNumber(aRecordSection); - uint32 aRecordSize = aRecordSection.size(); - aReadOffset += aRecordSize; - if (mDeletedSet.find(aRecordNumber) == mDeletedSet.end()) - { - // This record has not been deleted. Register the offset - // at which it will be in the new file in aTableSection. - aTableSection.put(Table::OffsetRecordNumbers - + AtomSize * aRecordNumber, - aWriteOffset); - aWriteOffset += aRecordSize; - aBlockSize += aRecordSize; - aRecordsCount++; - // XXX update all indexes being created. - } - else - { - // The current record has been deleted. Copy all records up - // to but not including the current one to the new file. - if (aBlockSize > 0) - { - inAtomicTempFile.write(AtomicFile::FromStart, anOffset, - aRecordsSection.range(Range(aBlockStart, - aBlockSize)), - aBlockSize); - anOffset += aBlockSize; - } - - // Set the start of the next block to the start of the next - // record, and the size of the block to 0. - aBlockStart = aReadOffset; - aBlockSize = 0; - } // if (mDeletedSet..) - } // for (aRecord...) - - // Copy all records that have not yet been copied to the new file. - if (aBlockSize > 0) - { - inAtomicTempFile.write(AtomicFile::FromStart, anOffset, - aRecordsSection.range(Range(aBlockStart, - aBlockSize)), - aBlockSize); - anOffset += aBlockSize; - } - } // if (mTable) - - // Now add all inserted records to the table. - InsertedMap::const_iterator anIt = mInsertedMap.begin(); - InsertedMap::const_iterator anEnd = mInsertedMap.end(); - // Iterate over all inserted objects. - for (; anIt != anEnd; anIt++) - { - // Write out each inserted/modified record - const WriteSection &aRecord = *anIt->second; - uint32 aRecordNumber = anIt->first; - // Put offset relative to start of this table in recordNumber array. - aTableSection.put(Table::OffsetRecordNumbers + AtomSize * aRecordNumber, - anOffset - inSectionOffset); - inAtomicTempFile.write(AtomicFile::FromStart, anOffset, - aRecord.address(), aRecord.size()); - anOffset += aRecord.size(); - aRecordsCount++; - // XXX update all indexes being created. - } - - // Reconstruct the freelist (this is O(N) where N is the number of recordNumbers) - // We could implement it faster by using the old freelist and skipping the records - // that have been inserted. However building the freelist for the newly used - // recordNumbers (not in mTable) would look like the code below anyway (starting - // from mTable->recordNumberCount()). - // The first part of this would be O(M Log(N)) (where M is the old number of - // free records, and N is the number of newly inserted records) - // The second part would be O(N) where N is the currently max RecordNumber - // in use - the old max RecordNumber in use. - uint32 aFreeListHead = 0; // Link to previous free record - for (uint32 aRecordNumber = 0; aRecordNumber < aRecordNumbersCount; aRecordNumber++) - { - // Make the freelist a list of all records with 0 offset (non existing). - if (!aTableSection.at(Table::OffsetRecordNumbers + AtomSize * aRecordNumber)) - { - aTableSection.put(Table::OffsetRecordNumbers - + AtomSize * aRecordNumber, - aFreeListHead); - // Make aFreeListHead point to the previous free recordNumber slot in the table. - aFreeListHead = (Table::OffsetRecordNumbers + AtomSize * aRecordNumber) | 1; - } - } - aTableSection.put(Table::OffsetFreeListHead, aFreeListHead); - - anOffset -= inSectionOffset; - - // Write out indexes, which are part of the table section - - { - uint32 indexOffset = anOffset; - anOffset = writeIndexSection(aTableSection, anOffset); - inAtomicTempFile.write(AtomicFile::FromStart, inSectionOffset + indexOffset, - aTableSection.address() + indexOffset, anOffset - indexOffset); - } - - // Set the section size and recordCount. - aTableSection.put(Table::OffsetSize, anOffset); - aTableSection.put(Table::OffsetRecordsCount, aRecordsCount); - - // Write out aTableSection header. - inAtomicTempFile.write(AtomicFile::FromStart, inSectionOffset, - aTableSection.address(), aTableSection.size()); - - return anOffset + inSectionOffset; -} - - - -// -// Metadata -// - -// Attribute definitions - -static const CSSM_DB_ATTRIBUTE_INFO RelationID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"RelationID"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO RelationName = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"RelationName"}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING -}; -static const CSSM_DB_ATTRIBUTE_INFO AttributeID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AttributeID"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO AttributeNameFormat = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AttributeNameFormat"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO AttributeName = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AttributeName"}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING -}; -static const CSSM_DB_ATTRIBUTE_INFO AttributeNameID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AttributeNameID"}, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB -}; -static const CSSM_DB_ATTRIBUTE_INFO AttributeFormat = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AttributeFormat"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO IndexID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"IndexID"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO IndexType = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"IndexType"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO IndexedDataLocation = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"IndexedDataLocation"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO ModuleID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"ModuleID"}, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB -}; -static const CSSM_DB_ATTRIBUTE_INFO AddinVersion = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"AddinVersion"}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING -}; -static const CSSM_DB_ATTRIBUTE_INFO SSID = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"SSID"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; -static const CSSM_DB_ATTRIBUTE_INFO SubserviceType = -{ - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - {"SubserviceType"}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 -}; - -#define ATTRIBUTE(type, name) \ - { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, { #name }, CSSM_DB_ATTRIBUTE_FORMAT_ ## type } - -static const CSSM_DB_ATTRIBUTE_INFO AttrSchemaRelations[] = -{ - //RelationID, RelationName - ATTRIBUTE(UINT32, RelationID), - ATTRIBUTE(STRING, RelationName) -}; - -static const CSSM_DB_ATTRIBUTE_INFO AttrSchemaAttributes[] = -{ - //RelationID, AttributeID, - //AttributeNameFormat, AttributeName, AttributeNameID, - //AttributeFormat - ATTRIBUTE(UINT32, RelationID), - ATTRIBUTE(UINT32, AttributeID), - ATTRIBUTE(UINT32, AttributeNameFormat), - ATTRIBUTE(STRING, AttributeName), - ATTRIBUTE(BLOB, AttributeNameID), - ATTRIBUTE(UINT32, AttributeFormat) -}; - -static const CSSM_DB_ATTRIBUTE_INFO AttrSchemaIndexes[] = -{ - ATTRIBUTE(UINT32, RelationID), - ATTRIBUTE(UINT32, IndexID), - ATTRIBUTE(UINT32, AttributeID), - ATTRIBUTE(UINT32, IndexType), - ATTRIBUTE(UINT32, IndexedDataLocation) - //RelationID, IndexID, AttributeID, - //IndexType, IndexedDataLocation -}; - -static const CSSM_DB_ATTRIBUTE_INFO AttrSchemaParsingModule[] = -{ - ATTRIBUTE(UINT32, RelationID), - ATTRIBUTE(UINT32, AttributeID), - ATTRIBUTE(BLOB, ModuleID), - ATTRIBUTE(STRING, AddinVersion), - ATTRIBUTE(UINT32, SSID), - ATTRIBUTE(UINT32, SubserviceType) - //RelationID, AttributeID, - //ModuleID, AddinVersion, SSID, SubserviceType -}; - -#undef ATTRIBUTE - -// -// DbVersion -// -DbVersion::DbVersion(const AppleDatabase &db, const RefPointer &inAtomicBufferedFile) : - mDatabase(reinterpret_cast(NULL), 0), - mDb(db), - mBufferedFile(inAtomicBufferedFile) -{ - off_t aLength = mBufferedFile->length(); - off_t bytesRead = 0; - const uint8 *ptr = mBufferedFile->read(0, aLength, bytesRead); - mBufferedFile->close(); - mDatabase = ReadSection(ptr, bytesRead); - open(); -} - -DbVersion::~DbVersion() -{ - try - { - for_each_map_delete(mTableMap.begin(), mTableMap.end()); - } - catch(...) {} -} - -void -DbVersion::open() -{ - try - { - // This is the oposite of DbModifier::commit() - mVersionId = mDatabase[mDatabase.size() - AtomSize]; - - const ReadSection aHeaderSection = mDatabase.subsection(HeaderOffset, - HeaderSize); - if (aHeaderSection.at(OffsetMagic) != HeaderMagic) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - // We currently only support one version. If we support additional - // file format versions in the future fix this. - uint32 aVersion = aHeaderSection.at(OffsetVersion); - if (aVersion != HeaderVersion) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - //const ReadSection anAuthSection = - // mDatabase.subsection(HeaderOffset + aHeaderSection.at(OffsetAuthOffset)); - // XXX Do something with anAuthSection. - - uint32 aSchemaOffset = aHeaderSection.at(OffsetSchemaOffset); - const ReadSection aSchemaSection = - mDatabase.subsection(HeaderOffset + aSchemaOffset); - - uint32 aSchemaSize = aSchemaSection[OffsetSchemaSize]; - // Make sure that the given range exists. - aSchemaSection.subsection(0, aSchemaSize); - uint32 aTableCount = aSchemaSection[OffsetTablesCount]; - - // Assert that the size of this section is big enough. - if (aSchemaSize < OffsetTables + AtomSize * aTableCount) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - for (uint32 aTableNumber = 0; aTableNumber < aTableCount; - aTableNumber++) - { - uint32 aTableOffset = aSchemaSection.at(OffsetTables + AtomSize - * aTableNumber); - // XXX Set the size boundary on aTableSection. - const ReadSection aTableSection = - aSchemaSection.subsection(aTableOffset); - auto_ptr aTable(new Table(aTableSection)); - Table::Id aTableId = aTable->getMetaRecord().dataRecordType(); - mTableMap.insert(TableMap::value_type(aTableId, aTable.get())); - aTable.release(); - } - - // Fill in the schema for the meta tables. - - findTable(mDb.schemaRelations.DataRecordType).getMetaRecord(). - setRecordAttributeInfo(mDb.schemaRelations); - findTable(mDb.schemaIndexes.DataRecordType).getMetaRecord(). - setRecordAttributeInfo(mDb.schemaIndexes); - findTable(mDb.schemaParsingModule.DataRecordType).getMetaRecord(). - setRecordAttributeInfo(mDb.schemaParsingModule); - - // OK, we have created all the tables in the tableMap. Now - // lets read the schema and proccess it accordingly. - // Iterate over all schema records. - Table &aTable = findTable(mDb.schemaAttributes.DataRecordType); - aTable.getMetaRecord().setRecordAttributeInfo(mDb.schemaAttributes); - uint32 aRecordsCount = aTable.getRecordsCount(); - ReadSection aRecordsSection = aTable.getRecordsSection(); - uint32 aReadOffset = 0; - const MetaRecord &aMetaRecord = aTable.getMetaRecord(); - - CSSM_DB_ATTRIBUTE_DATA aRelationIDData = - { - RelationID, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aAttributeIDData = - { - AttributeID, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aAttributeNameFormatData = - { - AttributeNameFormat, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aAttributeNameData = - { - AttributeName, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aAttributeNameIDData = - { - AttributeNameID, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aAttributeFormatData = - { - AttributeFormat, - 0, - NULL - }; - CSSM_DB_ATTRIBUTE_DATA aRecordAttributes[] = - { - aRelationIDData, - aAttributeIDData, - aAttributeNameFormatData, - aAttributeNameData, - aAttributeNameIDData, - aAttributeFormatData - }; - CSSM_DB_RECORD_ATTRIBUTE_DATA aRecordAttributeData = - { - aMetaRecord.dataRecordType(), - 0, - sizeof(aRecordAttributes) / sizeof(CSSM_DB_ATTRIBUTE_DATA), - aRecordAttributes - }; - CssmDbRecordAttributeData &aRecordData = CssmDbRecordAttributeData::overlay(aRecordAttributeData); - - TrackingAllocator recordAllocator(CssmAllocator::standard()); - for (uint32 aRecord = 0; aRecord != aRecordsCount; aRecord++) - { - ReadSection aRecordSection = MetaRecord::readSection(aRecordsSection, aReadOffset); - uint32 aRecordSize = aRecordSection.size(); - aReadOffset += aRecordSize; - aMetaRecord.unpackRecord(aRecordSection, recordAllocator, - &aRecordAttributeData, NULL, 0); - // Create the attribute coresponding to this entry - if (aRecordData[0].size() != 1 || aRecordData[0].format() != CSSM_DB_ATTRIBUTE_FORMAT_UINT32) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - uint32 aRelationId = aRecordData[0]; - - // Skip the schema relations for the meta tables themselves. - // FIXME: this hard-wires the meta-table relation IDs to be - // within {CSSM_DB_RECORDTYPE_SCHEMA_START... - // CSSM_DB_RECORDTYPE_SCHEMA_END} (which is {0..4}). - // Bogus - the MDS schema relation IDs start at - // CSSM_DB_RELATIONID_MDS_START which is 0x40000000. - // Ref. Radar 2817921. - if (CSSM_DB_RECORDTYPE_SCHEMA_START <= aRelationId && aRelationId < CSSM_DB_RECORDTYPE_SCHEMA_END) - continue; - - // Get the MetaRecord corresponding to the specified RelationId - MetaRecord &aMetaRecord = findTable(aRelationId).getMetaRecord(); - - if (aRecordData[1].size() != 1 - || aRecordData[1].format() != CSSM_DB_ATTRIBUTE_FORMAT_UINT32 - || aRecordData[2].size() != 1 - || aRecordData[2].format() != CSSM_DB_ATTRIBUTE_FORMAT_UINT32 - || aRecordData[5].size() != 1 - || aRecordData[5].format() != CSSM_DB_ATTRIBUTE_FORMAT_UINT32) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - uint32 anAttributeId = aRecordData[1]; - uint32 anAttributeNameFormat = aRecordData[2]; - uint32 anAttributeFormat = aRecordData[5]; - auto_ptr aName; - const CssmData *aNameID = NULL; - - if (aRecordData[3].size() == 1) - { - if (aRecordData[3].format() != CSSM_DB_ATTRIBUTE_FORMAT_STRING) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - auto_ptr aName2(new string(static_cast(aRecordData[3]))); - aName = aName2; - } - - if (aRecordData[4].size() == 1) - { - if (aRecordData[4].format() != CSSM_DB_ATTRIBUTE_FORMAT_BLOB) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - // @@@ Invoking conversion operator to CssmData & on aRecordData[4] - // And taking address of result. - aNameID = &static_cast(aRecordData[4]); - } - - // Make sure that the attribute specified by anAttributeNameFormat is present. - switch (anAttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - if (aRecordData[3].size() != 1) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - if (aRecordData[4].size() != 1) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - break; - default: - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - } - - // Create the attribute - aMetaRecord.createAttribute(aName.get(), aNameID, anAttributeId, anAttributeFormat); - } - - // initialize the indexes associated with each table - { - TableMap::iterator it; - for (it = mTableMap.begin(); it != mTableMap.end(); it++) - it->second->readIndexSection(); - } - } - catch(...) - { - for_each_map_delete(mTableMap.begin(), mTableMap.end()); - mTableMap.clear(); - throw; - } -} - -const RecordId -DbVersion::getRecord(Table::Id inTableId, const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA *inoutAttributes, - CssmData *inoutData, - CssmAllocator &inAllocator) const -{ - return findTable(inTableId).getRecord(inRecordId, inoutAttributes, - inoutData, inAllocator); -} - -Cursor * -DbVersion::createCursor(const CSSM_QUERY *inQuery) const -{ - // XXX We should add support for these special query types - // By Creating a Cursor that iterates over multiple tables - if (!inQuery || inQuery->RecordType == CSSM_DL_DB_RECORD_ANY - || inQuery->RecordType == CSSM_DL_DB_RECORD_ALL_KEYS) - { - return new MultiCursor(inQuery, *this); - } - - return findTable(inQuery->RecordType).createCursor(inQuery, *this); -} - -const Table & -DbVersion::findTable(Table::Id inTableId) const -{ - TableMap::const_iterator it = mTableMap.find(inTableId); - if (it == mTableMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - return *it->second; -} - -Table & -DbVersion::findTable(Table::Id inTableId) -{ - TableMap::iterator it = mTableMap.find(inTableId); - if (it == mTableMap.end()) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - return *it->second; -} - -// -// Cursor implemetation -// -Cursor::~Cursor() -{ -} - - -// -// LinearCursor implemetation -// -LinearCursor::LinearCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion, - const Table &inTable) : - mDbVersion(&inDbVersion), - mRecordsCount(inTable.getRecordsCount()), - mRecord(0), - mRecordsSection(inTable.getRecordsSection()), - mReadOffset(0), - mMetaRecord(inTable.getMetaRecord()) -{ - if (inQuery) - { - mConjunctive = inQuery->Conjunctive; - mQueryFlags = inQuery->QueryFlags; - // XXX Do something with inQuery->QueryLimits? - uint32 aPredicatesCount = inQuery->NumSelectionPredicates; - mPredicates.resize(aPredicatesCount); - try - { - for (uint32 anIndex = 0; anIndex < aPredicatesCount; anIndex++) - { - CSSM_SELECTION_PREDICATE &aPredicate = inQuery->SelectionPredicate[anIndex]; - mPredicates[anIndex] = new SelectionPredicate(mMetaRecord, aPredicate); - } - } - catch(...) - { - for_each_delete(mPredicates.begin(), mPredicates.end()); - throw; - } - } -} - -LinearCursor::~LinearCursor() -{ - for_each_delete(mPredicates.begin(), mPredicates.end()); -} - -bool -LinearCursor::next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, CssmAllocator &inAllocator, RecordId &recordId) -{ - while (mRecord++ < mRecordsCount) - { - ReadSection aRecordSection = MetaRecord::readSection(mRecordsSection, mReadOffset); - uint32 aRecordSize = aRecordSection.size(); - mReadOffset += aRecordSize; - - PredicateVector::const_iterator anIt = mPredicates.begin(); - PredicateVector::const_iterator anEnd = mPredicates.end(); - bool aMatch; - if (anIt == anEnd) - { - // If there are no predicates we have a match. - aMatch = true; - } - else if (mConjunctive == CSSM_DB_OR) - { - // If mConjunctive is OR, the first predicate that returns - // true indicates a match. Dropthough means no match - aMatch = false; - for (; anIt != anEnd; anIt++) - { - if ((*anIt)->evaluate(aRecordSection)) - { - aMatch = true; - break; - } - } - } - else if (mConjunctive == CSSM_DB_AND || mConjunctive == CSSM_DB_NONE) - { - // If mConjunctive is AND (or NONE), the first predicate that returns - // false indicates a mismatch. Dropthough means a match - aMatch = true; - for (; anIt != anEnd; anIt++) - { - if (!(*anIt)->evaluate(aRecordSection)) - { - aMatch = false; - break; - } - } - } - else - { - // XXX Should be CSSMERR_DL_INVALID_QUERY (or CSSMERR_DL_INVALID_CONJUNTIVE). - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - } - - if (aMatch) - { - // Get the actual record. - mMetaRecord.unpackRecord(aRecordSection, inAllocator, - inoutAttributes, inoutData, - mQueryFlags); - outTableId = mMetaRecord.dataRecordType(); - recordId = MetaRecord::unpackRecordId(aRecordSection); - return true; - } - } - - return false; -} - -// -// IndexCursor -// - -IndexCursor::IndexCursor(DbQueryKey *queryKey, const DbVersion &inDbVersion, - const Table &table, const DbConstIndex *index) -: mQueryKey(queryKey), mDbVersion(inDbVersion), mTable(table), mIndex(index) -{ - index->performQuery(*queryKey, mBegin, mEnd); -} - -IndexCursor::~IndexCursor() -{ - // the query key will be deleted automatically, since it's an auto_ptr -} - -bool -IndexCursor::next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR outAttributes, - CssmData *outData, - CssmAllocator &inAllocator, RecordId &recordId) -{ - if (mBegin == mEnd) - return false; - - ReadSection rs = mIndex->getRecordSection(mBegin++); - const MetaRecord &metaRecord = mTable.getMetaRecord(); - - outTableId = metaRecord.dataRecordType(); - metaRecord.unpackRecord(rs, inAllocator, outAttributes, outData, 0); - - recordId = MetaRecord::unpackRecordId(rs); - return true; -} - -// -// MultiCursor -// -MultiCursor::MultiCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion) : - mDbVersion(&inDbVersion), mTableIterator(inDbVersion.begin()) -{ - if (inQuery) - mQuery.reset(new CssmAutoQuery(*inQuery)); - else - { - mQuery.reset(new CssmAutoQuery()); - mQuery->recordType(CSSM_DL_DB_RECORD_ANY); - } -} - -MultiCursor::~MultiCursor() -{ -} - -bool -MultiCursor::next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, CssmAllocator &inAllocator, RecordId &recordId) -{ - for (;;) - { - if (!mCursor.get()) - { - if (mTableIterator == mDbVersion->end()) - return false; - - const Table &aTable = *mTableIterator++; - if (!aTable.matchesTableId(mQuery->recordType())) - continue; - - mCursor.reset(aTable.createCursor(mQuery.get(), *mDbVersion)); - } - - if (mCursor->next(outTableId, inoutAttributes, inoutData, inAllocator, recordId)) - return true; - - mCursor.reset(NULL); - } -} - - -// -// DbModifier -// -DbModifier::DbModifier(AtomicFile &inAtomicFile, const AppleDatabase &db) : - Metadata(), - mDbVersion(), - mAtomicFile(inAtomicFile), - mDb(db) -{ -} - -DbModifier::~DbModifier() -{ - try - { - for_each_map_delete(mModifiedTableMap.begin(), mModifiedTableMap.end()); - // mAtomicTempFile will do automatic rollback on destruction. - } - catch(...) {} -} - -const RefPointer -DbModifier::getDbVersion() -{ - StLock _(mDbVersionLock); - RefPointer atomicBufferedFile(mAtomicFile.read()); - off_t length = atomicBufferedFile->open(); - if (mDbVersion) - { - if (length < AtomSize) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - off_t bytesRead = 0; - const uint8 *ptr = atomicBufferedFile->read(length - AtomSize, AtomSize, bytesRead); - ReadSection aVersionSection(ptr, bytesRead); - uint32 aVersionId = aVersionSection[0]; - - if (aVersionId == mDbVersion->getVersionId()) - return mDbVersion; - } - - mDbVersion = new DbVersion(mDb, atomicBufferedFile); - - return mDbVersion; -} - -void -DbModifier::createDatabase(const CSSM_DBINFO &inDbInfo, - const CSSM_ACL_ENTRY_INPUT *inInitialAclEntry, - mode_t mode) -{ - // XXX This needs better locking. There is a possible race condition between - // two concurrent creators. Or a writer/creator or a close/create etc. - if (mAtomicTempFile || !mModifiedTableMap.empty()) - CssmError::throwMe(CSSMERR_DL_DATASTORE_ALREADY_EXISTS); - - mAtomicTempFile = mAtomicFile.create(mode); - // Set mVersionId to one since this is the first version of the database. - mVersionId = 1; - - // we need to create the meta tables first, because inserting tables - // (including the meta tables themselves) relies on them being there - createTable(new MetaRecord(mDb.schemaRelations)); - createTable(new MetaRecord(mDb.schemaAttributes)); - createTable(new MetaRecord(mDb.schemaIndexes)); - createTable(new MetaRecord(mDb.schemaParsingModule)); - - // now add the meta-tables' schema to the meta tables themselves - insertTableSchema(mDb.schemaRelations); - insertTableSchema(mDb.schemaAttributes); - insertTableSchema(mDb.schemaIndexes); - insertTableSchema(mDb.schemaParsingModule); - - if (inInitialAclEntry != NULL) - { - //createACL(*inInitialAclEntry); - } - - if (inDbInfo.NumberOfRecordTypes == 0) - return; - if (inDbInfo.RecordAttributeNames == NULL) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - if (inDbInfo.RecordIndexes == NULL) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_INDEX); - if (inDbInfo.DefaultParsingModules == NULL) - CssmError::throwMe(CSSMERR_DL_INVALID_PARSING_MODULE); - - for (uint32 anIndex = 0; anIndex < inDbInfo.NumberOfRecordTypes; anIndex++) - { - insertTable(CssmDbRecordAttributeInfo::overlay(inDbInfo.RecordAttributeNames[anIndex]), - &inDbInfo.RecordIndexes[anIndex], - &inDbInfo.DefaultParsingModules[anIndex]); - } -} - -void DbModifier::openDatabase() -{ - commit(); // XXX Requires write lock. - getDbVersion(); -} - -void DbModifier::closeDatabase() -{ - commit(); // XXX Requires write lock. - StLock _(mDbVersionLock); - mDbVersion = NULL; -} - -void DbModifier::deleteDatabase() -{ - rollback(); // XXX Requires write lock. Also if autoCommit was disabled - // this will incorrectly cause the performDelete to throw CSSMERR_DB_DOES_NOT_EXIST. - StLock _(mDbVersionLock); - - // Clean up mModifiedTableMap in case this object gets reused again for - // a new create. - for_each_map_delete(mModifiedTableMap.begin(), mModifiedTableMap.end()); - mModifiedTableMap.clear(); - - mDbVersion = NULL; - mAtomicFile.performDelete(); -} - -void -DbModifier::modifyDatabase() -{ - if (mAtomicTempFile) - return; - - try - { - mAtomicTempFile = mAtomicFile.write(); - // Now we are holding the write lock make sure we get the latest greatest version of the db. - // Also set mVersionId to one more that that of the old database. - mVersionId = getDbVersion()->getVersionId() + 1; - - // Never make a database with mVersionId 0 since it makes bad things happen to Jaguar and older systems - if (mVersionId == 0) - mVersionId = 1; - - // Remove all old modified tables - for_each_map_delete(mModifiedTableMap.begin(), mModifiedTableMap.end()); - mModifiedTableMap.clear(); - - // Setup the new tables - DbVersion::TableMap::const_iterator anIt = - mDbVersion->mTableMap.begin(); - DbVersion::TableMap::const_iterator anEnd = - mDbVersion->mTableMap.end(); - for (; anIt != anEnd; ++anIt) - { - auto_ptr aTable(new ModifiedTable(anIt->second)); - mModifiedTableMap.insert(ModifiedTableMap::value_type(anIt->first, - aTable.get())); - aTable.release(); - } - } - catch(...) - { - for_each_map_delete(mModifiedTableMap.begin(), mModifiedTableMap.end()); - mModifiedTableMap.clear(); - rollback(); - throw; - } -} - -void -DbModifier::deleteRecord(Table::Id inTableId, const RecordId &inRecordId) -{ - modifyDatabase(); - findTable(inTableId).deleteRecord(inRecordId); -} - -const RecordId -DbModifier::insertRecord(Table::Id inTableId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) -{ - modifyDatabase(); - return findTable(inTableId).insertRecord(mVersionId, inAttributes, inData); -} - -const RecordId -DbModifier::updateRecord(Table::Id inTableId, const RecordId &inRecordId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode) -{ - // @@@ Investigate why update is forcing a commit unlike delete and insert? - commit(); // XXX this is not thread safe, but what is? - modifyDatabase(); - return findTable(inTableId).updateRecord(inRecordId, inAttributes, inData, inModifyMode); -} - -// Create a table associated with a given metarecord, and add the table -// to the database. - -ModifiedTable * -DbModifier::createTable(MetaRecord *inMetaRecord) -{ - auto_ptr aMetaRecord(inMetaRecord); - auto_ptr aModifiedTable(new ModifiedTable(inMetaRecord)); - // Now that aModifiedTable is fully constructed it owns inMetaRecord - aMetaRecord.release(); - - if (!mModifiedTableMap.insert - (ModifiedTableMap::value_type(inMetaRecord->dataRecordType(), - aModifiedTable.get())).second) - { - // XXX Should be CSSMERR_DL_DUPLICATE_RECORDTYPE. Since that - // doesn't exist we report that the metatable's unique index would - // no longer be valid - CssmError::throwMe(CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA); - } - - return aModifiedTable.release(); -} - -void -DbModifier::deleteTable(Table::Id inTableId) -{ - modifyDatabase(); - // Can't delete schema tables. - if (CSSM_DB_RECORDTYPE_SCHEMA_START <= inTableId - && inTableId < CSSM_DB_RECORDTYPE_SCHEMA_END) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - - // Find the ModifiedTable and delete it - ModifiedTableMap::iterator it = mModifiedTableMap.find(inTableId); - if (it == mModifiedTableMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - - delete it->second; - mModifiedTableMap.erase(it); -} - -uint32 -DbModifier::writeAuthSection(uint32 inSectionOffset) -{ - WriteSection anAuthSection; - - // XXX Put real data into the authsection. - uint32 anOffset = anAuthSection.put(0, 0); - anAuthSection.size(anOffset); - - mAtomicTempFile->write(AtomicFile::FromStart, inSectionOffset, - anAuthSection.address(), anAuthSection.size()); - return inSectionOffset + anOffset; -} - -uint32 -DbModifier::writeSchemaSection(uint32 inSectionOffset) -{ - uint32 aTableCount = mModifiedTableMap.size(); - WriteSection aTableSection(CssmAllocator::standard(), - OffsetTables + AtomSize * aTableCount); - // Set aTableSection to the correct size. - aTableSection.size(OffsetTables + AtomSize * aTableCount); - aTableSection.put(OffsetTablesCount, aTableCount); - - uint32 anOffset = inSectionOffset + OffsetTables + AtomSize * aTableCount; - ModifiedTableMap::const_iterator anIt = mModifiedTableMap.begin(); - ModifiedTableMap::const_iterator anEnd = mModifiedTableMap.end(); - for (uint32 aTableNumber = 0; anIt != anEnd; anIt++, aTableNumber++) - { - // Put the offset to the current table relative to the start of - // this section into the tables array - aTableSection.put(OffsetTables + AtomSize * aTableNumber, - anOffset - inSectionOffset); - anOffset = anIt->second->writeTable(*mAtomicTempFile, anOffset); - } - - aTableSection.put(OffsetSchemaSize, anOffset - inSectionOffset); - mAtomicTempFile->write(AtomicFile::FromStart, inSectionOffset, - aTableSection.address(), aTableSection.size()); - - return anOffset; -} - -void -DbModifier::commit() -{ - if (!mAtomicTempFile) - return; - try - { - WriteSection aHeaderSection(CssmAllocator::standard(), size_t(HeaderSize)); - // Set aHeaderSection to the correct size. - aHeaderSection.size(HeaderSize); - - // Start writing sections after the header - uint32 anOffset = HeaderOffset + HeaderSize; - - // Write auth section - aHeaderSection.put(OffsetAuthOffset, anOffset); - anOffset = writeAuthSection(anOffset); - // Write schema section - aHeaderSection.put(OffsetSchemaOffset, anOffset); - anOffset = writeSchemaSection(anOffset); - - // Write out the file header. - aHeaderSection.put(OffsetMagic, HeaderMagic); - aHeaderSection.put(OffsetVersion, HeaderVersion); - mAtomicTempFile->write(AtomicFile::FromStart, HeaderOffset, - aHeaderSection.address(), aHeaderSection.size()); - - // Write out the versionId. - WriteSection aVersionSection(CssmAllocator::standard(), size_t(AtomSize)); - anOffset = aVersionSection.put(0, mVersionId); - aVersionSection.size(anOffset); - - mAtomicTempFile->write(AtomicFile::FromEnd, 0, - aVersionSection.address(), aVersionSection.size()); - - mAtomicTempFile->commit(); - mAtomicTempFile = NULL; - } - catch(...) - { - rollback(); - throw; - } -} - -void -DbModifier::rollback() throw() -{ - // This will destroy the AtomicTempFile if we have one causing it to rollback. - mAtomicTempFile = NULL; -} - -const RecordId -DbModifier::getRecord(Table::Id inTableId, const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA *inoutAttributes, - CssmData *inoutData, CssmAllocator &inAllocator) -{ - // XXX never call commit(), rather search our own record tables. - commit(); // XXX Requires write lock. - return getDbVersion()->getRecord(inTableId, inRecordId, - inoutAttributes, inoutData, inAllocator); -} - -Cursor * -DbModifier::createCursor(const CSSM_QUERY *inQuery) -{ - // XXX Be smarter as to when we must call commit (i.e. don't - // force commit if the table being queried has not been modified). - commit(); // XXX Requires write lock. - return getDbVersion()->createCursor(inQuery); -} - -// Insert schema records for a new table into the metatables of the database. This gets -// called while a database is being created. - -void -DbModifier::insertTableSchema(const CssmDbRecordAttributeInfo &inInfo, - const CSSM_DB_RECORD_INDEX_INFO *inIndexInfo /* = NULL */) -{ - ModifiedTable &aTable = findTable(inInfo.DataRecordType); - const MetaRecord &aMetaRecord = aTable.getMetaRecord(); - - CssmAutoDbRecordAttributeData aRecordBuilder(5); // Set capacity to 5 so we don't need to grow - - // Create the entry for the SchemaRelations table. - aRecordBuilder.add(RelationID, inInfo.recordType()); - aRecordBuilder.add(RelationName, mDb.recordName(inInfo.recordType())); - - // Insert the record into the SchemaRelations ModifiedTable - findTable(mDb.schemaRelations.DataRecordType).insertRecord(mVersionId, - &aRecordBuilder, NULL); - - ModifiedTable &anAttributeTable = findTable(mDb.schemaAttributes.DataRecordType); - for (uint32 anIndex = 0; anIndex < inInfo.size(); anIndex++) - { - // Create an entry for the SchemaAttributes table. - aRecordBuilder.clear(); - aRecordBuilder.add(RelationID, inInfo.recordType()); - aRecordBuilder.add(AttributeNameFormat, inInfo.at(anIndex).nameFormat()); - - uint32 attributeId = aMetaRecord.metaAttribute(inInfo.at(anIndex)).attributeId(); - - switch (inInfo.at(anIndex).nameFormat()) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - aRecordBuilder.add(AttributeName, inInfo.at(anIndex).Label.AttributeName); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - aRecordBuilder.add(AttributeNameID, inInfo.at(anIndex).Label.AttributeOID); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - break; - default: - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - } - - aRecordBuilder.add(AttributeID, attributeId); - aRecordBuilder.add(AttributeFormat, inInfo.at(anIndex).format()); - - // Insert the record into the SchemaAttributes ModifiedTable - anAttributeTable.insertRecord(mVersionId, &aRecordBuilder, NULL); - } - - if (inIndexInfo != NULL) { - - if (inIndexInfo->DataRecordType != inInfo.DataRecordType && - inIndexInfo->NumberOfIndexes > 0) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - - ModifiedTable &indexMetaTable = findTable(mDb.schemaIndexes.DataRecordType); - uint32 aNumberOfIndexes = inIndexInfo->NumberOfIndexes; - - for (uint32 anIndex = 0; anIndex < aNumberOfIndexes; anIndex++) - { - const CssmDbIndexInfo &thisIndex = CssmDbIndexInfo::overlay(inIndexInfo->IndexInfo[anIndex]); - - // make sure the index is supported - if (thisIndex.dataLocation() != CSSM_DB_INDEX_ON_ATTRIBUTE) - CssmError::throwMe(CSSMERR_DL_INVALID_INDEX_INFO); - - // assign an index ID: the unique index is ID 0, all others are ID > 0 - uint32 indexId; - if (thisIndex.IndexType == CSSM_DB_INDEX_UNIQUE) - indexId = 0; - else - indexId = anIndex + 1; - - // figure out the attribute ID - uint32 attributeId = - aMetaRecord.metaAttribute(thisIndex.Info).attributeId(); - - // Create an entry for the SchemaIndexes table. - aRecordBuilder.clear(); - aRecordBuilder.add(RelationID, inInfo.DataRecordType); - aRecordBuilder.add(IndexID, indexId); - aRecordBuilder.add(AttributeID, attributeId); - aRecordBuilder.add(IndexType, thisIndex.IndexType); - aRecordBuilder.add(IndexedDataLocation, thisIndex.IndexedDataLocation); - - // Insert the record into the SchemaIndexes ModifiedTable - indexMetaTable.insertRecord(mVersionId, &aRecordBuilder, NULL); - - // update the table's index objects - DbMutableIndex &index = aTable.findIndex(indexId, aMetaRecord, indexId == 0); - index.appendAttribute(attributeId); - } - } -} - -// Insert a new table. The attribute info is required; the index and parsing module -// descriptions are optional. This version gets called during the creation of a -// database. - -void -DbModifier::insertTable(const CssmDbRecordAttributeInfo &inInfo, - const CSSM_DB_RECORD_INDEX_INFO *inIndexInfo /* = NULL */, - const CSSM_DB_PARSING_MODULE_INFO *inParsingModule /* = NULL */) -{ - modifyDatabase(); - createTable(new MetaRecord(inInfo)); - insertTableSchema(inInfo, inIndexInfo); -} - -// Insert a new table. This is the version that gets called when a table is added -// after a database has been created. - -void -DbModifier::insertTable(Table::Id inTableId, const string &inTableName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *inIndexInfo) -{ - modifyDatabase(); - ModifiedTable *aTable = createTable(new MetaRecord(inTableId, inNumberOfAttributes, inAttributeInfo)); - - CssmAutoDbRecordAttributeData aRecordBuilder(6); // Set capacity to 6 so we don't need to grow - - // Create the entry for the SchemaRelations table. - aRecordBuilder.add(RelationID, inTableId); - aRecordBuilder.add(RelationName, inTableName); - - // Insert the record into the SchemaRelations ModifiedTable - findTable(mDb.schemaRelations.DataRecordType).insertRecord(mVersionId, - &aRecordBuilder, NULL); - - ModifiedTable &anAttributeTable = findTable(mDb.schemaAttributes.DataRecordType); - for (uint32 anIndex = 0; anIndex < inNumberOfAttributes; anIndex++) - { - // Create an entry for the SchemaAttributes table. - aRecordBuilder.clear(); - aRecordBuilder.add(RelationID, inTableId); - // XXX What should this be? We set it to CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER for now - // since the AttributeID is always valid. - aRecordBuilder.add(AttributeNameFormat, uint32(CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER)); - aRecordBuilder.add(AttributeID, inAttributeInfo[anIndex].AttributeId); - if (inAttributeInfo[anIndex].AttributeName) - aRecordBuilder.add(AttributeName, inAttributeInfo[anIndex].AttributeName); - if (inAttributeInfo[anIndex].AttributeNameID.Length > 0) - aRecordBuilder.add(AttributeNameID, inAttributeInfo[anIndex].AttributeNameID); - aRecordBuilder.add(AttributeFormat, inAttributeInfo[anIndex].DataType); - - // Insert the record into the SchemaAttributes ModifiedTable - anAttributeTable.insertRecord(mVersionId, &aRecordBuilder, NULL); - } - - ModifiedTable &anIndexTable = findTable(mDb.schemaIndexes.DataRecordType); - for (uint32 anIndex = 0; anIndex < inNumberOfIndexes; anIndex++) - { - // Create an entry for the SchemaIndexes table. - aRecordBuilder.clear(); - aRecordBuilder.add(RelationID, inTableId); - aRecordBuilder.add(IndexID, inIndexInfo[anIndex].IndexId); - aRecordBuilder.add(AttributeID, inIndexInfo[anIndex].AttributeId); - aRecordBuilder.add(IndexType, inIndexInfo[anIndex].IndexType); - aRecordBuilder.add(IndexedDataLocation, inIndexInfo[anIndex].IndexedDataLocation); - - // Insert the record into the SchemaIndexes ModifiedTable - anIndexTable.insertRecord(mVersionId, &aRecordBuilder, NULL); - - // update the table's index objects - DbMutableIndex &index = aTable->findIndex(inIndexInfo[anIndex].IndexId, - aTable->getMetaRecord(), inIndexInfo[anIndex].IndexType == CSSM_DB_INDEX_UNIQUE); - index.appendAttribute(inIndexInfo[anIndex].AttributeId); - } -} - -ModifiedTable & -DbModifier::findTable(Table::Id inTableId) -{ - ModifiedTableMap::iterator it = mModifiedTableMap.find(inTableId); - if (it == mModifiedTableMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - return *it->second; -} - - -// -// AppleDatabaseManager implementation -// - -AppleDatabaseManager::AppleDatabaseManager(const AppleDatabaseTableName *tableNames) - : DatabaseManager(), - mTableNames(tableNames) -{ - // make sure that a proper set of table ids and names has been provided - - if (!mTableNames) - CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR); - else { - uint32 i; - for (i = 0; mTableNames[i].mTableName; i++) {} - if (i < AppleDatabaseTableName::kNumRequiredTableNames) - CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR); - } -} - -Database * -AppleDatabaseManager::make(const DbName &inDbName) -{ - return new AppleDatabase(inDbName, mTableNames); -} - - -// -// AppleDbContext implementation -// - -/* This is the version 0 CSSM_APPLEDL_OPEN_PARAMETERS struct used up to 10.2.x. */ -extern "C" { - -typedef struct cssm_appledl_open_parameters_v0 -{ - uint32 length; /* Should be sizeof(CSSM_APPLEDL_OPEN_PARAMETERS_V0). */ - uint32 version; /* Should be 0. */ - CSSM_BOOL autoCommit; -} CSSM_APPLEDL_OPEN_PARAMETERS_V0; - -}; - -AppleDbContext::AppleDbContext(Database &inDatabase, - DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters) : - DbContext(inDatabase, inDatabaseSession, inAccessRequest, inAccessCred), - mAutoCommit(true), - mMode(0666) -{ - const CSSM_APPLEDL_OPEN_PARAMETERS *anOpenParameters = - reinterpret_cast(inOpenParameters); - - if (anOpenParameters) - { - switch (anOpenParameters->version) - { - case 1: - if (anOpenParameters->length < sizeof(CSSM_APPLEDL_OPEN_PARAMETERS)) - CssmError::throwMe(CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS); - - if (anOpenParameters->mask & kCSSM_APPLEDL_MASK_MODE) - mMode = anOpenParameters->mode; - /*DROPTHROUGH*/ - case 0: - if (anOpenParameters->length < sizeof(CSSM_APPLEDL_OPEN_PARAMETERS_V0)) - CssmError::throwMe(CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS); - - mAutoCommit = anOpenParameters->autoCommit == CSSM_FALSE ? false : true; - break; - - default: - CssmError::throwMe(CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS); - } - } -} - -AppleDbContext::~AppleDbContext() -{ -} - -// -// AppleDatabase implementation -// -AppleDatabase::AppleDatabase(const DbName &inDbName, const AppleDatabaseTableName *tableNames) : - Database(inDbName), - schemaRelations(tableNames[AppleDatabaseTableName::kSchemaInfo].mTableId, - sizeof(AttrSchemaRelations) / sizeof(CSSM_DB_ATTRIBUTE_INFO), - const_cast(AttrSchemaRelations)), - schemaAttributes(tableNames[AppleDatabaseTableName::kSchemaAttributes].mTableId, - sizeof(AttrSchemaAttributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), - const_cast(AttrSchemaAttributes)), - schemaIndexes(tableNames[AppleDatabaseTableName::kSchemaIndexes].mTableId, - sizeof(AttrSchemaIndexes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), - const_cast(AttrSchemaIndexes)), - schemaParsingModule(tableNames[AppleDatabaseTableName::kSchemaParsingModule].mTableId, - sizeof(AttrSchemaParsingModule) / sizeof(CSSM_DB_ATTRIBUTE_INFO), - const_cast(AttrSchemaParsingModule)), - mAtomicFile(mDbName.dbName()), - mDbModifier(mAtomicFile, *this), - mTableNames(tableNames) -{ -} - -AppleDatabase::~AppleDatabase() -{ -} - -// Return the name of a record type. This uses a table that maps record types -// to record names. The table is provided when the database is created. - -const char *AppleDatabase::recordName(CSSM_DB_RECORDTYPE inRecordType) const -{ - if (inRecordType == CSSM_DL_DB_RECORD_ANY || inRecordType == CSSM_DL_DB_RECORD_ALL_KEYS) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE); - - for (uint32 i = 0; mTableNames[i].mTableName; i++) - if (mTableNames[i].mTableId == inRecordType) - return mTableNames[i].mTableName; - - return ""; -} - -DbContext * -AppleDatabase::makeDbContext(DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters) -{ - return new AppleDbContext(*this, inDatabaseSession, inAccessRequest, - inAccessCred, inOpenParameters); -} - -void -AppleDatabase::dbCreate(DbContext &inDbContext, const CSSM_DBINFO &inDBInfo, - const CSSM_ACL_ENTRY_INPUT *inInitialAclEntry) -{ - AppleDbContext &context = safer_cast(inDbContext); - try - { - StLock _(mWriteLock); - mDbModifier.createDatabase(inDBInfo, inInitialAclEntry, context.mode()); - } - catch(...) - { - mDbModifier.rollback(); - throw; - } - if (context.autoCommit()) - mDbModifier.commit(); -} - -void -AppleDatabase::dbOpen(DbContext &inDbContext) -{ - mDbModifier.openDatabase(); -} - -void -AppleDatabase::dbClose() -{ - StLock _(mWriteLock); - mDbModifier.closeDatabase(); -} - -void -AppleDatabase::dbDelete(DatabaseSession &inDatabaseSession, - const AccessCredentials *inAccessCred) -{ - StLock _(mWriteLock); - // XXX Check callers credentials. - mDbModifier.deleteDatabase(); -} - -void -AppleDatabase::createRelation(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &inIndexInfo) -{ - try - { - StLock _(mWriteLock); - // XXX Fix the refs here. - mDbModifier.insertTable(inRelationID, inRelationName, - inNumberOfAttributes, &inAttributeInfo, - inNumberOfIndexes, &inIndexInfo); - } - catch(...) - { - mDbModifier.rollback(); - throw; - } - if (safer_cast(inDbContext).autoCommit()) - mDbModifier.commit(); -} - -void -AppleDatabase::destroyRelation(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRelationID) -{ - try - { - StLock _(mWriteLock); - mDbModifier.deleteTable(inRelationID); - } - catch(...) - { - mDbModifier.rollback(); - throw; - } - if (safer_cast(inDbContext).autoCommit()) - mDbModifier.commit(); -} - -void -AppleDatabase::authenticate(DbContext &inDbContext, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials &inAccessCred) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -AppleDatabase::getDbAcl(DbContext &inDbContext, - const CSSM_STRING *inSelectionTag, - uint32 &outNumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &outAclInfos) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -AppleDatabase::changeDbAcl(DbContext &inDbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_EDIT &inAclEdit) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -AppleDatabase::getDbOwner(DbContext &inDbContext, - CSSM_ACL_OWNER_PROTOTYPE &outOwner) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -AppleDatabase::changeDbOwner(DbContext &inDbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &inNewOwner) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -char * -AppleDatabase::getDbNameFromHandle(const DbContext &inDbContext) const -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -CSSM_DB_UNIQUE_RECORD_PTR -AppleDatabase::dataInsert(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) -{ - CSSM_DB_UNIQUE_RECORD_PTR anUniqueRecordPtr = NULL; - try - { - StLock _(mWriteLock); - const RecordId aRecordId = - mDbModifier.insertRecord(inRecordType, inAttributes, inData); - - anUniqueRecordPtr = createUniqueRecord(inDbContext, inRecordType, - aRecordId); - if (safer_cast(inDbContext).autoCommit()) - mDbModifier.commit(); - } - catch(...) - { - if (anUniqueRecordPtr != NULL) - freeUniqueRecord(inDbContext, *anUniqueRecordPtr); - - mDbModifier.rollback(); - throw; - } - - return anUniqueRecordPtr; -} - -void -AppleDatabase::dataDelete(DbContext &inDbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - try - { - StLock _(mWriteLock); - Table::Id aTableId; - const RecordId aRecordId(parseUniqueRecord(inUniqueRecord, aTableId)); - mDbModifier.deleteRecord(aTableId, aRecordId); - } - catch(...) - { - mDbModifier.rollback(); - throw; - } - - if (safer_cast(inDbContext).autoCommit()) - mDbModifier.commit(); -} - -void -AppleDatabase::dataModify(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRecordType, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecord, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributesToBeModified, - const CssmData *inDataToBeModified, - CSSM_DB_MODIFY_MODE inModifyMode) -{ - try - { - StLock _(mWriteLock); - Table::Id aTableId; - const RecordId aRecordId = - mDbModifier.updateRecord(aTableId, - parseUniqueRecord(inoutUniqueRecord, aTableId), - inAttributesToBeModified, - inDataToBeModified, - inModifyMode); - updateUniqueRecord(inDbContext, inRecordType, aRecordId, inoutUniqueRecord); - } - catch(...) - { - mDbModifier.rollback(); - throw; - } - - if (safer_cast(inDbContext).autoCommit()) - mDbModifier.commit(); -} - -CSSM_HANDLE -AppleDatabase::dataGetFirst(DbContext &inDbContext, - const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) -{ - // XXX: register Cursor with DbContext and have DbContext call - // dataAbortQuery for all outstanding Query objects on close. - auto_ptr aCursor(mDbModifier.createCursor(inQuery)); - Table::Id aTableId; - RecordId aRecordId; - - if (!aCursor->next(aTableId, inoutAttributes, inoutData, - inDbContext.mDatabaseSession, aRecordId)) - // return a NULL handle, and implicitly delete the cursor - return CSSM_INVALID_HANDLE; - - outUniqueRecord = createUniqueRecord(inDbContext, aTableId, aRecordId); - return aCursor.release()->handle(); // We didn't throw so keep the Cursor around. -} - -bool -AppleDatabase::dataGetNext(DbContext &inDbContext, - CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) -{ - auto_ptr aCursor(&findHandle(inResultsHandle, CSSMERR_DL_INVALID_RESULTS_HANDLE)); - Table::Id aTableId; - RecordId aRecordId; - - if (!aCursor->next(aTableId, inoutAttributes, inoutData, inDbContext.mDatabaseSession, aRecordId)) - return false; - - outUniqueRecord = createUniqueRecord(inDbContext, aTableId, aRecordId); - - aCursor.release(); - return true; -} - -void -AppleDatabase::dataAbortQuery(DbContext &inDbContext, - CSSM_HANDLE inResultsHandle) -{ - delete &findHandle(inResultsHandle, CSSMERR_DL_INVALID_RESULTS_HANDLE); -} - -void -AppleDatabase::dataGetFromUniqueRecordId(DbContext &inDbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData) -{ - Table::Id aTableId; - const RecordId aRecordId(parseUniqueRecord(inUniqueRecord, aTableId)); - // XXX Change CDSA spec to use new RecordId returned by this function - mDbModifier.getRecord(aTableId, aRecordId, inoutAttributes, inoutData, - inDbContext.mDatabaseSession); -} - -void -AppleDatabase::freeUniqueRecord(DbContext &inDbContext, - CSSM_DB_UNIQUE_RECORD &inUniqueRecord) -{ - if (inUniqueRecord.RecordIdentifier.Length != 0 - && inUniqueRecord.RecordIdentifier.Data != NULL) - { - inUniqueRecord.RecordIdentifier.Length = 0; - inDbContext.mDatabaseSession.free(inUniqueRecord.RecordIdentifier.Data); - } - inDbContext.mDatabaseSession.free(&inUniqueRecord); -} - -void -AppleDatabase::updateUniqueRecord(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inTableId, - const RecordId &inRecordId, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecord) -{ - uint32 *aBuffer = reinterpret_cast(inoutUniqueRecord.RecordIdentifier.Data); - aBuffer[0] = inTableId; - aBuffer[1] = inRecordId.mRecordNumber; - aBuffer[2] = inRecordId.mCreateVersion; - aBuffer[3] = inRecordId.mRecordVersion; -} - -CSSM_DB_UNIQUE_RECORD_PTR -AppleDatabase::createUniqueRecord(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inTableId, - const RecordId &inRecordId) -{ - CSSM_DB_UNIQUE_RECORD_PTR aUniqueRecord = - inDbContext.mDatabaseSession.alloc(); - memset(aUniqueRecord, 0, sizeof(*aUniqueRecord)); - aUniqueRecord->RecordIdentifier.Length = sizeof(uint32) * 4; - try - { - aUniqueRecord->RecordIdentifier.Data = - inDbContext.mDatabaseSession.alloc(sizeof(uint32) * 4); - updateUniqueRecord(inDbContext, inTableId, inRecordId, *aUniqueRecord); - } - catch(...) - { - inDbContext.mDatabaseSession.free(aUniqueRecord); - throw; - } - - return aUniqueRecord; -} - -const RecordId -AppleDatabase::parseUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORDTYPE &outTableId) -{ - if (inUniqueRecord.RecordIdentifier.Length != sizeof(uint32) * 4) - CssmError::throwMe(CSSMERR_DL_INVALID_RECORD_UID); - - uint32 *aBuffer = reinterpret_cast(inUniqueRecord.RecordIdentifier.Data); - outTableId = aBuffer[0]; - return RecordId(aBuffer[1], aBuffer[2], aBuffer[3]); -} - -void -AppleDatabase::passThrough(DbContext &dbContext, - uint32 passThroughId, - const void *inputParams, - void **outputParams) -{ - switch (passThroughId) - { - case CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT: - { - CSSM_BOOL on = reinterpret_cast(inputParams); - safer_cast(dbContext).autoCommit(on); - } - break; - - case CSSM_APPLEFILEDL_COMMIT: - mDbModifier.commit(); - break; - - case CSSM_APPLEFILEDL_ROLLBACK: - mDbModifier.rollback(); - break; - - default: - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - break; - } -} diff --git a/cdsa/cdsa_utilities/AppleDatabase.h b/cdsa/cdsa_utilities/AppleDatabase.h deleted file mode 100644 index 1b6d27c1..00000000 --- a/cdsa/cdsa_utilities/AppleDatabase.h +++ /dev/null @@ -1,648 +0,0 @@ -/* - * Copyright (c) 2000-2001, 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AppleDatabase.h - Description t.b.d. -// -#ifndef _H_APPLEDATABASE -#define _H_APPLEDATABASE - -#include "MetaRecord.h" -#include "SelectionPredicate.h" -#include "DbIndex.h" - -#include -#include -#include -#include -#include -#include -#include - -namespace Security -{ - -// Abstract database Cursor class. -class Cursor; -class DbVersion; -class CssmAutoQuery; - -struct AppleDatabaseTableName -{ - uint32 mTableId; - const char *mTableName; - - // indices of meta-table entries in an array of table names - - enum { - kSchemaInfo = 0, - kSchemaAttributes, - kSchemaIndexes, - kSchemaParsingModule, - kNumRequiredTableNames - }; -}; - -// -// This is what the CDSA standard refers to as a Relation. We use -// the more conventional term Table. -// -class Table -{ - NOCOPY(Table) -public: - // Type used to refer to a table. - typedef CSSM_DB_RECORDTYPE Id; - - Table(const ReadSection &inTableSection); - ~Table(); - - // Return a newly created cursor satisfying inQuery on the receiving table - // The returned Cursor may or may not use indexes depending on their availability. - Cursor *createCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion) const; - - const ReadSection getRecordSection(uint32 inRecordNumber) const; - - const RecordId getRecord(const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CssmAllocator &inAllocator) const; - - // Return the number of recordNumbers in use by this table including empty slots. - uint32 recordNumberCount() const { return mRecordNumbersCount; } - uint32 freeListHead() const { return mFreeListHead; } - - // Return the record number corresponding to aFreeListHead and update - // aFreeListHead to point to the next availble recordNumber slot. - uint32 popFreeList(uint32 &aFreeListHead) const; - - MetaRecord &getMetaRecord() { return mMetaRecord; } - const MetaRecord &getMetaRecord() const { return mMetaRecord; } - - uint32 getRecordsCount() const { return mRecordsCount; } - const ReadSection getRecordsSection() const; - - const ReadSection &getTableSection() const { return mTableSection; } - - bool matchesTableId(Id inTableId) const; - - void readIndexSection(); - - enum - { - OffsetSize = AtomSize * 0, - OffsetId = AtomSize * 1, - OffsetRecordsCount = AtomSize * 2, - OffsetRecords = AtomSize * 3, - OffsetIndexesOffset = AtomSize * 4, - OffsetFreeListHead = AtomSize * 5, - OffsetRecordNumbersCount = AtomSize * 6, - OffsetRecordNumbers = AtomSize * 7 - }; -protected: - friend class ModifiedTable; - - MetaRecord mMetaRecord; - const ReadSection mTableSection; - - uint32 mRecordsCount; - uint32 mFreeListHead; - // Number of record numbers (including freelist slots) in this table. - uint32 mRecordNumbersCount; - - // all the table's indexes, mapped by index id - typedef map ConstIndexMap; - ConstIndexMap mIndexMap; -}; - -class ModifiedTable -{ - NOCOPY(ModifiedTable) -public: - ModifiedTable(const Table *inTable); - ModifiedTable(MetaRecord *inMetaRecord); // Take over ownership of inMetaRecord - ~ModifiedTable(); - - // Mark the record with inRecordId as deleted. - void deleteRecord(const RecordId &inRecordId); - const RecordId insertRecord(uint32 inVersionId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData); - const RecordId updateRecord(const RecordId &inRecordId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode); - - // Return the MetaRecord this table should use for writes. - const MetaRecord &getMetaRecord() const; - - // find, and create if needed, an index with the given id - DbMutableIndex &findIndex(uint32 indexId, const MetaRecord &metaRecord, bool isUniqueIndex); - - // Write this table to inOutputFile at inSectionOffset and return the new offset. - uint32 writeTable(AtomicTempFile &inAtomicTempFile, uint32 inSectionOffset); - -private: - // Return the next available record number for this table. - uint32 nextRecordNumber(); - - // Return the number of recordNumbers in use by this table including empty slots. - uint32 recordNumberCount() const; - - void modifyTable(); - void createMutableIndexes(); - uint32 writeIndexSection(WriteSection &tableSection, uint32 offset); - - // Optional, this is merly a reference, we do not own this object. - const Table *mTable; - - // Optional, New MetaRecord. This is only present if it is different from the - // MetaRecord of mTable or mTable is nil. - const MetaRecord *mNewMetaRecord; - - // Set of Records that have been deleted or modified. - typedef set DeletedSet; - DeletedSet mDeletedSet; - - // Set of Records that have been inserted or modified. - typedef map InsertedMap; - InsertedMap mInsertedMap; - - // Next lowest available RecordNumber - uint32 mRecordNumberCount; - // Head of the free list (if there is one) or 0 if either we have no - // mTable of the free list has been exhausted. - uint32 mFreeListHead; - - // has this table actually been modified? - bool mIsModified; - - typedef map MutableIndexMap; - MutableIndexMap mIndexMap; -}; - -// -// Read only snapshot of a database. -// -class Metadata -{ - NOCOPY(Metadata) -protected: - Metadata() {} - enum - { - HeaderOffset = 0, // Absolute offset of header. - OffsetMagic = AtomSize * 0, - OffsetVersion = AtomSize * 1, - OffsetAuthOffset = AtomSize * 2, - OffsetSchemaOffset = AtomSize * 3, - HeaderSize = AtomSize * 4, - - HeaderMagic = FOUR_CHAR_CODE('kych'), - HeaderVersion = 0x00010000 - }; - - enum - { - OffsetSchemaSize = AtomSize * 0, - OffsetTablesCount = AtomSize * 1, - OffsetTables = AtomSize * 2 - }; -}; - -// -// Read only representation of a database -// -class DbVersion : public Metadata, public RefCount -{ - NOCOPY(DbVersion) -public: - DbVersion(const class AppleDatabase &db, const RefPointer &inAtomicBufferedFile); - ~DbVersion(); - - uint32 getVersionId() const { return mVersionId; } - const RecordId getRecord(Table::Id inTableId, const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA *inoutAttributes, - CssmData *inoutData, CssmAllocator &inAllocator) const; - Cursor *createCursor(const CSSM_QUERY *inQuery) const; -protected: - const Table &findTable(Table::Id inTableId) const; - Table &findTable(Table::Id inTableId); - -private: - void open(); // Part of constructor contract. - - ReadSection mDatabase; - uint32 mVersionId; - - friend class DbModifier; // XXX Fixme - typedef map TableMap; - TableMap mTableMap; - const class AppleDatabase &mDb; - RefPointer mBufferedFile; - -public: - typedef Table value_type; - typedef const Table &const_reference; - typedef const Table *const_pointer; - - // A const forward iterator. - class const_iterator - { - public: - const_iterator(const TableMap::const_iterator &it) : mIterator(it) {} - - // Use default copy consturctor and assignment operator. - //const_iterator(const const_iterator &it) : mIterator(it.mIterator) {} - //const_iterator &operator=(const const_iterator &it) { mIterator = it.mIterator; return *this; } - const_reference operator*() const { return *mIterator->second; } - const_iterator &operator++() { mIterator.operator++(); return *this; } - const_iterator operator++(int i) { return const_iterator(mIterator.operator++(i)); } - bool operator!=(const const_iterator &other) const { return mIterator != other.mIterator; } - bool operator==(const const_iterator &other) const { return mIterator == other.mIterator; } - - const_pointer operator->() const { return mIterator->second; } // Not really needed. - - private: - TableMap::const_iterator mIterator; - }; - - const_iterator begin() const { return const_iterator(mTableMap.begin()); } - const_iterator end() const { return const_iterator(mTableMap.end()); } -}; - -// -// Cursor -// -class Cursor : public HandleObject -{ -public: - virtual ~Cursor(); - virtual bool next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR outAttributes, - CssmData *outData, - CssmAllocator &inAllocator, - RecordId &recordId) = 0; -}; - -// -// LinearCursor -// -class LinearCursor : public Cursor -{ - NOCOPY(LinearCursor) -public: - LinearCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion, - const Table &inTable); - virtual ~LinearCursor(); - virtual bool next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR outAttributes, - CssmData *outData, - CssmAllocator &inAllocator, - RecordId &recordId); - -private: - const RefPointer mDbVersion; - uint32 mRecordsCount; - uint32 mRecord; - const ReadSection mRecordsSection; - uint32 mReadOffset; - const MetaRecord &mMetaRecord; - - CSSM_DB_CONJUNCTIVE mConjunctive; - CSSM_QUERY_FLAGS mQueryFlags; // If CSSM_QUERY_RETURN_DATA is set return the raw key bits; - typedef vector PredicateVector; - - PredicateVector mPredicates; -}; - -// -// A cursor that uses an index. -// - -class IndexCursor : public Cursor -{ - NOCOPY(IndexCursor) -public: - IndexCursor(DbQueryKey *queryKey, const DbVersion &inDbVersion, - const Table &table, const DbConstIndex *index); - virtual ~IndexCursor(); - - virtual bool next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR outAttributes, - CssmData *outData, - CssmAllocator &inAllocator, - RecordId &recordId); - -private: - auto_ptr mQueryKey; - const DbVersion &mDbVersion; - const Table &mTable; - const DbConstIndex *mIndex; - - DbIndexIterator mBegin, mEnd; -}; - -// -// MultiCursor -// -class MultiCursor : public Cursor -{ - NOCOPY(MultiCursor) -public: - MultiCursor(const CSSM_QUERY *inQuery, const DbVersion &inDbVersion); - virtual ~MultiCursor(); - virtual bool next(Table::Id &outTableId, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR outAttributes, - CssmData *outData, - CssmAllocator &inAllocator, - RecordId &recordId); -private: - const RefPointer mDbVersion; - auto_ptr mQuery; - - DbVersion::const_iterator mTableIterator; - auto_ptr mCursor; -}; - -// -// A DbModifier contains all pending changes to be made to a DB. -// It also contains a DbVersion representing the state of the Database before any such changes -// No read-style operations are supported by DbModifier. If a DbModifier exists for a -// particular Database and a client wishes to perform a query commit() must be called and -// the client should perform the new query on the current database version after the commit. -// Otherwise a client will not see changes made since the DbModifier was instanciated. -// -class DbModifier : public Metadata -{ - NOCOPY(DbModifier) -public: - DbModifier(AtomicFile &inAtomicFile, const class AppleDatabase &db); - ~DbModifier(); - - // Whole database affecting members. - void createDatabase(const CSSM_DBINFO &inDbInfo, - const CSSM_ACL_ENTRY_INPUT *inInitialAclEntry, - mode_t mode); - void openDatabase(); // This is optional right now. - void closeDatabase(); - void deleteDatabase(); - - void commit(); - void rollback() throw(); - - // Record changing members - void deleteRecord(Table::Id inTableId, const RecordId &inRecordId); - const RecordId insertRecord(Table::Id inTableId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData); - const RecordId updateRecord(Table::Id inTableId, const RecordId &inRecordId, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode); - - // Schema changing members - void insertTable(Table::Id inTableId, const string &inTableName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO *inIndexInfo); - void deleteTable(Table::Id inTableId); - - // Record reading members - const RecordId getRecord(Table::Id inTableId, const RecordId &inRecordId, - CSSM_DB_RECORD_ATTRIBUTE_DATA *inoutAttributes, - CssmData *inoutData, CssmAllocator &inAllocator); - Cursor *createCursor(const CSSM_QUERY *inQuery); -protected: - void modifyDatabase(); - const RefPointer getDbVersion(); - - ModifiedTable *createTable(MetaRecord *inMetaRecord); // Takes over ownership of inMetaRecord - - void insertTableSchema(const CssmDbRecordAttributeInfo &inInfo, - const CSSM_DB_RECORD_INDEX_INFO *inIndexInfo = NULL); - - void insertTable(const CssmDbRecordAttributeInfo &inInfo, - const CSSM_DB_RECORD_INDEX_INFO * inIndexInfo = NULL, - const CSSM_DB_PARSING_MODULE_INFO * inParsingModule = NULL); - - ModifiedTable &findTable(Table::Id inTableId); - - uint32 writeAuthSection(uint32 inSectionOffset); - uint32 writeSchemaSection(uint32 inSectionOffset); - -private: - - // Current DbVersion of this database before any changes we are going to make. - RefPointer mDbVersion; - Mutex mDbVersionLock; - - AtomicFile &mAtomicFile; - uint32 mVersionId; - RefPointer mAtomicTempFile; - - typedef map ModifiedTableMap; - ModifiedTableMap mModifiedTableMap; - - const class AppleDatabase &mDb; -}; - -// -// AppleDatabaseManager -// -class AppleDatabaseManager : public DatabaseManager -{ -public: - AppleDatabaseManager(const AppleDatabaseTableName *tableNames); - Database *make(const DbName &inDbName); - -protected: - const AppleDatabaseTableName *mTableNames; -}; - -// -// AppleDbContext -// -class AppleDbContext : public DbContext -{ -public: - AppleDbContext(Database &inDatabase, - DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters); - virtual ~AppleDbContext(); - bool autoCommit() const { return mAutoCommit; } - void autoCommit(bool on) { mAutoCommit = on; } - mode_t mode() const { return mMode; } - -private: - bool mAutoCommit; - mode_t mMode; -}; - -// -// AppleDatabase -// -class AppleDatabase : public Database -{ -public: - AppleDatabase(const DbName &inDbName, const AppleDatabaseTableName *tableNames); - virtual ~AppleDatabase(); - - virtual void - dbCreate(DbContext &inDbContext, const CSSM_DBINFO &inDBInfo, - const CSSM_ACL_ENTRY_INPUT *inInitialAclEntry); - - virtual void - dbOpen(DbContext &inDbContext); - - virtual void - dbClose(); - - virtual void - dbDelete(DatabaseSession &inDatabaseSession, - const AccessCredentials *inAccessCred); - - virtual void - createRelation(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &inIndexInfo); - - virtual void - destroyRelation(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRelationID); - - virtual void - authenticate(DbContext &inDbContext, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials &inAccessCred); - - virtual void - getDbAcl(DbContext &inDbContext, - const CSSM_STRING *inSelectionTag, - uint32 &outNumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &outAclInfos); - - virtual void - changeDbAcl(DbContext &inDbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_EDIT &inAclEdit); - - virtual void - getDbOwner(DbContext &inDbContext, CSSM_ACL_OWNER_PROTOTYPE &outOwner); - - virtual void - changeDbOwner(DbContext &inDbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &inNewOwner); - - virtual char * - getDbNameFromHandle(const DbContext &inDbContext) const; - - virtual CSSM_DB_UNIQUE_RECORD_PTR - dataInsert(DbContext &inDbContext, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData); - - virtual void - dataDelete(DbContext &inDbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier); - - virtual void - dataModify(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inRecordType, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributesToBeModified, - const CssmData *inDataToBeModified, - CSSM_DB_MODIFY_MODE inModifyMode); - - virtual CSSM_HANDLE - dataGetFirst(DbContext &inDbContext, - const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord); - - virtual bool - dataGetNext(DbContext &inDbContext, - CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord); - - virtual void - dataAbortQuery(DbContext &inDbContext, - CSSM_HANDLE inResultsHandle); - - virtual void - dataGetFromUniqueRecordId(DbContext &inDbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData); - - virtual void - freeUniqueRecord(DbContext &inDbContext, - CSSM_DB_UNIQUE_RECORD &inUniqueRecord); - - virtual void passThrough(DbContext &dbContext, - uint32 passThroughId, - const void *inputParams, - void **outputParams); - - // Subclasses must implement this method. - virtual DbContext *makeDbContext(DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters); - - const CssmDbRecordAttributeInfo schemaRelations; - const CssmDbRecordAttributeInfo schemaAttributes; - const CssmDbRecordAttributeInfo schemaIndexes; - const CssmDbRecordAttributeInfo schemaParsingModule; - - const char *recordName(CSSM_DB_RECORDTYPE inRecordType) const; - -private: - static void - AppleDatabase::updateUniqueRecord(DbContext &inDbContext, - CSSM_DB_RECORDTYPE inTableId, - const RecordId &inRecordId, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecord); - - CSSM_DB_UNIQUE_RECORD_PTR - createUniqueRecord(DbContext &inDbContext, CSSM_DB_RECORDTYPE inTableId, - const RecordId &inRecordId); - const RecordId parseUniqueRecord(const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORDTYPE &outTableId); - - Mutex mWriteLock; - AtomicFile mAtomicFile; - DbModifier mDbModifier; - const AppleDatabaseTableName *mTableNames; -}; - -} // end namespace Security - -#endif //_H_APPLEDATABASE diff --git a/cdsa/cdsa_utilities/AtomicFile.cpp b/cdsa/cdsa_utilities/AtomicFile.cpp deleted file mode 100644 index bbde5634..00000000 --- a/cdsa/cdsa_utilities/AtomicFile.cpp +++ /dev/null @@ -1,884 +0,0 @@ -/* - * Copyright (c) 2000-2001, 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include - - -#define kAtomicFileMaxBlockSize INT_MAX - - -// -// AtomicFile.cpp - Description t.b.d. -// -AtomicFile::AtomicFile(const std::string &inPath) : - mPath(inPath) -{ - pathSplit(inPath, mDir, mFile); -} - -AtomicFile::~AtomicFile() -{ -} - -// Aquire the write lock and remove the file. -void -AtomicFile::performDelete() -{ - AtomicLockedFile lock(*this); - if (::unlink(mPath.c_str()) != 0) - { - int error = errno; - secdebug("atomicfile", "unlink %s: %s", mPath.c_str(), strerror(error)); - if (error == ENOENT) - CssmError::throwMe(CSSMERR_DL_DATASTORE_DOESNOT_EXIST); - else - UnixError::throwMe(error); - } -} - -// Aquire the write lock and rename the file (and bump the version and stuff). -void -AtomicFile::rename(const std::string &inNewPath) -{ - const char *path = mPath.c_str(); - const char *newPath = inNewPath.c_str(); - - // @@@ lock the destination file too. - AtomicLockedFile lock(*this); - if (::rename(path, newPath) != 0) - { - int error = errno; - secdebug("atomicfile", "rename(%s, %s): %s", path, newPath, strerror(error)); - UnixError::throwMe(error); - } -} - -// Lock the file for writing and return a newly created AtomicTempFile. -RefPointer -AtomicFile::create(mode_t mode) -{ - const char *path = mPath.c_str(); - - // First make sure the directory to this file exists and is writable - mkpath(mDir); - - RefPointer lock(new AtomicLockedFile(*this)); - int fileRef = ropen(path, O_WRONLY|O_CREAT|O_EXCL, mode); - if (fileRef == -1) - { - int error = errno; - secdebug("atomicfile", "open %s: %s", path, strerror(error)); - - // Do the obvious error code translations here. - // @@@ Consider moving these up a level. - if (error == EACCES) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); - else if (error == EEXIST) - CssmError::throwMe(CSSMERR_DL_DATASTORE_ALREADY_EXISTS); - else - UnixError::throwMe(error); - } - rclose(fileRef); - - try - { - // Now that we have created the lock and the new db file create a tempfile - // object. - RefPointer temp(new AtomicTempFile(*this, lock, mode)); - secdebug("atomicfile", "%p created %s", this, path); - return temp; - } - catch (...) - { - // Creating the temp file failed so remove the db file we just created too. - if (::unlink(path) == -1) - { - secdebug("atomicfile", "unlink %s: %s", path, strerror(errno)); - } - throw; - } -} - -// Lock the database file for writing and return a newly created AtomicTempFile. -RefPointer -AtomicFile::write() -{ - RefPointer lock(new AtomicLockedFile(*this)); - return new AtomicTempFile(*this, lock); -} - -// Return a bufferedFile containing current version of the file for reading. -RefPointer -AtomicFile::read() -{ - return new AtomicBufferedFile(mPath); -} - -mode_t -AtomicFile::mode() const -{ - const char *path = mPath.c_str(); - struct stat st; - if (::stat(path, &st) == -1) - { - int error = errno; - secdebug("atomicfile", "stat %s: %s", path, strerror(error)); - UnixError::throwMe(error); - } - return st.st_mode; -} - -// Split full into a dir and file component. -void -AtomicFile::pathSplit(const std::string &inFull, std::string &outDir, std::string &outFile) -{ - std::string::size_type slash, len = inFull.size(); - slash = inFull.rfind('/'); - if (slash == std::string::npos) - { - outDir = ""; - outFile = inFull; - } - else if (slash + 1 == len) - { - outDir = inFull; - outFile = ""; - } - else - { - outDir = inFull.substr(0, slash + 1); - outFile = inFull.substr(slash + 1, len); - } -} - -// -// Make sure the directory up to inDir exists inDir *must* end in a slash. -// -void -AtomicFile::mkpath(const std::string &inDir, mode_t mode) -{ - for (std::string::size_type pos = 0; (pos = inDir.find('/', pos + 1)) != std::string::npos;) - { - std::string path = inDir.substr(0, pos); - const char *cpath = path.c_str(); - struct stat sb; - if (::stat(cpath, &sb)) - { - if (errno != ENOENT || ::mkdir(cpath, mode)) - UnixError::throwMe(errno); - } - else if (!S_ISDIR(sb.st_mode)) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); // @@@ Should be is a directory - } -} - -int -AtomicFile::ropen(const char *const name, int flags, mode_t mode) -{ - int fd, tries_left = 4 /* kNoResRetry */; - do - { - fd = ::open(name, flags, mode); - } while (fd < 0 && (errno == EINTR || errno == ENFILE && --tries_left >= 0)); - - return fd; -} - -int -AtomicFile::rclose(int fd) -{ - int result; - do - { - result = ::close(fd); - } while(result && errno == EINTR); - - return result; -} - -// -// AtomicBufferedFile - This represents an instance of a file opened for reading. -// The file is read into memory and closed after this is done. -// The memory is released when this object is destroyed. -// -AtomicBufferedFile::AtomicBufferedFile(const std::string &inPath) : - mPath(inPath), - mFileRef(-1), - mBuffer(NULL), - mLength(0) -{ -} - -AtomicBufferedFile::~AtomicBufferedFile() -{ - if (mFileRef >= 0) - { - AtomicFile::rclose(mFileRef); - secdebug("atomicfile", "%p closed %s", this, mPath.c_str()); - } - - if (mBuffer) - { - secdebug("atomicfile", "%p free %s buffer %p", this, mPath.c_str(), mBuffer); - free(mBuffer); - } -} - -// -// Open the file and return the length in bytes. -// -off_t -AtomicBufferedFile::open() -{ - const char *path = mPath.c_str(); - if (mFileRef >= 0) - { - secdebug("atomicfile", "open %s: already open, closing and reopening", path); - close(); - } - - mFileRef = AtomicFile::ropen(path, O_RDONLY, 0); - if (mFileRef == -1) - { - int error = errno; - secdebug("atomicfile", "open %s: %s", path, strerror(error)); - - // Do the obvious error code translations here. - // @@@ Consider moving these up a level. - if (error == ENOENT) - CssmError::throwMe(CSSMERR_DL_DATASTORE_DOESNOT_EXIST); - else if (error == EACCES) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); - else - UnixError::throwMe(error); - } - - mLength = ::lseek(mFileRef, 0, SEEK_END); - if (mLength == -1) - { - int error = errno; - secdebug("atomicfile", "lseek(%s, END): %s", path, strerror(error)); - AtomicFile::rclose(mFileRef); - UnixError::throwMe(error); - } - - secdebug("atomicfile", "%p opened %s: %qd bytes", this, path, mLength); - - return mLength; -} - -// -// Read the file starting at inOffset for inLength bytes into the buffer and return -// a pointer to it. On return outLength contain the actual number of bytes read, it -// will only ever be less than inLength if EOF was reached, and it will never be more -// than inLength. -// -const uint8 * -AtomicBufferedFile::read(off_t inOffset, off_t inLength, off_t &outLength) -{ - if (mFileRef < 0) - { - secdebug("atomicfile", "read %s: file yet not opened, opening", mPath.c_str()); - open(); - } - - off_t bytesLeft = inLength; - uint8 *ptr; - if (mBuffer) - { - secdebug("atomicfile", "%p free %s buffer %p", this, mPath.c_str(), mBuffer); - free(mBuffer); - } - - mBuffer = ptr = reinterpret_cast(malloc(bytesLeft)); - secdebug("atomicfile", "%p allocated %s buffer %p size %qd", this, mPath.c_str(), mBuffer, bytesLeft); - off_t pos = inOffset; - while (bytesLeft) - { - size_t toRead = bytesLeft > kAtomicFileMaxBlockSize ? kAtomicFileMaxBlockSize : size_t(bytesLeft); - ssize_t bytesRead = ::pread(mFileRef, ptr, toRead, pos); - if (bytesRead == -1) - { - int error = errno; - if (error == EINTR) - { - // We got interrupted by a signal, so try again. - secdebug("atomicfile", "pread %s: interrupted, retrying", mPath.c_str()); - continue; - } - - secdebug("atomicfile", "pread %s: %s", mPath.c_str(), strerror(error)); - free(mBuffer); - mBuffer = NULL; - UnixError::throwMe(error); - } - - // Read returning 0 means EOF was reached so we're done. - if (bytesRead == 0) - break; - - secdebug("atomicfile", "%p read %s: %d bytes to %p", this, mPath.c_str(), bytesRead, ptr); - - bytesLeft -= bytesRead; - ptr += bytesRead; - pos += bytesRead; - } - - // Compute length - outLength = ptr - mBuffer; - - return mBuffer; -} - -void -AtomicBufferedFile::close() -{ - if (mFileRef < 0) - { - secdebug("atomicfile", "close %s: already closed", mPath.c_str()); - } - else - { - int result = AtomicFile::rclose(mFileRef); - mFileRef = -1; - if (result == -1) - { - int error = errno; - secdebug("atomicfile", "close %s: %s", mPath.c_str(), strerror(errno)); - UnixError::throwMe(error); - } - - secdebug("atomicfile", "%p closed %s", this, mPath.c_str()); - } -} - - -// -// AtomicTempFile - A temporary file to write changes to. -// -AtomicTempFile::AtomicTempFile(AtomicFile &inFile, const RefPointer &inLockedFile, mode_t mode) : - mFile(inFile), - mLockedFile(inLockedFile), - mCreating(true) -{ - create(mode); -} - -AtomicTempFile::AtomicTempFile(AtomicFile &inFile, const RefPointer &inLockedFile) : - mFile(inFile), - mLockedFile(inLockedFile), - mCreating(false) -{ - create(mFile.mode()); -} - -AtomicTempFile::~AtomicTempFile() -{ - // rollback if we didn't commit yet. - if (mFileRef >= 0) - rollback(); -} - -// -// Open the file and return the length in bytes. -// -void -AtomicTempFile::create(mode_t mode) -{ - mPath = mFile.dir() + "," + mFile.file(); - const char *path = mPath.c_str(); - - mFileRef = AtomicFile::ropen(path, O_WRONLY|O_CREAT|O_TRUNC, mode); - if (mFileRef == -1) - { - int error = errno; - secdebug("atomicfile", "open %s: %s", path, strerror(error)); - - // Do the obvious error code translations here. - // @@@ Consider moving these up a level. - if (error == EACCES) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); - else - UnixError::throwMe(error); - } - - secdebug("atomicfile", "%p created %s", this, path); -} - -void -AtomicTempFile::write(AtomicFile::OffsetType inOffsetType, off_t inOffset, const uint32 inData) -{ - uint32 aData = htonl(inData); - write(inOffsetType, inOffset, reinterpret_cast(&aData), sizeof(aData)); -} - -void -AtomicTempFile::write(AtomicFile::OffsetType inOffsetType, off_t inOffset, - const uint32 *inData, uint32 inCount) -{ -#ifdef HOST_LONG_IS_NETWORK_LONG - // Optimize this for the case where hl == nl - const uint32 *aBuffer = inData; -#else - auto_array aBuffer(inCount); - for (uint32 i = 0; i < inCount; i++) - aBuffer.get()[i] = htonl(inData[i]); -#endif - - write(inOffsetType, inOffset, reinterpret_cast(aBuffer.get()), - inCount * sizeof(*inData)); -} - -void -AtomicTempFile::write(AtomicFile::OffsetType inOffsetType, off_t inOffset, const uint8 *inData, size_t inLength) -{ - off_t pos; - if (inOffsetType == AtomicFile::FromEnd) - { - pos = ::lseek(mFileRef, 0, SEEK_END); - if (pos == -1) - { - int error = errno; - secdebug("atomicfile", "lseek(%s, %qd): %s", mPath.c_str(), inOffset, strerror(error)); - UnixError::throwMe(error); - } - } - else if (inOffsetType == AtomicFile::FromStart) - pos = inOffset; - else - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - - off_t bytesLeft = inLength; - const uint8 *ptr = inData; - while (bytesLeft) - { - size_t toWrite = bytesLeft > kAtomicFileMaxBlockSize ? kAtomicFileMaxBlockSize : size_t(bytesLeft); - ssize_t bytesWritten = ::pwrite(mFileRef, ptr, toWrite, pos); - if (bytesWritten == -1) - { - int error = errno; - if (error == EINTR) - { - // We got interrupted by a signal, so try again. - secdebug("atomicfile", "write %s: interrupted, retrying", mPath.c_str()); - continue; - } - - secdebug("atomicfile", "write %s: %s", mPath.c_str(), strerror(error)); - UnixError::throwMe(error); - } - - // Write returning 0 is bad mmkay. - if (bytesWritten == 0) - { - secdebug("atomicfile", "write %s: 0 bytes written", mPath.c_str()); - CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR); - } - - secdebug("atomicfile", "%p wrote %s %d bytes from %p", this, mPath.c_str(), bytesWritten, ptr); - - bytesLeft -= bytesWritten; - ptr += bytesWritten; - pos += bytesWritten; - } -} - -void -AtomicTempFile::fsync() -{ - if (mFileRef < 0) - { - secdebug("atomicfile", "fsync %s: already closed", mPath.c_str()); - } - else - { - int result; - do - { - result = ::fsync(mFileRef); - } while (result && errno == EINTR); - - if (result == -1) - { - int error = errno; - secdebug("atomicfile", "fsync %s: %s", mPath.c_str(), strerror(errno)); - UnixError::throwMe(error); - } - - secdebug("atomicfile", "%p fsynced %s", this, mPath.c_str()); - } -} - -void -AtomicTempFile::close() -{ - if (mFileRef < 0) - { - secdebug("atomicfile", "close %s: already closed", mPath.c_str()); - } - else - { - int result = AtomicFile::rclose(mFileRef); - mFileRef = -1; - if (result == -1) - { - int error = errno; - secdebug("atomicfile", "close %s: %s", mPath.c_str(), strerror(errno)); - UnixError::throwMe(error); - } - - secdebug("atomicfile", "%p closed %s", this, mPath.c_str()); - } -} - -// Commit the current create or write and close the write file. Note that a throw during the commit does an automatic rollback. -void -AtomicTempFile::commit() -{ - try - { - fsync(); - close(); - const char *oldPath = mPath.c_str(); - const char *newPath = mFile.path().c_str(); - if (::rename(oldPath, newPath) == -1) - { - int error = errno; - secdebug("atomicfile", "rename (%s, %s): %s", oldPath, newPath, strerror(errno)); - UnixError::throwMe(error); - } - - // Unlock the lockfile - mLockedFile = NULL; - - secdebug("atomicfile", "%p commited %s", this, oldPath); - } - catch (...) - { - rollback(); - throw; - } -} - -// Rollback the current create or write (happens automatically if commit() isn't called before the destructor is. -void -AtomicTempFile::rollback() throw() -{ - if (mFileRef >= 0) - { - AtomicFile::rclose(mFileRef); - mFileRef = -1; - } - - // @@@ Log errors if this fails. - const char *path = mPath.c_str(); - if (::unlink(path) == -1) - { - secdebug("atomicfile", "unlink %s: %s", path, strerror(errno)); - // rollback can't throw - } - - // @@@ Think about this. Depending on how we do locking we might not need this. - if (mCreating) - { - const char *path = mFile.path().c_str(); - if (::unlink(path) == -1) - { - secdebug("atomicfile", "unlink %s: %s", path, strerror(errno)); - // rollback can't throw - } - } -} - - -// -// An advisory write lock for inFile. -// -AtomicLockedFile::AtomicLockedFile(AtomicFile &inFile) : - mDir(inFile.dir()), - mPath(inFile.dir() + "lck~" + inFile.file()) -{ - lock(); -} - -AtomicLockedFile::~AtomicLockedFile() -{ - unlock(); -} - -std::string -AtomicLockedFile::unique(mode_t mode) -{ - static const int randomPart = 16; - DevRandomGenerator randomGen; - std::string::size_type dirSize = mDir.size(); - std::string fullname(dirSize + randomPart + 2, '\0'); - fullname.replace(0, dirSize, mDir); - fullname[dirSize] = '~'; /* UNIQ_PREFIX */ - char buf[randomPart]; - struct stat filebuf; - int result, fd = -1; - - for (int retries = 0; retries < 10; ++retries) - { - /* Make a random filename. */ - randomGen.random(buf, randomPart); - for (int ix = 0; ix < randomPart; ++ix) - { - char ch = buf[ix] & 0x3f; - fullname[ix + dirSize + 1] = ch + - ( ch < 26 ? 'A' - : ch < 26 + 26 ? 'a' - 26 - : ch < 26 + 26 + 10 ? '0' - 26 - 26 - : ch == 26 + 26 + 10 ? '-' - 26 - 26 - 10 - : '_' - 26 - 26 - 11); - } - - result = lstat(fullname.c_str(), &filebuf); - if (result && errno == ENAMETOOLONG) - { - do - fullname.erase(fullname.end() - 1); - while((result = lstat(fullname.c_str(), &filebuf)) && errno == ENAMETOOLONG && fullname.size() > dirSize + 8); - } /* either it stopped being a problem or we ran out of filename */ - - if (result && errno == ENOENT) - { - fd = AtomicFile::ropen(fullname.c_str(), O_WRONLY|O_CREAT|O_EXCL, mode); - if (fd >= 0 || errno != EEXIST) - break; - } - } - - if (fd < 0) - { - int error = errno; - ::syslog(LOG_ERR, "Couldn't create temp file %s: %s", fullname.c_str(), strerror(error)); - secdebug("atomicfile", "Couldn't create temp file %s: %s", fullname.c_str(), strerror(error)); - UnixError::throwMe(error); - } - - /* @@@ Check for EINTR. */ - write(fd, "0", 1); /* pid 0, `works' across networks */ - - AtomicFile::rclose(fd); - - return fullname; -} - -/* Return 0 on success and 1 on failure if st is set to the result of stat(old) and -1 on failure if the stat(old) failed. */ -int -AtomicLockedFile::rlink(const char *const old, const char *const newn, struct stat &sto) -{ - int result = ::link(old,newn); - if (result) - { - int serrno = errno; - if (::lstat(old, &sto) == 0) - { - struct stat stn; - if (::lstat(newn, &stn) == 0 - && sto.st_dev == stn.st_dev - && sto.st_ino == stn.st_ino - && sto.st_uid == stn.st_uid - && sto.st_gid == stn.st_gid - && !S_ISLNK(sto.st_mode)) - { - /* Link failed but files are the same so the link really went ok. */ - return 0; - } - else - result = 1; - } - errno = serrno; /* Restore errno from link() */ - } - - return result; -} - -/* NFS-resistant rename() - * rename with fallback for systems that don't support it - * Note that this does not preserve the contents of the file. */ -int -AtomicLockedFile::myrename(const char *const old, const char *const newn) -{ - struct stat stbuf; - int fd = -1; - int ret; - - /* Try a real hardlink */ - ret = rlink(old, newn, stbuf); - if (ret > 0) - { - if (stbuf.st_nlink < 2 && (errno == EXDEV || errno == ENOTSUP)) - { - /* Hard link failed so just create a new file with O_EXCL instead. */ - fd = AtomicFile::ropen(newn, O_WRONLY|O_CREAT|O_EXCL, stbuf.st_mode); - if (fd >= 0) - ret = 0; - } - } - - /* We want the errno from the link or the ropen, not that of the unlink. */ - int serrno = errno; - - /* Unlink the temp file. */ - ::unlink(old); - if (fd > 0) - AtomicFile::rclose(fd); - - errno = serrno; - return ret; -} - -int -AtomicLockedFile::xcreat(const char *const name, mode_t mode, time_t &tim) -{ - std::string uniqueName = unique(mode); - const char *uniquePath = uniqueName.c_str(); - struct stat stbuf; /* return the filesystem time to the caller */ - stat(uniquePath, &stbuf); - tim = stbuf.st_mtime; - return myrename(uniquePath, name); -} - -void -AtomicLockedFile::lock(mode_t mode) -{ - const char *path = mPath.c_str(); - bool triedforce = false; - struct stat stbuf; - time_t t, locktimeout = 1024; /* DEFlocktimeout, 17 minutes. */ - bool doSyslog = false; - bool failed = false; - int retries = 0; - - while (!failed) - { - /* Don't syslog first time through. */ - if (doSyslog) - ::syslog(LOG_NOTICE, "Locking %s", path); - else - doSyslog = true; - - secdebug("atomicfile", "Locking %s", path); /* in order to cater for clock skew: get */ - if (!xcreat(path, mode, t)) /* time t from the filesystem */ - { - /* lock acquired, hurray! */ - break; - } - switch(errno) - { - case EEXIST: /* check if it's time for a lock override */ - if (!lstat(path, &stbuf) && stbuf.st_size <= 16 /* MAX_locksize */ && locktimeout - && !lstat(path, &stbuf) && locktimeout < t - stbuf.st_mtime) - /* stat() till unlink() should be atomic, but can't guarantee that. */ - { - if (triedforce) - { - /* Already tried, force lock override, not trying again */ - failed = true; - break; - } - else if (S_ISDIR(stbuf.st_mode) || ::unlink(path)) - { - triedforce=true; - ::syslog(LOG_ERR, "Forced unlock denied on %s", path); - secdebug("atomicfile", "Forced unlock denied on %s", path); - } - else - { - ::syslog(LOG_ERR, "Forcing lock on %s", path); - secdebug("atomicfile", "Forcing lock on %s", path); - sleep(16 /* DEFsuspend */); - break; - } - } - else - triedforce = false; /* legitimate iteration, clear flag */ - - /* Reset retry counter. */ - retries = 0; - sleep(8 /* DEFlocksleep */); - break; - - case ENOSPC: /* no space left, treat it as a transient */ -#ifdef EDQUOT /* NFS failure */ - case EDQUOT: /* maybe it was a short term shortage? */ -#endif - case ENOENT: - case ENOTDIR: - case EIO: - /*case EACCES:*/ - if(++retries < (7 + 1)) /* nfsTRY number of times+1 to ignore spurious NFS errors */ - sleep(8 /* DEFlocksleep */); - else - failed = true; - break; - -#ifdef ENAMETOOLONG - case ENAMETOOLONG: /* Filename is too long, shorten and retry */ - if (mPath.size() > mDir.size() + 8) - { - secdebug("atomicfile", "Truncating %s and retrying lock", path); - mPath.erase(mPath.end() - 1); - path = mPath.c_str(); - /* Reset retry counter. */ - retries = 0; - break; - } - /* DROPTHROUGH */ -#endif - default: - failed = true; - break; - } - } - - if (failed) - { - int error = errno; - ::syslog(LOG_ERR, "Lock failure on %s: %s", path, strerror(error)); - secdebug("atomicfile", "Lock failure on %s: %s", path, strerror(error)); - UnixError::throwMe(error); - } -} - -void -AtomicLockedFile::unlock() throw() -{ - const char *path = mPath.c_str(); - if (::unlink(path) == -1) - { - secdebug("atomicfile", "unlink %s: %s", path, strerror(errno)); - // unlock can't throw - } -} - - -#undef kAtomicFileMaxBlockSize diff --git a/cdsa/cdsa_utilities/AtomicFile.h b/cdsa/cdsa_utilities/AtomicFile.h deleted file mode 100644 index 6fc66e0c..00000000 --- a/cdsa/cdsa_utilities/AtomicFile.h +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2000-2001, 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// AtomicFile.h - Description t.b.d. -// -#ifndef _SECURITY_ATOMICFILE_H_ -#define _SECURITY_ATOMICFILE_H_ 1 - -#include -#include -#include - -namespace Security -{ - -class AtomicBufferedFile; -class AtomicLockedFile; -class AtomicTempFile; - -class AtomicFile -{ -public: - AtomicFile(const std::string &inPath); - ~AtomicFile(); - - // Aquire the write lock and remove the file. - void performDelete(); - - // Aquire the write lock and rename the file. - void rename(const std::string &inNewPath); - - // Lock the file for writing and return a newly created AtomicTempFile. - RefPointer create(mode_t mode); - - // Lock the file for writing and return a newly created AtomicTempFile. - RefPointer write(); - - // Return a bufferedFile containing current version of the file for reading. - RefPointer read(); - - string path() const { return mPath; } - string dir() const { return mDir; } - string file() const { return mFile; } - - mode_t mode() const; - - enum OffsetType - { - FromStart, - FromEnd // only works with offset of 0 - }; - - static void pathSplit(const std::string &inFull, std::string &outDir, std::string &outFile); - static void mkpath(const std::string &inDir, mode_t mode = 0777); - static int ropen(const char *const name, int flags, mode_t mode); - static int rclose(int fd); - -private: - string mPath; - string mDir; - string mFile; -}; - - -// -// AtomicBufferedFile - This represents an instance of a file opened for reading. -// The file is read into memory and closed after this is done. -// The memory is released when this object is destroyed. -// -class AtomicBufferedFile : public RefCount -{ -public: - AtomicBufferedFile(const std::string &inPath); - ~AtomicBufferedFile(); - - // Open the file and return it's size. - off_t open(); - - // Read inLength bytes starting at inOffset. - const uint8 *read(off_t inOffset, off_t inLength, off_t &outLength); - - // Return the current mode bits of the file - mode_t mode(); - - // Close the file (this doesn't release the buffer). - void close(); - - // Return the length of the file. - off_t length() const { return mLength; } - -private: - // Complete path to the file - string mPath; - - // File descriptor to the file or -1 if it's not currently open. - int mFileRef; - - // This is where the data from the file is read in to. - uint8 *mBuffer; - - // Length of file in bytes. - off_t mLength; -}; - - -// -// AtomicTempFile - A temporary file to write changes to. -// -class AtomicTempFile : public RefCount -{ -public: - // Start a write for a new file. - AtomicTempFile(AtomicFile &inFile, const RefPointer &inLockedFile, mode_t mode); - - // Start a write of an existing file. - AtomicTempFile(AtomicFile &inFile, const RefPointer &inLockedFile); - - ~AtomicTempFile(); - - // Commit the current create or write and close the write file. - void commit(); - - void write(AtomicFile::OffsetType inOffsetType, off_t inOffset, const uint32 *inData, uint32 inCount); - void write(AtomicFile::OffsetType inOffsetType, off_t inOffset, const uint8 *inData, uint32 inLength); - void write(AtomicFile::OffsetType inOffsetType, off_t inOffset, const uint32 inData); - -private: - // Called by both constructors. - void create(mode_t mode); - - // Fsync the file - void fsync(); - - // Close the file - void close(); - - // Rollback the current create or write (happens automatically if commit() isn't called before the destructor is). - void rollback() throw(); - -private: - // Our AtomicFile object. - AtomicFile &mFile; - - RefPointer mLockedFile; - - // Complete path to the file - string mPath; - - // File descriptor to the file or -1 if it's not currently open. - int mFileRef; - - // If this is true we unlink both mPath and mFile.path() when we rollback. - bool mCreating; -}; - - -// The current lock being held. -class AtomicLockedFile : public RefCount -{ -public: - // Create a write lock for inFile. - AtomicLockedFile(AtomicFile &inFile); - - ~AtomicLockedFile(); - -private: - void lock(mode_t mode = (S_IRUSR|S_IRGRP|S_IROTH) /* === 0444 */); - void unlock() throw(); - -private: - std::string unique(mode_t mode); - int rlink(const char *const old, const char *const newn, struct stat &sto); - int myrename(const char *const old, const char *const newn); - int xcreat(const char *const name, mode_t mode, time_t &tim); - - // The directory in which we create the lock - string mDir; - - // Complete path to the file - string mPath; -}; - - -} // end namespace Security - - -#endif // _SECURITY_ATOMICFILE_H_ diff --git a/cdsa/cdsa_utilities/Database.cpp b/cdsa/cdsa_utilities/Database.cpp deleted file mode 100644 index d834e447..00000000 --- a/cdsa/cdsa_utilities/Database.cpp +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifdef __MWERKS__ -#define _CPP_DATABASE -#endif -#include - -#include -#include -#include - -DatabaseManager::DatabaseManager () -{ -} - -DatabaseManager::~DatabaseManager () -{ -} - -Database * -DatabaseManager::get (const DbName &inDbName) -{ - StLock _(mDatabaseMapLock); - DatabaseMap::iterator anIterator = mDatabaseMap.find (inDbName); - if (anIterator == mDatabaseMap.end()) - { - auto_ptr aDatabase(make(inDbName)); - mDatabaseMap.insert(DatabaseMap::value_type(aDatabase->mDbName, aDatabase.get())); - return aDatabase.release(); - } - - return anIterator->second; -} - -void -DatabaseManager::removeIfUnused(Database &inDatabase) -{ - StLock _(mDatabaseMapLock); - if (!inDatabase.hasDbContexts()) { - mDatabaseMap.erase(inDatabase.mDbName); - delete &inDatabase; - } -} - -DbContext & -DatabaseManager::dbOpen(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters) -{ - Database &aDatabase = *get(inDbName); - try - { - return aDatabase._dbOpen(inDatabaseSession, inAccessRequest, inAccessCred, inOpenParameters); - } - catch (...) - { - removeIfUnused(aDatabase); - throw; - } -} - -DbContext & -DatabaseManager::dbCreate(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters) -{ - Database &aDatabase = *get(inDbName); - try - { - return aDatabase._dbCreate(inDatabaseSession, inDBInfo, inAccessRequest, - inCredAndAclEntry, inOpenParameters); - } - catch (...) - { - removeIfUnused(aDatabase); - throw; - } -} - -// Delete a DbContext instance created by calling dbOpen or dbCreate. -void -DatabaseManager::dbClose(DbContext &inDbContext) -{ - Database &aDatabase = inDbContext.mDatabase; - aDatabase._dbClose(inDbContext); - removeIfUnused(aDatabase); -} - -// Delete a database. -void -DatabaseManager::dbDelete(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - const AccessCredentials *inAccessCred) -{ - Database &aDatabase = *get(inDbName); - try - { - aDatabase.dbDelete(inDatabaseSession, inAccessCred); - } - catch (...) - { - removeIfUnused(aDatabase); - throw; - } - - removeIfUnused(aDatabase); -} - -// List all available databases. -CSSM_NAME_LIST_PTR -DatabaseManager::getDbNames(DatabaseSession &inDatabaseSession) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -void -DatabaseManager::freeNameList(DatabaseSession &inDatabaseSession, - CSSM_NAME_LIST &inNameList) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - -// Start of Database implementation. - -Database::Database (const DbName &inDbName) -: mDbName(inDbName) -{ -} - -Database::~Database () -{ -} - -bool -Database::hasDbContexts() -{ - StLock _(mDbContextSetLock); - return !mDbContextSet.empty(); -} - -DbContext & -Database::_dbOpen(DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters) -{ - auto_ptraDbContext(makeDbContext(inDatabaseSession, - inAccessRequest, - inAccessCred, - inOpenParameters)); - { - StLock _(mDbContextSetLock); - mDbContextSet.insert(aDbContext.get()); - // Release the mDbContextSetLock - } - - try - { - dbOpen(*aDbContext); - } - catch (...) - { - StLock _(mDbContextSetLock); - mDbContextSet.erase(aDbContext.get()); - throw; - } - - return *aDbContext.release(); -} - -DbContext & -Database::_dbCreate(DatabaseSession &inDatabaseSession, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters) -{ - auto_ptraDbContext(makeDbContext(inDatabaseSession, - inAccessRequest, - (inCredAndAclEntry - ? AccessCredentials::optional(inCredAndAclEntry->AccessCred) - : NULL), - inOpenParameters)); - { - StLock _(mDbContextSetLock); - mDbContextSet.insert(aDbContext.get()); - // Release the mDbContextSetLock - } - - try - { - dbCreate(*aDbContext, inDBInfo, - inCredAndAclEntry ? &inCredAndAclEntry->InitialAclEntry : NULL); - } - catch (...) - { - StLock _(mDbContextSetLock); - mDbContextSet.erase(aDbContext.get()); - throw; - } - - return *aDbContext.release(); -} - -void -Database::_dbClose(DbContext &dbContext) -{ - StLock _(mDbContextSetLock); - mDbContextSet.erase(&dbContext); - if (mDbContextSet.empty()) - dbClose(); -} diff --git a/cdsa/cdsa_utilities/Database.h b/cdsa/cdsa_utilities/Database.h deleted file mode 100644 index 94a14052..00000000 --- a/cdsa/cdsa_utilities/Database.h +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _DATABASE_H_ -#define _DATABASE_H_ 1 - -#include -#include -#include -#include -#include -#include - -#ifdef _CPP_DATABASE -# pragma export on -#endif - -// @@@ Should not use using in headers. -using namespace std; - -namespace Security -{ - -class Database; -class DatabaseFactory; -class DatabaseSession; -class DbContext; - -/* DatabaseManager class. */ -class DatabaseManager -{ - NOCOPY(DatabaseManager) -public: - DatabaseManager (); - virtual ~DatabaseManager (); - - // Create and return a new DbContext instance which is owned by us and must be discared by calling dbClose. - virtual DbContext &dbOpen(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters); - virtual DbContext &dbCreate(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters); - - // Delete a DbContext instance created by calling dbOpen or dbCreate. - virtual void dbClose(DbContext &inDbContext); - - // Delete a database. - virtual void dbDelete(DatabaseSession &inDatabaseSession, - const DbName &inDbName, - const AccessCredentials *inAccessCred); - - // List all available databases. - virtual CSSM_NAME_LIST_PTR getDbNames(DatabaseSession &inDatabaseSession); - virtual void freeNameList(DatabaseSession &inDatabaseSession, - CSSM_NAME_LIST &inNameList); -protected: - virtual void removeIfUnused(Database &inDatabase); - virtual Database *get (const DbName &inDbName); // Get existing instance or make a new one. - virtual Database *make (const DbName &inDbName) = 0; // Create a new database instance subclass must implement. -private: - typedef map DatabaseMap; - DatabaseMap mDatabaseMap; - Mutex mDatabaseMapLock; -}; - - -/* Database is an abstract class. Each Database subclass should implement all the - pure virtual methods listed below. The constructor for a particular Database - subclass should create the Database object. A subsequent call to dBOpen or - dBCreate should be is made. This returns a DbContext. All other methods take - a DbContext as an argument. - */ -class Database -{ -public: - virtual void - dbCreate (DbContext &inDbContext, const CSSM_DBINFO &inDBInfo, - const CSSM_ACL_ENTRY_INPUT *inInitialAclEntry) = 0; - - // Don't override this method in subclasses. - virtual DbContext & - _dbCreate(DatabaseSession &inDatabaseSession, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters); - - virtual void - dbOpen (DbContext &inDbContext) = 0; - - // Don't override this method in subclasses. - virtual DbContext & - _dbOpen (DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters); - - virtual void - dbClose () = 0; - - // Don't override this method in subclasses. - virtual void - _dbClose (DbContext &dbContext); - - virtual void - dbDelete(DatabaseSession &inDatabaseSession, - const AccessCredentials *inAccessCred) = 0; - - virtual void - createRelation (DbContext &dbContext, - CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &inIndexInfo) = 0; - - virtual void - destroyRelation (DbContext &dbContext, - CSSM_DB_RECORDTYPE inRelationID) = 0; - - virtual void - authenticate(DbContext &dbContext, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials &inAccessCred) = 0; - - virtual void - getDbAcl(DbContext &dbContext, - const CSSM_STRING *inSelectionTag, - uint32 &outNumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &outAclInfos) = 0; - - virtual void - changeDbAcl(DbContext &dbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_EDIT &inAclEdit) = 0; - - virtual void - getDbOwner(DbContext &dbContext, CSSM_ACL_OWNER_PROTOTYPE &outOwner) = 0; - - virtual void - changeDbOwner(DbContext &dbContext, - const AccessCredentials &inAccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &inNewOwner) = 0; - - virtual char * - getDbNameFromHandle (const DbContext &dbContext) const = 0; - - virtual CSSM_DB_UNIQUE_RECORD_PTR - dataInsert (DbContext &dbContext, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) = 0; - - virtual void - dataDelete (DbContext &dbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier) = 0; - - virtual void - dataModify (DbContext &dbContext, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributesToBeModified, - const CssmData *inDataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode) = 0; - - virtual CSSM_HANDLE - dataGetFirst (DbContext &dbContext, - const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) = 0; - - virtual bool - dataGetNext (DbContext &dbContext, - CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) = 0; - - virtual void - dataAbortQuery (DbContext &dbContext, - CSSM_HANDLE inResultsHandle) = 0; - - virtual void - dataGetFromUniqueRecordId (DbContext &dbContext, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData) = 0; - - virtual void - freeUniqueRecord (DbContext &dbContext, - CSSM_DB_UNIQUE_RECORD &inUniqueRecord) = 0; - - virtual void - passThrough(DbContext &dbContext, - uint32 passThroughId, - const void *inputParams, - void **outputParams) = 0; - - Database (const DbName &inDbName); - virtual ~Database (); - - virtual bool hasDbContexts(); - - // XXX @@@ Think about consequences of race conditions between DbOpen/DbCreate/DbDelete/DbClose - // on databases with the same name at the same time. - //virtual DbContext &insertDbContext(); - //virtual void removeDbContext(DbContext &inDbContext); - - const DbName mDbName; -protected: - // Subclasses must implement this method. - virtual DbContext *makeDbContext(DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters) = 0; -private: - typedef set DbContextSet; - DbContextSet mDbContextSet; - Mutex mDbContextSetLock; -}; - -} // end namespace Security - -#ifdef _CPP_DATABASE -# pragma export off -#endif - -#endif //_DATABASE_H_ diff --git a/cdsa/cdsa_utilities/DatabaseSession.cpp b/cdsa/cdsa_utilities/DatabaseSession.cpp deleted file mode 100644 index b5da6cc6..00000000 --- a/cdsa/cdsa_utilities/DatabaseSession.cpp +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DatabaseSession.cpp - DL Session. -// -#ifdef __MWERKS__ -#define _CPP_DATABASESESSION -#endif -#include - -#include -#include -#include -#include - -/* log open/close events */ -#define DOCDebug(args...) secdebug("DBOpen", ## args) - - -using namespace std; - -// -// Session constructor -// -DatabaseSession::DatabaseSession(DatabaseManager &inDatabaseManager) -: mDatabaseManager(inDatabaseManager) -{ -} - -DatabaseSession::~DatabaseSession() -{ -} - - -// Utility functions -void -DatabaseSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList) -{ - outNameList = mDatabaseManager.getDbNames (*this); -} - - -void -DatabaseSession::FreeNameList(CSSM_NAME_LIST &inNameList) -{ - mDatabaseManager.freeNameList (*this, inNameList); -} - - -void -DatabaseSession::DbDelete(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - const AccessCredentials *inAccessCred) -{ - // The databaseManager will notify all its DbContext instances - // that the database is question is being deleted. - mDatabaseManager.dbDelete(*this, DbName(inDbName, CssmNetAddress::optional(inDbLocation)), inAccessCred); -} - -// DbContext creation and destruction. -void -DatabaseSession::DbCreate(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - const CSSM_DBINFO &inDBInfo, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *inCredAndAclEntry, - const void *inOpenParameters, - CSSM_DB_HANDLE &outDbHandle) -{ - outDbHandle = CSSM_INVALID_HANDLE; // CDSA 2.0 says to set this if we fail - outDbHandle = insertDbContext(mDatabaseManager.dbCreate(*this, - DbName(inDbName, CssmNetAddress::optional(inDbLocation)), - inDBInfo, - inAccessRequest, - inCredAndAclEntry, - inOpenParameters)); - -} - -void -DatabaseSession::DbOpen(const char *inDbName, - const CSSM_NET_ADDRESS *inDbLocation, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials *inAccessCred, - const void *inOpenParameters, - CSSM_DB_HANDLE &outDbHandle) -{ - DOCDebug("DatabaseSession::DbOpen: dbName %s", inDbName); - outDbHandle = CSSM_INVALID_HANDLE; // CDSA 2.0 says to set this if we fail - outDbHandle = insertDbContext(mDatabaseManager.dbOpen(*this, - DbName(inDbName, CssmNetAddress::optional(inDbLocation)), - inAccessRequest, - inAccessCred, - inOpenParameters)); -} - -CSSM_DB_HANDLE -DatabaseSession::insertDbContext(DbContext &inDbContext) -{ - CSSM_DB_HANDLE aDbHandle; - try - { - aDbHandle = inDbContext.handle (); - StLock _(mDbContextMapLock); - mDbContextMap.insert(DbContextMap::value_type(aDbHandle, &inDbContext)); - } - catch (...) - { - // Close the context - mDatabaseManager.dbClose(inDbContext); - throw; - } - - return aDbHandle; -} - -DbContext & -DatabaseSession::findDbContext(CSSM_DB_HANDLE inDbHandle) -{ - StLock _(mDbContextMapLock); - DbContextMap::iterator it = mDbContextMap.find(inDbHandle); - if (it == mDbContextMap.end()) - CssmError::throwMe(CSSM_ERRCODE_INVALID_DB_HANDLE); - return *it->second; -} - -void -DatabaseSession::closeAll() -{ - StLock _(mDbContextMapLock); - for (DbContextMap::iterator it = mDbContextMap.begin(); - it != mDbContextMap.end(); - it++) - { - DbContext *aDbContext = it->second; - try - { - mDatabaseManager.dbClose(*aDbContext); - // This is done by the database itself which owns the context. - //delete aDbContext; - } - catch (...) - { - // Ignore exceptions since we want to close as many DBs as possible. - // XXX @@@ log an error or something. - } - } - - mDbContextMap.clear(); -} - -// Operations using DbContext instances. -void -DatabaseSession::DbClose(CSSM_DB_HANDLE inDbHandle) -{ - StLock _(mDbContextMapLock); - DOCDebug("DatabaseSession::Close"); - DbContextMap::iterator it = mDbContextMap.find(inDbHandle); - if (it == mDbContextMap.end()) - CssmError::throwMe(CSSM_ERRCODE_INVALID_DB_HANDLE); - auto_ptr aDbContext(it->second); - mDbContextMap.erase(it); - mDatabaseManager.dbClose(*aDbContext); -} - -void -DatabaseSession::CreateRelation(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRelationID, - const char *inRelationName, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &inAttributeInfo, - uint32 inNumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &inIndexInfo) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - return aDbContext.mDatabase.createRelation(aDbContext, inRelationID, inRelationName, - inNumberOfAttributes, inAttributeInfo, - inNumberOfIndexes, inIndexInfo); -} - -void -DatabaseSession::DestroyRelation(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRelationID) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - return aDbContext.mDatabase.destroyRelation(aDbContext, inRelationID); -} - -void -DatabaseSession::Authenticate(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const AccessCredentials &inAccessCred) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.authenticate(aDbContext, inAccessRequest, inAccessCred); -} - - -void -DatabaseSession::GetDbAcl(CSSM_DB_HANDLE inDbHandle, - const CSSM_STRING *inSelectionTag, - uint32 &outNumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &outAclInfos) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.getDbAcl(aDbContext, inSelectionTag, outNumberOfAclInfos, outAclInfos); -} - -void -DatabaseSession::ChangeDbAcl(CSSM_DB_HANDLE inDbHandle, - const AccessCredentials &inAccessCred, - const CSSM_ACL_EDIT &inAclEdit) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.changeDbAcl(aDbContext, inAccessCred, inAclEdit); -} - -void -DatabaseSession::GetDbOwner(CSSM_DB_HANDLE inDbHandle, - CSSM_ACL_OWNER_PROTOTYPE &outOwner) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.getDbOwner(aDbContext, outOwner); -} - -void -DatabaseSession::ChangeDbOwner(CSSM_DB_HANDLE inDbHandle, - const AccessCredentials &inAccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &inNewOwner) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.changeDbOwner(aDbContext, inAccessCred, inNewOwner); -} - -void -DatabaseSession::GetDbNameFromHandle(CSSM_DB_HANDLE inDbHandle, - char **outDbName) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - Required(outDbName) = aDbContext.mDatabase.getDbNameFromHandle(aDbContext); -} - -void -DatabaseSession::DataInsert(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueId) -{ - secdebug("dbsession", "%p DataInsert(%lx,%lx)", this, inDbHandle, inRecordType); - DbContext &aDbContext = findDbContext(inDbHandle); - outUniqueId = aDbContext.mDatabase.dataInsert(aDbContext, inRecordType, inAttributes, inData); -} - - -void -DatabaseSession::DataDelete(CSSM_DB_HANDLE inDbHandle, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier) -{ - secdebug("dbsession", "%p DataDelete(%lx)", this, inDbHandle); - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.dataDelete(aDbContext, inUniqueRecordIdentifier); -} - - -void -DatabaseSession::DataModify(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_RECORDTYPE inRecordType, - CSSM_DB_UNIQUE_RECORD &inoutUniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributesToBeModified, - const CssmData *inDataToBeModified, - CSSM_DB_MODIFY_MODE inModifyMode) -{ - secdebug("dbsession", "%p DataModify(%lx,%lx)", this, inDbHandle, inRecordType); - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.dataModify(aDbContext, inRecordType, inoutUniqueRecordIdentifier, - inAttributesToBeModified, inDataToBeModified, inModifyMode); -} - -CSSM_HANDLE -DatabaseSession::DataGetFirst(CSSM_DB_HANDLE inDbHandle, - const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueId) -{ - secdebug("dbsession", "%p DataGetFirst(%lx)", this, inDbHandle); - DbContext &aDbContext = findDbContext(inDbHandle); - - return aDbContext.mDatabase.dataGetFirst(aDbContext, inQuery, - inoutAttributes, inoutData, outUniqueId); -} - -bool -DatabaseSession::DataGetNext(CSSM_DB_HANDLE inDbHandle, - CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord) -{ - secdebug("dbsession", "%p DataGetNext(%lx)", this, inDbHandle); - DbContext &aDbContext = findDbContext(inDbHandle); - - return aDbContext.mDatabase.dataGetNext(aDbContext, inResultsHandle, inoutAttributes, - inoutData, outUniqueRecord); -} - -void -DatabaseSession::DataAbortQuery(CSSM_DB_HANDLE inDbHandle, - CSSM_HANDLE inResultsHandle) -{ - secdebug("dbsession", "%p DataAbortQuery(%lx)", this, inDbHandle); - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.dataAbortQuery(aDbContext, inResultsHandle); -} - -void -DatabaseSession::DataGetFromUniqueRecordId(CSSM_DB_HANDLE inDbHandle, - const CSSM_DB_UNIQUE_RECORD &inUniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData) -{ - secdebug("dbsession", "%p DataGetFromUniqueId(%lx)", this, inDbHandle); - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.dataGetFromUniqueRecordId(aDbContext, inUniqueRecord, - inoutAttributes, inoutData); -} - -void -DatabaseSession::FreeUniqueRecord(CSSM_DB_HANDLE inDbHandle, - CSSM_DB_UNIQUE_RECORD &inUniqueRecordIdentifier) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.freeUniqueRecord(aDbContext, inUniqueRecordIdentifier); -} - -void -DatabaseSession::PassThrough(CSSM_DB_HANDLE inDbHandle, - uint32 passThroughId, - const void *inputParams, - void **outputParams) -{ - DbContext &aDbContext = findDbContext(inDbHandle); - aDbContext.mDatabase.passThrough(aDbContext, passThroughId, inputParams, outputParams); -} diff --git a/cdsa/cdsa_utilities/DatabaseSession.h b/cdsa/cdsa_utilities/DatabaseSession.h deleted file mode 100644 index 90d84029..00000000 --- a/cdsa/cdsa_utilities/DatabaseSession.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DatabaseSession.h - Framework for DL plugin modules -// -#ifndef _H_DATABASESESSION -#define _H_DATABASESESSION - -#include - -#include -#include -#include -#include - -#if defined(_CPP_DATABASESESSION) -# pragma export on -#endif - -namespace Security -{ - -class DatabaseManager; -class DbContext; - -// A class providing some of the base Database (DL and MDS) functionality. -class DatabaseSession: public DLAbstractPluginSession, public CssmAllocator -{ -public: - DatabaseSession(DatabaseManager &inDatabaseManager); - virtual ~DatabaseSession(); - - virtual void GetDbNames(CSSM_NAME_LIST_PTR &NameList); - virtual void FreeNameList(CSSM_NAME_LIST &NameList); - void DbDelete(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const AccessCredentials *AccessCred); - void DbCreate(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_DBINFO &DBInfo, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - const void *OpenParameters, - CSSM_DB_HANDLE &DbHandle); - virtual void DbOpen(const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - CSSM_DB_ACCESS_TYPE AccessRequest, - const AccessCredentials *AccessCred, - const void *OpenParameters, - CSSM_DB_HANDLE &DbHandle); - void DbClose(CSSM_DB_HANDLE DBHandle); - void CreateRelation(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RelationID, - const char *RelationName, - uint32 NumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO &pAttributeInfo, - uint32 NumberOfIndexes, - const CSSM_DB_SCHEMA_INDEX_INFO &pIndexInfo); - void DestroyRelation(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RelationID); - - void Authenticate(CSSM_DB_HANDLE DBHandle, - CSSM_DB_ACCESS_TYPE AccessRequest, - const AccessCredentials &AccessCred); - void GetDbAcl(CSSM_DB_HANDLE DBHandle, - const CSSM_STRING *SelectionTag, - uint32 &NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR &AclInfos); - void ChangeDbAcl(CSSM_DB_HANDLE DBHandle, - const AccessCredentials &AccessCred, - const CSSM_ACL_EDIT &AclEdit); - void GetDbOwner(CSSM_DB_HANDLE DBHandle, - CSSM_ACL_OWNER_PROTOTYPE &Owner); - void ChangeDbOwner(CSSM_DB_HANDLE DBHandle, - const AccessCredentials &AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE &NewOwner); - void GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle, - char **DbName); - void DataInsert(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RecordType, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *Attributes, - const CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - void DataDelete(CSSM_DB_HANDLE DBHandle, - const CSSM_DB_UNIQUE_RECORD &UniqueRecordIdentifier); - void DataModify(CSSM_DB_HANDLE DBHandle, - CSSM_DB_RECORDTYPE RecordType, - CSSM_DB_UNIQUE_RECORD &UniqueRecordIdentifier, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *AttributesToBeModified, - const CssmData *DataToBeModified, - CSSM_DB_MODIFY_MODE ModifyMode); - CSSM_HANDLE DataGetFirst(CSSM_DB_HANDLE DBHandle, - const DLQuery *Query, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - bool DataGetNext(CSSM_DB_HANDLE DBHandle, - CSSM_HANDLE ResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data, - CSSM_DB_UNIQUE_RECORD_PTR &UniqueId); - void DataAbortQuery(CSSM_DB_HANDLE DBHandle, - CSSM_HANDLE ResultsHandle); - void DataGetFromUniqueRecordId(CSSM_DB_HANDLE DBHandle, - const CSSM_DB_UNIQUE_RECORD &UniqueRecord, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR Attributes, - CssmData *Data); - void FreeUniqueRecord(CSSM_DB_HANDLE DBHandle, - CSSM_DB_UNIQUE_RECORD &UniqueRecord); - void PassThrough(CSSM_DB_HANDLE DBHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams); - - DatabaseManager &mDatabaseManager; -protected: - void closeAll(); -private: - CSSM_DB_HANDLE insertDbContext(DbContext &dbContext); - DbContext &findDbContext(CSSM_DB_HANDLE inDbHandle); - - typedef std::map DbContextMap; - DbContextMap mDbContextMap; - Mutex mDbContextMapLock; -}; - -} // end namespace Security - -#if defined(_CPP_DATABASESESSION) -# pragma export off -#endif - -#endif //_H_DATABASESESSION diff --git a/cdsa/cdsa_utilities/DbContext.cpp b/cdsa/cdsa_utilities/DbContext.cpp deleted file mode 100644 index 5633728a..00000000 --- a/cdsa/cdsa_utilities/DbContext.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifdef __MWERKS__ -#define _CPP_DBCONTEXT -#endif -#include - -#include - -#include -#include - -DbContext::DbContext (Database &inDatabase, - DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCred) : - mDatabase (inDatabase), - mDatabaseSession (inDatabaseSession), - mAccessRequest (inAccessRequest) -{ - // XXX Copy the ACL. - //mAccessCred = inAccessCred; -} - -DbContext::~DbContext () -{ - //delete mAccessCred; - // XXX How do we delete these? -} diff --git a/cdsa/cdsa_utilities/DbContext.h b/cdsa/cdsa_utilities/DbContext.h deleted file mode 100644 index 986ddcab..00000000 --- a/cdsa/cdsa_utilities/DbContext.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _DBCONTEXT_H_ -#define _DBCONTEXT_H_ 1 - -#include -#include - -#ifdef _CPP_DBCONTEXT -# pragma export on -#endif - -namespace Security -{ - -class DatabaseSession; - -class DbContext : public HandleObject -{ - NOCOPY(DbContext) -public: - Database &mDatabase; - DatabaseSession &mDatabaseSession; - - DbContext(Database &inDatabase, - DatabaseSession &inDatabaseSession, - CSSM_DB_ACCESS_TYPE inAccessRequest, - const CSSM_ACCESS_CREDENTIALS *inAccessCred); - - virtual ~DbContext(); - - CSSM_HANDLE - dataGetFirst(const DLQuery *inQuery, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord); - - void - dataGetNext(CSSM_HANDLE inResultsHandle, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_DB_UNIQUE_RECORD_PTR &outUniqueRecord); - - void - dataAbortQuery(CSSM_HANDLE inResultsHandle); -private: - CSSM_DB_ACCESS_TYPE mAccessRequest; - CSSM_ACCESS_CREDENTIALS *mAccessCred; - //typedef set DbQuerySet; - //DbQuerySet mDbQuerySet; - //Mutex mDbQuerySetLock; -}; - -} // end namespace Security - -#ifdef _CPP_DBCONTEXT -# pragma export off -#endif - -#endif //_DBCONTEXT_H_ diff --git a/cdsa/cdsa_utilities/DbIndex.cpp b/cdsa/cdsa_utilities/DbIndex.cpp deleted file mode 100644 index 03359f62..00000000 --- a/cdsa/cdsa_utilities/DbIndex.cpp +++ /dev/null @@ -1,471 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DbIndex.cpp -// - -#include "DbIndex.h" -#include "AppleDatabase.h" -#include - -DbQueryKey::DbQueryKey(const DbConstIndex &index) -: mIndex(index), - mTableSection(index.table().getTableSection()) -{ -} - -// Perform a less-than comparison between two keys. An offset of zero -// means to use the key provided as part of the query; otherwise, the -// key comes from the database. - -int -DbKeyComparator::operator () (uint32 offset1, uint32 offset2) const -{ - ReadSection rs1, rs2; - const ReadSection *key1, *key2; - - // get the read sections to compare - - if (offset1 == 0) - key1 = &mKey.mKeyData; - else { - rs1 = mKey.mTableSection.subsection(offset1); - key1 = &rs1; - } - - if (offset2 == 0) - key2 = &mKey.mKeyData; - else { - rs2 = mKey.mTableSection.subsection(offset2); - key2 = &rs2; - } - - // compare the values of the attributes in the keys - - uint32 valueOffset1 = sizeof(uint32), valueOffset2 = sizeof(uint32); - - for (uint32 i = 0; i < mKey.mNumKeyValues; i++) { - const MetaAttribute &metaAttribute = *mKey.mIndex.mAttributes[i]; - auto_ptr value1(metaAttribute.createValue(*key1, valueOffset1)); - auto_ptr value2(metaAttribute.createValue(*key2, valueOffset2)); - - if (metaAttribute.evaluate(value1.get(), value2.get(), CSSM_DB_LESS_THAN)) - return true; - - else if (metaAttribute.evaluate(value2.get(), value1.get(), CSSM_DB_LESS_THAN)) - return false; - } - - // if we are here, the keys are equal - - return false; -} - -// Comparison used when inserting an item into an index, but otherwise -// similar to the version above. - -bool -DbIndexKey::operator < (const DbIndexKey &other) const -{ - // compare the values of the attributes in the keys - - uint32 numAttributes = mIndex.mAttributes.size(); - uint32 valueOffset1 = 0, valueOffset2 = 0; - - for (uint32 i = 0; i < numAttributes; i++) { - const MetaAttribute &metaAttribute = *mIndex.mAttributes[i]; - auto_ptr value1(metaAttribute.createValue(mKeySection.subsection(mKeyRange), - valueOffset1)); - auto_ptr value2(metaAttribute.createValue(other.mKeySection.subsection(other.mKeyRange), - valueOffset2)); - - if (metaAttribute.evaluate(value1.get(), value2.get(), CSSM_DB_LESS_THAN)) - return true; - - else if (metaAttribute.evaluate(value2.get(), value1.get(), CSSM_DB_LESS_THAN)) - return false; - } - - // if we are here, the keys are equal - - return false; -} - -DbIndex::DbIndex(const MetaRecord &metaRecord, uint32 indexId, bool isUniqueIndex) -: mMetaRecord(metaRecord), - mIndexId(indexId), - mIsUniqueIndex(isUniqueIndex) -{ -} - -// Append an attribute to the vector used to form index keys. - -void -DbIndex::appendAttribute(uint32 attributeId) -{ - CSSM_DB_ATTRIBUTE_INFO info; - info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - info.Label.AttributeID = attributeId; - - mAttributes.push_back(&(mMetaRecord.metaAttribute(info))); -} - -// Construct a new read-only index. - -DbConstIndex::DbConstIndex(const Table &table, uint32 indexId, bool isUniqueIndex) -: DbIndex(table.getMetaRecord(), indexId, isUniqueIndex), - mTable(table) -{ -} - -DbConstIndex::DbConstIndex(const Table &table, const ReadSection &indexSection) -: DbIndex(table.getMetaRecord(), indexSection.at(AtomSize), indexSection.at(2 * AtomSize)), - mTable(table) -{ - uint32 numAttributes = indexSection.at(3 * AtomSize); - - for (uint32 i = 0; i < numAttributes; i++) { - uint32 attributeId = indexSection.at((4 + i) * AtomSize); - appendAttribute(attributeId); - } - - uint32 offset = (4 + numAttributes) * AtomSize; - uint32 numRecords = indexSection.at(offset); - offset += AtomSize; - mKeyOffsetVector.overlay(numRecords, - reinterpret_cast(indexSection.range(Range(offset, numRecords * AtomSize)))); - - offset += numRecords * AtomSize; - mRecordNumberVector.overlay(numRecords, - reinterpret_cast(indexSection.range(Range(offset, numRecords * AtomSize)))); -} - -// Check to see if this index can be used to perform a given query, based on -// the attributes used in the query and their order. They must be a prefix -// of the index key attributes. If there is more than one attribute, all of the -// operators must be EQUAL and the conjunctive must be AND; this is needed to -// ensure that the results are a contiguous segment of the index. On success, -// the appropriate index key is generated from the query. - -bool -DbConstIndex::matchesQuery(const CSSM_QUERY &query, DbQueryKey *&queryKey) const -{ - uint32 numPredicates = query.NumSelectionPredicates; - - if (numPredicates == 0 || numPredicates > mAttributes.size()) - return false; - - // determine which index attributes are used in the query - - auto_array attributeUsed(mAttributes.size()); - for (uint32 i = 0; i < mAttributes.size(); attributeUsed[i++] = ~0UL); - - for (uint32 i = 0, j; i < numPredicates; i++) { - const MetaAttribute &tableAttribute = - mMetaRecord.metaAttribute(query.SelectionPredicate[i].Attribute.Info); - - for (j = 0; j < mAttributes.size(); j++) { - if (tableAttribute.attributeId() == mAttributes[j]->attributeId()) { - if (attributeUsed[j] != ~0UL) - // invalid query: attribute appears twice - CssmError::throwMe(CSSMERR_DL_INVALID_QUERY); - else { - // the jth index component is the ith predicate in the query - attributeUsed[j] = i; - break; - } - } - } - - if (j == mAttributes.size()) { - // the predicate attribute is not in the index, so return failure - return false; - } - } - - // check that the query predicates form a prefix of the index key, which means that - // the first N index components are the N query predicates in some order - - uint32 lastIndex; - for (lastIndex = mAttributes.size() - 1; (lastIndex >= 0) && (attributeUsed[lastIndex] == ~0UL); - lastIndex--); - - if (lastIndex != numPredicates - 1) - return false; - - // if there is more than one predicate, the conjunctive must be AND and all the - // operators must be EQUAL for the compound index to be useful - - CSSM_DB_OPERATOR op; - - if (numPredicates > 1) { - if (query.Conjunctive != CSSM_DB_AND) - return false; - - for (uint32 i = 0; i < numPredicates; i++) - if (query.SelectionPredicate[i].DbOperator != CSSM_DB_EQUAL) - return false; - - op = CSSM_DB_EQUAL; - } - - // for a single predicate, check the operator - - else { - op = query.SelectionPredicate[0].DbOperator; - if (op != CSSM_DB_EQUAL && op != CSSM_DB_LESS_THAN && op != CSSM_DB_GREATER_THAN) - return false; - } - - // ok, after all that, we can use this index, so generate an object used as a key - // for this query on this index - - queryKey = new DbQueryKey(*this); - queryKey->mNumKeyValues = numPredicates; - queryKey->mOp = op; - - uint32 keyLength = sizeof(uint32); - for (uint32 i = 0; i < numPredicates; i++) - mAttributes[i]->packValue(queryKey->mKeyData, keyLength, - *(query.SelectionPredicate[attributeUsed[i]].Attribute.Value)); - queryKey->mKeyData.put(0, keyLength - sizeof(uint32)); - queryKey->mKeyData.size(keyLength); - - return true; -} - -// Perform a query on an index, returning the iterators that bound the -// returned results. - -void -DbConstIndex::performQuery(const DbQueryKey &queryKey, - DbIndexIterator &begin, DbIndexIterator &end) const -{ - DbKeyComparator cmp(queryKey); - - switch (queryKey.mOp) { - - case CSSM_DB_EQUAL: - { - pair result; - result = equal_range(mKeyOffsetVector.begin(), mKeyOffsetVector.end(), - DbQueryKey::kQueryValue, cmp); - begin = result.first; - end = result.second; - } - break; - - case CSSM_DB_LESS_THAN: - begin = mKeyOffsetVector.begin(); - end = lower_bound(begin, mKeyOffsetVector.end(), DbQueryKey::kQueryValue, cmp); - break; - - case CSSM_DB_GREATER_THAN: - end = mKeyOffsetVector.end(); - begin = lower_bound(mKeyOffsetVector.begin(), end, DbQueryKey::kQueryValue, cmp); - break; - - default: - CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR); - break; - } -} - -// Given an iterator as returned by performQuery(), return the read section for the record. - -ReadSection -DbConstIndex::getRecordSection(DbIndexIterator iter) const -{ - uint32 recordNumber = mRecordNumberVector[iter - mKeyOffsetVector.begin()]; - return mTable.getRecordSection(recordNumber); -} - -// Construct a mutable index from a read-only index. - -DbMutableIndex::DbMutableIndex(const DbConstIndex &index) -: DbIndex(index), - mIndexDataSize(0) -{ - // go through the const index and copy all the entries into the - // mutable index - - const ReadSection &tableSection = index.mTable.getTableSection(); - - uint32 numRecords = index.mKeyOffsetVector.size(); - for (uint32 i = 0; i < numRecords; i++) { - uint32 recordNumber = index.mRecordNumberVector.at(i); - uint32 keyOffset = index.mKeyOffsetVector.at(i); - uint32 keySize = tableSection.at(keyOffset); - DbIndexKey key(tableSection, Range(keyOffset + AtomSize, keySize), *this); - mMap.insert(IndexMap::value_type(key, recordNumber)); - } -} - -DbMutableIndex::DbMutableIndex(const MetaRecord &metaRecord, uint32 indexId, bool isUniqueIndex) -: DbIndex(metaRecord, indexId, isUniqueIndex) -{ -} - -DbMutableIndex::~DbMutableIndex() -{ -} - -// Remove all entries for a record from an index. This is not an ideal implementation, -// since it walks the entire index. In a perfect world, we'd generate all the record's -// keys and lookup matching entries, deleting only those with the correct record number. -// But this is not a perfect world. - -void -DbMutableIndex::removeRecord(uint32 recordNumber) -{ - IndexMap::iterator it, temp; - for (it = mMap.begin(); it != mMap.end(); ) { - temp = it; it++; - if (temp->second == recordNumber) - mMap.erase(temp); - } -} - -// Insert a record into an index. - -void -DbMutableIndex::insertRecord(uint32 recordNumber, const ReadSection &packedRecord) -{ - // The common case is that each indexed attribute has a single value in - // the record; detect and handle this separately since we can avoid an - // expensive recursive technique. - - uint32 numAttributes = mAttributes.size(); - bool allSingleValued = true; - - for (uint32 i = 0; i < numAttributes; i++) { - uint32 numValues = mAttributes[i]->getNumberOfValues(packedRecord); - if (numValues == 0) { - // record does not have value required by index; for a unique index, - // this is an error, otherwise just don't index the record - if (mIsUniqueIndex) - CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - else - return; - } - else if (numValues > 1) { - allSingleValued = false; - break; - } - } - - if (allSingleValued) - insertRecordSingle(recordNumber, packedRecord); - - else { - // recursively build all appropriate index keys, and add them to the map - WriteSection keyData; - insertRecordMulti(recordNumber, packedRecord, 0, keyData, 0); - } -} - -void -DbMutableIndex::insertRecordSingle(uint32 recordNumber, const ReadSection &packedRecord) -{ - // append the key values to the index data - uint32 offset = mIndexDataSize; - for (uint32 i = 0; i < mAttributes.size(); i++) - mAttributes[i]->copyValueBytes(0, packedRecord, mIndexData, mIndexDataSize); - mIndexData.size(mIndexDataSize); - - // make an index key - DbIndexKey key(mIndexData, Range(offset, mIndexDataSize - offset), *this); - - // if this is a unique index, check for a record with the same key - if (mIsUniqueIndex && (mMap.find(key) != mMap.end())) - // the key already exists, which is an error - CssmError::throwMe(CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA); - - // insert the item into the map - mMap.insert(IndexMap::value_type(key, recordNumber)); -} - -void -DbMutableIndex::insertRecordMulti(uint32 recordNumber, const ReadSection &packedRecord, - uint32 attributeIndex, WriteSection &keyData, uint32 keySize) -{ - const MetaAttribute &metaAttribute = *(mAttributes[attributeIndex]); - uint32 numValues = metaAttribute.getNumberOfValues(packedRecord); - - for (uint32 i = 0; i < numValues; i++) { - - uint32 newKeySize = keySize; - metaAttribute.copyValueBytes(i, packedRecord, keyData, newKeySize); - - if (attributeIndex + 1 == mAttributes.size()) { - uint32 offset = mIndexDataSize; - mIndexDataSize = mIndexData.put(mIndexDataSize, newKeySize, keyData.address()); - mIndexData.size(mIndexDataSize); - - DbIndexKey key(mIndexData, Range(offset, mIndexDataSize - offset), *this); - if (mIsUniqueIndex && (mMap.find(key) != mMap.end())) - CssmError::throwMe(CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA); - - mMap.insert(IndexMap::value_type(key, recordNumber)); - } - else - // otherwise, recurse with the rest of the attributes - insertRecordMulti(recordNumber, packedRecord, attributeIndex + 1, keyData, newKeySize); - } -} - -uint32 -DbMutableIndex::writeIndex(WriteSection &ws, uint32 offset) -{ - IndexMap::iterator it; - - // reserve space for the index size - uint32 sizeOffset = offset; - offset += AtomSize; - - offset = ws.put(offset, mIndexId); - offset = ws.put(offset, mIsUniqueIndex ? 1 : 0); - - offset = ws.put(offset, mAttributes.size()); - for (uint32 i = 0; i < mAttributes.size(); i++) - offset = ws.put(offset, mAttributes[i]->attributeId()); - - offset = ws.put(offset, mMap.size()); - - // reserve space for the array of offsets to key data - uint32 keyPtrOffset = offset; - offset += AtomSize * mMap.size(); - - // write the array of record numbers - for (it = mMap.begin(); it != mMap.end(); it++) { - offset = ws.put(offset, it->second); - } - - // write the key data - for (it = mMap.begin(); it != mMap.end(); it++) { - keyPtrOffset = ws.put(keyPtrOffset, offset); - offset = ws.put(offset, it->first.keySize()); - offset = ws.put(offset, it->first.keySize(), it->first.keyData()); - } - - // write the index size - ws.put(sizeOffset, offset - sizeOffset); - - return offset; -} diff --git a/cdsa/cdsa_utilities/DbIndex.h b/cdsa/cdsa_utilities/DbIndex.h deleted file mode 100644 index bfeaadd1..00000000 --- a/cdsa/cdsa_utilities/DbIndex.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DbIndex.h -// - -#ifndef _H_APPLEDL_DBINDEX -#define _H_APPLEDL_DBINDEX - -#include "MetaRecord.h" - -namespace Security -{ - -class Table; -class DbConstIndex; -class DbIndex; - -typedef constVector DbOffsetVector; - -typedef DbOffsetVector::const_iterator DbIndexIterator; - -// -// An object that represents a key being used as part of a query. -// - -class DbQueryKey -{ - friend class DbConstIndex; - friend class DbKeyComparator; - -public: - DbQueryKey(const DbConstIndex &index); - - enum { kQueryValue = 0 }; - -private: - WriteSection mKeyData; - uint32 mNumKeyValues; - const DbConstIndex &mIndex; - const ReadSection &mTableSection; - CSSM_DB_OPERATOR mOp; -}; - -// -// An object which performs comparison between keys, either stored -// in a database or provided as part of a query. -// - -class DbKeyComparator -{ -public: - DbKeyComparator(const DbQueryKey &key) : mKey(key) {} - - int operator () (uint32 keyOffset1, uint32 keyOffset2) const; - -private: - const DbQueryKey &mKey; -}; - -// -// A key as stored in an index. -// - -class DbIndexKey { -public: - DbIndexKey(const ReadSection &key, const Range &keyRange, const DbIndex &index) - : mKeySection(key), mKeyRange(keyRange), mIndex(index) {} - - bool operator < (const DbIndexKey &other) const; - - uint32 keySize() const { return mKeyRange.mSize; } - const uint8 *keyData() const { return mKeySection.range(mKeyRange); } - -private: - // the key data, expressed as a subsection of a read section - const ReadSection &mKeySection; - Range mKeyRange; - - // the index that knows how to interpret the key data - const DbIndex &mIndex; -}; - -// Base class containing stuff shared between const and mutable indexes. - -class DbIndex -{ - friend class DbIndexKey; - -public: - uint32 indexId() const { return mIndexId; } - - // append an attribute to the index key - void appendAttribute(uint32 attributeId); - -protected: - DbIndex(const MetaRecord &metaRecord, uint32 indexId, bool isUniqueIndex); - - // meta record for table associated with this index - const MetaRecord &mMetaRecord; - - // vector of indexed attributes - typedef vector AttributeVector; - AttributeVector mAttributes; - - uint32 mIndexId; - bool mIsUniqueIndex; -}; - -// Read-only index. - -class DbConstIndex : public DbIndex -{ - friend class DbMutableIndex; - friend class DbQueryKey; - friend class DbKeyComparator; - -public: - DbConstIndex(const Table &table, uint32 indexId, bool isUniqueIndex); - DbConstIndex(const Table &table, const ReadSection &indexSection); - - const Table &table() const { return mTable; } - - // check if this index can be used for a given query, and if so, generate - // the appropriate index key from the query - bool matchesQuery(const CSSM_QUERY &query, DbQueryKey *&queryKey) const; - - // perform a query on the index - void performQuery(const DbQueryKey &queryKey, - DbIndexIterator &begin, DbIndexIterator &end) const; - - // given an iterator as returned by performQuery(), return the read section for the record - ReadSection getRecordSection(DbIndexIterator iter) const; - -private: - // sorted vector of offsets to index key data - DbOffsetVector mKeyOffsetVector; - - // vector, in same order as key vector, of corresponding record numbers - DbOffsetVector mRecordNumberVector; - - const Table &mTable; -}; - -// A memory-resident index that can be modified, but not used for a query. - -class DbMutableIndex : public DbIndex -{ -public: - DbMutableIndex(const DbConstIndex &index); - DbMutableIndex(const MetaRecord &metaRecord, uint32 indexId, bool isUniqueIndex); - ~DbMutableIndex(); - - // insert a record into the index - void insertRecord(uint32 recordNumber, const ReadSection &packedRecord); - - // remove a record from the index - void removeRecord(uint32 recordNumber); - - // write the index - uint32 writeIndex(WriteSection &ws, uint32 offset); - -private: - // helper methods called by insertRecord() - void insertRecordSingle(uint32 recordOffset, const ReadSection &packedRecord); - void insertRecordMulti(uint32 recordOffset, const ReadSection &packedRecord, - uint32 attributeIndex, WriteSection &keyData, uint32 keySize); - - // a single write section which stores generated index key data - WriteSection mIndexData; - uint32 mIndexDataSize; - - // a map from index keys to record numbers - typedef multimap IndexMap; - IndexMap mMap; -}; - -} // end namespace Security - -#endif // _H_APPLEDL_DBINDEX diff --git a/cdsa/cdsa_utilities/DbName.cpp b/cdsa/cdsa_utilities/DbName.cpp deleted file mode 100644 index 166288d2..00000000 --- a/cdsa/cdsa_utilities/DbName.cpp +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifdef __MWERKS__ -#define _CPP_DBNAME -#endif -#include - -#include - -CssmNetAddress::CssmNetAddress(CSSM_DB_RECORDTYPE inAddressType, const CssmData &inAddress) -{ - AddressType = inAddressType; - Address.Length = inAddress.Length; - if (Address.Length > 0) - { - Address.Data = new uint8[Address.Length]; - memcpy (Address.Data, inAddress.Data, Address.Length); - } - else - Address.Data = NULL; -} - -CssmNetAddress::CssmNetAddress(const CSSM_NET_ADDRESS &other) -{ - AddressType = other.AddressType; - Address.Length = other.Address.Length; - if (Address.Length > 0) - { - Address.Data = new uint8[Address.Length]; - memcpy (Address.Data, other.Address.Data, Address.Length); - } - else - Address.Data = NULL; -} - -CssmNetAddress::~CssmNetAddress() -{ - if (Address.Length > 0) - delete Address.Data; -} - -DbName::DbName(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation) -:mDbName(&Required(inDbName)), -mDbLocation(nil) -{ - if (inDbLocation) - { - mDbLocation = new CssmNetAddress(*inDbLocation); - } -} - -DbName::DbName(const DbName &other) -:mDbName(other.mDbName), -mDbLocation(nil) -{ - if (other.mDbLocation) - { - mDbLocation = new CssmNetAddress(*other.mDbLocation); - } -} - -DbName & -DbName::operator =(const DbName &other) -{ - mDbName = other.mDbName; - if (other.mDbLocation) - { - mDbLocation = new CssmNetAddress(*other.mDbLocation); - } - - return *this; -} - -DbName::~DbName() -{ - if (mDbLocation) - { - delete mDbLocation; - } -} diff --git a/cdsa/cdsa_utilities/DbName.h b/cdsa/cdsa_utilities/DbName.h deleted file mode 100644 index bf5e18dd..00000000 --- a/cdsa/cdsa_utilities/DbName.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _DBNAME_H_ -#define _DBNAME_H_ 1 - -#include -#include -#include -#include - -#ifdef _CPP_DBNAME -# pragma export on -#endif - -// @@@ Should not use using in headers. -using namespace std; - -namespace Security -{ - -//---------------------------------------------------------------- -//typedef struct cssm_net_address { -// CSSM_NET_ADDRESS_TYPE AddressType; -// CSSM_DATA Address; -//} CSSM_NET_ADDRESS, *CSSM_NET_ADDRESS_PTR; -//---------------------------------------------------------------- - -// XXX TODO: Make CssmNetAddress use a factory to constuct netadrress objects based on CSSM_NET_ADDRESS_TYPE! -class CssmNetAddress : public PodWrapper -{ -public: - // Create a CssmNetAddress wrapper. Copies inAddress.Data - CssmNetAddress(CSSM_DB_RECORDTYPE inAddressType, const CssmData &inAddress); - CssmNetAddress(const CSSM_NET_ADDRESS &other); - ~CssmNetAddress(); - CSSM_DB_RECORDTYPE addressType() const { return AddressType; } - const CssmData &address() const { return CssmData::overlay(Address); } - bool operator <(const CssmNetAddress &other) const - { - return AddressType != other.AddressType ? AddressType < other.AddressType : address() < other.address(); - } -}; - -class DbName -{ -public: - DbName (const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation); - DbName(const DbName &other); - DbName &operator =(const DbName &other); - ~DbName (); - const string &dbName() const { return mDbName; } - const CssmNetAddress *dbLocation() const { return mDbLocation; } - bool operator <(const DbName &other) const - { - // If mDbNames are not equal return whether our mDbName is less than others mDbName. - if (mDbName != other.mDbName) - return mDbName < other.mDbName; - - // DbNames are equal so check for pointer equality of DbLocations - if (mDbLocation == other.mDbLocation) - return false; - - // If either DbLocations is nil the one that is nil is less than the other. - if (mDbLocation == nil || other.mDbLocation == nil) - return mDbLocation < other.mDbLocation; - - // Return which mDbLocation is smaller. - return *mDbLocation < *other.mDbLocation; - } - bool operator ==(const DbName &other) const - { return (!(*this < other)) && (!(other < *this)); } - bool operator !=(const DbName &other) const - { return *this < other || other < *this; } - -private: - string mDbName; - CssmNetAddress *mDbLocation; -}; - - -namespace DataWalkers -{ - -template -CssmNetAddress *walk(Action &operate, CssmNetAddress * &addr) -{ - operate(addr); - walk(operate, addr->Address); - return addr; -} - -} // end namespace DataWalkers - -} // end namespace Security - -#ifdef _CPP_DBNAME -# pragma export off -#endif - -#endif //_DBNAME_H_ diff --git a/cdsa/cdsa_utilities/DbQuery.cpp b/cdsa/cdsa_utilities/DbQuery.cpp deleted file mode 100644 index 0a4bc938..00000000 --- a/cdsa/cdsa_utilities/DbQuery.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifdef __MWERKS__ -#define _CPP_DBQUERY -#endif -#include - -DbQuery::DbQuery () -{ -} - -DbQuery::~DbQuery () -{ -} diff --git a/cdsa/cdsa_utilities/DbQuery.h b/cdsa/cdsa_utilities/DbQuery.h deleted file mode 100644 index 77ea5aeb..00000000 --- a/cdsa/cdsa_utilities/DbQuery.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _DBQUERY_H_ -#define _DBQUERY_H_ 1 - -#include - -#ifdef _CPP_DBQUERY -# pragma export on -#endif - -namespace Security -{ - -class DbQuery: public HandleObject -{ - NOCOPY(DbQuery); -public: - DbQuery (); - virtual ~DbQuery (); -}; - -} // end namespace Security - -#ifdef _CPP_DBQUERY -# pragma export off -#endif - -#endif // _DBQUERY_H_ diff --git a/cdsa/cdsa_utilities/DbValue.cpp b/cdsa/cdsa_utilities/DbValue.cpp deleted file mode 100644 index fba7fc0b..00000000 --- a/cdsa/cdsa_utilities/DbValue.cpp +++ /dev/null @@ -1,555 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DbValue.cpp -// - -#include "DbValue.h" -#include - -// -// DbValue -// - -DbValue::~DbValue() -{ -} - -// -// UInt32Value -// - -UInt32Value::UInt32Value(const ReadSection &rs, uint32 &offset) -: BasicValue(rs.at(offset)) -{ - offset += size(); -} - -UInt32Value::UInt32Value(const CSSM_DATA &data) -{ - switch (data.Length) - { - case 1: - mValue = *reinterpret_cast(data.Data); - break; - case 2: - mValue = *reinterpret_cast(data.Data); - break; - case 4: - mValue = *reinterpret_cast(data.Data); - break; - default: - CssmError::throwMe(CSSMERR_DL_INVALID_VALUE); - } -} - -UInt32Value::~UInt32Value() -{ -} - -void -UInt32Value::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, mValue); -} - -// -// SInt32Value -// - -SInt32Value::SInt32Value(const ReadSection &rs, uint32 &offset) -: BasicValue(static_cast(rs.at(offset))) -{ - offset += size(); -} - -SInt32Value::SInt32Value(const CSSM_DATA &data) -{ - switch (data.Length) - { - case 1: - mValue = *reinterpret_cast(data.Data); - break; - case 2: - mValue = *reinterpret_cast(data.Data); - break; - case 4: - mValue = *reinterpret_cast(data.Data); - break; - default: - CssmError::throwMe(CSSMERR_DL_INVALID_VALUE); - } -} - -SInt32Value::~SInt32Value() -{ -} - -void -SInt32Value::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, static_cast(mValue)); -} - -// -// DoubleValue -// - -DoubleValue::DoubleValue(const ReadSection &rs, uint32 &offset) -{ - Range r(offset, size()); - mValue = *reinterpret_cast(rs.range(r)); - offset += size(); -} - -DoubleValue::DoubleValue(const CSSM_DATA &data) -{ - switch (data.Length) - { - case 4: - mValue = *reinterpret_cast(data.Data); - break; - case 8: - mValue = *reinterpret_cast(data.Data); - break; - default: - CssmError::throwMe(CSSMERR_DL_INVALID_VALUE); - } -} - -DoubleValue::~DoubleValue() -{ -} - -void -DoubleValue::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, size(), bytes()); -} - -// -// BlobValue -// - -BlobValue::BlobValue(const ReadSection &rs, uint32 &offset) -{ - Length = rs.at(offset); - Data = const_cast(rs.range(Range(offset + AtomSize, Length))); - offset = ReadSection::align(offset + Length + AtomSize); -} - -BlobValue::BlobValue(const CSSM_DATA &data) -: CssmData(CssmData::overlay(data)) -{ -} - -BlobValue::~BlobValue() -{ -} - -void -BlobValue::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, Length); - offset = ws.put(offset, Length, Data); -} - -BlobValue::Comparator::~Comparator() -{ -} - -int -BlobValue::Comparator::operator () (const uint8 *ptr1, const uint8 *ptr2, uint32 length) -{ - return memcmp(ptr1, ptr2, length); -} - -bool -BlobValue::evaluate(const BlobValue &other, CSSM_DB_OPERATOR op) const -{ - return evaluate(*this, other, op, Comparator()); -} - -bool -BlobValue::evaluate(const CssmData &inData1, const CssmData &inData2, CSSM_DB_OPERATOR op, - Comparator compare) -{ - uint32 length1 = inData1.Length, length2 = inData2.Length; - const uint8 *data1 = inData1.Data; - const uint8 *data2 = inData2.Data; - - switch (op) { - - case CSSM_DB_CONTAINS_INITIAL_SUBSTRING: - if (length1 > length2) - return false; - length2 = length1; - goto DB_EQUAL; - - case CSSM_DB_CONTAINS_FINAL_SUBSTRING: - if (length1 > length2) - return false; - data2 += (length2 - length1); - length2 = length1; - // dropthrough... - - case CSSM_DB_EQUAL: - DB_EQUAL: - if (length1 != length2) - return false; - if (length1 == 0) - return true; - return compare(data1, data2, length1) == 0; - - case CSSM_DB_NOT_EQUAL: - if (length1 != length2) - return true; - if (length1 == 0) - return false; - return compare(data1, data2, length1) != 0; - - case CSSM_DB_LESS_THAN: - case CSSM_DB_GREATER_THAN: - { - uint32 length = min(length1, length2); - int result = (length == 0) ? 0 : compare(data1, data2, length); - - if (result < 0 || (result == 0 && length1 < length2)) - return op == CSSM_DB_LESS_THAN; - else if (result > 0 || (result == 0 && length1 > length2)) - return op == CSSM_DB_GREATER_THAN; - break; - } - - case CSSM_DB_CONTAINS: - if (length1 > length2) - return false; - if (length1 == 0) - return true; - // Both buffers are at least 1 byte long. - for (const uint8 *data = data2; data + length1 <= data2 + length2; data++) - if (compare(data1, data, length1) == 0) - return true; - break; - - default: - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - } - - return false; -} - -// -// TimeDateValue -// - -TimeDateValue::TimeDateValue(const ReadSection &rs, uint32 &offset) -{ - Length = kTimeDateSize; - Data = const_cast(rs.range(Range(offset, Length))); - offset = ReadSection::align(offset + Length); -} - -TimeDateValue::TimeDateValue(const CSSM_DATA &data) -: BlobValue(data) -{ - if (Length != kTimeDateSize || !isValidDate()) - CssmError::throwMe(CSSMERR_DL_INVALID_VALUE); -} - -TimeDateValue::~TimeDateValue() -{ -} - -void -TimeDateValue::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, Length, Data); -} - -bool -TimeDateValue::isValidDate() const -{ - if (Length != kTimeDateSize || Data[kTimeDateSize - 1] != 0 || - Data[kTimeDateSize - 2] != 'Z') - return false; - - for (uint32 i = 0; i < kTimeDateSize - 2; i++) - if (!isdigit(Data[i])) - return false; - - uint32 month = rangeValue(4, 2); - if (month < 1 || month > 12) - return false; - - uint32 day = rangeValue(6, 2); - if (day < 1 || day > 31) - return false; - - uint32 hour = rangeValue(8, 2); - if (hour < 0 || hour > 23) - return false; - - uint32 minute = rangeValue(10, 2); - if (minute < 0 || minute > 59) - return false; - - uint32 second = rangeValue(12, 2); - if (second < 0 || second > 59) - return false; - - return true; -} - -uint32 -TimeDateValue::rangeValue(uint32 start, uint32 length) const -{ - uint32 value = 0; - for (uint32 i = 0; i < length; i++) - value = value * 10 + Data[start + i] - '0'; - return value; -} - -// -// StringValue -// - -StringValue::StringValue(const ReadSection &rs, uint32 &offset) -: BlobValue(rs, offset) -{ -} - -StringValue::StringValue(const CSSM_DATA &data) -: BlobValue(data) -{ -} - -StringValue::~StringValue() -{ -} - -int -StringValue::Comparator::operator () (const uint8 *ptr1, const uint8 *ptr2, uint32 length) -{ - return strncmp(reinterpret_cast(ptr1), - reinterpret_cast(ptr2), length); -} - -bool -StringValue::evaluate(const StringValue &other, CSSM_DB_OPERATOR op) const -{ - return BlobValue::evaluate(*this, other, op, StringValue::Comparator()); -} - -// -// BigNumValue -// - -BigNumValue::BigNumValue(const ReadSection &rs, uint32 &offset) -: BlobValue(rs, offset) -{ -} - -BigNumValue::BigNumValue(const CSSM_DATA &data) -: BlobValue(data) -{ - // remove trailing zero bytes - while (Length > 1 && Data[Length - 1] == 0) - Length--; - - // if the number is zero (positive or negative), make the length zero - if (Length == 1 && (Data[0] & ~kSignBit) == 0) - Length = 0; -} - -BigNumValue::~BigNumValue() -{ -} - -// Walk the contents of two equal-sized bignums, moving backward -// from the high-order bytes, and return the comparison result -// ala memcmp. - -int -BigNumValue::compare(const uint8 *a, const uint8 *b, int length) -{ - for (int diff, i = length - 1; i >= 1; i--) - if ((diff = a[i] - b[i])) - return diff; - - // for the last (i.e. first) byte, mask out the sign bit - return (a[0] & ~kSignBit) - (b[0] & ~kSignBit); -} - -// Compare two bignums, assuming they are in canonical form (i.e., -// no bytes containing trailing zeros. - -bool -BigNumValue::evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const -{ - uint32 length1 = Length, length2 = other.Length; - uint8 sign1 = length1 ? (Data[0] & kSignBit) : 0; - uint8 sign2 = length2 ? (other.Data[0] & kSignBit) : 0; - - switch (op) - { - case CSSM_DB_EQUAL: - case CSSM_DB_NOT_EQUAL: - return BlobValue::evaluate(other, op); - - case CSSM_DB_LESS_THAN: - if (sign1 ^ sign2) - // different signs: return true iff left value is the negative one - return sign1; - else if (length1 != length2) - // in canonical form, shorter numbers have smaller absolute value - return sign1 ? (length1 > length2) : (length1 < length2); - else { - // same length, same sign... - int c = compare(Data, other.Data, length1); - return sign1 ? (c > 0) : (c < 0); - } - break; - - case CSSM_DB_GREATER_THAN: - if (sign1 ^ sign2) - return sign2; - else if (length1 != length2) - return sign1 ? (length1 < length2) : (length1 > length2); - else { - int c = compare(Data, other.Data, length1); - return sign1 ? (c < 0) : (c > 0); - } - break; - - case CSSM_DB_CONTAINS: - case CSSM_DB_CONTAINS_INITIAL_SUBSTRING: - case CSSM_DB_CONTAINS_FINAL_SUBSTRING: - default: - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - } -} - -// -// MultiUInt32Value -// - -MultiUInt32Value::MultiUInt32Value(const ReadSection &rs, uint32 &offset) -{ - // this is relatively expensive, since it copies the data from the - // read section to get the endianness correct - - mNumValues = rs.at(offset); - mValues = new uint32[mNumValues]; - - for (uint32 i = 0; i < mNumValues; i++) - mValues[i] = rs.at(offset + (i + 1) * AtomSize); - - offset = ReadSection::align(offset + (mNumValues + 1) * AtomSize); - mOwnsValues = true; -} - -MultiUInt32Value::MultiUInt32Value(const CSSM_DATA &data) -{ - if (data.Length & (sizeof(uint32) - 1)) - CssmError::throwMe(CSSMERR_DL_INVALID_VALUE); - - mNumValues = data.Length / sizeof(uint32); - mValues = reinterpret_cast(data.Data); - mOwnsValues = false; -} - -MultiUInt32Value::~MultiUInt32Value() -{ - if (mOwnsValues) - delete [] mValues; -} - -void -MultiUInt32Value::pack(WriteSection &ws, uint32 &offset) const -{ - offset = ws.put(offset, mNumValues); - for (uint32 i = 0; i < mNumValues; i++) - offset = ws.put(offset, mValues[i]); -} - -static inline int -uint32cmp(const uint32 *a, const uint32 *b, uint32 length) -{ - return memcmp(a, b, length * sizeof(uint32)); -} - -bool -MultiUInt32Value::evaluate(const MultiUInt32Value &other, CSSM_DB_OPERATOR op) const -{ - uint32 length1 = mNumValues, length2 = other.mNumValues; - const uint32 *values1 = mValues; - const uint32 *values2 = other.mValues; - - switch (op) - { - case CSSM_DB_EQUAL: - if (length1 == length2) - return uint32cmp(values1, values2, length1) == 0; - break; - - case CSSM_DB_NOT_EQUAL: - if (length1 != length2 || uint32cmp(values1, values2, length1)) - return true; - break; - - case CSSM_DB_CONTAINS_INITIAL_SUBSTRING: - if (length1 <= length2) - return uint32cmp(values1, values2, length1) == 0; - break; - - case CSSM_DB_CONTAINS_FINAL_SUBSTRING: - if (length1 <= length2) - return uint32cmp(values1, values2 + (length2 - length1), length1) == 0; - break; - - case CSSM_DB_CONTAINS: - if (length1 <= length2) { - - if (length1 == 0) - return true; - - for (const uint32 *values = values2; values + length1 < values2 + length2; values++) - if (uint32cmp(values1, values, length1) == 0) - return true; - } - break; - - case CSSM_DB_LESS_THAN: - // this is not required by the spec, but is required to sort indexes over - // multi uint32 keys... - if (length1 < length2) - return true; - else if (length1 == length2) - return uint32cmp(values1, values2, length1) < 0; - break; - - default: - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - } - - return false; -} - - diff --git a/cdsa/cdsa_utilities/DbValue.h b/cdsa/cdsa_utilities/DbValue.h deleted file mode 100644 index 78d1de4f..00000000 --- a/cdsa/cdsa_utilities/DbValue.h +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// DbValue.h -// - -#ifndef _H_APPLEDL_DBVALUE -#define _H_APPLEDL_DBVALUE - -#include "ReadWriteSection.h" - -#include -#include -#include -#include -#include - -namespace Security -{ - -// -// DbValue -- A base class for all types of database values. -// -class DbValue -{ -public: - virtual ~DbValue(); -}; - -// A collection of subclasses of DbValue that work for simple -// data types, e.g. uint32, sint32, and double, that have -// the usual C comparison and sizeof operations. Defining this -// template saves typing below. - -template -class BasicValue : public DbValue -{ -public: - BasicValue() {} - BasicValue(T value) : mValue(value) {} - - bool evaluate(const BasicValue &other, CSSM_DB_OPERATOR op) const - { - switch (op) { - - case CSSM_DB_EQUAL: - return mValue == other.mValue; - - case CSSM_DB_NOT_EQUAL: - return mValue != other.mValue; - - case CSSM_DB_LESS_THAN: - return mValue < other.mValue; - - case CSSM_DB_GREATER_THAN: - return mValue > other.mValue; - - default: - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - return false; - } - } - - size_t size() const { return sizeof(T); } - size_t size(const ReadSection &rs, uint32 offset) const { return size(); } - const uint8 *bytes() const { return reinterpret_cast(&mValue); } - -protected: - T mValue; -}; - -// Actual useful subclasses of DbValue as instances of BasicValue. -// Note that all of these require a constructor of the form -// (const ReadSection &, uint32 &offset) that advances the offset -// to just after the value. - -class UInt32Value : public BasicValue -{ -public: - UInt32Value(const ReadSection &rs, uint32 &offset); - UInt32Value(const CSSM_DATA &data); - virtual ~UInt32Value(); - void pack(WriteSection &ws, uint32 &offset) const; -}; - -class SInt32Value : public BasicValue -{ -public: - SInt32Value(const ReadSection &rs, uint32 &offset); - SInt32Value(const CSSM_DATA &data); - virtual ~SInt32Value(); - void pack(WriteSection &ws, uint32 &offset) const; -}; - -class DoubleValue : public BasicValue -{ -public: - DoubleValue(const ReadSection &rs, uint32 &offset); - DoubleValue(const CSSM_DATA &data); - virtual ~DoubleValue(); - void pack(WriteSection &ws, uint32 &offset) const; -}; - -// Subclasses of Value for more complex types. - -class BlobValue : public DbValue, public CssmData -{ -public: - BlobValue() {} - BlobValue(const ReadSection &rs, uint32 &offset); - BlobValue(const CSSM_DATA &data); - virtual ~BlobValue(); - void pack(WriteSection &ws, uint32 &offset) const; - bool evaluate(const BlobValue &other, CSSM_DB_OPERATOR op) const; - - size_t size() const { return Length; } - const uint8 *bytes() const { return Data; } - -protected: - class Comparator { - public: - virtual ~Comparator(); - virtual int operator () (const uint8 *ptr1, const uint8 *ptr2, uint32 length); - }; - - static bool evaluate(const CssmData &data1, const CssmData &data2, CSSM_DB_OPERATOR op, - Comparator compare); -}; - -class TimeDateValue : public BlobValue -{ -public: - enum { kTimeDateSize = 16 }; - - TimeDateValue(const ReadSection &rs, uint32 &offset); - TimeDateValue(const CSSM_DATA &data); - virtual ~TimeDateValue(); - void pack(WriteSection &ws, uint32 &offset) const; - - bool isValidDate() const; - -private: - uint32 rangeValue(uint32 start, uint32 length) const; -}; - -class StringValue : public BlobValue -{ -public: - StringValue(const ReadSection &rs, uint32 &offset); - StringValue(const CSSM_DATA &data); - virtual ~StringValue(); - bool evaluate(const StringValue &other, CSSM_DB_OPERATOR op) const; - -private: - class Comparator : public BlobValue::Comparator { - public: - virtual int operator () (const uint8 *ptr1, const uint8 *ptr2, uint32 length); - }; - -}; - -class BigNumValue : public BlobValue -{ -public: - static const uint8 kSignBit = 0x80; - - BigNumValue(const ReadSection &rs, uint32 &offset); - BigNumValue(const CSSM_DATA &data); - virtual ~BigNumValue(); - bool evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const; - -private: - static int compare(const uint8 *a, const uint8 *b, int length); -}; - -class MultiUInt32Value : public DbValue -{ -public: - MultiUInt32Value(const ReadSection &rs, uint32 &offset); - MultiUInt32Value(const CSSM_DATA &data); - virtual ~MultiUInt32Value(); - void pack(WriteSection &ws, uint32 &offset) const; - bool evaluate(const MultiUInt32Value &other, CSSM_DB_OPERATOR op) const; - - size_t size() const { return mNumValues * sizeof(uint32); } - const uint8 *bytes() const { return reinterpret_cast(mValues); } - -private: - uint32 mNumValues; - uint32 *mValues; - bool mOwnsValues; -}; - -} // end namespace Security - -#endif // _H_APPLEDL_DBVALUE - diff --git a/cdsa/cdsa_utilities/MetaAttribute.cpp b/cdsa/cdsa_utilities/MetaAttribute.cpp deleted file mode 100644 index 0f45b0e1..00000000 --- a/cdsa/cdsa_utilities/MetaAttribute.cpp +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MetaAttribute.cpp -// - -#include "MetaAttribute.h" -#include "MetaRecord.h" - -MetaAttribute::~MetaAttribute() -{ -} - -// Construct an instance of an appropriate subclass of MetaAttribute -// based on the given format. - -MetaAttribute * -MetaAttribute::create(Format format, uint32 attributeIndex, - uint32 attributeId) -{ - switch (format) - { - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_REAL: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - return new TypedMetaAttribute(format, attributeIndex, attributeId); - - case CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX: - default: - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT); - } -} - -void -MetaAttribute::packNumberOfValues(WriteSection &ws, uint32 numValues, uint32 &valueOffset) const -{ - uint32 offset = MetaRecord::OffsetAttributeOffsets + mAttributeIndex * AtomSize; - - if (numValues == 0) { - // a zero offset means the attribute has no values - ws.put(offset, 0); - } - else if (numValues == 1) { - // setting the low bit of the offset means that there is exactly one value - ws.put(offset, valueOffset | 1); - } - else { - // write the offset, then write the number of values at that position - ws.put(offset, valueOffset); - valueOffset = ws.put(valueOffset, numValues); - } -} - -void -MetaAttribute::unpackNumberOfValues(const ReadSection &rs, uint32 &numValues, - uint32 &valueOffset) const -{ - uint32 offset = MetaRecord::OffsetAttributeOffsets + mAttributeIndex * AtomSize; - valueOffset = rs[offset]; - - if (valueOffset == 0) - // a zero offset means no values - numValues = 0; - else if (valueOffset & 1) { - // setting the LSB means exactly one value - valueOffset ^= 1; - numValues = 1; - } - else { - // otherwise, the number of values is at the offset, and the values follow - numValues = rs[valueOffset]; - valueOffset += AtomSize; - } -} - -void -MetaAttribute::packAttribute(WriteSection &ws, uint32 &valueOffset, uint32 numValues, - const CSSM_DATA *values) const -{ - packNumberOfValues(ws, numValues, valueOffset); - for (uint32 i = 0; i < numValues; i++) - packValue(ws, valueOffset, values[i]); -} - -void -MetaAttribute::unpackAttribute(const ReadSection &rs, CssmAllocator &allocator, - uint32 &numValues, CSSM_DATA *&values) const -{ - uint32 valueOffset; - unpackNumberOfValues(rs, numValues, valueOffset); - - values = reinterpret_cast(allocator.malloc(numValues * sizeof(CSSM_DATA))); - - for (uint32 i = 0; i < numValues; i++) - unpackValue(rs, valueOffset, values[i], allocator); -} - -uint32 -MetaAttribute::getNumberOfValues(const ReadSection &rs) const -{ - uint32 numValues, valueOffset; - unpackNumberOfValues(rs, numValues, valueOffset); - return numValues; -} - -void -MetaAttribute::copyValueBytes(uint32 valueIndex, const ReadSection &rs, WriteSection &ws, - uint32 &writeOffset) const -{ - uint32 numValues, valueOffset; - unpackNumberOfValues(rs, numValues, valueOffset); - - // skip bytes before the desired value - for (uint32 i = 0; i < valueIndex; i++) - skipValue(rs, valueOffset); - - // copy the value bytes into the write section - copyValue(rs, valueOffset, ws, writeOffset); -} diff --git a/cdsa/cdsa_utilities/MetaAttribute.h b/cdsa/cdsa_utilities/MetaAttribute.h deleted file mode 100644 index 78a7f77c..00000000 --- a/cdsa/cdsa_utilities/MetaAttribute.h +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MetaAttribute.h -// - -#ifndef _H_APPLEDL_METAATTRIBUTE -#define _H_APPLEDL_METAATTRIBUTE - -#include "DbValue.h" -#include - -namespace Security -{ - -// A base class for all meta attributes. - -class MetaAttribute -{ -public: - typedef CSSM_DB_ATTRIBUTE_FORMAT Format; - - virtual ~MetaAttribute(); - - // construct an appropriate subclass of MetaAttribute - static MetaAttribute *create(Format format, uint32 attributeIndex, - uint32 attributeId); - - Format attributeFormat() const { return mFormat; } - uint32 attributeIndex() const { return mAttributeIndex; } - uint32 attributeId() const { return mAttributeId; } - - void packAttribute(WriteSection &ws, uint32 &valueOffset, - uint32 numValues, const CSSM_DATA *values) const; - void unpackAttribute(const ReadSection &rs, CssmAllocator &allocator, - uint32 &numValues, CSSM_DATA *&values) const; - - uint32 getNumberOfValues(const ReadSection &rs) const; - void copyValueBytes(uint32 valueIndex, const ReadSection &rs, WriteSection &ws, - uint32 &writeOffset) const; - - // interface required of all subclasses, implemented with templates below - virtual DbValue *createValue(const CSSM_DATA &data) const = 0; - virtual DbValue *createValue(const ReadSection &rs, uint32 &offset) const = 0; - virtual void packValue(WriteSection &ws, uint32 &offset, const CSSM_DATA &data) const = 0; - virtual void unpackValue(const ReadSection &rs, uint32 &offset, CSSM_DATA &data, - CssmAllocator &allocator) const = 0; - virtual void skipValue(const ReadSection &rs, uint32 &offset) const = 0; - virtual void copyValue(const ReadSection &rs, uint32 &readOffset, WriteSection &ws, - uint32 &writeOffset) const = 0; - virtual bool evaluate(const DbValue *value, const ReadSection &rs, CSSM_DB_OPERATOR op) const = 0; - virtual bool evaluate(const DbValue *value1, const DbValue *value2, CSSM_DB_OPERATOR op) const = 0; - virtual uint32 parse(const CssmData &inData, CSSM_DATA_PTR &outValues) const = 0; - -protected: - MetaAttribute(Format format, uint32 attributeIndex, uint32 attributeId) - : mFormat(format), mAttributeIndex(attributeIndex), mAttributeId(attributeId) {} - - void packNumberOfValues(WriteSection &ws, uint32 numValues, uint32 &valueOffset) const; - void unpackNumberOfValues(const ReadSection &rs, uint32 &numValues, uint32 &valueOffset) const; - - Format mFormat; - uint32 mAttributeIndex; - uint32 mAttributeId; -}; - -// Template used to describe particular subclasses of MetaAttribute - -template -class TypedMetaAttribute : public MetaAttribute -{ -public: - TypedMetaAttribute(Format format, uint32 attributeIndex, uint32 attributeId) - : MetaAttribute(format, attributeIndex, attributeId) {} - - DbValue *createValue(const CSSM_DATA &data) const - { - return new T(data); - } - - DbValue *createValue(const ReadSection &rs, uint32 &offset) const - { - return new T(rs, offset); - } - - void packValue(WriteSection &ws, uint32 &offset, const CSSM_DATA &data) const - { - T value(data); - value.pack(ws, offset); - } - - void unpackValue(const ReadSection &rs, uint32 &offset, CSSM_DATA &data, CssmAllocator &allocator) const - { - T value(rs, offset); - data.Length = value.size(); - - if (data.Length != 0) - { - data.Data = reinterpret_cast(allocator.malloc(data.Length)); - memcpy(data.Data, value.bytes(), data.Length); - } - else - { - data.Data = NULL; - } - } - - void skipValue(const ReadSection &rs, uint32 &offset) const - { - T value(rs, offset); - } - - void copyValue(const ReadSection &rs, uint32 &readOffset, WriteSection &ws, uint32 &writeOffset) const - { - T value(rs, readOffset); - value.pack(ws, writeOffset); - } - - bool evaluate(const DbValue *value, const ReadSection &rs, CSSM_DB_OPERATOR op) const - { - uint32 offset, numValues; - unpackNumberOfValues(rs, numValues, offset); - - /* If any of the values for this attribute match we have a - match. This is the same behaviour that indexes have. */ - for (uint32 ix = 0; ix < numValues; ++ix) - if (dynamic_cast(value)->evaluate(T(rs, offset), op)) - return true; - - return false; - } - - bool evaluate(const DbValue *value1, const DbValue *value2, CSSM_DB_OPERATOR op) const - { - return (dynamic_cast(value1))->evaluate(*dynamic_cast(value2), op); - } - - uint32 parse(const CssmData &inData, CSSM_DATA_PTR &outValues) const - { - return 0; - } -}; - -} // end namespace Security - -#endif // _H_APPLEDL_METAATTRIBUTE diff --git a/cdsa/cdsa_utilities/MetaRecord.cpp b/cdsa/cdsa_utilities/MetaRecord.cpp deleted file mode 100644 index 8a67d4d6..00000000 --- a/cdsa/cdsa_utilities/MetaRecord.cpp +++ /dev/null @@ -1,497 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MetaRecord.cpp -// - -#include "MetaRecord.h" -#include - -MetaRecord::MetaRecord(CSSM_DB_RECORDTYPE inRecordType) : - mRecordType(inRecordType) -{ -} - -MetaRecord::MetaRecord(const CSSM_DB_RECORD_ATTRIBUTE_INFO &inInfo) -: mRecordType(inInfo.DataRecordType) -{ - try - { - setRecordAttributeInfo(inInfo); - } - catch (...) - { - for_each_delete(mAttributeVector.begin(), mAttributeVector.end()); - } -} - -MetaRecord::MetaRecord(CSSM_DB_RECORDTYPE inRelationID, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *inAttributeInfo) : - mRecordType(inRelationID) -{ - try { - for (uint32 anIndex = 0; anIndex < inNumberOfAttributes; anIndex++) - { - string aName; - if (inAttributeInfo[anIndex].AttributeName) - aName = string(inAttributeInfo[anIndex].AttributeName); - - const CssmData *aNameID = NULL; - if (inAttributeInfo[anIndex].AttributeNameID.Length > 0) - aNameID = &CssmData::overlay(inAttributeInfo[anIndex].AttributeNameID); - - uint32 aNumber = inAttributeInfo[anIndex].AttributeId; - createAttribute( - inAttributeInfo[anIndex].AttributeName ? &aName : NULL, - aNameID, aNumber, - inAttributeInfo[anIndex].DataType); - } - } - catch (...) - { - for_each_delete(mAttributeVector.begin(), mAttributeVector.end()); - } -} - -MetaRecord::~MetaRecord() -{ - for_each_delete(mAttributeVector.begin(), mAttributeVector.end()); -} - -void -MetaRecord::setRecordAttributeInfo(const CSSM_DB_RECORD_ATTRIBUTE_INFO &inInfo) -{ - for (uint32 anIndex = 0; anIndex < inInfo.NumberOfAttributes; anIndex++) - { - switch (inInfo.AttributeInfo[anIndex].AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - string aName(inInfo.AttributeInfo[anIndex].Label.AttributeName); - createAttribute(&aName, nil, anIndex, - inInfo.AttributeInfo[anIndex].AttributeFormat); - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - { - const CssmData &aNameID = CssmOid::overlay(inInfo.AttributeInfo[anIndex].Label.AttributeOID); - createAttribute(nil, &aNameID, anIndex, - inInfo.AttributeInfo[anIndex].AttributeFormat); - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - uint32 aNumber = inInfo.AttributeInfo[anIndex].Label.AttributeID; - createAttribute(nil, nil, aNumber, - inInfo.AttributeInfo[anIndex].AttributeFormat); - break; - } - default: - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - break; - } - } -} - -void -MetaRecord::createAttribute(const string *inAttributeName, - const CssmOid *inAttributeOID, - uint32 inAttributeID, - CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat) -{ - // Index of new element is current size of vector - uint32 anAttributeIndex = mAttributeVector.size(); - bool aInsertedAttributeName = false; - bool aInsertedAttributeOID = false; - bool aInsertedAttributeID = false; - - if (inAttributeName) - { - if (!mNameStringMap.insert(NameStringMap::value_type(*inAttributeName, anAttributeIndex)).second) - CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE); - aInsertedAttributeName = true; - } - try - { - if (inAttributeOID) - { - if (!mNameOIDMap.insert(NameOIDMap::value_type(*inAttributeOID, anAttributeIndex)).second) - CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE); - aInsertedAttributeOID = true; - } - - if (!mNameIntMap.insert(NameIntMap::value_type(inAttributeID, anAttributeIndex)).second) - CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE); - aInsertedAttributeID = true; - - // Note: this no longer throws INVALID_FIELD_NAME since the attribute will always have - // an attribute ID by which it is known - - mAttributeVector.push_back(MetaAttribute::create(inAttributeFormat, - anAttributeIndex, inAttributeID)); - } - catch(...) - { - if (aInsertedAttributeName) - mNameStringMap.erase(*inAttributeName); - if (aInsertedAttributeOID) - mNameOIDMap.erase(*inAttributeOID); - if (inAttributeID) - mNameIntMap.erase(inAttributeID); - - throw; - } -} - - -// Create a packed record from the given inputs. -void -MetaRecord::packRecord(WriteSection &inWriteSection, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) const -{ - uint32 aDataSize; - if (inData) - aDataSize = inData->Length; - else - aDataSize = 0; - - inWriteSection.put(OffsetDataSize, aDataSize); - uint32 anOffset = OffsetAttributeOffsets + AtomSize * mAttributeVector.size(); - if (aDataSize) - anOffset = inWriteSection.put(anOffset, aDataSize, inData->Data); - - vector aNumValues(mAttributeVector.size(), ~0UL); - vector aValues(mAttributeVector.size()); - uint32 anIndex; - - if (inAttributes == NULL) - inWriteSection.put(OffsetSemanticInformation, 0); - else - { - inWriteSection.put(OffsetSemanticInformation, inAttributes->SemanticInformation); - - // Put the supplied attribute values into the list of attributes - // and values. - anIndex = inAttributes->NumberOfAttributes; - // Make sure that AttributeData is a valid array. - if (anIndex > 0) - Required(inAttributes->AttributeData); - - while (anIndex-- > 0) - { - CSSM_DB_ATTRIBUTE_DATA &anAttribute = inAttributes->AttributeData[anIndex]; - uint32 anAttributeIndex = attributeIndex(anAttribute.Info); - // Make sure that the caller specified the attribute values in the correct format. - if (anAttribute.Info.AttributeFormat != mAttributeVector[anAttributeIndex]->attributeFormat()) - CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT); - - // If this attribute was specified before, throw. - if (aNumValues[anAttributeIndex] != ~0UL) - CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE); - - aNumValues[anAttributeIndex] = anAttribute.NumberOfValues; - aValues[anAttributeIndex] = anAttribute.Value; - } - } - - for (anIndex = 0; anIndex < mAttributeVector.size(); ++anIndex) - { - const MetaAttribute &aMetaAttribute = *mAttributeVector[anIndex]; - uint32 aNumberOfValues = aNumValues[anIndex]; - // Now call the parsingmodule for each attribute that - // wasn't explicitly specified and that has a parsingmodule. - if (aNumberOfValues == ~0UL) - aNumberOfValues = aDataSize == 0 ? 0 : aMetaAttribute.parse(*inData, aValues[anIndex]); - - // XXX When do we throw CSSMERR_DL_MISSING_VALUE? Maybe if an - // attribute is part of a unique index. - - // Now we have a valuelist for this attribute. Let's encode it. - aMetaAttribute.packAttribute(inWriteSection, anOffset, aNumberOfValues, aValues[anIndex]); - } - - inWriteSection.put(OffsetRecordSize, anOffset); - inWriteSection.size(anOffset); -} - -inline void -MetaRecord::unpackAttribute(const ReadSection &inReadSection, - CssmAllocator &inAllocator, - CSSM_DB_ATTRIBUTE_DATA &inoutAttribute) const -{ - const MetaAttribute &aMetaAttribute = metaAttribute(inoutAttribute.Info); - // XXX: See ISSUES on whether AttributeFormat should be an outputvalue or not. - inoutAttribute.Info.AttributeFormat = aMetaAttribute.attributeFormat(); - aMetaAttribute.unpackAttribute(inReadSection, inAllocator, - inoutAttribute.NumberOfValues, - inoutAttribute.Value); -} - -void -MetaRecord::unpackRecord(const ReadSection &inReadSection, - CssmAllocator &inAllocator, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_QUERY_FLAGS inQueryFlags) const -{ - // XXX Use POD wrapper for inoutAttributes here. - TrackingAllocator anAllocator(inAllocator); - if (inoutData) - { - // XXX Treat KEY records specially. - - // If inQueryFlags & CSSM_QUERY_RETURN_DATA is true return the raw - // key bits in the CSSM_KEY structure - Range aDataRange = dataRange(inReadSection); - inoutData->Length = aDataRange.mSize; - inoutData->Data = inReadSection.allocCopyRange(aDataRange, anAllocator); - } - - if (inoutAttributes) - { - inoutAttributes->DataRecordType = dataRecordType(); - inoutAttributes->SemanticInformation = semanticInformation(inReadSection); - uint32 anIndex = inoutAttributes->NumberOfAttributes; - - // Make sure that AttributeData is a valid array. - if (anIndex > 0 && inoutAttributes->AttributeData == NULL) - CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER); - - while (anIndex-- > 0) - { - unpackAttribute(inReadSection, anAllocator, - inoutAttributes->AttributeData[anIndex]); - } - } - - // Don't free anything the trackingAllocator allocated when it is destructed. - anAllocator.commit(); -} - -// Return the index (0 though NumAttributes - 1) of the attribute -// represented by inAttributeInfo - -#ifndef NDEBUG -#define LOG_NAME_AS_STRING_FAIL -#endif -uint32 -MetaRecord::attributeIndex(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const -{ - uint32 anIndex; - switch (inAttributeInfo.AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - string aName(inAttributeInfo.Label.AttributeName); - assert(aName.size() < 500); // MDS leak debug - NameStringMap::const_iterator it = mNameStringMap.find(aName); - if (it == mNameStringMap.end()) { - #ifdef LOG_NAME_AS_STRING_FAIL - printf("NAME_AS_STRING failure; attrName %s\n", - inAttributeInfo.Label.AttributeName); - for(it = mNameStringMap.begin(); - it != mNameStringMap.end(); - it++) { - printf("name %s val %lu\n", it->first.c_str(), it->second); - } - #endif - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - } - anIndex = it->second; - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - { - const CssmOid &aName = CssmOid::overlay(inAttributeInfo.Label.AttributeOID); - NameOIDMap::const_iterator it = mNameOIDMap.find(aName); - if (it == mNameOIDMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - anIndex = it->second; - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - uint32 aName = inAttributeInfo.Label.AttributeID; - NameIntMap::const_iterator it = mNameIntMap.find(aName); - if (it == mNameIntMap.end()) - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - anIndex = it->second; - break; - } - default: - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - break; - } - - return anIndex; -} - -const MetaAttribute & -MetaRecord::metaAttribute(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const -{ - return *mAttributeVector[attributeIndex(inAttributeInfo)]; -} - -// Create a packed record from the given inputs and the old packed record inReadSection. -void -MetaRecord::updateRecord(const ReadSection &inReadSection, - WriteSection &inWriteSection, - const CssmDbRecordAttributeData *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode) const -{ - TrackingAllocator anAllocator(CssmAllocator::standard()); - - // modify the opaque data associated with the record - - uint32 aDataSize; - const uint8 *aDataData = NULL; - - if (inData) - { - // prepare to write new data - aDataSize = inData->Length; - aDataData = inData->Data; - } - else - { - // prepare to copy old data - Range aDataRange = dataRange(inReadSection); - aDataSize = aDataRange.mSize; - if (aDataSize) - aDataData = inReadSection.range(aDataRange); - } - - // compute the data offset; this will keep a running total of the record size - uint32 anOffset = OffsetAttributeOffsets + AtomSize * mAttributeVector.size(); - - // write the appropriate data to the new record - inWriteSection.put(OffsetDataSize, aDataSize); - if (aDataSize) - anOffset = inWriteSection.put(anOffset, aDataSize, aDataData); - - // unpack the old attributes since some of them may need to be preserved - - auto_array attributeData(mAttributeVector.size()); - - for (uint32 anAttributeIndex = mAttributeVector.size(); anAttributeIndex-- > 0; ) - { - // unpack the old attribute data for this attribute index - const MetaAttribute &attribute = *mAttributeVector[anAttributeIndex]; - attribute.unpackAttribute(inReadSection, anAllocator, - attributeData[anAttributeIndex].NumberOfValues, - attributeData[anAttributeIndex].Value); - } - - // retrieve the currrent semantic information - - uint32 oldSemanticInformation = semanticInformation(inReadSection); - - // process each input attribute as necessary, based on the modification mode - - if (inAttributes == NULL) - { - // make sure the modification mode is NONE, otherwise it's an - // error accordining to the spec - if (inModifyMode != CSSM_DB_MODIFY_ATTRIBUTE_NONE) - CssmError::throwMe(CSSMERR_DL_INVALID_MODIFY_MODE); - } - - else { - - // modify the semantic information - - uint32 inSemanticInformation = inAttributes ? inAttributes->SemanticInformation : 0; - - if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_ADD) - oldSemanticInformation |= inSemanticInformation; - - else if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_DELETE) - oldSemanticInformation &= ~inSemanticInformation; - - else if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_REPLACE) - oldSemanticInformation = inSemanticInformation; - - uint32 anIndex = inAttributes->NumberOfAttributes; - if (anIndex > 0) - Required(inAttributes->AttributeData); - - // modify the attributes - - while (anIndex-- > 0) { - - const CssmDbAttributeData &anAttribute = inAttributes->at(anIndex); - uint32 anAttributeIndex = attributeIndex(anAttribute.info()); - if (anAttribute.format() != mAttributeVector[anAttributeIndex]->attributeFormat()) - CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT); - - CssmDbAttributeData &oldAttribute = attributeData[anAttributeIndex]; - - // if the modify mode is ADD, merge new values with pre-existing values - - if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_ADD) - oldAttribute.add(anAttribute, anAllocator); - - // if the modify mode is DELETE, remove the indicated values, or remove - // all values if none are specified - - else if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_DELETE) - { - if (anAttribute.size() == 0) - oldAttribute.deleteValues(anAllocator); - else - oldAttribute.deleteValues(anAttribute, anAllocator); - } - - // if the modify mode is REPLACE, then replace the specified values, or - // delete all values if no values are specified - - else if (inModifyMode == CSSM_DB_MODIFY_ATTRIBUTE_REPLACE) - { - oldAttribute.deleteValues(anAllocator); - if (anAttribute.size() > 0) - oldAttribute.add(anAttribute, anAllocator); - else - // The spec says "all values are deleted or the the value is replaced - // with the default" but doesn't say which. We could call the parsing - // module for the attribute here...if they were implemented! But instead - // we choose "all values are deleted" and leave it at that. - ; - } - } - } - - // write the resulting attributes into the new record - - inWriteSection.put(OffsetSemanticInformation, oldSemanticInformation); - - for (uint32 anIndex = 0; anIndex < mAttributeVector.size(); ++anIndex) - { - const MetaAttribute &metaAttribute = *mAttributeVector[anIndex]; - metaAttribute.packAttribute(inWriteSection, anOffset, - attributeData[anIndex].NumberOfValues, - attributeData[anIndex].Value); - } - - inWriteSection.put(OffsetRecordSize, anOffset); - inWriteSection.size(anOffset); -} - diff --git a/cdsa/cdsa_utilities/MetaRecord.h b/cdsa/cdsa_utilities/MetaRecord.h deleted file mode 100644 index e482ecf2..00000000 --- a/cdsa/cdsa_utilities/MetaRecord.h +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MetaRecord.h -// - -#ifndef _H_APPLEDL_METARECORD -#define _H_APPLEDL_METARECORD - -#include "MetaAttribute.h" - -namespace Security -{ - -// -// Part of the Unique record identifier needed to identify the actual record. -// -class RecordId -{ -public: - RecordId() : mRecordNumber(~0UL), mCreateVersion(~0UL), mRecordVersion(~0UL) {} - RecordId(uint32 inRecordNumber, uint32 inCreateVersion, uint32 inRecordVersion = 0) - : mRecordNumber(inRecordNumber), - mCreateVersion(inCreateVersion), - mRecordVersion(inRecordVersion) {} - bool operator <(const RecordId &inRecordId) const - { - return (mRecordNumber < inRecordId.mRecordNumber - || (mRecordNumber == inRecordId.mRecordNumber - && (mCreateVersion < inRecordId.mCreateVersion - || (mCreateVersion == inRecordId.mCreateVersion - && mRecordVersion < inRecordId.mRecordVersion)))); - } - uint32 mRecordNumber; - uint32 mCreateVersion; - uint32 mRecordVersion; -}; - -// -// Meta (or Schema) representation of an a Record. Used for packing and unpacking objects. -// - -class MetaRecord -{ - NOCOPY(MetaRecord) - -public: - MetaRecord(CSSM_DB_RECORDTYPE inRecordType); - MetaRecord(const CSSM_DB_RECORD_ATTRIBUTE_INFO &inInfo); - MetaRecord(CSSM_DB_RECORDTYPE inRelationID, - uint32 inNumberOfAttributes, - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *inAttributeInfo); - ~MetaRecord(); - - void setRecordAttributeInfo(const CSSM_DB_RECORD_ATTRIBUTE_INFO &inInfo); - - void createAttribute(const string *inAttributeName, - const CssmOid *inAttributeOID, - uint32 inAttributeID, - CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat); - - // Create a packed record from the given inputs. - void packRecord(WriteSection &inWriteSection, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *inAttributes, - const CssmData *inData) const; - - // Unpack a record from the given inputs and return the RecordId of the record. - void unpackRecord(const ReadSection &inReadSection, - CssmAllocator &inAllocator, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR inoutAttributes, - CssmData *inoutData, - CSSM_QUERY_FLAGS inQueryFlags) const; - - const MetaAttribute &metaAttribute(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const; - - void updateRecord(const ReadSection &inReadSection, - WriteSection &inWriteSection, - const CssmDbRecordAttributeData *inAttributes, - const CssmData *inData, - CSSM_DB_MODIFY_MODE inModifyMode) const; - - CSSM_DB_RECORDTYPE dataRecordType() const { return mRecordType; } - - Range dataRange(const ReadSection &inReadSection) const - { - return Range(OffsetAttributeOffsets + mAttributeVector.size() * AtomSize, - inReadSection[OffsetDataSize]); - } - - // Currently this is not a real attribute. We should probably fix this. - uint32 semanticInformation(const ReadSection &inReadSection) const - { - return inReadSection[OffsetSemanticInformation]; - } - - // Return the ReadSection for record at offset - static const ReadSection readSection(const ReadSection &inTableSection, uint32 inOffset) - { - return inTableSection.subsection(inOffset, - inTableSection[inOffset + OffsetRecordSize]); - } - - // Set the RecordId of the record in inWriteSection - static void packRecordId(const RecordId &inRecordId, - WriteSection &inWriteSection) - { - inWriteSection.put(OffsetRecordNumber, inRecordId.mRecordNumber); - inWriteSection.put(OffsetCreateVersion, inRecordId.mCreateVersion); - inWriteSection.put(OffsetRecordVersion, inRecordId.mRecordVersion); - } - - // Return the RecordId for the record inRecordSection - static const uint32 unpackRecordNumber(const ReadSection &inRecordSection) - { - return inRecordSection[OffsetRecordNumber]; - } - - // Return the RecordId for the record inRecordSection - static const RecordId unpackRecordId(const ReadSection &inRecordSection) - { - return RecordId(inRecordSection[OffsetRecordNumber], - inRecordSection[OffsetCreateVersion], - inRecordSection[OffsetRecordVersion]); - } - -private: - // Return the index (0 though NumAttributes - 1) of the attribute - // represented by inAttributeInfo - uint32 attributeIndex(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const; - - void unpackAttribute(const ReadSection &inReadSection, CssmAllocator &inAllocator, - CSSM_DB_ATTRIBUTE_DATA &inoutAttribute) const; - - friend class MetaAttribute; - enum - { - OffsetRecordSize = AtomSize * 0, - OffsetRecordNumber = AtomSize * 1, - OffsetCreateVersion = AtomSize * 2, - OffsetRecordVersion = AtomSize * 3, - OffsetDataSize = AtomSize * 4, - OffsetSemanticInformation = AtomSize * 5, - OffsetAttributeOffsets = AtomSize * 6 - }; - - CSSM_DB_RECORDTYPE mRecordType; - typedef std::map NameStringMap; - typedef std::map, uint32> NameOIDMap; - typedef std::map NameIntMap; - typedef std::vector AttributeVector; - NameStringMap mNameStringMap; - NameOIDMap mNameOIDMap; - NameIntMap mNameIntMap; - AttributeVector mAttributeVector; -}; - -} // end namespace Security - -#endif // _H_APPLEDL_METARECORD - diff --git a/cdsa/cdsa_utilities/NOTES b/cdsa/cdsa_utilities/NOTES deleted file mode 100644 index e69de29b..00000000 diff --git a/cdsa/cdsa_utilities/ReadWriteSection.h b/cdsa/cdsa_utilities/ReadWriteSection.h deleted file mode 100644 index 5d4b789a..00000000 --- a/cdsa/cdsa_utilities/ReadWriteSection.h +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ReadWriteSection.h -// - -#ifndef _H_APPLEDL_READWRITESECTION -#define _H_APPLEDL_READWRITESECTION - -#include -#include -#include - -namespace Security -{ - -// -// Atom -- An Atom is a 32-bit unsigned integer value that is always internally -// represented using network byte order. -// -typedef Endian Atom; - -enum { - AtomSize = sizeof(uint32) // XXX Why not just use sizeof(Atom)? -}; - -// -// Class representing a range (or subrange of a buffer). -// -class Range -{ -public: - Range(uint32 inOffset, uint32 inSize) : mOffset(inOffset), mSize(inSize) {} - uint32 mOffset; - uint32 mSize; -}; - -// -// Class representing a packed record. All the accessors on this class are const since the -// underlying data is read-only -// -// XXX Should be replaced by Atom::Vector -class ReadSection -{ -protected: - ReadSection(uint8 *inAddress, size_t inLength) : mAddress(inAddress), mLength(inLength) {} -public: - ReadSection() : mAddress(NULL), mLength(0) {} - ReadSection(const uint8 *inAddress, size_t inLength) : - mAddress(const_cast(inAddress)), mLength(inLength) {} - - uint32 size() const { return mLength; } - - uint32 at(uint32 inOffset) const - { - return ntohl(*reinterpret_cast(mAddress + inOffset)); - } - - uint32 operator[](uint32 inOffset) const - { - if (inOffset + sizeof(uint32) > mLength) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - return at(inOffset); - } - - // Return a subsection from inOffset to end of section. - ReadSection subsection(uint32 inOffset) const - { - if (inOffset > mLength) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - return ReadSection(mAddress + inOffset, mLength - inOffset); - } - - // Return a subsection from inOffset of inLength bytes. - ReadSection subsection(uint32 inOffset, uint32 inLength) const - { - if (inOffset + inLength > mLength) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - return ReadSection(mAddress + inOffset, inLength); - } - - ReadSection subsection(const Range &inRange) const - { - return subsection(inRange.mOffset, inRange.mSize); - } - - const uint8 *range(const Range &inRange) const - { - if (inRange.mOffset + inRange.mSize > mLength) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - return mAddress + inRange.mOffset; - } - - uint8 *allocCopyRange(const Range &inRange, CssmAllocator &inAllocator) const - { - uint8 *aData; - if (inRange.mSize == 0) - aData = NULL; - else - { - if (inRange.mOffset + inRange.mSize > mLength) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - aData = reinterpret_cast(inAllocator.malloc(inRange.mSize)); - memcpy(aData, mAddress + inRange.mOffset, inRange.mSize); - } - - return aData; - } - - static uint32 align(uint32 offset) { return (offset + AtomSize - 1) & ~(AtomSize - 1); } - -protected: - uint8 *mAddress; - size_t mLength; -}; - -// -// Class representing a packed record (or buffer) used for writing. -// -class WriteSection : public ReadSection -{ -public: - static const size_t DefaultCapacity = 64; - - WriteSection(CssmAllocator &inAllocator, size_t inCapacity) : - ReadSection(reinterpret_cast(inAllocator.malloc(inCapacity)), 0), - mAllocator(inAllocator), - mCapacity(inCapacity) - { - if (mCapacity > 0) - memset(mAddress, 0, mCapacity); - } - - WriteSection(CssmAllocator &inAllocator = CssmAllocator::standard()) : - ReadSection(reinterpret_cast(inAllocator.malloc(DefaultCapacity)), 0), - mAllocator(inAllocator), - mCapacity(DefaultCapacity) - { - } - - WriteSection(const WriteSection &ws, int length) : - ReadSection(reinterpret_cast(ws.mAllocator.malloc(length)), length), - mAllocator(ws.mAllocator), - mCapacity(length) - { - memcpy(mAddress, ws.mAddress, length); - } - - ~WriteSection() { mAllocator.free(mAddress); } - -private: - void grow(size_t inNewCapacity) - { - size_t aNewCapacity = max(mCapacity * 2, inNewCapacity); - mAddress = reinterpret_cast(mAllocator.realloc(mAddress, aNewCapacity)); - memset(mAddress + mCapacity, 0, aNewCapacity - mCapacity); - mCapacity = aNewCapacity; - } - -public: -#if BUG_GCC - uint32 size() const { return ReadSection::size(); } -#else - // XXX This should work but egcs-2.95.2 doesn't like it. - using ReadSection::size; -#endif - - void size(uint32 inLength) { mLength = inLength; } - uint32 put(uint32 inOffset, uint32 inValue) - { - uint32 aLength = inOffset + sizeof(inValue); - if (aLength > mCapacity) - grow(aLength); - - *reinterpret_cast(mAddress + inOffset) = htonl(inValue); - return aLength; - } - - uint32 put(uint32 inOffset, uint32 inLength, const uint8 *inData) - { - uint32 aLength = inOffset + inLength; - // Round up to nearest multiple of 4 bytes, to pad with zeros - uint32 aNewOffset = align(aLength); - if (aNewOffset > mCapacity) - grow(aNewOffset); - - memcpy(mAddress + inOffset, inData, inLength); - - for (uint32 anOffset = aLength; anOffset < aNewOffset; anOffset++) - mAddress[anOffset] = 0; - - return aNewOffset; - } - - const uint8 *address() const { return mAddress; } - uint8 *release() - { - uint8 *anAddress = mAddress; - mAddress = NULL; - mCapacity = 0; - return anAddress; - } - -private: - CssmAllocator &mAllocator; - size_t mCapacity; -}; - -} // end namespace Security - -#endif // _H_APPLEDL_READWRITESECTION diff --git a/cdsa/cdsa_utilities/SampleGroup.cpp b/cdsa/cdsa_utilities/SampleGroup.cpp deleted file mode 100644 index 1a7951a0..00000000 --- a/cdsa/cdsa_utilities/SampleGroup.cpp +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// SampleGroup.cpp -// -// CSSM_SAMPLE POD routines - -#ifdef __MWERKS__ -#define _CPP_UTILITIES -#endif - -#include -#include -#include -#include - - CssmSample::CssmSample() - { - Verifier = NULL; - TypedSample.ListType = CSSM_LIST_TYPE_UNKNOWN; - TypedSample.Head = NULL; - TypedSample.Tail = NULL; - } - - CssmSample::CssmSample( CSSM_LIST &list, CSSM_SUBSERVICE_UID *verifier) - { - Verifier = verifier; - TypedSample.ListType = list.ListType; - TypedSample.Head = list.Head; - TypedSample.Tail = list.Tail; - } - - CssmSample::~CssmSample() - { - } - - -CssmSample* CssmSample::operator = (CssmSample& sample) -{ - if( this == &sample ) - return NULL; - - this->Verifier = sample.Verifier; - - this->TypedSample = sample.TypedSample; - - return this; -} - -CSSM_RETURN CssmSample::AddPasswordImmediate( char* password, CSSM_SUBSERVICE_UID *optionalVerifier ) -{ - CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* passwordTypeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PASSWORD ); // declares the type to be password - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordTypeElement) ); - - char* permanentPasswordData = (char*)malloc( strlen(password) + 1 ); // need error handling. Going to assume these succeed for now - strcpy( permanentPasswordData, password ); - CSSM_LIST_ELEMENT* passwordElement = MakeDatumElement( (void*)permanentPasswordData, strlen(password) ); // has the password CSSM_DATA in it - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordElement) ); - - Verifier = optionalVerifier; - - return result; -} - - -CSSM_RETURN CssmSample::AddPasswordCallback( ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* passwordCallbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PASSWORD ); // declares the type to be password - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordCallbackElement) ); - - Verifier = NULL; - - return result; - -} - -CSSM_RETURN CssmSample::AddHashedPassword( char* password, CSSM_SUBSERVICE_UID *optionalVerifier ) -{ - CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* passwordTypeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_HASHED_PASSWORD ); // declares the type to be password - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordTypeElement) ); - - char* permanentPasswordData = (char*)malloc( strlen(password) + 1 ); // need error handling. Going to assume these succeed for now - strcpy( permanentPasswordData, password ); - CSSM_LIST_ELEMENT* passwordElement = MakeDatumElement( (void*)permanentPasswordData, strlen(password) ); // has the password CSSM_DATA in it - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordElement) ); - - Verifier = optionalVerifier; - - return result; - -} - - - -CSSM_RETURN CssmSample::AddProtectedPasword(CSSM_SUBSERVICE_UID *optionalVerifier) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* passwordCallbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD ); // declares the type to be password - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordCallbackElement) ); - - Verifier = optionalVerifier; - -return result; -} - - -CSSM_RETURN CssmSample::AddPromptedPassword( char* promptedPassword, CSSM_SUBSERVICE_UID *optionalVerifier ) -{ - CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* passwordTypeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD ); // declares the type to be password - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordTypeElement) ); - - char* permanentPasswordData = (char*)malloc( strlen(promptedPassword) + 1 ); // need error handling. Going to assume these succeed for now - strcpy( permanentPasswordData, promptedPassword ); - CSSM_LIST_ELEMENT* passwordPromptElement = MakeDatumElement( (void*)permanentPasswordData, strlen(promptedPassword) ); // has the password CSSM_DATA in it - (CssmList::overlay(TypedSample)).append( ListElement::overlay(passwordPromptElement) ); - - Verifier = optionalVerifier; - - return result; -} - - -CSSM_RETURN CssmSample::AddSignedNonceForCallback( CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* signedNonceCallbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_SIGNED_NONCE ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedNonceCallbackElement) ); - - Verifier = requiredVerifier; - -return result; -} - -CSSM_RETURN CssmSample::AddSignedNonceReply( CSSM_DATA_PTR signedNonce, CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* signedNonceTypeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_SIGNED_NONCE ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedNonceTypeElement) ); - - CSSM_LIST_ELEMENT* signedNonceDataElement = MakeDatumElement( (void*)signedNonce->Data, signedNonce->Length ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedNonceDataElement) ); - - Verifier = requiredVerifier; - -return result; -} - -CSSM_RETURN CssmSample::AddSignedSecretForCallback( CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - CSSM_LIST_ELEMENT* signedSecretCallbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_SIGNED_SECRET ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedSecretCallbackElement) ); - - Verifier = requiredVerifier; - -return result; -} - -CSSM_RETURN CssmSample::AddSignedSecretImmediate( CSSM_DATA_PTR signedSecret, CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* signedSecretTypeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_SIGNED_SECRET ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedSecretTypeElement) ); - - CSSM_LIST_ELEMENT* signedSecretElement = MakeDatumElement( (void*)signedSecret->Data, signedSecret->Length ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(signedSecretElement) ); - - Verifier = requiredVerifier; -return result; - -} - -CSSM_RETURN CssmSample::AddBiometricCallback( CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* callbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_BIOMETRIC ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(callbackElement) ); - - Verifier = requiredVerifier; - -return result; -} - - -CSSM_RETURN CssmSample::AddBiometricImmediate( CSSM_DATA_PTR biometricData, CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* typeElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_BIOMETRIC ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(typeElement) ); - - CSSM_LIST_ELEMENT* dataElement = MakeDatumElement( (void*)biometricData->Data, biometricData->Length ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(dataElement) ); - - Verifier = requiredVerifier; - -return result; -} - - -CSSM_RETURN CssmSample::AddProtectedBiometric( CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* callbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(callbackElement) ); - - Verifier = requiredVerifier; -return result; -} - -CSSM_RETURN CssmSample::AddPromptedBiometric( CSSM_DATA_PTR biometricData, CSSM_SUBSERVICE_UID *requiredVerifier ) -{ -CSSM_RETURN result = CSSM_OK; - - CSSM_LIST_ELEMENT* callbackElement = MakeWordIDElement( CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(callbackElement) ); - - - CSSM_LIST_ELEMENT* dataElement = MakeDatumElement( (void*)biometricData->Data, biometricData->Length ); - (CssmList::overlay(TypedSample)).append( ListElement::overlay(dataElement) ); - - Verifier = requiredVerifier; -return result; -} - -// CssmSampleGroup - -CssmSampleGroup::CssmSampleGroup() -{ // creates the nothing sample group - NumberOfSamples = 0; - Samples = NULL; -} - -CSSM_RETURN CssmSampleGroup::AddSample(CSSM_SAMPLE* sample) -{ -CSSM_RETURN result = CSSM_OK; -CSSM_SAMPLE* sampleBase; - if( NumberOfSamples == 0 ) - { // malloc to create the first item - sampleBase = (CSSM_SAMPLE*)malloc( sizeof(CSSM_SAMPLE) ); - Samples = sampleBase; - } - else - { // realloc to add the next item - sampleBase = (CSSM_SAMPLE*)realloc( (void*)Samples, sizeof(CSSM_SAMPLE) * (NumberOfSamples + 1) ); - Samples = sampleBase; - } - - sampleBase[NumberOfSamples].TypedSample.ListType = sample->TypedSample.ListType; - sampleBase[NumberOfSamples].TypedSample.Head = sample->TypedSample.Head; - sampleBase[NumberOfSamples].TypedSample.Tail = sample->TypedSample.Tail; - sampleBase[NumberOfSamples].Verifier = sample->Verifier; - - NumberOfSamples++; - -return result; -} - -CSSM_SAMPLE* CssmSampleGroup::GetIthSample(uint32 sampleIndex) -{ - if( (0 != NumberOfSamples) && (sampleIndex < NumberOfSamples-1) ) - return (CSSM_SAMPLE*)&Samples[sampleIndex]; - else - return NULL; -} diff --git a/cdsa/cdsa_utilities/SampleGroup.h b/cdsa/cdsa_utilities/SampleGroup.h deleted file mode 100644 index 92cfbfc1..00000000 --- a/cdsa/cdsa_utilities/SampleGroup.h +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// SampleGroup.h -// -// a class interface to the CSSM_SAMPLEGROUP structure -// -// Here are the relevant structures: -// -// typedef struct cssm_samplegroup { -// uint32 NumberOfSamples; -// const CSSM_SAMPLE *Samples; -// } CSSM_SAMPLEGROUP, *CSSM_SAMPLEGROUP_PTR; -// -// typedef struct cssm_sample { -// CSSM_LIST TypedSample; -// const CSSM_SUBSERVICE_UID *Verifier; -// } CSSM_SAMPLE, *CSSM_SAMPLE_PTR; -// -// typedef struct cssm_list { -// CSSM_LIST_TYPE ListType; /* type of this list */ -// CSSM_LIST_ELEMENT_PTR Head; /* head of the list */ -// CSSM_LIST_ELEMENT_PTR Tail; /* tail of the list */ -// } CSSM_LIST, *CSSM_LIST_PTR; -// -// typedef uint32 CSSM_LIST_TYPE, *CSSM_LIST_TYPE_PTR; -// enum { -// CSSM_LIST_TYPE_UNKNOWN = 0, -// CSSM_LIST_TYPE_CUSTOM = 1, -// CSSM_LIST_TYPE_SEXPR = 2 -// }; -// -// typedef struct cssm_list_element { -// struct cssm_list_element *NextElement; /* next list element */ -// CSSM_WORDID_TYPE WordID; /* integer identifier associated */ -// /* with a Word value */ -// CSSM_LIST_ELEMENT_TYPE ElementType; -// union { -// CSSM_LIST Sublist; /* sublist */ -// CSSM_DATA Word; /* a byte-string */ -// } Element; -// } CSSM_LIST_ELEMENT; -// - - -#ifndef __SAMPLEGROUP__ -#define __SAMPLEGROUP__ - -#include -#include -#include - -#ifdef _CPP_UTILITIES -#pragma export on -#endif - - -class CssmSample : public PodWrapper { -public: - CssmSample(); - CssmSample( CSSM_LIST &list, CSSM_SUBSERVICE_UID *verifier); - ~CssmSample(); - - CssmSample* operator = (CssmSample& sample); - - void SetSubserviceUID( CSSM_SUBSERVICE_UID *verifier ) { Verifier = verifier; } - void SetList( CSSM_LIST *list ) { TypedSample.ListType = list->ListType; TypedSample.Head = list->Head; TypedSample.Tail = list->Tail; } - -// CSSM_SAMPLE_TYPE_PASSWORD = CSSM_WORDID_PASSWORD, - CSSM_RETURN AddPasswordImmediate( char* password, CSSM_SUBSERVICE_UID *optionalVerifier ); // provide password without callback or reply to callback - CSSM_RETURN AddPasswordCallback( ); // triggers a callback that will acquire the password - -// CSSM_SAMPLE_TYPE_HASHED_PASSWORD = CSSM_WORDID_HASHED_PASSWORD, - CSSM_RETURN AddHashedPassword( char* password, CSSM_SUBSERVICE_UID *optionalVerifier ); // this is always in reply to a callback - -// CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD = CSSM_WORDID_PROTECTED_PASSWORD, - CSSM_RETURN AddProtectedPasword(CSSM_SUBSERVICE_UID *optionalVerifier); // this always provokes a callback, Verifier is optional - -// CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD = CSSM_WORDID_PROMPTED_PASSWORD, - CSSM_RETURN AddPromptedPassword( char* promptedPassword, CSSM_SUBSERVICE_UID *optionalVerifier ); // this is always in reply to a callback - -// CSSM_SAMPLE_TYPE_SIGNED_NONCE = CSSM_WORDID_SIGNED_NONCE, - CSSM_RETURN AddSignedNonceForCallback( CSSM_SUBSERVICE_UID *requiredVerifier ); - CSSM_RETURN AddSignedNonceReply( CSSM_DATA_PTR signedNonce, CSSM_SUBSERVICE_UID *requiredVerifier ); // used to reply to the callback for a signed nonce - -// CSSM_SAMPLE_TYPE_SIGNED_SECRET = CSSM_WORDID_SIGNED_SECRET, - CSSM_RETURN AddSignedSecretForCallback( CSSM_SUBSERVICE_UID *requiredVerifier ); // will provoke a callback to fill in the actual signed secret - CSSM_RETURN AddSignedSecretImmediate( CSSM_DATA_PTR signedSecret, CSSM_SUBSERVICE_UID *requiredVerifier ); // use as the original request or as a response to a callback - -// CSSM_SAMPLE_TYPE_BIOMETRIC = CSSM_WORDID_BIOMETRIC, - CSSM_RETURN AddBiometricCallback( CSSM_SUBSERVICE_UID *requiredVerifier ); - CSSM_RETURN AddBiometricImmediate( CSSM_DATA_PTR biometricData, CSSM_SUBSERVICE_UID *requiredVerifier ); // reply to callback or provide sample without callback - -// CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC = CSSM_WORDID_PROTECTED_BIOMETRIC, - CSSM_RETURN AddProtectedBiometric( CSSM_SUBSERVICE_UID *requiredVerifier ); // request for a callback for biometric data - -// CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC = CSSM_WORDID_PROMPTED_BIOMETRIC, - CSSM_RETURN AddPromptedBiometric( CSSM_DATA_PTR biometricData, CSSM_SUBSERVICE_UID *requiredVerifier ); // reply to callback only - -// CSSM_SAMPLE_TYPE_THRESHOLD = CSSM_WORDID_THRESHOLD - CSSM_RETURN AddThreshold(); - -}; - -class CssmSampleGroup : public PodWrapper -{ -public: - CssmSampleGroup(); - CssmSampleGroup( uint32 sampleCount, CSSM_SAMPLE *samples ); - ~CssmSampleGroup(); - - CSSM_RETURN AddSample(CSSM_SAMPLE* sample); - - CSSM_SAMPLE* GetIthSample(uint32 sampleIndex); - - uint32 GetSampleCount() { return NumberOfSamples; } - - -private: -}; - -#ifdef _CPP_UTILITIES -#pragma export off -#endif - -#endif // __SAMPLEGROUP__ diff --git a/cdsa/cdsa_utilities/SelectionPredicate.cpp b/cdsa/cdsa_utilities/SelectionPredicate.cpp deleted file mode 100644 index 85426ac2..00000000 --- a/cdsa/cdsa_utilities/SelectionPredicate.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SelectionPredicate.cpp -// - -#include "SelectionPredicate.h" - -SelectionPredicate::SelectionPredicate(const MetaRecord &inMetaRecord, - const CSSM_SELECTION_PREDICATE &inPredicate) -: mMetaAttribute(inMetaRecord.metaAttribute(inPredicate.Attribute.Info)), - mDbOperator(inPredicate.DbOperator) -{ - // Make sure that the caller specified the attribute values in the correct format. - if (inPredicate.Attribute.Info.AttributeFormat != mMetaAttribute.attributeFormat()) - CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT); - - // XXX See ISSUES - if (inPredicate.Attribute.NumberOfValues != 1) - CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY); - - mData = inPredicate.Attribute.Value[0]; - mValue = mMetaAttribute.createValue(mData); -} - -SelectionPredicate::~SelectionPredicate() -{ - delete mValue; -} - -bool -SelectionPredicate::evaluate(const ReadSection &rs) const -{ - return mMetaAttribute.evaluate(mValue, rs, mDbOperator); -} diff --git a/cdsa/cdsa_utilities/SelectionPredicate.h b/cdsa/cdsa_utilities/SelectionPredicate.h deleted file mode 100644 index d5b93c5d..00000000 --- a/cdsa/cdsa_utilities/SelectionPredicate.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// SelectionPredicate.h -// - -#ifndef _H_APPLEDL_SELECTIONPREDICATE -#define _H_APPLEDL_SELECTIONPREDICATE - -#include "MetaRecord.h" -#include - -namespace Security -{ - -class SelectionPredicate -{ - NOCOPY(SelectionPredicate) - -public: - SelectionPredicate(const MetaRecord &inMetaRecord, - const CSSM_SELECTION_PREDICATE &inPredicate); - ~SelectionPredicate(); - - bool evaluate(const ReadSection &inReadSection) const; - -private: - const MetaAttribute &mMetaAttribute; - CSSM_DB_OPERATOR mDbOperator; - CssmDataContainer mData; - DbValue *mValue; -}; - -} // end namespace Security - -#endif // _H_APPLEDL_SELECTIONPREDICATE diff --git a/cdsa/cdsa_utilities/acl_any.cpp b/cdsa/cdsa_utilities/acl_any.cpp deleted file mode 100644 index 9843ce3b..00000000 --- a/cdsa/cdsa_utilities/acl_any.cpp +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_any - "anyone" ACL subject type. -// -#ifdef __MWERKS__ -#define _CPP_ACL_ANY -#endif - -#include -#include - - -// -// The ANY subject matches all credentials, including none at all. -// -bool AnyAclSubject::validate(const AclValidationContext &) const -{ - return true; -} - - -// -// The CSSM_LIST version is trivial. It has no private part to omit. -// -CssmList AnyAclSubject::toList(CssmAllocator &alloc) const -{ - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_ANY); -} - - -// -// The subject form takes no arguments. -// -AnyAclSubject *AnyAclSubject::Maker::make(const TypedList &list) const -{ - crack(list, 0); // no arguments in input list - return new AnyAclSubject(); -} - -AnyAclSubject *AnyAclSubject::Maker::make(Version, Reader &, Reader &) const -{ - return new AnyAclSubject(); -} - diff --git a/cdsa/cdsa_utilities/acl_any.h b/cdsa/cdsa_utilities/acl_any.h deleted file mode 100644 index 5b681654..00000000 --- a/cdsa/cdsa_utilities/acl_any.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_any - "anyone" ACL subject type. -// -// This subject will categorically match everything and anything, even no -// credentials at all (a NULL AccessCredentials pointer). -// -#ifndef _ACL_ANY -#define _ACL_ANY - -#include -#include - -#ifdef _CPP_ACL_ANY -#pragma export on -#endif - -namespace Security -{ - -// -// The ANY subject simply matches everything. No sweat. -// -class AnyAclSubject : public AclSubject { -public: - AnyAclSubject() : AclSubject(CSSM_ACL_SUBJECT_TYPE_ANY) { } - bool validate(const AclValidationContext &ctx) const; - CssmList toList(CssmAllocator &alloc) const; - - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_ANY) { } - AnyAclSubject *make(const TypedList &list) const; - AnyAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; -}; - -} // end namespace Security - -#ifdef _CPP_ACL_ANY -#pragma export off -#endif - - -#endif //_ACL_ANY diff --git a/cdsa/cdsa_utilities/acl_codesigning.cpp b/cdsa/cdsa_utilities/acl_codesigning.cpp deleted file mode 100644 index 44487772..00000000 --- a/cdsa/cdsa_utilities/acl_codesigning.cpp +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_codesigning - ACL subject for signature of calling application -// -#ifdef __MWERKS__ -#define _CPP_ACL_CODESIGNING -#endif - -#include -#include -#include -#include - - -// -// Construct a password ACL subject. -// Note that this takes over ownership of the signature object. -// -CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc, - const Signature *signature, const void *comment, size_t commentLength) - : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), - allocator(alloc), mSignature(signature), - mHaveComment(true), mComment(alloc, comment, commentLength) -{ } - -CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc, - const Signature *signature) - : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), - allocator(alloc), mSignature(signature), mHaveComment(false), mComment(alloc) -{ } - -CodeSignatureAclSubject::~CodeSignatureAclSubject() -{ - delete mSignature; -} - -// -// Code signature credentials are validated globally - they are entirely -// a feature of "the" process (defined by the environment), and take no -// samples whatsoever. -// -bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const -{ - // a suitable environment is required for a match - if (Environment *env = context.environment()) - return env->verifyCodeSignature(mSignature, - mHaveComment ? &mComment.get() : NULL); - else - return false; -} - - -// -// Make a copy of this subject in CSSM_LIST form. -// The format is (head), (type code: Wordid), (signature data: datum), (comment: datum) -// -CssmList CodeSignatureAclSubject::toList(CssmAllocator &alloc) const -{ - // all associated data is public (no secrets) - TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, - new(alloc) ListElement(mSignature->type()), - new(alloc) ListElement(alloc.alloc(*mSignature))); - if (mHaveComment) - list += new(alloc) ListElement(alloc.alloc(mComment)); - return list; -} - - -// -// Create a CodeSignatureAclSubject -// -CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const -{ - CssmAllocator &alloc = CssmAllocator::standard(); - if (list.length() == 3+1) { - // signature type: int, signature data: datum, comment: datum - ListElement *elem[3]; - crack(list, 3, elem, - CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM); - CssmData &commentData(*elem[2]); - return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1]), - commentData.data(), commentData.length()); - } else { - // signature type: int, signature data: datum [no comment] - ListElement *elem[2]; - crack(list, 2, elem, - CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM); - return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1])); - } -} - -CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version, - Reader &pub, Reader &priv) const -{ - assert(version == 0); - CssmAllocator &alloc = CssmAllocator::standard(); - Endian sigType; pub(sigType); - const void *data; uint32 length; pub.countedData(data, length); - const void *commentData; uint32 commentLength; pub.countedData(commentData, commentLength); - return new CodeSignatureAclSubject(alloc, - signer.restore(sigType, data, length), - commentData, commentLength); -} - - -// -// Export the subject to a memory blob -// -void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - Endian sigType = mSignature->type(); pub(sigType); - pub.countedData(*mSignature); - pub.countedData(mComment); -} - -void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - Endian sigType = mSignature->type(); pub(sigType); - pub.countedData(*mSignature); - pub.countedData(mComment); -} - - -#ifdef DEBUGDUMP - -void CodeSignatureAclSubject::debugDump() const -{ - Debug::dump("CodeSigning"); - if (mHaveComment) { - Debug::dump(" comment="); - Debug::dumpData(mComment); - } -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/acl_codesigning.h b/cdsa/cdsa_utilities/acl_codesigning.h deleted file mode 100644 index cc302574..00000000 --- a/cdsa/cdsa_utilities/acl_codesigning.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_codesigning - ACL subject for signature of calling application -// -#ifndef _H_ACL_CODESIGNING -#define _H_ACL_CODESIGNING - -#include -#include -#include - -#ifdef _CPP_ACL_CODESIGNING -#pragma export on -#endif - -namespace Security -{ - -using CodeSigning::Signature; -using CodeSigning::Signer; - -// -// The CodeSignature subject type matches a code signature applied to the -// disk image that originated the client process. -// -class CodeSignatureAclSubject : public AclSubject { -public: - bool validate(const AclValidationContext &baseCtx) const; - CssmList toList(CssmAllocator &alloc) const; - - CodeSignatureAclSubject(CssmAllocator &alloc, const Signature *signature); - CodeSignatureAclSubject(CssmAllocator &alloc, - const Signature *signature, const void *comment, size_t commentLength); - ~CodeSignatureAclSubject(); - - CssmAllocator &allocator; - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - -public: - class Environment : public virtual AclValidationEnvironment { - public: - virtual bool verifyCodeSignature(const Signature *signature, const CssmData *comment) = 0; - }; - -public: - class Maker : public AclSubject::Maker { - public: - Maker(Signer &sgn) - : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), signer(sgn) { } - CodeSignatureAclSubject *make(const TypedList &list) const; - CodeSignatureAclSubject *make(Version version, Reader &pub, Reader &priv) const; - - Signer &signer; - }; - -private: - const Signature *mSignature; // signature of object - bool mHaveComment; // mComment present - CssmAutoData mComment; // arbitrary comment blob -}; - -} // end namespace Security - - -#ifdef _CPP_ACL_CODESIGNING -#pragma export off -#endif - - -#endif //_H_ACL_CODESIGNING diff --git a/cdsa/cdsa_utilities/acl_comment.cpp b/cdsa/cdsa_utilities/acl_comment.cpp deleted file mode 100644 index 548aa4b6..00000000 --- a/cdsa/cdsa_utilities/acl_comment.cpp +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_comment - "ignore" ACL subject type -// -#include -#include -#include -#include - -using namespace DataWalkers; - - -// -// The COMMENT subject matches nothing, no matter how pretty. -// -bool CommentAclSubject::validate(const AclValidationContext &) const -{ - return false; -} - - -// -// The toList function simply returns a copy of the preserved list. -// The interface convention requires that we chunkCopy here. -// -CssmList CommentAclSubject::toList(CssmAllocator &alloc) const -{ - CssmList result = CssmList::overlay(*mComment); - ChunkCopyWalker w(alloc); - walk(w, result); - return result; -} - - -// -// Construct-from-list makes a unified copy of the list. -// -CommentAclSubject *CommentAclSubject::Maker::make(const TypedList &list) const -{ - const CSSM_LIST *baseList = &list; - size_t commentSize = size(baseList); - CSSM_LIST *comment = copy(baseList, CssmAllocator::standard(), commentSize); - return new CommentAclSubject(comment, commentSize); -} - -CommentAclSubject *CommentAclSubject::Maker::make(Version, Reader &pub, Reader &) const -{ - CSSM_LIST *base; pub(base); // get original pointer base - const void *data; uint32 length; pub.countedData(data, length); // data blob - - // copy the input blob into writable memory - CSSM_LIST *list = CssmAllocator::standard().malloc(length); - memcpy(list, data, length); - - // relocate it based on the base pointer we stored - relocate(list, base); - - // good - return new CommentAclSubject(list, length); -} - - -// -// Export to blob form. -// Since we store the list in unified form, this isn't very hard. Do try to figure -// out how walkers work before messing with this code. -// -void CommentAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &) -{ - pub(mComment); // yes, the pointer itself - pub.countedData(mComment, mSize); -} - -void CommentAclSubject::exportBlob(Writer &pub, Writer &) -{ - pub(mComment); - pub.countedData(mComment, mSize); -} - diff --git a/cdsa/cdsa_utilities/acl_comment.h b/cdsa/cdsa_utilities/acl_comment.h deleted file mode 100644 index 27fced69..00000000 --- a/cdsa/cdsa_utilities/acl_comment.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_comment - "ignore" ACL subject type -// -// This subject will never match anything - its presence is effectively ignored. -// Its usefulness lies in the fact that COMMENT type ACL subjects are valid ACL -// subjects that preserve their contents as uninterpreted data blobs. This allows -// you to keep information in an ACL that can be retrieved later. In particular, -// you can "prefix" any external ACL subject representation with an ACL_COMMENT -// header, which turns it into an inactive comment until you remove the prefix. -// -// Notes: -// (1) All contents of a comment ACL are public. -// (2) While there is a COMMENT sample type, it is in no way related to this subject -// type. Validation of a COMMENT acl subject never examines any samples. -// -#ifndef _ACL_COMMENT -#define _ACL_COMMENT - -#include - - -namespace Security -{ - -// -// The ANY subject simply matches everything. No sweat. -// -class CommentAclSubject : public AclSubject { -public: - CommentAclSubject::CommentAclSubject(CSSM_LIST *list, uint32 size) - : AclSubject(CSSM_ACL_SUBJECT_TYPE_COMMENT), mComment(list), mSize(size) { } - ~CommentAclSubject() { CssmAllocator::standard().free(mComment); } - - bool validate(const AclValidationContext &ctx) const; - CssmList toList(CssmAllocator &alloc) const; - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_COMMENT) { } - CommentAclSubject *make(const TypedList &list) const; - CommentAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; - -private: - CSSM_LIST *mComment; // list form preserved - uint32 mSize; // size of mComment blob -}; - -} // end namespace Security - - -#endif //_ACL_COMMENT diff --git a/cdsa/cdsa_utilities/acl_keychain.cpp b/cdsa/cdsa_utilities/acl_keychain.cpp deleted file mode 100644 index 0b33216c..00000000 --- a/cdsa/cdsa_utilities/acl_keychain.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_keychain - a subject type for the protected-path -// keychain prompt interaction model. -// -// Arguments in list form: -// list[1] = CssmData: Descriptive String -// -#ifdef __MWERKS__ -#define _CPP_ACL_KEYCHAIN -#endif - -#include -#include - - -// -// Validate a credential set against this subject -// -bool KeychainPromptAclSubject::validate(const AclValidationContext &, - const TypedList &sample) const -{ - return interface.validate(description); -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList KeychainPromptAclSubject::toList(CssmAllocator &alloc) const -{ - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(alloc) ListElement(alloc, description)); -} - - -// -// Create a PasswordAclSubject -// -KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(const TypedList &list) const -{ - ListElement *params[1]; - crack(list, 1, params, CSSM_LIST_ELEMENT_DATUM); - return new KeychainPromptAclSubject(interface, *params[0]); -} - -KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(Reader &pub, Reader &) const -{ - char *description; pub(description); - return new KeychainPromptAclSubject(interface, description); -} - -KeychainPromptAclSubject::KeychainPromptAclSubject(KeychainPromptInterface &ifc, - string descr) -: SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT), - interface(ifc), description(descr) -{ -} - - -// -// Export the subject to a memory blob -// -void KeychainPromptAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - pub(description.size() + 1); -} - -void KeychainPromptAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - pub(description.c_str()); -} - diff --git a/cdsa/cdsa_utilities/acl_keychain.h b/cdsa/cdsa_utilities/acl_keychain.h deleted file mode 100644 index 3e76fa9d..00000000 --- a/cdsa/cdsa_utilities/acl_keychain.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_keychain - a subject type for the protected-path -// keychain prompt interaction model. -// -#ifndef _ACL_KEYCHAIN -#define _ACL_KEYCHAIN - -#include -#include - -#ifdef _CPP_ACL_KEYCHAIN -#pragma export on -#endif - -class KeychainPromptInterface; -class SecurityAgentClient; - - -// -// This is the actual subject implementation class -// -class KeychainPromptAclSubject : public SimpleAclSubject { -public: - bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; - CssmList toList(CssmAllocator &alloc) const; - - KeychainPromptAclSubject(KeychainPromptInterface &ifc, string description); - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - class Maker : public AclSubject::Maker { - public: - Maker(KeychainPromptInterface &ifc) - : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT), - interface(ifc) { } - KeychainPromptAclSubject *make(const TypedList &list) const; - KeychainPromptAclSubject *make(Reader &pub, Reader &priv) const; - - private: - KeychainPromptInterface &interface; - }; - -private: - KeychainPromptInterface &interface; - string description; -}; - - -// -// A KeychainPromptAcl needs to use some I/O facility to validate a credential. -// You must thus subclass this interface class (which acts as an AclSubject::Maker) -// to provide the actual testing interface. The subject type will take care of -// the formalities. -// -class KeychainPromptInterface { -public: - KeychainPromptInterface() : maker(*this) { } - - virtual bool validate(string description) = 0; // implement this - -private: - const KeychainPromptAclSubject::Maker maker; -}; - - -#ifdef _CPP_ACL_KEYCHAIN -#pragma export off -#endif - - -#endif //_ACL_KEYCHAIN diff --git a/cdsa/cdsa_utilities/acl_password.cpp b/cdsa/cdsa_utilities/acl_password.cpp deleted file mode 100644 index 276cdd78..00000000 --- a/cdsa/cdsa_utilities/acl_password.cpp +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_password - password-based ACL subject types -// -#ifdef __MWERKS__ -#define _CPP_ACL_PASSWORD -#endif - -#include -#include -#include -#include - - -// -// Construct a password ACL subject -// -PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, const CssmData &password) - : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD), - allocator(alloc), mPassword(alloc, password) -{ } - -PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password) - : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD), - allocator(alloc), mPassword(alloc, password) -{ } - - -// -// Validate a credential set against this subject -// -bool PasswordAclSubject::validate(const AclValidationContext &context, - const TypedList &sample) const -{ - if (sample[1].type() != CSSM_LIST_ELEMENT_DATUM) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - const CssmData &password = sample[1]; - return password == mPassword; -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList PasswordAclSubject::toList(CssmAllocator &alloc) const -{ - // the password itself is private and not exported to CSSM - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD); -} - - -// -// Create a PasswordAclSubject -// -PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const -{ - ListElement *password; - crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM); - return new PasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password); -} - -PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const -{ - CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive); - const void *data; uint32 length; priv.countedData(data, length); - return new PasswordAclSubject(alloc, CssmAutoData(alloc, data, length)); -} - - -// -// Export the subject to a memory blob -// -void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - priv.countedData(mPassword); -} - -void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - priv.countedData(mPassword); -} - - -#ifdef DEBUGDUMP - -void PasswordAclSubject::debugDump() const -{ - Debug::dump("Password "); - Debug::dumpData(mPassword.data(), mPassword.length()); -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/acl_password.h b/cdsa/cdsa_utilities/acl_password.h deleted file mode 100644 index e613f410..00000000 --- a/cdsa/cdsa_utilities/acl_password.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_password - password-based ACL subject types. -// -// This implements simple password-based subject types as per CSSM standard. -// -#ifndef _ACL_PASSWORD -#define _ACL_PASSWORD - -#include -#include -#include - -#ifdef _CPP_ACL_PASSWORD -#pragma export on -#endif - -namespace Security -{ - -class PasswordAclSubject : public SimpleAclSubject { -public: - bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; - CssmList toList(CssmAllocator &alloc) const; - - PasswordAclSubject(CssmAllocator &alloc, const CssmData &password); - PasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password); - - CssmAllocator &allocator; - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PASSWORD) { } - PasswordAclSubject *make(const TypedList &list) const; - PasswordAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; - -private: - CssmAutoData mPassword; -}; - -} // end namespace Security - -#ifdef _CPP_ACL_PASSWORD -#pragma export off -#endif - - -#endif //_ACL_PASSWORD diff --git a/cdsa/cdsa_utilities/acl_process.cpp b/cdsa/cdsa_utilities/acl_process.cpp deleted file mode 100644 index 3dac7618..00000000 --- a/cdsa/cdsa_utilities/acl_process.cpp +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_process - Process-attribute ACL subject type. -// -#include -#include -#include - - -// -// Validate a credential set against this subject. -// No credential is required for this match. -// -bool ProcessAclSubject::validate(const AclValidationContext &context) const -{ - // reality check (internal structure was validated when created) - assert(select.uses(CSSM_ACL_MATCH_BITS)); - - // access the environment - Environment *env = context.environment(); - if (env == NULL) { - static Environment localEnvironment; - env = &localEnvironment; - } - - // match uid - if (select.uses(CSSM_ACL_MATCH_UID)) { - uid_t uid = env->getuid(); - if (!(uid == select.uid || (select.uses(CSSM_ACL_MATCH_HONOR_ROOT) && uid == 0))) - return false; - } - - // match gid - if (select.uses(CSSM_ACL_MATCH_GID) && select.gid != env->getgid()) - return false; - - return true; -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList ProcessAclSubject::toList(CssmAllocator &alloc) const -{ - // all associated data is public (no secrets) - //@@@ ownership of selector data is murky; revisit after leak-plugging pass - CssmData sData(memcpy(alloc.alloc(), - &select, sizeof(select)), sizeof(select)); - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PROCESS, - new(alloc) ListElement(sData)); -} - - -// -// Create a ProcessAclSubject -// -ProcessAclSubject *ProcessAclSubject::Maker::make(const TypedList &list) const -{ - // crack input apart - ListElement *selectorData; - crack(list, 1, &selectorData, CSSM_LIST_ELEMENT_DATUM); - AclProcessSubjectSelector selector; - selectorData->extract(selector); - - // validate input - if (selector.version != CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - if (!selector.uses(CSSM_ACL_MATCH_BITS)) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - - // okay - return new ProcessAclSubject(selector); -} - -ProcessAclSubject *ProcessAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const -{ - AclProcessSubjectSelector selector; pub(selector); - n2hi(selector.version); - n2hi(selector.mask); - n2hi(selector.uid); - n2hi(selector.gid); - return new ProcessAclSubject(selector); -} - - -// -// Export the subject to a memory blob -// -void ProcessAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - pub(select); -} - -void ProcessAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - AclProcessSubjectSelector temp; - temp.version = h2n (select.version); - temp.mask = h2n (select.mask); - temp.uid = h2n (select.uid); - temp.gid = h2n (select.gid); - pub(temp); -} - - -// -// Implement the default methods of a ProcessEnvironment -// -uid_t ProcessAclSubject::Environment::getuid() const -{ - return ::getuid(); -} - -gid_t ProcessAclSubject::Environment::getgid() const -{ - return ::getgid(); -} - - -#ifdef DEBUGDUMP - -void ProcessAclSubject::debugDump() const -{ - Debug::dump("Process "); - if (select.uses(CSSM_ACL_MATCH_UID)) { - Debug::dump("uid=%d", int(select.uid)); - if (select.uses(CSSM_ACL_MATCH_HONOR_ROOT)) - Debug::dump("+root"); - } - if (select.uses(CSSM_ACL_MATCH_GID)) - Debug::dump("gid=%d", int(select.gid)); -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/acl_process.h b/cdsa/cdsa_utilities/acl_process.h deleted file mode 100644 index 64b5c6df..00000000 --- a/cdsa/cdsa_utilities/acl_process.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_process - Process-attribute ACL subject type. -// -// NOTE: -// The default Environment provides data about the current process (the one that -// validate() is run in). If this isn't right for you (e.g. because you want to -// validate against a process on the other side of some IPC connection), you must -// make your own version of Environment and pass it to validate(). -// -#ifndef _ACL_PROCESS -#define _ACL_PROCESS - -#include -#include - -namespace Security -{ - -class AclProcessSubjectSelector - : public PodWrapper { -public: - AclProcessSubjectSelector() - { version = CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION; mask = 0; } - - bool uses(uint32 m) const { return mask & m; } -}; - - -// -// The ProcessAclSubject matches process attributes securely identified -// by the system across IPC channels. -// -class ProcessAclSubject : public AclSubject { -public: - bool validate(const AclValidationContext &baseCtx) const; - CssmList toList(CssmAllocator &alloc) const; - - ProcessAclSubject(const AclProcessSubjectSelector &selector) - : AclSubject(CSSM_ACL_SUBJECT_TYPE_PROCESS), - select(selector) { } - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - -public: - class Environment : public virtual AclValidationEnvironment { - public: - virtual uid_t getuid() const; // retrieve effective userid to match - virtual gid_t getgid() const; // retrieve effective groupid to match - }; - -public: - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROCESS) { } - ProcessAclSubject *make(const TypedList &list) const; - ProcessAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; - -private: - AclProcessSubjectSelector select; -}; - -} // end namespace Security - - -#endif //_ACL_PROCESS diff --git a/cdsa/cdsa_utilities/acl_protectedpw.cpp b/cdsa/cdsa_utilities/acl_protectedpw.cpp deleted file mode 100644 index 7b93f12b..00000000 --- a/cdsa/cdsa_utilities/acl_protectedpw.cpp +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_protectedpw - protected-path password-based ACL subject types. -// -#ifdef __MWERKS__ -#define _CPP_ACL_PASSWORD -#endif - -#include -#include -#include - - -// -// Construct a password ACL subject -// -ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(CssmAllocator &alloc, const CssmData &password) - : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD, CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD), - allocator(alloc), mPassword(alloc, password) -{ } - -ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password) - : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD, CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD), - allocator(alloc), mPassword(alloc, password) -{ } - - -// -// Validate a credential set against this subject -// -bool ProtectedPasswordAclSubject::validate(const AclValidationContext &context, - const TypedList &sample) const -{ - if (sample.length() == 1) { - return true; //@@@ validate against PP - } else if (sample.length() == 2 && sample[1].type() == CSSM_LIST_ELEMENT_DATUM) { - const CssmData &password = sample[1]; - return password == mPassword; - } else - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList ProtectedPasswordAclSubject::toList(CssmAllocator &alloc) const -{ - // the password itself is private and not exported to CSSM - return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD); -} - - -// -// Create a ProtectedPasswordAclSubject -// -ProtectedPasswordAclSubject *ProtectedPasswordAclSubject::Maker::make(const TypedList &list) const -{ - CssmAutoData password(CssmAllocator::standard(CssmAllocator::sensitive)); - if (list.length() == 1) { - char pass[] = "secret"; - CssmData password = CssmData::wrap(pass, 6); //@@@ get password from PP - return new ProtectedPasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), password); - } else { - ListElement *password; - crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM); - return new ProtectedPasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password); - } -} - -ProtectedPasswordAclSubject *ProtectedPasswordAclSubject::Maker::make(Version, - Reader &pub, Reader &priv) const -{ - CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive); - const void *data; uint32 length; priv.countedData(data, length); - return new ProtectedPasswordAclSubject(alloc, CssmAutoData(alloc, data, length)); -} - - -// -// Export the subject to a memory blob -// -void ProtectedPasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ - priv.countedData(mPassword); -} - -void ProtectedPasswordAclSubject::exportBlob(Writer &pub, Writer &priv) -{ - priv.countedData(mPassword); -} - - -#ifdef DEBUGDUMP - -void ProtectedPasswordAclSubject::debugDump() const -{ - Debug::dump("Protected Password "); - Debug::dumpData(mPassword.data(), mPassword.length()); -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/acl_protectedpw.h b/cdsa/cdsa_utilities/acl_protectedpw.h deleted file mode 100644 index aa07626e..00000000 --- a/cdsa/cdsa_utilities/acl_protectedpw.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_protectedpw - protected-path password-based ACL subject types. -// -// This implements "protected path" password-based subject types as per CSSM standard. -// The actual protected path is not implemented in this class; it's up to the user to provide it. -// -#ifndef _ACL_PROTECTED_PASSWORD -#define _ACL_PROTECTED_PASSWORD - -#include -#include -#include - - -namespace Security { - -class ProtectedPasswordAclSubject : public SimpleAclSubject { -public: - bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; - CssmList toList(CssmAllocator &alloc) const; - - ProtectedPasswordAclSubject(CssmAllocator &alloc, const CssmData &password); - ProtectedPasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password); - - CssmAllocator &allocator; - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD) { } - ProtectedPasswordAclSubject *make(const TypedList &list) const; - ProtectedPasswordAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; - -private: - CssmAutoData mPassword; -}; - -} // end namespace Security - - -#endif //_ACL_PROTECTED_PASSWORD diff --git a/cdsa/cdsa_utilities/acl_threshold.cpp b/cdsa/cdsa_utilities/acl_threshold.cpp deleted file mode 100644 index 6a44701c..00000000 --- a/cdsa/cdsa_utilities/acl_threshold.cpp +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_threshold - Threshold-based group ACL subjects -// -#ifdef __MWERKS__ -#define _CPP_ACL_THRESHOLD -#endif - -#include -#include -#include - - -// -// Validate a credential set against this subject. -// -// With STRICTCOUNTING set, we assume that every match in the threshold ACL -// "consumes" one sample in the corresponding threshold sample. This will not -// work as expected for subject types that may succeed without a sample (e.g. ANY) -// or subject types that may multiply match against a single sample. You have been -// warned. -// -class SublistValidationContext : public AclValidationContext { -public: - SublistValidationContext(const AclValidationContext &ctx, const TypedList &list) - : AclValidationContext(ctx), sampleList(list) { } - - uint32 count() const { return sampleList.length() - 1; } - const TypedList &sample(uint32 n) const - { return TypedList::overlay(sampleList[n+1].list()); } - - const TypedList &sampleList; -}; - -bool ThresholdAclSubject::validate(const AclValidationContext &baseCtx, - const TypedList &sample) const -{ -#ifdef STRICTCOUNTING - // Pre-screen for reasonable number of subsamples. - // We could more strictly require subSampleCount == elements.length(); - // this is more flexible in that it allows the caller to abbreviate. - uint32 subSampleCount = sample.length() - 1; // (drop type header) - if (subSampleCount < minimumNeeded) // can't possibly satisfy - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - if (subSampleCount > totalSubjects) // reject attempt at sample stuffing - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); -#endif //STRICTCOUNTING - - // evaluate - SublistValidationContext ctx(baseCtx, sample); - uint32 matched = 0; - for (uint32 n = 0; n < totalSubjects; n++) { - if ((matched += elements[n]->validate(ctx)) >= minimumNeeded) - return true; -#ifdef STRICTCOUNTING - else if (matched + subSampleCount - n <= minimumNeeded) - return false; // can't get there anymore -#endif //STRICTCOUNTING - } - return false; -} - - -// -// Make a copy of this subject in CSSM_LIST form -// -CssmList ThresholdAclSubject::toList(CssmAllocator &alloc) const -{ - TypedList result(alloc, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, - new(alloc) ListElement(minimumNeeded), - new(alloc) ListElement(totalSubjects)); - for (uint32 n = 0; n < totalSubjects; n++) - result += new(alloc) ListElement(elements[n]->toList(alloc)); - return result; -} - - -// -// Create a ThresholdAclSubject -// -ThresholdAclSubject *ThresholdAclSubject::Maker::make(const TypedList &list) const -{ - // pick apart the input list - if (list.length() < 4) // head + "n" + "k" + at least one subSubject - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - uint32 minimumNeeded = getWord(list[1], 1); - uint32 totalSubjects = getWord(list[2], minimumNeeded); - if (list.length() != 3 + totalSubjects) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - - // now compile the subSubjects - AclSubjectVector elements(totalSubjects); - const ListElement *subSubject = &list[3]; - for (uint32 n = 0; n < totalSubjects; n++, subSubject = subSubject->next()) - elements[n] = ObjectAcl::make(subSubject->typedList()); - return new ThresholdAclSubject(totalSubjects, minimumNeeded, elements); -} - -ThresholdAclSubject *ThresholdAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const -{ - Endian totalSubjects; pub(totalSubjects); - Endian minimumNeeded; pub(minimumNeeded); - AclSubjectVector subSubjects(totalSubjects); - for (uint32 n = 0; n < totalSubjects; n++) - subSubjects[n] = ObjectAcl::importSubject(pub, priv); - return new ThresholdAclSubject(totalSubjects, minimumNeeded, subSubjects); -} - -ThresholdAclSubject::ThresholdAclSubject(uint32 n, uint32 k, - const AclSubjectVector &subSubjects) -: SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_THRESHOLD, CSSM_SAMPLE_TYPE_THRESHOLD), - minimumNeeded(k), totalSubjects(n), elements(subSubjects) -{ -} - - -// -// Export the subject to a memory blob -// -template -void ThresholdAclSubject::exportBlobForm(Action &pub, Action &priv) -{ - pub(h2n(totalSubjects)); - pub(h2n(minimumNeeded)); - for (uint32 n = 0; n < totalSubjects; n++) - ObjectAcl::exportSubject(elements[n], pub, priv); -} - -void ThresholdAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) -{ exportBlobForm(pub, priv); } - -void ThresholdAclSubject::exportBlob(Writer &pub, Writer &priv) -{ exportBlobForm(pub, priv); } - - -#ifdef DEBUGDUMP - -void ThresholdAclSubject::debugDump() const -{ - Debug::dump("Threshold(%ld of %ld)", minimumNeeded, totalSubjects); - for (unsigned int n = 0; n < elements.size(); n++) { - Debug::dump(" ["); - if (Version v = elements[n]->version()) - Debug::dump("V=%d ", v); - elements[n]->debugDump(); - Debug::dump("]"); - } -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/acl_threshold.h b/cdsa/cdsa_utilities/acl_threshold.h deleted file mode 100644 index 5289d988..00000000 --- a/cdsa/cdsa_utilities/acl_threshold.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// acl_threshold - Threshold-based group ACL subjects. -// -// This subject type implements threshold (k of n) subjects as per CSSM standard. -// Subsubjects are stored and evaluated in the order received. Any subsubject -// is presented with all subsamples of the corresponding threshold sample, but -// not any other samples possibly present in the credentials. Subsubject evaluation -// stops as soon as the threshold is satisfied, or as soon as it becomes numerically -// impossible to satisfy the threshold with future matches. -// Note that this subject will reject out of hand any threshold sample that -// contains more than subsamples. This defeats "sample stuffing" attacks -// where the attacker provides thousands of samples in the hope that some may -// match by accident. It will however accept threshold samples with fewer than -// subsamples, as long as there are at least subsamples. -// -#ifndef _ACL_THRESHOLD -#define _ACL_THRESHOLD - -#include -#include - -#ifdef _CPP_ACL_THRESHOLD -#pragma export on -#endif - -namespace Security -{ - -class ThresholdAclSubject : public SimpleAclSubject { - typedef ObjectAcl::AclSubjectPointer AclSubjectPointer; - typedef vector AclSubjectVector; -public: - bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; - CssmList toList(CssmAllocator &alloc) const; - - ThresholdAclSubject(uint32 n, uint32 k, const AclSubjectVector &subSubjects); - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - - class Maker : public AclSubject::Maker { - public: - Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_THRESHOLD) { } - ThresholdAclSubject *make(const TypedList &list) const; - ThresholdAclSubject *make(Version, Reader &pub, Reader &priv) const; - }; - -private: - uint32 minimumNeeded; // number of matches needed - uint32 totalSubjects; // number of subSubjects - AclSubjectVector elements; // sub-subject vector - - template - void ThresholdAclSubject::exportBlobForm(Action &pub, Action &priv); -}; - -} // end namespace Security - -#ifdef _CPP_ACL_THRESHOLD -#pragma export off -#endif - -#endif //_ACL_THRESHOLD diff --git a/cdsa/cdsa_utilities/bufferfifo.cpp b/cdsa/cdsa_utilities/bufferfifo.cpp deleted file mode 100644 index 0765261c..00000000 --- a/cdsa/cdsa_utilities/bufferfifo.cpp +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// bufferfifo - a Sink that queues data in a FIFO of buffers for retrieval -// -#include "bufferfifo.h" -#include - - -namespace Security { - - -// -// On destruction, throw away all queued buffers (that haven't been picked up) -// -BufferFifo::~BufferFifo() -{ - while (!mBuffers.empty()) { - delete mBuffers.front(); - mBuffers.pop(); - } -} - -void BufferFifo::clearBuffer() -{ - while (!mBuffers.empty()) { - delete mBuffers.front(); - mBuffers.pop(); - } - mSize = 0; -} - -// -// This is the put function of a Sink. We store the data in at most two buffers: -// First we append to the last (partially filled) one; then we allocate a new one -// (if needed) to hold the rest. -// -void BufferFifo::consume(const void *data, size_t size) -{ - mSize += size; - - // step 1: fill the rearmost (partially filled) buffer - if (size > 0 && !mBuffers.empty()) { - Buffer *current = mBuffers.back(); - size_t length = current->put(data, size); - data = LowLevelMemoryUtilities::increment(data, length); - size -= length; - } - // step 2: if there's anything left, make a new buffer and fill it - if (size > 0) { // not done - Buffer *current = new Buffer(max(bufferLength, size)); - mBuffers.push(current); - assert(current->available() >= size); - current->put(data, size); - } -} - - -// -// Pull the first (FI) buffer off the queue and deliver it. -// We retain no memory of it; it belongs to the caller now. -// -Buffer *BufferFifo::pop() -{ - assert(!mBuffers.empty()); - Buffer *top = mBuffers.front(); - mBuffers.pop(); - return top; -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/bufferfifo.h b/cdsa/cdsa_utilities/bufferfifo.h deleted file mode 100644 index 571f2336..00000000 --- a/cdsa/cdsa_utilities/bufferfifo.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// bufferfifo - a Sink that queues data in a FIFO of buffers for retrieval -// -#ifndef _H_BUFFERFIFO -#define _H_BUFFERFIFO - -#include "streams.h" -#include "buffers.h" -#include -#include - - -namespace Security { - - -// -// A BufferFifo acts as a First-in First-out queue of Buffer objects. -// This is usually used as a flexible I/O buffer queue mechanism. -// For convenience, a BufferFifo is a Sink, so you can push data -// into it directly using the Sink mechanism. -// Note that there is currently no mechanism for restricting the -// memory footprint of a BufferFifo. -// -class BufferFifo : public Sink { -public: - BufferFifo(size_t es = 4096) : bufferLength(es) { } - ~BufferFifo(); - - Buffer *top() const { assert(!mBuffers.empty()); return mBuffers.front(); } - Buffer *pop(); - void push(Buffer *b) { mBuffers.push(b); } - - bool isEmpty() const { return mBuffers.empty(); } - size_t size() const { return mBuffers.size(); } - size_t topLength() const { assert(!isEmpty()); return mBuffers.front()->length(); } - - // Sink implementation - void consume(const void *data, size_t size); - void clearBuffer(); - -private: - typedef queue< Buffer *, list > BufferQueue; - BufferQueue mBuffers; - const size_t bufferLength; -}; - - - -} // end namespace Security - - -#endif /* _H_BUFFERFIFO */ diff --git a/cdsa/cdsa_utilities/buffers.cpp b/cdsa/cdsa_utilities/buffers.cpp deleted file mode 100644 index 25bda022..00000000 --- a/cdsa/cdsa_utilities/buffers.cpp +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// buffer - simple data buffers with convenience -// -#include "buffers.h" -#include -#include - - -namespace Security { - - -// -// Construct an empty Buffer from newly allocated memory -// -Buffer::Buffer(size_t size) - : mBase(new char[size]), mTop(mBase + size), mOwningMemory(true) -{ - mStart = mEnd = mBase; -} - - -// -// Construct a buffer from given memory, with given fill or ownership -// -Buffer::Buffer(void *base, size_t size, bool filled, bool owned) - : mBase(reinterpret_cast(base)), mTop(mBase + size), mOwningMemory(owned) -{ - mStart = mBase; - mEnd = filled ? mTop : mBase; -} - - -// -// Destroying a buffer deallocates its memory iff it owns it. -// -Buffer::~Buffer() -{ - if (mOwningMemory) - delete[] mBase; -} - - -// -// Shuffle buffer contents to make more room. -// Takes minimum size needed. Returns size available. -// -size_t Buffer::shuffle(size_t needed) -{ - assert(available() < needed); // shouldn't be called otherwise - size_t length = this->length(); - memmove(mBase, mStart, length); - mStart = mBase; - mEnd = mStart + length; - return min(needed, available()); -} - - -// -// Formatted append to buffer -// -void Buffer::printf(const char *format, ...) -{ - va_list args; - va_start(args, format); - vprintf(format, args); - va_end(args); -} - -void Buffer::vprintf(const char *format, va_list args) -{ - unsigned int written = vsnprintf(mEnd, mTop - mEnd, format, args); - if (written < available()) { - // overflow on formatting. Reshuffle and try again - shuffle(); - written = vsnprintf(mEnd, available(), format, args); - assert(written < available()); //@@@ throw here? - } - mEnd += written; // note: zero terminator discarded here -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/buffers.h b/cdsa/cdsa_utilities/buffers.h deleted file mode 100644 index 86aca4a5..00000000 --- a/cdsa/cdsa_utilities/buffers.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// buffer - simple data buffers with convenience -// -#ifndef _H_BUFFER -#define _H_BUFFER - -#include -#include -#include - - -namespace Security { - - -class Buffer { -public: - Buffer(size_t size); // allocate empty buffer - ~Buffer(); - - static Buffer reader(void *base, size_t size, bool owned = false) - { return Buffer(base, size, true, owned); } - static Buffer writer(void *base, size_t size, bool owned = false) - { return Buffer(base, size, false, owned); } - - size_t available(bool heavy = false) const - { return heavy ? ((mTop - mEnd) + (mStart - mBase)): (mTop - mEnd); } - bool isFull(bool heavy = false) const - { return heavy ? (mEnd == mTop && mStart == mBase) : (mEnd == mTop); } - bool isEmpty() const { return mStart == mEnd; } - - size_t length() const { return mEnd - mStart; } - void *data() { assert(mStart == mBase); return mStart; } - - void clear() { mStart = mEnd = mBase; } - -protected: - // private constructor with full flexibility - Buffer(void *base, size_t size, bool filled, bool owned = false); - - // perform expensive realignment to coalesce freespace - size_t shuffle(size_t needed = UINT_MAX); - - // perform cheap adjustments after data was taken out - void adjustGet() - { - if (isEmpty()) // empty buffer. Reset pointers to base - mStart = mEnd = mBase; - } - -public: - // elementary put: copy mode - size_t put(const void *data, size_t length) - { - if (length > available()) - length = shuffle(length); - memcpy(mEnd, data, length); - mEnd += length; - return length; - } - - // elementary put: locate mode. Remember that each can shuffle memory - template void locatePut(T * &addr, size_t &length) - { - if (length > available()) - length = shuffle(length); - addr = reinterpret_cast(mEnd); - } - - void usePut(size_t length) - { - assert(length <= available()); - mEnd += length; - } - - // elementary get: locate mode - template void locateGet(T * &addr, size_t &length) - { - if (length > size_t(mEnd - mStart)) - length = mEnd - mStart; - addr = reinterpret_cast(mStart); - } - - void useGet(size_t length) - { - assert(length <= this->length()); - mStart += length; - adjustGet(); - } - - // - // I/O via FileDescoid objects - // - template - size_t read(IO &io, size_t length) - { - if (length > available()) - length = shuffle(length); - size_t bytesRead = io.read(mEnd, length); - mEnd += bytesRead; - return bytesRead; - } - - template - size_t write(IO &io, size_t length) - { - length = min(this->length(), length); - size_t bytesWritten = io.write(mStart, length); - mStart += bytesWritten; - adjustGet(); - return bytesWritten; - } - - template size_t read(IO &io, bool heavy = false) - { return read(io, available(heavy)); } - - template size_t write(IO &io) - { return write(io, length()); } - - // printf-style output to a buffer - void printf(const char *format, ...); - void vprintf(const char *format, va_list args); - - // memory ownership - void own() { mOwningMemory = true; } - -private: - char *const mBase; // base pointer - char *const mTop; // end pointer + 1 - char *mStart; // start of used area - char *mEnd; // end of used area + 1 - bool mOwningMemory; // true if we own the memory (free on destruction) -}; - - -} // end namespace Security - - -#endif //_H_BUFFER diff --git a/cdsa/cdsa_utilities/callback.cpp b/cdsa/cdsa_utilities/callback.cpp deleted file mode 100644 index 17ebb145..00000000 --- a/cdsa/cdsa_utilities/callback.cpp +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Encapsulate the callback mechanism of CSSM. -// -#ifdef __MWERKS__ -#define _CPP_CALLBACK -#endif -#include - - -// -// Invoke a callback -// -void ModuleCallback::operator () (CSSM_MODULE_EVENT event, - const Guid &guid, uint32 subId, - CSSM_SERVICE_TYPE serviceType) const -{ - if (mCallback) - if (CSSM_RETURN err = mCallback(&guid, mContext, subId, serviceType, event)) - CssmError::throwMe(err); -} - - -// -// Manage Callback sets. -// THREADS: Caller is ensuring single-thread access on these calls. -// -void ModuleCallbackSet::insert(const ModuleCallback &newCallback) -{ - callbacks.insert(CallbackMap::value_type(newCallback, new CountingMutex)); -} - -void ModuleCallbackSet::erase(const ModuleCallback &oldCallback) -{ - CallbackMap::iterator it = callbacks.find(oldCallback); - if (it == callbacks.end()) // not registered; fail - CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE); - CountingMutex *counter = it->second; - { - StLock _(*counter); - if (!counter->isIdle()) // callbacks are scheduled against this - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_FAILED); // @#module is busy - } - // counter is zero (idle), and we hold the entry lock (via our caller) - delete counter; - callbacks.erase(it); -} - - -// -// Invoke an entire callback set. -// THREADS: Caller is ensuring single-thread access on these calls. -// -void ModuleCallbackSet::operator () (CSSM_MODULE_EVENT event, - const Guid &guid, uint32 subId, - CSSM_SERVICE_TYPE serviceType) const -{ - if (callbacks.empty()) // nothing to do; quick exit - return; - -#if _USE_THREADS == _USE_NO_THREADS || defined(SYNCHRONOUS_CALLBACKS) - // no threading model supported - we HAVE to do this right here - // note that the user better not re-enter CSSM too much, - // or we might deadlock... - for (CallbackMap::const_iterator it = callbacks.begin(); - it != callbacks.end(); it++) { - it->first(event, guid, subId, serviceType); - } -#else // real threads available - // lock down all callback elements - still protected by global lock (via caller) - for (CallbackMap::iterator it = callbacks.begin(); - it != callbacks.end(); it++) - it->second->enter(); - - // get out of this thread - now! - (new Runner(callbacks, event, guid, subId, serviceType))->run(); -#endif -} - -void ModuleCallbackSet::Runner::action() -{ - // - // NOTE WELL: Our callbacks map shares (pointed-to) values with the ModuleCallbackSet - // we were created from. Some of these values may be dangling pointers since they have - // been destroyed by other threads, but only *after* we are done with them, since - // we must call exit() on them before they become eligible for destruction. - // In all cases, it is the responsibility of other threads to destroy those mutexi. - // - // @@@ Could also fan out to multiple callback threads in parallel. - for (CallbackMap::iterator it = callbacks.begin(); - it != callbacks.end(); it++) { - //@@@ safety vs. convenience - recheck - it->first(event, guid, subserviceId, serviceType); - it->second->exit(); - } -} diff --git a/cdsa/cdsa_utilities/callback.h b/cdsa/cdsa_utilities/callback.h deleted file mode 100644 index 8b5f9f83..00000000 --- a/cdsa/cdsa_utilities/callback.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Encapsulate the callback mechanism of CSSM. -// -#ifndef _H_CALLBACK -#define _H_CALLBACK - -#include -#include -#include - -#ifdef _CPP_CALLBACK -#pragma export on -#endif - -namespace Security -{ - -// -// A single module-specific callback as requested by the user. -// -class ModuleCallback { -public: - ModuleCallback() : mCallback(0), mContext(0) { } - ModuleCallback(CSSM_API_ModuleEventHandler callback, void *context) - : mCallback(callback), mContext(context) { } - - void operator () (CSSM_MODULE_EVENT event, - const Guid &guid, uint32 subId, - CSSM_SERVICE_TYPE serviceType) const; - - operator bool () const { return mCallback || mContext; } - bool operator ! () const { return !bool(*this); } - - bool operator == (const ModuleCallback &cb) const - { return mCallback == cb.mCallback && mContext == cb.mContext; } - bool operator < (const ModuleCallback &cb) const - { return mCallback < cb.mCallback - || mCallback == cb.mCallback && mContext < cb.mContext; } - -private: - CSSM_API_ModuleEventHandler mCallback; - void *mContext; -}; - - -// -// A set of callbacks that can be invoked automatically in a thread-safe manner. -// THREADS: The set itself is not interlocked by the ModuleCallbackSet class; you -// are responsible for ensuring single access to the set object. The class ensures -// that any threads it spawns to execute the callbacks will not step on each other -// or on you, and that you will not be able to erase() a callback while it has -// activity scheduled against it. This also applies to the invocation method -// (operator ()) - you must lock against multiple accesses to it until it returns. -// -class ModuleCallbackSet { -public: - unsigned int size() const { return callbacks.size(); } - void insert(const ModuleCallback &newCallback); - void erase(const ModuleCallback &oldCallback); - - void operator () (CSSM_MODULE_EVENT event, - const Guid &guid, uint32 subId, - CSSM_SERVICE_TYPE serviceType) const; - -private: - // note mutex *: we don't want to rely on copy-ability of Mutex objects - typedef multimap CallbackMap; - mutable CallbackMap callbacks; - - struct Runner : public Thread { - Runner(CallbackMap &inCallbacks, - CSSM_MODULE_EVENT inEvent, - const Guid &inGuid, - uint32 inSSId, - CSSM_SERVICE_TYPE inServiceType) - : callbacks(inCallbacks), event(inEvent), guid(inGuid), - subserviceId(inSSId), serviceType(inServiceType) { } - - CallbackMap callbacks; // note that we share the CountingMutex * values! - const CSSM_MODULE_EVENT event; - const Guid guid; - const uint32 subserviceId; - const CSSM_SERVICE_TYPE serviceType; - - void action(); - }; -}; - -} // end namespace Security - -#ifdef _CPP_CALLBACK -#pragma export off -#endif - -#endif //_H_CALLBACK diff --git a/cdsa/cdsa_utilities/ccaudit.cpp b/cdsa/cdsa_utilities/ccaudit.cpp deleted file mode 100644 index 24caac9a..00000000 --- a/cdsa/cdsa_utilities/ccaudit.cpp +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include // bcopy() -#include // gethostname() -#include // gethostbyname() -#include // inet_addr() -#include // inet_addr() -#include // inet_addr() -#include // inet_addr() -#include -#include "utilities.h" -#include -#include -#include "ccaudit.h" - -namespace Security -{ -namespace CommonCriteria -{ - -void TerminalId::set(void) -{ - if (audit_set_terminal_id(&mTid) != kAUNoErr) - { - // If we start seeing the syslog too often, change to secdebug() - Syslog::warning("setting terminal ID info failed; using defaults"); - mTid.port = 0; - mTid.machine = 0; - } -} - -void AuditSession::registerSession(void) -{ - auditinfo_t auinfo; - - auinfo.ai_auid = mAuditId; - auinfo.ai_asid = mSessionId; - bcopy(&mTerminalId.get(), &(auinfo.ai_termid), sizeof(auinfo.ai_termid)); - bcopy(&mEventMask.get(), &(auinfo.ai_mask), sizeof(auinfo.ai_mask)); - - if (setaudit(&auinfo) != 0) - { - if (errno == ENOTSUP) - { - Syslog::notice("Attempted to initialize auditing, but this kernel that does not support auditing"); - return; - } - Syslog::notice("Could not initialize auditing; continuing"); - } -} - -void AuditRecord::submit(const short event_code, const int returnCode, - const char *msg) -{ - // If we're not auditing, do nothing - if (au_get_state() == AUC_NOAUDIT) - return; - - // XXX make this a secdebug, then enable it - // Syslog::notice("Submitting authorization audit record"); - - int ret = kAUNoErr; - - // XXX/gh 3574731: Fix BSM SPI so the const_cast<>s aren't necessary - if (returnCode == 0) - { - token_t *tok = NULL; - - if (msg) - tok = au_to_text(const_cast(msg)); - ret = audit_write_success(event_code, const_cast(tok), - mAuditId, mEUid, mEGid, mRUid, mRGid, - mPid, mSessionId, - const_cast(&(mTerminalId.get()))); - } - else - { - ret = audit_write_failure(event_code, const_cast(msg), - returnCode, mAuditId, mEUid, mEGid, - mRUid, mRGid, mPid, mSessionId, - const_cast(&(mTerminalId.get()))); - } - if (ret != kAUNoErr) - MacOSError::throwMe(ret); -} - - -} // end namespace CommonCriteria -} // end namespace Security diff --git a/cdsa/cdsa_utilities/ccaudit.h b/cdsa/cdsa_utilities/ccaudit.h deleted file mode 100644 index 0fc9b2d9..00000000 --- a/cdsa/cdsa_utilities/ccaudit.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _H_CCAUDIT -#define _H_CCAUDIT - -#include -#include - -namespace Security -{ - -namespace CommonCriteria -{ - -// for Tiger, this should be incorporated into Security's OSStatus range -enum ExternalErrors -{ - errNone = 0, - errInvalidCredential = 1111, // try to make easier to find in log - errUserCanceled, - errTooManyTries, - errEndOfExternalErrors // sentry/placeholder -}; - -class AuditMask -{ - public: - AuditMask() { } - AuditMask(const AuditMask &am) { set(am.get()); } - AuditMask(const au_mask_t &am) { set(am); } - ~AuditMask() { } - - void set(const au_mask_t &am) { set(am.am_success, am.am_failure); } - void set(unsigned int s, unsigned int f) { mMask.am_success = s; mMask.am_failure = f; } - const au_mask_t &get(void) const { return mMask; } - - private: - au_mask_t mMask; -}; - -// For the most part, we won't have a machine ID to initialize the -// au_tid_t's machine field. There's no machine ID in the audit token, -// for example, since MIG is localhost-only. -class TerminalId -{ - public: - TerminalId() { } - TerminalId(const TerminalId &t) { set(t.get()); } - TerminalId(const au_tid_t &tid) { set(tid); } - TerminalId(dev_t p, u_int32_t m) { port(p); machine(m); } - ~TerminalId() { } - - void set(void); // set using localhost - void set(const au_tid_t &tid) { port(tid.port); machine(tid.machine); } - void port(dev_t p) { mTid.port = p; } - void machine(u_int32_t m) { mTid.machine = m; } - const au_tid_t &get(void) const { return mTid; } - - private: - au_tid_t mTid; -}; - -// audit session state for the current process; only used by Server -class AuditSession -{ - public: - AuditSession() { } - AuditSession(au_id_t auid, AuditMask &mask, au_asid_t sid, - TerminalId &tid) - : mAuditId(auid), mEventMask(mask), mTerminalId(tid), - mSessionId(sid) { } - ~AuditSession() { } - - // set audit info for this process in kernel - void registerSession(void); - - void auditId(au_id_t auid) { mAuditId = auid; } - void eventMask(AuditMask &mask) { mEventMask = mask; } - void terminalId(TerminalId &tid) { mTerminalId = tid; } - void sessionId(au_asid_t sid) { mSessionId = sid; } - - au_id_t auditId(void) { return mAuditId; } - AuditMask &eventMask(void) { return mEventMask; } - TerminalId &terminalId(void) { return mTerminalId; } - au_asid_t sessionId(void) { return mSessionId; } - - private: - au_id_t mAuditId; - AuditMask mEventMask; - TerminalId mTerminalId; - au_asid_t mSessionId; -}; - -// -// For submitting audit records. Not general-purpose: no ability to -// submit arbitrary BSM tokens, for example. However, the SecurityServer -// has only limited auditing requirements under Common Criteria. -// -class AuditRecord -{ - public: - AuditRecord(const audit_token_t &auditToken) - : mAuditId(auditToken.val[0]), - mRUid(auditToken.val[3]), - mRGid(auditToken.val[4]), - mEUid(auditToken.val[1]), - mEGid(auditToken.val[2]), - mPid(auditToken.val[5]), - mSessionId(auditToken.val[6]), - mTerminalId(auditToken.val[7], 0) { } - ~AuditRecord() { } - - // returnCode == 0 --> success; nonzero returnCode --> failure - void submit(const short event_code, const int returnCode, - const char *msg = NULL); - - private: - au_id_t mAuditId; - uid_t mRUid; - gid_t mRGid; - uid_t mEUid; - gid_t mEGid; - pid_t mPid; - au_asid_t mSessionId; - TerminalId mTerminalId; -}; - -} // end namespace CommonCriteria - -} // end namespace Security - -#endif // _H_CCAUDIT diff --git a/cdsa/cdsa_utilities/cfutilities.cpp b/cdsa/cdsa_utilities/cfutilities.cpp deleted file mode 100644 index 7bc36b93..00000000 --- a/cdsa/cdsa_utilities/cfutilities.cpp +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// CoreFoundation related utilities -// -#include -#include - - -namespace Security { - - -// -// Turn a CFString into a UTF8-encoded C++ string -// -string cfString(CFStringRef str) -{ - // NULL translates (cleanly) to empty - if (str == NULL) - return ""; - - // quick path first - if (const char *s = CFStringGetCStringPtr(str, kCFStringEncodingUTF8)) - return s; - - // need to extract into buffer - string ret; - CFIndex length = CFStringGetLength(str); // in 16-bit character units - char *buffer = new char[6 * length + 1]; // pessimistic - if (CFStringGetCString(str, buffer, 6 * length + 1, kCFStringEncodingUTF8)) - ret = buffer; - delete[] buffer; - return ret; -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cfutilities.h b/cdsa/cdsa_utilities/cfutilities.h deleted file mode 100644 index c55a661d..00000000 --- a/cdsa/cdsa_utilities/cfutilities.h +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -//CoreFoundation related utilities -// -#ifndef _H_CFUTILITIES -#define _H_CFUTILITIES - -#include -#include -#include - - -namespace Security { - - -// -// Initialize-only self-releasing CF object handler (lightweight). -// Does not support assignment. -// -template class CFRef { -public: - CFRef() : mRef(NULL) { } - CFRef(CFType ref) : mRef(ref) { } - CFRef(const CFRef &ref) : mRef(ref) { if (ref) CFRetain(ref); } - ~CFRef() { if (mRef) CFRelease(mRef); } - - CFRef &take(CFType ref) - { if (mRef) CFRelease(mRef); mRef = ref; return *this; } - - CFRef &operator = (CFType ref) - { if (ref) CFRetain(ref); return take(ref); } - - operator CFType () const { return mRef; } - operator bool () const { return mRef != NULL; } - bool operator ! () const { return mRef == NULL; } - -private: - CFType mRef; -}; - - -template class CFCopyRef { -public: - CFCopyRef() : mRef(NULL) { } - explicit CFCopyRef(CFType ref) : mRef(ref) { if (ref) CFRetain(ref); } - CFCopyRef(const CFCopyRef &ref) : mRef(ref) { if (ref) CFRetain(ref); } - ~CFCopyRef() { if (mRef) CFRelease(mRef); } - - CFCopyRef &take(CFType ref) - { if (mRef) CFRelease(mRef); mRef = ref; return *this; } - - CFCopyRef &operator = (CFType ref) - { if (ref) CFRetain(ref); return take(ref); } - - operator CFType () const { return mRef; } - operator bool () const { return mRef != NULL; } - bool operator ! () const { return mRef == NULL; } - -private: - CFType mRef; -}; - - -// -// A simple function that turns a non-array CFTypeRef into -// an array of one with that element. This will retain its argument -// (directly or indirectly). -// -inline CFArrayRef cfArrayize(CFTypeRef arrayOrItem) -{ - if (arrayOrItem == NULL) - return NULL; // NULL is NULL - else if (CFGetTypeID(arrayOrItem) == CFArrayGetTypeID()) { - CFRetain(arrayOrItem); - return CFArrayRef(arrayOrItem); // already an array - } else { - CFArrayRef array = CFArrayCreate(NULL, - (const void **)&arrayOrItem, 1, &kCFTypeArrayCallBacks); - return array; - } -} - - -// -// Translate CFDataRef to CssmData. The output shares the input's buffer. -// -inline CssmData cfData(CFDataRef data) -{ - return CssmData(const_cast(CFDataGetBytePtr(data)), - CFDataGetLength(data)); -} - - -// -// Translate CFStringRef to (UTF8-encoded) C++ string -// -string cfString(CFStringRef str); - - -// -// Translate any Data-oid source to a CFDataRef. The contents are copied. -// -template -inline CFDataRef makeCFData(const Data &source) -{ - return CFDataCreate(NULL, reinterpret_cast(source.data()), source.length()); -} - - -// -// Translate strings into CFStrings -// -inline CFStringRef makeCFString(const char *s) -{ - return CFStringCreateWithCString(NULL, s, kCFStringEncodingUTF8); -} - -inline CFStringRef makeCFString(const string &s) -{ - return CFStringCreateWithCString(NULL, s.c_str(), kCFStringEncodingUTF8); -} - - -// -// Internally used STL adapters. Should probably be in utilities.h. -// -template -Self projectPair(const Self &me) -{ return me; } - -template -Second projectPair(const pair &me) -{ return me.second; } - - -// -// A CFToVector turns a CFArrayRef of items into a flat -// C vector of some type, using a conversion function -// (from CFTypeRef) specified. As a special bonus, if -// you provide a CFTypeRef (other than CFArrayRef), it -// will be transparently handled as an array-of-one. -// The array will be automatically released on destruction -// of the CFToVector object. Any internal structure shared -// with the CFTypeRef inputs will be left alone. -// -template -class CFToVector { -public: - CFToVector(CFArrayRef arrayRef); - ~CFToVector() { delete[] mVector; } - operator uint32 () const { return mCount; } - operator VectorBase *() const { return mVector; } - bool empty() const { return mCount == 0; } - - VectorBase *begin() const { return mVector; } - VectorBase *end() const { return mVector + mCount; } - - VectorBase &operator [] (uint32 ix) const { assert(ix < mCount); return mVector[ix]; } - -private: - VectorBase *mVector; - uint32 mCount; -}; - -template -CFToVector::CFToVector(CFArrayRef arrayRef) -{ - if (arrayRef == NULL) { - mCount = 0; - mVector = NULL; - } else { - mCount = CFArrayGetCount(arrayRef); - mVector = new VectorBase[mCount]; - for (uint32 n = 0; n < mCount; n++) - mVector[n] = convert(CFRefType(CFArrayGetValueAtIndex(arrayRef, n))); - } -} - - -// -// Generate a CFArray of CFTypeId things generated from iterators. -// @@@ This should be cleaned up with partial specializations based -// @@@ on iterator_traits. -// -template -inline CFArrayRef makeCFArray(Generator &generate, Iterator first, Iterator last) -{ - // how many elements? - size_t size = distance(first, last); - - // do the CFArrayCreate tango - auto_array vec(size); - for (uint32 n = 0; n < size; n++) - vec[n] = generate(projectPair(*first++)); - assert(first == last); - return CFArrayCreate(NULL, (const void **)vec.get(), size, &kCFTypeArrayCallBacks); -} - -template -inline CFArrayRef makeCFArray(Generator &generate, const Container &container) -{ - return makeCFArray(generate, container.begin(), container.end()); -} - - -} // end namespace Security - -#endif //_H_CFUTILITIES diff --git a/cdsa/cdsa_utilities/codesigning.cpp b/cdsa/cdsa_utilities/codesigning.cpp deleted file mode 100644 index 96bc0716..00000000 --- a/cdsa/cdsa_utilities/codesigning.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// codesigning - support for signing and verifying "bags o' bits" on disk. -// -#ifdef __MWERKS__ -#define _CPP_CODESIGNING -#endif - -#include - - -namespace Security -{ - -namespace CodeSigning -{ -} // end namespace CodeSigning - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/codesigning.h b/cdsa/cdsa_utilities/codesigning.h deleted file mode 100644 index c1f13173..00000000 --- a/cdsa/cdsa_utilities/codesigning.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// codesigning - support for signing and verifying "bags o' bits" on disk. -// -// This file defines CodeSigner objects that sign, SignableCode objects -// that can be signed, and CodeSignature objects that represent signatures. -// Anything that can be "enumerated" into a stream of bits is fair game as -// a SignableCode, though the primary intent is to sign files or directories -// of files on disk. -// -#ifndef _CODESIGNING -#define _CODESIGNING - -#include -#include - -#ifdef _CPP_CODESIGNING -#pragma export on -#endif - -#undef verify - -namespace Security -{ - -namespace CodeSigning -{ - -// -// Type codes for signatures. Each represents a particular type of signature. -// -enum { - standardOSXSignature = 1 // standard MacOS X signature (SHA1) -}; - - -// -// A CodeSignature is an abstract object representing a complete signature. -// You may think of this as a cryptographic hash of some kind together with -// type information and enough abstraction to make changing the algorithms -// easier. -// -class Signature { -public: - virtual ~Signature() { } - - virtual bool operator == (const Signature &other) const = 0; - bool operator != (const Signature &other) const { return !(*this == other); } - - virtual uint32 type() const = 0; // yield type code - virtual const void *data() const = 0; // yield data pointer - virtual size_t length() const = 0; // yield length of data -}; - - -// -// A Signer is the engine that can sign and verify. It may have configuration, -// but it should have NO state that carries over between signing/verifying -// operations. In other words, once a signing/verifyng operation is complete, -// the signer should forget about what it did. -// -class Signer { - friend class Signable; -public: - virtual ~Signer() { } - -public: - class State { - public: - virtual void enumerateContents(const void *data, size_t length) = 0; - - Signer &signer; - - protected: - State(Signer &sgn) : signer(sgn) { } - }; - -public: - virtual Signature *sign(const Signable &target) = 0; - virtual bool verify(const Signable &target, const Signature *signature) = 0; - - virtual Signature *restore(uint32 type, const void *data, size_t length) = 0; - Signature *restore(uint32 type, const CssmData &data) - { return restore(type, data.data(), data.length()); } - -protected: - void scanContents(State &state, const Signable &target); -}; - - -// -// A Signable object represents something that can be signed -// -class Signable { - friend class Signer; -public: - virtual ~Signable() { } - - Signature *sign(Signer &signer) const - { return signer.sign(*this); } - bool verify(const Signature *signature, Signer &signer) const - { return signer.verify(*this, signature); } - -protected: - virtual void scanContents(Signer::State &state) const = 0; -}; - - -// -// Close mutually recursive calls -// -inline void Signer::scanContents(State &state, const Signable &target) -{ - target.scanContents(state); -} - -} // end namespace CodeSigning - -} // end namespace Security - -#ifdef _CPP_CODESIGNING -#pragma export off -#endif - - -#endif //_CODESIGNING diff --git a/cdsa/cdsa_utilities/constdata.cpp b/cdsa/cdsa_utilities/constdata.cpp deleted file mode 100644 index b1978f54..00000000 --- a/cdsa/cdsa_utilities/constdata.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// constdata - shared constant binary data objects -// -#include "constdata.h" -#include - - -namespace Security { - - -// -// Construct a Blob from a source -// -ConstData::Blob::Blob(const void *base, size_t size, bool takeOwnership) : mSize(size) -{ - mData = takeOwnership ? base : memcpy(new char[size], base, size); -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/constdata.h b/cdsa/cdsa_utilities/constdata.h deleted file mode 100644 index da75382e..00000000 --- a/cdsa/cdsa_utilities/constdata.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// constdata - shared constant binary data objects -// -#ifndef _H_CONSTDATA -#define _H_CONSTDATA - -#include -#include - - -namespace Security { - - -// -// ConstData represents a contiguous, binary blob of constant data. -// Assignment is by sharing (thus cheap). -// ConstData is a (constant) Dataoid type. -// -class ConstData { -private: - class Blob : public RefCount { - public: - Blob() : mData(NULL), mSize(0) { } - Blob(const void *base, size_t size, bool takeOwnership = false); - ~Blob() { delete[] reinterpret_cast(mData); } - - const void *data() const { return mData; } - size_t length() const { return mSize; } - - private: - const void *mData; - size_t mSize; - }; - -public: - ConstData() { } //@@@ use a nullBlob? - ConstData(const void *base, size_t size, bool takeOwnership = false) - : mBlob(new Blob(base, size, takeOwnership)) { } - - template - static ConstData wrap(const T &obj, bool takeOwnership) - { return ConstData(&obj, sizeof(obj), takeOwnership); } - -public: - const void *data() const { return mBlob ? mBlob->data() : NULL; } - size_t length() const { return mBlob ? mBlob->length() : 0; } - - operator bool() const { return mBlob; } - bool operator !() const { return !mBlob; } - - template operator const T *() const - { return reinterpret_cast(data()); } - - template const T &as() const - { return *static_cast(reinterpret_cast(data())); } - -private: - RefPointer mBlob; -}; - - -} // end namespace Security - - -#endif //_H_CONSTDATA diff --git a/cdsa/cdsa_utilities/context.cpp b/cdsa/cdsa_utilities/context.cpp deleted file mode 100644 index 3f25f1a2..00000000 --- a/cdsa/cdsa_utilities/context.cpp +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// context - manage CSSM (cryptographic) contexts every which way. -// -// A note on memory management: -// Context attributes are allocated from application memory in big chunks comprising -// many attributes as well as the attribute array itself. The CSSM_CONTEXT fields -// NumberOfAttributes and ContextAttributes are handled as a group. Context::Builder -// and Context::copyFrom assume these fields are undefined and fill them. Context::clear -// assumes they are valid and invalides them, freeing memory. -// -// You may also want to look at cssmcontext.h in CSSM proper, where CSSM's internal Context -// objects are built on top of our Context class. -// -#include - - -// -// Construct Context objects -// -Context::Context(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS algorithmId) -{ - clearPod(); - ContextType = type; - AlgorithmType = algorithmId; -} - - -// -// Delete a single attribute from a Context by type. -// We implement this by simply nulling out the slot - the memory is not released, -// and will not be reclaimed until the Context is deleted or reconstructed for some reason. -// -void Context::deleteAttribute(CSSM_ATTRIBUTE_TYPE type) -{ - for (uint32 n = 0; n < attributesInUse(); n++) - if (ContextAttributes[n].AttributeType == type) { - ContextAttributes[n].AttributeType = CSSM_ATTRIBUTE_NONE; - ContextAttributes[n].AttributeLength = 0; - return; - } - // not found - CssmError::throwMe(CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT); -} - - -// -// This swiss-army-knife function performs a deep copy of all of a Context's attributes, -// bundling them up into a single memory node and storing them into a pointer/count pair. -// It also returns the size of the memory block allocated, in case you care (IPC does). -// -size_t Context::copyAttributes(CSSM_CONTEXT_ATTRIBUTE * &attrs, uint32 &count, - CssmAllocator &alloc) const -{ - Context::Builder builder(alloc); - for (unsigned n = 0; n < attributesInUse(); n++) - builder.setup(ContextAttributes[n]); - size_t size = builder.make(); - for (unsigned n = 0; n < attributesInUse(); n++) - builder.put(ContextAttributes[n]); - builder.done(attrs, count); - return size; -} - - -// -// Locate attribute values by type. -// This function deals in attribute vectors, not contexts; hence the explicit count argument. -// Returns NULL for attribute not found. -// -Context::Attr *Context::find(CSSM_ATTRIBUTE_TYPE theType, - const CSSM_CONTEXT_ATTRIBUTE *attrs, unsigned int count) -{ - for (unsigned n = 0; n < count; n++) - if (attrs[n].AttributeType == theType) - return (Attr *)&attrs[n]; - return NULL; -} - - -// -// Post-IPC context fixup. -// A Context is transmitted via IPC as a two-element blob. The first is the Context -// structure itself, which is taken as flat. The second is the flattened attribute -// vector blob as produced by the Context::Builder class. Since IPC will relocate -// each blob, we need to offset all internal pointers to compensate. -// -void Context::postIPC(void *base, CSSM_CONTEXT_ATTRIBUTE *ipcAttributes) -{ - ReconstituteWalker relocator(LowLevelMemoryUtilities::difference(ipcAttributes, base)); - ContextAttributes = ipcAttributes; // fix context->attr vector link - for (uint32 n = 0; n < attributesInUse(); n++) - walk(relocator, (*this)[n]); -} - - -// -// Context Builders -// -size_t Context::Builder::make() -{ - size_t vectorSize = - LowLevelMemoryUtilities::alignUp(slotCount * sizeof(CSSM_CONTEXT_ATTRIBUTE)); - size_t totalSize = vectorSize + sizer; - attributes = reinterpret_cast(allocator.malloc(totalSize)); - copier = LowLevelMemoryUtilities::increment(attributes, vectorSize); - slot = 0; - return totalSize; -} - -void Context::Builder::done(CSSM_CONTEXT_ATTRIBUTE * &attributes, uint32 &count) -{ - assert(slot == slotCount); // match pass profiles - attributes = this->attributes; - count = slotCount; - this->attributes = NULL; // delivered the goods, no longer our responsibility -} - - -// -// Debugging support -// -#if defined(DEBUGDUMP) - -static void dumpData(CSSM_DATA *data) -{ - if (data == NULL) - Debug::dump("[NULL]"); - else - Debug::dump("[%p,%ld]@%p", data->Data, data->Length, data); -} - -void Context::Attr::dump() const -{ - Debug::dump(" Attr{type=%x, size=%d, value=", int(AttributeType), int(AttributeLength)); - switch (AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) { - case CSSM_ATTRIBUTE_DATA_UINT32: - Debug::dump("%ld", long(Attribute.Uint32)); break; - case CSSM_ATTRIBUTE_DATA_STRING: - Debug::dump("%s@%p", Attribute.String, Attribute.String); break; - case CSSM_ATTRIBUTE_DATA_CSSM_DATA: - dumpData(Attribute.Data); - break; - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - dumpData(&Attribute.CryptoData->Param); - break; - default: - Debug::dump("%p", Attribute.String); break; // (slightly unclean) - }; - Debug::dump("}\n"); -} - -void Context::dump(const char *title, const CSSM_CONTEXT_ATTRIBUTE *attrs) const -{ - if (attrs == NULL) - attrs = ContextAttributes; - Debug::dump("Context %s{type=%d, alg=%d, CSP=%u, %d attributes@%p:\n", - title ? title : "", - int(ContextType), int(AlgorithmType), (unsigned int)CSPHandle, - int(NumberOfAttributes), attrs); - for (unsigned int n = 0; n < NumberOfAttributes; n++) - Attr::overlay(attrs[n]).dump(); - Debug::dump("} // end Context\n"); -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/context.h b/cdsa/cdsa_utilities/context.h deleted file mode 100644 index 84cd5d33..00000000 --- a/cdsa/cdsa_utilities/context.h +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// context - CSSM cryptographic context objects -// -#ifndef _H_CONTEXT -#define _H_CONTEXT - -#include -#include -#include -#include -#include // to serialize/copy access credentials -#include - -#ifdef _CPP_CONTEXT -# pragma export on -#endif - -namespace Security -{ - -// -// Context is a POD overlay for the CSSM_CONTEXT type. It does -// add allocation functions and lots of good stuff. -// Note that if you're outside CSSM proper, you are not supposed to -// memory-manage Context structures on your own. Be a good boy and -// call the CSSM API functions. -// We also provide a POD overlay for CSSM_CONTEXT_ATTRIBUTE, with -// the obvious semantics. -// -class Context : public PodWrapper { -public: - Context(CSSM_CONTEXT_TYPE type, CSSM_ALGORITHMS algorithmId); - - uint32 attributesInUse() const { return NumberOfAttributes; } - CSSM_CONTEXT_TYPE type() const { return ContextType; } - CSSM_ALGORITHMS algorithm() const { return AlgorithmType; } - CSSM_CSP_HANDLE cspHandle() const { return CSPHandle; } - - void deleteAttribute(CSSM_ATTRIBUTE_TYPE type); - size_t copyAttributes(CSSM_CONTEXT_ATTRIBUTE * &attrs, uint32 &count, CssmAllocator &alloc) const; - - void copyFrom(const Context &source, CssmAllocator &alloc) - { source.copyAttributes(ContextAttributes, NumberOfAttributes, alloc); } - -public: - class Attr : public PodWrapper { - public: - Attr() { } - Attr(const CSSM_CONTEXT_ATTRIBUTE &attr) { (CSSM_CONTEXT_ATTRIBUTE &)*this = attr; } - - template - Attr(CSSM_ATTRIBUTE_TYPE typ, T &value, size_t size = 0) - { - AttributeType = typ; - // attribute component pointers are stupidly non-const; allow const input - Attribute.String = const_cast(reinterpret_cast(&value)); - AttributeLength = size ? size : sizeof(T); - } - - Attr(CSSM_ATTRIBUTE_TYPE typ, uint32 value) - { - AttributeType = typ; - Attribute.Uint32 = value; - AttributeLength = 0; - } - - CSSM_ATTRIBUTE_TYPE type() const { return AttributeType; } - uint32 baseType() const { return AttributeType & CSSM_ATTRIBUTE_TYPE_MASK; } - - operator char * () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_STRING); return Attribute.String; } - operator CssmData & () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_CSSM_DATA); - return CssmData::overlay(*Attribute.Data); } - operator CssmCryptoData & () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_CRYPTO_DATA); - return CssmCryptoData::overlay(*Attribute.CryptoData); } - operator CssmKey & () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_KEY); return CssmKey::overlay(*Attribute.Key); } - operator AccessCredentials & () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS); - return AccessCredentials::overlay(*Attribute.AccessCredentials); } - operator uint32 () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_UINT32); return Attribute.Uint32; } - operator CSSM_DL_DB_HANDLE &() const - { - assert(baseType() == CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE); - if (Attribute.DLDBHandle == NULL) - CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE); - return *Attribute.DLDBHandle; - } - operator CssmDate & () const - { assert(baseType() == CSSM_ATTRIBUTE_DATA_DATE); - return CssmDate::overlay(*Attribute.Date); } - // @@@ etc. etc. - add yours today! - - void operator = (uint32 value) { Attribute.Uint32 = value; } - template - void operator = (T *ptr) { Attribute.String = reinterpret_cast(ptr); } - - IFDUMP(void dump() const;) // debug dump this Attr to stdout (one line) - }; - - // Attributes by position - Attr *attributes() const { return Attr::overlay(ContextAttributes); } - Attr &operator [] (unsigned int ix) - { assert(ix < NumberOfAttributes); return static_cast(ContextAttributes[ix]); } - const Attr &operator [] (unsigned int ix) const - { assert(ix < NumberOfAttributes); return static_cast(ContextAttributes[ix]); } - - // general attribute retrieval by type - Attr *find(CSSM_ATTRIBUTE_TYPE theType) const - { return find(theType, ContextAttributes, NumberOfAttributes); } - - template - Elem &get(CSSM_ATTRIBUTE_TYPE type, CSSM_RETURN err) const - { - if (Attr *attr = find(type)) - return static_cast(*attr); - else - CssmError::throwMe(err); - } - - template - Elem *get(CSSM_ATTRIBUTE_TYPE type) const - { - if (Attr *attr = find(type)) - // @@@ Invoking conversion operator to Elem & on *attr and taking address of result. - return &static_cast(*attr); - else - return NULL; - } - - uint32 getInt(CSSM_ATTRIBUTE_TYPE type, CSSM_RETURN err) const - { - if (Attr *attr = find(type)) - return static_cast(*attr); - else - CssmError::throwMe(err); - } - - uint32 getInt(CSSM_ATTRIBUTE_TYPE type) const - { - if (Attr *attr = find(type)) - return static_cast(*attr); - else - return 0; - } - - bool getInt(CSSM_ATTRIBUTE_TYPE type, uint32 &value) const - { - if (Attr *attr = find(type)) { - value = static_cast(*attr); - return true; - } else - return false; - } - -public: - template - void replace(CSSM_ATTRIBUTE_TYPE type, const T &newValue) const - { - if (Attr *attr = find(type)) - *attr = Attr(type, newValue); - else - CssmError::throwMe(CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT); - } - -public: - void *operator new (size_t size, CssmAllocator &alloc) throw(std::bad_alloc) - { return alloc.malloc(size); } - void operator delete (void *addr, size_t, CssmAllocator &alloc) throw() - { return alloc.free(addr); } - static void destroy(Context *context, CssmAllocator &alloc) throw() - { alloc.free(context->ContextAttributes); alloc.free(context); } - -public: - // Post-IPC context fixup. - // This can only be called on a Built Context after IPC transmission. - void postIPC(void *base, CSSM_CONTEXT_ATTRIBUTE *ipcAttributes); - -public: - class Builder; - - // dump to stdout, multiline format - IFDUMP(void dump(const char *title = NULL, - const CSSM_CONTEXT_ATTRIBUTE *attrs = NULL) const;) - -protected: - // find an attribute in a plain array of attribute structures (no context) - static Attr *find(CSSM_ATTRIBUTE_TYPE theType, - const CSSM_CONTEXT_ATTRIBUTE *attrs, unsigned int count); -}; - - -namespace DataWalkers -{ - -template -void walk(Action &operate, CSSM_CONTEXT_ATTRIBUTE &attr) -{ - operate(attr); - switch (attr.AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) { - case CSSM_ATTRIBUTE_DATA_CSSM_DATA: - walk(operate, attr.Attribute.Data); break; - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - walk(operate, attr.Attribute.CryptoData); break; - case CSSM_ATTRIBUTE_DATA_KEY: - walk(operate, attr.Attribute.Key); break; - case CSSM_ATTRIBUTE_DATA_STRING: - walk(operate, attr.Attribute.String); break; - case CSSM_ATTRIBUTE_DATA_DATE: - walk(operate, attr.Attribute.Date); break; - case CSSM_ATTRIBUTE_DATA_RANGE: - walk(operate, attr.Attribute.Range); break; - case CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS: - walk(operate, attr.Attribute.AccessCredentials); break; - case CSSM_ATTRIBUTE_DATA_VERSION: - walk(operate, attr.Attribute.Version); break; - case CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE: - walk(operate, attr.Attribute.DLDBHandle); break; - case CSSM_ATTRIBUTE_NONE: - case CSSM_ATTRIBUTE_DATA_UINT32: - break; - default: - secdebug("walkers", "invalid attribute (%lx) in context", attr.AttributeType); - break; - } -} - -template -void walk(Action &operate, Context::Attr &attr) -{ - walk(operate, static_cast(attr)); -} - -} // end namespace DataWalkers - - -// -// Context::Builder - make context attributes the fun way. -// -// A Context (aka CSSM_CONTEXT) has a pointer to an array of context attributes, -// most of which contain pointers to other stuff with pointers to God Knows Where. -// Instead of allocating this all over the heap, a Context::Builder performs -// a two-pass algorithm that places all that stuff into a single heap node. -// Specifically, the builder will allocate and create a vector of CSSM_CONTEXT_ATTRIBUTE -// structures and all their subordinate heap storage. -// A Builder does not deal in Context objects and does not care what you do with your -// CSSM_CONTEXT_ATTRIBUTE array once it's delivered. Since it's a single heap node, -// you can just free() it using the appropriate allocator when you're done with it. -// -// Theory of operation: -// Builder works in two phases, called scan and build. During scan, you call setup() -// with the desired data to be placed into the attribute vector. When done, call make() -// to switch to build phase. Then call put() with the SAME sequence of values as in phase 1. -// Finally, call done() to receive the pointer-and-count values. -// @@@ Add comment about IPC use. -// -using namespace DataWalkers; - -class Context::Builder { -protected: -public: - Builder(CssmAllocator &alloc) : allocator(alloc) - { slotCount = 0; attributes = NULL; } - ~Builder() { allocator.free(attributes); } - - CssmAllocator &allocator; - - // switch to build phase - size_t make(); - // deliver result - void done(CSSM_CONTEXT_ATTRIBUTE * &attributes, uint32 &count); - -public: - // - // Phase 1 (scan) dispatch. Call once for each attribute needed. - // - template - void setup(T p, CSSM_RETURN invalidError = CSSM_OK) - { - if (p) { - slotCount++; - walk(sizer, p); - } else if (invalidError) - CssmError::throwMe(invalidError); - } - // dynamic attribute type - void setup(const CSSM_CONTEXT_ATTRIBUTE &attr) - { slotCount++; walk(sizer, const_cast(attr)); } - void setup(const Context::Attr &attr) { setup(static_cast(attr)); } - - // - // Phase 2 (copy) dispatch. Call once for each attribute, in same order as setup(). - // - template - void put(CSSM_ATTRIBUTE_TYPE type, const T *p) - { - if (p) { - assert(slot < slotCount); // check overflow - Attr &attribute = attributes[slot++]; - attribute.AttributeType = type; - attribute.AttributeLength = size(p); //@@@ needed? how/when/what for? - attribute = walk(copier, p); - } - } - void put(CSSM_ATTRIBUTE_TYPE type, uint32 value) - { - if (value) { - assert(slot < slotCount); // check overflow - Attr &attribute = attributes[slot++]; - attribute.AttributeType = type; - attribute.AttributeLength = 0; //@@@ unclear what that should be - attribute = value; // no heap data (immediate value) - } - } - void put(const CSSM_CONTEXT_ATTRIBUTE &attr) - { - assert(slot < slotCount); - Attr &attribute = attributes[slot++]; - attribute = attr; // shallow copy - walk(copier, attribute); // deep copy - } - void put(const Context::Attr &attr) { put(static_cast(attr)); } - -private: - // pass 1 state: collect sizes and counts - unsigned slotCount; // count of attribute slots in use - SizeWalker sizer; // memory size calculator - - // pass 2 state: build the data set - Context::Attr *attributes; // attribute vector and start of block - CopyWalker copier; // data copy engine - uint32 slot; // writer slot position -}; - -} // end namespace Security - -#ifdef _CPP_CONTEXT -# pragma export off -#endif - -#endif //_H_CONTEXT diff --git a/cdsa/cdsa_utilities/cssmacl.cpp b/cdsa/cdsa_utilities/cssmacl.cpp deleted file mode 100644 index 5f5af270..00000000 --- a/cdsa/cdsa_utilities/cssmacl.cpp +++ /dev/null @@ -1,588 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmacl - core ACL management interface -// -#include -#include -#include -#include -#include - -using namespace DataWalkers; - - -// -// The static map of available ACL subject makers. -// These are the kinds of ACL subjects we can deal with. -// -ModuleNexus ObjectAcl::makers; - - -// -// Common (basic) features of AclSubjects -// -AclSubject::~AclSubject() -{ } - -AclValidationEnvironment::~AclValidationEnvironment() -{ } - -void AclSubject::exportBlob(Writer::Counter &, Writer::Counter &) -{ } - -void AclSubject::exportBlob(Writer &, Writer &) -{ } - -void AclSubject::importBlob(Reader &, Reader &) -{ } - -AclSubject::Maker::~Maker() -{ -} - -// -// A SimpleAclSubject accepts only a single type of sample, validates -// samples independently, and makes no use of certificates. -// -bool SimpleAclSubject::validate(const AclValidationContext &ctx) const -{ - for (uint32 n = 0; n < ctx.count(); n++) { - const TypedList &sample = ctx[n]; - if (!sample.isProper()) - CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); - if (sample.type() == acceptingSamples && validate(ctx, sample)) - return true; // matched this sample; validation successful - } - return false; -} - - -// -// Create an ObjectAcl -// -ObjectAcl::ObjectAcl(CssmAllocator &alloc) : allocator(alloc), nextHandle(1) -{ -} - -ObjectAcl::ObjectAcl(const AclEntryPrototype &proto, CssmAllocator &alloc) - : allocator(alloc), nextHandle(1) -{ - cssmSetInitial(proto); -} - -ObjectAcl::~ObjectAcl() -{ } - - -// -// Set an "initial ACL" from a CSSM-style initial ACL argument. -// This will replace the owner, as well as replace the entire ACL -// with a single-item slot, as per CSSM specification. -// -void ObjectAcl::cssmSetInitial(const AclEntryPrototype &proto) -{ - owner = OwnerEntry(proto); - entries.insert(EntryMap::value_type(proto.tag(), proto))->second.handle = nextHandle++; - IFDUMPING("acl", debugDump("create/proto")); -} - -void ObjectAcl::cssmSetInitial(const AclSubjectPointer &subject) -{ - owner = OwnerEntry(subject); - entries.insert(EntryMap::value_type("", subject))->second.handle = nextHandle++; - IFDUMPING("acl", debugDump("create/subject")); -} - -ObjectAcl::Entry::~Entry() -{ -} - -AclValidationContext::~AclValidationContext() -{ -} - -// -// ObjectAcl::validate validates an access authorization claim. -// Returns normally if 'auth' is granted to the bearer of 'cred'. -// Otherwise, throws a suitable (ACL-related) CssmError exception. -// @@@ Should it return a reference to the Entry that granted access? -// -class BaseValidationContext : public AclValidationContext { -public: - BaseValidationContext(const AccessCredentials *cred, - AclAuthorization auth, AclValidationEnvironment *env) - : AclValidationContext(cred, auth, env) { } - - uint32 count() const { return mCred ? mCred->samples().length() : 0; } - const TypedList &sample(uint32 n) const - { assert(n < count()); return mCred->samples()[n]; } -}; - -void ObjectAcl::validate(AclAuthorization auth, const AccessCredentials *cred, - AclValidationEnvironment *env) -{ - // make sure we are ready to go - instantiateAcl(); - - //@@@ should pre-screen based on requested auth, maybe? - BaseValidationContext ctx(cred, auth, env); - -#if defined(ACL_OMNIPOTENT_OWNER) - // try owner (owner can do anything) - if (owner.validate(ctx)) - return; -#endif //ACL_OMNIPOTENT_OWNER - - // try applicable ACLs - pair range; - if (getRange(cred->EntryTag, range) == 0) // no such tag - CssmError::throwMe(CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND); - // try entries in turn - for (ConstIterator it = range.first; it != range.second; it++) { - const AclEntry &slot = it->second; - if (slot.authorizes(ctx.authorization()) && slot.validate(ctx)) - return; // passed - } - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); //@@@ imprecise -} - -void ObjectAcl::validateOwner(AclAuthorization authorizationHint, - const AccessCredentials *cred, AclValidationEnvironment *env) -{ - instantiateAcl(); - BaseValidationContext ctx(cred, authorizationHint, env); - if (owner.validate(ctx)) - return; - CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED); -} - - -// -// Export an ObjectAcl to two memory blobs: public and private data separated. -// This is a standard two-pass size+copy operation. -// -void ObjectAcl::exportBlob(CssmData &publicBlob, CssmData &privateBlob) -{ - Writer::Counter pubSize, privSize; - Endian entryCount = entries.size(); - owner.exportBlob(pubSize, privSize); - pubSize(entryCount); - for (Iterator it = begin(); it != end(); it++) - it->second.exportBlob(pubSize, privSize); - publicBlob = CssmData(allocator.malloc(pubSize), pubSize); - privateBlob = CssmData(allocator.malloc(privSize), privSize); - Writer pubWriter(publicBlob), privWriter(privateBlob); - owner.exportBlob(pubWriter, privWriter); - pubWriter(entryCount); - for (Iterator it = begin(); it != end(); it++) - it->second.exportBlob(pubWriter, privWriter); - IFDUMPING("acl", debugDump("exported")); -} - - -// -// Import an ObjectAcl's contents from two memory blobs representing public and -// private contents, respectively. These blobs must have been generated by the -// export method. -// Prior contents (if any) are deleted and replaced. -// -void ObjectAcl::importBlob(const void *publicBlob, const void *privateBlob) -{ - Reader pubReader(publicBlob), privReader(privateBlob); - owner.importBlob(pubReader, privReader); - Endian entryCountIn; pubReader(entryCountIn); - uint32 entryCount = entryCountIn; - - entries.erase(begin(), end()); - for (uint32 n = 0; n < entryCount; n++) { - AclEntry newEntry; - newEntry.importBlob(pubReader, privReader); - entries.insert(EntryMap::value_type(newEntry.tag, newEntry))->second.handle = nextHandle++; - } - IFDUMPING("acl", debugDump("imported")); -} - - -// -// Import/export helpers for subjects. -// This is exported to (subject implementation) callers to maintain consistency -// in binary format handling. -// -AclSubject *ObjectAcl::importSubject(Reader &pub, Reader &priv) -{ - Endian typeAndVersion; pub(typeAndVersion); - return make(typeAndVersion, pub, priv); -} - - -// -// Setup/update hooks -// -void ObjectAcl::instantiateAcl() -{ - // nothing by default -} - -void ObjectAcl::changedAcl() -{ - // nothing by default -} - - -// -// ACL utility methods -// -unsigned int ObjectAcl::getRange(const char *tag, pair &range) const -{ - if (tag && tag[0]) { // tag restriction in effect - range = entries.equal_range(tag); - uint32 count = entries.count(tag); - if (count == 0) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG); - return count; - } else { // try all tags - range.first = entries.begin(); - range.second = entries.end(); - return entries.size(); - } -} - -ObjectAcl::Iterator ObjectAcl::findEntryHandle(CSSM_ACL_HANDLE handle) -{ - for (Iterator it = entries.begin(); it != entries.end(); it++) - if (it->second.handle == handle) - return it; - CssmError::throwMe(CSSMERR_CSSM_INVALID_HANDLE_USAGE); //%%% imprecise error code -} - - -// -// CSSM style ACL access and modification functions. -// -void ObjectAcl::cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls) -{ - instantiateAcl(); - pair range; - count = getRange(tag, range); - acls = allocator.alloc(count); - uint32 n = 0; - for (ConstIterator it = range.first; it != range.second; it++, n++) { - acls[n].EntryHandle = it->second.handle; - it->second.toEntryInfo(acls[n].EntryPublicInfo, allocator); - } - count = n; -} - -void ObjectAcl::cssmChangeAcl(const AclEdit &edit, - const AccessCredentials *cred, AclValidationEnvironment *env) -{ - IFDUMPING("acl", debugDump("acl-change-from")); - - // make sure we're ready to go - instantiateAcl(); - - // validate access credentials - validateOwner(CSSM_ACL_AUTHORIZATION_CHANGE_ACL, cred, env); - - // what is Thy wish, effendi? - switch (edit.EditMode) { - case CSSM_ACL_EDIT_MODE_ADD: { - AclEntry ent(Required(edit.newEntry()).proto()); //@@@ bypassing callback - ent.handle = nextHandle++; - entries.insert(EntryMap::value_type(edit.NewEntry->Prototype.EntryTag, ent)); - } - break; - case CSSM_ACL_EDIT_MODE_REPLACE: { - // keep the handle, and try for some modicum of atomicity - Iterator it = findEntryHandle(edit.OldEntryHandle); - AclEntry ent(Required(edit.newEntry()).proto()); - ent.handle = edit.OldEntryHandle; - entries.insert(EntryMap::value_type(edit.NewEntry->Prototype.EntryTag, ent)); - entries.erase(it); - } - break; - case CSSM_ACL_EDIT_MODE_DELETE: - entries.erase(findEntryHandle(edit.OldEntryHandle)); - break; - default: - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_EDIT_MODE); - } - - // notify change - changedAcl(); - - IFDUMPING("acl", debugDump("acl-change-to")); -} - -void ObjectAcl::cssmGetOwner(AclOwnerPrototype &outOwner) -{ - instantiateAcl(); - outOwner.TypedSubject = owner.subject->toList(allocator); - outOwner.Delegate = owner.delegate; -} - -void ObjectAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner, - const AccessCredentials *cred, AclValidationEnvironment *env) -{ - IFDUMPING("acl", debugDump("owner-change-from")); - - instantiateAcl(); - - // only the owner entry can match - validateOwner(CSSM_ACL_AUTHORIZATION_CHANGE_OWNER, cred, env); - - // okay, replace it - owner = newOwner; - - changedAcl(); - - IFDUMPING("acl", debugDump("owner-change-to")); -} - - -// -// Common features of ACL entries/owners -// -void ObjectAcl::Entry::init(const AclSubjectPointer &subject, bool delegate) -{ - this->subject = subject; - this->delegate = delegate; -} - -void ObjectAcl::Entry::importBlob(Reader &pub, Reader &priv) -{ - Endian del; - pub(del); // read del from the public blob - - delegate = del; // 4 bytes delegate flag - subject = importSubject(pub, priv); -} - - -// -// An OwnerEntry is a restricted EntryPrototype for use as the ACL owner. -// -bool ObjectAcl::OwnerEntry::authorizes(AclAuthorization) const -{ - return true; // owner can do anything -} - -bool ObjectAcl::OwnerEntry::validate(const AclValidationContext &ctx) const -{ - return subject->validate(ctx); // simple subject match - no strings attached -} - - -// -// An AclEntry has some extra goodies -// -ObjectAcl::AclEntry::AclEntry(const AclEntryPrototype &proto) : Entry(proto) -{ - tag = proto.tag(); - if (proto.authorization().contains(CSSM_ACL_AUTHORIZATION_ANY)) - authorizesAnything = true; // anything else wouldn't add anything - else if (proto.authorization().empty()) - authorizesAnything = true; // not in standard, but common sense - else { - authorizesAnything = false; - authorizations = proto.authorization(); - } - //@@@ not setting time range - // handle = not set here. Set by caller when the AclEntry is created. -} - -ObjectAcl::AclEntry::AclEntry(const AclSubjectPointer &subject) : Entry(subject) -{ - authorizesAnything = true; // by default, everything - //@@@ not setting time range -} - -void ObjectAcl::AclEntry::toEntryInfo(CSSM_ACL_ENTRY_PROTOTYPE &info, CssmAllocator &alloc) const -{ - info.TypedSubject = subject->toList(alloc); - info.Delegate = delegate; - info.Authorization = AuthorizationGroup(authorizations, alloc); - //@@@ info.TimeRange = - assert(tag.length() <= CSSM_MODULE_STRING_SIZE); - memcpy(info.EntryTag, tag.c_str(), tag.length() + 1); -} - -bool ObjectAcl::AclEntry::authorizes(AclAuthorization auth) const -{ - return authorizesAnything || authorizations.find(auth) != authorizations.end(); -} - -bool ObjectAcl::AclEntry::validate(const AclValidationContext &ctx) const -{ - //@@@ not checking time ranges - return subject->validate(ctx); -} - -void ObjectAcl::AclEntry::importBlob(Reader &pub, Reader &priv) -{ - Entry::importBlob(pub, priv); - const char *s; pub(s); tag = s; - - // authorizesAnything is on disk as a 4-byte flag - Endian tmpAuthorizesAnything; - pub(tmpAuthorizesAnything); - authorizesAnything = tmpAuthorizesAnything; - - authorizations.erase(authorizations.begin(), authorizations.end()); - if (!authorizesAnything) { - Endian countIn; pub(countIn); - uint32 count = countIn; - - for (uint32 n = 0; n < count; n++) { - Endian auth; pub(auth); - authorizations.insert(auth); - } - } - //@@@ import time range -} - - -// -// Subject factory and makers -// -AclSubject::Maker::Maker(CSSM_ACL_SUBJECT_TYPE type) : myType(type) -{ - ObjectAcl::makers()[type] = this; -} - -AclSubject *ObjectAcl::make(const TypedList &list) -{ - if (!list.isProper()) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - return makerFor(list.type()).make(list); -} - -AclSubject *ObjectAcl::make(uint32 typeAndVersion, Reader &pub, Reader &priv) -{ - // this type is encoded as (version << 24) | type - return makerFor(typeAndVersion & ~AclSubject::versionMask).make(typeAndVersion >> AclSubject::versionShift, pub, priv); -} - -AclSubject::Maker &ObjectAcl::makerFor(CSSM_ACL_SUBJECT_TYPE type) -{ - AclSubject::Maker *maker = makers()[type]; - if (maker == NULL) - CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED); - return *maker; -} - - -// -// Parsing helper for subject makers. -// Note that count/array exclude the first element of list, which is the subject type wordid. -// -void AclSubject::Maker::crack(const CssmList &list, uint32 count, ListElement **array, ...) -{ - if (count != list.length() - 1) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - if (count > 0) { - va_list args; - va_start(args, array); - ListElement *elem = list.first()->next(); - for (uint32 n = 0; n < count; n++, elem = elem->next()) { - CSSM_LIST_ELEMENT_TYPE expectedType = va_arg(args, CSSM_LIST_ELEMENT_TYPE); - if (elem->type() != expectedType) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - array[n] = elem; - } - va_end(args); - } -} - -CSSM_WORDID_TYPE AclSubject::Maker::getWord(const ListElement &elem, - int min /*= 0*/, int max /*= INT_MAX*/) -{ - if (elem.type() != CSSM_LIST_ELEMENT_WORDID) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - CSSM_WORDID_TYPE value = elem; - if (value < min || value > max) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); - return value; -} - - -// -// Debug dumping support. -// Leave the ObjectAcl::debugDump method in (stubbed out) -// to keep the virtual table layout stable, and to allow -// proper linking in weird mix-and-match scenarios. -// -void ObjectAcl::debugDump(const char *what) const -{ -#if defined(DEBUGDUMP) - if (!what) - what = "Dump"; - Debug::dump("%p ACL %s: %d entries\n", this, what, int(entries.size())); - Debug::dump(" OWNER ["); owner.debugDump(); Debug::dump("]\n"); - for (ConstIterator it = begin(); it != end(); it++) { - const AclEntry &ent = it->second; - Debug::dump(" (%ld:%s) [", ent.handle, ent.tag.c_str()); - ent.debugDump(); - Debug::dump("]\n"); - } - Debug::dump("%p ACL END\n", this); -#endif //DEBUGDUMP -} - -void AclSubject::debugDump() const -{ -#if defined(DEBUGDUMP) - switch (type()) { - case CSSM_ACL_SUBJECT_TYPE_ANY: - Debug::dump("ANY"); - break; - default: - Debug::dump("subject type=%d", int(type())); - break; - } -#endif //DEBUGDUMP -} - -#if defined(DEBUGDUMP) - -void ObjectAcl::Entry::debugDump() const -{ - if (AclSubject::Version v = subject->version()) - Debug::dump("V=%d ", v); - subject->debugDump(); - if (delegate) - Debug::dump(" DELEGATE"); -} - -void ObjectAcl::AclEntry::debugDump() const -{ - Entry::debugDump(); - if (authorizesAnything) { - Debug::dump(" auth(ALL)"); - } else { - Debug::dump(" auth("); - for (AclAuthorizationSet::iterator it = authorizations.begin(); - it != authorizations.end(); it++) - Debug::dump(" %ld", *it); - Debug::dump(")"); - } -} - -#endif //DEBUGDUMP diff --git a/cdsa/cdsa_utilities/cssmacl.h b/cdsa/cdsa_utilities/cssmacl.h deleted file mode 100644 index 4e48475b..00000000 --- a/cdsa/cdsa_utilities/cssmacl.h +++ /dev/null @@ -1,377 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmacl - core ACL management interface. -// -// This file contains a set of C++ classes that implement ACLs in the local address space. -// ObjectAcl is the abstract interface to an implementation of a CSSM ACL. It supports -// the CSSM interfaces for ACL manipulation. AclSubject is the common parent of all -// types of ACL Subjects (in the CSSM sense); subclass this to implement a new subject type. -// AclValidationContext is an extensible, structured way of passing context information -// from the evaluation environment into particular subjects whose validation is context sensitive. -// -#ifndef _CSSMACL -#define _CSSMACL - -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -namespace Security { - -class AclValidationContext; - - -// -// The AclSubject class models an ACL "subject" object. -// This is an abstract polymorphic class implementing various ACL subject types. -// Note that it does contain some common code to make everybody's life easier. -// -class AclSubject : public RefCount { -public: - typedef LowLevelMemoryUtilities::Writer Writer; - typedef LowLevelMemoryUtilities::Reader Reader; - - typedef uint8 Version; // binary version marker - static const int versionShift = 24; // highest-order byte of type is version - static const uint32 versionMask = 0xff000000; - - AclSubject(uint32 type) : mType(type), mVersion(0) { assert(!(type & versionMask)); } - virtual ~AclSubject(); - uint32 type() const { return mType; } - - virtual bool validate(const AclValidationContext &ctx) const = 0; - - // export to CSSM interface - virtual CssmList toList(CssmAllocator &alloc) const = 0; - - // export/import for save/restore interface - virtual void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - virtual void exportBlob(Writer &pub, Writer &priv); - virtual void importBlob(Reader &pub, Reader &priv); - - // binary compatibility version management. The version defaults to zero - Version version() const { return mVersion; } - void version(Version v) { mVersion = v; } - - // debug suupport (dummied out but present for -UDEBUGDUMP) - virtual void debugDump() const; - -private: - CSSM_ACL_SUBJECT_TYPE mType; - Version mVersion; - -public: - class Maker { - public: - Maker(CSSM_ACL_SUBJECT_TYPE type); - virtual ~Maker(); - - uint32 type() const { return myType; } - virtual AclSubject *make(const TypedList &list) const = 0; - virtual AclSubject *make(Version version, Reader &pub, Reader &priv) const = 0; - - protected: - // list parsing helpers - static void crack(const CssmList &list, uint32 count, - ListElement **array = NULL, ...); - static CSSM_WORDID_TYPE getWord(const ListElement &list, - int min = 0, int max = INT_MAX); - - private: - CSSM_ACL_SUBJECT_TYPE myType; - }; -}; - - -// -// A SimpleAclSubject validates a credential by scanning its samples -// one at a time, without any interactions between them. Thus its validate() -// can be a lot simpler. -// -class SimpleAclSubject : public AclSubject { -public: - SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE su, CSSM_SAMPLE_TYPE sa) - : AclSubject(su), acceptingSamples(sa) { } - - bool validate(const AclValidationContext &ctx) const; - virtual bool validate(const AclValidationContext &baseCtx, - const TypedList &sample) const = 0; - - const CSSM_SAMPLE_TYPE acceptingSamples; -}; - - -// -// An AclValidationEnvironment can be subclassed to add context access to ACL subject -// validation. If you use ACL subject classes that need context beyond the credential -// structure itself, add that context to (a subclass of) AclValidationContext, pass that -// to ObjectAcl::validate() along with the credentials, and have the Subject implementation -// access validationContext.environment(). -// -class AclValidationEnvironment { -public: - virtual ~AclValidationEnvironment(); // ensure virtual methods (need dynamic_cast) -}; - - -// -// An AclValidationContext holds credential information in a semi-transparent -// form. It's designed to provide a uniform representation of credentials, plus -// any (trusted path and/or implicit) context information useful for ACL validation. -// -class AclValidationContext { -public: - AclValidationContext(const AccessCredentials *cred, - AclAuthorization auth, AclValidationEnvironment *env = NULL) - : mCred(cred), mAuth(auth), mEnv(env) { } - AclValidationContext(const AclValidationContext &ctx) - : mCred(ctx.mCred), mAuth(ctx.mAuth), mEnv(ctx.mEnv) { } - virtual ~AclValidationContext(); - - // access to (suitably focused) sample set - virtual uint32 count() const = 0; // number of samples - virtual const TypedList &sample(uint32 n) const = 0; // retrieve one sample - const TypedList &operator [] (uint32 n) const { return sample(n); } - - // context access - AclAuthorization authorization() const { return mAuth; } - template - Env *environment() const { return dynamic_cast(mEnv); } - - //@@@ add certificate access functions - //@@@ add callback management - -protected: - const AccessCredentials *mCred; // original credentials - AclAuthorization mAuth; // action requested - AclValidationEnvironment *mEnv; // environmental context (if any) -}; - - -// -// An in-memory ACL object. -// This class implements an ACL-for-a-protected-object. It is complete in that -// it provides full ACL management functionality. You still need to (globally) -// register makers for the ACL subject types you want to use. -// Note that ObjectAcl does no integrity checking. ObjectAcl objects need to be -// protected from hostile access (by e.g. address space separation), and exported -// ACLs need to be protected somehow (by hiding, signing, or whatever works in -// your situation). -// -class ObjectAcl { - friend AclSubject::Maker::Maker(CSSM_ACL_SUBJECT_TYPE); - -public: - typedef RefPointer AclSubjectPointer; - - typedef LowLevelMemoryUtilities::Writer Writer; - typedef LowLevelMemoryUtilities::Reader Reader; - -public: - ObjectAcl(CssmAllocator &alloc); - ObjectAcl(const AclEntryPrototype &proto, CssmAllocator &alloc); - virtual ~ObjectAcl(); - - CssmAllocator &allocator; - - // access control validation: succeed or throw exception - void validate(AclAuthorization auth, const AccessCredentials *cred, - AclValidationEnvironment *env = NULL); - void validateOwner(AclAuthorization authorizationHint, const AccessCredentials *cred, - AclValidationEnvironment *env = NULL); - - // CSSM-style ACL access operations - // (Gets are not const because underlying implementations usually want them writable) - void cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls); - void cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred, - AclValidationEnvironment *env = NULL); - void cssmGetOwner(AclOwnerPrototype &owner); - void cssmChangeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred, - AclValidationEnvironment *env = NULL); - - void cssmSetInitial(const AclEntryPrototype &proto); - void cssmSetInitial(const AclSubjectPointer &subject); - - // Acl I/O (to/from memory blobs) - void exportBlob(CssmData &publicBlob, CssmData &privateBlob); - void importBlob(const void *publicBlob, const void *privateBlob); - - // setup hooks (called to delayed-construct the contents before use) - empty defaults - virtual void instantiateAcl(); // called before ACL contents are used by external calls - virtual void changedAcl(); // called after an ACL has been (possibly) changed - - // debug dump support (always there but stubbed out unless DEBUGDUMP) - virtual void debugDump(const char *what = NULL) const; - -public: - class Entry { - public: - AclSubjectPointer subject; // subject representation - bool delegate; // delegation flag - - Entry() { } // make invalid Entry - - void toOwnerInfo(CSSM_ACL_OWNER_PROTOTYPE &info, - CssmAllocator &alloc) const; // encode copy in CSSM format - - virtual bool authorizes(AclAuthorization auth) const = 0; - virtual bool validate(const AclValidationContext &ctx) const = 0; - - template - void ObjectAcl::Entry::exportBlob(Action &pub, Action &priv) - { - Endian del = delegate; pub(del); // 4 bytes delegate flag - exportSubject(subject, pub, priv); // subject itself (polymorphic) - } - void importBlob(Reader &pub, Reader &priv); - - IFDUMP(virtual void debugDump() const); - - private: - void init(const AclSubjectPointer &subject, bool delegate = false); - void init(const TypedList &subject, bool delegate = false) { init(make(subject), delegate); } - - protected: - Entry(const AclEntryPrototype &proto) { init(proto.subject(), proto.delegate()); } - Entry(const AclOwnerPrototype &proto) { init(proto.subject()); } - Entry(const AclSubjectPointer &subject) { init(subject); } - virtual ~Entry(); - }; - - class OwnerEntry : public Entry { - public: - OwnerEntry() { } // invalid OwnerEntry - template - OwnerEntry(const Input &owner) : Entry(owner) { } - OwnerEntry(const AclSubjectPointer &subject) : Entry(subject) { } - - bool authorizes(AclAuthorization auth) const; - bool validate(const AclValidationContext &ctx) const; - }; - - class AclEntry : public Entry { - public: - std::string tag; // entry tag - AclAuthorizationSet authorizations; // set of authorizations - bool authorizesAnything; // has the _ANY authorization tag - //@@@ time range not yet implemented - uint32 handle; // entry handle - - AclEntry() { } // invalid AclEntry - AclEntry(const AclSubjectPointer &subject); - AclEntry(const AclEntryPrototype &proto); - - void toEntryInfo(CSSM_ACL_ENTRY_PROTOTYPE &info, - CssmAllocator &alloc) const; // encode copy in CSSM format - - bool authorizes(AclAuthorization auth) const; - bool validate(const AclValidationContext &ctx) const; - - template - void exportBlob(Action &pub, Action &priv) - { - Entry::exportBlob(pub, priv); - const char *s = tag.c_str(); pub(s); - uint32 aa = authorizesAnything; pub(aa); - if (!authorizesAnything) { - Endian count = authorizations.size(); pub(count); - for (AclAuthorizationSet::iterator it = authorizations.begin(); - it != authorizations.end(); it++) { - Endian auth = *it; pub(auth); - } - } - //@@@ export time range - } - void importBlob(Reader &pub, Reader &priv); - - IFDUMP(void debugDump() const); - }; - -public: - // These helpers deal with transferring one subject from/to reader/writer streams. - // You'd usually only call those from complex subject implementations (e.g. threshold) - template - static void ObjectAcl::exportSubject(AclSubject *subject, Action &pub, Action &priv) - { - Endian typeAndVersion = subject->type() | subject->version() << AclSubject::versionShift; - pub(typeAndVersion); - subject->exportBlob(pub, priv); - } - static AclSubject *importSubject(Reader &pub, Reader &priv); - -public: - typedef std::multimap EntryMap; - typedef EntryMap::iterator Iterator; - typedef EntryMap::const_iterator ConstIterator; - - Iterator begin() { return entries.begin(); } - Iterator end() { return entries.end(); } - ConstIterator begin() const { return entries.begin(); } - ConstIterator end() const { return entries.end(); } - - unsigned int getRange(const char *tag, pair &range) const; - Iterator findEntryHandle(CSSM_ACL_HANDLE handle); - - // construct an AclSubject through the Maker registry (by subject type) - static AclSubject *make(const TypedList &list); // make from CSSM form - static AclSubject *make(uint32 typeAndVersion, - Reader &pub, Reader &priv); // make from export form - -private: - EntryMap entries; // ACL entries indexed by tag - OwnerEntry owner; // ACL owner entry - uint32 nextHandle; // next unused entry handle value - -private: - typedef map MakerMap; - static ModuleNexus makers; // registered subject Makers - - static AclSubject::Maker &makerFor(CSSM_ACL_SUBJECT_TYPE type); -}; - - -// -// This bastard child of two different data structure sets has no natural home. -// We'll take pity on it here. -// -class ResourceControlContext : public PodWrapper { -public: - ResourceControlContext() { clearPod(); } - ResourceControlContext(const AclEntryInput &initial, AccessCredentials *cred = NULL) - { InitialAclEntry = initial; AccessCred = cred; } - - AclEntryInput &input() { return AclEntryInput::overlay(InitialAclEntry); } - operator AclEntryInput &() { return input(); } - AccessCredentials *credentials() const { return AccessCredentials::overlay(AccessCred); } - void credentials(const CSSM_ACCESS_CREDENTIALS *creds) - { AccessCred = const_cast(creds); } -}; - -} // end namespace Security - - -#endif //_CSSMACL diff --git a/cdsa/cdsa_utilities/cssmaclpod.cpp b/cdsa/cdsa_utilities/cssmaclpod.cpp deleted file mode 100644 index 6fa17362..00000000 --- a/cdsa/cdsa_utilities/cssmaclpod.cpp +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures -// -#ifdef __MWERKS__ -#define _CPP_CSSMACLPOD -#endif - -#include -#include - - -AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths, - CssmAllocator &alloc) -{ - NumberOfAuthTags = auths.size(); - AuthTags = alloc.alloc(NumberOfAuthTags); - copy(auths.begin(), auths.end(), AuthTags); // happens to be sorted -} - -void AuthorizationGroup::destroy(CssmAllocator &alloc) -{ - alloc.free(AuthTags); -} - -bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const -{ - return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags]; -} - - -AuthorizationGroup::operator AclAuthorizationSet() const -{ - return AclAuthorizationSet(AuthTags, &AuthTags[NumberOfAuthTags]); -} - -AclEntryPrototype::AclEntryPrototype(const AclOwnerPrototype &proto) -{ - memset(this, 0, sizeof(*this)); - TypedSubject = proto.subject(); Delegate = proto.delegate(); - //@@@ set authorization to "is owner" pseudo-auth? See cssmacl.h -} - -void AclEntryPrototype::tag(const char *tagString) -{ - if (tagString == NULL) - EntryTag[0] = '\0'; - else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE) - CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG); - strcpy(EntryTag, tagString); -} - - -AclOwnerPrototype *AutoAclOwnerPrototype::make() -{ - if (!mAclOwnerPrototype) { - mAclOwnerPrototype = new AclOwnerPrototype; - mAclOwnerPrototype->clearPod(); - } - return mAclOwnerPrototype; -} - -AutoAclOwnerPrototype::~AutoAclOwnerPrototype() -{ - if (mAllocator) - DataWalkers::chunkFree(mAclOwnerPrototype, *mAllocator); -} - -void -AutoAclOwnerPrototype::allocator(CssmAllocator &allocator) -{ - mAllocator = &allocator; -} - - -AutoAclEntryInfoList::~AutoAclEntryInfoList() -{ - if (mAllocator) - { - DataWalkers::ChunkFreeWalker w(*mAllocator); - for (uint32 ix = 0; ix < mNumberOfAclEntries; ix++) - walk(w, mAclEntryInfo[ix]); - //DataWalkers::chunkFree(mAclEntryInfo[ix], *mAllocator); - mAllocator->free(mAclEntryInfo); - } -} - -void -AutoAclEntryInfoList::allocator(CssmAllocator &allocator) -{ - mAllocator = &allocator; -} diff --git a/cdsa/cdsa_utilities/cssmaclpod.h b/cdsa/cdsa_utilities/cssmaclpod.h deleted file mode 100644 index 67a5fa24..00000000 --- a/cdsa/cdsa_utilities/cssmaclpod.h +++ /dev/null @@ -1,289 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures -// -#ifndef _CSSMACLPOD -#define _CSSMACLPOD - -#include -#include -#include - -namespace Security { - -// a nicer name for an authorization tag -typedef CSSM_ACL_AUTHORIZATION_TAG AclAuthorization; -typedef std::set AclAuthorizationSet; - - -// -// Enhanced POD Wrappers for the public ACL-related CSSM structures -// -class AuthorizationGroup : public PodWrapper { -public: - AuthorizationGroup() { NumberOfAuthTags = 0; } - AuthorizationGroup(AclAuthorization auth); - - explicit AuthorizationGroup(const AclAuthorizationSet &, CssmAllocator &alloc); - void destroy(CssmAllocator &alloc); - - bool empty() const { return NumberOfAuthTags == 0; } - unsigned int count() const { return NumberOfAuthTags; } - CSSM_ACL_AUTHORIZATION_TAG operator [] (unsigned ix) const - { assert(ix < count()); return AuthTags[ix]; } - - bool contains(CSSM_ACL_AUTHORIZATION_TAG tag) const; - operator AclAuthorizationSet () const; -}; - -class AclOwnerPrototype; - -class AclEntryPrototype : public PodWrapper { -public: - AclEntryPrototype() { clearPod(); } - explicit AclEntryPrototype(const AclOwnerPrototype &proto); - AclEntryPrototype(const CSSM_LIST &subj, bool delegate = false) - { clearPod(); TypedSubject = subj; Delegate = delegate; } - - TypedList &subject() { return TypedList::overlay(TypedSubject); } - const TypedList &subject() const { return TypedList::overlay(TypedSubject); } - bool delegate() const { return Delegate; } - char *tag() { return EntryTag; } - const char *tag() const { return EntryTag; } - void tag(const char *tagString); - AuthorizationGroup &authorization() { return AuthorizationGroup::overlay(Authorization); } - const AuthorizationGroup &authorization() const - { return AuthorizationGroup::overlay(Authorization); } -}; - -class AclOwnerPrototype : public PodWrapper { -public: - AclOwnerPrototype() { clearPod(); } - explicit AclOwnerPrototype(const AclEntryPrototype &proto) - { TypedSubject = proto.subject(); Delegate = proto.delegate(); } - AclOwnerPrototype(const CSSM_LIST &subj, bool delegate = false) - { TypedSubject = subj; Delegate = delegate; } - - TypedList &subject() { return TypedList::overlay(TypedSubject); } - const TypedList &subject() const { return TypedList::overlay(TypedSubject); } - bool delegate() const { return Delegate; } -}; - -class AclEntryInfo : public PodWrapper { -public: - AclEntryPrototype &proto() { return AclEntryPrototype::overlay(EntryPublicInfo); } - const AclEntryPrototype &proto() const - { return AclEntryPrototype::overlay(EntryPublicInfo); } - - operator AclEntryPrototype &() { return proto(); } - operator const AclEntryPrototype &() const { return proto(); } - - CSSM_ACL_HANDLE &handle() { return EntryHandle; } - const CSSM_ACL_HANDLE &handle() const { return EntryHandle; } -}; - -class AclEntryInput : public PodWrapper { -public: - AclEntryInput() { clearPod(); } - AclEntryInput(const AclEntryPrototype &prot) - { Prototype = prot; Callback = NULL; CallerContext = NULL; } - - AclEntryPrototype &proto() { return AclEntryPrototype::overlay(Prototype); } - const AclEntryPrototype &proto() const { return AclEntryPrototype::overlay(Prototype); } - //@@@ not supporting callback features (yet) -}; - -class AclEdit : public PodWrapper { -public: - AclEdit(CSSM_ACL_EDIT_MODE m, CSSM_ACL_HANDLE h, const AclEntryInput *data) - { EditMode = m; OldEntryHandle = h; NewEntry = data; } - AclEdit(const AclEntryInput &add) - { EditMode = CSSM_ACL_EDIT_MODE_ADD; OldEntryHandle = CSSM_INVALID_HANDLE; NewEntry = &add; } - AclEdit(CSSM_ACL_HANDLE h, const AclEntryInput &modify) - { EditMode = CSSM_ACL_EDIT_MODE_REPLACE; OldEntryHandle = h; NewEntry = &modify; } - AclEdit(CSSM_ACL_HANDLE h) - { EditMode = CSSM_ACL_EDIT_MODE_DELETE; OldEntryHandle = h; NewEntry = NULL; } - - CSSM_ACL_EDIT_MODE mode() const { return EditMode; } - CSSM_ACL_HANDLE handle() const { return OldEntryHandle; } - const AclEntryInput *newEntry() const { return AclEntryInput::overlay(NewEntry); } -}; - - -// -// Allocating versions of Acl structures -// -class AutoAclOwnerPrototype { - NOCOPY(AutoAclOwnerPrototype) -public: - // allocator can be set after construction - AutoAclOwnerPrototype(CssmAllocator *allocator = NULL) - : mAclOwnerPrototype(NULL), mAllocator(allocator) { } - ~AutoAclOwnerPrototype(); - - operator CSSM_ACL_OWNER_PROTOTYPE *() { return make(); } - AclOwnerPrototype &operator * () { return *make(); } - - void allocator(CssmAllocator &allocator); - -private: - AclOwnerPrototype *mAclOwnerPrototype; - CssmAllocator *mAllocator; - - AclOwnerPrototype *make(); -}; - - -class AutoAclEntryInfoList { - NOCOPY(AutoAclEntryInfoList) -public: - // allocator can be set after construction - AutoAclEntryInfoList(CssmAllocator *allocator = NULL) - : mAclEntryInfo(NULL), mNumberOfAclEntries(0), mAllocator(allocator) { } - ~AutoAclEntryInfoList(); - - operator CSSM_ACL_ENTRY_INFO_PTR *() - { return reinterpret_cast(&mAclEntryInfo); } - operator uint32 *() { return &mNumberOfAclEntries; } - - void allocator(CssmAllocator &allocator); - - const AclEntryInfo &at(uint32 ix) const { return mAclEntryInfo[ix]; } - const AclEntryInfo &operator[](uint32 ix) const - { assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; } - AclEntryInfo &operator[](uint32 ix) - { assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; } - - uint32 size() const { return mNumberOfAclEntries; } // obsolete - uint32 count() const { return mNumberOfAclEntries; } - AclEntryInfo *entries() const { return mAclEntryInfo; } - -private: - AclEntryInfo *mAclEntryInfo; - uint32 mNumberOfAclEntries; - CssmAllocator *mAllocator; -}; - -class AutoAuthorizationGroup : public AuthorizationGroup { -public: - AutoAuthorizationGroup(CssmAllocator &alloc) : allocator(alloc) { } - explicit AutoAuthorizationGroup(const AclAuthorizationSet &set, - CssmAllocator &alloc) : AuthorizationGroup(set, alloc), allocator(alloc) { } - ~AutoAuthorizationGroup() { destroy(allocator); } - - CssmAllocator &allocator; -}; - - -// -// Walkers for the CSSM API structure types -// -namespace DataWalkers { - -// AclEntryInput -template -AclEntryInput *walk(Action &operate, AclEntryInput * &input) -{ - operate(input); - walk(operate, input->proto()); - return input; -} - -template -void walk(Action &operate, AclEntryInput &input) -{ - operate(input); - walk(operate, input.proto()); -} - -// AclEntryInfo -template -void walk(Action &operate, AclEntryInfo &info) -{ - operate(info); - walk(operate, info.proto()); -} - -template -void walk(Action &operate, const AclEntryInfo &info) -{ walk(operate, const_cast(info)); } - -// AuthorizationGroup -template -void walk(Action &operate, AuthorizationGroup &auth) -{ - operate(auth); - uint32 count = auth.count(); - operate.blob(auth.AuthTags, count * sizeof(AclAuthorization)); - for (uint32 n = 0; n < count; n++) - walk(operate, auth.AuthTags[n]); -} - -template -void walk(Action &operate, CSSM_AUTHORIZATIONGROUP &auth) -{ walk(operate, static_cast(auth)); } - -// AclEntryPrototype -template -void enumerate(Action &operate, AclEntryPrototype &proto) -{ - walk(operate, proto.subject()); - walk(operate, proto.authorization()); - //@@@ ignoring validity period -} - -template -void walk(Action &operate, AclEntryPrototype &proto) -{ - operate(proto); - enumerate(operate, proto); -} - -template -AclEntryPrototype *walk(Action &operate, AclEntryPrototype * &proto) -{ - operate(proto); - enumerate(operate, *proto); - return proto; -} - -// AclOwnerPrototype -template -void walk(Action &operate, AclOwnerPrototype &proto) -{ - operate(proto); - walk(operate, proto.subject()); -} - -template -AclOwnerPrototype *walk(Action &operate, AclOwnerPrototype * &proto) -{ - operate(proto); - walk(operate, proto->subject()); - return proto; -} - - -} // end namespace DataWalkers - -} // end namespace Security - - -#endif //_CSSMACLPOD diff --git a/cdsa/cdsa_utilities/cssmalloc.cpp b/cdsa/cdsa_utilities/cssmalloc.cpp deleted file mode 100644 index 036e401c..00000000 --- a/cdsa/cdsa_utilities/cssmalloc.cpp +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmalloc - memory allocation in the CDSA world. -// -// Don't eat heavily before inspecting this code. -// -#include -#include -#include -#include -#include -#include - -using LowLevelMemoryUtilities::alignof; -using LowLevelMemoryUtilities::increment; -using LowLevelMemoryUtilities::alignUp; - -extern "C" size_t malloc_size(void *); - - -// -// Features of the CssmAllocator root class -// -bool CssmAllocator::operator == (const CssmAllocator &alloc) const throw() -{ - return this == &alloc; -} - -CssmAllocator::~CssmAllocator() -{ -} - - -// -// Standard CssmAllocator variants. -// Note that all calls to CssmAllocator::standard(xxx) with the same xxx argument -// must produce compatible allocators (i.e. they must be work on a common memory -// pool). This is trivially achieved here by using singletons. -// -struct DefaultCssmAllocator : public CssmAllocator { - void *malloc(size_t size) throw(std::bad_alloc); - void free(void *addr) throw(); - void *realloc(void *addr, size_t size) throw(std::bad_alloc); -}; - -struct SensitiveCssmAllocator : public DefaultCssmAllocator { - void free(void *addr) throw(); - void *realloc(void *addr, size_t size) throw(std::bad_alloc); -}; - -struct DefaultAllocators { - DefaultCssmAllocator standard; - SensitiveCssmAllocator sensitive; -}; - -static ModuleNexus defaultAllocators; - - -CssmAllocator &CssmAllocator::standard(uint32 request) -{ - switch (request) { - case normal: - return defaultAllocators().standard; - case sensitive: - return defaultAllocators().sensitive; - default: - CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR); - } -} - -void *DefaultCssmAllocator::malloc(size_t size) throw(std::bad_alloc) -{ - if (void *result = ::malloc(size)) - return result; - throw std::bad_alloc(); -} - -void DefaultCssmAllocator::free(void *addr) throw() -{ - ::free(addr); -} - -void *DefaultCssmAllocator::realloc(void *addr, size_t newSize) throw(std::bad_alloc) -{ - if (void *result = ::realloc(addr, newSize)) - return result; - throw std::bad_alloc(); -} - -void SensitiveCssmAllocator::free(void *addr) throw() -{ - memset(addr, 0, malloc_size(addr)); - DefaultCssmAllocator::free(addr); -} - -void *SensitiveCssmAllocator::realloc(void *addr, size_t newSize) throw(std::bad_alloc) -{ - size_t oldSize = malloc_size(addr); - if (newSize < oldSize) - memset(increment(addr, newSize), 0, oldSize - newSize); - return DefaultCssmAllocator::realloc(addr, newSize); -} - -TrackingAllocator::~TrackingAllocator() -{ - AllocSet::iterator first = mAllocSet.begin(), last = mAllocSet.end(); - for (; first != last; ++first) - mAllocator.free(*first); -} - -// -// CssmMemoryFunctionsAllocators -// -void *CssmMemoryFunctionsAllocator::malloc(size_t size) throw(std::bad_alloc) -{ return functions.malloc(size); } - -void CssmMemoryFunctionsAllocator::free(void *addr) throw() -{ return functions.free(addr); } - -void *CssmMemoryFunctionsAllocator::realloc(void *addr, size_t size) throw(std::bad_alloc) -{ return functions.realloc(addr, size); } - - -// -// CssmAllocatorMemoryFunctions -// -CssmAllocatorMemoryFunctions::CssmAllocatorMemoryFunctions(CssmAllocator &alloc) -{ - AllocRef = &alloc; - malloc_func = relayMalloc; - free_func = relayFree; - realloc_func = relayRealloc; - calloc_func = relayCalloc; -} - -void *CssmAllocatorMemoryFunctions::relayMalloc(size_t size, void *ref) throw(std::bad_alloc) -{ return allocator(ref).malloc(size); } - -void CssmAllocatorMemoryFunctions::relayFree(void *mem, void *ref) throw() -{ allocator(ref).free(mem); } - -void *CssmAllocatorMemoryFunctions::relayRealloc(void *mem, size_t size, void *ref) throw(std::bad_alloc) -{ return allocator(ref).realloc(mem, size); } - -void *CssmAllocatorMemoryFunctions::relayCalloc(uint32 count, size_t size, void *ref) throw(std::bad_alloc) -{ - // CssmAllocator doesn't have a calloc() method - void *mem = allocator(ref).malloc(size * count); - memset(mem, 0, size * count); - return mem; -} - - -// -// Memory allocators for CssmHeap objects. -// This implementation stores a pointer to the allocator used into memory -// *after* the object's proper storage block. This allows the usual free() -// functions to safely free our (hidden) pointer without knowing about it. -// An allocator argument of NULL is interpreted as the standard allocator. -// -void *CssmHeap::operator new (size_t size, CssmAllocator *alloc) throw(std::bad_alloc) -{ - if (alloc == NULL) - alloc = &CssmAllocator::standard(); - size = alignUp(size, alignof()); - size_t totalSize = size + sizeof(CssmAllocator *); - void *addr = alloc->malloc(totalSize); - *(CssmAllocator **)increment(addr, size) = alloc; - return addr; -} - -void CssmHeap::operator delete (void *addr, size_t size, CssmAllocator *alloc) throw() -{ - alloc->free(addr); // as per C++ std, called (only) if construction fails -} - -void CssmHeap::operator delete (void *addr, size_t size) throw() -{ - void *end = increment(addr, alignUp(size, alignof())); - (*(CssmAllocator **)end)->free(addr); -} - - -// -// CssmVector -// diff --git a/cdsa/cdsa_utilities/cssmalloc.h b/cdsa/cdsa_utilities/cssmalloc.h deleted file mode 100644 index 18bd5097..00000000 --- a/cdsa/cdsa_utilities/cssmalloc.h +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmalloc - memory allocation in the CDSA world -// -#ifndef _H_CSSMALLOC -#define _H_CSSMALLOC - -#include -#include -#include - -#ifdef _CPP_CSSMALLOC -# pragma export on -#endif - -namespace Security -{ - -// -// An abstract allocator superclass, based on the simple malloc/realloc/free paradigm -// that CDSA loves so much. If you have an allocation strategy and want objects -// to be allocated through it, inherit from this. -// -class CssmAllocator { -public: - virtual ~CssmAllocator(); - virtual void *malloc(size_t) throw(std::bad_alloc) = 0; - virtual void free(void *) throw() = 0; - virtual void *realloc(void *, size_t) throw(std::bad_alloc) = 0; - - // - // Template versions for added expressiveness. - // Note that the integers are element counts, not byte sizes. - // - template T *alloc() throw(std::bad_alloc) - { return reinterpret_cast(malloc(sizeof(T))); } - - template T *alloc(uint32 count) throw(std::bad_alloc) - { return reinterpret_cast(malloc(sizeof(T) * count)); } - - template T *alloc(T *old, uint32 count) throw(std::bad_alloc) - { return reinterpret_cast(realloc(old, sizeof(T) * count)); } - - template CssmData alloc(const Data &source) throw(std::bad_alloc) - { - size_t length = source.length(); - return CssmData(memcpy(malloc(length), source.data(), length), length); - } - - // - // Happier malloc/realloc for any type. Note that these still have - // the original (byte-sized) argument profile. - // - template T *malloc(size_t size) throw(std::bad_alloc) - { return reinterpret_cast(malloc(size)); } - - template T *realloc(void *addr, size_t size) throw(std::bad_alloc) - { return reinterpret_cast(realloc(addr, size)); } - - // All right, if you *really* have to have calloc... - void *calloc(size_t size, unsigned int count) throw(std::bad_alloc) - { - void *addr = malloc(size * count); - memset(addr, 0, size * count); - return addr; - } - - // compare CssmAllocators for identity - virtual bool operator == (const CssmAllocator &alloc) const throw(); - -public: - // allocator chooser options - enum { - normal = 0x0000, - sensitive = 0x0001 - }; - - static CssmAllocator &standard(uint32 request = normal); -}; - - -// -// A POD wrapper for the memory functions structure passed around in CSSM. -// -class CssmMemoryFunctions : public PodWrapper { -public: - CssmMemoryFunctions(const CSSM_MEMORY_FUNCS &funcs) - { *(CSSM_MEMORY_FUNCS *)this = funcs; } - CssmMemoryFunctions() { } - - void *malloc(size_t size) const throw(std::bad_alloc); - void free(void *mem) const throw() { free_func(mem, AllocRef); } - void *realloc(void *mem, size_t size) const throw(std::bad_alloc); - void *calloc(uint32 count, size_t size) const throw(std::bad_alloc); - - bool operator == (const CSSM_MEMORY_FUNCS &other) const throw() - { return !memcmp(this, &other, sizeof(*this)); } -}; - -inline void *CssmMemoryFunctions::malloc(size_t size) const throw(std::bad_alloc) -{ - if (void *addr = malloc_func(size, AllocRef)) - return addr; - throw std::bad_alloc(); -} - -inline void *CssmMemoryFunctions::calloc(uint32 count, size_t size) const throw(std::bad_alloc) -{ - if (void *addr = calloc_func(count, size, AllocRef)) - return addr; - throw std::bad_alloc(); -} - -inline void *CssmMemoryFunctions::realloc(void *mem, size_t size) const throw(std::bad_alloc) -{ - if (void *addr = realloc_func(mem, size, AllocRef)) - return addr; - throw std::bad_alloc(); -} - - -// -// A CssmAllocator based on CssmMemoryFunctions -// -class CssmMemoryFunctionsAllocator : public CssmAllocator { -public: - CssmMemoryFunctionsAllocator(const CssmMemoryFunctions &memFuncs) : functions(memFuncs) { } - - void *malloc(size_t size) throw(std::bad_alloc); - void free(void *addr) throw(); - void *realloc(void *addr, size_t size) throw(std::bad_alloc); - - operator const CssmMemoryFunctions & () const throw() { return functions; } - -private: - const CssmMemoryFunctions functions; -}; - -} // end namespace Security - -// -// Global C++ allocation hooks to use CssmAllocators -// -inline void *operator new (size_t size, CssmAllocator &allocator) throw (std::bad_alloc) -{ return allocator.malloc(size); } - -inline void *operator new[] (size_t size, CssmAllocator &allocator) throw (std::bad_alloc) -{ return allocator.malloc(size); } - - -// -// You'd think that this is operator delete(const T *, CssmAllocator &), but you'd -// be wrong. Specialized operator delete is only called during constructor cleanup. -// Use this to cleanly destroy things. -// -template -inline void destroy(T *obj, CssmAllocator &alloc) throw() -{ - obj->~T(); - alloc.free(obj); -} - -// untyped (release memory only, no destructor call) -inline void destroy(void *obj, CssmAllocator &alloc) throw() -{ - alloc.free(obj); -} - -namespace Security -{ - -// -// A MemoryFunctions object based on a CssmAllocator. -// Note that we don't copy the CssmAllocator object. It needs to live (at least) -// as long as any CssmAllocatorMemoryFunctions object based on it. -// -class CssmAllocatorMemoryFunctions : public CssmMemoryFunctions { -public: - CssmAllocatorMemoryFunctions(CssmAllocator &alloc); - CssmAllocatorMemoryFunctions() { /*IFDEBUG(*/ AllocRef = NULL /*)*/ ; } // later assignment req'd - -private: - static void *relayMalloc(size_t size, void *ref) throw(std::bad_alloc); - static void relayFree(void *mem, void *ref) throw(); - static void *relayRealloc(void *mem, size_t size, void *ref) throw(std::bad_alloc); - static void *relayCalloc(uint32 count, size_t size, void *ref) throw(std::bad_alloc); - - static CssmAllocator &allocator(void *ref) throw() - { return *reinterpret_cast(ref); } -}; - - -// -// A mixin class to automagically manage your allocator. -// To allow allocation (of your object) from any instance of CssmAllocator, -// inherit from CssmHeap. Your users can then create heap instances of your thing by -// new (an-allocator) YourClass(...) -// or (still) -// new YourClass(...) -// for the default allocation source. The beauty is that when someone does a -// delete pointer-to-your-instance -// then the magic fairies will find the allocator that created the object and ask it -// to free the memory (by calling its free() method). -// The price of all that glory is memory overhead - typically one pointer per object. -// -class CssmHeap { -public: - void *operator new (size_t size, CssmAllocator *alloc = NULL) throw(std::bad_alloc); - void operator delete (void *addr, size_t size) throw(); - void operator delete (void *addr, size_t size, CssmAllocator *alloc) throw(); -}; - - -// -// Here is a version of auto_ptr that works with CssmAllocators. It is designed -// to be pretty much a drop-in replacement. It requires an allocator as a constructor -// argument, of course. -// Note that CssmAutoPtr is perfectly valid, unlike its auto_ptr look-alike. -// You can't dereference it, naturally. -// -template -class CssmAutoPtr { -public: - CssmAllocator &allocator; - - CssmAutoPtr(CssmAllocator &alloc = CssmAllocator::standard()) - : allocator(alloc), mine(NULL) { } - CssmAutoPtr(CssmAllocator &alloc, T *p) - : allocator(alloc), mine(p) { } - CssmAutoPtr(T *p) - : allocator(CssmAllocator::standard()), mine(p) { } - template CssmAutoPtr(CssmAutoPtr &src) - : allocator(src.allocator), mine(src.release()) { } - template CssmAutoPtr(CssmAllocator &alloc, CssmAutoPtr &src) - : allocator(alloc), mine(rc.release()) { assert(allocator == src.allocator); } - - ~CssmAutoPtr() { allocator.free(mine); } - - T *get() const throw() { return mine; } - T *release() { T *result = mine; mine = NULL; return result; } - void reset() { allocator.free(mine); mine = NULL; } - - operator T * () const { return mine; } - T *operator -> () const { return mine; } - T &operator * () const { assert(mine); return *mine; } - -private: - T *mine; -}; - -// specialization for void (i.e. void *), omitting the troublesome dereferencing ops. -template <> -class CssmAutoPtr { -public: - CssmAllocator &allocator; - - CssmAutoPtr(CssmAllocator &alloc) : allocator(alloc), mine(NULL) { } - CssmAutoPtr(CssmAllocator &alloc, void *p) : allocator(alloc), mine(p) { } - template CssmAutoPtr(CssmAutoPtr &src) - : allocator(src.allocator), mine(src.release()) { } - template CssmAutoPtr(CssmAllocator &alloc, CssmAutoPtr &src) - : allocator(alloc), mine(rc.release()) { assert(allocator == src.allocator); } - - ~CssmAutoPtr() { destroy(mine, allocator); } - - void *get() throw() { return mine; } - void *release() { void *result = mine; mine = NULL; return result; } - void reset() { allocator.free(mine); mine = NULL; } - -private: - void *mine; -}; - - -// -// Convenience forms of CssmAutoPtr that automatically make their (initial) object. -// -template -class CssmNewAutoPtr : public CssmAutoPtr { -public: - CssmNewAutoPtr(CssmAllocator &alloc = CssmAllocator::standard()) - : CssmAutoPtr(alloc, new(alloc) T) { } - - template - CssmNewAutoPtr(CssmAllocator &alloc, A1 &arg1) : CssmAutoPtr(alloc, new(alloc) T(arg1)) { } - template - CssmNewAutoPtr(CssmAllocator &alloc, const A1 &arg1) - : CssmAutoPtr(alloc, new(alloc) T(arg1)) { } - - template - CssmNewAutoPtr(CssmAllocator &alloc, A1 &arg1, A2 &arg2) - : CssmAutoPtr(alloc, new(alloc) T(arg1, arg2)) { } - template - CssmNewAutoPtr(CssmAllocator &alloc, const A1 &arg1, A2 &arg2) - : CssmAutoPtr(alloc, new(alloc) T(arg1, arg2)) { } - template - CssmNewAutoPtr(CssmAllocator &alloc, A1 &arg1, const A2 &arg2) - : CssmAutoPtr(alloc, new(alloc) T(arg1, arg2)) { } - template - CssmNewAutoPtr(CssmAllocator &alloc, const A1 &arg1, const A2 &arg2) - : CssmAutoPtr(alloc, new(alloc) T(arg1, arg2)) { } -}; - - -// -// A generic helper for the unhappily ubiquitous CSSM-style -// (count, pointer-to-array) style of arrays. -// -template -class CssmVector { -public: - CssmVector(uint32 &cnt, Base * &vec, CssmAllocator &alloc = CssmAllocator::standard()) - : count(cnt), vector(reinterpret_cast(vec)), - allocator(alloc) - { - count = 0; - vector = NULL; - } - - ~CssmVector() { allocator.free(vector); } - - uint32 &count; - Wrapper * &vector; - CssmAllocator &allocator; - -public: - Wrapper &operator [] (uint32 ix) - { assert(ix < count); return vector[ix]; } - - void operator += (const Wrapper &add) - { - vector = reinterpret_cast(allocator.realloc(vector, (count + 1) * sizeof(Wrapper))); - //@@@???compiler bug??? vector = allocator.alloc(vector, count + 1); - vector[count++] = add; - } -}; - - -} // end namespace Security - -#ifdef _CPP_CSSMALLOC -# pragma export off -#endif - -#endif //_H_CSSMALLOC diff --git a/cdsa/cdsa_utilities/cssmcert.cpp b/cdsa/cdsa_utilities/cssmcert.cpp deleted file mode 100644 index ff26e706..00000000 --- a/cdsa/cdsa_utilities/cssmcert.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmcert - CSSM layer certificate (CL) related objects. -// -#include -#include - - -namespace Security { - - -// -// Construct an EncodedCertificate -// -EncodedCertificate::EncodedCertificate(CSSM_CERT_TYPE type, CSSM_CERT_ENCODING enc, - const CSSM_DATA *data) -{ - clearPod(); - CertType = type; - CertEncoding = enc; - if (data) - CertBlob = *data; -} - - -// -// Construct an empty CertGroup. -// -CertGroup::CertGroup(CSSM_CERT_TYPE ctype, - CSSM_CERT_ENCODING encoding, CSSM_CERTGROUP_TYPE type) -{ - clearPod(); - CertType = ctype; - CertEncoding = encoding; - CertGroupType = type; -} - - -// -// Free all memory in a CertGroup -// -void CertGroup::destroy(CssmAllocator &allocator) -{ - switch (type()) { - case CSSM_CERTGROUP_DATA: - // array of CSSM_DATA elements - for (uint32 n = 0; n < count(); n++) - allocator.free(blobCerts()[n].data()); - allocator.free (blobCerts ()); - break; - case CSSM_CERTGROUP_ENCODED_CERT: - for (uint32 n = 0; n < count(); n++) - allocator.free(encodedCerts()[n].data()); - allocator.free (blobCerts ()); - break; - case CSSM_CERTGROUP_PARSED_CERT: - // CSSM_PARSED_CERTS array -- unimplemented - case CSSM_CERTGROUP_CERT_PAIR: - // CSSM_CERT_PAIR array -- unimplemented - break; - } -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cssmcert.h b/cdsa/cdsa_utilities/cssmcert.h deleted file mode 100644 index 2a5da1d7..00000000 --- a/cdsa/cdsa_utilities/cssmcert.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmcert - CSSM layer certificate (CL) related objects. -// -#ifndef _H_CSSMCERT -#define _H_CSSMCERT - -#include -#include - - -namespace Security { - - -// -// A CSSM_FIELD, essentially an OID/Data pair. -// -class CssmField : public PodWrapper { -public: - CssmField() { } - CssmField(const CSSM_OID &oid, const CSSM_DATA &value) - { FieldOid = oid; FieldValue = value; } - - CssmField(const CSSM_OID &oid) - { FieldOid = oid; FieldValue = CssmData(); } - -public: - CssmOid &oid() { return CssmOid::overlay(FieldOid); } - CssmOid &value() { return CssmOid::overlay(FieldValue); } - const CssmOid &oid() const { return CssmOid::overlay(FieldOid); } - const CssmOid &value() const { return CssmOid::overlay(FieldValue); } - - bool isComplex() const - { return value().length() == CSSM_FIELDVALUE_COMPLEX_DATA_TYPE; } -}; - - -// -// An encoded certificate -// -class EncodedCertificate : public PodWrapper { -public: - EncodedCertificate(CSSM_CERT_TYPE type = CSSM_CERT_UNKNOWN, - CSSM_CERT_ENCODING enc = CSSM_CERT_ENCODING_UNKNOWN, - const CSSM_DATA *data = NULL); - - CSSM_CERT_TYPE type() const { return CertType; } - CSSM_CERT_ENCODING encoding() const { return CertEncoding; } - const CssmData &blob() const { return CssmData::overlay(CertBlob); } - - // CssmDataoid features - void *data() const { return blob().data(); } - size_t length() const { return blob().length(); } -}; - - -// -// CertGroups - groups of certificates in a bewildering variety of forms -// -class CertGroup : public PodWrapper { -public: - CertGroup() { } - CertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding, CSSM_CERTGROUP_TYPE type); - -public: - CSSM_CERT_TYPE certType() const { return CertType; } - CSSM_CERT_ENCODING encoding() const { return CertEncoding; } - CSSM_CERTGROUP_TYPE type() const { return CertGroupType; } - uint32 count() const { return NumCerts; } - uint32 &count() { return NumCerts; } - -public: - // CSSM_CERTGROUP_DATA version - CssmData * &blobCerts() - { assert(type() == CSSM_CERTGROUP_DATA); return CssmData::overlayVar(GroupList.CertList); } - CssmData *blobCerts() const - { assert(type() == CSSM_CERTGROUP_DATA); return CssmData::overlay(GroupList.CertList); } - - // CSSM_CERTGROUP_ENCODED_CERT version - EncodedCertificate * &encodedCerts() - { return EncodedCertificate::overlayVar(GroupList.EncodedCertList); } - EncodedCertificate *encodedCerts() const - { return EncodedCertificate::overlay(GroupList.EncodedCertList); } - -public: - // free all memory in this group with the given allocator - void destroy(CssmAllocator &allocator); -}; - - -// -// Walkers -// -namespace DataWalkers { - - - - -} // end namespace DataWalkers -} // end namespace Security - -#endif //_H_CSSMCERT diff --git a/cdsa/cdsa_utilities/cssmcred.cpp b/cdsa/cdsa_utilities/cssmcred.cpp deleted file mode 100644 index 781e47d6..00000000 --- a/cdsa/cdsa_utilities/cssmcred.cpp +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmcred - enhanced PodWrappers and construction aids for ACL credentials -// -#include - - -namespace Security { - - -// -// The null credential constant. -// -static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" }; // and more nulls -#if BUG_GCC -const AccessCredentials &AccessCredentials::null = - *static_cast(&null_credentials); -#else -const AccessCredentials &AccessCredentials::null = - static_cast(null_credentials); -#endif - - -// -// Scan a SampleGroup for samples with a given CSSM_SAMPLE_TYPE. -// Collect all matching samples into a list (which is cleared to begin with). -// Return true if any were found, false if none. -// Throw if any of the samples are obviously malformed. -// -bool SampleGroup::collect(CSSM_SAMPLE_TYPE sampleType, list &matches) const -{ - for (uint32 n = 0; n < length(); n++) { - TypedList sample = (*this)[n]; - sample.checkProper(); - if (sample.type() == sampleType) { - sample.snip(); // skip sample type - matches.push_back(sample); - } - } - return !matches.empty(); -} - - - -// -// AutoCredentials self-constructing credentials structure -// -AutoCredentials::AutoCredentials(CssmAllocator &alloc) : allocator(alloc) -{ - init(); -} - -AutoCredentials::AutoCredentials(CssmAllocator &alloc, uint32 nSamples) : allocator(alloc) -{ - init(); -} - -void AutoCredentials::init() -{ - sampleArray = NULL; - nSamples = 0; -} - - -CssmSample &AutoCredentials::getSample(uint32 n) -{ - if (n >= nSamples) { - sampleArray = allocator.alloc(sampleArray, nSamples = n + 1); - Samples.Samples = sampleArray; - Samples.NumberOfSamples = nSamples; - } - return sampleArray[n]; -} - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cssmcred.h b/cdsa/cdsa_utilities/cssmcred.h deleted file mode 100644 index ecd41a01..00000000 --- a/cdsa/cdsa_utilities/cssmcred.h +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmcred - enhanced PodWrappers and construction aids for ACL credentials -// -#ifndef _CSSMCRED -#define _CSSMCRED - -#include -#include -#include -#include - -namespace Security { - - -// -// PodWrappers for samples and sample groups -// -class CssmSample : public PodWrapper { -public: - CssmSample(const TypedList &list) - { TypedSample = list; Verifier = NULL; } - CssmSample(const TypedList &list, const CssmSubserviceUid &ver) - { TypedSample = list; Verifier = &ver; } - - TypedList &value() { return TypedList::overlay(TypedSample); } - const TypedList &value() const { return TypedList::overlay(TypedSample); } - operator TypedList & () { return value(); } - operator const TypedList & () const { return value(); } - - const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); } - const CssmSubserviceUid * &verifier() { return CssmSubserviceUid::overlayVar(Verifier); } -}; - -class SampleGroup : public PodWrapper { -public: - uint32 length() const { return NumberOfSamples; } - - const CssmSample &operator [] (uint32 n) const - { assert(n < length()); return CssmSample::overlay(Samples[n]); } - -public: - // extract all samples of a given sample type. return true if any found - // note that you get a shallow copy of the sample structures for temporary use ONLY - bool collect(CSSM_SAMPLE_TYPE sampleType, list &samples) const; -}; - - -// -// The PodWrapper for the top-level CSSM credentials structure -// -class AccessCredentials : public PodWrapper { -public: - AccessCredentials() { clearPod(); } - - const char *tag() const { return EntryTag; } - - SampleGroup &samples() { return SampleGroup::overlay(Samples); } - const SampleGroup &samples() const { return SampleGroup::overlay(Samples); } - -public: - static const AccessCredentials &null; // all null credential - - // turn NULL into a null credential if needed - static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred) - { return cred ? overlay(cred) : &null; } -}; - - -// -// An AccessCredentials object with some construction help. -// Note that this is NOT a PodWrapper. -// -class AutoCredentials : public AccessCredentials { -public: - AutoCredentials(CssmAllocator &alloc); - AutoCredentials(CssmAllocator &alloc, uint32 nSamples); - - CssmAllocator &allocator; - - CssmSample &sample(uint32 n) { return getSample(n); } - - CssmSample &operator += (const CssmSample &sample) - { return getSample(samples().length()) = sample; } - TypedList &operator += (const TypedList &exhibit) - { return (getSample(samples().length()) = exhibit).value(); } - -private: - void init(); - CssmSample &getSample(uint32 n); - - CssmSample *sampleArray; - uint32 nSamples; -}; - - -// -// Walkers for the CSSM API structure types. -// Note that there are irrational "const"s strewn about the credential sub-structures. -// They make it essentially impossible to incrementally construction them without -// violating them. Since we know what we're doing, we do. -// -namespace DataWalkers -{ - -// CssmSample (with const override) -template -void walk(Action &operate, CssmSample &sample) -{ - operate(sample); - walk(operate, sample.value()); - if (sample.verifier()) - walk(operate, sample.verifier()); -} - -template -void walk(Action &operate, const CssmSample &sample) -{ walk(operate, const_cast(sample)); } - -// SampleGroup -template -void walk(Action &operate, SampleGroup &samples) -{ - operate(samples); - operate.blob(const_cast(samples.Samples), - samples.length() * sizeof(CSSM_SAMPLE)); - for (uint32 n = 0; n < samples.length(); n++) - walk(operate, samples[n]); -} - -// AccessCredentials -template -AccessCredentials *walk(Action &operate, AccessCredentials * &cred) -{ - operate(cred); - //@@@ ignoring BaseCerts - walk(operate, cred->samples()); - //@@@ ignoring challenge callback - return cred; -} - -template -CSSM_ACCESS_CREDENTIALS *walk(Action &operate, CSSM_ACCESS_CREDENTIALS * &cred) -{ return walk(operate, AccessCredentials::overlayVar(cred)); } - -template -AutoCredentials *walk(Action &operate, AutoCredentials * &cred) -{ return (AutoCredentials *)walk(operate, (AccessCredentials * &)cred); } - - -} // end namespace DataWalkers -} // end namespace Security - - -#endif //_CSSMCRED diff --git a/cdsa/cdsa_utilities/cssmdata.cpp b/cdsa/cdsa_utilities/cssmdata.cpp deleted file mode 100644 index 226113f4..00000000 --- a/cdsa/cdsa_utilities/cssmdata.cpp +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmdata.cpp -- Manager different CssmData types -// -#include -#include -#include - - -namespace Security { - - -// -// Comparing raw CSSM_DATA things -// -bool operator == (const CSSM_DATA &d1, const CSSM_DATA &d2) -{ - if (&d1 == &d2) - return true; // identical - if (d1.Length != d2.Length) - return false; // can't be - if (d1.Data == d2.Data) - return true; // points to same data - return !memcmp(d1.Data, d2.Data, d1.Length); -} - - -// -// Managed data objects -// -CssmManagedData::~CssmManagedData() -{ } - - -// -// CssmOwnedData -// -void CssmOwnedData::set(CssmManagedData &source) -{ - if (source.length() == 0) { // source is empty - reset(); // so just clear old data - } else if (allocator == source.allocator) { // compatible allocators - if (referent.data() == source.data()) { // same data *and* we own it?! - assert(this == &source); // this better *be* me! - } else { // different data - reset(); // give up our old data - referent = source.release(); // take over source's data - } - } else { // different allocators - copy(source); // make a copy with our allocator - source.reset(); // release source's data - } -} - - -// -// CssmAutoData -// -CssmData CssmAutoData::release() -{ - CssmData result = mData; - mData.clear(); - return result; -} - -void CssmAutoData::reset() -{ - allocator.free(mData); - mData.clear(); -} - - -// -// CssmRemoteData -// -CssmData CssmRemoteData::release() -{ - iOwnTheData = false; - return referent; -} - -void CssmRemoteData::reset() -{ - if (iOwnTheData) - allocator.free(referent); - referent.clear(); -} - - -// -// Date stuff -// -CssmDateData::CssmDateData(const CSSM_DATE &date) -: CssmData(buffer, sizeof(buffer)) -{ - memcpy(buffer, date.Year, 4); - memcpy(buffer + 4, date.Month, 2); - memcpy(buffer + 6, date.Day, 2); -} - -CssmGuidData::CssmGuidData(const CSSM_GUID &guid) : CssmData(buffer, sizeof(buffer)) -{ - Guid::overlay(guid).toString(buffer); -} - -CssmDLPolyData::operator CSSM_DATE () const -{ - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_BLOB); - if (mData.Length != 8) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - CSSM_DATE date; - memcpy(date.Year, mData.Data, 4); - memcpy(date.Month, mData.Data + 4, 2); - memcpy(date.Day, mData.Data + 6, 2); - return date; -} - -CssmDLPolyData::operator Guid () const -{ - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_BLOB); - if (mData.Length != Guid::stringRepLength + 1) - CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT); - - return Guid(reinterpret_cast(mData.Data)); -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cssmdata.h b/cdsa/cdsa_utilities/cssmdata.h deleted file mode 100644 index 6b997fe6..00000000 --- a/cdsa/cdsa_utilities/cssmdata.h +++ /dev/null @@ -1,473 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmdata.h -- Manager different CssmData types -// -#ifndef _H_CDSA_UTILITIES_CSSMDATA -#define _H_CDSA_UTILITIES_CSSMDATA - -#include -#include -#include - - -namespace Security { - - -// -// A convenient way to make a CssmData from a (const) string. -// Note that the underlying string is not memory-managed, so it -// should either be static or of sufficient (immutable) lifetime. -// -class StringData : public CssmData { -public: - StringData(const char *s) : CssmData(const_cast(s), strlen(s)) { } - StringData(const std::string &s) : CssmData(const_cast(s.c_str()), s.size()) { } -}; - - -// -// A CssmData bundled up with a data buffer it refers to -// -template -struct DataBuffer : public CssmData { - unsigned char buffer[size]; - DataBuffer() : CssmData(buffer, size) { } -}; - - -// -// Comparing CssmDatas for equality. -// Note: No ordering is established here. -// Both CSSM_DATAs have to exist. -// -bool operator == (const CSSM_DATA &d1, const CSSM_DATA &d2); -inline bool operator != (const CSSM_DATA &d1, const CSSM_DATA &d2) -{ return !(d1 == d2); } - - -// -// The following pseudo-code describes what (at minimum) is required for a class -// to be a "PseudoData". PseudoData arguments are used in templates. -// -// class PseudoData { -// void *data() const ... -// size_t length() const ... -// operator const CssmData &() const ... -// } -// -// All this can be satisfied, of course, by inheriting from CssmData. -// - - -// -// A common virtual parent for CssmData-like objects that actively manage the -// allocation status of their data blob. Note that this is about allocating -// the data(), not the CssmData structure itself. -// The ManagedData layer provides for little active memory management, since -// the underlying strategies are potentially very disparate. It does however -// have a well defined interface for *yielding up* its data for copying or transfer. -// -class CssmManagedData { -public: - CssmManagedData(CssmAllocator &alloc) : allocator(alloc) { } - virtual ~CssmManagedData(); - - CssmAllocator &allocator; - - virtual operator const CssmData & () const { return get(); } - template T *data() const { return reinterpret_cast(data()); } - void *data() const { return get().data(); } - size_t length() const { return get().length(); } - - virtual CssmData &get() const throw() = 0; // get shared copy, no ownership change - virtual CssmData release() = 0; // give up copy, ownership is transferred - virtual void reset() = 0; // give up copy, data is discarded -}; - - -inline bool operator == (const CssmManagedData &d1, const CssmData &d2) -{ return d1.get() == d2; } - -inline bool operator == (const CssmData &d1, const CssmManagedData &d2) -{ return d1 == d2.get(); } - -inline bool operator == (const CssmManagedData &d1, const CssmManagedData &d2) -{ return d1.get() == d2.get(); } - -inline bool operator != (const CssmManagedData &d1, const CssmData &d2) -{ return d1.get() != d2; } - -inline bool operator != (const CssmData &d1, const CssmManagedData &d2) -{ return d1 != d2.get(); } - -inline bool operator != (const CssmManagedData &d1, const CssmManagedData &d2) -{ return d1.get() != d2.get(); } - - -// -// A CssmOwnedData is a CssmManagedData that unilaterally owns its data storage. -// It has its CssmData object provided during construction. -// -class CssmOwnedData : public CssmManagedData { -public: - CssmOwnedData(CssmAllocator &alloc, CssmData &mine) : CssmManagedData(alloc), referent(mine) { } - - CssmOwnedData(CssmAllocator &alloc, CSSM_DATA &mine) - : CssmManagedData(alloc), referent(CssmData::overlay(mine)) { referent.clear(); } - - // - // Basic retrievals (this echoes features of CssmData) - // - operator void * () const { return referent; } - operator char * () const { return referent; } - operator signed char * () const { return referent; } - operator unsigned char * () const { return referent; } - - operator bool () const { return referent; } - bool operator ! () const { return !referent; } - - size_t length() const { return referent.length(); } - - - // - // Basic allocators - // - void *malloc(size_t len) - { - // pseudo-atomic reallocation semantics - CssmAutoPtr alloc(allocator, allocator.malloc(len)); - reset(); - return referent = CssmData(alloc.release(), len); - } - - void *realloc(size_t newLen) - { - // CssmAllocator::realloc() should be pseudo-atomic (i.e. throw on error) - return referent = CssmData(allocator.realloc(referent.data(), newLen), newLen); - } - - void length(size_t len) { realloc(len); } - - - // - // Manipulate existing data - // - void *append(const void *addData, size_t addLength) - { - size_t oldLength = length(); - realloc(oldLength + addLength); - return memcpy(referent.at(oldLength), addData, addLength); - } - - void *append(const CssmData &data) - { return append(data.data(), data.length()); } - - // - // set() replaces current data with new, taking over ownership to the extent possible. - // - template - void set(T *data, size_t length) - { - // assume that data was allocated by our allocator -- we can't be sure - reset(); - referent = CssmData(data, length); - } - - void set(CssmManagedData &source); - void set(const CSSM_DATA &source) { set(source.Data, source.Length); } - // NOTE: General template set() cannot be used because all subclasses of CssmManagedData - // need to receive the special handling above. Use set(*.data(), *.length()) instead. - - - // - // copy() replaces current data with new, making a copy and leaving - // the source intact. - // - template - void copy(const T *data, size_t length) - { - // don't leave any open windows for Mr. Murphy - CssmAutoPtr newData(allocator, memcpy(allocator.malloc(length), data, length)); - reset(); - referent = CssmData(newData.release(), length); - } - - void copy(const CssmData &source) - { if (&source != &referent) copy(source.data(), source.length()); } - void copy(const CSSM_DATA &source) - { if (&source != &referent) copy(source.Data, source.Length); } - void copy(CssmManagedData &source) { copy(source.get()); } - template - void copy(const Data &source) { copy(source.data(), source.length()); } - - - // - // Assignment conservatively uses copy if allocator unknown, set if known - // - void operator = (CssmManagedData &source) { set(source); } - void operator = (CssmOwnedData &source) { set(source); } - void operator = (const CSSM_DATA &source) { copy(source); } - - CssmData &get() const throw() { return referent; } - -protected: - CssmData &referent; -}; - - -// -// A CssmAutoData is a CssmOwnedData that includes its CssmData object. -// This is the very simple case: The object includes ownership, data object, -// and data storage. -// -class CssmAutoData : public CssmOwnedData { -public: - CssmAutoData(CssmAllocator &alloc) : CssmOwnedData(alloc, mData) { } - - template - CssmAutoData(CssmAllocator &alloc, const Data &source) : CssmOwnedData(alloc, mData) - { *this = source; } - - CssmAutoData(CssmAutoData &source) : CssmOwnedData(source.allocator, mData) - { set(source); } - - explicit CssmAutoData(CssmManagedData &source) : CssmOwnedData(source.allocator, mData) - { set(source); } - - CssmAutoData(CssmAllocator &alloc, const void *data, size_t length) - : CssmOwnedData(alloc, mData) { copy(data, length); } - - ~CssmAutoData() { allocator.free(mData); } - - CssmData release(); - void reset(); - - // assignment (not usefully inherited) - void operator = (CssmManagedData &source) { set(source); } - void operator = (CssmOwnedData &source) { set(source); } - void operator = (CssmAutoData &source) { set(source); } - template - void operator = (const Data &source) { copy(source); } - -private: - CssmData mData; -}; - - -// -// A CssmRemoteData is a CssmOwnedData that uses an external CssmData object. -// Its release operation clears an internal ownership flag but does not clear -// the CssmData values so they can be used to return values to an outside scope. -// -class CssmRemoteData : public CssmOwnedData { -public: - CssmRemoteData(CssmAllocator &alloc, CssmData &mine) - : CssmOwnedData(alloc, mine), iOwnTheData(true) { } - - CssmRemoteData(CssmAllocator &alloc, CSSM_DATA &mine) - : CssmOwnedData(alloc, mine), iOwnTheData(true) { } - - ~CssmRemoteData() - { if (iOwnTheData) allocator.free(referent); } - - CssmData release(); - void reset(); - - // assignment (not usefully inherited) - void operator = (CssmManagedData &source) { set(source); } - void operator = (CssmOwnedData &source) { set(source); } - void operator = (CssmAutoData &source) { set(source); } - template - void operator = (const Data &source) { copy(source); } - -private: - bool iOwnTheData; -}; - - -// -// CssmPolyData -// -// Used by functions that take a CssmData and would like to allow it to be -// initialized with a static string, int or other basic type. The function *must* -// copy the Data of the CssmPolyData when doing so if it is to be used -// after the function returns. (For example by creating a CssmDataContainer from it). -class CssmPolyData : public CssmData { - template - uint8 *set(const T &it) - { return const_cast(reinterpret_cast(&it)); } -public: - template - CssmPolyData(const char_T *s) : CssmData(const_cast(s), strlen(s)) {} - CssmPolyData(const string &s) : CssmData(const_cast(s.c_str()), s.size()) {} - CssmPolyData(const CSSM_DATA &data) : CssmData(data.Data, data.Length) {} - - // Don't use a template constructor (for T &) here - it would eat way too much - CssmPolyData(const bool &t) : CssmData(set(t), sizeof(t)) { } - CssmPolyData(const uint32 &t) : CssmData(set(t), sizeof(t)) { } - CssmPolyData(const sint32 &t) : CssmData(set(t), sizeof(t)) { } - CssmPolyData(const sint64 &t) : CssmData(set(t), sizeof(t)) { } - CssmPolyData(const double &t) : CssmData(set(t), sizeof(t)) { } - CssmPolyData(const StringPtr s) : CssmData (reinterpret_cast(s + 1), uint32 (s[0])) {} -}; - -class CssmDateData : public CssmData -{ -public: - CssmDateData(const CSSM_DATE &date); -private: - uint8 buffer[8]; -}; - -class CssmGuidData : public CssmData -{ -public: - CssmGuidData(const CSSM_GUID &guid); -private: - char buffer[Guid::stringRepLength + 1]; -}; - - -// -// CssmDLPolyData -// -class CssmDLPolyData -{ -public: - CssmDLPolyData(const CSSM_DATA &data, CSSM_DB_ATTRIBUTE_FORMAT format) - : mData(CssmData::overlay(data)), mFormat(format) {} - - // @@@ Don't use assert, but throw an exception. - // @@@ Do a size check on mData as well. - - // @@@ This method is dangerous since the returned string is not guaranteed to be zero terminated. - operator const char *() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_STRING - || mFormat == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE); - return reinterpret_cast(mData.Data); - } - operator bool() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_UINT32 || mFormat == CSSM_DB_ATTRIBUTE_FORMAT_SINT32); - return *reinterpret_cast(mData.Data); - } - operator uint32() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_UINT32); - return *reinterpret_cast(mData.Data); - } - operator const uint32 *() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32); - return reinterpret_cast(mData.Data); - } - operator sint32() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_SINT32); - return *reinterpret_cast(mData.Data); - } - operator double() const - { - assert(mFormat == CSSM_DB_ATTRIBUTE_FORMAT_REAL); - return *reinterpret_cast(mData.Data); - } - operator CSSM_DATE () const; - operator Guid () const; - operator const CssmData &() const - { - return mData; - } - -private: - const CssmData &mData; - CSSM_DB_ATTRIBUTE_FORMAT mFormat; -}; - - -// -// Non POD refcounted CssmData wrapper that own the data it refers to. -// -class CssmDataContainer : public CssmData, public RefCount -{ -public: - CssmDataContainer(CssmAllocator &inAllocator = CssmAllocator::standard()) : - CssmData(), mAllocator(inAllocator) {} - template - CssmDataContainer(const T *data, size_t length, CssmAllocator &inAllocator = CssmAllocator::standard()) : - CssmData(inAllocator.malloc(length), length), mAllocator(inAllocator) - { if (length) ::memcpy(Data, data, length); } - void clear() { if (Data) { mAllocator.free(Data); Data = NULL; Length = 0; } } - void invalidate () {Data = NULL; Length = 0;} - ~CssmDataContainer() { if (Data) mAllocator.free(Data); } - void append(const CssmPolyData &data) - { - uint32 newLength = Length + data.Length; - Data = reinterpret_cast(mAllocator.realloc(Data, newLength)); - memcpy(Data + Length, data.Data, data.Length); - Length = newLength; - } - CssmDataContainer(const CssmDataContainer &other) - : mAllocator(other.mAllocator) - { - Data = reinterpret_cast(mAllocator.malloc(other.Length)); - memcpy(Data, other.Data, other.Length); - Length = other.Length; - } - CssmDataContainer & operator = (const CSSM_DATA &other) - { - clear(); - Data = reinterpret_cast(mAllocator.malloc(other.Length)); - memcpy(Data, other.Data, other.Length); - Length = other.Length; - return *this; - } - -public: - CssmAllocator &mAllocator; - -private: - operator CssmDataContainer * () const; // prohibit conversion-to-my-pointer -}; - -// -// CSSM_OIDs are CSSM_DATAs but will probably have different wrapping characteristics. -// -typedef CssmDataContainer CssmOidContainer; - -template -class CssmBuffer : public RefPointer -{ -public: - CssmBuffer() : RefPointer(new Container()) {} // XXX This should may just set ptr to NULL. - template - CssmBuffer(const T *data, size_t length, CssmAllocator &inAllocator = CssmAllocator::standard()) : - RefPointer(new Container(data, length, inAllocator)) {} - CssmBuffer(const CSSM_DATA &data, CssmAllocator &inAllocator = CssmAllocator::standard()) : - RefPointer(new Container(data.Data, data.Length, inAllocator)) {} - CssmBuffer(const CssmBuffer& other) : RefPointer(other) {} - CssmBuffer(Container *p) : RefPointer(p) {} - bool CssmBuffer::operator < (const CssmBuffer &other) const { return (**this) < (*other); } -}; - - -} // end namespace Security - -#endif // _H_CDSA_UTILITIES_CSSMDATA diff --git a/cdsa/cdsa_utilities/cssmdates.cpp b/cdsa/cdsa_utilities/cssmdates.cpp deleted file mode 100644 index 83e047c0..00000000 --- a/cdsa/cdsa_utilities/cssmdates.cpp +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Manage the Tower of Babel of CSSM dates and times -// -#include -#include - - -// -// A (private) PODwrapper for CFGregorianDate -// -struct Gregorian : public PodWrapper { - Gregorian() { } - - Gregorian(int y, int m, int d, int h = 0, int min = 0, double sec = 0) - { - year = y; month = m; day = d; - hour = h; minute = min; second = sec; - } - - Gregorian(CFAbsoluteTime ref) - { static_cast(*this) = CFAbsoluteTimeGetGregorianDate(ref, NULL); } - - operator CFAbsoluteTime () const - { return CFGregorianDateGetAbsoluteTime(*this, NULL); } -}; - - -// -// The CssmDate PODwrapper -// -CssmDate::CssmDate(const char *y, const char *m, const char *d) -{ - assign(years(), 4, y); - assign(months(), 2, m); - assign(days(), 2, d); -} - -CssmDate::CssmDate(int y, int m, int d) -{ - // internal format is "yyyymmdd" (no null termination) - char str[9]; - if (8 != snprintf(str, 9, "%4.4d%2.2d%2.2d", y, m, d)) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - memcpy(this, str, 8); -} - -int CssmDate::year() const -{ return atoi(string(years(), 4).c_str()); } - -int CssmDate::month() const -{ return atoi(string(months(), 2).c_str()); } - -int CssmDate::day() const -{ return atoi(string(days(), 2).c_str()); } - -// right-adjust fill -void CssmDate::assign(char *dest, int width, const char *src) -{ - // pick last width characters of src at most - int len = strlen(src); - if (len > width) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - memset(dest, '0', width - len); - memcpy(dest + width - len, src, len); -} - - -// -// CssmUniformDate core functions -// - - -// -// Uniform conversions with CFDateRef -// -CssmUniformDate::CssmUniformDate(CFDateRef ref) -{ - mTime = CFDateGetAbsoluteTime(ref); -} - -CssmUniformDate::operator CFDateRef() const -{ - return CFDateCreate(NULL, mTime); -} - - -// -// Uniform conversions with CssmDates -// -CssmUniformDate::CssmUniformDate(const CssmDate &date) -{ - mTime = CFGregorianDateGetAbsoluteTime(Gregorian(date.year(), date.month(), date.day()), - NULL); -} - -CssmUniformDate::operator CssmDate () const -{ - Gregorian greg(mTime); - return CssmDate(greg.year, greg.month, greg.day); -} - - -// -// Uniform conversions with CssmData (1999-06-30_15:05:39 form) -// -CssmUniformDate::CssmUniformDate(const CSSM_DATA &inData) -{ - const CssmData &data = CssmData::overlay(inData); - if (data.length() != 19) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - setFromString(reinterpret_cast(inData.Data), "%ld-%d-%d_%d:%d:%lf", 19); -} - -void CssmUniformDate::convertTo(CssmOwnedData &data) const -{ - Gregorian greg(mTime); - char str[20]; - if (19 != snprintf(str, 20, "%4.4d-%2.2d-%2.2d_%2.2d:%2.2d:%2.2d", - int(greg.year), greg.month, greg.day, greg.hour, greg.minute, int(greg.second))) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - data = CssmData(str, 19); -} - - -// -// Uniform conversions with CSSM_TIMESTRING (19990630150539 form) -// -CssmUniformDate::CssmUniformDate(const char *src) -{ - setFromString(src, "%4ld%2d%2d%2d%2d%2lf", 14); -} - -void CssmUniformDate::convertTo(char *dst, size_t length) const -{ - if (length < 14) - CssmError::throwMe(CSSMERR_CSSM_BUFFER_TOO_SMALL); - Gregorian greg(mTime); - char str[15]; - if (14 != snprintf(str, 15, "%4.4d%2.2d%2.2d%2.2d%2.2d%2.2d", - int(greg.year), greg.month, greg.day, greg.hour, greg.minute, int(greg.second))) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - memcpy(dst, str, length == 14 ? 14 : 15); // null terminate if there's room -} - - -// -// Generalized parse-from-string setup -// -void CssmUniformDate::setFromString(const char *src, const char *format, size_t fieldWidth) -{ - // use a stack buffer - char str[20]; - assert(fieldWidth < sizeof(str)); - - // make a copy with proper null terminator - memcpy(str, src, fieldWidth); - str[fieldWidth] = '\0'; - - // parse (with limited checks for bad field formats) - long year; - int month, day, hour, minute; - double second; - if (6 != sscanf(str, format, - &year, &month, &day, &hour, &minute, &second)) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - - // success - mTime = Gregorian(year, month, day, hour, minute, second); -} diff --git a/cdsa/cdsa_utilities/cssmdates.h b/cdsa/cdsa_utilities/cssmdates.h deleted file mode 100644 index a832cbb2..00000000 --- a/cdsa/cdsa_utilities/cssmdates.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Manage the Tower of Babel of CSSM dates and times. -// -#ifndef _H_CSSMDATES -#define _H_CSSMDATES - -#include -#include -#include - - -namespace Security { - - -// -// A PodWrapper for CSSM_DATE -// -class CssmDate : public PodWrapper { -public: - CssmDate() { } - CssmDate(const char *y, const char *m, const char *d); - CssmDate(int y, int m, int d); - - const char *years() const { return reinterpret_cast(Year); } - const char *months() const { return reinterpret_cast(Month); } - const char *days() const { return reinterpret_cast(Day); } - char *years() { return reinterpret_cast(Year); } - char *months() { return reinterpret_cast(Month); } - char *days() { return reinterpret_cast(Day); } - - int year() const; - int month() const; - int day() const; - -private: - static void assign(char *dest, int width, const char *src); -}; - -inline bool operator == (const CSSM_DATE &d1, const CSSM_DATE &d2) -{ return !memcmp(&d1, &d2, sizeof(d1)); } - -inline bool operator != (const CSSM_DATE &d1, const CSSM_DATE &d2) -{ return !memcmp(&d1, &d2, sizeof(d1)); } - - -// -// Yet another CSSM date/time format is CSSM_TIMESTRING. This is -// defined as "char *", just so you can't use the type system -// to keep things sane, so we can't really PodWrap it the usual way. -// What *were* they thinking? -// The format is allegedly "yyyymmddhhmmss", and the standard says -// nothing about trailing null characters. -// - - -// -// A unified date-and-time object. -// This is based on CFDate objects and converts to various CSSM -// inspired formats. -// -class CssmUniformDate { -public: - CssmUniformDate() { } - - // convert to/from CFDateRef - CssmUniformDate(CFDateRef ref); - operator CFDateRef() const; - - // convert to/from CFAbsoluteTime - CssmUniformDate(CFAbsoluteTime ct) : mTime(ct) { } - operator CFAbsoluteTime() const { return mTime; } - - // convert to/from CSSM_DATE - CssmUniformDate(const CssmDate &src); - operator CssmDate () const; - - // convert to/from DATA format (1999-06-30_15:05:39 form) - CssmUniformDate(const CSSM_DATA &src); - void convertTo(CssmOwnedData &data) const; - - // convert to/from CSSM_TIMESTRING format (19990630150539) - CssmUniformDate(const char *src); - void convertTo(char *dest, size_t length) const; - - // native comparisons - bool operator < (const CssmUniformDate &other) const { return mTime < other.mTime; } - bool operator == (const CssmUniformDate &other) const { return mTime == other.mTime; } - bool operator > (const CssmUniformDate &other) const { return mTime > other.mTime; } - bool operator <= (const CssmUniformDate &other) const { return mTime <= other.mTime; } - bool operator >= (const CssmUniformDate &other) const { return mTime >= other.mTime; } - bool operator != (const CssmUniformDate &other) const { return mTime != other.mTime; } - -private: - void setFromString(const char *src, const char *format, size_t fieldLength); - -private: - CFAbsoluteTime mTime; -}; - - -} // end namespace Security - -#endif //_H_CSSMDATES diff --git a/cdsa/cdsa_utilities/cssmdb.cpp b/cdsa/cdsa_utilities/cssmdb.cpp deleted file mode 100644 index aa779b0a..00000000 --- a/cdsa/cdsa_utilities/cssmdb.cpp +++ /dev/null @@ -1,360 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// cssmdb.cpp -// -// - -#ifdef __MWERKS__ -#define _CPP_UTILITIES -#endif - -#include - - -// -// CssmDbAttributeInfo -// -bool -CssmDbAttributeInfo::operator <(const CssmDbAttributeInfo& other) const -{ - if (nameFormat() < other.nameFormat()) return true; - if (other.nameFormat() < nameFormat()) return false; - // nameFormat's are equal. - switch (nameFormat()) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - int res = strcmp(static_cast(*this), static_cast(other)); - if (res < 0) return true; - if (res > 0) return false; - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - if (static_cast(*this) < static_cast(other)) return true; - if (static_cast(other) < static_cast(*this)) return false; - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - if (static_cast(*this) < static_cast(other)) return true; - if (static_cast(other) < static_cast(*this)) return false; - break; - default: - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - } - - return format() < other.format(); -} - -bool -CssmDbAttributeInfo::operator ==(const CssmDbAttributeInfo& other) const -{ - if (nameFormat() != other.nameFormat()) return false; - if (format() != other.format()) return false; - switch (nameFormat()) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - return !strcmp(static_cast(*this), static_cast(other)); - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - return static_cast(*this) == static_cast(other); - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - return static_cast(*this) == static_cast(other); - default: - CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - } -} - -// -// CssmDbAttributeData -// -void -CssmDbAttributeData::deleteValues(CssmAllocator &inAllocator) -{ - // Loop over all values and delete each one. - if (Value) - { - for (uint32 anIndex = 0; anIndex < NumberOfValues; anIndex++) - { - if (Value[anIndex].Data) - { - inAllocator.free(Value[anIndex].Data); - } - - Value[anIndex].Length = 0; - } - - inAllocator.free(Value); - Value = NULL; - } - - NumberOfValues = 0; -} - -bool -CssmDbAttributeData::operator <(const CssmDbAttributeData &other) const -{ - if (info() < other.info()) return true; - if (other.info() < info()) return false; - - uint32 minSize = min(size(), other.size()); - for (uint32 ix = 0; ix < minSize; ++ix) - { - if (at(ix) < other.at(ix)) - return true; - if (other.at(ix) < at(ix)) - return false; - } - - return size() < other.size(); -} - -void -CssmDbAttributeData::add(const CssmDbAttributeData &src, CssmAllocator &inAllocator) -{ - // Add all the values from another attribute into this attribute. - - Value = reinterpret_cast(inAllocator.realloc(Value, - sizeof(*Value) * (NumberOfValues + src.NumberOfValues))); - - for (uint32 srcIndex = 0; srcIndex < src.NumberOfValues; srcIndex++) { - uint32 destIndex = NumberOfValues + srcIndex; - - Value[destIndex].Length = 0; - Value[destIndex].Data = inAllocator.alloc(src.Value[srcIndex].Length); - Value[destIndex].Length = src.Value[srcIndex].Length; - memcpy(Value[destIndex].Data, src.Value[srcIndex].Data, src.Value[srcIndex].Length); - } - - NumberOfValues += src.NumberOfValues; -} - -bool -CssmDbAttributeData::deleteValue(const CssmData &src, CssmAllocator &inAllocator) -{ - // Delete a single value from this attribute, if it is present. - - for (uint32 i = 0; i < NumberOfValues; i++) - if (CssmData::overlay(Value[i]) == src) - { - inAllocator.free(Value[i].Data); - Value[i].Length = 0; - - NumberOfValues--; - Value[i].Data = Value[NumberOfValues].Data; - Value[i].Length = Value[NumberOfValues].Length; - - return true; - } - - return false; -} - -// Delete those values found in src from this object, if they are present. -// Warning: This is O(N^2) worst case; if this becomes a performance bottleneck -// then it will need to be changed. - -void -CssmDbAttributeData::deleteValues(const CssmDbAttributeData &src, CssmAllocator &inAllocator) -{ - for (uint32 i = 0; i < src.NumberOfValues; i++) - deleteValue(CssmData::overlay(src.Value[i]), inAllocator); -} - -// -// CssmDbRecordAttributeData -// -CssmDbAttributeData * -CssmDbRecordAttributeData::find(const CSSM_DB_ATTRIBUTE_INFO &inInfo) -{ - const CssmDbAttributeInfo &anInfo = CssmDbAttributeInfo::overlay(inInfo); - for (uint32 ix = 0; ix < size(); ++ix) - { - if (at(ix).info() == anInfo) - return &at(ix); - } - - return NULL; -} - -bool -CssmDbRecordAttributeData::operator <(const CssmDbRecordAttributeData &other) const -{ - if (recordType() < other.recordType()) return true; - if (other.recordType() < recordType()) return false; - if (semanticInformation() < other.semanticInformation()) return true; - if (other.semanticInformation() < semanticInformation()) return false; - - uint32 minSize = min(size(), other.size()); - for (uint32 ix = 0; ix < minSize; ++ix) - { - if (at(ix) < other.at(ix)) - return true; - if (other.at(ix) < at(ix)) - return false; - } - - return size() < other.size(); -} - - -// -// CssmAutoDbRecordAttributeData -// -CssmAutoDbRecordAttributeData::~CssmAutoDbRecordAttributeData() -{ - clear(); -} - -void -CssmAutoDbRecordAttributeData::clear() -{ - deleteValues(); - ArrayBuilder::clear(); -} - - - -static bool CompareAttributeInfos (const CSSM_DB_ATTRIBUTE_INFO &a, const CSSM_DB_ATTRIBUTE_INFO &b) -{ - // check the format of the names - if (a.AttributeNameFormat != b.AttributeNameFormat) - { - return false; - } - - switch (a.AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - return strcmp (a.Label.AttributeName, b.Label.AttributeName) == 0; - } - - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - { - if (a.Label.AttributeOID.Length != b.Label.AttributeOID.Length) - { - return false; - } - - return memcmp (a.Label.AttributeOID.Data, b.Label.AttributeOID.Data, a.Label.AttributeOID.Length) == 0; - } - - - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - return a.Label.AttributeID == b.Label.AttributeID; - } - } - - return true; // just to keep the compiler from complaining -} - - - -CssmDbAttributeData* CssmAutoDbRecordAttributeData::findAttribute (const CSSM_DB_ATTRIBUTE_INFO &info) -{ - // walk through the data, looking for an attribute of the same type - unsigned i; - for (i = 0; i < size (); ++i) - { - CssmDbAttributeData& d = at (i); - CSSM_DB_ATTRIBUTE_INFO &inInfo = d.info (); - - if (CompareAttributeInfos (info, inInfo)) - { - return &d; - } - } - - // found nothing? - return NULL; -} - - - -CssmDbAttributeData& CssmAutoDbRecordAttributeData::getAttributeReference (const CSSM_DB_ATTRIBUTE_INFO &info) -{ - // Either find an existing reference to an attribute in the list, or make a new one. - CssmDbAttributeData *anAttr = findAttribute (info); - if (anAttr) // was this already in the list? - { - // clean it up - anAttr->deleteValues (mValueAllocator); - } - else - { - // make a new one - anAttr = &add(); - } - - return *anAttr; -} - - - -CssmDbAttributeData & -CssmAutoDbRecordAttributeData::add(const CSSM_DB_ATTRIBUTE_INFO &info) -{ - CssmDbAttributeData& anAttr = getAttributeReference (info); - anAttr.info(info); - return anAttr; -} - -CssmDbAttributeData & -CssmAutoDbRecordAttributeData::add(const CSSM_DB_ATTRIBUTE_INFO &info, const CssmPolyData &value) -{ - CssmDbAttributeData &anAttr = getAttributeReference (info); - anAttr.set(info, value, mValueAllocator); - return anAttr; -} - -// -// CssmAutoQuery -// -CssmAutoQuery::CssmAutoQuery(const CSSM_QUERY &query, CssmAllocator &allocator) -: ArrayBuilder(CssmSelectionPredicate::overlayVar(SelectionPredicate), - NumSelectionPredicates, - query.NumSelectionPredicates, allocator) -{ - RecordType = query.RecordType; - Conjunctive = query.Conjunctive; - QueryLimits = query.QueryLimits; - QueryFlags = query.QueryFlags; - for (uint32 ix = 0; ix < query.NumSelectionPredicates; ++ix) - add().set(query.SelectionPredicate[ix], allocator); -} - -CssmAutoQuery::~CssmAutoQuery() -{ - clear(); -} - -void -CssmAutoQuery::clear() -{ - deleteValues(); - ArrayBuilder::clear(); -} - -CssmSelectionPredicate & -CssmAutoQuery::add(CSSM_DB_OPERATOR dbOperator, const CSSM_DB_ATTRIBUTE_INFO &info, const CssmPolyData &value) -{ - CssmSelectionPredicate &predicate = add(); - predicate.dbOperator(dbOperator); - predicate.set(info, value, allocator()); - return predicate; -} diff --git a/cdsa/cdsa_utilities/cssmdb.h b/cdsa/cdsa_utilities/cssmdb.h deleted file mode 100644 index f6aadfb7..00000000 --- a/cdsa/cdsa_utilities/cssmdb.h +++ /dev/null @@ -1,655 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// cssmdb.h -// -// classes for the DL related data structures -// - -#ifndef _H_CDSA_UTILITIES_CSSMDB -#define _H_CDSA_UTILITIES_CSSMDB - -#include -#include -#include -#include - -#ifdef _CPP_UTILITIES -#pragma export on -#endif - -namespace Security -{ - - -// -// Template class to build and maintain external arrays. -// Feel free to add and vector<> member functions and behaviours as needed. -// -// This class differs from vector mainly because it does not construct or -// destruct any of the elements it contains. Rather it zero fills the -// storage and returns references to elements. -// Also it does not implement insert(), erase() or assign(). It does implement -// which is equivalent to calling *insert(end()) on a vector. -// -template -class ArrayBuilder { -public: - typedef _Tp value_type; - typedef value_type* pointer; - typedef const value_type* const_pointer; - typedef value_type* iterator; - typedef const value_type* const_iterator; - typedef value_type& reference; - typedef const value_type& const_reference; - typedef uint32 size_type; - typedef ptrdiff_t difference_type; - - typedef reverse_iterator const_reverse_iterator; - typedef reverse_iterator reverse_iterator; - -protected: - void insert_aux(iterator __position, const _Tp& __x); - void insert_aux(iterator __position); - -public: - iterator begin() { return mArray; } - const_iterator begin() const { return mArray; } - iterator end() { return &mArray[mSize]; } - const_iterator end() const { return &mArray[mSize]; } - - reverse_iterator rbegin() - { return reverse_iterator(end()); } - const_reverse_iterator rbegin() const - { return const_reverse_iterator(end()); } - reverse_iterator rend() - { return reverse_iterator(begin()); } - const_reverse_iterator rend() const - { return const_reverse_iterator(begin()); } - - // Must be defined in base class. - //size_type size() const - //{ return mSize; } - size_type max_size() const - { return size_type(-1) / sizeof(_Tp); } - size_type capacity() const - { return mCapacity; } - bool empty() const - { return begin() == end(); } - - ArrayBuilder(pointer &array, size_type &size, size_type capacity = 0, CssmAllocator &allocator = CssmAllocator::standard()) : - mArray(array), mSize(size), mCapacity(capacity), mAllocator(allocator) - { -#if BUG_GCC - mArray = reinterpret_cast(mAllocator.malloc(sizeof(value_type) * mCapacity)); -#else - mArray = reinterpret_cast(mAllocator.malloc(sizeof(value_type) * mCapacity)); - //mArray = mAllocator.alloc(mCapacity); -#endif - memset(mArray, 0, sizeof(value_type) * mCapacity); - mSize = 0; - } - ~ArrayBuilder() { mAllocator.free(mArray); } - - reference front() { return *begin(); } - const_reference front() const { return *begin(); } - reference back() { return *(end() - 1); } - const_reference back() const { return *(end() - 1); } - - void reserve(size_type newCapacity) - { - if (newCapacity > mCapacity) - { -#if BUG_GCC - mArray = reinterpret_cast(mAllocator.realloc(mArray, sizeof(value_type) * newCapacity)); -#else - mArray = reinterpret_cast(mAllocator.realloc(mArray, sizeof(value_type) * newCapacity)); - //mArray = mAllocator.realloc(mArray, newCapacity)); -#endif - memset(&mArray[mCapacity], 0, sizeof(value_type) * (newCapacity - mCapacity)); - mCapacity = newCapacity; - } - } - - // XXX Replace by push_back and insert. - reference add() - { - if (mSize >= mCapacity) - reserve(max(mSize + 1, mCapacity ? 2 * mCapacity : 1)); - - return mArray[mSize++]; - } - - const_pointer get() const { return mArray; } - pointer release() { const_pointer array = mArray; mArray = NULL; return array; } - void clear() { if (mSize) { memset(mArray, 0, sizeof(value_type) * mSize); } mSize = 0; } - - // Must be defined in base class. - //reference at(size_type ix) { return mArray[ix]; } - //const_reference at(size_type ix) const { return mArray[ix]; } - //reference operator[] (size_type ix) { assert(ix < size()); return at(ix); } - //const_reference operator[] (size_type ix) const { assert(ix < size()); return at(ix); } -protected: - CssmAllocator &allocator() const { return mAllocator; } - -private: - - pointer &mArray; - size_type &mSize; - size_type mCapacity; - CssmAllocator &mAllocator; -}; - - -// -// CssmDbAttributeInfo pod wrapper for CSSM_DB_ATTRIBUTE_INFO -// -class CssmDbAttributeInfo : public PodWrapper -{ -public: - CssmDbAttributeInfo(const CSSM_DB_ATTRIBUTE_INFO &attr) - { (CSSM_DB_ATTRIBUTE_INFO &)*this = attr; } - - CSSM_DB_ATTRIBUTE_NAME_FORMAT nameFormat() const { return AttributeNameFormat; } - void nameFormat(CSSM_DB_ATTRIBUTE_NAME_FORMAT nameFormat) { AttributeNameFormat = nameFormat; } - - CSSM_DB_ATTRIBUTE_FORMAT format() const { return AttributeFormat; } - void format(CSSM_DB_ATTRIBUTE_FORMAT format) { AttributeFormat = format; } - - operator const char *() const - { - assert(nameFormat() == CSSM_DB_ATTRIBUTE_NAME_AS_STRING); - return Label.AttributeName; - } - operator const CssmOid &() const - { - assert(nameFormat() == CSSM_DB_ATTRIBUTE_NAME_AS_OID); - return CssmOid::overlay(Label.AttributeOID); - } - operator uint32() const - { - assert(nameFormat() == CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER); - return Label.AttributeID; - } - - bool operator <(const CssmDbAttributeInfo& other) const; - bool operator ==(const CssmDbAttributeInfo& other) const; - bool operator !=(const CssmDbAttributeInfo& other) const - { return !(*this == other); } - - // XXX Add setting member functions. -}; - -// -// CssmDbRecordAttributeInfo pod wrapper for CSSM_DB_RECORD_ATTRIBUTE_INFO -// -class CssmDbRecordAttributeInfo : public PodWrapper -{ -public: - CssmDbRecordAttributeInfo() - { DataRecordType = CSSM_DL_DB_RECORD_ANY; } - - CssmDbRecordAttributeInfo(CSSM_DB_RECORDTYPE recordType, uint32 numberOfAttributes, - CSSM_DB_ATTRIBUTE_INFO_PTR attributeInfo) - { - DataRecordType = recordType; - NumberOfAttributes = numberOfAttributes; - AttributeInfo = attributeInfo; - } - - CSSM_DB_RECORDTYPE recordType() const { return DataRecordType; } - void recordType(CSSM_DB_RECORDTYPE recordType) { DataRecordType = recordType; } - - uint32 size() const { return NumberOfAttributes; } - - // Attributes by position - CssmDbAttributeInfo &at(uint32 ix) - { return CssmDbAttributeInfo::overlay(AttributeInfo[ix]); } - const CssmDbAttributeInfo &at(uint32 ix) const - { return CssmDbAttributeInfo::overlay(AttributeInfo[ix]); } - - CssmDbAttributeInfo &operator [](uint32 ix) - { assert(ix < size()); return at(ix); } - const CssmDbAttributeInfo &operator [](uint32 ix) const - { assert(ix < size()); return at(ix); } -}; - -// -// CssmAutoDbRecordAttributeInfo pod wrapper for CSSM_DB_RECORD_ATTRIBUTE_INFO -// -class CssmAutoDbRecordAttributeInfo: public CssmDbRecordAttributeInfo, public ArrayBuilder -{ -public: - CssmAutoDbRecordAttributeInfo(uint32 capacity = 0, CssmAllocator &allocator = CssmAllocator::standard()) : - CssmDbRecordAttributeInfo(), - ArrayBuilder(CssmDbAttributeInfo::overlayVar(AttributeInfo), - NumberOfAttributes, capacity, allocator) {} -}; - - -// -// CssmDbAttributeData pod wrapper for CSSM_DB_ATTRIBUTE_DATA -// -class CssmDbAttributeData : public PodWrapper -{ -public: - CssmDbAttributeData() { NumberOfValues = 0; Value = NULL; } - CssmDbAttributeData(const CSSM_DB_ATTRIBUTE_DATA &attr) - { (CSSM_DB_ATTRIBUTE_DATA &)*this = attr; } - CssmDbAttributeData(const CSSM_DB_ATTRIBUTE_INFO &info) - { Info = info; NumberOfValues = 0; Value = NULL; } - - CssmDbAttributeInfo &info() { return CssmDbAttributeInfo::overlay(Info); } - const CssmDbAttributeInfo &info() const { return CssmDbAttributeInfo::overlay(Info); } - void info (const CSSM_DB_ATTRIBUTE_INFO &inInfo) { Info = inInfo; } - - CSSM_DB_ATTRIBUTE_FORMAT format() const { return info().format(); } - - uint32 size() const { return NumberOfValues; } - - template - T at(unsigned int ix) const { return CssmDLPolyData(Value[ix], format()); } - - template - T operator [](unsigned int ix) const - { if (ix >= size()) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); return at(ix); } - - // this is intentionally unspecified since it could lead to bugs; the - // data is not guaranteed to be NULL-terminated - // operator const char *() const; - - // XXX Don't use assert, but throw an exception. - operator string() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_STRING); - return Value[0].Length ? string(reinterpret_cast(Value[0].Data), Value[0].Length) : string(); - } - operator bool() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32 || format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32); - return *reinterpret_cast(Value[0].Data); - } - operator uint32() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32); - return *reinterpret_cast(Value[0].Data); - } - operator const uint32 *() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32); - return reinterpret_cast(Value[0].Data); - } - operator sint32() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32); - return *reinterpret_cast(Value[0].Data); - } - operator double() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_REAL); - return *reinterpret_cast(Value[0].Data); - } - operator CssmData &() const - { - if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE); - assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_STRING - || format() == CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM - || format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE - || format() == CSSM_DB_ATTRIBUTE_FORMAT_BLOB - || format() == CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32); - return CssmData::overlay(Value[0]); - } - - // Set the value of this Attr (assuming it was not set before). - void set(const CSSM_DB_ATTRIBUTE_INFO &inInfo, const CssmPolyData &inValue, - CssmAllocator &inAllocator) - { - info(inInfo); - NumberOfValues = 0; - Value = inAllocator.alloc(); - Value[0].Length = 0; - Value[0].Data = inAllocator.alloc(inValue.Length); - Value[0].Length = inValue.Length; - memcpy(Value[0].Data, inValue.Data, inValue.Length); - NumberOfValues = 1; - } - - // Set the value of this Attr (assuming it was not set before). - void set(const CSSM_DB_ATTRIBUTE_DATA &other, CssmAllocator &inAllocator) - { - info(other.Info); - Value = inAllocator.alloc(other.NumberOfValues); - NumberOfValues = other.NumberOfValues; - for (NumberOfValues = 0; NumberOfValues < other.NumberOfValues; NumberOfValues++) - { - Value[NumberOfValues].Length = 0; - Value[NumberOfValues].Data = inAllocator.alloc(other.Value[NumberOfValues].Length); - Value[NumberOfValues].Length = other.Value[NumberOfValues].Length; - memcpy(Value[NumberOfValues].Data, other.Value[NumberOfValues].Data, - other.Value[NumberOfValues].Length); - } - } - - // Add a value to this attribute. - void add(const CssmPolyData &inValue, CssmAllocator &inAllocator) - { - Value = reinterpret_cast(inAllocator.realloc(Value, sizeof(*Value) * (NumberOfValues + 1))); - Value[NumberOfValues].Length = 0; - Value[NumberOfValues].Data = inAllocator.alloc(inValue.Length); - Value[NumberOfValues].Length = inValue.Length; - memcpy(Value[NumberOfValues++].Data, inValue.Data, inValue.Length); - } - - void add(const CssmDbAttributeData &src, CssmAllocator &inAllocator); - - // delete specific values if they are present in this attribute data - bool deleteValue(const CssmData &src, CssmAllocator &inAllocator); - void deleteValues(const CssmDbAttributeData &src, CssmAllocator &inAllocator); - - void deleteValues(CssmAllocator &inAllocator); - - bool operator <(const CssmDbAttributeData& other) const; -}; - - -// -// CssmDbRecordAttributeData pod wrapper for CSSM_DB_RECORD_ATTRIBUTE_DATA -// -class CssmDbRecordAttributeData : public PodWrapper -{ -public: - CssmDbRecordAttributeData() - { DataRecordType = CSSM_DL_DB_RECORD_ANY; SemanticInformation = 0; } - - CSSM_DB_RECORDTYPE recordType() const { return DataRecordType; } - void recordType(CSSM_DB_RECORDTYPE recordType) { DataRecordType = recordType; } - - uint32 semanticInformation() const { return SemanticInformation; } - void semanticInformation(uint32 semanticInformation) { SemanticInformation = semanticInformation; } - - uint32 size() const { return NumberOfAttributes; } - - // Attributes by position - CssmDbAttributeData &at(unsigned int ix) - { return CssmDbAttributeData::overlay(AttributeData[ix]); } - const CssmDbAttributeData &at(unsigned int ix) const - { return CssmDbAttributeData::overlay(AttributeData[ix]); } - - CssmDbAttributeData &operator [](unsigned int ix) - { assert(ix < size()); return at(ix); } - const CssmDbAttributeData &operator [](unsigned int ix) const - { assert(ix < size()); return at(ix); } - - void deleteValues(CssmAllocator &allocator) - { for (uint32 ix = 0; ix < size(); ++ix) at(ix).deleteValues(allocator); } - - CssmDbAttributeData *find(const CSSM_DB_ATTRIBUTE_INFO &inInfo); - - bool operator <(const CssmDbRecordAttributeData& other) const; -}; - - -// -// CssmAutoDbRecordAttributeData -// -class CssmAutoDbRecordAttributeData : public CssmDbRecordAttributeData, public ArrayBuilder -{ -public: - CssmAutoDbRecordAttributeData(uint32 capacity = 0, - CssmAllocator &valueAllocator = CssmAllocator::standard(), - CssmAllocator &dataAllocator = CssmAllocator::standard()) : - CssmDbRecordAttributeData(), - ArrayBuilder(CssmDbAttributeData::overlayVar(AttributeData), - NumberOfAttributes, capacity, dataAllocator), - mValueAllocator(valueAllocator) {} - ~CssmAutoDbRecordAttributeData(); - - void clear(); - void deleteValues() { CssmDbRecordAttributeData::deleteValues(mValueAllocator); } - - CssmDbAttributeData &add() { return ArrayBuilder::add(); } // XXX using doesn't work here. - CssmDbAttributeData &add(const CSSM_DB_ATTRIBUTE_INFO &info); - CssmDbAttributeData &add(const CSSM_DB_ATTRIBUTE_INFO &info, const CssmPolyData &value); - - // So clients can pass this as the allocator argument to add() - operator CssmAllocator &() const { return mValueAllocator; } -private: - CssmAllocator &mValueAllocator; - - CssmDbAttributeData* findAttribute (const CSSM_DB_ATTRIBUTE_INFO &info); - CssmDbAttributeData& getAttributeReference (const CSSM_DB_ATTRIBUTE_INFO &info); -}; - - -// -// CssmSelectionPredicate a PodWrapper for CSSM_SELECTION_PREDICATE -// -class CssmSelectionPredicate : public PodWrapper { -public: - CssmSelectionPredicate() { /*IFDEBUG(*/ memset(this, 0, sizeof(*this)) /*)*/ ; } - - CSSM_DB_OPERATOR dbOperator() const { return DbOperator; } - void dbOperator(CSSM_DB_OPERATOR dbOperator) { DbOperator = dbOperator; } - - CssmSelectionPredicate(CSSM_DB_OPERATOR inDbOperator) - { dbOperator(inDbOperator); Attribute.NumberOfValues = 0; Attribute.Value = NULL; } - - CssmDbAttributeData &attribute() { return CssmDbAttributeData::overlay(Attribute); } - const CssmDbAttributeData &attribute() const { return CssmDbAttributeData::overlay(Attribute); } - - // Set the value of this CssmSelectionPredicate (assuming it was not set before). - void set(const CSSM_DB_ATTRIBUTE_INFO &inInfo, - const CssmPolyData &inValue, CssmAllocator &inAllocator) - { attribute().set(inInfo, inValue, inAllocator); } - - // Set the value of this CssmSelectionPredicate using another CssmSelectionPredicate's value. - void set(const CSSM_SELECTION_PREDICATE &other, CssmAllocator &inAllocator) - { DbOperator = other.DbOperator; attribute().set(other.Attribute, inAllocator); } - - // Add a value to the list of values for this CssmSelectionPredicate. - void add(const CssmPolyData &inValue, CssmAllocator &inAllocator) - { attribute().add(inValue, inAllocator); } - - void deleteValues(CssmAllocator &inAllocator) { attribute().deleteValues(inAllocator); } -}; - -class CssmQuery : public PodWrapper { -public: - CssmQuery() - { memset(this, 0, sizeof(*this)) ; RecordType = CSSM_DL_DB_RECORD_ANY; } - //CssmDLQuery(const CSSM_QUERY &q) { memcpy(this, &q, sizeof(*this)); } - - //CssmDLQuery &operator = (const CSSM_QUERY &q) - //{ memcpy(this, &q, sizeof(*this)); return *this; } - - CSSM_DB_RECORDTYPE recordType() const { return RecordType; } - void recordType(CSSM_DB_RECORDTYPE recordType) { RecordType = recordType; } - - CSSM_DB_CONJUNCTIVE conjunctive() const { return Conjunctive; } - void conjunctive(CSSM_DB_CONJUNCTIVE conjunctive) { Conjunctive = conjunctive; } - - CSSM_QUERY_LIMITS queryLimits() const { return QueryLimits; } - void queryLimits(CSSM_QUERY_LIMITS queryLimits) { QueryLimits = queryLimits; } - - CSSM_QUERY_FLAGS queryFlags() const { return QueryFlags; } - void queryFlags(CSSM_QUERY_FLAGS queryFlags) { QueryFlags = queryFlags; } - - uint32 size() const { return NumSelectionPredicates; } - - CssmSelectionPredicate &at(uint32 ix) - { return CssmSelectionPredicate::overlay(SelectionPredicate[ix]); } - const CssmSelectionPredicate &at(uint32 ix) const - { return CssmSelectionPredicate::overlay(SelectionPredicate[ix]); } - - CssmSelectionPredicate &operator[] (uint32 ix) { assert(ix < size()); return at(ix); } - const CssmSelectionPredicate &operator[] (uint32 ix) const { assert(ix < size()); return at(ix); } - - void deleteValues(CssmAllocator &allocator) - { for (uint32 ix = 0; ix < size(); ++ix) at(ix).deleteValues(allocator); } -}; - - -class CssmAutoQuery : public CssmQuery, public ArrayBuilder { -public: - CssmAutoQuery(const CSSM_QUERY &query, CssmAllocator &allocator = CssmAllocator::standard()); - CssmAutoQuery(uint32 capacity = 0, CssmAllocator &allocator = CssmAllocator::standard()) : - ArrayBuilder(CssmSelectionPredicate::overlayVar(SelectionPredicate), - NumSelectionPredicates, - capacity, allocator) {} - ~CssmAutoQuery(); - void clear(); - void deleteValues() { CssmQuery::deleteValues(allocator()); } - - CssmSelectionPredicate &add() { return ArrayBuilder::add(); } - CssmSelectionPredicate &add(CSSM_DB_OPERATOR dbOperator, const CSSM_DB_ATTRIBUTE_INFO &info, const CssmPolyData &value); - - // So clients can pass this as the allocator argument to add() - operator CssmAllocator &() const { return allocator(); } -}; - - -// -// DLDbIdentifier -// -class DLDbIdentifier -{ -protected: - class Impl : public RefCount - { - NOCOPY(Impl) - public: - Impl(const CSSM_SUBSERVICE_UID &ssuid,const char *DbName,const CSSM_NET_ADDRESS *DbLocation) : - mCssmSubserviceUid(ssuid),mDbName(DbName,DbLocation) {} - - ~Impl() {} // Must be public since RefPointer uses it. - - // Accessors - const CssmSubserviceUid &ssuid() const { return mCssmSubserviceUid; } - const char *dbName() const { return mDbName.dbName().c_str(); } - const CssmNetAddress *dbLocation() const { return mDbName.dbLocation(); } - - // comparison (simple lexicographic) - bool operator < (const Impl &other) const - { return mCssmSubserviceUid < other.mCssmSubserviceUid || - (mCssmSubserviceUid == other.mCssmSubserviceUid && mDbName < other.mDbName); } - - bool operator == (const Impl &other) const - { return mCssmSubserviceUid == other.mCssmSubserviceUid && mDbName == other.mDbName; } - - private: - // Private member variables - CssmSubserviceUid mCssmSubserviceUid; - DbName mDbName; - }; - -public: - // Constructors - DLDbIdentifier() {} - DLDbIdentifier(const CSSM_SUBSERVICE_UID &ssuid,const char *DbName,const CSSM_NET_ADDRESS *DbLocation) - : mImpl(new Impl(ssuid, DbName, DbLocation)) {} - - // Conversion Operators - bool operator !() const { return !mImpl; } - operator bool() const { return mImpl; } - - // Operators - bool operator <(const DLDbIdentifier &other) const - { return mImpl && other.mImpl ? *mImpl < *other.mImpl : mImpl.get() < other.mImpl.get(); } - bool operator ==(const DLDbIdentifier &other) const - { return mImpl && other.mImpl ? *mImpl == *other.mImpl : mImpl.get() == other.mImpl.get(); } - DLDbIdentifier &operator =(const DLDbIdentifier &other) - { mImpl = other.mImpl; return *this; } - - // Accessors - const CssmSubserviceUid &ssuid() const { return mImpl->ssuid(); } - const char *dbName() const { return mImpl->dbName(); } - const CssmNetAddress *dbLocation() const { return mImpl->dbLocation(); } - - RefPointer mImpl; -}; - -// Wrappers for index-related CSSM objects. - -class CssmDbIndexInfo : public PodWrapper -{ -public: - CssmDbIndexInfo(const CSSM_DB_INDEX_INFO &attr) - { (CSSM_DB_INDEX_INFO &)*this = attr; } - - CSSM_DB_INDEX_TYPE indexType() const { return IndexType; } - void indexType(CSSM_DB_INDEX_TYPE indexType) { IndexType = indexType; } - - CSSM_DB_INDEXED_DATA_LOCATION dataLocation() const { return IndexedDataLocation; } - void dataLocation(CSSM_DB_INDEXED_DATA_LOCATION dataLocation) - { - IndexedDataLocation = dataLocation; - } - - const CssmDbAttributeInfo &attributeInfo() const - { - return CssmDbAttributeInfo::overlay(Info); - } -}; - - -namespace DataWalkers -{ - -// -// DLDbIdentifiers don't walk directly because they have Impl structure and use strings. -// Happily, they are easily transcribed into a walkable form. -// -struct DLDbFlatIdentifier { - const CssmSubserviceUid *uid; // module reference - const char *name; // string name - const CssmNetAddress *address; // optional network address - - DLDbFlatIdentifier(const DLDbIdentifier &ident) - : uid(&ident.ssuid()), name(ident.dbName()), address(ident.dbLocation()) { } - - operator DLDbIdentifier () { return DLDbIdentifier(*uid, name, address); } -}; - -template -DLDbFlatIdentifier *walk(Action &operate, DLDbFlatIdentifier * &ident) -{ - operate(ident); - if (ident->uid) - walk(operate, ident->uid); - walk(operate, ident->name); - if (ident->address) - walk(operate, ident->address); - return ident; -} - -} // end namespace DataWalkers - -} // end namespace Security - -#ifdef _CPP_UTILITIES -#pragma export off -#endif - - -#endif // _H_CDSA_UTILITIES_CSSMDB diff --git a/cdsa/cdsa_utilities/cssmerrno.cpp b/cdsa/cdsa_utilities/cssmerrno.cpp deleted file mode 100644 index 47e58b09..00000000 --- a/cdsa/cdsa_utilities/cssmerrno.cpp +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmerrno - number-to-string translation for CSSM error codes -// -#include -#include -#include -#include -#include -#include - - -namespace Security { - - -// -// The compiled database of error codes -// -struct ErrorMap : public map { - ErrorMap(); -}; -static ModuleNexus errorMap; - -struct Mapping { - CSSM_RETURN error; - const char *name; -}; - -#include "errorcodes.gen" // include generated error tables - - -// -// Create the error map (the first time) -// -ErrorMap::ErrorMap() -{ - for (unsigned n = 0; n < sizeof(errorList) / sizeof(errorList[0]); n++) - (*this)[errorList[n].error] = errorList[n].name; -} - - -// -// A perror-like form usable from C (and C++) -// -extern "C" -void cssmPerror(const char *how, CSSM_RETURN error) -{ - if (how) - fprintf(stderr, "%s: %s\n", how, cssmErrorString(error).c_str()); - else - fprintf(stderr, "%s\n", cssmErrorString(error).c_str()); -} - - -// -// Produce a diagnostic string from a CSSM error number or exception. -// Small numbers are tried as convertible errors first. -// Unknown errors are output numerically with a note. -// -string cssmErrorString(CSSM_RETURN error) -{ - if (error == CSSM_OK) { - return "[ok]"; - } else if (error >= errSecErrnoBase && error <= errSecErrnoLimit) { - return string("UNIX[") + strerror(error - errSecErrnoBase) + "]"; - } else if (error > 0 && - int(error) < int(sizeof(convErrorList) / sizeof(convErrorList[0])) && - convErrorList[error]) { - return string("COMMON[") + convErrorList[error] + "]"; - } else { - ErrorMap::const_iterator it = errorMap().find(error); - if (it == errorMap().end()) { - char msg[80]; - snprintf(msg, sizeof(msg), "[UNKNOWN:0x%lx=%ld]", error, error); - return msg; - } else { - return it->second; - } - } -} - -string cssmErrorString(const CssmCommonError &error) -{ return cssmErrorString(error.cssmError()); } - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cssmerrno.h b/cdsa/cdsa_utilities/cssmerrno.h deleted file mode 100644 index 4ab4409a..00000000 --- a/cdsa/cdsa_utilities/cssmerrno.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmerrno - number-to-string translation for CSSM error codes -// -#ifndef _H_CSSMERRNO -#define _H_CSSMERRNO - -#include -#include /* for cssmPerror() */ -#include - -#ifdef _CPP_CSSMERRNO -#pragma export on -#endif - -namespace Security -{ - -string cssmErrorString(CSSM_RETURN error); -string cssmErrorString(const CssmCommonError &error); - -} // end namespace Security - -#ifdef _CPP_CSSMERRNO -#pragma export off -#endif - -#endif //_H_CSSMERRNO diff --git a/cdsa/cdsa_utilities/cssmlist.cpp b/cdsa/cdsa_utilities/cssmlist.cpp deleted file mode 100644 index 4e3648f8..00000000 --- a/cdsa/cdsa_utilities/cssmlist.cpp +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmlist - CSSM_LIST operational utilities -// -#ifdef __MWERKS__ -#define _CPP_CSSMLIST -#endif - -#include -#include - - -// -// Managing list elements -// -ListElement *ListElement::last() -{ - for (ListElement *p = this; ; p = p->next()) - if (p->next() == NULL) - return p; - // not reached -} - - -ListElement::ListElement(CSSM_WORDID_TYPE word) -{ - ElementType = CSSM_LIST_ELEMENT_WORDID; - WordID = word; -} - -ListElement::ListElement(const CssmData &data) -{ - ElementType = CSSM_LIST_ELEMENT_DATUM; - WordID = 0; - Element.Word = data; -} - -ListElement::ListElement(CssmAllocator &alloc, const CssmData &data) -{ - ElementType = CSSM_LIST_ELEMENT_DATUM; - WordID = 0; - Element.Word = CssmAutoData(alloc, data).release(); -} - -ListElement::ListElement(CssmAllocator &alloc, const string &s) -{ - ElementType = CSSM_LIST_ELEMENT_DATUM; - WordID = 0; - Element.Word = CssmAutoData(alloc, s.data(), s.size()).release(); -} - -ListElement::ListElement(const CssmList &list) -{ - ElementType = CSSM_LIST_ELEMENT_SUBLIST; - WordID = 0; - Element.Sublist = list; -} - - -CssmData &ListElement::data() -{ - assert(type() == CSSM_LIST_ELEMENT_DATUM); - return CssmData::overlay(Element.Word); -} - -const CssmData &ListElement::data() const -{ - assert(type() == CSSM_LIST_ELEMENT_DATUM); - return CssmData::overlay(Element.Word); -} - -CssmList &ListElement::list() -{ - assert(type() == CSSM_LIST_ELEMENT_SUBLIST); - return CssmList::overlay(Element.Sublist); -} - -const CssmList &ListElement::list() const -{ - assert(type() == CSSM_LIST_ELEMENT_SUBLIST); - return CssmList::overlay(Element.Sublist); -} - -TypedList &ListElement::typedList() -{ - return static_cast(list()); -} - -const TypedList &ListElement::typedList() const -{ - return static_cast(list()); -} - -CSSM_WORDID_TYPE ListElement::word() const -{ - assert(type() == CSSM_LIST_ELEMENT_WORDID); - return WordID; -} - - -// -// List operations -// -ListElement &CssmList::operator [] (unsigned ix) const -{ - for (ListElement *elem = first(); elem; elem = elem->next(), ix--) { - if (ix == 0) - return *elem; - } - throw 999; //@@@ -} - -unsigned int CssmList::length() const -{ - unsigned int len = 0; - for (ListElement *elem = first(); elem; elem = elem->next()) - len++; - return len; -} - -CssmList &CssmList::append(ListElement *elem) -{ - if (Tail == NULL) { // first element - Head = Tail = elem; - } else { - Tail->NextElement = elem; - Tail = elem; - } - elem->NextElement = NULL; - return *this; -} - -CssmList &CssmList::insert(ListElement *elem, ListElement *before) -{ - // null before -> append - if (before == NULL) - return append(elem); - - // we have a real position - assert(!empty()); - if (Head == before) { // before first element - elem->NextElement = before; - Head = elem; - } else { // before is not first - for (CSSM_LIST_ELEMENT *p = Head; p; p = p->NextElement) { - if (p->NextElement == before) { - elem->NextElement = before; - p->NextElement = elem; - return *this; - } - } - // end of list, before not in list - throw 999; //@@@ - } - return *this; -} - -CssmList &CssmList::remove(ListElement *elem) -{ - assert(elem); - if (elem == Head) { // remove first element - Head = Head->NextElement; - } else { // subsequent element - for (CSSM_LIST_ELEMENT *p = Head; p; p = p->NextElement) - if (p->NextElement == elem) { - p->NextElement = elem->NextElement; - if (elem->NextElement == NULL) // removing last element - Tail = p; - return *this; - } - // end of list, elem not found - throw 999; //@@@ - } - return *this; -} - -void CssmList::snip() -{ - assert(Head); // can't be empty - if (Head == Tail) { // single element, empty when snipped - Head = Tail = NULL; - } else { // more than one, bypass first - Head = first()->next(); - } -} - - -// -// Deep-destruction of CssmLists and ListElements. -// The underlying assumption is that all components were allocated from a single -// CssmAllocator in canonical chunks. -// -void ListElement::clear(CssmAllocator &alloc) -{ - switch (type()) { - case CSSM_LIST_ELEMENT_WORDID: - break; // no substructure - case CSSM_LIST_ELEMENT_DATUM: - alloc.free(data().data()); - break; - case CSSM_LIST_ELEMENT_SUBLIST: - list().clear(alloc); - break; - default: - assert(false); - } -} - -void CssmList::clear(CssmAllocator &alloc) -{ - ListElement *elem = first(); - while (elem) { - ListElement *next = elem->next(); - destroy(elem, alloc); - elem = next; - } -} - - -// -// Building TypedLists -// -TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type) -{ - append(new(alloc) ListElement(type)); -} - -TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1) -{ - append(new(alloc) ListElement(type)); - append(elem1); -} - -TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2) -{ - append(new(alloc) ListElement(type)); - append(elem1); - append(elem2); -} - -TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2, ListElement *elem3) -{ - append(new(alloc) ListElement(type)); - append(elem1); - append(elem2); - append(elem3); -} - -TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2, ListElement *elem3, ListElement *elem4) -{ - append(new(alloc) ListElement(type)); - append(elem1); - append(elem2); - append(elem3); - append(elem4); -} - - -// -// Verify that a TypedList is "proper", i.e. has a first element of WORDID form -// -bool TypedList::isProper() const -{ - return first() && first()->type() == CSSM_LIST_ELEMENT_WORDID; -} - -void TypedList::checkProper(CSSM_RETURN error) const -{ - if (!isProper()) - CssmError::throwMe(error); -} diff --git a/cdsa/cdsa_utilities/cssmlist.h b/cdsa/cdsa_utilities/cssmlist.h deleted file mode 100644 index b5b1ec4f..00000000 --- a/cdsa/cdsa_utilities/cssmlist.h +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmlist - CSSM_LIST operational utilities -// -#ifndef _H_CSSMLIST -#define _H_CSSMLIST - -#include -#include -#include - - -namespace Security { - -class CssmList; -class TypedList; - - -// -// A POD Wrapper for CSSM_LIST_ELEMENTs. -// List elements are pseudo-polymorphic, so we provide ways to get and -// set their three personalities. It's up to the caller to get this right; -// you mustn't (for example) call the data() method on a list element that -// is not of (element) type CSSM_LIST_ELEMENT_DATUM. To violate this rule -// will get you an assertion (not exception). -// -class ListElement : public PodWrapper { -public: - // type control - CSSM_LIST_ELEMENT_TYPE type() const { return ElementType; } - bool is(CSSM_LIST_ELEMENT_TYPE t) const { return type() == t; } - - // list element chaining - ListElement * &next() { return ListElement::overlayVar(NextElement); } - ListElement *next() const { return ListElement::overlay(NextElement); } - ListElement *last(); - - // CssmData personality - explicit ListElement(const CssmData &data); - explicit ListElement(CssmAllocator &alloc, const CssmData &data); - explicit ListElement(CssmAllocator &alloc, const std::string &stringData); - CssmData &data(); - string toString() const { return data().toString(); } - const CssmData &data() const; - ListElement &operator = (const CssmData &data); - operator CssmData &() { return data(); } - operator std::string () const { return toString(); } - bool operator == (const CssmData &other) const { return data() == other; } - bool operator != (const CssmData &other) const { return data() != other; } - - template - void extract(T &destination, CSSM_RETURN error = CSSM_ERRCODE_INVALID_DATA) - { data().extract(destination, error); } - - // CssmList (sublist) personality - explicit ListElement(const CssmList &list); - CssmList &list(); - const CssmList &list() const; - TypedList &typedList(); - const TypedList &typedList() const; - ListElement &operator = (const CssmList &list); - operator CssmList &() { return list(); } - operator TypedList &(); - - // WORDID (number) personality - explicit ListElement(CSSM_WORDID_TYPE word); - CSSM_WORDID_TYPE word() const; - ListElement &operator = (CSSM_WORDID_TYPE word); - operator CSSM_WORDID_TYPE () const { return word(); } - -public: - void *operator new (size_t size, CssmAllocator &alloc) - { return alloc.malloc(size); } - - void clear(CssmAllocator &alloc); // free my contents -}; - -} // end namespace Security - -// specialize destroy() to call clear() for cleanup -inline void destroy(ListElement *elem, CssmAllocator &alloc) -{ - elem->clear(alloc); - alloc.free(elem); -} - -namespace Security { - - -// -// A POD Wrapper for CSSM_LIST. -// CssmList does no memory allocations. Retrieval functions return pointers or -// references into existing content, and modifiers modify in-place without any -// attempt to release previous dynamic content. May the Leaking God be with You. -// -class CssmList : public PodWrapper { -public: - CssmList() { ListType = CSSM_LIST_TYPE_UNKNOWN; Head = Tail = NULL; } - CssmList(const CssmList &list) { *(CssmList *)this = list; } - -public: - CSSM_LIST_TYPE kind() const { return ListType; } // type() reserved for TypedList - - ListElement &operator [] (unsigned ix) const; - unsigned int length() const; - ListElement * &first() { return ListElement::overlayVar(Head); } - ListElement *first() const { return ListElement::overlay(Head); } - ListElement *last() const { return ListElement::overlay(Tail); } - bool empty() const { return first() == NULL; } - - CssmList &append(ListElement *elem); - CssmList &insert(ListElement *elem, ListElement *before); - CssmList &remove(ListElement *elem); - CssmList &operator += (ListElement *elem) { return append(elem); } - CssmList &operator -= (ListElement *elem) { return remove(elem); } - - // logically remove the first element (skip it) - void snip(); - -public: - void clear(CssmAllocator &alloc); // free my contents -}; - -} // end namespace Security - -inline void destroy(CssmList *list, CssmAllocator &alloc) -{ - list->clear(alloc); - alloc.free(list); -} - -namespace Security -{ - -// -// Enhanced overlay for CssmLists whose first element is known to be a wordid. -// -class TypedList : public CssmList { -public: - explicit TypedList(const CSSM_LIST &list) { *(CSSM_LIST *)this = list; } - TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type); - TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1); - TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, - ListElement *elem2); - TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, - ListElement *elem2, ListElement *elem3); - TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, - ListElement *elem2, ListElement *elem3, ListElement *elem4); - - bool isProper() const; // format check (does not throw) - void checkProper(CSSM_RETURN error = CSSM_ERRCODE_INVALID_SAMPLE_VALUE) const; - static TypedList &overlay(CSSM_LIST &list) - { return static_cast(list); } - static const TypedList &overlay(const CSSM_LIST &list) - { return static_cast(list); } - - CSSM_WORDID_TYPE type() const - { assert(isProper()); return first()->word(); } -}; - -inline ListElement::operator TypedList &() -{ return TypedList::overlay(operator CssmList &()); } - - -// -// Data walkers to parse list elements and lists. -// @@@ Walking lists by recursing over next() is stack intensive. Do this in CssmList walker by loop? -// -namespace DataWalkers { - -// ListElement -template -ListElement *walk(Action &operate, ListElement * &elem) -{ - operate(elem); - switch (elem->type()) { - case CSSM_LIST_ELEMENT_DATUM: - walk(operate, elem->data()); - break; - case CSSM_LIST_ELEMENT_SUBLIST: - walk(operate, elem->list()); - break; - case CSSM_LIST_ELEMENT_WORDID: - break; - default: - secdebug("walkers", "invalid list element type (%lx)", elem->type()); - break; - } - if (elem->next()) - walk(operate, elem->next()); - return elem; -} - -template -ListElement *walk(Action &operate, CSSM_LIST_ELEMENT * &elem) -{ walk(operate, ListElement::overlayVar(elem)); } - -// CssmList -template -void enumerate(Action &operate, CssmList &list) -{ - if (!list.empty()) { - walk(operate, list.first()); - if (operate.needsRelinking) - list.Tail = list.first()->last(); // re-establish "tail" link - } -} - -template -CssmList *walk(Action &operate, CssmList * &list) -{ - operate(list); - enumerate(operate, *list); - return list; -} - -template -void walk(Action &operate, CssmList &list) -{ - operate(list); - enumerate(operate, list); -} - -template -void walk(Action &operate, const CssmList &list) -{ walk(operate, const_cast(list)); } - -template -void walk(Action &operate, CSSM_LIST &list) -{ walk(operate, CssmList::overlay(list)); } - -template -void walk(Action &operate, const CSSM_LIST &list) -{ walk(operate, const_cast(list)); } - -template -CSSM_LIST *walk(Action &operate, CSSM_LIST * &list) -{ return walk(operate, CssmList::overlayVar(list)); } - -template -TypedList *walk(Action &operate, TypedList * &list) -{ return static_cast(walk(operate, reinterpret_cast(list))); } - -template -void walk(Action &operate, TypedList &list) -{ walk(operate, static_cast(list)); } - - -} // end namespace DataWalkers -} // end namespace Security - - -#endif //_H_CSSMLIST diff --git a/cdsa/cdsa_utilities/cssmtrust.cpp b/cdsa/cdsa_utilities/cssmtrust.cpp deleted file mode 100644 index 9cb417ed..00000000 --- a/cdsa/cdsa_utilities/cssmtrust.cpp +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmtrust - CSSM layer Trust (TP) related objects. -// -#include -#include - - -namespace Security { - - -// -// Cleanly release the memory in a TPEvidenceInfo -// -void TPEvidenceInfo::destroy(CssmAllocator &allocator) -{ - // status code array - if (codes() > 0 && StatusCodes) - allocator.free(StatusCodes); - - //@@@ need to free unique id if present -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/cssmtrust.h b/cdsa/cdsa_utilities/cssmtrust.h deleted file mode 100644 index a1ff8a2f..00000000 --- a/cdsa/cdsa_utilities/cssmtrust.h +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmtrust - CSSM layer Trust (TP) related objects. -// -#ifndef _H_CSSMTRUST -#define _H_CSSMTRUST - -#include -#include -#include - - -namespace Security { - - -// -// A TP "POLICYINFO" structure, essentially an OID/Data pair. -// -class PolicyInfo : public PodWrapper { -public: - uint32 count() const { return NumberOfPolicyIds; } - uint32 &count() { return NumberOfPolicyIds; } - CssmField *policies() const { return CssmField::overlay(PolicyIds); } - CssmField * &policies() { return CssmField::overlayVar(PolicyIds); } - void *control() const { return PolicyControl; } - - CssmField &operator [] (uint32 ix) - { assert(ix < count()); return policies()[ix]; } - - void setPolicies(uint32 n, CSSM_FIELD *p) - { count() = n; policies() = CssmField::overlay(p); } -}; - - -// -// A CSSM_DL_DB_LIST wrapper. -// Note that there is a DLDBList class elsewhere that is quite -// unrelated to this structure. -// -class CssmDlDbHandle : public PodWrapper { -public: - CssmDlDbHandle(CSSM_DL_HANDLE dl, CSSM_DB_HANDLE db) - { DLHandle = dl; DBHandle = db; } - - CSSM_DL_HANDLE dl() const { return DLHandle; } - CSSM_DB_HANDLE db() const { return DBHandle; } - - operator bool() const { return DLHandle && DBHandle; } -}; - -inline bool operator < (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2) -{ - return h1.DLHandle < h2.DLHandle - || (h1.DLHandle == h2.DLHandle && h1.DBHandle < h2.DBHandle); -} - -inline bool operator == (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2) -{ - return h1.DLHandle == h2.DLHandle && h1.DBHandle == h2.DBHandle; -} - -inline bool operator != (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2) -{ - return h1.DLHandle != h2.DLHandle || h1.DBHandle != h2.DBHandle; -} - - -class CssmDlDbList : public PodWrapper { -public: - uint32 count() const { return NumHandles; } - uint32 &count() { return NumHandles; } - CssmDlDbHandle *handles() const { return CssmDlDbHandle::overlay(DLDBHandle); } - CssmDlDbHandle * &handles() { return CssmDlDbHandle::overlayVar(DLDBHandle); } - - CssmDlDbHandle &operator [] (uint32 ix) const - { assert(ix < count()); return CssmDlDbHandle::overlay(DLDBHandle[ix]); } - - void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list) - { count() = n; handles() = CssmDlDbHandle::overlay(list); } -}; - - -// -// TP caller authentication contexts -// -class TPCallerAuth : public PodWrapper { -public: - CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; } - void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; } - - CSSM_TIMESTRING time() const { return VerifyTime; } - void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; } - - PolicyInfo &policies() { return PolicyInfo::overlay(Policy); } - const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); } - void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } - - AccessCredentials *creds() const - { return AccessCredentials::optional(CallerCredentials); } - void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; } - - uint32 anchorCount() const { return NumberOfAnchorCerts; } - uint32 &anchorCount() { return NumberOfAnchorCerts; } - CssmData *anchors() const { return CssmData::overlay(AnchorCerts); } - CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); } - - CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); } - CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); } -}; - - -// -// TP Verify Contexts - a monster collection of possibly useful stuff -// when verifying a certificate against trust policies -// -class TPVerifyContext : public PodWrapper { -public: - CSSM_TP_ACTION action() const { return Action; } - CssmData &actionData() { return CssmData::overlay(ActionData); } - const CssmData &actionData() const { return CssmData::overlay(ActionData); } - - // set and reference the CallerAuth component - TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); } - operator TPCallerAuth &() const { return callerAuth(); } - TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); } - void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; } - - // forward CallerAuth operations - - CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); } - void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); } - PolicyInfo &policies() const { return callerAuth().policies(); } - void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } - CSSM_TIMESTRING time() const { return callerAuth().time(); } - void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); } - AccessCredentials *creds() const { return callerAuth().creds(); } - void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); } - uint32 anchorCount() const { return callerAuth().anchorCount(); } - uint32 &anchorCount() { return callerAuth().anchorCount(); } - CssmData *anchors() const { return callerAuth().anchors(); } - CssmData * &anchors() { return callerAuth().anchors(); } - void anchors(uint32 count, CSSM_DATA *vector) - { anchorCount() = count; anchors() = CssmData::overlay(vector); } - void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list) - { callerAuth().dlDbList()->setDlDbList(n, list); } -}; - - -// -// The result of a (raw) TP trust verification call -// -class TPEvidence : public PodWrapper { -public: - CSSM_EVIDENCE_FORM form() const { return EvidenceForm; } - void *data() const { return Evidence; } - operator void *() const { return data(); } - - template - T *as() const { return reinterpret_cast(Evidence); } -}; - -class TPVerifyResult : public PodWrapper { -public: - uint32 count() const { return NumberOfEvidences; } - const TPEvidence &operator [] (uint32 ix) const - { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); } -}; - - -// -// A PodWrapper for Apple's TP supporting-evidence structure -// -class TPEvidenceInfo : public PodWrapper { -public: - CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; } - CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const - { return status() & flags; } - - uint32 index() const { return Index; } - const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); } - CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; } - - uint32 codes() const { return NumStatusCodes; } - CSSM_RETURN operator [] (uint32 ix) - { assert(ix < NumStatusCodes); return StatusCodes[ix]; } - - void destroy(CssmAllocator &allocator); -}; - - -// -// Walkers -// -namespace DataWalkers { - - - - -} // end namespace DataWalkers -} // end namespace Security - -#endif //_H_CSSMTRUST diff --git a/cdsa/cdsa_utilities/cssmwalkers.cpp b/cdsa/cdsa_utilities/cssmwalkers.cpp deleted file mode 100644 index 7272adcd..00000000 --- a/cdsa/cdsa_utilities/cssmwalkers.cpp +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmwalkers - walkers for standard CSSM datatypes and wrappers -// -#ifdef __MWERKS__ -#define _CPP_CSSMWALKERS -#endif -#include diff --git a/cdsa/cdsa_utilities/cssmwalkers.h b/cdsa/cdsa_utilities/cssmwalkers.h deleted file mode 100644 index 3ba1afae..00000000 --- a/cdsa/cdsa_utilities/cssmwalkers.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// cssmwalkers - walkers for standard CSSM datatypes and wrappers -// -#ifndef _H_CSSMWALKERS -#define _H_CSSMWALKERS - -#include - - -namespace Security { -namespace DataWalkers { - - -// -// The full set of walkers for CssmData in all its forms. -// -template -void walk(Action &operate, CssmData &data) -{ - operate(data); - operate.blob(data.Data, data.Length); -} - -template -CssmData *walk(Action &operate, CssmData * &data) -{ - operate(data); - operate.blob(data->Data, data->Length); - return data; -} - -template -void walk(Action &operate, CSSM_DATA &data) -{ walk(operate, CssmData::overlay(data)); } - -template -CSSM_DATA *walk(Action &operate, CSSM_DATA * &data) -{ return walk(operate, CssmData::overlayVar(data)); } - - - -// -// Walking a C string is almost regular (the size comes from strlen()). -// Just make sure you honor the needsSize preference of the operator. -// -template -char *walk(Action &operate, char * &s) -{ - operate(s, operate.needsSize ? (strlen(s) + 1) : 0); - return s; -} - - -// -// We "walk" an integer by simply returning it unchanged. -// This is a degenerate special case that makes some templated -// uses of walking easier (notably for Context use). Note that -// the action is never called, so operations don't need to be able -// to cope with integer (non-ref) arguments. This is strictly for -// notational convenience. -// -template -uint32 walk(Action &, uint32 arg) -{ - return arg; -} - - -// -// Flattener functions for common CSSM data types that have internal -// structure. (The flat ones are handled by the default above.) -// -template -CssmKey *walk(Action &operate, CssmKey * &key) -{ - operate(key); - walk(operate, static_cast(*key)); - return key; -} - -template -CSSM_KEY *walk(Action &operate, CSSM_KEY * &data) -{ return walk(operate, CssmKey::overlayVar(data)); } - -template -CssmCryptoData *walk(Action &operate, CssmCryptoData * &data) -{ - operate(data); - walk(operate, data->param()); - return data; -} - -template -CSSM_CRYPTO_DATA *walk(Action &operate, CSSM_CRYPTO_DATA * &data) -{ return walk(operate, CssmCryptoData::overlayVar(data)); } - -template -CSSM_PKCS5_PBKDF2_PARAMS *walk(Action &operate, CSSM_PKCS5_PBKDF2_PARAMS * &data) -{ - operate(data); - walk(operate, data->Passphrase); - return data; -} - - -} // end namespace DataWalkers -} // end namespace Security - -#endif //_H_CSSMWALKERS diff --git a/cdsa/cdsa_utilities/daemon.cpp b/cdsa/cdsa_utilities/daemon.cpp deleted file mode 100644 index c8e47fae..00000000 --- a/cdsa/cdsa_utilities/daemon.cpp +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// demon - support code for writing UNIXoid demons -// -#include -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace Daemon { - - -// -// Daemonize this process, the UNIX way. -// -bool incarnate() -{ - // fork with slight resilience - for (int forkTries = 1; forkTries <= 5; forkTries++) { - switch (fork()) { - case 0: // child - // we are the daemon process (Har! Har!) - break; - case -1: // parent: fork failed - switch (errno) { - case EAGAIN: - case ENOMEM: - Syslog::warning("fork() short on resources (errno=%d); retrying", errno); - sleep(forkTries); - continue; - default: - Syslog::error("fork() failed (errno=%d)", errno); - return false; - } - default: // parent - // @@@ we could close an assurance loop here, but we don't (yet?) - exit(0); - } - } - - // fork succeeded; we are the child; parent is terminating - - // create new session (the magic set-me-apart system call) - setsid(); - - // redirect standard channels to /dev/null - close(0); // fail silently in case 0 is closed - if (open("/dev/null", O_RDWR, 0) == 0) { // /dev/null could be missing, I suppose... - dup2(0, 1); - dup2(0, 2); - } - - // ready to roll - return true; -} - - -// -// Re-execute myself. -// This is a pretty bad hack for libraries that are pretty broken and (essentially) -// don't work after a fork() unless you also exec(). -// -// WARNING: Don't even THINK of doing this in a setuid-anything program. -// -bool executeSelf(char **argv) -{ - static const char reExecEnv[] = "_RE_EXECUTE"; - if (getenv(reExecEnv)) { // was re-executed - secdebug("daemon", "self-execution complete"); - unsetenv(reExecEnv); - return true; - } else { - setenv(reExecEnv, "go", 1); - secdebug("daemon", "self-executing (ouch!)"); - execv(argv[0], argv); - perror("re-execution"); - Syslog::error("Re-execution attempt failed"); - return false; - } -} - - -} // end namespace Daemon -} // end namespace Security diff --git a/cdsa/cdsa_utilities/daemon.h b/cdsa/cdsa_utilities/daemon.h deleted file mode 100644 index e86050c9..00000000 --- a/cdsa/cdsa_utilities/daemon.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// demon - support code for writing UNIXoid demons -// -#ifndef _H_DEMON -#define _H_DEMON - -#include - - -namespace Security { -namespace Daemon { - -bool incarnate(); -bool executeSelf(char **argv); - -} // end namespace Daemon -} // end namespace Security - -#endif //_H_DEMON diff --git a/cdsa/cdsa_utilities/db++.cpp b/cdsa/cdsa_utilities/db++.cpp deleted file mode 100644 index 33b9f772..00000000 --- a/cdsa/cdsa_utilities/db++.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dbm++ - generic C++ layer interface to [n]dbm -// -#include "db++.h" -#include - - -namespace Security { -namespace UnixPlusPlus { - -UnixDb::UnixDb() : mDb(NULL) -{ -} - -UnixDb::UnixDb(const char *path, int flags, int mode, DBTYPE type) : mDb(NULL) -{ - open(path, flags, mode); -} - -UnixDb::UnixDb(const std::string &path, int flags, int mode, DBTYPE type) : mDb(NULL) -{ - open(path, flags, mode); -} - -UnixDb::~UnixDb() -{ - close(); -} - -void UnixDb::open(const char *path, int flags, int mode, DBTYPE type) -{ - if (DB* newDb = ::dbopen(path, flags, mode, type, NULL)) { - close(); - mDb = newDb; - setFd(mDb->fd(mDb)); - secdebug("unixdb", "open(%s,0x%x,0x%x,type=%d)=%p", path, flags, mode, type, mDb); - } else - UnixError::throwMe(); -} - -void UnixDb::open(const std::string &path, int flags, int mode, DBTYPE type) -{ - open(path.c_str(), flags, mode); -} - -void UnixDb::close() -{ - if (mDb) { - secdebug("unixdb", "close(%p)", mDb); - mDb->close(mDb); - mDb = NULL; - setFd(invalidFd); - } -} - -bool UnixDb::get(const CssmData &key, CssmData &value, int flags) const -{ - Data dKey(key); - Data val; - int rc = mDb->get(mDb, &dKey, &val, flags); - secdebug("unixdb", "get(%p,[:%ld],flags=0x%x)=%d[:%ld]", - mDb, key.length(), flags, rc, value.length()); - checkError(rc); - if (!rc) { - value = val; - return true; - } else - return false; -} - -bool UnixDb::get(const CssmData &key, CssmOwnedData &value, int flags) const -{ - CssmData val; - if (get(key, val, flags)) { - value = val; - return true; - } else - return false; -} - -bool UnixDb::put(const CssmData &key, const CssmData &value, int flags) -{ - Data dKey(key); - Data dValue(value); - int rc = mDb->put(mDb, &dKey, &dValue, flags); - secdebug("unixdb", "put(%p,[:%ld],[:%ld],flags=0x%x)=%d", - mDb, key.length(), value.length(), flags, rc); - checkError(rc); - return !rc; -} - -void UnixDb::erase(const CssmData &key, int flags) -{ - Data dKey(key); - secdebug("unixdb", "delete(%p,[:%ld],flags=0x%x)", mDb, key.length(), flags); - checkError(mDb->del(mDb, &dKey, flags)); -} - -bool UnixDb::next(CssmData &key, CssmData &value, int flags /* = R_NEXT */) const -{ - Data dKey, dValue; - int rc = mDb->seq(mDb, &dKey, &dValue, flags); - checkError(rc); - if (!rc) { - key = dKey; - value = dValue; - return true; - } else - return false; -} - - -void UnixDb::flush(int flags) -{ - checkError(mDb->sync(mDb, flags)); -} - - -} // end namespace UnixPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/db++.h b/cdsa/cdsa_utilities/db++.h deleted file mode 100644 index 38ae4811..00000000 --- a/cdsa/cdsa_utilities/db++.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// dbm++ - generic C++ layer interface to [n]dbm -// -#ifndef _H_DBMPP -#define _H_DBMPP - -#include -#include -#include -#include -#include - - -namespace Security { -namespace UnixPlusPlus { - - -class UnixDb : public FileDesc { -public: - UnixDb(); - UnixDb(const char *path, int flags = O_RDWR, int mode = 0666, DBTYPE type = DB_HASH); - UnixDb(const std::string &path, int flags = O_RDWR, int mode = 0666, DBTYPE type = DB_HASH); - - virtual ~UnixDb(); - - void open(const char *path, int flags = O_RDWR, int mode = 0666, DBTYPE type = DB_HASH); - void open(const std::string &path, int flags = O_RDWR, int mode = 0666, DBTYPE type = DB_HASH); - void close(); - - bool get(const CssmData &key, CssmData &value, int flags = 0) const; - bool get(const CssmData &key, CssmOwnedData &value, int flags = 0) const; - bool put(const CssmData &key, const CssmData &value, int flags = 0); - void erase(const CssmData &key, int flags = 0); - void flush(int flags = 0); - - bool next(CssmData &key, CssmData &value, int flags = R_NEXT) const; - bool first(CssmData &key, CssmData &value) const - { return next(key, value, R_FIRST); } - - operator bool () const - { return mDb; } - -public: - struct Data : public PodWrapper { - template - Data(const T &src) { DBT::data = src.data(); DBT::size = src.length(); } - - Data() { } - Data(void *data, size_t length) { DBT::data = data; DBT::size = length; } - Data(const DBT &dat) { DBT::data = dat.data; DBT::size = dat.size; } - - void *data() const { return DBT::data; } - size_t length() const { return size; } - operator bool () const { return DBT::data != NULL; } - operator CssmData () const { return CssmData(data(), length()); } - }; - -private: - DB *mDb; -}; - - -} // end namespace UnixPlusPlus -} // end namespace Security - - -#endif //_H_DBMPP diff --git a/cdsa/cdsa_utilities/debugging.cpp b/cdsa/cdsa_utilities/debugging.cpp deleted file mode 100644 index 8a9eb254..00000000 --- a/cdsa/cdsa_utilities/debugging.cpp +++ /dev/null @@ -1,527 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// debugging - non-trivial debugging support -// -#include -#include -#include -#include - -#define SYSLOG_NAMES // compile syslog name tables -#include - -#include // for name demangling - -// enable kernel tracing -#define ENABLE_SECTRACE 1 - - -namespace Security { -namespace Debug { - - -// -// Main debug functions (global and in-scope) -// -void debug(const char *scope, const char *format, ...) -{ -#if !defined(NDEBUG_CODE) - va_list args; - va_start(args, format); - Target::get().message(scope, format, args); - va_end(args); -#endif -} - -void vdebug(const char *scope, const char *format, va_list args) -{ -#if !defined(NDEBUG_CODE) - Target::get().message(scope, format, args); -#endif -} - -bool debugging(const char *scope) -{ -#if !defined(NDEBUG_CODE) - return Target::get().debugging(scope); -#else - return false; -#endif -} - - -// -// C equivalents for some basic uses -// -extern "C" { - int __security_debugging(const char *scope); - void __security_debug(const char *scope, const char *format, ...); -}; - -int __security_debugging(const char *scope) -{ return debugging(scope); } - -void __security_debug(const char *scope, const char *format, ...) -{ -#if !defined(NDEBUG_CODE) - va_list args; - va_start(args, format); - vdebug(scope, format, args); - va_end(args); -#endif -} - - -// -// Dump facility -// -bool dumping(const char *scope) -{ -#if defined(NDEBUG_STUBS) - return false; -#else - return Target::get().dump(scope); -#endif -} - -void dump(const char *format, ...) -{ -#if !defined(NDEBUG_CODE) - va_list args; - va_start(args, format); - Target::get().dump(format, args); - va_end(args); -#endif -} - -void dumpData(const void *ptr, size_t size) -{ -#if !defined(NDEBUG_CODE) - const char *addr = reinterpret_cast(ptr); - const char *end = addr + size; - bool isText = true; - for (const char *p = addr; p < end; p++) - if (!isprint(*p)) { isText = false; break; } - - if (isText) { - dump("\""); - for (const char *p = addr; p < end; p++) - dump("%c", *p); - dump("\""); - } else { - dump("0x"); - for (const char *p = addr; p < end; p++) - dump("%2.2x", static_cast(*p)); - } -#endif //NDEBUG_STUBS -} - -void dumpData(const char *title, const void *ptr, size_t size) -{ -#if !defined(NDEBUG_CODE) - dump("%s: ", title); - dumpData(ptr, size); - dump("\n"); -#endif //NDEBUG_STUBS -} - - -// -// Turn a C++ typeid into a nice type name. -// This uses the C++ ABI where available. -// We're stripping out a few C++ prefixes; they're pretty redundant (and obvious). -// -string makeTypeName(const type_info &type) -{ - int status; - char *cname = abi::__cxa_demangle(type.name(), NULL, NULL, &status); - string name = !strncmp(cname, "Security::", 10) ? (cname + 10) : - !strncmp(cname, "std::", 5) ? (cname + 5) : - cname; - ::free(cname); // yes, really (ABI rules) - return name; -} - - -// -// Target initialization -// -#if !defined(NDEBUG_CODE) - -Target::Target() - : showScope(false), showThread(false), showPid(false), - sink(NULL) -{ - // put into singleton slot if first - if (singleton == NULL) - singleton = this; - - // insert terminate handler - if (!previousTerminator) // first time we do this - previousTerminator = set_terminate(terminator); -} - -Target::~Target() -{ -} - - -// -// The core logging function of a Target -// -void Target::message(const char *scope, const char *format, va_list args) -{ - if (logSelector(scope)) { - // note: messageConstructionSize is big enough for all prefixes constructed - char buffer[messageConstructionSize]; // building the message here - char *bufp = buffer; - if (showScope && scope) { // add "scope " - if (const char *sep = strchr(scope, ',')) { - bufp += sprintf(bufp, "%-*s", Name::maxLength, (const char *)Name(scope, sep)); - } else { // single scope - bufp += sprintf(bufp, "%-*s", Name::maxLength, scope); - } - } - if (showPid) { // add "[Pid] " - bufp += sprintf(bufp, "[%d] ", getpid()); - } - if (showThread) { // add "#Tthreadid " - *bufp++ = '#'; - Thread::Identity::current().getIdString(bufp); - bufp += strlen(bufp); - *bufp++ = ' '; - } - vsnprintf(bufp, buffer + sizeof(buffer) - bufp, format, args); - for (char *p = bufp; *p; p++) - if (!isprint(*p)) - *p = '?'; - sink->put(buffer, bufp - buffer); - } -} - -bool Target::debugging(const char *scope) -{ - return logSelector(scope); -} - - -// -// The core debug-dump function of a target -// -void Target::dump(const char *format, va_list args) -{ - char buffer[messageConstructionSize]; // building the message here - vsnprintf(buffer, sizeof(buffer), format, args); - for (char *p = buffer; *p; p++) - if (!isprint(*p) && !isspace(*p) || *p == '\r') - *p = '?'; - sink->dump(buffer); -} - -bool Target::dump(const char *scope) -{ - return dumpSelector(scope); -} - - -// -// Selector objects. -// -Target::Selector::Selector() : useSet(false), negate(false) -{ } - -void Target::Selector::operator = (const char *scope) -{ - if (scope) { - // initial values - if (!strcmp(scope, "all")) { - useSet = false; - negate = true; - } else if (!strcmp(scope, "none")) { - useSet = negate = false; - } else { - useSet = true; - enableSet.erase(enableSet.begin(), enableSet.end()); - if (scope[0] == '-') { - negate = true; - scope++; - } else - negate = false; - while (const char *sep = strchr(scope, ',')) { - enableSet.insert(Name(scope, sep)); - scope = sep + 1; - } - enableSet.insert(scope); - } - } else { - useSet = negate = false; - } -} - -bool Target::Selector::operator () (const char *scope) const -{ - // a scope of NULL is a special override; it always qualifies - if (scope == NULL) - return true; - - if (useSet) { - while (const char *sep = strchr(scope, ',')) { - if (enableSet.find(Name(scope, sep)) != enableSet.end()) - return !negate; - scope = sep + 1; - } - return (enableSet.find(scope) != enableSet.end()) != negate; - } else { - return negate; - } -} - - -// -// Establish Target state from the environment -// -void Target::setFromEnvironment() -{ - // set scopes - logSelector = getenv("DEBUGSCOPE"); - dumpSelector = getenv("DEBUGDUMP"); - - // - // Set and configure destination. Currently available: - // /some/where -> that file - // LOG_SOMETHING -> syslog facility - // >&number -> that (already) open file descriptor - // anything else -> try as a filename sight unseen - // DEBUGDEST not set -> stderr - // anything in error -> stderr (with an error message on it) - // - if (const char *dest = getenv("DEBUGDEST")) { - if (dest[0] == '/') { // full pathname, write to file - to(dest); - } else if (!strncmp(dest, "LOG_", 4)) { // syslog - int facility = LOG_DAEMON; - for (CODE *cp = facilitynames; cp->c_name; cp++) - if (!strcmp(dest, cp->c_name)) - facility = cp->c_val; - to(facility | LOG_DEBUG); - } else if (!strncmp(dest, ">&", 2)) { // to file descriptor - int fd = atoi(dest+2); - if (FILE *f = fdopen(fd, "a")) { - to(f); - } else { - to(stderr); - ::debug(NULL, "cannot log to fd[%d]: %s", fd, strerror(errno)); - } - } else { // if everything else fails, write a file - to(dest); - } - } else { // default destination is stderr - to(stderr); - } - configure(); -} - - -void Target::configure() -{ - configure(getenv("DEBUGOPTIONS")); -} - -void Target::configure(const char *config) -{ - // configure global options - showScope = config && strstr(config, "scope"); - showThread = config && strstr(config, "thread"); - showPid = config && strstr(config, "pid"); - - // configure sink - if (sink) - sink->configure(config); -} - - -// -// Explicit destination assignments -// -void Target::to(Sink *s) -{ - delete sink; - sink = s; -} - -void Target::to(FILE *file) -{ - to(new FileSink(file)); -} - -void Target::to(const char *filename) -{ - if (FILE *f = fopen(filename, "a")) { - to(new FileSink(f)); - } else { - to(stderr); - ::debug(NULL, "cannot debug to \"%s\": %s", filename, strerror(errno)); - } -} - -void Target::to(int syslogPriority) -{ - to(new SyslogSink(syslogPriority)); -} - - -// -// Making and retrieving the default singleton -// -Target *Target::singleton; - -Target &Target::get() -{ - if (singleton == NULL) { - Target *t = new Target; - t->setFromEnvironment(); - } - return *singleton; -} - - -// -// Standard sink implementations -// -Target::Sink::~Sink() -{ } - -void Target::Sink::dump(const char *) -{ } - -void Target::Sink::configure(const char *) -{ } - - -// -// The terminate handler installed when a Target is created -// -terminate_handler Target::previousTerminator; - -void Target::terminator() -{ - debug("exception", "uncaught exception terminates program"); - previousTerminator(); - debug("exception", "prior termination handler failed to abort; forcing abort"); - abort(); -} - - -// -// File sinks (write to file via stdio) -// -void FileSink::put(const char *buffer, unsigned int) -{ - StLock locker(lock, false); - if (lockIO) - locker.lock(); - if (addDate) { - time_t now = time(NULL); - char *date = ctime(&now); - date[19] = '\0'; - fprintf(file, "%s ", date + 4); // Nov 24 18:22:48 - } - fputs(buffer, file); - putc('\n', file); -} - -void FileSink::dump(const char *text) -{ - StLock locker(lock, false); - if (lockIO) - locker.lock(); - fputs(text, file); -} - -void FileSink::configure(const char *options) -{ - if (options == NULL || !strstr(options, "noflush")) { - // we mean "if the file isn't unbuffered", but what's the portable way to say that? - if (file != stderr) - setlinebuf(file); - } - if (options) { - addDate = strstr(options, "date"); - lockIO = !strstr(options, "nolock"); - } -} - - -// -// Syslog sinks (write to syslog) -// -void SyslogSink::put(const char *buffer, unsigned int) -{ - syslog(priority, "%s", buffer); -} - -void SyslogSink::dump(const char *text) -{ - // add to dump buffer - snprintf(dumpPtr, dumpBuffer + dumpBufferSize - dumpPtr, "%s", text); - - // take off full lines and submit - char *p = dumpBase; - while (char *q = strchr(p, '\n')) { - *q++ = '\0'; // terminate/break - syslog(priority, " @@ %s", p); - p = q; - } - - if (*p) { // left-over unterminated line segment in buffer - dumpPtr = p + strlen(p); - if ((dumpBase = p) > dumpBuffer + dumpBufferSize / 2) { - // shift buffer down to make room - memmove(dumpBuffer, dumpBase, dumpPtr - dumpBase); - dumpPtr -= (dumpBase - dumpBuffer); - dumpBase = dumpBuffer; - } - } else { // buffer is empty; reset to start - dumpBase = dumpPtr = dumpBuffer; - } -} - -void SyslogSink::configure(const char *options) -{ -} - -#endif //NDEBUG_CODE - - -// -// kernel tracing support (C version) -// -extern "C" void security_ktrace(int); - -void security_ktrace(int code) -{ -#if defined(ENABLE_SECTRACE) - syscall(180, code, 0, 0, 0, 0); -#endif -} - - -} // end namespace Debug -} // end namespace Security diff --git a/cdsa/cdsa_utilities/debugging.h b/cdsa/cdsa_utilities/debugging.h deleted file mode 100644 index 6343576f..00000000 --- a/cdsa/cdsa_utilities/debugging.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// debugging - non-trivial debug support -// -#ifndef _H_DEBUGGING -#define _H_DEBUGGING - -#ifdef __cplusplus - -#include -#include -#include - - -namespace Security { -namespace Debug { - -// -// Debug logging functions always exist. -// They may be stubs depending on build options. -// -bool debugging(const char *scope); -void debug(const char *scope, const char *format, ...) __attribute__((format(printf,2,3))); -void vdebug(const char *scope, const char *format, va_list args); - -// -// Ditto with debug dumping functions. -// -bool dumping(const char *scope); -void dump(const char *format, ...) __attribute((format(printf,1,2))); -void dumpData(const void *data, size_t length); -void dumpData(const char *title, const void *data, size_t length); -template inline void dumpData(const Data &obj) -{ dumpData(obj.data(), obj.length()); } -template inline void dumpData(const char *title, const Data &obj) -{ dumpData(title, obj.data(), obj.length()); } - - -// -// The following functions perform runtime recovery of type names. -// This is meant for debugging ONLY. Don't even THINK of depending -// on this for program correctness. For all you know, we may replace -// all those names with "XXX" tomorrow. -// -string makeTypeName(const type_info &info); - -template -string typeName(const Object &obj) -{ - return makeTypeName(typeid(obj)); -} - -template -string typeName() -{ - return makeTypeName(typeid(Object)); -} - - -// -// Now for the conditional inline code -// -#if !defined(NDEBUG) -# define secdebug(scope, format...) Security::Debug::debug(scope, ## format) -#else //NDEBUG -# define secdebug(scope, format...) /* nothing */ -#endif //NDEBUG - - -// -// Conditional dump code -// -#if defined(DEBUGDUMP) -# define IFDUMP(code) code -# define IFDUMPING(scope,code) if (Debug::dumping(scope)) code; else /* no */ -#else -# define IFDUMP(code) /* no-op */ -# define IFDUMPING(scope,code) /* no-op */ -#endif - - -// -// Kernel trace support -// -inline void trace(int code, int arg1 = 0, int arg2 = 0, int arg3 = 0, int arg4 = 0) -{ -#if defined(ENABLE_SECTRACE) - syscall(180, code, arg1, arg2, arg3, arg4); -#endif -} - - -} // end namespace Debug -} // end namespace Security - -// We intentionally leak a few functions into the global namespace -// @@@ (not much longer: after the switch to secdebug(), this will go) -using Security::Debug::debug; - - -#else //!__cplusplus, C code - - -extern void __security_debug(const char *scope, const char *format, ...); -extern int __security_debugging(const char *scope); - -#if !defined(NDEBUG) -# define secdebug(scope, format...) __security_debug(scope, ## format) -#else -# define secdebug(scope, format...) /* nothing */ -#endif - - -// ktrace support (C style) -extern void security_ktrace(int code); - -#endif //__cplusplus - -#endif //_H_DEBUGGING diff --git a/cdsa/cdsa_utilities/debugsupport.h b/cdsa/cdsa_utilities/debugsupport.h deleted file mode 100644 index 7833bfa0..00000000 --- a/cdsa/cdsa_utilities/debugsupport.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// debugsupport - support interface for making and managing debugger objects. -// -// This header is not needed for logging debug messages. -// -#ifndef _H_DEBUGSUPPORT -#define _H_DEBUGSUPPORT - -// -// Generate stub-code support if NDEBUG (but not CLEAN_NDEBUG) is set, to support -// client code that may have been generated with debug enabled. You don't actually -// get *real* debug logging, of course, just cheap dummy stubs to keep the linker happy. -// -#include -#include -#include -#include - -namespace Security { -namespace Debug { - - -// -// Debug scope names - short strings with value semantics. -// We don't use STL strings because of overhead. -// -class Name { -public: - static const int maxLength = 12; - - Name(const char *s) - { strncpy(mName, s, maxLength-1); mName[maxLength-1] = '\0'; } - - Name(const char *start, const char *end) - { - int length = end - start; if (length >= maxLength) length = maxLength - 1; - memcpy(mName, start, length); memset(mName + length, 0, maxLength - length); - } - - operator const char *() const { return mName; } - - bool operator < (const Name &other) const - { return memcmp(mName, other.mName, maxLength) < 0; } - - bool operator == (const Name &other) const - { return memcmp(mName, other.mName, maxLength) == 0; } - -private: - char mName[maxLength]; // null terminated for easy printing -}; - - -// -// A debugging Target. This is an object that receives debugging requests. -// You can have many, but one default one is always provided. -// -class Target { -public: - Target(); - virtual ~Target(); - - // get default (singleton) Target - static Target &get(); - - void setFromEnvironment(); - -public: - class Sink { - public: - virtual ~Sink(); - virtual void put(const char *buffer, unsigned int length) = 0; - virtual void dump(const char *buffer); - virtual void configure(const char *argument); - }; - - void to(Sink *sink); - void to(const char *filename); - void to(int syslogPriority); - void to(FILE *openFile); - - void configure(); // from DEBUGOPTIONS - void configure(const char *options); // from explicit string - -public: - void message(const char *scope, const char *format, va_list args); - bool debugging(const char *scope); - void dump(const char *format, va_list args); - bool dump(const char *scope); - -protected: - class Selector { - public: - Selector(); - void operator = (const char *config); - - bool operator () (const char *name) const; - - private: - bool useSet; // use contents of enableSet - bool negate; // negate meaning of enableSet - set enableSet; // set of names - }; - -protected: - static const size_t messageConstructionSize = 512; // size of construction buffer - - Selector logSelector; // selector for logging - Selector dumpSelector; // selector for dumping - - // output option state (from last configure call) - bool showScope; // include scope in output lines - bool showThread; // include #Threadid in output lines - bool showPid; // include [Pid] in output lines - size_t dumpLimit; // max. # of bytes dumped by dumpData & friends - - // current output support - Sink *sink; - - static terminate_handler previousTerminator; // for chaining - static void terminator(); - - // the default Target - static Target *singleton; -}; - - -// -// Standard Target::Sinks -// -class FileSink : public Target::Sink { -public: - FileSink(FILE *f) : file(f), addDate(false), lockIO(true), lock(false) { } - void put(const char *, unsigned int); - void dump(const char *text); - void configure(const char *); - -private: - FILE *file; - bool addDate; - bool lockIO; - Mutex lock; -}; - -class SyslogSink : public Target::Sink { -public: - SyslogSink(int pri) : priority(pri), dumpBase(dumpBuffer), dumpPtr(dumpBuffer) { } - void put(const char *, unsigned int); - void dump(const char *text); - void configure(const char *); - -private: - int priority; - - // a sliding buffer to hold partial line output - static const size_t dumpBufferSize = 1024; // make this about 2 * maximum line length of dumps - char dumpBuffer[dumpBufferSize]; - char *dumpBase, *dumpPtr; -}; - - -} // end namespace Debug -} // end namespace Security - - -#endif //_H_DEBUGSUPPORT diff --git a/cdsa/cdsa_utilities/devrandom.cpp b/cdsa/cdsa_utilities/devrandom.cpp deleted file mode 100644 index 05b180a0..00000000 --- a/cdsa/cdsa_utilities/devrandom.cpp +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// devrandom - RNG operations based on /dev/random -// -#include -#include - -using namespace UnixPlusPlus; - - -namespace Security { - - -// -// The common (shared) open file descriptor to /dev/random -// -ModuleNexus DevRandomGenerator::mReader; -ModuleNexus DevRandomGenerator::mWriter; - - -// -// In the current implementation, opening the file descriptor is deferred. -// -DevRandomGenerator::DevRandomGenerator(bool writable) -{ -} - - -// -// Standard generate (directly from /dev/random) -// -void DevRandomGenerator::random(void *data, size_t length) -{ - try { - size_t bytesRead = mReader().read(data, length); - if (bytesRead != length) { // short read (shouldn't happen) - Syslog::error("DevRandomGenerator: wanted %ld got %ld bytes", - length, bytesRead); - UnixError::throwMe(EIO); - } - } catch(const UnixError &uerr) { - Syslog::error("DevRandomGenerator: error %d reading /dev/random", - uerr.error); - throw; - } -} - - -// -// If you opened for writing, you add entropy to the global pool here -// -void DevRandomGenerator::addEntropy(const void *data, size_t length) -{ - if (mWriter().write(data, length) != length) - UnixError::throwMe(EIO); // short write (shouldn't happen) -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/devrandom.h b/cdsa/cdsa_utilities/devrandom.h deleted file mode 100644 index 708df47e..00000000 --- a/cdsa/cdsa_utilities/devrandom.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// devrandom - RNG operations based on /dev/random -// -#ifndef _H_DEVRANDOM -#define _H_DEVRANDOM - -#include -#include -#include - - -namespace Security { - - -// -// This RNG uses /dev/random. -// It is not repeatable. AddEntropy() contributes random entropy to a global pool (only). -// -class DevRandomGenerator { - struct Readonly : public UnixPlusPlus::FileDesc { - Readonly() { open("/dev/random", O_RDONLY); } - }; - - struct Writable : public UnixPlusPlus::FileDesc { - Writable() { open("/dev/random", O_RDWR); } - }; - -public: - DevRandomGenerator(bool writable = false); - - void random(void *data, size_t length); - void addEntropy(const void *data, size_t length); - -private: - static ModuleNexus mReader; - static ModuleNexus mWriter; -}; - - -}; // end namespace Security - - -#endif //_H_DEVRANDOM diff --git a/cdsa/cdsa_utilities/digestobject.h b/cdsa/cdsa_utilities/digestobject.h deleted file mode 100644 index b30d3300..00000000 --- a/cdsa/cdsa_utilities/digestobject.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * digestobject.h - generic virtual Digest base class - */ - -#ifndef _DIGEST_OBJECT_H_ -#define _DIGEST_OBJECT_H_ - -#include -#include - -/* common virtual digest class */ -class DigestObject { -public: - DigestObject() : mInitFlag(false), mIsDone(false) { } - virtual ~DigestObject() { } - - /* - * The remaining functions must be implemented by subclass. - */ - /* init is reusable */ - virtual void digestInit() = 0; - - /* add some data */ - virtual void digestUpdate( - const void *data, - size_t len) = 0; - - /* obtain digest (once only per init, update, ... cycle) */ - virtual void digestFinal( - void *digest) = 0; /* RETURNED, alloc'd by caller */ - - /* sublass-specific copy */ - virtual DigestObject *digestClone() const = 0; - - virtual size_t digestSizeInBytes() const = 0; - -protected: - bool mInitFlag; - bool mIsDone; - - bool initFlag() { return mInitFlag; } - void setInitFlag(bool flag) { mInitFlag = flag; } - bool isDone() { return mIsDone; } - void setIsDone(bool done) { mIsDone = done; } -}; - -/* - * NullDigest.h - nop digest for use with raw signature algorithms. - * NullDigest(someData) = someData. - */ -class NullDigest : public DigestObject -{ -public: - NullDigest() : mInBuf(NULL), mInBufSize(0) - { - } - - void digestInit() - { - /* reusable - reset */ - if(mInBufSize) { - assert(mInBuf != NULL); - memset(mInBuf, 0, mInBufSize); - CssmAllocator::standard().free(mInBuf); - mInBufSize = 0; - mInBuf = NULL; - } - } - - ~NullDigest() - { - digestInit(); - } - - void digestUpdate( - const void *data, - size_t len) - { - mInBuf = CssmAllocator::standard().realloc(mInBuf, mInBufSize + len); - memmove((uint8 *)mInBuf + mInBufSize, data, len); - mInBufSize += len; - } - - virtual void digestFinal( - void *digest) - { - memmove(digest, mInBuf, mInBufSize); - } - - virtual DigestObject *digestClone() const - { - NullDigest *cloned = new NullDigest; - cloned->digestUpdate(mInBuf, mInBufSize); - return cloned; - } - - /* unique to NullDigest - just obtain current data ptr, no copy */ - virtual const void *digestPtr() { return mInBuf; } - - size_t digestSizeInBytes() const - { - return mInBufSize; - } - -private: - void *mInBuf; - size_t mInBufSize; -}; - -#endif /* _DIGEST_OBJECT_H_ */ diff --git a/cdsa/cdsa_utilities/endian.cpp b/cdsa/cdsa_utilities/endian.cpp deleted file mode 100644 index f890d5a4..00000000 --- a/cdsa/cdsa_utilities/endian.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// Byte order ("endian-ness") handling -// -#include - -namespace Security { - - -void n2hi(CssmKey::Header &header) -{ - header.HeaderVersion = n2h(header.HeaderVersion); - header.CspId.Data1 = n2h(header.CspId.Data1); - header.CspId.Data2 = n2h(header.CspId.Data2); - header.CspId.Data3 = n2h(header.CspId.Data3); - header.BlobType = n2h(header.BlobType); - header.Format = n2h(header.Format); - header.AlgorithmId = n2h(header.AlgorithmId); - header.KeyClass = n2h(header.KeyClass); - header.LogicalKeySizeInBits = n2h(header.LogicalKeySizeInBits); - header.KeyAttr = n2h(header.KeyAttr); - header.KeyUsage = n2h(header.KeyUsage); - header.WrapAlgorithmId = n2h(header.WrapAlgorithmId); - header.WrapMode = n2h(header.WrapMode); - header.Reserved = n2h(header.Reserved); -} - -void h2ni(CssmKey::Header &key) -{ - n2hi(key); -} - -} // end namespace Security - diff --git a/cdsa/cdsa_utilities/endian.h b/cdsa/cdsa_utilities/endian.h deleted file mode 100644 index 083b1d3b..00000000 --- a/cdsa/cdsa_utilities/endian.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * cssm utilities - */ -#ifndef _H_ENDIAN -#define _H_ENDIAN - -#include -#include -#include - -namespace Security { - - -// -// Encode/decode operations by type, overloaded. -// You can use these functions directly, but consider using -// the higher-level constructs below instead. -// -inline uint32 h2n(uint32 v) { return htonl(v); } -inline sint32 h2n(sint32 v) { return htonl(v); } -inline uint16 h2n(uint16 v) { return htons(v); } -inline sint16 h2n(sint16 v) { return htons(v); } -inline uint8 h2n(uint8 v) { return v; } -inline sint8 h2n(sint8 v) { return v; } - -inline uint32 n2h(uint32 v) { return ntohl(v); } -inline sint32 n2h(sint32 v) { return ntohl(v); } -inline uint16 n2h(uint16 v) { return ntohs(v); } -inline sint16 n2h(sint16 v) { return ntohs(v); } -inline uint8 n2h(uint8 v) { return v; } -inline sint8 n2h(sint8 v) { return v; } - - -// -// Flip pointers -// -template -inline Base *h2n(Base *p) { return (Base *)h2n(LowLevelMemoryUtilities::PointerInt(p)); } - -template -inline Base *n2h(Base *p) { return (Base *)n2h(LowLevelMemoryUtilities::PointerInt(p)); } - - -// -// Generic template - do nothing, issue debug warning -// -template -inline const Type &h2n(const Type &v) -{ - secdebug("endian", "generic h2n called for type %s", Debug::typeName(v).c_str()); - return v; -} - -template -inline const Type &n2h(const Type &v) -{ - secdebug("endian", "generic n2h called for type %s", Debug::typeName(v).c_str()); - return v; -} - - -// -// In-place fix operations -// -template -inline void h2ni(Type &v) { v = h2n(v); } - -template -inline void n2hi(Type &v) { v = n2h(v); } - - -// -// Some structs we may want swapped in-place -// -void n2hi(CssmKey::Header &key); -void h2ni(CssmKey::Header &key); - -inline void n2hi(CSSM_KEYHEADER &key) { n2hi(CssmKey::Header::overlay (key));} -inline void h2ni(CSSM_KEYHEADER &key) { h2ni(CssmKey::Header::overlay (key));} - - -// -// Endian keeps NBO values in memory and converts -// during loads and stores. This presumes that you are using -// memory blocks thare are read/written/mapped as amorphous byte -// streams, but want to be byte-order clean using them. -// -// The generic definition uses h2n/n2h to flip bytes. Feel free -// to declare specializations of Endian as appropriate. -// -// Note well that the address of an Endian is not an address-of-T, -// and there is no conversion available. -// -template -class Endian { -public: - typedef Type Value; - Endian() : mValue(0) { } - Endian(Value v) : mValue(h2n(v)) { } - - operator Value () const { return n2h(mValue); } - Endian &operator = (Value v) { mValue = h2n(v); return *this; } - -private: - Value mValue; -}; - -} // end namespace Security - - -#endif //_H_ENDIAN diff --git a/cdsa/cdsa_utilities/fdmover.cpp b/cdsa/cdsa_utilities/fdmover.cpp deleted file mode 100644 index d686f388..00000000 --- a/cdsa/cdsa_utilities/fdmover.cpp +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ip++ - C++ layer for IP socket and address management -// -// [Also see comments in header file.] -// -#include "fdmover.h" -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -void *FdMover::Element::operator new (size_t base, size_t more) -{ - Element *element = (Element *)::malloc(CMSG_SPACE(more)); - element->cmsg_len = CMSG_LEN(more); - return element; -} - -void FdMover::Element::operator delete (void *data, size_t base) -{ - ::free(data); -} - -FdMover::Element::Element(int level, int type) -{ - cmsg_level = level; - cmsg_type = type; -} - - -FdMover::Message::Message(const void *data, size_t length) - : iovec(data, length) -{ - msg_name = NULL; - msg_namelen = 0; - msg_iov = &iovec; - msg_iovlen = 1; - msg_control = NULL; - msg_controllen = 0; - msg_flags = 0; -} - -void FdMover::Message::set(Element *elem) -{ - msg_control = (caddr_t)elem; - msg_controllen = elem->cmsg_len; -} - - -size_t FdMover::send(const void *data, size_t length, const FdVector &fds) -{ - auto_ptr elem(new (fds.size() * sizeof(int)) Element (SOL_SOCKET, SCM_RIGHTS)); - copy(fds.begin(), fds.end(), &elem.get()->payload()); - Message msg(data, length); - msg.set(elem.get()); - ssize_t rc = ::sendmsg(fd(), &msg, 0); - checkError(rc); - return rc; -} - - -size_t FdMover::receive(void *data, size_t length, FdVector &fds) -{ - static const int maxFds = 20; // arbitrary limit - Message msg(data, length); - auto_ptr elem(new (maxFds * sizeof(int)) Element); - msg.set(elem.get()); - ssize_t rc = ::recvmsg(fd(), &msg, 0); - checkError(rc); - unsigned count = elem.get()->payloadSize() / sizeof(int); - FdVector result; - copy(&elem.get()->payload(), &elem.get()->payload() + count, back_inserter(result)); - swap(fds, result); - return rc; -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/fdmover.h b/cdsa/cdsa_utilities/fdmover.h deleted file mode 100644 index 2d6a5b24..00000000 --- a/cdsa/cdsa_utilities/fdmover.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// fdmover - send/receive file descriptors over a UNIX domain socket connection -// -// An FdMover object is a very specialized Socket: -// It must be bound to a UNIX domain address -// -#ifndef _H_FDMOVER -#define _H_FDMOVER - -#include "ip++.h" -#include - -using namespace UnixPlusPlus; - - -namespace Security { -namespace IPPlusPlus { - - -// an ordered list of file descriptors -typedef std::vector FdVector; - - -// -// An FdMover - a specialized Socket for transferring file descriptors -// across UNIX domain sockets. -// -class FdMover : public Socket { -private: - class Element : public cmsghdr { - public: - void *operator new (size_t base, size_t more); - void operator delete (void *addr, size_t size); - - Element() { } - Element(int level, int type); - - template T &payload() { return *reinterpret_cast(CMSG_DATA(this)); } - size_t payloadSize() const { return cmsg_len - ((caddr_t)CMSG_DATA(this) - (caddr_t)this); } - }; - - class Message : public msghdr { - public: - Message(const void *data, size_t length); - void set(Element *elem); - Element *element() const { return (Element *)msg_control; } - Element *next(Element *elem) const { return (Element *)CMSG_NXTHDR(this, elem); } - - public: - IOVec iovec; - }; - -public: - FdMover() { } - FdMover(Socket s) : Socket(s) { } - - size_t send(const void *data, size_t length, const FdVector &fds); - size_t receive(void *data, size_t length, FdVector &fds); - -private: - -}; - - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif //_H_FDMOVER diff --git a/cdsa/cdsa_utilities/fdsel.cpp b/cdsa/cdsa_utilities/fdsel.cpp deleted file mode 100644 index f04507d1..00000000 --- a/cdsa/cdsa_utilities/fdsel.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// fdsel - select-style file descriptor set management -// -#include "fdsel.h" - - -namespace Security { -namespace UnixPlusPlus { - - -// -// Throw the bitvectors away on destruction -// -FDSet::~FDSet() -{ - delete mBits; - delete mUseBits; -} - - -// -// Given the old and desired new sizes (in fd_mask words), grow -// the bitvectors. New storage is zero filled. Note that we preserve -// the mUseBits vector, so this is safe to do during a post-select scan. -// This function cannot shrink the bitmaps. -// -void FDSet::grow(int oldWords, int newWords) -{ - assert(oldWords < newWords); - grow(mBits, oldWords, newWords); - grow(mUseBits, oldWords, newWords); -} - -void FDSet::grow(fd_mask * &bits, int oldWords, int newWords) -{ - fd_mask *newBits = new fd_mask[newWords]; - memcpy(newBits, bits, oldWords * sizeof(fd_mask)); - memset(newBits + oldWords, 0, (newWords - oldWords) * sizeof(fd_mask)); - delete [] bits; - bits = newBits; -} - - -// -// Set or clear a single bit in the map. -// No check for overflow is perfomed. -// -void FDSet::set(int fd, bool on) -{ - if (on) { - FD_SET(fd, (fd_set *)mBits); - } else { - FD_CLR(fd, (fd_set *)mBits); - FD_CLR(fd, (fd_set *)mUseBits); - } -} - - -// -// Copy only the first words fd_mask words from mBits to mUseBits -// and return that for select(2) use. -// -fd_set *FDSet::make(int words) -{ - //@@@ if empty -> return NULL (but check caller for [] use) - memcpy(mUseBits, mBits, words * sizeof(fd_mask)); - return (fd_set *)mUseBits; -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/fdsel.h b/cdsa/cdsa_utilities/fdsel.h deleted file mode 100644 index d9427aee..00000000 --- a/cdsa/cdsa_utilities/fdsel.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// fdsel - select-style file descriptor set management -// -#ifndef _H_FDSEL -#define _H_FDSEL - -#include -#include -#include - - -namespace Security { -namespace UnixPlusPlus { - - -// -// An FDSet object maintains a single select(2) compatible bitmap. -// Size is implicitly kept by the caller (who needs to call grow() as -// needed, starting at zero). As long as this is done correctly, we are -// not bound by the FD_SETSIZE limit. -// An FDSet can self-copy for select(2) use; after that, the [] operator -// investigates the copy. -// -// Why are we using the FD_* macros even though we know these -// are fd_mask arrays? Some implementations use optimized assembly -// for these operations, and we want to pick those up. -// -// This whole mess is completely UNIX specific. If your system has -// the poll(2) system call, ditch this and use it. -// -class FDSet { -public: - FDSet() : mBits(NULL), mUseBits(NULL) { } - ~FDSet(); - - void grow(int oldWords, int newWords); - void set(int fd, bool on); - - fd_set *make(int words); - bool operator [] (int fd) const { return FD_ISSET(fd, (fd_set *)mUseBits); } - - inline static int words(int fd) { return (fd - 1) / NFDBITS + 1; } - -private: - fd_mask *mBits; // base bits - fd_mask *mUseBits; // mutable copy for select(2) - - void grow(fd_mask * &bits, int oldWords, int newWords); -}; - - -} // end namespace UnixPlusPlus -} // end namespace Security - - -#endif //_H_FDSEL diff --git a/cdsa/cdsa_utilities/generator.mk b/cdsa/cdsa_utilities/generator.mk deleted file mode 100644 index 2e701383..00000000 --- a/cdsa/cdsa_utilities/generator.mk +++ /dev/null @@ -1,26 +0,0 @@ -# Makefile for generated files. - -PERL=/usr/bin/perl - -CDSA_HEADERS_DIR = Headers/cdsa -CDSA_UTILITIES_DIR = Sources/cdsa_utilities - -GEN_ERRORCODES = $(CDSA_UTILITIES_DIR)/generator.pl -ERRORCODES_GEN = $(patsubst %,$(CDSA_UTILITIES_DIR)/%,errorcodes.gen) -ERRORCODES_DEPENDS = $(GEN_ERRORCODES)\ - $(patsubst %,$(CDSA_HEADERS_DIR)/%,cssmerr.h) - -build: $(ERRORCODES_GEN) - -clean: - rm -f $(ERRORCODES_GEN) - -debug: build - -profile: build - -.PHONY: build clean debug profile - -$(ERRORCODES_GEN): $(ERRORCODE_DEPENDS) - (cd $(CDSA_UTILITIES_DIR);\ - $(PERL) ./generator.pl ../../$(CDSA_HEADERS_DIR) .) diff --git a/cdsa/cdsa_utilities/generator.pl b/cdsa/cdsa_utilities/generator.pl deleted file mode 100644 index 1b3fd9ad..00000000 --- a/cdsa/cdsa_utilities/generator.pl +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# generator.pl - derive various and sundry C++ code from the CDSA header files -# -# Usage: -# perl generator.pl input-directory output-directory -# -# Perry The Cynic, Fall 1999. -# -$ERR_H="cssmerr.h"; -$APPLE_ERR_H="cssmapple.h"; - -$SOURCEDIR=$ARGV[0]; # directory with cdsa headers -$TARGETDIR=$ARGV[1]; # where to put the output file -@INPUTFILES=@ARGV[2 .. 9999]; # list of input files - -$TABLES="$TARGETDIR/errorcodes.gen"; # error name tables - -$tabs = "\t\t\t"; # argument indentation (noncritical) -$warning = "This file was automatically generated. Do not edit on penalty of futility!"; - - -# -# Parse CSSM error header and build table of all named codes -# -open(ERR, "$SOURCEDIR/$ERR_H") or die "Cannot open $ERR_H: $^E"; -open(APPLE_ERR, "$SOURCEDIR/$APPLE_ERR_H") or die "Cannot open $APPLE_ERR_H: $^E"; -$/=undef; # big gulp mode -$errors = . ; -close(ERR); close(APPLE_ERR); - -@fullErrors = $errors =~ /^\s+CSSMERR_([A-Z_]+)/gm; -@convertibles = $errors =~ /^\s+CSSM_ERRCODE_([A-Z_]+)\s*=\s*([0-9xXA-Fa-f]+)/gm; - -while ($name = shift @convertibles) { - $value = shift @convertibles or die; - $convErrors[hex $value] = $name; -}; - - -# -# Read Keychain-level headers for more error codes (errSecBlahBlah) -# -open(ERR, "cat " . join(" ", @INPUTFILES) . "|") or die "Cannot open error header files"; -$/=undef; # still gulping -$_ = ; -@kcerrors = /err((?:Sec|Authorization)\w+)\s*=\s*-?\d+/gm; -close(ERR); - - -# -# Now we will generate the error name tables. -# -open(OUT, ">$TABLES") or die "Cannot write $TABLES: $^E"; -select OUT; - -print < -#include -#include - - -// -// The Error class thrown if Nexus operations fail -// -GlobalNexus::Error::~Error() throw() -{ -} - - -// -// The long (and possibly contentious) path of ModuleNexus() -// -// Briefly, the trick here is to go through a three-stage sequence -// to lazily construct a unique singleton object, no matter how many -// threads all of a sudden decide they need it. -// State sequence: -// State 0: pointer == 0, not initialized, idle -// State 1: pointer == mutexp | 0x1, where mutexp points to a Mutex -// used to serialize construction of the singleton object -// State 2: pointer == &singleton, and we're done -// -// TAKE NOTE: -// This code is optimized with a particular issue in mind: when placed -// into static storage (as ModuleNexi are wont to), it should not require -// dynamic initialization. This is important because our code is, in effect, -// linked into just about every program in the system. The price we pay -// for this coolness is -// (a) This won't work *except* in static storage (not on stack or heap) -// (b) We slightly fracture portability (see below) -// This has been considered Worth It, at least for now. Before you throw -// up and throw this code out, please try to figure out whether you know -// the Whole Story. Thank you. -// -// WARNING: -// This code makes the following non-portable assumptions: -// (a) NULL == 0 (binary representation of NULL pointer is zero value) -// (b) Pointers acquired from new have at least their LSB zero (are at -// least two-byte aligned). -// It seems like it's been a while since anyone made a machine/runtime that -// violated either of those. But you have been warned. -// -#if defined(_HAVE_ATOMIC_OPERATIONS) - -AtomicWord ModuleNexusCommon::create(void *(*make)()) -{ - sync++; // keep mutex alive if needed - retry: - AtomicWord initialPointer = pointer; // latch pointer - if (!initialPointer || (initialPointer & 0x1)) { - Mutex *mutex; - if (initialPointer == 0) { - mutex = new Mutex(false); // don't bother debugging this one - mutex->lock(); - if (atomicStore(pointer, AtomicWord(mutex) | 0x1, 0) != 0) { - // somebody beat us to the lead - back off - mutex->unlock(); - delete mutex; - goto retry; - } - // we have the ball - try { - void *singleton = make(); - pointer = AtomicWord(singleton); - // we need a write barrier here, but the mutex->unlock below provides it for free - } catch (...) { - secdebug("nexus", "ModuleNexus %p construction failed", this); - mutex->unlock(); - if (--sync == 0) { - delete mutex; - pointer = 0; - } - throw; - } - } else { - mutex = reinterpret_cast(initialPointer & ~0x1); - mutex->lock(); // we'll wait here - } - mutex->unlock(); - //@@@ retry if not resolved -- or fail here (with "object can't be built") - if (--sync == 0) - delete mutex; - } - return pointer; -} - -#endif //_HAVE_ATOMIC_OPERATIONS - - -// -// Process nexus operation -// -ProcessNexusBase::ProcessNexusBase(const char *identifier) -{ - const char *env = getenv(identifier); - if (env == NULL) { // perhaps we're first... - auto_ptr store(new Store); - char form[2*sizeof(Store *) + 2]; - sprintf(form, "*%p", &store); - setenv(identifier, form, 0); // do NOT overwrite... - env = getenv(identifier); // ... and refetch to resolve races - if (sscanf(env, "*%p", &mStore) != 1) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR /*"environment communication failed" */); - if (mStore == store.get()) // we won the race... - store.release(); // ... so keep the store - } else - if (sscanf(env, "*%p", &mStore) != 1) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR /*"environment communication failed"*/); -} diff --git a/cdsa/cdsa_utilities/globalizer.h b/cdsa/cdsa_utilities/globalizer.h deleted file mode 100644 index d709bd26..00000000 --- a/cdsa/cdsa_utilities/globalizer.h +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * globalizer - multiscope globalization services - */ -#ifndef _H_GLOBALIZER -#define _H_GLOBALIZER - -#include -#include - -namespace Security { - - -// -// GlobalNexus is the common superclass of all globality scopes. -// A Nexus is an *access point* to the *single* object of a given -// type in the Nexus's particular scope. -// -class GlobalNexus { -public: - class Error : public std::exception { - public: - virtual ~Error() throw(); - const char * const message; - Error(const char *m) : message(m) { } - const char *what() const throw() { return message; } - }; -}; - - -// -// A module-scope nexus is tied to the linker Nexus object itself. -// Its scope is all code accessing that particular Nexus object -// from within a process. Any number of ModuleNexus objects can -// exist, and each implements a different scope. -// -// IMPORTANT notes on this class can be found in globalizer.cpp. -// DO NOT change anything here before carefully reading them. -// -#if defined(_HAVE_ATOMIC_OPERATIONS) - -class ModuleNexusCommon : public GlobalNexus { -protected: - AtomicWord create(void *(*make)()); - -protected: - // both of these will be statically initialized to zero - AtomicWord pointer; - StaticAtomicCounter sync; -}; - -template -class ModuleNexus : public ModuleNexusCommon { -public: - Type &operator () () - { - AtomicWord p = pointer; // latch pointer - if (!p || (p & 0x1)) { - p = create(make); - secdebug("nexus", "module %s 0x%x", Debug::typeName().c_str(), pointer); - } - return *reinterpret_cast(p); - } - - void reset() - { - if (pointer && !(pointer & 0x1)) { - delete reinterpret_cast(pointer); - pointer = 0; - } - } - -private: - static void *make() { return new Type; } -}; - -template -class CleanModuleNexus : public ModuleNexus { -public: - ~CleanModuleNexus() - { - secdebug("nexus", "ModuleNexus %p destroyed object 0x%x", this, pointer); - delete reinterpret_cast(pointer); - } -}; - -#else // !_HAVE_ATOMIC_OPERATIONS - -template -class ModuleNexus : public GlobalNexus { -public: - Type &operator () () - { -#if !defined(PTHREAD_STRICT) - // not strictly kosher POSIX, but pointers are usually atomic types - if (mSingleton) - return *mSingleton; -#endif - StLock _(mLock); - if (mSingleton == NULL) - mSingleton = new Type; - return *mSingleton; - } - - void reset() { delete mSingleton; mSingleton = NULL; } - -protected: - Type *mSingleton; // pointer to singleton static initialized to NULL - Mutex mLock; // construction lock -}; - -template -class CleanModuleNexus : public ModuleNexus { -public: - ~CleanModuleNexus() - { - secdebug("nexus", "ModuleNexus %p destroyed object 0x%x", this, mSingleton); - delete mSingleton; - } -}; - -#endif // _HAVE_ATOMIC_OPERATIONS - - -// -// A thread-scope nexus is tied to a particular native thread AND -// a particular nexus object. Its scope is all code in any one thread -// that access that particular Nexus object. Any number of Nexus objects -// can exist, and each implements a different scope for each thread. -// NOTE: ThreadNexus is dynamically constructed. If you want static, -// zero-initialization ThreadNexi, put them inside a ModuleNexus. -// -#if _USE_THREADS == _USE_PTHREADS - -template -class ThreadNexus : public GlobalNexus { -public: - ThreadNexus() : mSlot(true) { } - Type &operator () () - { - // no thread contention here! - if (Type *p = mSlot) - return *p; - mSlot = new Type; - return *mSlot; - } - -private: - PerThreadPointer mSlot; -}; - -#endif //_USE_PTHREADS - - -// -// A ProcessNexus is global within a single process, regardless of -// load module boundaries. You can have any number of ProcessNexus -// scopes, each identified by a C string (compared by value, not pointer). -// -class ProcessNexusBase : public GlobalNexus { -protected: - ProcessNexusBase(const char *identifier); - - struct Store { - void *mObject; - Mutex mLock; - }; - Store *mStore; -}; - -template -class ProcessNexus : public ProcessNexusBase { -public: - ProcessNexus(const char *identifier) : ProcessNexusBase(identifier) { } - Type &operator () (); - -private: - Type *mObject; -}; - -template -Type &ProcessNexus::operator () () -{ -#if !defined(PTHREAD_STRICT) - // not strictly kosher POSIX, but pointers are usually atomic types - if (mStore->mObject) - return *reinterpret_cast(mStore->mObject); -#endif - StLock _(mStore->mLock); - if (mStore->mObject == NULL) - mStore->mObject = new Type; - return *reinterpret_cast(mStore->mObject); -}; - - -} // end namespace Security - -#endif //_H_GLOBALIZER diff --git a/cdsa/cdsa_utilities/guids.cpp b/cdsa/cdsa_utilities/guids.cpp deleted file mode 100644 index d4b1a91f..00000000 --- a/cdsa/cdsa_utilities/guids.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#include - -// {87191ca0-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidCssm = -{ 0x87191ca0, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; - -// {87191ca1-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidAppleFileDL = -{ 0x87191ca1, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; - -// {87191ca2-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidAppleCSP = -{ 0x87191ca2, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; - -// {87191ca3-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidAppleCSPDL = -{ 0x87191ca3, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; - -// {87191ca4-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidAppleX509CL = -{ 0x87191ca4, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; - -// {87191ca5-0fc9-11d4-849a-000502b52122} -const CSSM_GUID gGuidAppleX509TP = -{ 0x87191ca5, 0x0fc9, 0x11d4, { 0x84, 0x9a, 0x00, 0x05, 0x02, 0xb5, 0x21, 0x22 } }; diff --git a/cdsa/cdsa_utilities/handleobject.cpp b/cdsa/cdsa_utilities/handleobject.cpp deleted file mode 100644 index 0d6e1a49..00000000 --- a/cdsa/cdsa_utilities/handleobject.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// handleobject - give an object a process-global unique handle -// -#include - - -// -// Static members of HandleObject -// -ModuleNexus HandleObject::state; - - -// -// Bring the State constructor out of line -// -HandleObject::State::State() -{ } - - -// -// HandleObject destructor (virtual) -// -HandleObject::~HandleObject() -{ - State &st = state(); - StLock _(st); - st.erase(this); -} - - -// -// Assign a HandleObject's (new) Handle. -// -void HandleObject::State::make(HandleObject *obj) -{ - StLock _(*this); - for (;;) { - Handle handle = reinterpret_cast(obj) ^ (++sequence << 19); - if (handleMap[handle] == NULL) { - secdebug("handleobj", "create 0x%lx for %p", handle, obj); - obj->setHandle(handle); - handleMap[handle] = obj; - return; - } - } -} - - -// -// Clean up a HandleObject that dies. -// Note that an object MAY clear its handle before (in which case we do nothing). -// In particular, killHandle will do this. -// -void HandleObject::State::erase(HandleObject *obj) -{ - if (obj->validHandle()) - handleMap.erase(obj->handle()); -} - -void HandleObject::State::erase(HandleMap::iterator &it) -{ - if (it->second->validHandle()) - handleMap.erase(it); -} - - -// -// Observing proper map locking, locate a handle in the global handle map -// and return a pointer to its object. Throw CssmError(error) if it cannot -// be found, or it is corrupt. -// -HandleObject *HandleObject::State::find(CSSM_HANDLE h, CSSM_RETURN error) -{ - StLock _(*this); - HandleMap::const_iterator it = handleMap.find(h); - if (it == handleMap.end()) - CssmError::throwMe(error); - HandleObject *obj = it->second; - if (obj == NULL || obj->handle() != h) - CssmError::throwMe(error); - return obj; -} - - -// -// Look up the handle given in the global handle map. -// If not found, or if the object is corrupt, throw an exception. -// Otherwise, hold the State lock and return an iterator to the map entry. -// Caller must release the State lock in a timely manner. -// -HandleObject::HandleMap::iterator HandleObject::State::locate(CSSM_HANDLE h, CSSM_RETURN error) -{ - StLock locker(*this); - HandleMap::iterator it = handleMap.find(h); - if (it == handleMap.end()) - CssmError::throwMe(error); - HandleObject *obj = it->second; - if (obj == NULL || obj->handle() != h) - CssmError::throwMe(error); - locker.release(); - return it; -} - - -// -// The default locking virtual methods do nothing and succeed. -// -void HandleObject::lock() { } - -bool HandleObject::tryLock() { return true; } diff --git a/cdsa/cdsa_utilities/handleobject.h b/cdsa/cdsa_utilities/handleobject.h deleted file mode 100644 index e213377a..00000000 --- a/cdsa/cdsa_utilities/handleobject.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// handleobject - give an object a process-global unique handle -// -#ifndef _H_HANDLEOBJECT -#define _H_HANDLEOBJECT - -#include -#include -#include -#include - -#if __GNUC__ > 2 -#include -using __gnu_cxx::hash_map; -#else -#include -#endif - -namespace Security -{ - -// -// A HandledObject is a trivial mixin class whose only feature is that -// it has a *handle*, in the form of (currently) a CSSM_HANDLE of some kind. -// Subclasses need to assign such a handle during creation. -// -class HandledObject { -public: - typedef CSSM_HANDLE Handle; - static const Handle invalidHandle = 0; - - Handle handle() const { return mMyHandle; } - bool validHandle() const { return mValid; } - -protected: - HandledObject(Handle h) : mMyHandle(h), mValid(true) { } - HandledObject() { /*IFDEBUG(*/ mMyHandle = invalidHandle/*)*/ ; mValid = false; } - - void setHandle(Handle h) - { - assert(!mValid); // guard against redefinition - mMyHandle = h; - mValid = true; - } - void clearHandle() - { assert(mValid); mValid = false; } - -private: - Handle mMyHandle; // our handle value - bool mValid; // is the handle (still) valid? -}; - - -// -// Mapping CSSM_HANDLE values to object pointers and back. -// A HandleObject is a HandledObject (see above) that makes up its own handle -// based on some mechanism that you know nothing about. -// -// Please be very careful about the limits of the object contract here. -// We promise to invent a suitable, unique Handle for each HandleObject in -// existence within one address space. We promise that if you hand that handle -// to the various findHandle<>() variants, we will give you back the HandleObject -// that created it. This is the entire contract. -// We *will* make some efforts to diagnose invalid handles and throw exceptions on -// them, but the find() operation is supposed to be *fast*, so no heroic measures -// will be taken. -// -class HandleObject : public HandledObject { - NOCOPY(HandleObject) - class State; - -public: - HandleObject() { state().make(this); } - virtual ~HandleObject(); - -public: - template - static Subtype &find(CSSM_HANDLE handle, CSSM_RETURN error); - - template - static Subtype &findAndLock(CSSM_HANDLE handle, CSSM_RETURN error); - - template - static Subtype &findAndKill(CSSM_HANDLE handle, CSSM_RETURN error); - -protected: - virtual void lock(); - virtual bool tryLock(); - -private: - typedef hash_map HandleMap; - class State : public Mutex { - public: - State(); - void make(HandleObject *obj); - HandleObject *find(Handle h, CSSM_RETURN error); - HandleMap::iterator locate(Handle h, CSSM_RETURN error); - void erase(HandleObject *obj); - void erase(HandleMap::iterator &it); - - private: - HandleMap handleMap; - uint32 sequence; - }; - - static ModuleNexus state; -}; - - -// -// Type-specific ways to access the HandleObject map in various ways -// -template -inline Subclass &HandleObject::find(CSSM_HANDLE handle, CSSM_RETURN error) -{ - Subclass *sub; - if (!(sub = dynamic_cast(state().find(handle, error)))) - CssmError::throwMe(error); - return *sub; -} - -template -inline Subclass &HandleObject::findAndLock(CSSM_HANDLE handle, - CSSM_RETURN error) -{ - for (;;) { - HandleMap::iterator it = state().locate(handle, error); - StLock _(state(), true); // locate() locked it - Subclass *sub; - if (!(sub = dynamic_cast(it->second))) - CssmError::throwMe(error); // bad type - if (it->second->tryLock()) // try to lock it - return *sub; // okay, go - Thread::yield(); // object lock failed, backoff and retry - } -} - -template -inline Subclass &HandleObject::findAndKill(CSSM_HANDLE handle, - CSSM_RETURN error) -{ - for (;;) { - HandleMap::iterator it = state().locate(handle, error); - StLock _(state(), true); // locate() locked it - Subclass *sub; - if (!(sub = dynamic_cast(it->second))) - CssmError::throwMe(error); // bad type - if (it->second->tryLock()) { // try to lock it - state().erase(it); // kill the handle - return *sub; // okay, go - } - Thread::yield(); // object lock failed, backoff and retry - } -} - - -// -// Compatibility with old (global function) accessors -// -template -inline Subclass &findHandle(CSSM_HANDLE handle, - CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE) -{ return HandleObject::find(handle, error); } - -template -inline Subclass &findHandleAndLock(CSSM_HANDLE handle, - CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE) -{ return HandleObject::findAndLock(handle, error); } - -template -inline Subclass &killHandle(CSSM_HANDLE handle, - CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE) -{ return HandleObject::findAndKill(handle, error); } - - -} // end namespace Security - -#endif //_H_HANDLEOBJECT diff --git a/cdsa/cdsa_utilities/headermap.cpp b/cdsa/cdsa_utilities/headermap.cpp deleted file mode 100644 index 4e87b1ff..00000000 --- a/cdsa/cdsa_utilities/headermap.cpp +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// headermap - represent Internet-standard headers -// -#include "headermap.h" -#include -#include - -using namespace std; - -namespace Security { - - -// -// Given a constant text string, extract the leading substring up to 'end' (or \0), -// canonicalize its case, and store the result for use. -// -HeaderMap::CanonicalKey::CanonicalKey(const char *key, char end) -{ - assert(key && key[0]); // non-empty - mValue[0] = toupper(key[0]); - for (unsigned int n = 1; n < sizeof(mValue) - 1; n++) { - if (key[n] == end) { - mValue[n] = '\0'; - return; - } - mValue[n] = tolower(key[n]); - } - // overflow -- truncate? throw? dynamic allocation? seppuko? :-) - assert(false); -} - - -// -// Add an entry -// -void HeaderMap::add(const char *key, const char *value) -{ - add(CanonicalKey(key), value); -} - - -// -// Given a standard form (Key: value), add its value to the headermap -// -void HeaderMap::add(const char *form) -{ - while (*form && isspace(*form)) - form++; - if (const char *colon = strchr(form, ':')) { - CanonicalKey key(form, ':'); - const char *value = colon + 1; - while (*value && isspace(*value)) - value++; - add(key, value); - } else { - // ignore this - //@@@ signal an error? how? how bad? - } -} - - -// -// Internal add method, given a canonicalized key -// -void HeaderMap::add(const CanonicalKey &key, const char *value) -{ - Map::iterator it = mMap.find(key); - if (it == mMap.end()) - mMap[key] = value; - else - merge(key, mMap[key], value); -} - - -// -// Locate an entry in a headermap. -// Find returns NULL if not found; [] creates a new entry if needed and returns -// a reference to the value, in good STL tradition. -// -const char *HeaderMap::find(const char *key, const char *defaultValue) const -{ - Map::const_iterator it = mMap.find(CanonicalKey(key)); - return (it == mMap.end()) ? defaultValue : it->second.c_str(); -} - -string &HeaderMap::operator[] (const char *key) -{ - return mMap[CanonicalKey(key)]; -} - - -// -// The default implementation of merge throws out the old contents and replaces -// them with the new. -// -void HeaderMap::merge(string key, string &old, string newValue) -{ - old = newValue; -} - - -// -// Collect the entire contents into a single string -// Note that this is NOT exactly what was passed in; certain canonicalizations have -// been done; fields are reordered; and duplicate-header fields have been coalesced. -//@@@ size could be pre-calculated (running counter). -// -string HeaderMap::collect(const char *lineEnding) const -{ - string value; - for (Map::const_iterator it = mMap.begin(); it != mMap.end(); it++) - value += it->first + ": " + it->second + lineEnding; - return value; -} - -size_t HeaderMap::collectLength(const char *lineEnding) const -{ - size_t size = 0; - size_t sepLength = strlen(lineEnding); - for (Map::const_iterator it = mMap.begin(); it != mMap.end(); it++) - size += it->first.length() + 2 + it->second.length() + sepLength; - return size; -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/headermap.h b/cdsa/cdsa_utilities/headermap.h deleted file mode 100644 index 10c414f4..00000000 --- a/cdsa/cdsa_utilities/headermap.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// headermap - represent Internet-standard headers -// -//@@@ Handle duplicate entries. -//@@@ Be flexible: think HTTP (append with commas) vs. RFC822 (multiple Received: headers etc.) -// -#ifndef _H_HEADERMAP -#define _H_HEADERMAP - -#include -#include - - -namespace Security { - - -// -// Header-maps -// -class HeaderMap { - static const int maxKeyLength = 80; - typedef std::map Map; -public: - HeaderMap() { } - virtual ~HeaderMap() { } - - virtual void merge(std::string key, std::string &old, std::string newValue); - - void add(const char *key, const char *value); - void add(const char *line); // Key: value - void remove(const char *key); - - const char *find(const char *key, const char *def = NULL) const; - std::string &operator [] (const char *key); - - typedef Map::const_iterator ConstIterator; - ConstIterator begin() const { return mMap.begin(); } - ConstIterator end() const { return mMap.end(); } - - typedef Map::const_iterator Iterator; - Iterator begin() { return mMap.begin(); } - Iterator end() { return mMap.end(); } - - std::string collect(const char *lineEnding = "\r\n") const; - size_t collectLength(const char *lineEnding = "\r\n") const; - -private: - // - // In-place case canonicalization of header keys - // - struct CanonicalKey { - CanonicalKey(const char *key, char end = '\0'); - operator const char *() const { return mValue; } - operator std::string () const { return mValue; } - private: - char mValue[maxKeyLength]; - }; - - void add(const CanonicalKey &key, const char *value); - -private: - Map mMap; // map of key: value pairs -}; - - -} // end namespace Security - - -#endif /* _H_HEADERMAP */ diff --git a/cdsa/cdsa_utilities/hosts.cpp b/cdsa/cdsa_utilities/hosts.cpp deleted file mode 100644 index 03ab46e2..00000000 --- a/cdsa/cdsa_utilities/hosts.cpp +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// hosts - value-semantics host identifier class -// -#include "hosts.h" -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -class NamedHost : public Host::Spec { -public: - NamedHost(const char *name); - - string name() const; - set addresses() const; - - bool operator == (const NamedHost &other) const - { return mName == other.mName; } - -private: - string mName; - set mAddrs; -}; - - -class IPv4NumberHost : public Host::Spec { -public: - IPv4NumberHost(IPAddress addr) : mAddr(addr) { } - - string name() const; - set addresses() const; - - bool operator == (const IPv4NumberHost &other) const - { return mAddr == other.mAddr; } - -private: - IPAddress mAddr; -}; - - -// -// Host basics -// -Host::Host(const char *form) -{ - //@@@ IPv4 only at this time - IPAddress addr; - if (inet_aton(form, &addr)) - mSpec = new IPv4NumberHost(addr); - else - mSpec = new NamedHost(form); -} - - -// -// Compare for equality -// -bool Host::operator == (const Host &other) const -{ - // really silly hack alert: just compare lexicographically by name - return mSpec ? (name() == other.name()) : !other.mSpec; -} - -bool Host::operator < (const Host &other) const -{ - // really silly hack alert: just compare lexicographically by name - return !mSpec || (other.mSpec && name() < other.name()); -} - - -// -// Compare for subsumption -// -bool Host::operator <= (const Host &other) const -{ - return false; -} - - -// -// IPv4 address host specs (a single IPv4 address) -// -string IPv4NumberHost::name() const -{ - return mAddr; -} - -set IPv4NumberHost::addresses() const -{ - set result; - result.insert(mAddr); - return result; -} - - -// -// IPv4 hostname host specs (a set of addresses derived from a name lookup) -// @@@ If we want to support IPv6, this should ALSO contain IPv6 lookup results. -// -NamedHost::NamedHost(const char *name) : mName(name) -{ - //@@@ NOT THREAD SAFE - find another way to do name resolution - if (hostent *he = gethostbyname(name)) { - for (char **p = he->h_addr_list; *p; p++) - mAddrs.insert(*reinterpret_cast(*p)); - secdebug("ipname", "host %s resolves to %ld address(es)", mName.c_str(), mAddrs.size()); - return; - } - UnixError::throwMe(ENOENT); //@@@ h_errno translation or other source -} - -string NamedHost::name() const -{ - return mName; -} - -set NamedHost::addresses() const -{ - return mAddrs; -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/hosts.h b/cdsa/cdsa_utilities/hosts.h deleted file mode 100644 index 10ea27aa..00000000 --- a/cdsa/cdsa_utilities/hosts.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// hosts - value-semantics host identifier class -// -// @@@ use vector instead of set to preserve resolver-generated order? -// @@@ preliminary implementation: at the very least, there'll be more subclasses (deferred, etc.) -// -#ifndef _H_HOSTS -#define _H_HOSTS - -#include "ip++.h" -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -// -// Host identities -// -class Host { -public: - Host(const char *form); - Host() { } - - // equality is defined strongly: same host specification - bool operator == (const Host &other) const; - bool operator != (const Host &other) const { return !(*this == other); } - bool operator < (const Host &other) const; // for STL sorting - - // inclusion (<=) is defined semi-weakly: greater subsumes smaller, same access specs - bool operator <= (const Host &other) const; - bool operator >= (const Host &other) const { return other <= *this; } - - string name() const { return mSpec->name(); } - set addresses() const { return mSpec->addresses(); } - -public: - class Spec : public RefCount { - public: - virtual ~Spec() { } - - virtual set addresses() const = 0; - virtual string name() const = 0; - - private: - }; - -private: - RefPointer mSpec; -}; - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif /* _H_HOSTS */ diff --git a/cdsa/cdsa_utilities/inetreply.cpp b/cdsa/cdsa_utilities/inetreply.cpp deleted file mode 100644 index f41d6267..00000000 --- a/cdsa/cdsa_utilities/inetreply.cpp +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// inetreply - manage Internet-standard reply strings -// -#include "inetreply.h" -#include -#include - -namespace Security { -namespace IPPlusPlus { - - -// -// Construct an InetReply object from a WRITABLE buffer. -// The buffer will be alterered by this constructor, and needs to be left alone -// until the InetReply object is destroyed. -// -InetReply::InetReply(const char *buffer) : mBuffer(buffer) -{ - analyze(); -} - -void InetReply::analyze() -{ - // follow Internet rule #1: be lenient in what you accept - /*const*/ char *p; // (un-const is ANSI bogosity in strtol) - mCode = strtol(mBuffer, &p, 10); - if (p == mBuffer) { // conversion failed - mCode = -1; // error indicator - mSeparator = ' '; - mMessage = "?invalid?"; - return; - } - if (!*p) { // just "nnn" (tolerate) - mCode = atoi(p); - mSeparator = ' '; - mMessage = ""; - return; - } - mSeparator = *p++; - while (isspace(*p)) p++; - mMessage = p; -} - - -// -// Continuation handling -// -bool InetReply::Continuation::operator () (const char *input) -{ - if (mActive && !strncmp(input, mTestString, 4)) - mActive = false; - return mActive; -} - -bool InetReply::Continuation::operator () (const InetReply &reply) -{ - if (!mActive && reply.isContinued()) { - mActive = true; - snprintf(mTestString, 4, "%03d", reply.code()); - mTestString[3] = ' '; // no \0 left in this string - } - return mActive; -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/inetreply.h b/cdsa/cdsa_utilities/inetreply.h deleted file mode 100644 index 65b154d7..00000000 --- a/cdsa/cdsa_utilities/inetreply.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// inetreply - manage Internet-standard reply strings -// -// The InetReply class represents an Internet-standard reply line of the form -// nnn some text -// -#ifndef _H_INETREPLY -#define _H_INETREPLY - -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -// -// An InetReply object represents a broken-up reply line of the form -// nnn(sp)text-form -// Note that this will take a *writable* input line buffer and munge it -// into shape. This means that -// (a) You have to keep the input line buffer alive until the InetReply dies, and -// (b) You can't use the input line buffer after the InetReply is constructed. -// -class InetReply { -public: - InetReply(const char *buffer); - - bool valid() const { return mCode >= 0; } - unsigned int code() const { return mCode; } - operator unsigned int () const { return code(); } - unsigned int type() const { return mCode / 100; } - const char *message() const { return mMessage; } - bool isContinued() const { return mSeparator == '-'; } - -private: - const char *mBuffer; // base buffer - int mCode; // integer code (usually nnn) - char mSeparator; // character after code (usually space; '-' for continued lines) - const char *mMessage; // rest of message - - void analyze(); - -public: - // - // Handle FTP-style continuations: nnn- ... nnnMessage - // Instructions for use: - // Continuation myCont; // in some persistent place - // ... get a line of reply -> const char *input ... - // if (myCont(input)) /* in (old) continuation */; - // InetReply reply(input); - // if (myCont(reply)) /* in (newly started) continuation */; - // /* not (any more) in continuation; reply has last message line - // - class Continuation { - public: - Continuation() : mActive(false) { } - - bool operator () (const char *input); - bool operator () (const InetReply &reply); - - bool active() const { return mActive; } - - private: - bool mActive; - char mTestString[4]; - }; -}; - - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif //_H_INETREPLY diff --git a/cdsa/cdsa_utilities/ip++.cpp b/cdsa/cdsa_utilities/ip++.cpp deleted file mode 100644 index 537a35fe..00000000 --- a/cdsa/cdsa_utilities/ip++.cpp +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ip++ - C++ layer for IP socket and address management -// -// [Also see comments in header file.] -// -#include "ip++.h" -#include "hosts.h" -#include -#include -#include - - -namespace Security { -namespace IPPlusPlus { - - -typedef unsigned char Byte; // occasionally useful - - -// -// IPAddress -// -static const struct in_addr in_addr_any = { INADDR_ANY }; -#if BUG_GCC -const IPAddress &IPAddress::any = *static_cast(&in_addr_any); -#else -const IPAddress &IPAddress::any = static_cast(in_addr_any); -#endif - -IPAddress::IPAddress(const char *s) -{ - if (!inet_aton(s, this)) - UnixError::throwMe(EINVAL); -} - -IPAddress::operator string() const -{ - // This code is esentially equivalent to inet_ntoa, which we can't use for thread safety. - // Note: contents in NBO = always high-endian, thus this cast works everywhere. - const Byte *p = reinterpret_cast(this); - char buffer[(3+1)*4]; // nnn.nnn.nnn.nnn\0 - snprintf(buffer, sizeof(buffer), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - return buffer; -} - - -// -// IPSockAddress -// -IPSockAddress::IPSockAddress() -{ - sin_family = AF_INET; -} - -IPSockAddress::IPSockAddress(const IPAddress &addr, IPPort port) -{ - sin_family = AF_INET; - sin_addr = addr; - sin_port = htons(port); -} - -IPSockAddress::operator string () const -{ - char buffer[4*(3+1)+5+1]; // nnn.nnn.nnn.nnn:ppppp - snprintf(buffer, sizeof(buffer), "%s:%d", string(address()).c_str(), port()); - return buffer; -} - - -IPSockAddress IPSockAddress::defaults(const IPSockAddress &defaultAddr) const -{ - return defaults(defaultAddr.address(), defaultAddr.port()); -} - -IPSockAddress IPSockAddress::defaults(const IPAddress &defaultAddr, IPPort defaultPort) const -{ - return IPSockAddress( - address() ? address() : defaultAddr, - port() ? port() : defaultPort - ); -} - -IPSockAddress IPSockAddress::defaults(IPPort defaultPort) const -{ - return IPSockAddress(address(), port() ? port() : defaultPort); -} - - -// -// UNSockAddress -// -UNSockAddress::UNSockAddress() -{ - sun_family = AF_UNIX; -} - -UNSockAddress::UNSockAddress(const char *path) -{ - sun_family = AF_UNIX; - size_t length = strlen(path); - if (length >= sizeof(sun_path)) // won't fit into struct sockaddr_un - UnixError::throwMe(EINVAL); - memcpy(sun_path, path, length + 1); -} - -UNSockAddress::UNSockAddress(const string &path) -{ - sun_family = AF_UNIX; - if (path.length() >= sizeof(sun_path)) // won't fit into struct sockaddr_un - UnixError::throwMe(EINVAL); - memcpy(sun_path, path.c_str(), path.length() + 1); -} - - -string UNSockAddress::path() const -{ - return sun_path; -} - - -// -// Sockets -// -Socket::Socket(int type) -{ - open(type); -} - -Socket::Socket(int domain, int type, int protocol) -{ - open(domain, type, protocol); -} - -void Socket::open(int domain, int type, int protocol) -{ - checkSetFd(::socket(domain, type, protocol)); - mAtEnd = false; - secdebug("sockio", "socket(%d,%d) -> %d", type, protocol, fd()); -} - -void Socket::prepare(int fdFlags, int domain, int type, int protocol) -{ - // if file descriptor is closed, open it - otherwise take what's there - if (!isOpen()) - open(domain, type, protocol); - - // if flags were passed in, set them on the file descriptor now - if (fdFlags) - setFlag(fdFlags); -} - - -void Socket::bind(const IPAddress &addr, IPPort port) -{ - bind(IPSockAddress(addr, port)); -} - -void Socket::bind(const IPSockAddress &local) -{ - checkError(::bind(fd(), local, sizeof(local))); - secdebug("sockio", "%d bind to %s", fd(), string(local).c_str()); -} - -void Socket::bind(const UNSockAddress &local) -{ - checkError(::bind(fd(), local, sizeof(local))); - secdebug("sockio", "%d bind to %s", fd(), string(local).c_str()); -} - - -void Socket::listen(int backlog) -{ - checkError(::listen(fd(), backlog)); -} - - -void Socket::accept(Socket &s) -{ - IPSockAddress dummy; // ignored - return accept(s, dummy); -} - -void Socket::accept(Socket &s, IPSockAddress &peer) -{ - int length = sizeof(IPSockAddress); - s.checkSetFd(::accept(fd(), peer, &length)); - assert(length == sizeof(IPSockAddress)); -} - -void Socket::accept(Socket &s, UNSockAddress &peer) -{ - int length = sizeof(UNSockAddress); - s.checkSetFd(::accept(fd(), peer, &length)); - assert(length == sizeof(UNSockAddress)); -} - - -bool Socket::connect(const IPSockAddress &peer) -{ - if (::connect(fd(), peer, sizeof(peer))) { - switch (errno) { - case EINPROGRESS: - secdebug("sockio", "%d connecting to %s", fd(), string(peer).c_str()); - return false; - case EALREADY: - if (int err = error()) // connect failed - UnixError::throwMe(err); - // just keep trying - secdebug("sockio", "%d still trying to connect", fd()); - return false; - case EISCONN: - if (flags() & O_NONBLOCK) { - secdebug("sockio", "%d now connected", fd()); - return true; - } else { - UnixError::throwMe(); - } - default: - UnixError::throwMe(); - } - } else { - secdebug("sockio", "%d connect to %s", fd(), string(peer).c_str()); - return true; - } -} - -bool Socket::connect(const IPAddress &addr, IPPort port) -{ - return connect(IPSockAddress(addr, port)); -} - -bool Socket::connect(const UNSockAddress &peer) -{ - // no nice async support here: local operation (but keep the niceties) - checkError(::connect(fd(), peer, sizeof(peer))); - secdebug("sockio", "%d connect to %s", fd(), string(peer).c_str()); - return true; -} - -// void Socket::connect(const Host &host, ...): see below. - - -void Socket::shutdown(int how) -{ - assert(how >= 0 && how <= 2); - checkError(::shutdown(fd(), how)); -} - - -IPSockAddress Socket::localAddress() const -{ - IPSockAddress addr; - int length = sizeof(addr); - checkError(::getsockname(fd(), addr, &length)); - assert(length == sizeof(addr)); - return addr; -} - -IPSockAddress Socket::peerAddress() const -{ - IPSockAddress addr; - int length = sizeof(addr); - checkError(::getpeername(fd(), addr, &length)); - assert(length == sizeof(addr)); - return addr; -} - -void Socket::getOption(void *value, int &length, int name, int level /*= SOL_SOCKET*/) const -{ - UnixError::check(::getsockopt(fd(), level, name, value, &length)); -} - -void Socket::setOption(const void *value, int length, int name, int level /*= SOL_SOCKET*/) const -{ - UnixError::check(::setsockopt(fd(), level, name, value, length)); -} - - -// -// Connect to a Host object. -// This version of connect performs nontrivial work and makes interesting decisions. -// -void Socket::connect(const Host &host, IPPort port) -{ - //@@@ use two-step stutter algorithm? - //@@@ randomize order? - //@@@ keep worked-recently information? - //@@@ what about nonblocking operation? - set addrs = host.addresses(); - for (set::const_iterator it = addrs.begin(); it != addrs.end(); it++) { - const IPSockAddress address(*it, port); - if (::connect(fd(), address, sizeof(IPSockAddress)) == 0) { - secdebug("sockio", "%d connect to %s", fd(), string(address).c_str()); - return; - } - } - // no joy on any of the candidate addresses. Throw last error - //@@@ clean up errno? - UnixError::throwMe(); -} - - -// -// TCP*Sockets. -// Note that these will TCP*Socket::open() will *use* its existing file descriptor, -// on the theory that the caller may have prepared it specially (e.g. to make it nonblocking). -// -void TCPClientSocket::open(const IPSockAddress &peer, int fdFlags) -{ - prepare(fdFlags, AF_INET, SOCK_STREAM); - connect(peer); -} - -void TCPClientSocket::open(const IPAddress &addr, IPPort port, int fdFlags) -{ - prepare(fdFlags, AF_INET, SOCK_STREAM); - connect(addr, port); -} - -void TCPClientSocket::open(const Host &host, IPPort port, int fdFlags) -{ - prepare(fdFlags, AF_INET, SOCK_STREAM); - connect(host, port); -} - -TCPClientSocket::~TCPClientSocket() -{ - close(); -} - - -void TCPServerSocket::open(const IPSockAddress &addr, int depth) -{ - prepare(0, AF_INET, SOCK_STREAM); - bind(addr); - listen(depth); -} - -void TCPServerSocket::operator () (TCPClientSocket &newClient) -{ - accept(newClient); -} - -void TCPServerSocket::receive(TCPClientSocket &newClient) -{ - accept(newClient); - close(); -} - -TCPServerSocket::~TCPServerSocket() -{ - close(); -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/ip++.h b/cdsa/cdsa_utilities/ip++.h deleted file mode 100644 index 56b99c5a..00000000 --- a/cdsa/cdsa_utilities/ip++.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// ip++ - C++ layer for IP socket and address management -// -// Key to comments: -// HBO = host byte order, NBO = network byte order -// -// Rules for byte ordering: C++ objects store addresses and ports in NBO. -// Struct in_addr arguments are in NBO. Integer type arguments are in HBO. -// Stick with the conversion methods and you win. Cast around and you lose. -// -// @@@ Which namespace should we be in? -// -#ifndef _H_IPPLUSPLUS -#define _H_IPPLUSPLUS - -#include "unix++.h" -#include "timeflow.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace UnixPlusPlus; - - -namespace Security { -namespace IPPlusPlus { - -class Host; - - -// -// For now, ports are simply a short unsigned integer type, in HBO. -// -typedef uint16 IPPort; - - -// -// An IP host address. -// -class IPAddress : public in_addr { -public: - IPAddress() { s_addr = htonl(INADDR_ANY); } - IPAddress(const struct in_addr &addr) { s_addr = addr.s_addr; } - explicit IPAddress(uint32 addr) { s_addr = htonl(addr); } - IPAddress(const char *s); // ONLY dotted-quad form - use hosts.h for name resolution - - operator uint32 () const { return ntohl(s_addr); } - operator string () const; // "n.n.n.n" (no name resolution) - -public: - bool operator == (const IPAddress &other) const { return s_addr == other.s_addr; } - bool operator != (const IPAddress &other) const { return s_addr != other.s_addr; } - bool operator < (const IPAddress &other) const { return s_addr < other.s_addr; } - - operator bool () const { return s_addr != htonl(INADDR_ANY); } - bool operator ! () const { return s_addr == htonl(INADDR_ANY); } - -public: - static const IPAddress &any; -}; - - -// -// An IP "socket address", i.e. a combined host address and port. -// -class IPSockAddress : public sockaddr_in { -public: - IPSockAddress(); - IPSockAddress(const struct sockaddr_in &sockaddr) { *(sockaddr_in *)this = sockaddr; } - IPSockAddress(const IPAddress &addr, IPPort port); - - IPAddress address() const { return sin_addr; } - void address(IPAddress addr) { sin_addr = addr; } - IPPort port() const { return ntohs(sin_port); } - void port(IPPort p) { sin_port = htons(p); } - - operator string () const; // "n.n.n.n:p" (no name resolution) - - // automatically convert to struct sockaddr * for use in system calls - operator struct sockaddr * () - { return reinterpret_cast(this); } - operator const struct sockaddr * () const - { return reinterpret_cast(this); } - - // conveniences - IPSockAddress defaults(const IPSockAddress &defaultAddr) const; - IPSockAddress defaults(const IPAddress &defaultAddr, IPPort defaultPort = 0) const; - IPSockAddress defaults(IPPort defaultPort) const; -}; - - -// -// UNIX Domain Socket addresses, for those who care. -// An "UNAddress", such as it were, is simply a string. -// -class UNSockAddress : public sockaddr_un { -public: - UNSockAddress(); - UNSockAddress(const char *path); - UNSockAddress(const std::string &path); - - string path() const; - operator string () const { return path(); } - - // automatically convert to struct sockaddr * for use in system calls - operator struct sockaddr * () - { return reinterpret_cast(this); } - operator const struct sockaddr * () const - { return reinterpret_cast(this); } -}; - - -// -// An IP socket. -// This inherits all functionality of a FileDesc, so I/O is fun and easy. -// Socket is "passive"; it doesn't own any resources and does nothing on destruction. -// On the upside, you can assign Sockets freely. -// If you want self-managing sockets that clean up after themselves, -// use the subclasses below. -// -class Socket : public FileDesc { -public: - Socket() { } - explicit Socket(int domain, int type, int protocol = 0); - explicit Socket(int type); - - Socket &operator = (int fd) { setFd(fd); return *this; } - - // basic open (socket system call) - void open(int domain, int type, int protocol = 0); - void open(int type) { open(AF_INET, type, 0); } - - // standard socket operations - void bind(const IPSockAddress &addr); // to this socket address - void bind(const IPAddress &addr = IPAddress::any, IPPort port = 0); - void bind(const UNSockAddress &addr); // to this UNIX domain socket - void listen(int backlog = 1); - void accept(Socket &s); - void accept(Socket &s, IPSockAddress &peer); - void accept(Socket &s, UNSockAddress &peer); - bool connect(const struct sockaddr *peer); - bool connect(const IPSockAddress &peer); - bool connect(const IPAddress &addr, IPPort port); - bool connect(const UNSockAddress &peer); - void connect(const Host &host, IPPort port); // any address of this host - void shutdown(int type); - enum { shutdownRead = 0, shutdownWrite = 1, shutdownBoth = 2 }; - - // get endpoint addresses - IPSockAddress localAddress() const; - IPSockAddress peerAddress() const; - - // socket options - void setOption(const void *value, int length, int name, int level = SOL_SOCKET) const; - void getOption(void *value, int &length, int name, int level = SOL_SOCKET) const; - - template void setOption(const T &value, int name, int level = SOL_SOCKET) const - { setOption(&value, sizeof(value), name, level); } - - template T getOption(int name, int level = SOL_SOCKET) const - { - T value; int length = sizeof(value); - getOption(&value, length, name, level); - assert(length == sizeof(value)); - return value; - } - - // some specific useful options - int type() const { return getOption(SO_TYPE); } - int error() const { return getOption(SO_ERROR); } - -public: -#if defined(SOMAXCONN) - static const int listenMaxQueue = SOMAXCONN; -#else - static const int listenMaxQueue = 5; // the traditional BSD UNIX value -#endif - -protected: - void prepare(int fdFlags, int domain, int type, int protocol = 0); -}; - - -// -// A TCPClientSocket is a self-connecting TCP socket that connects (actively) to a server. -// Since TCP, once established, is symmetric, it can also be used for the server side -// of a TCP pipe. You can think of it as the least complex embodiment of a TCP connection. -// -class TCPClientSocket : public Socket { - NOCOPY(TCPClientSocket) -public: - TCPClientSocket() { } - ~TCPClientSocket(); // closes connection - -#if BUG_GCC - void open(int type, int protocol = 0) { Socket::open(type, protocol); } -#else - using Socket::open; -#endif - - void open(const IPSockAddress &peer, int fdFlags = 0); - void open(const IPAddress &addr, IPPort port, int fdFlags = 0); - void open(const Host &host, IPPort port, int fdFlags = 0); - - TCPClientSocket(const IPSockAddress &peer, int fdFlags = 0) - { open(peer, fdFlags); } - TCPClientSocket(const IPAddress &addr, IPPort port, int fdFlags = 0) - { open(addr, port, fdFlags); } - TCPClientSocket(const Host &host, IPPort port, int fdFlags = 0) - { open(host, port, fdFlags); } - -protected: // for serverSocket/clientSocket footsy play - void setFd(int fd) { Socket::setFd(fd); } - -private: - TCPClientSocket(int sockfd); -}; - - -// -// A TCPServerSocket is a self-initializing listener socket for incoming TCP requests -// (usually to a server). Its function operator yields the next incoming connection request -// as a TCPClientSocket (see above). For one-shot receivers, the receive() method will -// create the client and close the listener atomically (which is sometimes faster). -// -class TCPServerSocket : public Socket { - NOCOPY(TCPServerSocket) -public: - TCPServerSocket() { } - ~TCPServerSocket(); // closes listener; existing connections unaffected - - void open(const IPSockAddress &local, int depth = 1); - void open(IPPort port = 0, int depth = 1) - { open(IPSockAddress(IPAddress::any, port), depth); } - - TCPServerSocket(const IPSockAddress &local, int depth = 1) { open(local, depth); } - TCPServerSocket(IPPort port, int depth = 1) { open(port, depth); } - - void operator () (TCPClientSocket &newClient); // retrieve next connection - void receive(TCPClientSocket &client); // accept once, then close listener -}; - - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif //_H_IPPLUSPLUS diff --git a/cdsa/cdsa_utilities/ktracecodes.h b/cdsa/cdsa_utilities/ktracecodes.h deleted file mode 100644 index 816a27ce..00000000 --- a/cdsa/cdsa_utilities/ktracecodes.h +++ /dev/null @@ -1,120 +0,0 @@ -#ifndef _KTRACE_CODES_H_ -#define _KTRACE_CODES_H_ - -#include -#include - -/* - we format as follows (not really done this way because bitfields are compiler dependent): - - struct DebugCode - { - int DebugClass : 8; - int SubClass : 8; - int SecurityAppClass : 4; - int SecurityCodeClass : 10; - int FunctionQualifier : 2; - }; -*/ - -// Define the following as macros to keep objective c happy. - -// define app class constants -#define APP_DEBUG_CLASS 0x40 - -// define the sub class for security -#define SECURITY_SUB_CLASS 0xAA - -// define the app classes used by security -#define APP_CLASS_SFAUTHORIZATION 0 -#define APP_CLASS_SECURITY_AGENT 1 -#define APP_CLASS_AUTHORIZATION 2 -#define APP_CLASS_SECURITY_SERVER 3 -#define APP_CLASS_ADHOC 4 - -// define function qualifiers -#define FUNCTION_START DBG_FUNC_START -#define FUNCTION_END DBG_FUNC_END -#define FUNCTION_TIMEPOINT DBG_FUNC_NONE - -// define SFAuthorization code class -#define CODE_CLASS_SFAUTHORIZATION_BUTTON_PRESSED 0 -#define CODE_CLASS_SFAUTHORIZATION_AUTHORIZATION 1 - -// define SecurityAgent code class -#define CODE_CLASS_SECURITY_AGENT_START 0 -#define CODE_CLASS_SECURITY_AGENT_STARTED_BY_SECURITY_SERVER 1 -#define CODE_CLASS_SECURITY_AGENT_BEFORE_MECHANISM_INVOKE 2 -#define CODE_CLASS_SECURITY_AGENT_CONFIRM_ACCESS 3 - -// define Authorization code classes -#define CODE_CLASS_AUTHORIZATION_CREATE 0 -#define CODE_CLASS_AUTHORIZATION_COPY_RIGHTS 1 -#define CODE_CLASS_AUTHORIZATION_COPY_INFO 2 - -// define SecurityServer code classes -#define CODE_CLASS_SECURITY_SERVER_INITIALIZE 0 - -// define adhoc code classes (may change by need) -#define CODE_CLASS_ADHOC_FINDGENERICPASSWORD_BEGIN 0 -#define CODE_CLASS_ADHOC_UCSP_CLIENT_BEGIN 1 -#define CODE_CLASS_ADHOC_UCSP_SERVER_DECRYPT_BEGIN 2 -#define CODE_CLASS_ADHOC_UCSP_QUERYKEYCHAINACCESS_BEGIN 3 - -// define SecurityServer code classes -#define TRACECODE(_debugclass, _subclass, _appclass, _codeclass, _functionqualifier) \ - ((_debugclass << 24) | (_subclass << 16) | (_appclass << 12) | (_codeclass << 2) | (_functionqualifier)) - -/* - * Trace code allocations. - */ - enum { - kSecTraceSFAuthorizationButtonPressedStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SFAUTHORIZATION, CODE_CLASS_SFAUTHORIZATION_BUTTON_PRESSED, FUNCTION_START), - kSecTraceSFAuthorizationAuthorizationStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SFAUTHORIZATION, CODE_CLASS_SFAUTHORIZATION_AUTHORIZATION, FUNCTION_START), - kSecTraceSFAuthorizationAuthorizationEnd = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SFAUTHORIZATION, CODE_CLASS_SFAUTHORIZATION_AUTHORIZATION, FUNCTION_END), - kSecTraceSFAuthorizationButtonPressedEnd = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SFAUTHORIZATION, CODE_CLASS_SFAUTHORIZATION_BUTTON_PRESSED, FUNCTION_END), - - kSecTraceSecurityAgentStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_AGENT, CODE_CLASS_SECURITY_AGENT_START, FUNCTION_TIMEPOINT), - kSecTraceSecurityAgentStartedBySecurityServer = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_AGENT, CODE_CLASS_SECURITY_AGENT_STARTED_BY_SECURITY_SERVER, - FUNCTION_TIMEPOINT), - kSecTraceSecurityAgentBeforeMechanismInvoke = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_AGENT, CODE_CLASS_SECURITY_AGENT_BEFORE_MECHANISM_INVOKE, - FUNCTION_TIMEPOINT), - kSecTraceSecurityAgentConfimAccess = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_AGENT, CODE_CLASS_SECURITY_AGENT_CONFIRM_ACCESS, FUNCTION_TIMEPOINT), - - kSecTraceAuthorizationCreateStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_CREATE, FUNCTION_START), - kSecTraceAuthorizationCreateEnd = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_CREATE, FUNCTION_END), - kSecTraceAuthorizationCopyRightsStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_COPY_RIGHTS, FUNCTION_START), - kSecTraceAuthorizationCopyRightsEnd = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_COPY_RIGHTS, FUNCTION_END), - kSecTraceAuthorizationCopyInfoStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_COPY_INFO, FUNCTION_START), - kSecTraceAuthorizationCopyInfoEnd = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_AUTHORIZATION, CODE_CLASS_AUTHORIZATION_COPY_INFO, FUNCTION_END), - - kSecTraceSecurityServerStart = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_SERVER, CODE_CLASS_SECURITY_SERVER_INITIALIZE, FUNCTION_START), - kSecTraceSecurityServerInitialized = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_SECURITY_SERVER, CODE_CLASS_SECURITY_SERVER_INITIALIZE, FUNCTION_END), - - kSecTraceSecurityFrameworkSecKeychainFindGenericPasswordBegin = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_ADHOC, CODE_CLASS_ADHOC_FINDGENERICPASSWORD_BEGIN, FUNCTION_TIMEPOINT), - kSecTraceUCSPClientDecryptBegin = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_ADHOC, CODE_CLASS_ADHOC_UCSP_CLIENT_BEGIN, FUNCTION_TIMEPOINT), - kSecTraceUCSPServerDecryptBegin = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_ADHOC, CODE_CLASS_ADHOC_UCSP_SERVER_DECRYPT_BEGIN, FUNCTION_TIMEPOINT), - kSecTraceSecurityServerQueryKeychainAccess = - TRACECODE (APP_DEBUG_CLASS, SECURITY_SUB_CLASS, APP_CLASS_ADHOC, CODE_CLASS_ADHOC_UCSP_QUERYKEYCHAINACCESS_BEGIN, FUNCTION_TIMEPOINT) - }; - -#endif /* _KTRACE_CODES_H_ */ diff --git a/cdsa/cdsa_utilities/logging.cpp b/cdsa/cdsa_utilities/logging.cpp deleted file mode 100644 index ed2d5c76..00000000 --- a/cdsa/cdsa_utilities/logging.cpp +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// logging - message log support -// -#ifdef __MWERKS__ -# define _CPP_LOGGING -#endif - -#include -#include -#include - - -namespace Security -{ - -namespace Syslog -{ - -// -// Open and initialize logging -// -void open(const char *ident, int facility, int options /*= 0*/) -{ - ::openlog(ident, options, facility); -} - - -// -// General output method -// -static void output(int priority, const char *format, va_list args) -{ - ::vsyslog(priority, format, args); -} - - -// -// Priority-specific wrappers -// -void syslog(int priority, const char *format, ...) -{ va_list args; va_start(args, format); output(priority, format, args); va_end(args); } - -void emergency(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_EMERG, format, args); va_end(args); } -void alert(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_ALERT, format, args); va_end(args); } -void critical(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_CRIT, format, args); va_end(args); } -void error(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_ERR, format, args); va_end(args); } -void warning(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_WARNING, format, args); va_end(args); } -void notice(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_NOTICE, format, args); va_end(args); } -void info(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_INFO, format, args); va_end(args); } -void debug(const char *format, ...) -{ va_list args; va_start(args, format); output(LOG_DEBUG, format, args); va_end(args); } - - -// -// Enable mask operation -// -int mask() -{ - int mask; - ::setlogmask(mask = ::setlogmask(0)); - return mask; -} - -void upto(int priority) -{ - ::setlogmask(LOG_UPTO(priority)); -} - -void enable(int priority) -{ - ::setlogmask(::setlogmask(0) | LOG_MASK(priority)); -} - -void disable(int priority) -{ - ::setlogmask(::setlogmask(0) & ~LOG_MASK(priority)); -} - -} // end namespace Syslog - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/logging.h b/cdsa/cdsa_utilities/logging.h deleted file mode 100644 index 2adb3f77..00000000 --- a/cdsa/cdsa_utilities/logging.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// logging - message log support -// -#ifndef _H_LOGGING -#define _H_LOGGING - -#include -#include - -#ifdef _CPP_LOGGING -#pragma export on -#endif - -namespace Security -{ - -// -// Log destination object -// -namespace Syslog -{ - -void syslog(int priority, const char *format, ...); - -void emergency(const char *format, ...); -void alert(const char *format, ...); -void critical(const char *format, ...); -void error(const char *format, ...); -void warning(const char *format, ...); -void notice(const char *format, ...); -void info(const char *format, ...); -void debug(const char *format, ...); - -void open(const char *ident, int facility, int options = 0); - -int mask(); -void upto(int priority); -void enable(int priority); -void disable(int priority); - -} // end namespace Syslog - -} // end namespace Security - -#ifdef _CPP_LOGGING -#pragma export off -#endif - -#endif //_H_LOGGING diff --git a/cdsa/cdsa_utilities/mach++.cpp b/cdsa/cdsa_utilities/mach++.cpp deleted file mode 100644 index 9758c560..00000000 --- a/cdsa/cdsa_utilities/mach++.cpp +++ /dev/null @@ -1,426 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// mach++ - C++ bindings for useful Mach primitives -// -#include "mach++.h" -#include -#include // debug -#include -#include // debug - -namespace Security { -namespace MachPlusPlus { - - -// -// Mach subsystem exceptions, a subclass of CssmCommonError -// -Error::Error(kern_return_t err) : error(err) -{ -} - -Error::~Error() throw() -{ -} - -CSSM_RETURN -Error::cssmError() const -{ - switch (error) { - case BOOTSTRAP_UNKNOWN_SERVICE: - case MIG_SERVER_DIED: - return CSSM_ERRCODE_SERVICE_NOT_AVAILABLE; - default: - return CSSM_ERRCODE_INTERNAL_ERROR; - } -} - -OSStatus -Error::osStatus() const -{ - return cssmError(); -} - -void Error::check(kern_return_t status) -{ - if (status != KERN_SUCCESS) - Error::throwMe(status); -} - -void Error::throwMe(kern_return_t err) -{ - throw Error(err); -} - - -#if !defined(NDEBUG) -void Error::debugDiagnose(const void *id) const -{ - const char *name; - switch (error) { - default: - name = mach_error_string(error); break; - case BOOTSTRAP_UNKNOWN_SERVICE: - name = "BOOTSTRAP_UNKNOWN_SERVICE"; break; - case BOOTSTRAP_NAME_IN_USE: - name = "BOOTSTRAP_NAME_IN_USE"; break; - case BOOTSTRAP_NOT_PRIVILEGED: - name = "BOOTSTRAP_NOT_PRIVILEGED"; break; - case BOOTSTRAP_SERVICE_ACTIVE: - name = "BOOTSTRAP_SERVICE_ACTIVE"; break; - } - secdebug("exception", "%p Mach Error %s (%d) osStatus %ld", - id, name, error, osStatus()); -} -#endif //NDEBUG - - -// -// Memory management -// -void *allocate(size_t size) -{ - vm_address_t address; - check(vm_allocate(mach_task_self(), &address, size, true)); - return reinterpret_cast(address); -} - -void deallocate(vm_address_t address, size_t size) -{ - check(vm_deallocate(mach_task_self(), address, size)); -} - - -// -// Port functions -// -mach_port_urefs_t Port::getRefs(mach_port_right_t right) -{ - mach_port_urefs_t count; - check(::mach_port_get_refs(self(), mPort, right, &count)); - return count; -} - -mach_port_t Port::requestNotify(mach_port_t notify, mach_msg_id_t type, mach_port_mscount_t sync) -{ - mach_port_t previous; - check(mach_port_request_notification(self(), mPort, type, sync, notify, - MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous)); - -#if !defined(NDEBUG) - const char *typeName; - switch (type) { - case MACH_NOTIFY_PORT_DELETED: typeName = "port deleted"; break; - case MACH_NOTIFY_PORT_DESTROYED:typeName = "port destroyed"; break; - case MACH_NOTIFY_NO_SENDERS: typeName = "no senders"; break; - case MACH_NOTIFY_SEND_ONCE: typeName = "send once"; break; - case MACH_NOTIFY_DEAD_NAME: typeName = "dead name"; break; - default: typeName = "???"; break; - } - if (notify == MACH_PORT_NULL) - secdebug("port", "%d cancel notify %s", port(), typeName); - else - secdebug("port", "%d request notify %s to %d (sync %d)", port(), typeName, notify, sync); -#endif //!NDEBUG - - return previous; -} - -mach_port_t Port::cancelNotify(mach_msg_id_t type) -{ - // Mach won't let us unset the DPN port if we are already dead - // (EVEN if the DPN has already been sent!) So just ignore that case... - if (isDead()) - return MACH_PORT_NULL; - return requestNotify(MACH_PORT_NULL, type); -} - - -// -// PortSet features -// -set PortSet::members() const -{ - mach_port_array_t members; - mach_msg_type_number_t count; - check(::mach_port_get_set_status(self(), mPort, &members, &count)); - try { - set result; - copy(members, members+count, inserter(result, result.begin())); - vm_deallocate(self(), vm_address_t(members), count * sizeof(members[0])); - return result; - } catch (...) { - vm_deallocate(self(), vm_address_t(members), count * sizeof(members[0])); - throw; - } -} - - -bool PortSet::contains(Port member) const -{ - set memberSet = members(); - return memberSet.find(member) != memberSet.end(); -} - - -// -// Task port features -// -pid_t TaskPort::pid() const -{ - pid_t pid; - check(::pid_for_task(mPort, &pid)); - return pid; -} - -TaskPort TaskPort::forPid(pid_t pid) -{ - TaskPort taskPort; - check(::task_for_pid(self(), pid, &taskPort.port())); - return taskPort; -} - - -// -// Bootstrap port management -// -mach_port_t Bootstrap::checkIn(const char *name) const -{ - mach_port_t port; - check(::bootstrap_check_in(mPort, makeName(name), &port)); - return port; -} - -mach_port_t Bootstrap::checkInOptional(const char *name) const -{ - mach_port_t port; - switch (kern_return_t err = ::bootstrap_check_in(mPort, makeName(name), &port)) { - case BOOTSTRAP_SERVICE_ACTIVE: - case BOOTSTRAP_UNKNOWN_SERVICE: - case BOOTSTRAP_NOT_PRIVILEGED: - return MACH_PORT_NULL; - default: - check(err); - } - return port; -} - -void Bootstrap::registerAs(mach_port_t port, const char *name) const -{ - secdebug("bootstrap", "creating service port %d in %d:%s", port, this->port(), name); - check(::bootstrap_register(mPort, makeName(name), port)); -} - -mach_port_t Bootstrap::lookup(const char *name) const -{ - mach_port_t port; - check(::bootstrap_look_up(mPort, makeName(name), &port)); - return port; -} - -mach_port_t Bootstrap::lookupOptional(const char *name) const -{ - mach_port_t port; - kern_return_t err = ::bootstrap_look_up(mPort, makeName(name), &port); - if (err == BOOTSTRAP_UNKNOWN_SERVICE) - return 0; - check(err); - return port; -} - - -Bootstrap Bootstrap::subset(Port requestor) -{ - mach_port_t sub; - check(::bootstrap_subset(mPort, requestor, &sub)); - return sub; -} - - -// -// ReceivePorts -// -ReceivePort::ReceivePort(const char *name, const Bootstrap &bootstrap) -{ - mPort = bootstrap.checkInOptional(name); - if (!mPort) { - allocate(); - // Bootstrap registration requires a send right to (copy) send. - // Make a temporary one, send it, then take it away again, to avoid - // messing up the caller's send right accounting. - insertRight(MACH_MSG_TYPE_MAKE_SEND); - bootstrap.registerAs(mPort, name); - modRefs(MACH_PORT_RIGHT_SEND, -1); - } -} - - -// -// Stack-based bootstrap switcher -// -ModuleNexus StBootstrap::critical; - -StBootstrap::StBootstrap(const Bootstrap &newBoot, const TaskPort &task) - : mTask(task), locker(critical()) -{ - mOldBoot = Bootstrap(); - mTask.bootstrap(newBoot); - secdebug("StBoot", "bootstrap for %d switched to %d", mTask.port(), newBoot.port()); -} - -StBootstrap::~StBootstrap() -{ - mTask.bootstrap(mOldBoot); - secdebug("StBoot", "bootstrap for %d returned to %d", mTask.port(), mOldBoot.port()); -} - - -// -// Mach message buffers -// -Message::Message(void *buffer, size_t size) - : mBuffer(reinterpret_cast(buffer)), - mSize(size), mRelease(false) -{ - assert(size >= sizeof(mach_msg_header_t)); -} - -Message::Message(size_t size) -{ - mSize = size + MAX_TRAILER_SIZE; - mBuffer = (mig_reply_error_t *)new char[mSize]; - mRelease = true; -} - -Message::~Message() -{ - if (mRelease) - delete[] mBuffer; -} - - -bool Message::check(kern_return_t status) -{ - switch (status) { - case KERN_SUCCESS: - return true; - case MACH_RCV_TIMED_OUT: - case MACH_SEND_TIMED_OUT: - return false; - default: - Error::throwMe(status); - } -} - - -bool Message::send(mach_msg_option_t options, - mach_msg_timeout_t timeout, - mach_port_name_t notify) -{ - return check(mach_msg_overwrite(*this, - options | MACH_SEND_MSG, - length(), - 0, MACH_PORT_NULL, - timeout, notify, - NULL, 0)); -} - -bool Message::receive(mach_port_t receivePort, - mach_msg_option_t options, - mach_msg_timeout_t timeout, - mach_port_name_t notify) -{ - return check(mach_msg_overwrite(*this, - options | MACH_RCV_MSG, - length(), - mSize, receivePort, - timeout, notify, - NULL, 0)); -} - -bool Message::sendReceive(mach_port_t receivePort, - mach_msg_option_t options, - mach_msg_timeout_t timeout, - mach_port_name_t notify) -{ - return check(mach_msg_overwrite(*this, - options | MACH_SEND_MSG | MACH_RCV_MSG, - length(), - mSize, receivePort, - timeout, notify, - NULL, 0)); -} - - -// -// Debug dumping of ports etc. -// -#if defined(DEBUGDUMP) - -void Port::dump(const char *descr) -{ - if (mPort == MACH_PORT_NULL) { - Debug::dump("[%s==NULL]\n", descr ? descr : "port"); - } else { - Debug::dump("[%s(%d)", descr ? descr : "port", mPort); - mach_port_type_t type; - if (kern_return_t err = mach_port_type(self(), mPort, &type)) { - Debug::dump(" !%s", mach_error_string(err)); - } else { - if (type & MACH_PORT_TYPE_SEND) - Debug::dump(" send(%d)", getRefs(MACH_PORT_RIGHT_SEND)); - if (type & MACH_PORT_TYPE_RECEIVE) - Debug::dump(" rcv"); - if (type & MACH_PORT_TYPE_SEND_ONCE) - Debug::dump(" once(%d)", getRefs(MACH_PORT_RIGHT_SEND)); - if (type & MACH_PORT_TYPE_PORT_SET) - Debug::dump(" set"); - if (type & MACH_PORT_TYPE_DEAD_NAME) - Debug::dump(" dead(%d)", getRefs(MACH_PORT_RIGHT_SEND)); - if (type & MACH_PORT_TYPE_DNREQUEST) - Debug::dump(" dnreq"); - // handle unknown/unexpected type flags - if (type & ~(MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE|MACH_PORT_TYPE_SEND_ONCE| - MACH_PORT_TYPE_PORT_SET|MACH_PORT_TYPE_DEAD_NAME|MACH_PORT_TYPE_DNREQUEST)) - Debug::dump(" type(0x%x)", type); - } - Debug::dump("]\n"); - } -} - - -void Bootstrap::dump() -{ - name_array_t services, servers; - bool_array_t active; - mach_msg_type_number_t nServices, nServers, nActive; - check(bootstrap_info(mPort, &services, &nServices, - &servers, &nServers, &active, &nActive)); - Port::dump(); - Debug::dump(" %d services\n", nServices); - for (mach_msg_type_number_t n = 0; n < nServices; n++) - Debug::dump("%s\n", services[n]); -} - -#endif //DEBUGDUMP - - -} // end namespace MachPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/mach++.h b/cdsa/cdsa_utilities/mach++.h deleted file mode 100644 index 57451dd7..00000000 --- a/cdsa/cdsa_utilities/mach++.h +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// mach++ - C++ bindings for useful Mach primitives -// -#ifndef _H_MACHPP -#define _H_MACHPP - -#include -#include -#include -#include -#include -#include - -// yes, we use some UNIX (non-mach) headers... -#include -#include - -namespace Security { -namespace MachPlusPlus { - - -// -// Exceptions thrown by the mach++ interface. -// -class Error : public CssmCommonError { -protected: - // actually, kern_return_t can be just about any subsystem type return code - Error(kern_return_t err); -public: - virtual ~Error() throw(); - - virtual CSSM_RETURN cssmError() const; - virtual OSStatus osStatus() const; - - const kern_return_t error; - - static void check(kern_return_t err); - static void throwMe(kern_return_t err) __attribute__((noreturn)); - -private: - IFDEBUG(void debugDiagnose(const void *id) const); -}; - -// generic return code checker -inline void check(kern_return_t status) -{ Error::check(status); } - - -// -// Simple vm_allocate/deallocate glue -// -void *allocate(size_t size); -void deallocate(vm_address_t addr, size_t size); - -inline void deallocate(const void *addr, size_t size) -{ deallocate(reinterpret_cast(addr), size); } - - -// -// An encapsulation of a Mach 3 port -// -class Port { -protected: - static mach_port_t self() { return mach_task_self(); } - -public: - Port() { mPort = 0; } - Port(mach_port_t port) { mPort = port; } - - // devolve to Mach primitive type - operator mach_port_t () const { return mPort; } - - // access reference (for primitives storing into &mach_port_t) - mach_port_t &port () { return mPort; } - const mach_port_t &port () const { return mPort; } - - // status checks - mach_port_type_t type() const - { mach_port_type_t typ; check(mach_port_type(self(), mPort, &typ)); return typ; } - - bool isType(mach_port_type_t typ) const { return type() & typ; } - bool isDead() const { return isType(MACH_PORT_TYPE_DEAD_NAME); } - - // port allocation and management - void allocate(mach_port_right_t right = MACH_PORT_RIGHT_RECEIVE) - { check(mach_port_allocate(self(), right, &mPort)); } - void deallocate() { check(mach_port_deallocate(self(), mPort)); } - void destroy() { check(mach_port_destroy(self(), mPort)); } - - void insertRight(mach_msg_type_name_t type) - { check(mach_port_insert_right(self(), mPort, mPort, type)); } - - void modRefs(mach_port_right_t right, mach_port_delta_t delta = 1) - { check(mach_port_mod_refs(self(), mPort, right, delta)); } - - mach_port_urefs_t getRefs(mach_port_right_t right); - - // port notification interface - mach_port_t requestNotify(mach_port_t notify, mach_msg_id_t type, mach_port_mscount_t sync = 1); - mach_port_t cancelNotify(mach_msg_id_t type); - - IFDUMP(void dump(const char *name = NULL)); - -protected: - mach_port_t mPort; -}; - - -// -// Ports representing PortSets -// -class PortSet : public Port { -public: - PortSet() { allocate(MACH_PORT_RIGHT_PORT_SET); } - ~PortSet() { destroy(); } - - void operator += (const Port &port) - { check(mach_port_move_member(self(), port, mPort)); } - - void operator -= (const Port &port) - { check(mach_port_move_member(self(), port, MACH_PORT_NULL)); } - - set members() const; - bool contains(Port member) const; // relatively slow -}; - - -// -// Ports that are bootstrap ports -// -class Bootstrap : public Port { -public: - Bootstrap() { check(task_get_bootstrap_port(mach_task_self(), &mPort)); } - Bootstrap(mach_port_t bootp) : Port(bootp) { } - - mach_port_t checkIn(const char *name) const; - mach_port_t checkInOptional(const char *name) const; - - void registerAs(mach_port_t port, const char *name) const; - - mach_port_t lookup(const char *name) const; - mach_port_t lookupOptional(const char *name) const; - - Bootstrap subset(Port requestor); - - IFDUMP(void dump()); - -private: - // officially, the register/lookup IPCs take an array of 128 characters (not a zero-end string) - mutable char nameBuffer[BOOTSTRAP_MAX_NAME_LEN]; - -protected: - char *Bootstrap::makeName(const char *s) const - { return strncpy(nameBuffer, s, BOOTSTRAP_MAX_NAME_LEN); } -}; - - -// -// Ports that are Task Ports -// -class TaskPort : public Port { -public: - TaskPort() { mPort = self(); } - TaskPort(const Port &p) { mPort = p; } - - Bootstrap bootstrap() const - { mach_port_t boot; check(task_get_bootstrap_port(mPort, &boot)); return boot; } - void bootstrap(Bootstrap boot) - { check(task_set_bootstrap_port(mPort, boot)); } - - pid_t pid() const; - static TaskPort forPid(pid_t pid); -}; - - -// -// Ports that are are self-allocated and have receive rights -// -class ReceivePort : public Port { -public: - ReceivePort() { allocate(); } - ReceivePort(const char *name, const Bootstrap &bootstrap); - ~ReceivePort() { destroy(); } -}; - - -// -// A little stack utility for temporarily switching your bootstrap around. -// Essentially, it restores your bootstrap port when it dies. Since the -// "current bootstrap port" is a process-global item, this uses a global -// zone of exclusion (aka critical region). There's no protection against -// someone else calling the underlying system service, of course. -// -class StBootstrap { -public: - StBootstrap(const Bootstrap &boot, const TaskPort &task = TaskPort()); - ~StBootstrap(); - -private: - Bootstrap mOldBoot; - TaskPort mTask; - StLock locker; - static ModuleNexus critical; // critical region guard (of a sort) -}; - - -// -// A Mach-level memory guard. -// This will vm_deallocate its argument when it gets destroyed. -// -class VMGuard { -public: - VMGuard(void *addr, size_t length) : mAddr(addr), mLength(length) { } - ~VMGuard() { deallocate(mAddr, mLength); } - -private: - void *mAddr; - size_t mLength; -}; - - -// -// Message buffers for Mach messages. -// This class is for relatively simple uses. -// -class Message { -public: - Message(void *buffer, size_t size); - Message(size_t size); - virtual ~Message(); - - operator mig_reply_error_t & () const { return *mBuffer; } - operator mach_msg_header_t & () const { return mBuffer->Head; } - operator mig_reply_error_t * () const { return mBuffer; } - operator mach_msg_header_t * () const { return &mBuffer->Head; } - operator NDR_record_t & () const { return mBuffer->NDR; } - - void *data() const { return mBuffer; } - size_t length() const { return mBuffer->Head.msgh_size; } - Port localPort() const { return mBuffer->Head.msgh_local_port; } - Port remotePort() const { return mBuffer->Head.msgh_remote_port; } - mach_msg_id_t msgId() const { return mBuffer->Head.msgh_id; } - mach_msg_bits_t bits() const { return mBuffer->Head.msgh_bits; } - kern_return_t returnCode() const { return mBuffer->RetCode; } - - void localPort(mach_port_t p) { mBuffer->Head.msgh_local_port = p; } - void remotePort(mach_port_t p) { mBuffer->Head.msgh_remote_port = p; } - -public: - bool send(mach_msg_option_t options = 0, - mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE, - mach_port_name_t notify = MACH_PORT_NULL); - bool receive(mach_port_t receivePort, - mach_msg_option_t options = 0, - mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE, - mach_port_name_t notify = MACH_PORT_NULL); - bool sendReceive(mach_port_t receivePort, - mach_msg_option_t options = 0, - mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE, - mach_port_name_t notify = MACH_PORT_NULL); - - void destroy() { mach_msg_destroy(*this); } - -private: - bool check(kern_return_t status); - -private: - mig_reply_error_t *mBuffer; - size_t mSize; - bool mRelease; -}; - - -} // end namespace MachPlusPlus -} // end namespace Security - -#endif //_H_MACHPP diff --git a/cdsa/cdsa_utilities/mach_notify.c b/cdsa/cdsa_utilities/mach_notify.c deleted file mode 100644 index e41c4091..00000000 --- a/cdsa/cdsa_utilities/mach_notify.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * IDENTIFICATION: - * stub generated Fri Mar 1 18:02:22 2002 - * with a MiG generated Thu Feb 21 15:16:47 PST 2002 by root@blur - * OPTIONS: - */ - -/* Module notify */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#ifndef mig_internal -#define mig_internal static -#endif /* mig_internal */ - -#ifndef mig_external -#define mig_external -#endif /* mig_external */ - -#ifndef TypeCheck -#define TypeCheck 0 -#endif /* TypeCheck */ - -#ifndef LimitCheck -#define LimitCheck 0 -#endif /* LimitCheck */ - -#ifndef min -#define min(a,b) ( ((a) < (b))? (a): (b) ) -#endif /* min */ - -#ifndef UseStaticTemplates -#define UseStaticTemplates 1 -#endif /* UseStaticTemplates */ - -#define _WALIGN_(x) (((x) + 3) & ~3) -#define _WALIGNSZ_(x) _WALIGN_(sizeof(x)) -#ifndef __DeclareRcvRpc -#define __DeclareRcvRpc(_NUM_, _NAME_) -#endif /* __DeclareRcvRpc */ - -#ifndef __BeforeRcvRpc -#define __BeforeRcvRpc(_NUM_, _NAME_) -#endif /* __BeforeRcvRpc */ - -#ifndef __AfterRcvRpc -#define __AfterRcvRpc(_NUM_, _NAME_) -#endif /* __AfterRcvRpc */ - -#ifndef __DeclareRcvSimple -#define __DeclareRcvSimple(_NUM_, _NAME_) -#endif /* __DeclareRcvSimple */ - -#ifndef __BeforeRcvSimple -#define __BeforeRcvSimple(_NUM_, _NAME_) -#endif /* __BeforeRcvSimple */ - -#ifndef __AfterRcvSimple -#define __AfterRcvSimple(_NUM_, _NAME_) -#endif /* __AfterRcvSimple */ - -#define novalue void - -#define msgh_request_port msgh_local_port -#define MACH_MSGH_BITS_REQUEST(bits) MACH_MSGH_BITS_LOCAL(bits) -#define msgh_reply_port msgh_remote_port -#define MACH_MSGH_BITS_REPLY(bits) MACH_MSGH_BITS_REMOTE(bits) - -#define MIG_RETURN_ERROR(X, code) {\ - ((mig_reply_error_t *)X)->RetCode = code;\ - ((mig_reply_error_t *)X)->NDR = NDR_record;\ - return;\ - } - -/* typedefs for all requests */ - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_name_t name; - } __Request__mach_notify_port_deleted_t; - - typedef struct { - mach_msg_header_t Head; - /* start of the kernel processed data */ - mach_msg_body_t msgh_body; - mach_msg_port_descriptor_t rights; - /* end of the kernel processed data */ - } __Request__mach_notify_port_destroyed_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_mscount_t mscount; - } __Request__mach_notify_no_senders_t; - - typedef struct { - mach_msg_header_t Head; - } __Request__mach_notify_send_once_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_name_t name; - } __Request__mach_notify_dead_name_t; - - -/* typedefs for all replies */ - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t RetCode; - } __Reply__mach_notify_port_deleted_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t RetCode; - } __Reply__mach_notify_port_destroyed_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t RetCode; - } __Reply__mach_notify_no_senders_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t RetCode; - } __Reply__mach_notify_send_once_t; - - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - kern_return_t RetCode; - } __Reply__mach_notify_dead_name_t; - - -/* Forward Declarations */ - - -mig_internal novalue _Xmach_notify_port_deleted - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); - -mig_internal novalue _Xmach_notify_port_destroyed - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); - -mig_internal novalue _Xmach_notify_no_senders - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); - -mig_internal novalue _Xmach_notify_send_once - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); - -mig_internal novalue _Xmach_notify_dead_name - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); - - -/* SimpleRoutine mach_notify_port_deleted */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t cdsa_mach_notify_port_deleted -( - mach_port_t notify, - mach_port_name_t name -); - -/* SimpleRoutine mach_notify_port_deleted */ -mig_internal novalue _Xmach_notify_port_deleted - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_name_t name; - mach_msg_trailer_t trailer; - } Request; - - typedef __Request__mach_notify_port_deleted_t __Request; - - typedef __Reply__mach_notify_port_deleted_t Reply; - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register Request *In0P = (Request *) InHeadP; - register Reply *OutP = (Reply *) OutHeadP; - __DeclareRcvSimple(65, "mach_notify_port_deleted") - __BeforeRcvSimple(65, "mach_notify_port_deleted") -#if TypeCheck - if ((In0P->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) || - (In0P->Head.msgh_size != sizeof(__Request))) - { MIG_RETURN_ERROR(OutP, MIG_BAD_ARGUMENTS); } -#endif /* TypeCheck */ - - OutP->RetCode = cdsa_mach_notify_port_deleted(In0P->Head.msgh_request_port, In0P->name); - __AfterRcvSimple(65, "mach_notify_port_deleted") -} - -/* SimpleRoutine mach_notify_port_destroyed */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t cdsa_mach_notify_port_destroyed -( - mach_port_t notify, - mach_port_t rights -); - -/* SimpleRoutine mach_notify_port_destroyed */ -mig_internal novalue _Xmach_notify_port_destroyed - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - typedef struct { - mach_msg_header_t Head; - /* start of the kernel processed data */ - mach_msg_body_t msgh_body; - mach_msg_port_descriptor_t rights; - /* end of the kernel processed data */ - mach_msg_trailer_t trailer; - } Request; - - typedef __Request__mach_notify_port_destroyed_t __Request; - - typedef __Reply__mach_notify_port_destroyed_t Reply; - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register Request *In0P = (Request *) InHeadP; - register Reply *OutP = (Reply *) OutHeadP; - __DeclareRcvSimple(69, "mach_notify_port_destroyed") - __BeforeRcvSimple(69, "mach_notify_port_destroyed") -#if TypeCheck - if (!(In0P->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) || - (In0P->msgh_body.msgh_descriptor_count != 1) || - (In0P->Head.msgh_size != sizeof(__Request))) - { MIG_RETURN_ERROR(OutP, MIG_BAD_ARGUMENTS); } -#endif /* TypeCheck */ - -#if TypeCheck - if (In0P->rights.type != MACH_MSG_PORT_DESCRIPTOR || - In0P->rights.disposition != MACH_MSG_TYPE_MOVE_RECEIVE) - { MIG_RETURN_ERROR(OutP, MIG_TYPE_ERROR); } -#endif /* TypeCheck */ - - OutP->RetCode = cdsa_mach_notify_port_destroyed(In0P->Head.msgh_request_port, In0P->rights.name); - __AfterRcvSimple(69, "mach_notify_port_destroyed") -} - -/* SimpleRoutine mach_notify_no_senders */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t cdsa_mach_notify_no_senders -( - mach_port_t notify, - mach_port_mscount_t mscount -); - -/* SimpleRoutine mach_notify_no_senders */ -mig_internal novalue _Xmach_notify_no_senders - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_mscount_t mscount; - mach_msg_trailer_t trailer; - } Request; - - typedef __Request__mach_notify_no_senders_t __Request; - - typedef __Reply__mach_notify_no_senders_t Reply; - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register Request *In0P = (Request *) InHeadP; - register Reply *OutP = (Reply *) OutHeadP; - __DeclareRcvSimple(70, "mach_notify_no_senders") - __BeforeRcvSimple(70, "mach_notify_no_senders") -#if TypeCheck - if ((In0P->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) || - (In0P->Head.msgh_size != sizeof(__Request))) - { MIG_RETURN_ERROR(OutP, MIG_BAD_ARGUMENTS); } -#endif /* TypeCheck */ - - OutP->RetCode = cdsa_mach_notify_no_senders(In0P->Head.msgh_request_port, In0P->mscount); - __AfterRcvSimple(70, "mach_notify_no_senders") -} - -/* SimpleRoutine mach_notify_send_once */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t cdsa_mach_notify_send_once -( - mach_port_t notify -); - -/* SimpleRoutine mach_notify_send_once */ -mig_internal novalue _Xmach_notify_send_once - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - typedef struct { - mach_msg_header_t Head; - mach_msg_trailer_t trailer; - } Request; - - typedef __Request__mach_notify_send_once_t __Request; - - typedef __Reply__mach_notify_send_once_t Reply; - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register Request *In0P = (Request *) InHeadP; - register Reply *OutP = (Reply *) OutHeadP; - __DeclareRcvSimple(71, "mach_notify_send_once") - __BeforeRcvSimple(71, "mach_notify_send_once") -#if TypeCheck - if ((In0P->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) || - (In0P->Head.msgh_size != sizeof(__Request))) - { MIG_RETURN_ERROR(OutP, MIG_BAD_ARGUMENTS); } -#endif /* TypeCheck */ - - OutP->RetCode = cdsa_mach_notify_send_once(In0P->Head.msgh_request_port); - __AfterRcvSimple(71, "mach_notify_send_once") -} - -/* SimpleRoutine mach_notify_dead_name */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t cdsa_mach_notify_dead_name -( - mach_port_t notify, - mach_port_name_t name -); - -/* SimpleRoutine mach_notify_dead_name */ -mig_internal novalue _Xmach_notify_dead_name - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - typedef struct { - mach_msg_header_t Head; - NDR_record_t NDR; - mach_port_name_t name; - mach_msg_trailer_t trailer; - } Request; - - typedef __Request__mach_notify_dead_name_t __Request; - - typedef __Reply__mach_notify_dead_name_t Reply; - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register Request *In0P = (Request *) InHeadP; - register Reply *OutP = (Reply *) OutHeadP; - __DeclareRcvSimple(72, "mach_notify_dead_name") - __BeforeRcvSimple(72, "mach_notify_dead_name") -#if TypeCheck - if ((In0P->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) || - (In0P->Head.msgh_size != sizeof(__Request))) - { MIG_RETURN_ERROR(OutP, MIG_BAD_ARGUMENTS); } -#endif /* TypeCheck */ - - OutP->RetCode = cdsa_mach_notify_dead_name(In0P->Head.msgh_request_port, In0P->name); - __AfterRcvSimple(72, "mach_notify_dead_name") -} - -/* union of all requests */ - -union __RequestUnion__cdsa_notify_subsystem { - __Request__mach_notify_port_deleted_t Request_mach_notify_port_deleted; - __Request__mach_notify_port_destroyed_t Request_mach_notify_port_destroyed; - __Request__mach_notify_no_senders_t Request_mach_notify_no_senders; - __Request__mach_notify_send_once_t Request_mach_notify_send_once; - __Request__mach_notify_dead_name_t Request_mach_notify_dead_name; -}; - -/* union of all replies */ - -union __ReplyUnion__cdsa_notify_subsystem { - __Reply__mach_notify_port_deleted_t Reply_mach_notify_port_deleted; - __Reply__mach_notify_port_destroyed_t Reply_mach_notify_port_destroyed; - __Reply__mach_notify_no_senders_t Reply_mach_notify_no_senders; - __Reply__mach_notify_send_once_t Reply_mach_notify_send_once; - __Reply__mach_notify_dead_name_t Reply_mach_notify_dead_name; -}; - - -extern boolean_t cdsa_notify_server( - mach_msg_header_t *InHeadP, - mach_msg_header_t *OutHeadP); - -extern mig_routine_t notify_server_routine( - mach_msg_header_t *InHeadP); - - -/* Description of this subsystem, for use in direct RPC */ -const struct cdsa_notify_subsystem { - mig_server_routine_t server; /* Server routine */ - mach_msg_id_t start; /* Min routine number */ - mach_msg_id_t end; /* Max routine number + 1 */ - unsigned int maxsize; /* Max msg size */ - vm_address_t reserved; /* Reserved */ - struct routine_descriptor /*Array of routine descriptors */ - routine[9]; -} cdsa_notify_subsystem = { - notify_server_routine, - 64, - 73, - sizeof(union __ReplyUnion__cdsa_notify_subsystem), - (vm_address_t)0, - { - {0, 0, 0, 0, 0, 0}, - { (mig_impl_routine_t) 0, - (mig_stub_routine_t) _Xmach_notify_port_deleted, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_port_deleted_t)}, - {0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0}, - { (mig_impl_routine_t) 0, - (mig_stub_routine_t) _Xmach_notify_port_destroyed, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_port_destroyed_t)}, - { (mig_impl_routine_t) 0, - (mig_stub_routine_t) _Xmach_notify_no_senders, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_no_senders_t)}, - { (mig_impl_routine_t) 0, - (mig_stub_routine_t) _Xmach_notify_send_once, 1, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_send_once_t)}, - { (mig_impl_routine_t) 0, - (mig_stub_routine_t) _Xmach_notify_dead_name, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_dead_name_t)}, - } -}; - -mig_external boolean_t cdsa_notify_server - (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) -{ - /* - * typedef struct { - * mach_msg_header_t Head; - * NDR_record_t NDR; - * kern_return_t RetCode; - * } mig_reply_error_t; - */ - - register mig_routine_t routine; - - OutHeadP->msgh_bits = MACH_MSGH_BITS(MACH_MSGH_BITS_REPLY(InHeadP->msgh_bits), 0); - OutHeadP->msgh_remote_port = InHeadP->msgh_reply_port; - /* Minimal size: routine() will update it if different */ - OutHeadP->msgh_size = sizeof(mig_reply_error_t); - OutHeadP->msgh_local_port = MACH_PORT_NULL; - OutHeadP->msgh_id = InHeadP->msgh_id + 100; - - if ((InHeadP->msgh_id > 72) || (InHeadP->msgh_id < 64) || - ((routine = cdsa_notify_subsystem.routine[InHeadP->msgh_id - 64].stub_routine) == 0)) { - ((mig_reply_error_t *)OutHeadP)->NDR = NDR_record; - ((mig_reply_error_t *)OutHeadP)->RetCode = MIG_BAD_ID; - return FALSE; - } - (*routine) (InHeadP, OutHeadP); - return TRUE; -} - -mig_external mig_routine_t notify_server_routine - (mach_msg_header_t *InHeadP) -{ - register int msgh_id; - - msgh_id = InHeadP->msgh_id - 64; - - if ((msgh_id > 8) || (msgh_id < 0)) - return 0; - - return cdsa_notify_subsystem.routine[msgh_id].stub_routine; -} diff --git a/cdsa/cdsa_utilities/mach_notify.h b/cdsa/cdsa_utilities/mach_notify.h deleted file mode 100644 index 344d5bad..00000000 --- a/cdsa/cdsa_utilities/mach_notify.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _notify_user_ -#define _notify_user_ - -/* Module notify */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef AUTOTEST -#ifndef FUNCTION_PTR_T -#define FUNCTION_PTR_T -typedef void (*function_ptr_t)(mach_port_t, char *, mach_msg_type_number_t); -typedef struct { - char *name; - function_ptr_t function; -} function_table_entry; -typedef function_table_entry *function_table_t; -#endif /* FUNCTION_PTR_T */ -#endif /* AUTOTEST */ - -#ifndef notify_MSG_COUNT -#define notify_MSG_COUNT 9 -#endif /* notify_MSG_COUNT */ - -#include - -#ifdef __BeforeMigUserHeader -__BeforeMigUserHeader -#endif /* __BeforeMigUserHeader */ - - -/* SimpleRoutine mach_notify_port_deleted */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t mach_notify_port_deleted -( - mach_port_t notify, - mach_port_name_t name -); - -/* SimpleRoutine mach_notify_port_destroyed */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t mach_notify_port_destroyed -( - mach_port_t notify, - mach_port_t rights, - mach_msg_type_name_t rightsPoly -); - -/* SimpleRoutine mach_notify_no_senders */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t mach_notify_no_senders -( - mach_port_t notify, - mach_port_mscount_t mscount -); - -/* SimpleRoutine mach_notify_send_once */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t mach_notify_send_once -( - mach_port_t notify -); - -/* SimpleRoutine mach_notify_dead_name */ -#ifdef mig_external -mig_external -#else -extern -#endif /* mig_external */ -kern_return_t mach_notify_dead_name -( - mach_port_t notify, - mach_port_name_t name -); - -#ifndef subsystem_to_name_map_notify -#define subsystem_to_name_map_notify \ - { "mach_notify_port_deleted", 65 },\ - { "mach_notify_port_destroyed", 69 },\ - { "mach_notify_no_senders", 70 },\ - { "mach_notify_send_once", 71 },\ - { "mach_notify_dead_name", 72 } -#endif - -#ifdef __AfterMigUserHeader -__AfterMigUserHeader -#endif /* __AfterMigUserHeader */ - -#endif /* _notify_user_ */ diff --git a/cdsa/cdsa_utilities/machrunloopserver.cpp b/cdsa/cdsa_utilities/machrunloopserver.cpp deleted file mode 100644 index cf860dbf..00000000 --- a/cdsa/cdsa_utilities/machrunloopserver.cpp +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// machrunloopserver - C++ shell for writing Mach 3 servers called by CFRunLoop -// -#include "machrunloopserver.h" -#include -#include -#include - - -namespace Security { -namespace MachPlusPlus { - - -// -// Generic Mach server -// -MachRunLoopServer::MachRunLoopServer(const char *name) : MachServer(name) -{ -} - -MachRunLoopServer::MachRunLoopServer(const char *name, const Bootstrap &boot) -: MachServer(name, boot) -{ -} - -void MachRunLoopServer::run(size_t bufferSize, mach_msg_options_t options) -{ - // allocate reply buffer (well, try) - replyBuffer = CssmAllocator::standard().malloc(bufferSize); - - // Now do the CFRunLoop tango... - runLoop = CFRunLoopGetCurrent(); - CFRef cfPort = CFMachPortCreateWithPort(NULL, mServerPort, cfCallback, - NULL, NULL); - runLoopSource = - CFMachPortCreateRunLoopSource(NULL, cfPort, 10); //@@@ no idea what order is good - if (!runLoop || !runLoopSource || !cfPort) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); //@@@ $#!!& CF non-diagnostics! - CFRunLoopAddSource(runLoop, runLoopSource, kCFRunLoopDefaultMode); - - // we are it! - perThread().server = this; -} - -MachRunLoopServer::~MachRunLoopServer() -{ - // remove our runloop source - CFRunLoopRemoveSource(runLoop, runLoopSource, kCFRunLoopDefaultMode); - CFRelease(runLoopSource); - - // delete the reply buffer - CssmAllocator::standard().free(replyBuffer); - - // no longer tagged - perThread().server = NULL; - - // our MachServer parent class will clean up the ports and deregister from our bootstrap -} - - -// -// Block/unblock new request reception to serialize the request queue -// -void MachRunLoopServer::blockNewRequests(bool block) -{ - if (block) { - CFRunLoopRemoveSource(runLoop, runLoopSource, kCFRunLoopDefaultMode); - secdebug("machsrv", "disabled request reception"); - } else { - CFRunLoopAddSource(runLoop, runLoopSource, kCFRunLoopDefaultMode); - secdebug("machsrv", "enabled request reception"); - } -} - - -// -// Add secondary ports to receive on -// -void MachRunLoopServer::alsoListenOn(Port port) -{ - CFRef cfPort = CFMachPortCreateWithPort(NULL, port, cfCallback, - NULL, NULL); - CFRef source = - CFMachPortCreateRunLoopSource(NULL, cfPort, 10); //@@@ no idea what order is good - CFRunLoopAddSource(runLoop, source, kCFRunLoopDefaultMode); - secdebug("machsrv", "also receiving from port %d", port.port()); -} - -void MachRunLoopServer::stopListenOn(Port port) -{ - CFRef cfPort = CFMachPortCreateWithPort(NULL, port, cfCallback, - NULL, NULL); - CFRef source = - CFMachPortCreateRunLoopSource(NULL, cfPort, 10); //@@@ no idea what order is good - CFRunLoopRemoveSource(runLoop, source, kCFRunLoopDefaultMode); - secdebug("machsrv", "no longer receiving from port %d", port.port()); -} - - -// -// Handle dead-port notifications. -// Since we don't actually run our own runloop here, we can't well use standard -// notifications to our own server port. So we use a CFMachPort facility instead. -// -void MachRunLoopServer::notifyIfDead(Port port) const -{ - //@@@ not clear how to deal with CFRetainCount of cfPort here - // will CF clean up the cfPort when it dies? Or do we have to keep a set? - CFMachPortRef cfPort = CFMachPortCreateWithPort(NULL, port, NULL, NULL, NULL); - if (cfPort != NULL) // check to make sure that we got a valid port reference back - { - CFMachPortSetInvalidationCallBack(cfPort, cfInvalidateCallback); - } -} - -void MachRunLoopServer::cfInvalidateCallback(CFMachPortRef cfPort, void *) -{ - active().notifyDeadName(CFMachPortGetPort(cfPort)); -} - - -// -// The callback triggered from CFRunLoop -// -void MachRunLoopServer::cfCallback(CFMachPortRef port, void *msg, CFIndex, void *) -{ - active().oneRequest(reinterpret_cast(msg)); -} - -void MachRunLoopServer::oneRequest(mach_msg_header_t *request) -{ - if (!handle(request, replyBuffer)) { - // MIG dispatch did not recognize the request. Ignore/Retry/Fail? :-) - //@@@ Should send an error reply back here, I suppose. Later... - secdebug("machrls", "MachRunLoopServer dispatch failed"); - return; - } - - // MIG dispatch handled the call. Send reply back to caller. - // This boilerplate stolen from mach_msg_server, since MIG can't seem to - // generate send-only code for replies (without explicit simpleroutines). - if (IFDEBUG(kern_return_t err =) mach_msg_overwrite(replyBuffer, - (MACH_MSGH_BITS_REMOTE(replyBuffer->msgh_bits) == MACH_MSG_TYPE_MOVE_SEND_ONCE) ? - MACH_SEND_MSG : MACH_SEND_MSG|MACH_SEND_TIMEOUT, - replyBuffer->msgh_size, 0, MACH_PORT_NULL, - 0, MACH_PORT_NULL, (mach_msg_header_t *) 0, 0)) { - //@@@ should at least clean up resources here, I suppose. - secdebug("machsrv", "RunloopServer cannot post reply: %s", mach_error_string(err)); - active().releaseDeferredAllocations(); - return; - } - active().releaseDeferredAllocations(); - return; -} - - -} // end namespace MachPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/machrunloopserver.h b/cdsa/cdsa_utilities/machrunloopserver.h deleted file mode 100644 index d0ba5fd9..00000000 --- a/cdsa/cdsa_utilities/machrunloopserver.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// machrunloopserver - C++ shell for writing Mach 3 servers called by CFRunLoop. -// -// Note that this is a subclass of MachServer and tries to preserve its interface, -// so you can switch back-and-forth between them with a minimum of fuss. -// Timers are not currently implemented; they're not that hard to add if you need them. -// -#ifndef _H_MACHRUNLOOPSERVER -#define _H_MACHRUNLOOPSERVER - -#include -#include -#include - - -namespace Security -{ - -namespace MachPlusPlus -{ - -// -// Mach server object -// -class MachRunLoopServer : public MachServer { -public: - MachRunLoopServer(const char *name); - MachRunLoopServer(const char *name, const Bootstrap &boot); - virtual ~MachRunLoopServer(); - - void run(size_t maxSize = 4096, mach_msg_options_t options = 0); - - static MachRunLoopServer &active() - { return safer_cast(MachServer::active()); } - - void notifyIfDead(Port port) const; - - void blockNewRequests(bool block = true); - - void alsoListenOn(Port port); - void stopListenOn(Port port); - -protected: - void setup(const char *name, size_t bufferSize); - static void cfCallback(CFMachPortRef port, void *msg, CFIndex size, void *info); - static void cfInvalidateCallback(CFMachPortRef port, void *info); - void oneRequest(mach_msg_header_t *request); - -private: - CFRunLoopRef runLoop; - CFRunLoopSourceRef runLoopSource; - - mach_msg_header_t *replyBuffer; -}; - - -} // end namespace MachPlusPlus - -} // end namespace Security - -#endif //_H_MACHRUNLOOPSERVER diff --git a/cdsa/cdsa_utilities/machserver.cpp b/cdsa/cdsa_utilities/machserver.cpp deleted file mode 100644 index 80db1fd5..00000000 --- a/cdsa/cdsa_utilities/machserver.cpp +++ /dev/null @@ -1,510 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// machserver - C++ shell for writing Mach 3 servers -// -#include "machserver.h" -#include -#include -#include -#include -#include "mach_notify.h" -#include - -#if defined(USECFCURRENTTIME) -# include -#else -# include -#endif - -namespace Security { -namespace MachPlusPlus { - - -// -// Global per-thread information -// -ModuleNexus< ThreadNexus > MachServer::thread; - - -// -// Create a server object. -// The resulting object is not "active", and any number of server objects -// can be in this "prepared" state at the same time. -// -MachServer::MachServer(const char *name) -: mServerPort(name, bootstrap) -{ setup(name); } - -MachServer::MachServer(const char *name, const Bootstrap &boot) -: bootstrap(boot), mServerPort(name, bootstrap) -{ setup(name); } - -void MachServer::setup(const char *name) -{ - secdebug("machsrv", "%p preparing service for \"%s\"", this, name); - workerTimeout = 60 * 2; // 2 minutes default timeout - maxWorkerCount = 100; // sanity check limit - - mPortSet += mServerPort; -} - -MachServer::~MachServer() -{ - // The ReceivePort members will clean themselves up. - // The bootstrap server will clear us from its map when our receive port dies. - secdebug("machsrv", "%p destroyed", this); -} - - -// -// Add and remove extra listening ports. -// Messages directed to those ports are dispatched through the main handler. -// To get automatic call-out to another handler, use the Handler class. -// -void MachServer::add(Port receiver) -{ - secdebug("machsrv", "adding port %d to primary dispatch", receiver.port()); - mPortSet += receiver; -} - -void MachServer::remove(Port receiver) -{ - secdebug("machsrv", "removing port %d from primary dispatch", receiver.port()); - mPortSet -= receiver; -} - - -// -// Register for mach port notifications -// -void MachServer::notifyIfDead(Port port, bool doNotify) const -{ - if (doNotify) - port.requestNotify(mServerPort, MACH_NOTIFY_DEAD_NAME, true); - else - port.cancelNotify(MACH_NOTIFY_DEAD_NAME); -} - -void MachServer::notifyIfUnused(Port port, bool doNotify) const -{ - if (doNotify) - port.requestNotify(port, MACH_NOTIFY_NO_SENDERS, true); - else - port.cancelNotify(MACH_NOTIFY_NO_SENDERS); -} - - -// -// Initiate service. -// This call will take control of the current thread and use it to service -// incoming requests. The thread will not be released until an error happens, which -// will cause an exception to be thrown. In other words, this never returns normally. -// We may also be creating additional threads to service concurrent requests -// as appropriate. -// @@@ Msg-errors in additional threads are not acted upon. -// -void MachServer::run(size_t maxSize, mach_msg_options_t options) -{ - // establish server-global (thread-shared) parameters - mMaxSize = maxSize; - mMsgOptions = options; - - // establish the thread pool state - // (don't need managerLock since we're the only thread as of yet) - idleCount = workerCount = 1; - nextCheckTime = Time::now() + workerTimeout; - leastIdleWorkers = 1; - highestWorkerCount = 1; - - // run server loop in initial (immortal) thread - runServerThread(false); - - // primary server thread exited somehow (not currently possible) - assert(false); -} - - -// -// This is the core of a server thread at work. It takes over the thread until -// (a) an error occurs, throwing an exception -// (b) low-load timeout happens, causing a normal return (doTimeout only) -// This code is loosely based on mach_msg_server.c, but is drifting away for -// various reasons of flexibility and resilience. -// -extern "C" boolean_t cdsa_notify_server(mach_msg_header_t *in, mach_msg_header_t *out); - -void MachServer::runServerThread(bool doTimeout) -{ - // allocate request/reply buffers - Message bufRequest(mMaxSize); - Message bufReply(mMaxSize); - - // all exits from runServerThread are through exceptions - try { - // register as a worker thread - secdebug("machsrv", "%p starting service on port %d", this, int(mServerPort)); - perThread().server = this; - - for (;;) { - // process all pending timers - while (processTimer()) ; - - // check for worker idle timeout - { StLock _(managerLock); - // record idle thread low-water mark in scan interval - if (idleCount < leastIdleWorkers) - leastIdleWorkers = idleCount; - - // perform self-timeout processing - if (doTimeout) { - if (workerCount > maxWorkerCount) { - secdebug("machsrv", "%p too many threads; reaping immediately", this); - break; - } - Time::Absolute rightNow = Time::now(); - if (rightNow >= nextCheckTime) { // reaping period complete; process - uint32 idlers = leastIdleWorkers; - secdebug("machsrv", "%p end of reaping period: %ld (min) idle of %ld total", - this, idlers, workerCount); - nextCheckTime = rightNow + workerTimeout; - leastIdleWorkers = INT_MAX; - if (idlers > 1) - break; - } - } - } - - // release deferred-release memory - releaseDeferredAllocations(); - - // determine next timeout, or zero for infinity - bool indefinite = false; - Time::Interval timeout; - { StLock _(managerLock); - if (timers.empty()) { - if (doTimeout) - timeout = workerTimeout; - else - indefinite = true; - } else { - timeout = doTimeout - ? min(workerTimeout, timers.next() - Time::now()) - : timers.next() - Time::now(); - } - } - - // receive next IPC request (or wait for timeout) - switch (mach_msg_return_t mr = indefinite ? - mach_msg_overwrite(bufRequest, - MACH_RCV_MSG | mMsgOptions, - 0, mMaxSize, mPortSet, - MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL, - (mach_msg_header_t *) 0, 0) - : - mach_msg_overwrite(bufRequest, - MACH_RCV_MSG | MACH_RCV_TIMEOUT | mMsgOptions, - 0, mMaxSize, mPortSet, - mach_msg_timeout_t(timeout.mSeconds()), MACH_PORT_NULL, - (mach_msg_header_t *) 0, 0)) { - case MACH_MSG_SUCCESS: - // process received request message below - break; - case MACH_RCV_TIMED_OUT: - // back to top for time-related processing - continue; - case MACH_RCV_TOO_LARGE: - // the kernel destroyed the request - continue; - case MACH_RCV_INTERRUPTED: - // receive interrupted, try again - continue; - default: - Error::throwMe(mr); - } - - // process received message - if (bufRequest.msgId() >= MACH_NOTIFY_FIRST && - bufRequest.msgId() <= MACH_NOTIFY_LAST) { - // mach kernel notification message - // we assume this is quick, so no thread arbitration here - cdsa_notify_server(bufRequest, bufReply); - } else { - // normal request message - { StLock _(managerLock); idleCount--; } - secdebug("machsrvreq", - "servicing port %d request id=%d", - bufRequest.localPort().port(), bufRequest.msgId()); - - // try subsidiary handlers first - bool handled = false; - for (HandlerSet::const_iterator it = mHandlers.begin(); - it != mHandlers.end(); it++) - if (bufRequest.localPort() == (*it)->port()) { - (*it)->handle(bufRequest, bufReply); - handled = true; - } - if (!handled) { - // unclaimed, send to main handler - handle(bufRequest, bufReply); - } - - secdebug("machsrvreq", "request complete"); - { StLock _(managerLock); idleCount++; } - } - - // process reply generated by handler - if (!(bufReply.bits() & MACH_MSGH_BITS_COMPLEX) && - bufReply.returnCode() != KERN_SUCCESS) { - if (bufReply.returnCode() == MIG_NO_REPLY) - continue; - // don't destroy the reply port right, so we can send an error message - bufRequest.remotePort(MACH_PORT_NULL); - mach_msg_destroy(bufRequest); - } - - if (bufReply.remotePort() == MACH_PORT_NULL) { - // no reply port, so destroy the reply - if (bufReply.bits() & MACH_MSGH_BITS_COMPLEX) - bufReply.destroy(); - continue; - } - - /* - * We don't want to block indefinitely because the client - * isn't receiving messages from the reply port. - * If we have a send-once right for the reply port, then - * this isn't a concern because the send won't block. - * If we have a send right, we need to use MACH_SEND_TIMEOUT. - * To avoid falling off the kernel's fast RPC path unnecessarily, - * we only supply MACH_SEND_TIMEOUT when absolutely necessary. - */ - switch (mach_msg_return_t mr = mach_msg_overwrite(bufReply, - (MACH_MSGH_BITS_REMOTE(bufReply.bits()) == - MACH_MSG_TYPE_MOVE_SEND_ONCE) ? - MACH_SEND_MSG | mMsgOptions : - MACH_SEND_MSG | MACH_SEND_TIMEOUT | mMsgOptions, - bufReply.length(), 0, MACH_PORT_NULL, - 0, MACH_PORT_NULL, NULL, 0)) { - case MACH_MSG_SUCCESS: - break; - case MACH_SEND_INVALID_DEST: - case MACH_SEND_TIMED_OUT: - /* the reply can't be delivered, so destroy it */ - mach_msg_destroy(bufRequest); - break; - default: - Error::throwMe(mr); - } - } - perThread().server = NULL; - secdebug("machsrv", "%p ending service on port %d", this, int(mServerPort)); - - } catch (...) { - perThread().server = NULL; - secdebug("machsrv", "%p aborted by exception (port %d)", this, int(mServerPort)); - throw; - } -} - - -// -// Manage subsidiary ports -// -void MachServer::add(Handler &handler) -{ - assert(mHandlers.find(&handler) == mHandlers.end()); - assert(handler.port() != MACH_PORT_NULL); - mHandlers.insert(&handler); - mPortSet += handler.port(); -} - -void MachServer::remove(Handler &handler) -{ - assert(mHandlers.find(&handler) != mHandlers.end()); - mHandlers.erase(&handler); - mPortSet -= handler.port(); -} - - -// -// Implement a Handler that sends no reply -// -boolean_t MachServer::NoReplyHandler::handle(mach_msg_header_t *in, mach_msg_header_t *out) -{ - // set up reply message to be valid (enough) and read "do not send reply" - out->msgh_bits = 0; - out->msgh_remote_port = MACH_PORT_NULL; - out->msgh_size = sizeof(mig_reply_error_t); - ((mig_reply_error_t *)out)->RetCode = MIG_NO_REPLY; - - // call input-only handler - return handle(in); -} - - -// -// Register a memory block for deferred release. -// -void MachServer::releaseWhenDone(CssmAllocator &alloc, void *memory) -{ - if (memory) { - set &releaseSet = perThread().deferredAllocations; - assert(releaseSet.find(Allocation(memory, alloc)) == releaseSet.end()); - secdebug("machsrvmem", "%p register %p for release with %p", - this, memory, &alloc); - releaseSet.insert(Allocation(memory, alloc)); - } -} - - -// -// Run through the accumulated deferred allocations and release them. -// This is done automatically on every pass through the server loop; -// it must be called by subclasses that implement their loop in some -// other way. -// @@@X Needs to be thread local -// -void MachServer::releaseDeferredAllocations() -{ - set &releaseSet = perThread().deferredAllocations; - for (set::iterator it = releaseSet.begin(); it != releaseSet.end(); it++) { - secdebug("machsrvmem", "%p release %p with %p", this, it->addr, it->allocator); - it->allocator->free(it->addr); - } - releaseSet.erase(releaseSet.begin(), releaseSet.end()); -} - - -// -// The handler function calls this if it realizes that it might be blocked -// (or doing something that takes a long time). We respond by ensuring that -// at least one more thread is ready to serve requests. -// -void MachServer::longTermActivity() -{ - StLock _(managerLock); - if (idleCount == 0 && workerCount < maxWorkerCount) { - // spawn a new thread of activity that shares in the server main loop - (new LoadThread(*this))->run(); - } -} - -void MachServer::LoadThread::action() -{ - //@@@ race condition?! can server exit before helpers thread gets here? - - // register the worker thread and go - server.addThread(this); - try { - server.runServerThread(true); - } catch (...) { - // fell out of server loop by error. Let the thread go quietly - } - server.removeThread(this); -} - -void MachServer::addThread(Thread *thread) -{ - StLock _(managerLock); - workerCount++; - idleCount++; - secdebug("machsrv", "%p adding worker thread (%ld workers, %ld idle)", - this, workerCount, idleCount); - workers.insert(thread); -} - -void MachServer::removeThread(Thread *thread) -{ - StLock _(managerLock); - workerCount--; - idleCount--; - secdebug("machsrv", "%p removing worker thread (%ld workers, %ld idle)", - this, workerCount, idleCount); - workers.erase(thread); -} - - -// -// Timer management -// -bool MachServer::processTimer() -{ - Timer *top; - { StLock _(managerLock); // could have multiple threads trying this - if (!(top = static_cast(timers.pop(Time::now())))) - return false; // nothing (more) to be done now - } // drop lock; work has been retrieved - secdebug("machsrvtime", "%p timer %p executing at %.3f", - this, top, Time::now().internalForm()); - try { - top->action(); - secdebug("machsrvtime", "%p timer %p done", this, top); - } catch (...) { - secdebug("machsrvtime", "%p server timer %p failed with exception", this, top); - } - return true; -} - -void MachServer::setTimer(Timer *timer, Time::Absolute when) -{ - StLock _(managerLock); - timers.schedule(timer, when); -} - -void MachServer::clearTimer(Timer *timer) -{ - StLock _(managerLock); - if (timer->scheduled()) - timers.unschedule(timer); -} - - -// -// Notification hooks and shims. Defaults do nothing. -// -void cdsa_mach_notify_dead_name(mach_port_t, mach_port_name_t port) -{ MachServer::active().notifyDeadName(port); } - -void MachServer::notifyDeadName(Port) { } - -void cdsa_mach_notify_port_deleted(mach_port_t, mach_port_name_t port) -{ MachServer::active().notifyPortDeleted(port); } - -void MachServer::notifyPortDeleted(Port) { } - -void cdsa_mach_notify_port_destroyed(mach_port_t, mach_port_name_t port) -{ MachServer::active().notifyPortDestroyed(port); } - -void MachServer::notifyPortDestroyed(Port) { } - -void cdsa_mach_notify_send_once(mach_port_t port) -{ MachServer::active().notifySendOnce(port); } - -void MachServer::notifySendOnce(Port) { } - -void cdsa_mach_notify_no_senders(mach_port_t port, mach_port_mscount_t count) -{ MachServer::active().notifyNoSenders(port, count); } - -void MachServer::notifyNoSenders(Port, mach_port_mscount_t) { } - - -} // end namespace MachPlusPlus - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/machserver.h b/cdsa/cdsa_utilities/machserver.h deleted file mode 100644 index efce226b..00000000 --- a/cdsa/cdsa_utilities/machserver.h +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// machserver - C++ shell for writing Mach 3 servers -// -#ifndef _H_MACHSERVER -#define _H_MACHSERVER - -#include -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace MachPlusPlus { - - -extern "C" { - void cdsa_mach_notify_dead_name(mach_port_t, mach_port_name_t port); - void cdsa_mach_notify_port_destroyed(mach_port_t, mach_port_name_t port); - void cdsa_mach_notify_port_deleted(mach_port_t, mach_port_name_t port); - void cdsa_mach_notify_send_once(mach_port_t); - void cdsa_mach_notify_no_senders(mach_port_t, mach_port_mscount_t); -}; - - -// -// Mach server object -// -class MachServer { - class LoadThread; friend class LoadThread; - -protected: - struct Allocation { - void *addr; - CssmAllocator *allocator; - Allocation(void *p, CssmAllocator &alloc) : addr(p), allocator(&alloc) { } - bool operator < (const Allocation &other) const - { return addr < other.addr || (addr == other.addr && allocator < other.allocator); } - }; - -protected: - struct PerThread { - MachServer *server; - set deferredAllocations; - - PerThread() : server(NULL) { } - }; - static ModuleNexus< ThreadNexus > thread; - static PerThread &perThread() { return thread()(); } - -public: - MachServer(const char *name); - MachServer(const char *name, const Bootstrap &bootstrap); - virtual ~MachServer(); - - void run(size_t maxSize = 4096, mach_msg_options_t options = 0); - - Time::Interval timeout() const { return workerTimeout; } - void timeout(Time::Interval t) { workerTimeout = t; } - uint32 maxThreads() const { return maxWorkerCount; } - void maxThreads(uint32 n) { maxWorkerCount = n; } - - Port primaryServicePort() const { return mServerPort; } - - // listen on additional ports (dispatching to the main handler) - void add(Port receiver); - void remove(Port receiver); - - // the currently active server in this thread (there can only be one) - static MachServer &active() - { assert(perThread().server); return *perThread().server; } - - // request port status notifications (override virtual methods below to receive) - virtual void notifyIfDead(Port port, bool doNotify = true) const; - virtual void notifyIfUnused(Port port, bool doNotify = true) const; - - // register (CssmAllocator-derived) memory to be released after reply is sent - void releaseWhenDone(CssmAllocator &alloc, void *memory); - - // call if you realize that your server method will take a long time - void longTermActivity(); - -public: - class Timer : private ScheduleQueue::Event { - friend class MachServer; - protected: - virtual ~Timer() { } - - public: - virtual void action() = 0; - - Time::Absolute when() const { return Event::when(); } - bool scheduled() const { return Event::scheduled(); } - }; - - virtual void setTimer(Timer *timer, Time::Absolute when); - void setTimer(Timer *timer, Time::Interval offset) - { setTimer(timer, Time::now() + offset); } - - virtual void clearTimer(Timer *timer); - -public: - class Handler { - public: - Handler(mach_port_t p) : mPort(p) { } - Handler() : mPort(MACH_PORT_NULL) { } - - mach_port_t port() const { return mPort; } - - virtual boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out) = 0; - - protected: - void port(mach_port_t p) { assert(mPort == MACH_PORT_NULL); mPort = p; } - - private: - mach_port_t mPort; - }; - - class NoReplyHandler : public Handler { - public: - virtual boolean_t handle(mach_msg_header_t *in) = 0; - - private: - boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out); - }; - - void add(Handler &handler); - void remove(Handler &handler); - -protected: - // your server dispatch function - virtual boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out) = 0; - - // override these to receive Mach-style port notifications about your clients - virtual void notifyDeadName(Port port); - virtual void notifyPortDeleted(Port port); - virtual void notifyPortDestroyed(Port port); - virtual void notifySendOnce(Port port); - virtual void notifyNoSenders(Port port, mach_port_mscount_t); - - // don't mess with this unless you know what you're doing - Bootstrap bootstrap; // bootstrap port we registered with - ReceivePort mServerPort; // port to receive requests - PortSet mPortSet; // joint receiver port set - - size_t mMaxSize; // maximum message size - mach_msg_options_t mMsgOptions; // kernel call options - - typedef set HandlerSet; - HandlerSet mHandlers; // subsidiary message port handlers - -protected: - void releaseDeferredAllocations(); - -protected: - class LoadThread : public Thread { - public: - LoadThread(MachServer &srv) : server(srv) { } - - MachServer &server; - - void action(); // code implementation - }; - - Mutex managerLock; // lock for thread-global management info below - set workers; // threads running for this server - uint32 workerCount; // number of worker threads (including primary) - uint32 maxWorkerCount; // administrative limit to workerCount - uint32 highestWorkerCount; // high water mark for workerCount - uint32 idleCount; // number of threads waiting for work - Time::Interval workerTimeout; // seconds of idle time before a worker retires - Time::Absolute nextCheckTime; // next time to check for excess threads - uint32 leastIdleWorkers; // max(idleCount) since last checkpoint - ScheduleQueue timers; - - void addThread(Thread *thread); // add thread to worker pool - void removeThread(Thread *thread); // remove thread from worker pool - bool processTimer(); // handle one due timer object, if any - -private: - static boolean_t handler(mach_msg_header_t *in, mach_msg_header_t *out); - void setup(const char *name); - void runServerThread(bool doTimeout = false); - - friend void cdsa_mach_notify_dead_name(mach_port_t, mach_port_name_t port); - friend void cdsa_mach_notify_port_destroyed(mach_port_t, mach_port_name_t port); - friend void cdsa_mach_notify_port_deleted(mach_port_t, mach_port_name_t port); - friend void cdsa_mach_notify_send_once(mach_port_t); - friend void cdsa_mach_notify_no_senders(mach_port_t, mach_port_mscount_t); -}; - - -} // end namespace MachPlusPlus -} // end namespace Security - -#endif //_H_MACHSERVER diff --git a/cdsa/cdsa_utilities/memstreams.h b/cdsa/cdsa_utilities/memstreams.h deleted file mode 100644 index 8b3bb4cf..00000000 --- a/cdsa/cdsa_utilities/memstreams.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2000-2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// memstreams - primitive memory block streaming support -// -#ifndef _H_MEMSTREAMS -#define _H_MEMSTREAMS - -#include -#include - - -namespace Security -{ - -// -// Encapsulate these very sharp tools in a separate namespace -// -namespace LowLevelMemoryUtilities -{ - - -// -// A simple utility for incremental creation of a contiguous memory block. -// -// Note that Writer and Writer::Counter go together. They use the same alignment -// and padding rules, so Writer::Counter will correctly calculate total buffer -// size for Writer, *presuming* that they are called in the same order. -// -// This layer allocates no memory; that's up to the caller (you). -// -// WARNING: There is no check for overflow. If you write too much, you will die. -// Writer::Counter can tell you how much you need. -// -class Writer { -private: - void *advance(size_t size) - { - void *here = alignUp(writePos); - writePos = increment(here, size); - return here; - } - -public: - Writer() { } - Writer(void *base) : writePos(base) { } - void operator = (void *base) { writePos = base; } - - template - T *operator () (const T &obj) - { T *here = (T *)advance(sizeof(T)); *here = obj; return here; } - - void *operator () (const void *addr, size_t size) - { void *here = advance(size); return memcpy(here, addr, size); } - - char *operator () (const char *s) - { return (char *)(*this)(s, strlen(s) + 1); } - - void countedData(const void *data, uint32 length) - { Endian temp = length; (*this)(temp); (*this)(data, length); } - - template - void countedData(const Data &data) - { countedData(data.data(), data.length()); } - - class Counter; - -private: - void *writePos; // next byte address -}; - -class Writer::Counter { -private: - void align() { totalSoFar = alignUp(totalSoFar); } - -public: - Counter() : totalSoFar(0) { } - operator size_t () { return totalSoFar; } - - template size_t operator () (const T &) { align(); return totalSoFar += sizeof(T); } - size_t insert(size_t size) { align(); return totalSoFar += size; } - size_t operator () (const char *s) { align(); return totalSoFar += strlen(s) + 1; } - - void countedData(const void *, uint32 length) - { insert(sizeof(uint32)); insert(length); } - - template - void countedData(const Data &data) - { countedData(data.data(), data.length()); } - -private: - size_t totalSoFar; // total size counted so far -}; - - -// -// The Reader counter-part for a Writer. -// Again, Reader and Writer share alignment and representation rules, so what was -// Written shall be Read again, just fine. -// -class Reader { -private: - const void *advance(size_t size = 0) - { - const void *here = alignUp(readPos); - readPos = increment(here, size); - return here; - } - -public: - Reader() { } - Reader(const void *base) : readPos(base) { } - void operator = (const void *base) { readPos = base; } - - template - void operator () (T &obj) { obj = *reinterpret_cast(advance(sizeof(T))); } - void operator () (void *addr, size_t size) { memcpy(addr, advance(size), size); } - void operator () (const char * &s) - { s = reinterpret_cast(advance()); advance(strlen(s) + 1); } - template - const T *get(size_t size) - { return reinterpret_cast(advance(size)); } - - void countedData(const void * &data, uint32 &length) - { Endian temp; (*this)(temp); length = temp; data = advance(length); } - -private: - // Explicitly forbid some invocations that are likely to be wrong. - void operator () (char * &s); // can't get writable string in-place - -private: - const void *readPos; // next byte address -}; - - -} // end namespace LowLevelMemoryUtilities - -} // end namespace Security - -#endif //_H_MEMUTILS diff --git a/cdsa/cdsa_utilities/memutils.h b/cdsa/cdsa_utilities/memutils.h deleted file mode 100644 index ff7e10ad..00000000 --- a/cdsa/cdsa_utilities/memutils.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// memutils - memory-related low-level utilities for easier living -// -#ifndef _H_MEMUTILS -#define _H_MEMUTILS - -#include -#include -#include - - -namespace Security -{ - -// -// Encapsulate these very sharp tools in a separate namespace -// -namespace LowLevelMemoryUtilities -{ - - -// -// The default system alignment. -// @@@ We should really get this from somewhere... probably from utility_config.h. -// -static const size_t systemAlignment = 4; -typedef UInt32 PointerInt; - - -// -// Get the local alignment for a type. -// -template -inline size_t alignof() { struct { char c; T t; } s; return sizeof(s) - sizeof(T); } - - -// -// Round up a size or pointer to an alignment boundary. -// Alignment must be a power of two; default is default alignment. -// -inline size_t alignUp(size_t size, size_t alignment = systemAlignment) -{ - return ((size - 1) & ~(alignment - 1)) + alignment; -} - -inline void *alignUp(void *p, size_t alignment = systemAlignment) -{ - return reinterpret_cast(alignUp(PointerInt(p), alignment)); -} - -inline const void *alignUp(const void *p, size_t alignment = systemAlignment) -{ - return reinterpret_cast(alignUp(PointerInt(p), alignment)); -} - -template -inline const T *increment(const void *p, ptrdiff_t offset) -{ return reinterpret_cast(PointerInt(p) + offset); } - -template -inline T *increment(void *p, ptrdiff_t offset) -{ return reinterpret_cast(PointerInt(p) + offset); } - -inline const void *increment(const void *p, ptrdiff_t offset) -{ return increment(p, offset); } - -inline void *increment(void *p, ptrdiff_t offset) -{ return increment(p, offset); } - -template -inline const T *increment(const void *p, ptrdiff_t offset, size_t alignment) -{ return increment(alignUp(p, alignment), offset); } - -template -inline T *increment(void *p, ptrdiff_t offset, size_t alignment) -{ return increment(alignUp(p, alignment), offset); } - -inline const void *increment(const void *p, ptrdiff_t offset, size_t alignment) -{ return increment(p, offset, alignment); } - -inline void *increment(void *p, ptrdiff_t offset, size_t alignment) -{ return increment(p, offset, alignment); } - -inline ptrdiff_t difference(const void *p1, const void *p2) -{ return PointerInt(p1) - PointerInt(p2); } - - -} // end namespace LowLevelMemoryUtilities - -} // end namespace Security - -#endif //_H_MEMUTILS diff --git a/cdsa/cdsa_utilities/os9utils.cpp b/cdsa/cdsa_utilities/os9utils.cpp deleted file mode 100644 index 086a0558..00000000 --- a/cdsa/cdsa_utilities/os9utils.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// os9utils - MacOS 9 specific utilities -// -#if defined(__MWERKS__) -#define _CPP_OS9UTILS -#endif -#include -#if TARGET_API_MAC_OS8 - -#include - - - - - -#endif // OS 8/9 diff --git a/cdsa/cdsa_utilities/os9utils.h b/cdsa/cdsa_utilities/os9utils.h deleted file mode 100644 index 9b729fe4..00000000 --- a/cdsa/cdsa_utilities/os9utils.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// os9utils - MacOS 9 specific utilities -// -#ifndef _H_OS9UTILS -#define _H_OS9UTILS - -#include -#if TARGET_API_MAC_OS8 - -#include -#include - - -namespace Security -{ - -namespace MacOS9Utilities -{ - - -// -// A temporary or in-place Str255 constructed from other string forms -// -class PString { -public: - PString(const char *s) { set(s, strlen(s)); } - PString(string s) { set(s.data(), s.size()); } - operator const unsigned char * () const { return mString; } - -private: - Str255 mString; - void set(const char *str, int size) - { - if (size > 255) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - mString[0] = size; - memcpy(mString+1, str, size); - } -}; - - -// -// Make an STL string from a Pascal string -// -inline string p2cString(StringPtr s) -{ - return string(reinterpret_cast(s + 1), s[0]); -} - - -} // end namespace MacOS9Utilities - -} // end namespace Security - -#endif // OS 8/9 -#endif //_H_OS9UTILS diff --git a/cdsa/cdsa_utilities/osxsigning.cpp b/cdsa/cdsa_utilities/osxsigning.cpp deleted file mode 100644 index 7401bb15..00000000 --- a/cdsa/cdsa_utilities/osxsigning.cpp +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// osxsigning - MacOS X's standard signable objects. -// -#include -#include -#include -#include -#include -#include -#include -#include - - -namespace Security -{ - -namespace CodeSigning -{ - -// -// Enumerate a single file on disk. -// -void OSXCode::scanFile(const char *pathname, Signer::State &state) -{ - // open the file (well, try) - int fd = open(pathname, O_RDONLY); - if (fd < 0) - UnixError::throwMe(); - - // how big is it? - struct stat st; - if (fstat(fd, &st)) { - close(fd); - UnixError::throwMe(); - } -#if defined(LIMITED_SIGNING) - if (st.st_size >= 0x4000) - st.st_size = 0x4000; -#endif - - // map it - void *p = mmap(NULL, st.st_size, PROT_READ, MAP_FILE, fd, 0); - close(fd); // done with this either way - if (p == MAP_FAILED) - UnixError::throwMe(); - - // scan it - secdebug("codesign", "scanning file %s (%ld bytes)", pathname, long(st.st_size)); - state.enumerateContents(p, st.st_size); - - // unmap it (ignore error) - munmap(p, st.st_size); -} - - -// -// Use prefix encoding for externalizing OSXCode objects -// -OSXCode *OSXCode::decode(const char *extForm) -{ - if (!extForm || !extForm[0] || extForm[1] != ':') - return NULL; - switch (extForm[0]) { - case 't': - return new ExecutableTool(extForm+2); - case 'b': - return new GenericBundle(extForm+2); - default: - return NULL; - } -} - - -// -// Produce a Signable for the currently running application -// -OSXCode *OSXCode::main() -{ - //@@@ cache the main bundle? - if (CFBundleRef mainBundle = CFBundleGetMainBundle()) { - CFRef base = CFBundleCopyBundleURL(mainBundle); - CFRef resources(CFBundleCopyResourcesDirectoryURL(mainBundle)); - if (base && resources && !CFEqual(resources, base)) { - // assume this is a real bundle - return new ApplicationBundle(getPath(CFBundleCopyBundleURL(mainBundle)).c_str()); - } - - // too weird; assume this is a single-file "tool" executable - return new ExecutableTool(getPath(CFBundleCopyExecutableURL(mainBundle)).c_str()); - } - // CF gives no error indications... - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); -} - - -// Note: The public CFURLCopyFileSystemPath fails to resolve relative URLs as -// produced by CFURL methods. We need to call an internal(!) method of CF to get -// the full path. -extern "C" CFStringRef CFURLCreateStringWithFileSystemPath(CFAllocatorRef allocator, - CFURLRef anURL, CFURLPathStyle fsType, Boolean resolveAgainstBase); - -string OSXCode::getPath(CFURLRef url) -{ - if (url == NULL) - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); // source CF call failed - - CFRef str(CFURLCreateStringWithFileSystemPath(NULL, - url, kCFURLPOSIXPathStyle, true)); - CFRelease(url); - if (str) { - char path[PATH_MAX]; - if (CFStringGetCString(str, path, PATH_MAX, kCFStringEncodingUTF8)) - return path; - } - // no error indications from CF... - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); -} - - -// -// Produce a Signable for whatever is at a given path. -// This tries to guess at the type of Signable to be used. -// If you *know*, just create the suitable subclass directly. -// -OSXCode *OSXCode::at(const char *path) -{ - struct stat st; - if (stat(path, &st)) - UnixError::throwMe(); - if ((st.st_mode & S_IFMT) == S_IFDIR) { // directory - assume bundle - return new GenericBundle(path); - } else { - // look for .../Contents/MacOS/ - if (const char *slash = strrchr(path, '/')) - if (const char *contents = strstr(path, "/Contents/MacOS/")) - if (contents + 15 == slash) - return new GenericBundle(string(path).substr(0, contents-path).c_str()); - // assume tool (single executable) - return new ExecutableTool(path); - } -} - - -// -// Executable Tools -// -void ExecutableTool::scanContents(Signer::State &state) const -{ - scanFile(mPath.c_str(), state); -} - -string ExecutableTool::encode() const -{ - return "t:" + mPath; -} - -string ExecutableTool::canonicalPath() const -{ - return path(); -} - - -// -// Generic Bundles -// -GenericBundle::GenericBundle(const char *path) : mPath(path) -{ - CFRef url(CFURLCreateFromFileSystemRepresentation(NULL, - (const UInt8 *)path, strlen(path), true)); - if (!url || !(mBundle = CFBundleCreate(NULL, url))) - CssmError::throwMe(CSSMERR_CSSM_ADDIN_LOAD_FAILED); -} - -GenericBundle::~GenericBundle() -{ - CFRelease(mBundle); -} - - -void GenericBundle::scanContents(Signer::State &state) const -{ - scanFile(executablePath().c_str(), state); -} - -string GenericBundle::encode() const -{ - return "b:" + mPath; -} - -void *GenericBundle::lookupSymbol(const char *name) -{ - CFRef cfName(CFStringCreateWithCString(NULL, name, - kCFStringEncodingMacRoman)); - if (!cfName) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - void *function = CFBundleGetFunctionPointerForName(mBundle, cfName); - if (function == NULL) - CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT); - return function; -} - -string GenericBundle::canonicalPath() const -{ - return path(); -} - - -// -// Load management for a loadable bundle -// -void LoadableBundle::load() -{ - if (!CFBundleLoadExecutable(mBundle)) - CssmError::throwMe(CSSMERR_CSSM_ADDIN_LOAD_FAILED); - secdebug("bundle", "%p (%s) loaded", this, path().c_str()); -} - -void LoadableBundle::unload() -{ - secdebug("bundle", "%p (%s) unloaded", this, path().c_str()); - CFBundleUnloadExecutable(mBundle); -} - -bool LoadableBundle::isLoaded() const -{ - return CFBundleIsExecutableLoaded(mBundle); -} - - -}; // end namespace CodeSigning - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/osxsigning.h b/cdsa/cdsa_utilities/osxsigning.h deleted file mode 100644 index dea8dc1b..00000000 --- a/cdsa/cdsa_utilities/osxsigning.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// osxsigning - MacOS X's standard signable objects. -// -#ifndef _OSXSIGNING -#define _OSXSIGNING - -#include -#include -#include -#include -#include -#include - -#ifdef _CPP_OSXSIGNING -#pragma export on -#endif - - -namespace Security { -namespace CodeSigning { - - -// -// A Signable with OS X support calls added -// -class OSXCode : public RefCount, public Signable { -public: - // encoding and decoding as a UTF-8 string - virtual string encode() const = 0; - static OSXCode *decode(const char *extForm); - -public: - // creating OSXCode objects - static OSXCode *main(); - static OSXCode *at(const char *path); - -public: - // produce the best approximation of a path that, when handed to at(), - // will yield an OSXCode that's the most like this one - virtual string canonicalPath() const = 0; - -protected: - OSXCode() { } // nonpublic - static void scanFile(const char *pathname, Signer::State &state); // scan an entire file - static string getPath(CFURLRef url); -}; - - -// -// A simple executable tool. -// -class ExecutableTool : public OSXCode { -public: - ExecutableTool(const char *path) : mPath(path) { } - string encode() const; - - string path() const { return mPath; } - string canonicalPath() const; - -protected: - void scanContents(Signer::State &state) const; - -private: - string mPath; // UTF8 pathname to executable -}; - - -// -// A generic bundle -// -class GenericBundle : public OSXCode { -public: - GenericBundle(const char *path); - ~GenericBundle(); - - string encode() const; - - string canonicalPath() const; - string path() const { return mPath; } - string executablePath() const { return getPath(CFBundleCopyExecutableURL(mBundle)); } - - virtual void *lookupSymbol(const char *name); - -protected: - void scanContents(Signer::State &state) const; - -protected: - string mPath; // UTF8 path to bundle directory - CFBundleRef mBundle; // CF-style bundle object -}; - -class ApplicationBundle : public GenericBundle { -public: - ApplicationBundle(const char *pathname) : GenericBundle(pathname) { } -}; - -class LoadableBundle : public GenericBundle { -public: - LoadableBundle(const char *pathname) : GenericBundle(pathname) { } - - virtual bool isLoaded() const; - virtual void load(); - virtual void unload(); -}; - - -} // end namespace CodeSigning - -} // end namespace Security - -#ifdef _CPP_OSXSIGNING -#pragma export off -#endif - - -#endif //_OSXSIGNING diff --git a/cdsa/cdsa_utilities/powerwatch.cpp b/cdsa/cdsa_utilities/powerwatch.cpp deleted file mode 100644 index 69d6dd67..00000000 --- a/cdsa/cdsa_utilities/powerwatch.cpp +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// powerwatch - hook into system notifications of power events -// -#include "powerwatch.h" -#include - - -namespace Security { -namespace MachPlusPlus { - - -// -// The obligatory empty virtual destructor -// -PowerWatcher::PowerWatcher() -{ - if (!(mKernelPort = IORegisterForSystemPower(this, &mPortRef, ioCallback, &mHandle))) - UnixError::throwMe(EINVAL); // no clue -} - -PowerWatcher::~PowerWatcher() -{ - if (mKernelPort) - IODeregisterForSystemPower(&mHandle); -} - - -// -// The callback dispatcher -// -void PowerWatcher::ioCallback(void *refCon, io_service_t service, - natural_t messageType, void *argument) -{ - PowerWatcher *me = (PowerWatcher *)refCon; - enum { allow, refuse, ignore } reaction; - switch (messageType) { - case kIOMessageSystemWillSleep: - secdebug("powerwatch", "system will sleep"); - me->systemWillSleep(); - reaction = allow; - break; - case kIOMessageSystemHasPoweredOn: - secdebug("powerwatch", "system has powered on"); - me->systemIsWaking(); - reaction = ignore; - break; - case kIOMessageSystemWillPowerOff: - secdebug("powerwatch", "system will power off"); - me->systemWillPowerDown(); - reaction = allow; - break; - case kIOMessageSystemWillNotPowerOff: - secdebug("powerwatch", "system will not power off"); - reaction = ignore; - break; - case kIOMessageCanSystemSleep: - secdebug("powerwatch", "can system sleep"); - reaction = allow; - break; - case kIOMessageSystemWillNotSleep: - secdebug("powerwatch", "system will not sleep"); - reaction = ignore; - break; - case kIOMessageCanSystemPowerOff: - secdebug("powerwatch", "can system power off"); - reaction = allow; - break; - default: - secdebug("powerwatch", - "type 0x%x message received (ignored)", messageType); - reaction = ignore; - break; - } - - // handle acknowledgments - switch (reaction) { - case allow: - secdebug("powerwatch", "calling IOAllowPowerChange"); - IOAllowPowerChange(me->mKernelPort, long(argument)); - break; - case refuse: - secdebug("powerwatch", "calling IOCancelPowerChange"); - IOCancelPowerChange(me->mKernelPort, long(argument)); - break; - case ignore: - secdebug("powerwatch", "sending no response"); - break; - } -} - - -// -// The default NULL implementations of the callback virtuals. -// We define these (rather than leaving them abstract) since -// many users want only one of these events. -// -void PowerWatcher::systemWillSleep() -{ } - -void PowerWatcher::systemIsWaking() -{ } - -void PowerWatcher::systemWillPowerDown() -{ } - - -// -// The MachServer hookup -// -PortPowerWatcher::PortPowerWatcher() -{ - port(IONotificationPortGetMachPort(mPortRef)); -} - -PortPowerWatcher::~PortPowerWatcher() -{ -} - -boolean_t PortPowerWatcher::handle(mach_msg_header_t *in) -{ - IODispatchCalloutFromMessage(NULL, in, mPortRef); - return TRUE; -} - - -} // end namespace MachPlusPlus - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/powerwatch.h b/cdsa/cdsa_utilities/powerwatch.h deleted file mode 100644 index ecc5e5f7..00000000 --- a/cdsa/cdsa_utilities/powerwatch.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// powerwatch - hook into system notifications of power events -// -#ifndef _H_POWERWATCH -#define _H_POWERWATCH - -#include -#include - - -namespace Security { -namespace MachPlusPlus { - - -// -// PowerWatcher embodies the ability to respond to power events. -// By itself, it is inert - nobody will call its virtual methods. -// Use one of it subclasses, which take care of "hooking" into an -// event delivery mechanism. -// -class PowerWatcher { -public: - PowerWatcher(); - virtual ~PowerWatcher(); - -protected: - virtual void systemWillSleep(); - virtual void systemIsWaking(); - virtual void systemWillPowerDown(); - -protected: - io_connect_t mKernelPort; - IONotificationPortRef mPortRef; - io_object_t mHandle; - - static void ioCallback(void *refCon, io_service_t service, - natural_t messageType, void *argument); -}; - - -// -// Hook into a "raw" MachServer object for event delivery -// -class PortPowerWatcher : public PowerWatcher, public MachServer::NoReplyHandler { -public: - PortPowerWatcher(); - ~PortPowerWatcher(); - - boolean_t handle(mach_msg_header_t *in); -}; - - -// -// Someone should add a RunLoopPowerWatcher class here, I suppose. -// Well, if you need one: Tag, You're It! -// - - -} // end namespace MachPlusPlus - -} // end namespace Security - -#endif //_H_POWERWATCH diff --git a/cdsa/cdsa_utilities/refcount.h b/cdsa/cdsa_utilities/refcount.h deleted file mode 100644 index 02df24f3..00000000 --- a/cdsa/cdsa_utilities/refcount.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - Based on code donated by Perry Kiehtreiber - */ -#ifndef _SECURITY_REFCOUNT_H_ -#define _SECURITY_REFCOUNT_H_ - -#include - -namespace Security -{ - -// -// RefCount/RefPointer - a simple reference counting facility. -// -// To make an object reference-counted, derive it from RefCount. To track refcounted -// objects, use RefPointer, where TheType must be derived from RefCount. -// -// RefCount is thread safe - any number of threads can hold and manipulate references -// in parallel. It does however NOT protect the contents of your object - just the -// reference count itself. If you need to share your object contents, you must engage -// in appropriate locking yourself. -// -// There is no (thread safe) way to determine whether you are the only thread holding -// a pointer to a particular RefCount object. -// - - -// -// Base class for reference counted objects -// -class RefCount { -public: - RefCount() : mRefCount(0) { } - -protected: - template friend class RefPointer; - - void ref() const { ++mRefCount; } - unsigned int unref() const { return --mRefCount; } - -private: - mutable AtomicCounter mRefCount; -}; - - -// -// A pointer type supported by reference counts. -// T must be derived from RefCount. -// -template -class RefPointer { -public: - RefPointer() : ptr(0) {} // default to NULL pointer - RefPointer(const RefPointer& p) { if (p) p->ref(); ptr = p.ptr; } - RefPointer(T *p) { if (p) p->ref(); ptr = p; } - - ~RefPointer() { release(); } - - RefPointer& operator = (const RefPointer& p) { setPointer(p.ptr); return *this; } - RefPointer& operator = (T * p) { setPointer(p); return *this; } - - // dereference operations - T* get () const { return ptr; } // mimic auto_ptr - operator T * () const { return ptr; } - T * operator -> () const { return ptr; } - T & operator * () const { return *ptr; } - -protected: - void release() { if (ptr && ptr->unref() == 0) delete ptr; } - void setPointer(T *p) { if (p) p->ref(); release(); ptr = p; } - - T *ptr; -}; - -template -bool operator <(const RefPointer &r1, const RefPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 < *p2 : p1 < p2; -} - -template -bool operator ==(const RefPointer &r1, const RefPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 == *p2 : p1 == p2; -} - -template -bool operator !=(const RefPointer &r1, const RefPointer &r2) -{ - T *p1 = r1.get(), *p2 = r2.get(); - return p1 && p2 ? *p1 != *p2 : p1 != p2; -} - -} // end namespace Security - -#endif // !_SECURITY_REFCOUNT_H_ diff --git a/cdsa/cdsa_utilities/selector.cpp b/cdsa/cdsa_utilities/selector.cpp deleted file mode 100644 index da59de69..00000000 --- a/cdsa/cdsa_utilities/selector.cpp +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// selector - I/O stream multiplexing -// -#include "selector.h" -#include -#include // min/max - - -namespace Security { -namespace UnixPlusPlus { - - -// -// construct a Selector object. -// -Selector::Selector() : fdMin(INT_MAX), fdMax(-1) -{ - // initially allocate room for FD_SETSIZE file descriptors (usually good enough) - fdSetSize = FD_SETSIZE / NFDBITS; - inSet.grow(0, fdSetSize); - outSet.grow(0, fdSetSize); - errSet.grow(0, fdSetSize); -} - -Selector::~Selector() -{ } - - -// -// Add a Client to a Selector -// -void Selector::add(int fd, Client &client, Type type) -{ - // plausibility checks - assert(!client.isActive()); // one Selector per client, and no re-adding - assert(fd >= 0); - - secdebug("selector", "add client %p fd %d type=%d", &client, fd, type); - - // grow FDSets if needed - unsigned int pos = fd / NFDBITS; - if (pos >= fdSetSize) { - int newSize = (fd - 1) / NFDBITS + 2; // as much as needed + 1 spare word - inSet.grow(fdSetSize, newSize); - outSet.grow(fdSetSize, newSize); - errSet.grow(fdSetSize, newSize); - } - - // adjust boundaries - if (fd < fdMin) - fdMin = fd; - if (fd > fdMax) - fdMax = fd; - - // add client - Client * &slot = clientMap[fd]; - assert(!slot); - slot = &client; - client.mFd = fd; - client.mSelector = this; - client.mEvents = type; - set(fd, type); -} - - -// -// Remove a Client from a Selector -// -void Selector::remove(int fd) -{ - // sanity checks - assert(fd >= 0); - ClientMap::iterator it = clientMap.find(fd); - assert(it != clientMap.end()); - assert(it->second->mSelector == this); - - secdebug("selector", "remove client %p fd %d", it->second, fd); - - // remove from FDSets - set(fd, none); - - // remove client - it->second->mSelector = NULL; - clientMap.erase(it); - - // recompute fdMin/fdMax if needed - if (isEmpty()) { - fdMin = INT_MAX; - fdMax = -1; - } else if (fd == fdMin) { - fdMin = clientMap.begin()->first; - } else if (fd == fdMax) { - fdMax = clientMap.rbegin()->first; - } -} - - -// -// Adjust the FDSets for a single given Client according to a new event Type mask. -// -void Selector::set(int fd, Type type) -{ - assert(fd >= 0); - inSet.set(fd, type & input); - outSet.set(fd, type & output); - errSet.set(fd, type & critical); - secdebug("selector", "fd %d notifications 0x%x", fd, type); -} - - -void Selector::operator () () -{ - if (!clientMap.empty()) - singleStep(0); -} - - -void Selector::operator () (Time::Absolute stopTime) -{ - if (!clientMap.empty()) - singleStep(stopTime - Time::now()); -} - - -// -// Perform a single pass through the Selector and notify all clients -// that have selected I/O pending at this time. -// There is not time limit on how long this may take; if the clients -// are well written, it won't be too long. -// -void Selector::singleStep(Time::Interval maxWait) -{ - assert(!clientMap.empty()); - secdebug("selector", "select(%d) [%d-%d] for %ld clients", - fdMax + 1, fdMin, fdMax, clientMap.size()); - for (;;) { // pseudo-loop - only retries - struct timeval duration = maxWait.timevalInterval(); -#if defined(__APPLE__) - // ad-hoc fix: MacOS X's BSD rejects times of more than 100E6 seconds - if (duration.tv_sec > 100000000) - duration.tv_sec = 100000000; -#endif - const int size = FDSet::words(fdMax); // number of active words in sets - switch (int hits = ::select(fdMax + 1, - inSet.make(size), outSet.make(size), errSet.make(size), - &duration)) { - case -1: // error - if (errno == EINTR) - continue; - secdebug("selector", "select failed: errno=%d", errno); - UnixError::throwMe(); - case 0: // no events - secdebug("selector", "select returned nothing"); - return; - default: // some events - secdebug("selector", "%d pending descriptors", hits); - //@@@ This could be optimized as a word-merge scan. - //@@@ The typical case doesn't benefit from this though, though browsers might - //@@@ and integrated servers definitely would. - for (int fd = fdMin; fd <= fdMax && hits > 0; fd++) { - int types = 0; - if (inSet[fd]) types |= input; - if (outSet[fd]) types |= output; - if (errSet[fd]) types |= critical; - if (types) { - secdebug("selector", "notify fd %d client %p type %d", - fd, clientMap[fd], types); - clientMap[fd]->notify(fd, types); - hits--; - } - } - return; - } - } -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/selector.h b/cdsa/cdsa_utilities/selector.h deleted file mode 100644 index d772e189..00000000 --- a/cdsa/cdsa_utilities/selector.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// selector - I/O stream multiplexing -// -#ifndef _H_SELECTOR -#define _H_SELECTOR - -#include -#include -#include "timeflow.h" -#include -#include -#include -#include -#include - - -namespace Security { -namespace UnixPlusPlus { - - -// -// A Selector is an I/O dispatch facility that can supervise any number of "file descriptors", -// each of which can perform I/O. Obviously this is geared towards the UNIX facility. -// -class Selector { -public: - class Client; friend class Client; - - Selector(); - virtual ~Selector(); - - //@@@ preliminary interface - void operator () (); // run just once (now) - void operator () (Time::Absolute stopTime); - void operator () (Time::Interval duration) - { (*this)(Time::now() + duration); } - - typedef unsigned int Type; - static const Type none = 0x00; - static const Type input = 0x01; - static const Type output = 0x02; - static const Type critical = 0x04; - static const Type all = input | output | critical; - -public: - class Client { - public: - typedef Selector::Type Type; - friend class Selector; - - Client() : mSelector(NULL) { } - virtual void notify(int fd, Type type) = 0; - virtual ~Client() { } - - bool isActive() const { return mSelector != NULL; } - - static const Type input = Selector::input; - static const Type output = Selector::output; - static const Type critical = Selector::critical; - - protected: - void events(Type type) { mSelector->set(mFd, type); mEvents = type; } - Type events() const { return mEvents; } - - void enable(Type type) { events(events() | type); } - void disable(Type type) { events(events() & ~type); } - - template Sel &selectorAs() - { assert(mSelector); return safer_cast(*mSelector); } - - private: - int mFd; - Selector *mSelector; - Type mEvents; - }; - - void add(int fd, Client &client, Type type = all); - void remove(int fd); - bool isEmpty() const { return clientMap.empty(); } - -private: - void set(int fd, Type type); // (re)set mask for one client - - void singleStep(Time::Interval maxWait); - -private: - unsigned int fdSetSize; // number of fd_masks allocated in FDSets - int fdMin, fdMax; // highest/lowest fds in use - FDSet inSet, outSet, errSet; // current in/out/error select masks - -private: - typedef map ClientMap; - ClientMap clientMap; -}; - - -} // end namespace UnixPlusPlus -} // end namespace Security - - -#endif //_H_SELECTOR diff --git a/cdsa/cdsa_utilities/socks++.cpp b/cdsa/cdsa_utilities/socks++.cpp deleted file mode 100644 index a73a0254..00000000 --- a/cdsa/cdsa_utilities/socks++.cpp +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks - socks version of IP sockets -// -// [Also see comments in header file.] -// -// This file contains the "generic" Socks functionality. -// Socks4 and Socks5 implementations are in their separate files. -// -#include "socks++.h" -#include "socks++4.h" -#include "socks++5.h" -#include "hosts.h" - - -namespace Security { -namespace IPPlusPlus { - - -// -// Static objects -// -ModuleNexus SocksServer::global; - - -// -// Create a SocksServer object -// -SocksServer *SocksServer::make(Version version, const IPSockAddress &addr) -{ - switch (version) { - case 0: - return NULL; // no socks - case 4: - return new Socks4::Server(addr); - case 5: - return new Socks5::Server(addr); - default: - UnixError::throwMe(EINVAL); - } -} - - -// -// TCPClientSockets (CONNECT access) -// -void SocksClientSocket::open(const IPSockAddress &peer) -{ - if (mServer) { - Support::connect(*this, peer); - lastConnected(mPeerAddress.address()); - } else { - TCPClientSocket::open(peer); - } -} - -void SocksClientSocket::open(const IPAddress &addr, IPPort port) -{ - open(IPSockAddress(addr, port)); -} - -void SocksClientSocket::open(const Host &host, IPPort port) -{ - if (mServer) { - Support::connect(*this, host, port); - lastConnected(mPeerAddress.address()); - } else { - TCPClientSocket::open(host, port); - } -} - -void SocksClientSocket::setFd(int fd, const IPSockAddress &local, const IPSockAddress &peer) -{ - Socket::setFd(fd); - mLocalAddress = local; - mPeerAddress = peer; -} - - -// -// TCPServerSockets (BIND access) -// -void SocksServerSocket::open(const IPSockAddress &local, int) -{ - if (mServer) { -#if BUG_GCC - if (mConnectionPeer) - Support::bind(*this, mConnectionPeer, local.port()); - else - Support::bind(*this, lastConnected(), local.port()); -#else - Support::bind(*this, - mConnectionPeer ? mConnectionPeer : lastConnected(), - local.port()); -#endif - } else { - TCPServerSocket::open(local, 1); - } -} - -void SocksServerSocket::receive(SocksClientSocket &client) -{ - if (mServer) { - Support::receive(*this, client); - } else { - TCPServerSocket::receive(client); - } -} - - -// -// Address functions -// -IPSockAddress SocksServer::Support::localAddress(const Socket &me) const -{ - if (mServer) - return mLocalAddress; - else - return me.localAddress(); -} - -IPSockAddress SocksServer::Support::peerAddress(const Socket &me) const -{ - if (mServer) - return mPeerAddress; - else - return me.peerAddress(); -} - - -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/socks++.h b/cdsa/cdsa_utilities/socks++.h deleted file mode 100644 index 77f80387..00000000 --- a/cdsa/cdsa_utilities/socks++.h +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks - socks version of IP sockets -// -// This Socks implementation replaces the TCP-functional layer of the socket interface -// (TCPClientSocket and TCPServerSocket), not the raw Socket layer. Remember what -// Socks was invented for -- it's NOT a generic socket abstraction layer, valiant efforts -// of the various -lsocks libraries nonwithstanding. -// Do note that these are not virtual overrides, but textual replacements. -// -// This implementation supports Socks versions 4 and 5, as well as direct (un-socksed) sockets. -// The choice is per socket object. -// -// API Synopsis: -// SocksServer *server = SocksServer::make(version, IP-address); -// SocksServer::defaultServer(server); // for new sockets -// SocksClientSocket clientSocket(...); -// clientSocket.server(server); // for this socket -// SocksServerSocket serverSocket(...); // only supports .receive() -// Otherwise, Socks{Client,Server}Socket is functionally equivalent to {Client,Server}Socket. -// Sockets without a Server (explicit or by default) are direct. -// -// Minimum replacement strategy: -// #define TCPClientSocket SocksClientSocket -// #define TCPServerSocket SocksServerSocket -// SocksServer::defaultServer(SocksServer::make(...)); -// -// Limitations: -// There is no UDP Socks support. -// @@@ Nonblocking sockets may not work quite right. -// -#ifndef _H_SOCKSPLUSPLUS -#define _H_SOCKSPLUSPLUS - -#include "ip++.h" -#include -#include - - -using namespace UnixPlusPlus; - - -namespace Security { -namespace IPPlusPlus { - - -class SocksServerSocket; -class SocksClientSocket; - - -// -// A particular Socks server and version. Get one by calling SocksServer::make(). -// You can express "no socks server" (direct connect) with a NULL pointer (or version==0). -// -class SocksServer { -public: - class Support; friend class Support; - -private: - struct Global { - mutable Mutex lock; // lock for mGlobalServerAddress - SocksServer *mServer; // global default server - ThreadNexus lastConnected; // last address connected to (for aux. bind) - - Global() : mServer(NULL) { } - - void server(SocksServer *srv) { StLock _(lock); mServer = srv; } - SocksServer *server() const { StLock _(lock); return mServer; } - }; - static ModuleNexus global; // global state - -public: - typedef unsigned int Version; - - static SocksServer *make(Version version, const IPSockAddress &addr); - - const IPSockAddress &address() const { return mServerAddress; } - Version version() const { return mVersion; } - -public: - static SocksServer *defaultServer() { return global().server(); } - static void defaultServer(SocksServer *server) { global().server(server); } - -protected: - virtual void connect(SocksClientSocket &me, const IPSockAddress &peer) = 0; - virtual void connect(SocksClientSocket &me, const Host &host, IPPort port) = 0; - virtual void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) = 0; - virtual void receive(SocksServerSocket &me, SocksClientSocket &receiver) = 0; - - SocksServer(Version v, const IPSockAddress &addr) : mVersion(v), mServerAddress(addr) { } - -protected: - Version mVersion; - IPSockAddress mServerAddress; - -protected: - class Support { - public: - SocksServer *server() const { return mServer; } - void server(SocksServer *srv) { mServer = srv; } - - IPSockAddress localAddress(const Socket &me) const; - IPSockAddress peerAddress(const Socket &me) const; - - protected: - Support() : mServer(defaultServer()) { } - - void connect(SocksClientSocket &me, const IPSockAddress &peer) - { mServer->connect(me, peer); } - void connect(SocksClientSocket &me, const Host &host, IPPort port) - { mServer->connect(me, host, port); } - void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) - { mServer->bind(me, peer, port); } - void receive(SocksServerSocket &me, SocksClientSocket &receiver) - { mServer->receive(me, receiver); } - - void lastConnected(IPAddress addr) { global().lastConnected() = addr; } - IPAddress lastConnected() const { return global().lastConnected(); } - - public: - SocksServer *mServer; // server for this socket - IPSockAddress mLocalAddress; // my own address, as reported by server - IPSockAddress mPeerAddress; // peer address - }; -}; - - -// -// The Socks version of a TCPClientSocket -// -class SocksClientSocket : public TCPClientSocket, public SocksServer::Support { -public: - SocksClientSocket() { } - SocksClientSocket(const IPSockAddress &peer) { open(peer); } - SocksClientSocket(const IPAddress &addr, IPPort port) { open(addr, port); } - SocksClientSocket(const Host &host, IPPort port) { open(host, port); } - - void open(const IPSockAddress &peer); - void open(const IPAddress &addr, IPPort port); - void open(const Host &host, IPPort port); - - IPSockAddress localAddress() const { return Support::localAddress(*this); } - IPSockAddress peerAddress() const { return Support::peerAddress(*this); } - -public: - void setFd(int fd, const IPSockAddress &local, const IPSockAddress &peer); -}; - - -// -// The Socks version of a TCPServerSocket. -// Note that this version only supports the receive() access method. -// By the nature of things, the queue-length argument is ignored (it's always 1). -// -// A note about setMainConnection: There is a structural problem -// with the Socks protocol. When a SocksServerSocket goes active, -// the protocol requires the IP address of the host the connection will be -// coming from. Typical Socks library layers simply assume that this will -// be the address of the last server connected to by another (TCP) socket. -// We do this heuristic too, but it's unreliable: it's a per-thread global, and will -// fail if you interleave multiple socks "sessions" in the same thread. For this -// case (or if you just want to be safe and explicit), you can call setMainConnection to -// explicitly link this socket to a TCPClientSocket whose peer we should use. -// Do note that this call does not exist in the plain (non-socks) socket layer. -// -class SocksServerSocket : public TCPServerSocket, public SocksServer::Support { -public: - SocksServerSocket() { } - SocksServerSocket(const IPSockAddress &local, int = 1) { open(local); } - SocksServerSocket(IPPort port, int = 1) { open(port); } - - void open(const IPSockAddress &local, int = 1); - void open(IPPort port = 0, int = 1) - { open(IPSockAddress(IPAddress::any, port)); } - - void receive(SocksClientSocket &client); // accept incoming and close listener - - IPSockAddress localAddress() const { return Support::localAddress(*this); } - IPSockAddress peerAddress() const { return Support::peerAddress(*this); } - - // this special call is not an overlay of TCPServerSocket - it exists only for Socks - void setMainConnection(TCPClientSocket &main) - { mConnectionPeer = main.peerAddress().address(); } - -private: - IPAddress mConnectionPeer; // address to say we're peered with - -private: - void operator () (TCPClientSocket &newClient); // not supported by Socks -}; - - -} // end namespace IPPlusPlus -} // end namespace Security - - -#endif //_H_IPPLUSPLUS diff --git a/cdsa/cdsa_utilities/socks++4.cpp b/cdsa/cdsa_utilities/socks++4.cpp deleted file mode 100644 index ec8a6eaf..00000000 --- a/cdsa/cdsa_utilities/socks++4.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks++int - internal Socks implementation -// -#include "socks++4.h" -#include "hosts.h" -#include - - -namespace Security { -namespace IPPlusPlus { -namespace Socks4 { - - - -// -// Socks4 Protocol implementation -// -void Server::connect(SocksClientSocket &me, const IPSockAddress &peer) -{ - me.Socket::open(SOCK_STREAM); - me.Socket::connect(mServerAddress); - Message request(socksConnect, peer); - request.send(me, "nobody"); - (Message(me)); // read and check reply message - me.mPeerAddress = peer; // best guess, Mr. Sulu - secdebug("socks", "%d socks4 connected to %s", me.fd(), string(peer).c_str()); -} - -void Server::connect(SocksClientSocket &me, const Host &host, IPPort port) -{ - // Socks4 has no name resolution support. Do it here - //@@@ error reporting sucks here - set addrs = host.addresses(); - for (set::const_iterator it = addrs.begin(); it != addrs.end(); it++) { - try { - IPSockAddress addr(*it, port); - connect(me, addr); - return; - } catch (const UnixError &err) { - errno = err.error; - } - } - // exhausted - UnixError::throwMe(); -} - - -void Server::bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) -{ - me.Socket::open(SOCK_STREAM); - me.Socket::connect(mServerAddress); - Message request(socksBind, IPSockAddress(peer, port)); - request.send(me, "nobody"); - Message reply(me); - me.mLocalAddress = reply.address().defaults(mServerAddress.address()); - secdebug("socks", "%d socks4 bound to %s", me.fd(), string(me.mLocalAddress).c_str()); -} - -void Server::receive(SocksServerSocket &me, SocksClientSocket &receiver) -{ - Message reply(me); - receiver.setFd(me.fd(), me.mLocalAddress, reply.address()); - me.clear(); // clear our own (don't close on destruction) - secdebug("socks", "%d socks4 inbound connect", receiver.fd()); -} - - -// -// Message properties -// -Message::Message(Command cmd, const IPSockAddress &address) - : version(4), message(cmd), port(htons(address.port())), addr(address.address()) -{ -} - - -void Message::send(Socket &s, const char *userid) -{ - if (s.write(this, sizeof(*this)) != sizeof(*this)) - UnixError::throwMe(); - // now append zero-terminated userid (what a crock) - size_t length = strlen(userid) + 1; - if (s.write(userid, length) != length) { - s.close(); - UnixError::throwMe(); - } -} - -Message::Message(Socket &s) -{ - if (s.read(this, sizeof(*this)) != sizeof(*this)) { - s.close(); - UnixError::throwMe(); - } - if (version != 0) { - s.close(); - UnixError::throwMe(EPROTONOSUPPORT); - } - switch (message) { - case requestAccepted: - return; - default: - UnixError::throwMe(ECONNREFUSED); //@@@ hardly any diagnostics here - } -} - - -} // end namespace Socks -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/socks++4.h b/cdsa/cdsa_utilities/socks++4.h deleted file mode 100644 index 290ff699..00000000 --- a/cdsa/cdsa_utilities/socks++4.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks++int - internal header for Socks implementation -// -#ifndef _H_SOCKSPLUSPLUSINT -#define _H_SOCKSPLUSPLUSINT - -#include "socks++.h" - - -namespace Security { -namespace IPPlusPlus { -namespace Socks4 { - - -typedef unsigned char Byte; - - -enum Command { - socksConnect = 1, - socksBind = 2 -}; - -enum Reply { - requestAccepted = 90, - requestFailed = 91, - requestIdentFailed = 92, - requestIdentRejected = 93 -}; - - -class Server : public SocksServer { -public: - Server(const IPSockAddress &s) : SocksServer(4, s) { } - - virtual void connect(SocksClientSocket &me, const IPSockAddress &peer); - virtual void connect(SocksClientSocket &me, const Host &host, IPPort port); - virtual void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port); - virtual void receive(SocksServerSocket &me, SocksClientSocket &receiver); -}; - - -struct Message { - Byte version; - Byte message; - IPPort port; - IPAddress addr; - - Message(Command cmd, const IPSockAddress &addr); - void send(Socket &s, const char *userid); - - Message(Socket &s); - - IPSockAddress address() const { return IPSockAddress(addr, port); } -}; - - - -} // end namespace Socks -} // end namespace IPPlusPlus -} // end namespace Security - -#endif //_H_SOCKSPLUSPLUSINT \ No newline at end of file diff --git a/cdsa/cdsa_utilities/socks++5.cpp b/cdsa/cdsa_utilities/socks++5.cpp deleted file mode 100644 index 3039e13f..00000000 --- a/cdsa/cdsa_utilities/socks++5.cpp +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks++int - internal Socks implementation -// -#include "socks++5.h" -#include "hosts.h" - - -namespace Security { -namespace IPPlusPlus { -namespace Socks5 { - - -// -// Socks5 Protocol implementation -// -void Server::open(Socket &s, Support &my) -{ - s.open(SOCK_STREAM); - s.connect(my.mServer->address()); - secdebug("socks", "%d connected to server %s", s.fd(), string(my.mServer->address()).c_str()); - Byte request[] = { 5, 1, socksAuthPublic }; - s.write(request, sizeof(request)); - Byte reply[2]; - s.read(reply, sizeof(reply)); - if (reply[0] != 5 || reply[1] != socksAuthPublic) { - secdebug("socks", "%d server failed (v%d auth=%d)", s.fd(), reply[0], reply[1]); - s.close(); - UnixError::throwMe(EPROTONOSUPPORT); - } -} - -void Server::connect(SocksClientSocket &me, const IPSockAddress &peer) -{ - open(me, me); - Message request(socksConnect, peer.address(), peer.port()); - request.send(me); - Message reply(me); - me.mLocalAddress = reply.address(); - me.mPeerAddress = peer; - secdebug("socks", "%d socks connected to %s", me.fd(), string(peer).c_str()); -} - -void Server::connect(SocksClientSocket &me, const Host &host, IPPort port) -{ -#if 1 - //@@@ should be using Hostname (server resolution) mode, but this won't get us - //@@@ any useful peer address to use for bind relaying. Need to rethink this scenario. - set addrs = host.addresses(); - for (set::const_iterator it = addrs.begin(); it != addrs.end(); it++) { - try { - IPSockAddress addr(*it, port); - connect(me, addr); - return; - } catch (const UnixError &err) { - errno = err.error; - } - } - // exhausted - UnixError::throwMe(); -#else - open(me, me); - Message request(socksConnect, host.name().c_str(), port); - request.send(me); - Message reply(me); - me.mLocalAddress = reply.address(); - //me.mPeerAddress = not provided by Socks5 protocol; - secdebug("socks", "%d socks connected to %s", me.fd(), host.name().c_str()); -#endif -} - - -void Server::bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) -{ - open(me, me); - Message request(socksBind, peer, port); - request.send(me); - Message reply(me); - me.mLocalAddress = reply.address(); - //me.mPeerAddress not available yet; - secdebug("socks", "%d socks bound to %s", me.fd(), string(me.mLocalAddress).c_str()); -} - -void Server::receive(SocksServerSocket &me, SocksClientSocket &receiver) -{ - Message reply(me); - receiver.setFd(me.fd(), me.mLocalAddress, reply.address()); - me.clear(); // clear our own (don't close on destruction) - secdebug("socks", "%d socks received from %s", receiver.fd(), string(reply.address()).c_str()); -} - - -// -// Construct a request from an IPv4 address and port -// -Message::Message(Command cmd, IPAddress addr, IPPort port) -{ - version = 5; - message = cmd; - reserved = 0; - addressType = socksIPv4; - this->addr = addr; - this->port = htons(port); - length = 4 + sizeof(this->addr) + sizeof(this->port); -} - - -// -// Construct a request from a hostname and port (server resolves name) -// -Message::Message(Command cmd, const char *hostname, IPPort port) -{ - version = 5; - message = cmd; - reserved = 0; - addressType = socksName; - - size_t nameLength = strlen(hostname); - if (nameLength > 255) - UnixError::throwMe(ENAMETOOLONG); - char *addrp = reinterpret_cast(&addr); - addrp[0] = nameLength; - memcpy(addrp + 1, hostname, nameLength); - IPPort nboPort = htons(port); - memcpy(addrp + 1 + nameLength, &nboPort, sizeof(nboPort)); - length = 4 + 1 + nameLength + sizeof(nboPort); -} - - -// -// Send a completed request message -// -void Message::send(Socket &s) -{ - if (s.write(this, length) != length) { - s.close(); - UnixError::throwMe(EIO); - } -} - - -// -// Construct a reply object from a socket source. -// Throws exceptions if the reply is not successful and supported. -// -Message::Message(Socket &socket) -{ - length = 4 + sizeof(addr) + sizeof(port); //@@@ calculate if addrType != 1 supported - - if (socket.read(this, length) != length) { - socket.close(); - UnixError::throwMe(EIO); - } - - // check error code - switch (message) { - case socksSuccess: - break; - case socksDenied: - UnixError::throwMe(EPERM); - case socksNetUnreach: - UnixError::throwMe(ENETUNREACH); - case socksHostUnreach: - UnixError::throwMe(EHOSTUNREACH); - case socksConRefused: - UnixError::throwMe(ECONNREFUSED); - case socksTTLExpired: - UnixError::throwMe(ETIMEDOUT); // not really, but what's better? - case socksUnsupported: - UnixError::throwMe(EOPNOTSUPP); - case socksAddressNotSupported: - UnixError::throwMe(EADDRNOTAVAIL); - default: - UnixError::throwMe(EIO); // what else? :-) - } - - // can't deal with non-IPv4 address replies - if (addressType != socksIPv4 || reserved != 0) - UnixError::throwMe(ENOTSUP); -} - - -} // end namespace Socks -} // end namespace IPPlusPlus -} // end namespace Security diff --git a/cdsa/cdsa_utilities/socks++5.h b/cdsa/cdsa_utilities/socks++5.h deleted file mode 100644 index 9fd946c9..00000000 --- a/cdsa/cdsa_utilities/socks++5.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// socks++5 - version 5 Socks protocol -// -#ifndef _H_SOCKSPLUSPLUS5 -#define _H_SOCKSPLUSPLUS5 - -#include "socks++.h" - - -namespace Security { -namespace IPPlusPlus { -namespace Socks5 { - - -typedef unsigned char Byte; - - -class Server : public SocksServer { -public: - Server(const IPSockAddress &s) : SocksServer(5, s) { } - - virtual void connect(SocksClientSocket &me, const IPSockAddress &peer); - virtual void connect(SocksClientSocket &me, const Host &host, IPPort port); - virtual void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port); - virtual void receive(SocksServerSocket &me, SocksClientSocket &receiver); - -private: - void open(Socket &s, Support &me); -}; - - -// request code (message field outbound) -enum Command { - socksConnect = 1, // connect (outbound) - socksBind = 2, // bind (single inbound) - socksUDP = 3 // UDP associate (not implemented) -}; - -// reply code (message field inbound) -enum SocksReply { - socksSuccess = 0, - socksFailed = 1, - socksDenied = 2, - socksNetUnreach = 3, - socksHostUnreach = 4, - socksConRefused = 5, - socksTTLExpired = 6, - socksUnsupported = 7, - socksAddressNotSupported = 8 -}; - -// authentication type (in setup request) -enum AuthenticationType { - socksAuthPublic = 0, // anonymous access - socksAuthGSSAPI = 1, // GSSAPI (yuk) - socksAuthUsername = 2, // username/password - socksAuthNoneAcceptable = 0xff // can't help you there... -}; - -// address types (inbound/outbound) -enum AddressType { - socksIPv4 = 1, - socksName = 3, - socksIPv6 = 4 -}; - - -// -// A Message object contains a single request or reply of the Socks5 protocol. -// Since some of the data is dynamically sized, we have to fudge a bit. The static -// layout corresponds to IPv4 addresses, the common case. The object itself is big -// enough for all cases. -// -struct Message { - Byte version; // Socks version - Byte message; // message/reply - Byte reserved; // not used (zero) - Byte addressType; // address type - IPAddress addr; // address starts here (IPv4 case) - // following fields dynamically located if (addressType != socksIPv4) - IPPort port; // port field IF addr is IPv4 - Byte pad[256-sizeof(IPAddress)-sizeof(IPPort)]; // enough room for type 3 addresses (256 bytes) - - // the following fields are not part of the message data - size_t length; // calculated length of message (bytes, starting at version) - - Message(Command cmd, IPAddress addr, IPPort port); // type 1 request - Message(Command cmd, const char *hostname, IPPort port); // type 3 request - void send(Socket &s); // send request - - Message(Socket &socket); // receive (type 1 only) - - IPSockAddress address() const { return IPSockAddress(addr, ntohs(port)); } -}; - - -} // end namespace Socks -} // end namespace IPPlusPlus -} // end namespace Security - -#endif //_H_SOCKSPLUSPLUS5 \ No newline at end of file diff --git a/cdsa/cdsa_utilities/streams.cpp b/cdsa/cdsa_utilities/streams.cpp deleted file mode 100644 index cff66697..00000000 --- a/cdsa/cdsa_utilities/streams.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// streams.h - lightweight source and sink objects -// -#include "streams.h" -#include - - -namespace Security { - - -// -// Source and Sink abstract superclasses -// -Source::State Source::state() const -{ - return mState; -} - -size_t Source::getSize() -{ - return unknownSize; -} - -void Sink::setSize(size_t) -{ - // ignored -} - - -// -// Null sources and sinks -// -void NullSource::produce(void *, size_t &length) -{ - length = 0; -} - -Source::State NullSource::state() const -{ - return endOfData; -} - -void NullSink::consume(const void *, size_t) -{ - // ignore the data -} - - -// -// File sources and sinks -// -void FileSource::produce(void *data, size_t &length) -{ - if ((length = read(data, length)) == 0) - mState = endOfData; -} - -size_t FileSource::getSize() -{ - return fileSize(); -} - - -void FileSink::consume(const void *data, size_t length) -{ - write(data, length); -} - - -// -// Memory sources -// -void MemorySource::produce(void *data, size_t &length) -{ - if (mRemaining < length) - length = mRemaining; - memcpy(data, mData, length); - mData = LowLevelMemoryUtilities::increment(mData, length); - mRemaining -= length; -} - -size_t MemorySource::getSize() -{ - return mRemaining; -} - -Source::State MemorySource::state() const -{ - return mRemaining ? producing : endOfData; -} - - -// -// Memory sinks -// -void MemorySink::consume(const void *data, size_t length) -{ - if (mSize + length > mMax) - grow(mSize * 3 / 2); - assert(mSize + length <= mMax); - memcpy(((char *)mBuffer) + mSize, data, length); - mSize += length; -} - -void MemorySink::setSize(size_t expectedSize) -{ - grow(expectedSize); -} - -void MemorySink::grow(size_t newSize) -{ - if (void *p = realloc(mBuffer, newSize)) { - mBuffer = p; - mMax = newSize; - } else - UnixError::throwMe(); -} - - -} // end namespace Security diff --git a/cdsa/cdsa_utilities/streams.h b/cdsa/cdsa_utilities/streams.h deleted file mode 100644 index e7adcee9..00000000 --- a/cdsa/cdsa_utilities/streams.h +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// streams.h - lightweight source and sink objects -// -#ifndef _H_STREAMS -#define _H_STREAMS - -#include "unix++.h" - - -namespace Security { - -using UnixPlusPlus::FileDesc; - - -// -// An abstract Source object. -// Source can yield data when its produce method is called. Produce can yield -// anything between zero and length bytes and sets length accordingly. -// If the last call to produce returned zero bytes (and only then), the state method -// will yield an explanation: -// producing -> we're in business; there just no data quite yet (try again) -// stalled -> there may be more data coming, but not in the near future; -// wait a while then call state again to see -// endOfData -> no more data will be produced by this Source -// When called *before* the first call to produce, getSize may return the number -// of bytes that all calls to produce will yield together. If getSize returns unknownSize, -// this value cannot be determined beforehand. GetSize *may* yield the number of bytes -// yet to come when called after produce, but this is not guaranteed for all Sources. -// -class Source { -public: - virtual void produce(void *data, size_t &length) = 0; - virtual ~Source() { } - - static const size_t unknownSize = size_t(-1); - virtual size_t getSize(); - - enum State { - producing, // yielding data (go ahead) - stalled, // no data now, perhaps more later - endOfData // end of data (no more data) - }; - virtual State state() const; - -protected: - State mState; // auto-regulated state (can be overridden) -}; - - -// -// An abstract Sink object. -// Sinks can cansume data when their consume method is called. -// Sinks cannot refuse data; they always consume all data given to consume. -// There is currently no flow control/throttle mechanism (one will probably -// be added soon). -// -class Sink { -public: - Sink() : mSize(0) {} - virtual ~Sink() { } - virtual void consume(const void *data, size_t length) = 0; - virtual void setSize(size_t expectedSize); - size_t getSize() {return mSize;} - -protected: - size_t mSize; - -}; - - -// -// The NullSource produces no data. -// -class NullSource : public Source { -public: - void produce(void *addr, size_t &len); - State state() const; -}; - - -// -// A FileSource reads from a UNIX file or file descriptor. -// Note that getSize will yield the size of the underlying i-node, -// which is usually correct but may not be in the case of simultaneous -// access. -// -class FileSource : public Source, public FileDesc { -public: - FileSource(const char *path, int mode = O_RDONLY) : FileDesc(path, mode) { mState = producing; } - FileSource(int fd) : FileDesc(fd) { mState = producing; } - void produce(void *data, size_t &length); - size_t getSize(); -}; - - -// -// A MemorySource yields the contents of a preset contiguous memory block. -// -class MemorySource : public Source { -public: - MemorySource(const void *data, size_t length) : mData(data), mRemaining(length) { } - - template - MemorySource(const Data &data) : mData(data.data()), mRemaining(data.length()) { } - - void produce(void *data, size_t &length); - size_t getSize(); - State state() const; - -private: - const void *mData; - size_t mRemaining; -}; - - -// -// A NullSink eats all data and discards it quietly. -// -class NullSink : public Sink { -public: - void consume(const void *data, size_t length); -}; - - -// -// A FileSink writes its received data to a UNIX file or file descriptor. -// -class FileSink : public Sink, public FileDesc { -public: - FileSink(const char *path, int mode = O_WRONLY | O_CREAT | O_TRUNC) - : FileDesc(path, mode) { } - FileSink(int fd) : FileDesc(fd) { } - void consume(const void *data, size_t length); -}; - - -// -// MemorySinks collect output in a contiguous memory block. -// This is not often a good idea, so if you find yourself using this, -// consider consuming on-the-fly or streaming to secondary media, -// or (at least) use a BufferFifo instead. -// -class MemorySink : public Sink { -public: - MemorySink() : mBuffer(NULL), mMax(0) { } - ~MemorySink() { free(mBuffer); } - - void consume(const void *data, size_t length); - void setSize(size_t expectedSize); - - void *data() const { return mBuffer; } - size_t length() const { return mSize; } - - void clear() { free(mBuffer); mBuffer = NULL; mSize = mMax = 0; } - -private: - void grow(size_t newSize); - -private: - void *mBuffer; // buffer base - size_t mMax; // currently allocated -}; - - -} // end namespace Security - - -#endif /* _H_STREAMS */ diff --git a/cdsa/cdsa_utilities/threading.cpp b/cdsa/cdsa_utilities/threading.cpp deleted file mode 100644 index e1827f70..00000000 --- a/cdsa/cdsa_utilities/threading.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// threading - generic thread support -// - - -// -// Since we are planning to generate "stub" out of line code for threading methods, -// we must force THREAD_NDEBUG to off while compiling our header. Trust me. -// -#include -#include -#include - - -// -// Thread-local storage primitive -// -#if _USE_THREADS == _USE_PTHREADS - -ThreadStoreSlot::ThreadStoreSlot(Destructor *destructor) -{ - if (int err = pthread_key_create(&mKey, destructor)) - UnixError::throwMe(err); -} - -ThreadStoreSlot::~ThreadStoreSlot() -{ - //@@@ if we wanted to dispose of pending task objects, we'd have - //@@@ to keep a set of them and delete them explicitly here - pthread_key_delete(mKey); -} - -#endif - - -// -// Mutex implementation -// -#if _USE_THREADS == _USE_PTHREADS - -bool Mutex::debugHasInitialized; -bool Mutex::loggingMutexi; - -inline void Mutex::init(Type type, bool log) -{ -#if !defined(THREAD_NDEBUG) - // this debug-setup code isn't interlocked, but it's idempotent - // (don't worry, be happy) - if (!debugHasInitialized) { - loggingMutexi = Debug::debugging("mutex") || Debug::debugging("mutex-c"); - debugHasInitialized = true; - } - debugLog = log && loggingMutexi; - useCount = contentionCount = 0; -#else - debugLog = false; -#endif //THREAD_NDEBUG -} - -struct Recursive : public pthread_mutexattr_t { - Recursive() - { - pthread_mutexattr_init(this); - pthread_mutexattr_settype(this, PTHREAD_MUTEX_RECURSIVE); - } -}; - - -Mutex::Mutex(bool log) -{ - init(normal, log); - check(pthread_mutex_init(&me, NULL)); -} - -Mutex::Mutex(Type type, bool log) -{ - init(type, log); - switch (type) { - case normal: - check(pthread_mutex_init(&me, NULL)); - break; - case recursive: - static ModuleNexus recursive; - check(pthread_mutex_init(&me, &recursive())); - }; - } - -Mutex::~Mutex() -{ -#if !defined(THREAD_NDEBUG) - if (debugLog) { - if (contentionCount > 0) - secdebug("mutex-c", "%p destroyed after %ld/%ld locks/contentions", - this, useCount, contentionCount); - else if (useCount > 100) - secdebug("mutex", "%p destroyed after %ld locks", this, useCount); - } -#endif //THREAD_NDEBUG - check(pthread_mutex_destroy(&me)); -} - -void Mutex::lock() -{ -#if !defined(THREAD_NDEBUG) - useCount++; - if (debugLog) { - switch (int err = pthread_mutex_trylock(&me)) { - case 0: - break; - case EBUSY: - if (debugLog) - secdebug("mutex-c", "%p contended (%ld of %ld)", this, ++contentionCount, useCount); - check(pthread_mutex_lock(&me)); - break; - default: - UnixError::throwMe(err); - } - if (useCount % 100 == 0) - secdebug("mutex", "%p locked %ld", this, useCount); - else - secdebug("mutex", "%p locked", this); - return; - } -#endif //THREAD_NDEBUG - check(pthread_mutex_lock(&me)); -} - -bool Mutex::tryLock() -{ - useCount++; - if (int err = pthread_mutex_trylock(&me)) { - if (err != EBUSY) - UnixError::throwMe(err); -#if !defined(THREAD_NDEBUG) - if (debugLog) - secdebug("mutex-c", "%p trylock contended (%ld of %ld)", - this, ++contentionCount, useCount); -#endif //THREAD_NDEBUG - return false; - } -#if !defined(THREAD_NDEBUG) - if (debugLog) - if (useCount % 100 == 0) - secdebug("mutex", "%p locked %ld", this, useCount); - else - secdebug("mutex", "%p locked", this); -#endif //THREAD_NDEBUG - return true; -} - -void Mutex::unlock() -{ -#if !defined(MUTEX_NDEBUG) - if (debugLog) - secdebug("mutex", "%p unlocked", this); -#endif //MUTEX_NDEBUG - check(pthread_mutex_unlock(&me)); -} - -#endif //PTHREADS - - -// -// CountingMutex implementation. -// Note that this is a generic implementation based on a specific Mutex type. -// In other words, it should work no matter how Mutex is implemented. -// Also note that CountingMutex is expected to interlock properly with Mutex, -// so you canNOT just use an AtomicCounter here. -// -void CountingMutex::enter() -{ - lock(); - mCount++; - secdebug("mutex", "%p up to %d", this, mCount); - unlock(); -} - -bool CountingMutex::tryEnter() -{ - if (!tryLock()) - return false; - mCount++; - secdebug("mutex", "%p up to %d (was try)", this, mCount); - unlock(); - return true; -} - -void CountingMutex::exit() -{ - lock(); - assert(mCount > 0); - mCount--; - secdebug("mutex", "%p down to %d", this, mCount); - unlock(); -} - -void CountingMutex::finishEnter() -{ - mCount++; - secdebug("mutex", "%p finish up to %d", this, mCount); - unlock(); -} - -void CountingMutex::finishExit() -{ - assert(mCount > 0); - mCount--; - secdebug("mutex", "%p finish down to %d", this, mCount); - unlock(); -} - - - -// -// Threads implementation -// -#if _USE_THREADS == _USE_PTHREADS - -Thread::~Thread() -{ -} - -void Thread::run() -{ - if (int err = pthread_create(&self.mIdent, NULL, runner, this)) - UnixError::throwMe(err); - secdebug("thread", "%p created", self.mIdent); -} - -void *Thread::runner(void *arg) -{ - Thread *me = static_cast(arg); - if (int err = pthread_detach(me->self.mIdent)) - UnixError::throwMe(err); - secdebug("thread", "%p starting", me->self.mIdent); - me->action(); - secdebug("thread", "%p terminating", me->self.mIdent); - delete me; - return NULL; -} - -void Thread::yield() -{ - sched_yield(); -} - - -// -// Make a more-or-less unique string representation of a thread id. -// This is meant FOR DEBUGGING ONLY. Don't use this in production code. -// -void Thread::Identity::getIdString(char id[idLength]) -{ - pthread_t current = pthread_self(); - // We're not supposed to know what a pthread_t is. Just print the first few bytes... - // (On MacOS X, it's a pointer to a pthread_t internal structure, so this works fine.) - long ids; - memcpy(&ids, ¤t, sizeof(ids)); - snprintf(id, idLength, "%lx", ids); -} - - -#endif // PTHREADS - - -// -// ThreadRunner implementation -// -ThreadRunner::ThreadRunner(Action *todo) -{ - mAction = todo; - run(); -} - -void ThreadRunner::action() -{ - mAction(); -} - - -// -// Nesting Mutexi. -// This implementation uses mWait as a "sloppy" wait blocker (only). -// It should be a semaphore of course, but we don't have a semaphore -// abstraction right now. The authoritative locking protocol is based on mLock. -// -NestingMutex::NestingMutex() : mCount(0) -{ } - -void NestingMutex::lock() -{ - while (!tryLock()) { - mWait.lock(); - mWait.unlock(); - } -} - -bool NestingMutex::tryLock() -{ - StLock _(mLock); - if (mCount == 0) { // initial lock - mCount = 1; - mIdent = Thread::Identity::current(); - mWait.lock(); - return true; - } else if (mIdent == Thread::Identity::current()) { // recursive lock - mCount++; - return true; - } else { // locked by another thread - return false; - } -} - -void NestingMutex::unlock() -{ - StLock _(mLock); - assert(mCount > 0 && mIdent == Thread::Identity::current()); - if (--mCount == 0) // last recursive unlock - mWait.unlock(); -} diff --git a/cdsa/cdsa_utilities/threading.h b/cdsa/cdsa_utilities/threading.h deleted file mode 100644 index e1f4afbb..00000000 --- a/cdsa/cdsa_utilities/threading.h +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// threading - generic thread support -// -#ifndef _H_THREADING -#define _H_THREADING - -#include -#include - -#if _USE_THREADS == _USE_PTHREADS -# include -#endif - -#include - - -namespace Security { - - -// -// Potentially, debug-logging all Mutex activity can really ruin your -// performance day. We take some measures to reduce the impact, but if -// you really can't stomach any overhead, define THREAD_NDEBUG to turn -// (only) thread debug-logging off. NDEBUG will turn this on automatically. -// On the other hand, throwing out all debug code will change the ABI of -// Mutexi in incompatible ways. Thus, we still generate the debug-style out-of-line -// code even with THREAD_NDEBUG, so that debug-style code will work with us. -// If you want to ditch it completely, #define THREAD_CLEAN_NDEBUG. -// -#if defined(NDEBUG) || defined(THREAD_CLEAN_NDEBUG) -# if !defined(THREAD_NDEBUG) -# define THREAD_NDEBUG -# endif -#endif - - -// -// An abstraction of a per-thread untyped storage slot of pointer size. -// Do not use this in ordinary code; this is for implementing other primitives only. -// Use a PerThreadPointer or ThreadNexus. -// -#if _USE_THREADS == _USE_PTHREADS - -class ThreadStoreSlot { -public: - typedef void Destructor(void *); - ThreadStoreSlot(Destructor *destructor = NULL); - ~ThreadStoreSlot(); - - void *get() const { return pthread_getspecific(mKey); } - operator void * () const { return get(); } - void operator = (void *value) const - { - if (int err = pthread_setspecific(mKey, value)) - UnixError::throwMe(err); - } - -private: - pthread_key_t mKey; -}; - -#endif //_USE_PTHREADS - - -// -// Per-thread pointers are patterned after the pthread TLS (thread local storage) -// facility. -// Let's be clear on what gets destroyed when, here. Following the pthread lead, -// when a thread dies its PerThreadPointer object(s) are properly destroyed. -// However, if a PerThreadPointer itself is destroyed, NOTHING HAPPENS. Yes, there are -// reasons for this. This is not (on its face) a bug, so don't yell. But be aware... -// -#if _USE_THREADS == _USE_PTHREADS - -template -class PerThreadPointer : public ThreadStoreSlot { -public: - PerThreadPointer(bool cleanup = true) : ThreadStoreSlot(cleanup ? destructor : NULL) { } - operator bool() const { return get() != NULL; } - operator T * () const { return reinterpret_cast(get()); } - T *operator -> () const { return static_cast(*this); } - T &operator * () const { return *static_cast(get()); } - void operator = (T *t) { ThreadStoreSlot::operator = (t); } - -private: - static void destructor(void *element) - { delete reinterpret_cast(element); } -}; - -#elif _USE_THREADS == _USE_NO_THREADS - -template -class PerThreadPointer { -public: - PerThreadPointer(bool cleanup = true) : mCleanup(cleanup) { } - ~PerThreadPointer() { /* no cleanup - see comment above */ } - operator bool() const { return mValue != NULL; } - operator T * () const { return mValue; } - T *operator -> () const { return mValue; } - T &operator * () const { assert(mValue); return *mValue; } - void operator = (T *t) { mValue = t; } - -private: - T *mValue; - bool mCleanup; -}; - -#else -# error Unsupported threading model -#endif //_USE_THREADS - - -// -// Basic Mutex operations. -// This will be some as-cheap-as-feasible locking primitive that only -// controls one bit (locked/unlocked), plus whatever you contractually -// put under its control. -// -#if _USE_THREADS == _USE_PTHREADS - -class Mutex { - NOCOPY(Mutex) - - void check(int err) { if (err) UnixError::throwMe(err); } - -public: - enum Type { - normal, - recursive - }; - - Mutex(bool log = true); - Mutex(Type type, bool log = true); - ~Mutex(); - void lock(); - bool tryLock(); - void unlock(); - -private: - pthread_mutex_t me; - - bool debugLog; // log *this* mutex - unsigned long useCount; // number of locks succeeded - unsigned long contentionCount; // number of contentions (valid only if debugLog) - static bool debugHasInitialized; // global: debug state set up - static bool loggingMutexi; // global: we are debug-logging mutexi - - void init(Type type, bool log); -}; - -#elif _USE_THREADS == _USE_NO_THREADS - -class Mutex { -public: - void lock(bool = true) { } - void unlock() { } - bool tryLock() { return true; } -}; - -#else -# error Unsupported threading model -#endif //_USE_THREADS - - -// -// A CountingMutex adds a counter to a Mutex. -// NOTE: This is not officially a semaphore, even if it happens to be implemented with -// one on some platforms. -// -class CountingMutex : public Mutex { - // note that this implementation works for any system implementing Mutex *somehow* -public: - CountingMutex() : mCount(0) { } - ~CountingMutex() { assert(mCount == 0); } - - void enter(); - bool tryEnter(); - void exit(); - - // these methods do not lock - use only while you hold the lock - unsigned int count() const { return mCount; } - bool isIdle() const { return mCount == 0; } - - // convert Mutex lock to CountingMutex enter/exit. Expert use only - void finishEnter(); - void finishExit(); - -private: - unsigned int mCount; -}; - - -// -// A guaranteed-unlocker stack-based class. -// By default, this will use lock/unlock methods, but you can provide your own -// alternates (to, e.g., use enter/exit, or some more specialized pair of operations). -// -// NOTE: StLock itself is not thread-safe. It is intended for use (usually on the stack) -// by a single thread. -// -template -class StLock { -public: - StLock(Lock &lck) : me(lck) { (me.*_lock)(); mActive = true; } - StLock(Lock &lck, bool option) : me(lck), mActive(option) { } - ~StLock() { if (mActive) (me.*_unlock)(); } - - bool isActive() const { return mActive; } - void lock() { if(!mActive) { (me.*_lock)(); mActive = true; }} - void unlock() { if(mActive) { (me.*_unlock)(); mActive = false; }} - void release() { assert(mActive); mActive = false; } - - operator const Lock &() const { return me; } - -protected: - Lock &me; - bool mActive; -}; - - -// -// Atomic increment/decrement operations. -// The default implementation uses a Mutex. However, many architectures can do -// much better than that. -// Be very clear on the nature of AtomicCounter. It implies no memory barriers of -// any kind. This means that (1) you cannot protect any other memory region with it -// (use a Mutex for that), and (2) it may not enforce cross-processor ordering, which -// means that you have no guarantee that you'll see modifications by other processors -// made earlier (unless another mechanism provides the memory barrier). -// On the other hand, if your compiler has brains, this is blindingly fast... -// -template -class StaticAtomicCounter { -protected: - -#if defined(_HAVE_ATOMIC_OPERATIONS) - AtomicWord mValue; -public: - operator Integer() const { return mValue; } - - // infix versions (primary) - Integer operator ++ () { return atomicIncrement(mValue); } - Integer operator -- () { return atomicDecrement(mValue); } - - // postfix versions - Integer operator ++ (int) { return atomicIncrement(mValue) - 1; } - Integer operator -- (int) { return atomicDecrement(mValue) + 1; } - - // generic offset - Integer operator += (int delta) { return atomicOffset(mValue, delta); } - -#else // no atomic integers, use locks - - Integer mValue; - mutable Mutex mLock; -public: - StaticAtomicCounter(Integer init = 0) : mValue(init), mLock(false) { } - operator Integer() const { StLock _(mLock); return mValue; } - Integer operator ++ () { StLock _(mLock); return ++mValue; } - Integer operator -- () { StLock _(mLock); return --mValue; } - Integer operator ++ (int) { StLock _(mLock); return mValue++; } - Integer operator -- (int) { StLock _(mLock); return mValue--; } - Integer operator += (int delta) { StLock _(mLock); return mValue += delta; } -#endif -}; - - -template -class AtomicCounter : public StaticAtomicCounter { -public: - AtomicCounter(Integer init = 0) { mValue = 0; } -}; - - -// -// A class implementing a separate thread of execution. -// Do not expect many high-level semantics to be portable. If you can, -// restrict yourself to expect parallel execution and little else. -// -#if _USE_THREADS == _USE_PTHREADS - -class Thread { - NOCOPY(Thread) -public: - class Identity { - friend class Thread; - - Identity(pthread_t id) : mIdent(id) { } - public: - Identity() { } - - static Identity current() { return pthread_self(); } - - bool operator == (const Identity &other) const - { return pthread_equal(mIdent, other.mIdent); } - - bool operator != (const Identity &other) const - { return !(*this == other); } - - // visible thread identifiers are FOR DEBUGGING ONLY - // if you use this for production code, your code will rot after shipment :-) - static const int idLength = 10; - static void getIdString(char id[idLength]); - - private: - pthread_t mIdent; - }; - -public: - Thread() { } // constructor - virtual ~Thread(); // virtual destructor - void run(); // begin running the thread - -public: - static void yield(); // unstructured short-term processor yield - -protected: - virtual void action() = 0; // the action to be performed - -private: - Identity self; // my own identity (instance constant) - - static void *runner(void *); // argument to pthread_create -}; - -#elif _USE_THREADS == _USE_NO_THREADS - -class Thread { - NOCOPY(Thread) -public: - Thread() { } // constructor - virtual ~Thread() { } // virtual destructor - void run() { action(); } // just synchronously run the action - -public: - class Identity { - public: - static Identity current() { return Identity(); } - - bool operator == (const Identity &) const { return true; } // all the same - bool operator != (const Identity &) const { return false; } - -#if !defined(NDEBUG) - static const idLength = 9; - static void getIdString(char id[idLength]) { memcpy(id, "nothread", idLength); } -#endif - - private: - Identity() { } - }; - -public: - void yield() { assert(false); } - -protected: - virtual void action() = 0; // implement action of thread -}; - -#else -# error Unsupported threading model -#endif - - -// -// A "just run this function in a thread" variant of Thread -// -class ThreadRunner : public Thread { - typedef void Action(); -public: - ThreadRunner(Action *todo); - -private: - void action(); - Action *mAction; -}; - - -// -// A NestingMutex allows recursive re-entry by the same thread. -// Some pthread implementations support this through a mutex attribute. -// OSX's doesn't, naturally. This implementation works on all pthread platforms. -// -class NestingMutex { -public: - NestingMutex(); - - void lock(); - bool tryLock(); - void unlock(); - -private: - Mutex mLock; - Mutex mWait; - Thread::Identity mIdent; - uint32 mCount; -}; - -} // end namespace Security - -#endif //_H_THREADING diff --git a/cdsa/cdsa_utilities/threading_internal.h b/cdsa/cdsa_utilities/threading_internal.h deleted file mode 100644 index ea39eeea..00000000 --- a/cdsa/cdsa_utilities/threading_internal.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// threading_internal - internal support classes and functions for threading implementation -// -#ifndef _H_THREADING_INTERNAL -#define _H_THREADING_INTERNAL - -#include - - -namespace Security { - - -// -// Architecture-specific atomic operation primitives. -// AtomicWord is an integer type that works with these; -// we'll assume that a pointer fits into it (using reinterpret_cast). -// -#if TARGET_CPU_PPC - -#define _HAVE_ATOMIC_OPERATIONS - -typedef unsigned int AtomicWord; - -inline AtomicWord atomicLoad(AtomicWord &atom) -{ - AtomicWord result; - asm volatile ( - "0: lwarx %0,0,%1 \n" - " stwcx. %0,0,%1 \n" - " bne- 0b" - : "=&r"(result) - : "b"(&atom) - : "cc" - ); - return result; -} - -inline AtomicWord atomicStore(AtomicWord &atom, AtomicWord newValue, AtomicWord oldValue) -{ - register bool result; - asm volatile ( - "0: lwarx %0,0,%1 \n" // load and reserve -> %0 - " cmpw %0,%3 \n" // compare to old - " bne 1f \n" // fail if not equal - " stwcx. %2,0,%1 \n" // store and check - " bne 0b \n" // retry if contended - "1: " - : "=&r"(result) - : "b"(&atom), "r"(newValue), "r"(oldValue) - : "cc" - ); - return result; -} - -inline AtomicWord atomicOffset(AtomicWord &atom, int offset) -{ - AtomicWord result; - asm volatile ( - "0: lwarx %0,0,%1 \n" - " add %0,%0,%2 \n" - " stwcx. %0,0,%1 \n" - " bne- 0b" - : "=&r"(result) - : "b"(&atom), "r"(offset) - : "cc" - ); - return result; -} - -inline AtomicWord atomicIncrement(AtomicWord &atom) -{ return atomicOffset(atom, +1); } - -inline AtomicWord atomicDecrement(AtomicWord &atom) -{ return atomicOffset(atom, -1); } - -#endif //TARGET_CPU_PPC - -} // end namespace Security - -#endif //_H_THREADING_INTERNAL diff --git a/cdsa/cdsa_utilities/timeflow.cpp b/cdsa/cdsa_utilities/timeflow.cpp deleted file mode 100644 index 88566798..00000000 --- a/cdsa/cdsa_utilities/timeflow.cpp +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// timeflow - abstract view of the flow of time -// -#include "timeflow.h" -#include -#include - - -namespace Security { -namespace Time { - - -// -// Get "now" -// -Absolute now() -{ - struct timeval tv; - gettimeofday(&tv, NULL); - return tv.tv_sec + double(tv.tv_usec) / 1E6; -} - - -// -// OOL Conversions -// -Absolute::Absolute(const struct timeval &tv) -{ mValue = tv.tv_sec + double(tv.tv_usec) / 1E6; } - -Absolute::Absolute(const struct timespec &tv) -{ mValue = tv.tv_sec + double(tv.tv_nsec) / 1E9; } - -Absolute::operator struct timeval () const -{ - struct timeval tv; - if (mValue > LONG_MAX) { - tv.tv_sec = LONG_MAX; - tv.tv_usec = 0; - } else { - tv.tv_sec = int32_t(mValue); - double intPart; - tv.tv_usec = int32_t(modf(mValue, &intPart) * 1E6); - } - return tv; -} - -Absolute::operator struct timespec () const -{ - struct timespec ts; - if (mValue > LONG_MAX) { - ts.tv_sec = LONG_MAX; - ts.tv_nsec = 0; - } else { - ts.tv_sec = time_t(mValue); - double intPart; - ts.tv_nsec = int32_t(modf(mValue, &intPart) * 1E9); - } - return ts; -} - -struct timeval Interval::timevalInterval() const -{ - struct timeval tv; - if (mValue > LONG_MAX) { - tv.tv_sec = LONG_MAX; - tv.tv_usec = 0; - } else if (mValue < 0) { - tv.tv_sec = tv.tv_usec = 0; - } else { - tv.tv_sec = int32_t(mValue); - double intPart; - tv.tv_usec = int32_t(modf(mValue, &intPart) * 1E6); - } - return tv; -} - - -// -// Estimate resolution at given time. -// -// BSD select(2) has theoretical microsecond resolution, but the underlying -// Mach system deals with milliseconds, so we report that conservatively. -// Sometime in the future when the sun is near collapse, residual resolution -// of a double will drop under 1E-3, but we won't worry about that just yet. -// -Interval resolution(Absolute) -{ - return 0.001; -} - - -} // end namespace Time -} // end namespace Security diff --git a/cdsa/cdsa_utilities/timeflow.h b/cdsa/cdsa_utilities/timeflow.h deleted file mode 100644 index b2b65572..00000000 --- a/cdsa/cdsa_utilities/timeflow.h +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// timeflow - abstract view of the flow of time -// -// We happily publish both absolute and relative times as floating-point values. -// Absolute times are off the UNIX Epoch (1/1/1970, midnight). This leaves us about -// microsecond resolution in Modern Times. -// -#ifndef _H_TIMEFLOW -#define _H_TIMEFLOW - -#include -#include // for MAXFLOAT - - -namespace Security { -namespace Time { - - -// -// A Time::Interval is a time difference (distance). -// -class Interval { - friend class Absolute; -public: - Interval() { } - Interval(int seconds) { mValue = seconds; } - Interval(double seconds) { mValue = seconds; } - explicit Interval(time_t seconds) { mValue = seconds; } - - Interval &operator += (Interval rel) { mValue += rel.mValue; return *this; } - Interval &operator -= (Interval rel) { mValue -= rel.mValue; return *this; } - Interval &operator *= (double f) { mValue *= f; return *this; } - Interval &operator /= (double f) { mValue /= f; return *this; } - - bool operator < (Interval other) const { return mValue < other.mValue; } - bool operator <= (Interval other) const { return mValue <= other.mValue; } - bool operator > (Interval other) const { return mValue > other.mValue; } - bool operator >= (Interval other) const { return mValue >= other.mValue; } - bool operator == (Interval other) const { return mValue == other.mValue; } - bool operator != (Interval other) const { return mValue != other.mValue; } - - // express as (fractions of) seconds, milliseconds, or microseconds - double seconds() const { return mValue; } - double mSeconds() const { return mValue * 1E3; } - double uSeconds() const { return mValue * 1E6; } - - // struct timeval is sometimes used for time intervals, but not often - so be explicit - struct timeval timevalInterval() const; - -private: - double mValue; -}; - - -// -// A Time::Absolute is a moment in time. -// -class Absolute { - friend class Interval; - friend Interval operator - (Absolute, Absolute); - friend Absolute now(); - friend Absolute bigBang(); - friend Absolute heatDeath(); -public: - Absolute() { } // uninitialized - Absolute(time_t t) { mValue = t; } // from time_t - Absolute(const struct timeval &tv); // from timeval - Absolute(const struct timespec &ts); // from timespec - - // *crement operators - Absolute &operator += (Interval rel) { mValue += rel.mValue; return *this; } - Absolute &operator -= (Interval rel) { mValue -= rel.mValue; return *this; } - - // comparisons - bool operator < (Absolute other) const { return mValue < other.mValue; } - bool operator <= (Absolute other) const { return mValue <= other.mValue; } - bool operator > (Absolute other) const { return mValue > other.mValue; } - bool operator >= (Absolute other) const { return mValue >= other.mValue; } - bool operator == (Absolute other) const { return mValue == other.mValue; } - bool operator != (Absolute other) const { return mValue != other.mValue; } - - // express as conventional (absolute!) time measures - operator struct timeval() const; - operator struct timespec() const; - operator time_t () const { return time_t(mValue); } - - // internal form for debugging ONLY - double internalForm() const { return mValue; } - -private: - double mValue; - - Absolute(double value) : mValue(value) { } -}; - - -// -// Time::now produces the current time -// -Absolute now(); // get "now" - - -// -// Time::resolution(when) gives a conservative estimate of the available resolution -// at a given time. -// -Interval resolution(Absolute at); // estimate available resolution at given time - - -// -// Some useful "constants" -// -inline Absolute bigBang() { return -MAXFLOAT; } -inline Absolute heatDeath() { return +MAXFLOAT; } - - - -// -// More inline arithmetic -// -inline Interval operator + (Interval r, Interval r2) { r += r2; return r; } -inline Interval operator - (Interval r, Interval r2) { r -= r2; return r; } -inline Interval operator * (Interval r, double f) { r *= f; return r; } -inline Interval operator / (Interval r, double f) { r /= f; return r; } - -inline Absolute operator + (Absolute a, Interval r) { return a += r; } -inline Absolute operator + (Interval r, Absolute a) { return a += r; } -inline Absolute operator - (Absolute a, Interval r) { return a -= r; } - -inline Interval operator - (Absolute t1, Absolute t0) -{ return t1.mValue - t0.mValue; } - - -} // end namespace Time -} // end namespace Security - -#endif //_H_TIMEFLOW diff --git a/cdsa/cdsa_utilities/tqueue.cpp b/cdsa/cdsa_utilities/tqueue.cpp deleted file mode 100644 index c17a9d11..00000000 --- a/cdsa/cdsa_utilities/tqueue.cpp +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// tqueue -- timer queues -// -#ifdef __MWERKS__ -#define _CPP_CDSA_UTILITIES_TQUEUE -#endif -#include diff --git a/cdsa/cdsa_utilities/tqueue.h b/cdsa/cdsa_utilities/tqueue.h deleted file mode 100644 index ec969f6a..00000000 --- a/cdsa/cdsa_utilities/tqueue.h +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// tqueue.h -- timer queues -// -#ifndef _H_TQUEUE -#define _H_TQUEUE - -#include -#include -#include - -#ifdef _CPP_CDSA_UTILITIES_TQUEUE -#pragma export on -#endif - - -namespace Security -{ - -// -// A TimerQueue is a container of elements that have relative "timer" positions. -// TimerQueues are concerned with shuffling these elements around as their "times" -// change, and with processing elements that fall off the front of the queue as -// "time" passes. -// We put "time" into quotes because nothing here really cares what kind of time -// you are playing with. It could be seconds, points scored, etc. The only requirement -// is that "time" doesn't ever flow backwards... -// -template -class ScheduleQueue { -public: - ScheduleQueue() { first.fwd = first.back = &first; } - virtual ~ScheduleQueue() { } - -public: - class Event { - friend class ScheduleQueue; - public: - Event() : mScheduled(false) { } - ~Event() { if (scheduled()) unschedule(); } - - void unschedule(); - - Time when() const { return fireTime; } - bool scheduled() const { return mScheduled; } - - private: - Time fireTime; // when will it happen? - bool mScheduled; // are we scheduled? - Event *back, *fwd; // doubly-linked interior list - - void putBefore(Event *ev) - { back = ev->back; fwd = ev; ev->back = back->fwd = this; mScheduled = true; } - }; - -public: - void schedule(Event *event, Time when); - void unschedule(Event *event) - { event->unschedule(); } - - bool empty() const { return first.fwd == &first; } - Time next() const { assert(!empty()); return first.fwd->fireTime; } - - Event *pop(Time now); - -private: - Event first; // root of active timers list -}; - -template -void ScheduleQueue